last executing test programs: 3.741168792s ago: executing program 4 (id=630): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x80142) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f00000000c0)=0x1000) 3.730490314s ago: executing program 4 (id=631): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a678801159110193dd2ff1fa7c3205bfedb23cd3c8a71707568cfacfa7e32c32b31368b2286f94515b2e1a38d522be18b00048fb00000c42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae669e17abe26e6746cf6c267578f4c35235138d5521f9453559c35d9560ebe8efbc6f342a3e3173d466a0f06c54c3a4903ef31c4d4acef2ce3599f455c7b0a48a0000000000000000a2971a50f713d4e21bffff00000796f23526ec0fd97f734c783bcaf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7f1b10f183e959b06cb09789d99b3d0524f39d71de80060db89be2774c0474c6707d6fa9dbde89bbfbc092440010000000000000f7049db5cb19d7962eed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249db3947c8dc7b1b4c4554ff10a8b7fb050000000052726f72f30d7a421167ad593d60abc9b363cfeb820634fd4d419e05b2d5a2008af7b9e014814d3661079097bf37da0049f8bf4064e0f435f28fbeda75cf971d54a9698cf3270f420edc85c176070bfff790dc13f3fbd3ced3284db7304e68ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be5cb0417d33d3ab384934d905d30dfe5ac37ed015494d9d10e36e603129e9a7c7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000c0002c34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c00000000fd00007d6173050027791c9c1e00ad3711a86d91254a6f911b1448c62a6e1e3f9ce19a9d173663599d896cf0ac8fe1b45853673df72dc813f7454ae22d79ac48034282f030401c0f886e9644179de7c5d93907cedd49e0c5752f755849953957143a0380d1f62ae63b29fe9d5a57dd74df817ef2f8848b710c3527f829866e4e84aa92000000000072b08b3ac52cb204399eae4a2f105d4544d9a3000000000000001ff2e8afd7913007fe44950233feb5303b261766e7923b867b6c92be3fb999180605000000d40002a06f4853d9aff16764b8e59e043eada072a07cd35ff02835f803f66317fbeef5b7e97b6d0ef2c622156759c7797c158d662b1adfae1d24e109e52378b3f1f8ee8965dedd208bc5b7a73d9501bfcfcb7d900ba07cff918249e60d59da3f5a2ae19d7ddf8daf3691d1879e2253b44ca8fd6fc11c8db3cd0d720653e5c2b6d46332d0551366a5f6150d9d1a6eab632821378f2827fac540e0c879c7f836ad8f4ed4e99287e5bd07808d6f228b6b54a8f2bb13d0aeacd8dc2325314cd409038f25ffb0f4c24641a5e27affa0d8ec0148eb1c1df00000000000000056daf2ea4ae62e78037be54385f54e192718423625f94100000000000000a96b5f4c0d1e8c22ed5970b6eeb1e9a6c9d52bd89160f0433bea9910af48e6415c712bb1ad6c0274449e026e1bb1bdfa5460226a7024444abb6445a023a5639a3f2902df360901a2f28dc3261d96311f998c31280ef4399a6071f165c5c738db052cb964b48f11964dfe735bcbdaf19110bb1fe69e9331b074a218ba9e2a532ad8479c2ae074809c77c8bfb7f011d623c89f8b034763bd0e8084a277fd58294568bd67ffd2825a9d0d4adcb78c20fb5155495843f35fb8b9029f52c393c0e6b69294018cf5725cbc501bd88d15c992bc1d430975bf94e64500000000000000f68ba4e938fe6192594f53c887a8a441257a2d1c1f5b87a8daeedec47a112892b9978711a7fcb3a1fe1e221a98d64e38bfb2020000000000000022619e109e693e243757479e27e57fcfa21d080413bb4dfe02c95a2cbfa205473af26c0058e2c79df937f40cc1a00db428f51f4e43a671948d509bb3100930489947a7a8d50653a910168d809d41858137ab1523d1363e0ef83a929687ae8dd1272a7a5ab1dda9db54eea12f5fb24da16fd3a4ea05af8b2314044f5ef4fda9c18824af4cda12f74b91d3dba30a75a6e7806a03287ce2d6da164eda21613e348ce9e76f96c79bd41e0b4b5962f10c1a33b1d122b2e433f0903464881aad9ee58656599251702118737cdfa69f49cc61fe08be591eae0e4b4704bbd09ecd35c2368300000000000000000000000000000000496b5f1b150b7da6a291df224413935142c635ec23746f05d9eb36bc9d2a90fc6e90a3918be51aff18c908c76e9949abebea289f61a567bcf8776b4b36aaf61dc2a7535e85fe80f451f87025e5798f56a58ad2176cc45f065c0000000000000000a0b7a066bb2012a552990b147145065947f2e4661f037f149b900feca8bcc8c032f11c1357250d32efecab01030d011b22fd319261859abe56639cab8fe9a60e8833812add6bb3b94b86e0315b7771e541a34517cd034a2ebbe24e7448e47214063251e8e6254169ff5059c08767d3551390dd817f5df0621653f4869187ec380b814ed6742f2dd29fbdf9759bed4488d0f33d4592b1e1ba7bcbe358435c71c0029de66f2417ee45601f79b1dc9c58b00a83bda341ccf913d883c4bb1cd1e8e3a2046185ef5873816751db6b89d1097f01ba951f2250bce52466a4c4de2292cebc63f9ae7f617c0f025f97f8a263a5f75f628bde2bbf52e3fd8f8f4a35f671b0e9d7f57c6fa126898b945941a5bf4bd1af4e727418519d3c91a3d1062b56f73978ed9b33bc7b16b7cc6cdb00"/1976], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000500)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000000c0)='writeback_pages_written\x00', r3}, 0x10) memfd_create(0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r5, 0x4004662b, &(0x7f0000000000)) 2.875442958s ago: executing program 4 (id=647): mknod(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) r0 = open(&(0x7f0000000a40)='./bus\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0) 2.867070399s ago: executing program 4 (id=648): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000e9ff20850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) 2.858331641s ago: executing program 4 (id=649): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='jbd2_handle_stats\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) 2.837622554s ago: executing program 4 (id=650): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d0000090582020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 2.341930022s ago: executing program 0 (id=662): rt_sigqueueinfo(0x0, 0x4, &(0x7f0000000380)={0x0, 0x0, 0x3}) 2.28682876s ago: executing program 0 (id=663): bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = openat$cgroup_subtree(r5, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000)={[{0x2b, 'cpuset'}]}, 0x8) 1.548667316s ago: executing program 2 (id=671): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c64656275672c6572726f72733d72656d6f756e742d726f2c757466383d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d72656c617865642c757466383d302c726f6469722c726f6469722c00bd11a3d82e3cc8e94a1ac3169cb253bc51dceb1a3c8675eef705933dac0549813c420584251b8849a95afa9de1a80dcc7f9d4e26116050410b89f88108d551843f6115dded9b54fcb36a3a7bab7fb11d2c7265fa11a3ff2f3ca1c0df2142ff9ce532341817f2bb2fef3428793728d4daa090c5becbb74d00c95f965afa83e5bb562620ea9e99853533ca4ef0702dad548503917329f0f431d87efa28137d3f0e0fa2906cb9e236094a2d7a9ce877c1d8509500"/315], 0x1, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==") bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv6_getroute={0x1c, 0x1a, 0xaba2493891f2befb}, 0x1c}}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r5 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ip6_tables_targets\x00') sendfile(r4, r5, 0x0, 0x3) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000140)={@empty}, 0x14) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000040), 0x4) 1.439909664s ago: executing program 0 (id=672): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x90}, [@ldst={0x2, 0x0, 0xb}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x4e, 0x0, 0xffffffffffffffff, 0x3000000}, 0x48) 1.380678143s ago: executing program 0 (id=673): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x800, &(0x7f0000000840)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64], 0x1, 0x36e, &(0x7f0000000880)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000b0007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r3, 0x2007ffb) sendfile(r0, r3, 0x0, 0x1000000201005) 1.099933607s ago: executing program 0 (id=674): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002e00)=ANY=[@ANYBLOB="620af8ff0c011021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c767056a982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf9943134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2eed44d69fe32b0142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000070000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6a04006bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17690158969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583584acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb4d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f8957727da5122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0ae500000000000000dc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6eada31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000d58c08acaf30235b918a31d2eca55f74a23641f6022d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7c48de61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e4000000000d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb8434503680300383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718fd02cde45eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff1500000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9ab48620f144ff72ac579e4a5240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df651bc25070b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5500ff49d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e9611d2e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b08faa4bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef6853f35c28bc57665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b0504789d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100000000000000000000000000000000000000000000000070a45784f793e88e477e48f7d87acf12a6731eb5350831f500461ed55897f517923c73f731c139464c6383e580ce222a3250dd12ba25f71de8c94f56f418460dff5678c7c3f51ab4ddc29ffdf496bd8c579401c734fd5ac11a1008ce1d63f5b516d92bf5d718b267017b3ecd7200a7db0ef6b3a8e1f22186961f8c86c29b3144aa71d1623f9053dcf2a445c69d0f14b24884e83a94ad02647b8959c4eef7516546040c83e04484d7f2b65456e2da0dcc7f5a9024b8f4d35cbb03da118cb5f25b97894eafca8140fadcac67c5b17efea5a65b9a66cedb68619f2622733254650fe28f8233f40bed514bdfb199bf21cf421f2f70b1a285e86b542947cba56e23c3ae82d62e99d20d803bab995faae7389946ac0773194a5c2dcb3b57f6dcc6cb564e1dc7f0499df2b10bb50b470197ea7e8892c600"/4141], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, &(0x7f0000000500)=0x8, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt(r5, 0x0, 0x10000000000009, &(0x7f0000000180)="00050002", 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r6 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r6, 0x0, 0x0, 0x7) syz_mount_image$vfat(&(0x7f0000000a40), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x35a, &(0x7f0000000b00)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlEyoRMTWk1fx5j8guOxxbwX1H+jFWwXx4q2XgqBFxJH51ebHJGnSlLTb7wdKnsn7PpP3TUJ43oF5e/DBN582ao5RMzuSzKokRESORIqSlEgifEz6cVp67cir1//cf/HOvfvvliuVm+uqt8p3Xyup6vLKj599kQu77WZkr/jRwWHpj71n954/+O/uJ3VH6442Wx019UHr9475wLZ0o+40DNXbtmU6ltabjtUO2ltBe81ubW521Wxu3Mhvti3HUbPZ1YbV1U5LO+2umh+b9aYahqE38nK1ZGfIqT5aXzfLM77gwxnzMG//uK47prndLptLIkZuqKX66FzHBQAALqSB+v+7qEYoSvK4oEz0rQWG6/8o9ut/b7FwUv8/funnzvX3nyyH9f9uOq7+f/3XIL+v/vdefe71/w8Dx8MV0aW3PU3nM9X/uBhW0kNPJfqOvPo/H67ffV99+HjVD6j/AQAAAAAAAAAAAAAAAAAAAAC4DI5ct+C6biF6jP5ObiEIj6OjcTca49IZ9flnwh0Fjr8PeCrduXdfsv6Ne6llEfvrrepWNXgM26OOq1KQf/3vQyjYcGLHb1RPUX6yt8P87a3qkt9SFlGxxZI1KUixL9+Pb71Tubmmgf78RCrv5dek7ueXpCDPxOeXYvPT8srLPfmGFOSXh9ISWzbC37Eo/8s11bffqwzk5/x+cd48/48FAAAAAIC5MlSz4fI5dv1uGKpx7d5aXnrX58PXB47X16ux6/NU4YXUYucOAAAAAMBV4aQ/b5i2bbWd7sggJ5P6ZMKzjT9PfJCaprMX7PvBtXF9lnpm2NsU7ZQal5UO/4PGFIMPziNHwQWP02T9lZHYNzN2YNkzvKumHc3/FJ2z034EbScZ+x5OCla88ehM0+kJostGo/rI7VnPPCqIds79bULn5779/u/ZXiIR7trb2/TGk+yEmfpBYuCZnQlf2kPXnTiea+f1ewMAAABgcaKiP+dEz7y12AEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAFzXWbtBHBoucIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXBT/BwAA//8L3Pjk") r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000000f80)=""/4096, 0x1000) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) ioctl$VFAT_IOCTL_READDIR_BOTH(r7, 0x82307201, &(0x7f0000000180)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) 1.057835953s ago: executing program 3 (id=676): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000800)="0f017179c744240066000000c744240200500000c7442406000000000f01142466baf80cb8388c608cef66bafc0c66edc401f9fc0ec461d9f1a2000000000f01cbb922030000b851850000ba000000000f30420f7984563d0a00000f20992e650f01c3", 0x63}], 0xaaaa99d, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 986.101855ms ago: executing program 3 (id=677): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071115000000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) 977.210086ms ago: executing program 3 (id=678): r0 = open(&(0x7f0000000140)='./file0\x00', 0x149442, 0x0) ftruncate(r0, 0x200002) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x32}, 0x0, @in=@private, 0x0, 0x4}}, 0xe8) connect$pppl2tp(r2, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x32) sendfile(r2, r1, 0x0, 0x80001d00c0d0) 935.920572ms ago: executing program 3 (id=679): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='tlb_flush\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) 687.916742ms ago: executing program 3 (id=680): mkdir(&(0x7f0000000e40)='./file0\x00', 0x0) mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) 651.074387ms ago: executing program 3 (id=681): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a678801159110193dd2ff1fa7c3205bfedb23cd3c8a71707568cfacfa7e32c32b31368b2286f94515b2e1a38d522be18b00048fb00000c42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae669e17abe26e6746cf6c267578f4c35235138d5521f9453559c35d9560ebe8efbc6f342a3e3173d466a0f06c54c3a4903ef31c4d4acef2ce3599f455c7b0a48a0000000000000000a2971a50f713d4e21bffff00000796f23526ec0fd97f734c783bcaf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7f1b10f183e959b06cb09789d99b3d0524f39d71de80060db89be2774c0474c6707d6fa9dbde89bbfbc092440010000000000000f7049db5cb19d7962eed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249db3947c8dc7b1b4c4554ff10a8b7fb050000000052726f72f30d7a421167ad593d60abc9b363cfeb820634fd4d419e05b2d5a2008af7b9e014814d3661079097bf37da0049f8bf4064e0f435f28fbeda75cf971d54a9698cf3270f420edc85c176070bfff790dc13f3fbd3ced3284db7304e68ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be5cb0417d33d3ab384934d905d30dfe5ac37ed015494d9d10e36e603129e9a7c7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000c0002c34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c00000000fd00007d6173050027791c9c1e00ad3711a86d91254a6f911b1448c62a6e1e3f9ce19a9d173663599d896cf0ac8fe1b45853673df72dc813f7454ae22d79ac48034282f030401c0f886e9644179de7c5d93907cedd49e0c5752f755849953957143a0380d1f62ae63b29fe9d5a57dd74df817ef2f8848b710c3527f829866e4e84aa92000000000072b08b3ac52cb204399eae4a2f105d4544d9a3000000000000001ff2e8afd7913007fe44950233feb5303b261766e7923b867b6c92be3fb999180605000000d40002a06f4853d9aff16764b8e59e043eada072a07cd35ff02835f803f66317fbeef5b7e97b6d0ef2c622156759c7797c158d662b1adfae1d24e109e52378b3f1f8ee8965dedd208bc5b7a73d9501bfcfcb7d900ba07cff918249e60d59da3f5a2ae19d7ddf8daf3691d1879e2253b44ca8fd6fc11c8db3cd0d720653e5c2b6d46332d0551366a5f6150d9d1a6eab632821378f2827fac540e0c879c7f836ad8f4ed4e99287e5bd07808d6f228b6b54a8f2bb13d0aeacd8dc2325314cd409038f25ffb0f4c24641a5e27affa0d8ec0148eb1c1df00000000000000056daf2ea4ae62e78037be54385f54e192718423625f94100000000000000a96b5f4c0d1e8c22ed5970b6eeb1e9a6c9d52bd89160f0433bea9910af48e6415c712bb1ad6c0274449e026e1bb1bdfa5460226a7024444abb6445a023a5639a3f2902df360901a2f28dc3261d96311f998c31280ef4399a6071f165c5c738db052cb964b48f11964dfe735bcbdaf19110bb1fe69e9331b074a218ba9e2a532ad8479c2ae074809c77c8bfb7f011d623c89f8b034763bd0e8084a277fd58294568bd67ffd2825a9d0d4adcb78c20fb5155495843f35fb8b9029f52c393c0e6b69294018cf5725cbc501bd88d15c992bc1d430975bf94e64500000000000000f68ba4e938fe6192594f53c887a8a441257a2d1c1f5b87a8daeedec47a112892b9978711a7fcb3a1fe1e221a98d64e38bfb2020000000000000022619e109e693e243757479e27e57fcfa21d080413bb4dfe02c95a2cbfa205473af26c0058e2c79df937f40cc1a00db428f51f4e43a671948d509bb3100930489947a7a8d50653a910168d809d41858137ab1523d1363e0ef83a929687ae8dd1272a7a5ab1dda9db54eea12f5fb24da16fd3a4ea05af8b2314044f5ef4fda9c18824af4cda12f74b91d3dba30a75a6e7806a03287ce2d6da164eda21613e348ce9e76f96c79bd41e0b4b5962f10c1a33b1d122b2e433f0903464881aad9ee58656599251702118737cdfa69f49cc61fe08be591eae0e4b4704bbd09ecd35c2368300000000000000000000000000000000496b5f1b150b7da6a291df224413935142c635ec23746f05d9eb36bc9d2a90fc6e90a3918be51aff18c908c76e9949abebea289f61a567bcf8776b4b36aaf61dc2a7535e85fe80f451f87025e5798f56a58ad2176cc45f065c0000000000000000a0b7a066bb2012a552990b147145065947f2e4661f037f149b900feca8bcc8c032f11c1357250d32efecab01030d011b22fd319261859abe56639cab8fe9a60e8833812add6bb3b94b86e0315b7771e541a34517cd034a2ebbe24e7448e47214063251e8e6254169ff5059c08767d3551390dd817f5df0621653f4869187ec380b814ed6742f2dd29fbdf9759bed4488d0f33d4592b1e1ba7bcbe358435c71c0029de66f2417ee45601f79b1dc9c58b00a83bda341ccf913d883c4bb1cd1e8e3a2046185ef5873816751db6b89d1097f01ba951f2250bce52466a4c4de2292cebc63f9ae7f617c0f025f97f8a263a5f75f628bde2bbf52e3fd8f8f4a35f671b0e9d7f57c6fa126898b945941a5bf4bd1af4e727418519d3c91a3d1062b56f73978ed9b33bc7b16b7cc6cdb00"/1976], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000500)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000000c0)='writeback_pages_written\x00', r3}, 0x10) memfd_create(0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r5, 0x4004662b, &(0x7f0000000000)) 644.402658ms ago: executing program 2 (id=682): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000e9ff20850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) 611.741294ms ago: executing program 2 (id=683): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x90}, [@ldst={0x2, 0x0, 0xb}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x4e, 0x0, 0xffffffffffffffff, 0x3000000}, 0x48) 602.937495ms ago: executing program 2 (id=684): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x800, &(0x7f0000000840)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64], 0x1, 0x36e, &(0x7f0000000880)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000b0007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r3, 0x2007ffb) sendfile(r0, r3, 0x0, 0x1000000201005) 310.150601ms ago: executing program 2 (id=685): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 231.512823ms ago: executing program 1 (id=686): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x9, 0x2, 0x1000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x7e, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd602e5cea00483c0020010000000000000000000000000002ff020000000000000000000000000001"], 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff0000277bbfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r3, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001]}, 0x45c) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r3, 0x5501) 222.366525ms ago: executing program 1 (id=687): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000006340)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@sack={0x5, 0x2}]}}}}}}}}, 0x0) 216.239755ms ago: executing program 1 (id=688): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000800)="0f017179c744240066000000c744240200500000c7442406000000000f01142466baf80cb8388c608cef66bafc0c66edc401f9fc0ec461d9f1a2000000000f01cbb922030000b851850000ba000000000f30420f7984563d0a00000f20992e650f01c3", 0x63}], 0xaaaa99d, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 171.588173ms ago: executing program 0 (id=689): mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000180)=@v2={0x2, @aes256, 0x4, '\x00', @d}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00'}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='./bus\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000380)='./bus\x00', r2, &(0x7f0000000400)='./file1\x00', 0x0) mknodat(r3, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10) linkat(r3, &(0x7f0000000500)='./file0\x00', r2, &(0x7f0000000540)='./bus/file1\x00', 0x1000) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0) chroot(&(0x7f0000000180)='./file1\x00') mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000080)) linkat(r1, &(0x7f0000000380)='./file0\x00', r1, &(0x7f0000000280)='./file1\x00', 0x0) mknodat$null(r2, &(0x7f00000004c0)='./file0\x00', 0xc000, 0x103) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r6}, 0x10) getresuid(&(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640)) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0, 0x0) 150.667556ms ago: executing program 1 (id=690): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(&(0x7f0000000180)={0xffffffffffffffff}) close(r1) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='ext4_forget\x00', r1}, 0x10) mkdir(&(0x7f0000000140)='./control\x00', 0x0) rmdir(&(0x7f0000000100)='./control\x00') 74.455158ms ago: executing program 1 (id=691): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x840020, &(0x7f0000000480)=ANY=[@ANYBLOB=',fscontext=s']) 331.69µs ago: executing program 2 (id=692): mkdir(&(0x7f0000000e40)='./file0\x00', 0x0) mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) 0s ago: executing program 1 (id=693): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sys_enter\x00', r2}, 0x10) setpriority(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): rsing attributes in process `syz.3.26'. [ 21.208293][ T388] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.213991][ T358] udevd[358]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 21.236918][ T311] udevd[311]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 21.437157][ T411] overlayfs: invalid redirect ((null)) [ 21.505264][ T415] loop2: detected capacity change from 0 to 8192 [ 21.509511][ T398] loop3: detected capacity change from 0 to 40427 [ 21.526476][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 21.538951][ T398] F2FS-fs (loop3): invalid crc value [ 21.545342][ T398] F2FS-fs (loop3): Found nat_bits in checkpoint [ 21.557667][ T415] loop2: p1 p2 p3 p4 [ 21.561539][ T415] loop2: p1 size 108922248 extends beyond EOD, truncated [ 21.586601][ T415] loop2: p2 start 861536256 is beyond EOD, truncated [ 21.597911][ T415] loop2: p3 start 851968 is beyond EOD, truncated [ 21.605010][ T415] loop2: p4 size 65536 extends beyond EOD, truncated [ 21.645340][ T398] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 21.653065][ C0] blk_update_request: operation not supported error, dev loop2, sector 0 op 0x9:(WRITE_ZEROES) flags 0x800800 phys_seg 0 prio class 0 [ 21.781314][ T392] udevd[392]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 21.793789][ T358] udevd[358]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 21.812983][ T443] mmap: syz.2.53 (443) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 22.154635][ T6] usb 1-1: config 0 has an invalid interface number: 103 but max is 0 [ 22.163555][ T289] attempt to access beyond end of device [ 22.163555][ T289] loop3: rw=524288, want=45072, limit=40427 [ 22.176326][ T6] usb 1-1: config 0 has no interface number 0 [ 22.182441][ T289] attempt to access beyond end of device [ 22.182441][ T289] loop3: rw=0, want=45072, limit=40427 [ 22.193294][ T6] usb 1-1: config 0 interface 103 altsetting 102 has 0 endpoint descriptors, different from the interface descriptor's value: 15 [ 22.208815][ T6] usb 1-1: config 0 interface 103 has no altsetting 0 [ 22.215414][ T6] usb 1-1: New USB device found, idVendor=093a, idProduct=2626, bcdDevice= d.b4 [ 22.224396][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 22.234287][ T6] usb 1-1: config 0 descriptor?? [ 22.250840][ T445] syz.2.54 (445) used greatest stack depth: 22496 bytes left [ 22.272667][ T457] loop2: detected capacity change from 0 to 2048 [ 22.283647][ T459] overlayfs: invalid redirect ((null)) [ 22.296967][ T289] attempt to access beyond end of device [ 22.296967][ T289] loop3: rw=2049, want=45104, limit=40427 [ 22.328229][ T457] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.398913][ T286] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 34: comm syz-executor: path /root/syzkaller.vGEUSM/10/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 22.434025][ T286] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 22.453662][ T286] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 34: comm syz-executor: path /root/syzkaller.vGEUSM/10/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 22.476243][ T286] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 22.495456][ T286] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 34: comm syz-executor: path /root/syzkaller.vGEUSM/10/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 22.518071][ T286] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 22.527111][ T289] syz-executor (289) used greatest stack depth: 20880 bytes left [ 22.560357][ T286] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 34: comm syz-executor: path /root/syzkaller.vGEUSM/10/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 22.616499][ T6] usb 1-1: string descriptor 0 read error: -71 [ 22.628178][ T6] usb 1-1: USB disconnect, device number 2 [ 22.661471][ T286] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 22.697146][ T286] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 34: comm syz-executor: path /root/syzkaller.vGEUSM/10/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 22.720739][ T286] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 22.936138][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.943118][ T480] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.950420][ T480] device bridge_slave_0 entered promiscuous mode [ 22.957306][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.964176][ T480] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.971440][ T480] device bridge_slave_1 entered promiscuous mode [ 23.017097][ T30] kauditd_printk_skb: 111 callbacks suppressed [ 23.017111][ T30] audit: type=1400 audit(1719404239.614:187): avc: denied { getattr } for pid=488 comm="syz.1.72" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 23.059944][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.066919][ T480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.073995][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.080807][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.116244][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.126812][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.133921][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.152322][ T30] audit: type=1400 audit(1719404239.744:188): avc: denied { create } for pid=493 comm="syz.1.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 23.152381][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.179675][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.186536][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.194003][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.210874][ T30] audit: type=1400 audit(1719404239.744:189): avc: denied { write } for pid=493 comm="syz.1.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 23.216612][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.232841][ T30] audit: type=1400 audit(1719404239.744:190): avc: denied { read } for pid=493 comm="syz.1.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 23.236562][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.243359][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.270385][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.293131][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.306343][ T480] device veth0_vlan entered promiscuous mode [ 23.319146][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.327348][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.350253][ T480] device veth1_macvtap entered promiscuous mode [ 23.358701][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.366176][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.373614][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.381724][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.390789][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.423951][ T496] loop0: detected capacity change from 0 to 40427 [ 23.426459][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.438534][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.450675][ T496] F2FS-fs (loop0): invalid crc value [ 23.464024][ T496] F2FS-fs (loop0): Found nat_bits in checkpoint [ 23.477729][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.488638][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.508786][ T496] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 23.525419][ T30] audit: type=1400 audit(1719404240.114:191): avc: denied { setattr } for pid=495 comm="syz.0.77" name="file0" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.525584][ T497] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.553729][ T497] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.561163][ T285] attempt to access beyond end of device [ 23.561163][ T285] loop0: rw=2049, want=45104, limit=40427 [ 23.561383][ T497] device bridge_slave_0 entered promiscuous mode [ 23.579683][ T497] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.586943][ T497] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.594171][ T497] device bridge_slave_1 entered promiscuous mode [ 23.608555][ T30] audit: type=1400 audit(1719404240.204:192): avc: denied { mounton } for pid=480 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 23.707101][ T30] audit: type=1400 audit(1719404240.304:193): avc: denied { bind } for pid=514 comm="syz.0.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 23.748958][ T30] audit: type=1400 audit(1719404240.344:194): avc: denied { mount } for pid=514 comm="syz.0.81" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 23.796858][ T497] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.803721][ T497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.810845][ T497] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.817610][ T497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.848388][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.855955][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.868651][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.901706][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.909738][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.916596][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.925645][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.933689][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.940562][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.202713][ T497] device veth0_vlan entered promiscuous mode [ 24.217333][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.226996][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.234835][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.242279][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.251247][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.260654][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.268564][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.277839][ T497] device veth1_macvtap entered promiscuous mode [ 24.294935][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.303472][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.340020][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.349282][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.359976][ T8] device bridge_slave_1 left promiscuous mode [ 24.367642][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.390235][ T8] device bridge_slave_0 left promiscuous mode [ 24.397317][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.410462][ T30] audit: type=1400 audit(1719404241.004:195): avc: denied { setopt } for pid=545 comm="syz.3.94" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 24.429827][ T8] device bridge_slave_1 left promiscuous mode [ 24.451437][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.471929][ T8] device bridge_slave_0 left promiscuous mode [ 24.487197][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.519294][ T8] device veth1_macvtap left promiscuous mode [ 24.525134][ T8] device veth0_vlan left promiscuous mode [ 24.540377][ T30] audit: type=1400 audit(1719404241.134:196): avc: denied { bind } for pid=559 comm="syz.4.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 24.559603][ T8] device veth1_macvtap left promiscuous mode [ 24.565659][ T8] device veth0_vlan left promiscuous mode [ 24.729726][ T549] loop1: detected capacity change from 0 to 40427 [ 24.746131][ T549] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 24.756639][ T549] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 24.782076][ T549] F2FS-fs (loop1): invalid crc value [ 24.806189][ T549] F2FS-fs (loop1): Found nat_bits in checkpoint [ 24.831834][ T558] loop2: detected capacity change from 0 to 40427 [ 24.865039][ T549] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 24.872659][ T549] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 24.882066][ T558] F2FS-fs (loop2): invalid crc value [ 24.905320][ T558] F2FS-fs (loop2): Found nat_bits in checkpoint [ 24.935563][ T558] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 24.956713][ T587] overlayfs: statfs failed on './file0' [ 24.974474][ T497] attempt to access beyond end of device [ 24.974474][ T497] loop2: rw=2049, want=45104, limit=40427 [ 25.231898][ T619] loop3: detected capacity change from 0 to 256 [ 25.239248][ T620] overlayfs: statfs failed on './file0' [ 25.254460][ T318] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 25.264675][ T318] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 25.403609][ T617] loop2: detected capacity change from 0 to 40427 [ 25.441690][ T617] F2FS-fs (loop2): invalid crc value [ 25.453393][ T617] F2FS-fs (loop2): Found nat_bits in checkpoint [ 25.494689][ T617] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 25.522877][ T497] attempt to access beyond end of device [ 25.522877][ T497] loop2: rw=2049, want=45104, limit=40427 [ 25.556378][ T632] loop1: detected capacity change from 0 to 512 [ 25.566451][ T20] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 25.591244][ T632] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 25.599746][ T632] EXT4-fs (loop1): invalid journal inode [ 25.605222][ T632] EXT4-fs (loop1): can't get journal size [ 25.646298][ T632] EXT4-fs (loop1): 1 truncate cleaned up [ 25.662193][ T632] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 25.936516][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.943020][ T655] loop4: detected capacity change from 0 to 40427 [ 25.958497][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.978239][ T20] usb 1-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 25.994856][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.011999][ T20] usb 1-1: config 0 descriptor?? [ 26.019977][ T655] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 26.036459][ T655] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 26.057108][ T20] usbhid 1-1:0.0: can't add hid device: -22 [ 26.057279][ T655] F2FS-fs (loop4): invalid crc value [ 26.064011][ T20] usbhid: probe of 1-1:0.0 failed with error -22 [ 26.107006][ T655] F2FS-fs (loop4): Found nat_bits in checkpoint [ 26.122626][ T686] loop1: detected capacity change from 0 to 512 [ 26.154103][ T655] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 26.161035][ T655] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 26.169239][ T686] ======================================================= [ 26.169239][ T686] WARNING: The mand mount option has been deprecated and [ 26.169239][ T686] and is ignored by this kernel. Remove the mand [ 26.169239][ T686] option from the mount to silence this warning. [ 26.169239][ T686] ======================================================= [ 26.230366][ T686] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 26.260119][ T306] usb 1-1: USB disconnect, device number 3 [ 26.336648][ T699] loop1: detected capacity change from 0 to 256 [ 26.417586][ T709] netlink: 'syz.1.156': attribute type 7 has an invalid length. [ 26.564806][ T719] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 26.626922][ T8] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 26.635668][ T8] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 26.664783][ T724] loop2: detected capacity change from 0 to 512 [ 26.681969][ T726] loop3: detected capacity change from 0 to 256 [ 26.706470][ T453] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.717695][ T724] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 26.759798][ T728] loop4: detected capacity change from 0 to 128 [ 26.778216][ T728] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 26.787891][ T728] FAT-fs (loop4): FAT read failed (blocknr 255) [ 26.828910][ T736] netlink: 'syz.0.167': attribute type 7 has an invalid length. [ 26.893090][ T750] loop4: detected capacity change from 0 to 512 [ 26.897524][ T747] loop2: detected capacity change from 0 to 512 [ 26.924278][ T750] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.174: couldn't read orphan inode 16 (err -116) [ 26.939411][ T747] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 26.952345][ T453] usb 2-1: Using ep0 maxpacket: 16 [ 26.962069][ T747] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 26.967589][ T750] EXT4-fs (loop4): Remounting filesystem read-only [ 26.978860][ T750] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,max_batch_time=0x0000000000001116,resuid=0x0000000000000000,barrier,resuid=0x0000000000000000,nogrpid,. Quota mode: writeback. [ 27.002627][ T750] ext4 filesystem being mounted at /root/syzkaller.cXZHlk/21/file1 supports timestamps until 2038 (0x7fffffff) [ 27.024649][ T747] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 27.040684][ T750] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz.4.174: Invalid inode table block 34 in block_group 0 [ 27.053283][ T747] EXT4-fs (loop2): 1 truncate cleaned up [ 27.058821][ T747] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback. [ 27.086633][ T453] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.104494][ T453] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 27.115350][ T750] EXT4-fs (loop4): Remounting filesystem read-only [ 27.159576][ T497] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /root/syzkaller.n6lXXX/24/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 27.183688][ T288] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 27.197692][ T288] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 27.211995][ T497] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.244905][ T497] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /root/syzkaller.n6lXXX/24/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 27.272514][ T497] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.298873][ T497] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /root/syzkaller.n6lXXX/24/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 27.323007][ T453] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 27.332105][ T453] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.340111][ T453] usb 2-1: Product: syz [ 27.343998][ T453] usb 2-1: Manufacturer: syz [ 27.348792][ T453] usb 2-1: SerialNumber: syz [ 27.353543][ T497] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.383278][ T497] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /root/syzkaller.n6lXXX/24/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 27.411850][ T497] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.432344][ T497] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /root/syzkaller.n6lXXX/24/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 27.460059][ T497] EXT4-fs error (device loop2): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.482522][ T774] loop3: detected capacity change from 0 to 256 [ 27.576312][ T775] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.583890][ T775] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.594004][ T775] device bridge_slave_0 entered promiscuous mode [ 27.604161][ T775] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.611196][ T775] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.618631][ T775] device bridge_slave_1 entered promiscuous mode [ 27.959896][ T775] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.966759][ T775] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.973829][ T775] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.980658][ T775] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.989474][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.996916][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.047437][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.055346][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.060978][ T759] loop0: detected capacity change from 0 to 131072 [ 28.076334][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.084479][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.092631][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.099490][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.107720][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 28.107732][ T30] audit: type=1400 audit(1719404244.704:223): avc: denied { bind } for pid=710 comm="syz.1.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 28.109213][ T759] F2FS-fs (loop0): invalid crc value [ 28.138251][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.146650][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.154720][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.161616][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.169008][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.177648][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.177743][ T759] F2FS-fs (loop0): Found nat_bits in checkpoint [ 28.185512][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.199215][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.220030][ T759] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 28.221269][ T711] device pim6reg1 entered promiscuous mode [ 28.255908][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.264922][ T30] audit: type=1400 audit(1719404244.854:224): avc: denied { listen } for pid=710 comm="syz.1.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 28.285075][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.293259][ T30] audit: type=1400 audit(1719404244.854:225): avc: denied { getopt } for pid=710 comm="syz.1.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 28.326137][ T775] device veth0_vlan entered promiscuous mode [ 28.337130][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.346741][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.355706][ T783] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.365974][ T783] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.374965][ T783] device bridge_slave_0 entered promiscuous mode [ 28.381970][ T783] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.389532][ T783] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.396905][ T783] device bridge_slave_1 entered promiscuous mode [ 28.419757][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.427409][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.449122][ T8] device bridge_slave_1 left promiscuous mode [ 28.456593][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.474032][ T8] device bridge_slave_0 left promiscuous mode [ 28.483827][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.496667][ T8] device veth1_macvtap left promiscuous mode [ 28.502519][ T8] device veth0_vlan left promiscuous mode [ 28.610378][ T792] loop3: detected capacity change from 0 to 40427 [ 28.621228][ T775] device veth1_macvtap entered promiscuous mode [ 28.632329][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.640977][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.649451][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 28.666496][ T453] cdc_ncm 2-1:1.0: bind() failure [ 28.681685][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.690307][ T453] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 28.697234][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.705406][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.714282][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.722363][ T453] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 28.729660][ T453] usb 2-1: USB disconnect, device number 2 [ 28.731752][ T792] F2FS-fs (loop3): Found nat_bits in checkpoint [ 28.803458][ T783] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.806544][ T795] loop0: detected capacity change from 0 to 40427 [ 28.810318][ T783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.823687][ T783] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.823973][ T792] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 28.830476][ T783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.845242][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.852982][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.860674][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.864710][ T795] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 28.875341][ T795] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 28.895371][ T795] F2FS-fs (loop0): invalid crc value [ 28.901004][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.903022][ T795] F2FS-fs (loop0): Found nat_bits in checkpoint [ 28.909948][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.922178][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.929722][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.937707][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.944532][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.975235][ T783] device veth0_vlan entered promiscuous mode [ 28.982147][ T795] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 28.983275][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.997746][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.999193][ T795] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 29.005502][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.021401][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.040736][ T30] audit: type=1400 audit(1719404245.634:226): avc: denied { rename } for pid=794 comm="syz.0.190" name="bus" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 29.071301][ T803] attempt to access beyond end of device [ 29.071301][ T803] loop0: rw=2049, want=45112, limit=40427 [ 29.085554][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.093719][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.109098][ T783] device veth1_macvtap entered promiscuous mode [ 29.118094][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.137026][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.145024][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.155242][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.164202][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.375588][ T812] loop2: detected capacity change from 0 to 512 [ 29.419517][ T812] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 29.461794][ T826] loop0: detected capacity change from 0 to 512 [ 29.528607][ T826] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.192: couldn't read orphan inode 16 (err -116) [ 29.541796][ T826] EXT4-fs (loop0): Remounting filesystem read-only [ 29.548977][ T826] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,max_batch_time=0x0000000000001116,resuid=0x0000000000000000,barrier,resuid=0x0000000000000000,nogrpid,. Quota mode: writeback. [ 29.572616][ T826] ext4 filesystem being mounted at /root/syzkaller.G0TFCJ/43/file1 supports timestamps until 2038 (0x7fffffff) [ 29.593050][ T826] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz.0.192: Invalid inode table block 34 in block_group 0 [ 29.605955][ T826] EXT4-fs (loop0): Remounting filesystem read-only [ 29.617100][ T285] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 29.634588][ T285] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 29.657918][ T30] audit: type=1400 audit(1719404246.254:227): avc: denied { ioctl } for pid=837 comm="syz.2.205" path="socket:[16060]" dev="sockfs" ino=16060 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 29.683840][ T30] audit: type=1400 audit(1719404246.254:228): avc: denied { write } for pid=837 comm="syz.2.205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 29.709122][ T285] syz-executor (285) used greatest stack depth: 20480 bytes left [ 29.726782][ T60] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 29.778001][ T8] device bridge_slave_1 left promiscuous mode [ 29.784010][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.791562][ T8] device bridge_slave_0 left promiscuous mode [ 29.799273][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.807292][ T8] device veth1_macvtap left promiscuous mode [ 29.813111][ T8] device veth0_vlan left promiscuous mode [ 29.928528][ T853] loop3: detected capacity change from 0 to 512 [ 29.937623][ T846] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.944452][ T846] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.951831][ T846] device bridge_slave_0 entered promiscuous mode [ 29.958744][ T846] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.965627][ T846] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.973147][ T846] device bridge_slave_1 entered promiscuous mode [ 29.979564][ T853] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 30.017286][ T846] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.024147][ T846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.031234][ T846] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.038020][ T846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.057205][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.064456][ T548] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.072079][ T548] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.087128][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.095271][ T548] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.102122][ T548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.109357][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.117371][ T548] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.124186][ T548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.143250][ T846] device veth0_vlan entered promiscuous mode [ 30.149274][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.160589][ T60] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 30.175099][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.183547][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.191040][ T60] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 30.200289][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.207369][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.215533][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.222830][ T60] usb 2-1: config 0 descriptor?? [ 30.227997][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.235711][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.264025][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.272433][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.283604][ T846] device veth1_macvtap entered promiscuous mode [ 30.293871][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.301794][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.310360][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.321428][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.326109][ T860] loop3: detected capacity change from 0 to 512 [ 30.329805][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.359115][ T860] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.214: couldn't read orphan inode 16 (err -116) [ 30.378889][ T860] EXT4-fs (loop3): Remounting filesystem read-only [ 30.385402][ T860] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,max_batch_time=0x0000000000001116,resuid=0x0000000000000000,barrier,resuid=0x0000000000000000,nogrpid,. Quota mode: writeback. [ 30.408686][ T860] ext4 filesystem being mounted at /root/syzkaller.wUcHuH/30/file1 supports timestamps until 2038 (0x7fffffff) [ 30.433178][ T860] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm syz.3.214: Invalid inode table block 34 in block_group 0 [ 30.445879][ T860] EXT4-fs (loop3): Remounting filesystem read-only [ 30.460488][ T480] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 30.474069][ T480] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 30.539452][ T30] audit: type=1400 audit(1719404247.134:229): avc: denied { write } for pid=875 comm="syz.0.220" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.624743][ T30] audit: type=1400 audit(1719404247.214:230): avc: denied { connect } for pid=878 comm="syz.2.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.727571][ T60] plantronics 0003:047F:FFFF.0001: bogus close delimiter [ 30.734420][ T60] plantronics 0003:047F:FFFF.0001: item 0 4 2 10 parsing failed [ 30.755421][ T60] plantronics 0003:047F:FFFF.0001: parse failed [ 30.762379][ T60] plantronics: probe of 0003:047F:FFFF.0001 failed with error -22 [ 31.007003][ T293] usb 2-1: USB disconnect, device number 3 [ 31.023540][ T883] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.030687][ T883] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.038233][ T883] device bridge_slave_0 entered promiscuous mode [ 31.045808][ T883] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.052915][ T883] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.060922][ T883] device bridge_slave_1 entered promiscuous mode [ 31.120682][ T883] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.127525][ T883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.134591][ T883] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.141433][ T883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.165356][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.173179][ T453] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.181137][ T453] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.189613][ T8] device bridge_slave_1 left promiscuous mode [ 31.196692][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.206029][ T8] device bridge_slave_0 left promiscuous mode [ 31.212295][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.220541][ T8] device veth1_macvtap left promiscuous mode [ 31.226354][ T8] device veth0_vlan left promiscuous mode [ 31.318409][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.327256][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.335392][ T432] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.342278][ T432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.349424][ T30] audit: type=1400 audit(1719404247.924:231): avc: denied { ioctl } for pid=890 comm="syz.2.225" path="socket:[17284]" dev="sockfs" ino=17284 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 31.349695][ T893] loop2: detected capacity change from 0 to 512 [ 31.385318][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.394411][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.402530][ T432] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.409413][ T432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.412227][ T893] EXT4-fs (loop2): orphan cleanup on readonly fs [ 31.426783][ T893] EXT4-fs (loop2): 1 orphan inode deleted [ 31.456519][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 31.464606][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.472627][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 31.480929][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.498069][ T893] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 31.546553][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 31.555276][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.564483][ T30] audit: type=1400 audit(1719404248.164:232): avc: denied { create } for pid=895 comm="syz.0.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 31.594420][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 31.598321][ T898] loop1: detected capacity change from 0 to 512 [ 31.602426][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.629365][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.637105][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.651107][ T883] device veth0_vlan entered promiscuous mode [ 31.670687][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 31.678961][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.692715][ T883] device veth1_macvtap entered promiscuous mode [ 31.707632][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 31.715187][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.725192][ T898] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.227: couldn't read orphan inode 16 (err -116) [ 31.737509][ T898] EXT4-fs (loop1): Remounting filesystem read-only [ 31.739112][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.743861][ T898] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,max_batch_time=0x0000000000001116,resuid=0x0000000000000000,barrier,resuid=0x0000000000000000,nogrpid,. Quota mode: writeback. [ 31.774961][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.783007][ T898] ext4 filesystem being mounted at /root/syzkaller.4ykKxS/54/file1 supports timestamps until 2038 (0x7fffffff) [ 31.801428][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.817690][ T898] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm syz.1.227: Invalid inode table block 34 in block_group 0 [ 31.857236][ T898] EXT4-fs (loop1): Remounting filesystem read-only [ 31.877987][ T287] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 31.893044][ T287] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 34 in block_group 0 [ 31.921224][ T920] loop0: detected capacity change from 0 to 512 [ 31.987990][ T920] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 32.019140][ T920] ext4 filesystem being mounted at /root/syzkaller.C0jZXG/13/bus supports timestamps until 2038 (0x7fffffff) [ 32.032823][ T932] loop3: detected capacity change from 0 to 256 [ 32.068737][ T933] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.075628][ T933] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.083063][ T933] device bridge_slave_0 entered promiscuous mode [ 32.090276][ T933] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.098661][ T933] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.105900][ T933] device bridge_slave_1 entered promiscuous mode [ 32.135149][ T932] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 32.234290][ T956] syz.2.253[956] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 32.234352][ T956] syz.2.253[956] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 32.263630][ T933] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.281415][ T933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.288515][ T933] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.295288][ T933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.317842][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.334013][ T961] loop3: detected capacity change from 0 to 512 [ 32.335415][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.366643][ T964] loop0: detected capacity change from 0 to 512 [ 32.389388][ T961] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 [ 32.389388][ T961] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 32.389388][ T961] [ 32.396070][ T967] loop2: detected capacity change from 0 to 256 [ 32.417009][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.424565][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.432260][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.441300][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.449553][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.456411][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.464275][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.472605][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.472995][ T964] EXT4-fs (loop0): orphan cleanup on readonly fs [ 32.489378][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.496317][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.505251][ T961] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #3: comm syz.3.252: corrupted inode contents [ 32.520285][ T964] EXT4-fs (loop0): 1 orphan inode deleted [ 32.534229][ T961] EXT4-fs (loop3): Remounting filesystem read-only [ 32.558184][ T964] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 32.569098][ T961] EXT4-fs error (device loop3): ext4_dirty_inode:6024: inode #3: comm syz.3.252: mark_inode_dirty error [ 32.594440][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.607464][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.625365][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.635872][ T961] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #3: comm syz.3.252: corrupted inode contents [ 32.648607][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.656729][ T961] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.252: mark_inode_dirty error [ 32.667936][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 32.676109][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.685639][ T961] EXT4-fs (loop3): 1 truncate cleaned up [ 32.691818][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 32.699498][ T961] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nouser_xattr,. Quota mode: writeback. [ 32.712030][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.735727][ T961] ext4 filesystem being mounted at /root/syzkaller.ujXFFJ/7/file1 supports timestamps until 2038 (0x7fffffff) [ 32.751726][ T933] device veth0_vlan entered promiscuous mode [ 32.776940][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.788471][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.819571][ T933] device veth1_macvtap entered promiscuous mode [ 32.831164][ T961] kvm: emulating exchange as write [ 32.833758][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 32.847243][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.856198][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 32.872626][ T8] device bridge_slave_1 left promiscuous mode [ 32.887406][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.918041][ T961] syz.3.252 (961) used greatest stack depth: 20432 bytes left [ 32.925765][ T8] device bridge_slave_0 left promiscuous mode [ 32.946570][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.955413][ T8] device veth1_macvtap left promiscuous mode [ 32.961482][ T8] device veth0_vlan left promiscuous mode [ 33.035966][ T985] loop3: detected capacity change from 0 to 256 [ 33.081218][ T985] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 33.129923][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.138076][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.146159][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.155962][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 33.155975][ T30] audit: type=1400 audit(1719404249.754:244): avc: denied { ioctl } for pid=990 comm="syz.0.266" path="socket:[18828]" dev="sockfs" ino=18828 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.190144][ T994] syz.3.265[994] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.190209][ T994] syz.3.265[994] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.201480][ T453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.229557][ T991] netlink: 12 bytes leftover after parsing attributes in process `syz.0.266'. [ 33.254131][ T997] syz.1.241[997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.254205][ T997] syz.1.241[997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.273507][ T30] audit: type=1326 audit(1719404249.864:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=996 comm="syz.1.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2883377ae9 code=0x7ffc0000 [ 33.308216][ T30] audit: type=1326 audit(1719404249.864:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=996 comm="syz.1.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2883377ae9 code=0x7ffc0000 [ 33.336085][ T30] audit: type=1326 audit(1719404249.864:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=996 comm="syz.1.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f2883377ae9 code=0x7ffc0000 [ 33.361934][ T30] audit: type=1326 audit(1719404249.864:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=996 comm="syz.1.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2883377ae9 code=0x7ffc0000 [ 33.394556][ T30] audit: type=1326 audit(1719404249.864:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=996 comm="syz.1.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2883377ae9 code=0x7ffc0000 [ 33.452011][ T1006] loop3: detected capacity change from 0 to 512 [ 33.477175][ T1006] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 [ 33.477175][ T1006] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 33.477175][ T1006] [ 33.519516][ T1017] device pim6reg1 entered promiscuous mode [ 33.523242][ T1021] loop0: detected capacity change from 0 to 256 [ 33.531862][ T1006] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #3: comm syz.3.270: corrupted inode contents [ 33.543584][ T1006] EXT4-fs (loop3): Remounting filesystem read-only [ 33.688384][ T1006] EXT4-fs error (device loop3): ext4_dirty_inode:6024: inode #3: comm syz.3.270: mark_inode_dirty error [ 33.706613][ T30] audit: type=1400 audit(1719404250.204:250): avc: denied { create } for pid=1000 comm="syz.1.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 33.731064][ T1021] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 33.743357][ T1006] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #3: comm syz.3.270: corrupted inode contents [ 33.755148][ T1006] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.270: mark_inode_dirty error [ 33.769981][ T1006] Quota error (device loop3): write_blk: dquota write failed [ 33.779576][ T1006] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 33.789526][ T1006] EXT4-fs (loop3): 1 truncate cleaned up [ 33.794985][ T1006] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nouser_xattr,. Quota mode: writeback. [ 33.808585][ T1006] ext4 filesystem being mounted at /root/syzkaller.ujXFFJ/11/file1 supports timestamps until 2038 (0x7fffffff) [ 33.855654][ T1027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.278'. [ 34.045447][ T1050] loop0: detected capacity change from 0 to 512 [ 34.213823][ T1053] loop2: detected capacity change from 0 to 1024 [ 34.223869][ T1050] EXT4-fs (loop0): orphan cleanup on readonly fs [ 34.231189][ T1050] EXT4-fs (loop0): 1 orphan inode deleted [ 34.239569][ T1050] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 34.266098][ T1057] netlink: 12 bytes leftover after parsing attributes in process `syz.3.290'. [ 34.315099][ T1053] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.288: bad orphan inode 2097152 [ 34.327471][ T1053] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 34.343761][ T30] audit: type=1400 audit(1719404250.934:251): avc: denied { setattr } for pid=1052 comm="syz.2.288" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 34.358172][ T1053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.288'. [ 34.414741][ T1073] loop1: detected capacity change from 0 to 512 [ 34.473149][ T1073] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 34.484282][ T1073] ext4 filesystem being mounted at /root/syzkaller.pAVNmi/5/file0 supports timestamps until 2038 (0x7fffffff) [ 34.567545][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.574470][ T1077] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.581831][ T1077] device bridge_slave_0 entered promiscuous mode [ 34.591253][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.598201][ T1077] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.605318][ T1077] device bridge_slave_1 entered promiscuous mode [ 34.863114][ T1092] capability: warning: `syz.1.302' uses deprecated v2 capabilities in a way that may be insecure [ 34.904859][ T1098] syz.0.305[1098] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.904924][ T1098] syz.0.305[1098] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.918066][ T1098] syz.0.305 (pid 1098) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 34.941007][ T8] device bridge_slave_1 left promiscuous mode [ 34.947271][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.954682][ T8] device bridge_slave_0 left promiscuous mode [ 34.962322][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.970559][ T8] device veth1_macvtap left promiscuous mode [ 34.976488][ T8] device veth0_vlan left promiscuous mode [ 35.079548][ T1105] loop0: detected capacity change from 0 to 512 [ 35.092381][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.099247][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.106294][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.113121][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.131578][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.140951][ T1105] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.308: corrupted in-inode xattr [ 35.153047][ T1105] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.308: couldn't read orphan inode 15 (err -117) [ 35.165113][ T1105] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 35.165487][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.184777][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.196465][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.204388][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.211224][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.219185][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.227218][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.234052][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.256859][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.268012][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.283162][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.294972][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.302807][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.310321][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.319622][ T1077] device veth0_vlan entered promiscuous mode [ 35.332842][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.342071][ T1077] device veth1_macvtap entered promiscuous mode [ 35.375805][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.388593][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.420179][ T1123] loop2: detected capacity change from 0 to 256 [ 35.529209][ T1129] loop0: detected capacity change from 0 to 512 [ 35.691149][ T1129] EXT4-fs (loop0): orphan cleanup on readonly fs [ 35.701708][ T1129] EXT4-fs (loop0): 1 orphan inode deleted [ 35.709359][ T1129] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 35.837100][ T1144] loop1: detected capacity change from 0 to 1024 [ 35.897492][ T1144] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz.1.323: bad orphan inode 2097152 [ 35.908259][ T1144] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.916442][ T432] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 35.936145][ T1144] netlink: 12 bytes leftover after parsing attributes in process `syz.1.323'. [ 35.947673][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 35.961066][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.149000][ T976] device bridge_slave_1 left promiscuous mode [ 36.154968][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.162601][ T976] device bridge_slave_0 left promiscuous mode [ 36.168773][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.176550][ T976] device veth1_macvtap left promiscuous mode [ 36.182379][ T976] device veth0_vlan left promiscuous mode [ 36.217925][ T1153] netlink: 116 bytes leftover after parsing attributes in process `syz.1.326'. [ 36.226875][ T1153] netlink: 44 bytes leftover after parsing attributes in process `syz.1.326'. [ 36.235603][ T1153] netlink: 28 bytes leftover after parsing attributes in process `syz.1.326'. [ 36.344443][ T1158] loop0: detected capacity change from 0 to 1024 [ 36.369489][ T1162] loop1: detected capacity change from 0 to 2048 [ 36.387532][ T1162] Alternate GPT is invalid, using primary GPT. [ 36.393565][ T1162] loop1: p1 p2 p3 [ 36.417807][ T1158] EXT4-fs (loop0): Test dummy encryption mode enabled [ 36.424460][ T1158] EXT4-fs (loop0): Ignoring removed orlov option [ 36.437166][ T1158] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 36.476831][ T432] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.487629][ T432] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.497224][ T432] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 36.506030][ T432] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.508916][ T392] udevd[392]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 36.524715][ T358] udevd[358]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 36.524727][ T396] udevd[396]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 36.544235][ T432] usb 4-1: config 0 descriptor?? [ 36.554236][ T396] udevd[396]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 36.565039][ T311] udevd[311]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 36.575815][ T358] udevd[358]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 36.706009][ T1179] loop2: detected capacity change from 0 to 2048 [ 36.755000][ T1182] overlayfs: failed to resolve './file2': -2 [ 36.772332][ T1179] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 37.545193][ T1191] loop1: detected capacity change from 0 to 512 [ 37.650915][ T1191] EXT4-fs (loop1): orphan cleanup on readonly fs [ 37.661580][ T1191] EXT4-fs (loop1): 1 orphan inode deleted [ 37.669328][ T1191] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 37.889028][ T1200] loop0: detected capacity change from 0 to 1024 [ 37.896990][ T1200] EXT4-fs (loop0): Test dummy encryption mode enabled [ 37.906609][ T1200] EXT4-fs (loop0): Ignoring removed orlov option [ 37.914435][ T1200] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 38.074709][ T1222] loop1: detected capacity change from 0 to 2048 [ 38.138196][ T1222] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 38.616506][ T432] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #100: -71 [ 38.625217][ T432] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 38.633176][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 38.633189][ T30] audit: type=1400 audit(1719404255.214:261): avc: denied { create } for pid=1239 comm="syz.2.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 38.658343][ T432] uclogic 0003:256C:006D.0002: failed probing pen v1 parameters: -71 [ 38.668588][ T432] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 38.675963][ T432] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 38.684315][ T432] usb 4-1: USB disconnect, device number 2 [ 39.126928][ T1245] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.133831][ T1245] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.141359][ T1245] device bridge_slave_0 entered promiscuous mode [ 39.152781][ T1245] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.160708][ T1245] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.168552][ T1245] device bridge_slave_1 entered promiscuous mode [ 39.232488][ T1266] netlink: 44 bytes leftover after parsing attributes in process `syz.0.366'. [ 39.248368][ T1266] netlink: 43 bytes leftover after parsing attributes in process `syz.0.366'. [ 39.267066][ T1266] netlink: 'syz.0.366': attribute type 6 has an invalid length. [ 39.270087][ T1270] loop3: detected capacity change from 0 to 256 [ 39.274522][ T1266] netlink: 'syz.0.366': attribute type 5 has an invalid length. [ 39.274536][ T1266] netlink: 43 bytes leftover after parsing attributes in process `syz.0.366'. [ 39.297791][ T1272] loop1: detected capacity change from 0 to 2048 [ 39.310264][ T1245] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.317109][ T1245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.324171][ T1245] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.331006][ T1245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.348864][ T432] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.355867][ T432] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.363153][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.369665][ T1272] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 39.371969][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.391983][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.403788][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.405109][ T1270] FAT-fs (loop3): Directory bread(block 64) failed [ 39.410653][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.424402][ T1270] FAT-fs (loop3): Directory bread(block 65) failed [ 39.434006][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.444087][ T1270] FAT-fs (loop3): Directory bread(block 66) failed [ 39.450687][ T1270] FAT-fs (loop3): Directory bread(block 67) failed [ 39.457135][ T1270] FAT-fs (loop3): Directory bread(block 68) failed [ 39.463518][ T1270] FAT-fs (loop3): Directory bread(block 69) failed [ 39.469978][ T1270] FAT-fs (loop3): Directory bread(block 70) failed [ 39.476355][ T1270] FAT-fs (loop3): Directory bread(block 71) failed [ 39.482728][ T1270] FAT-fs (loop3): Directory bread(block 72) failed [ 39.489164][ T1270] FAT-fs (loop3): Directory bread(block 73) failed [ 39.491316][ T548] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.502376][ T548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.510533][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.528793][ T1270] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 39.531814][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.597037][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.790304][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.799407][ T1245] device veth0_vlan entered promiscuous mode [ 39.808033][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.815348][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.834536][ T1245] device veth1_macvtap entered promiscuous mode [ 39.841390][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.854010][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.869217][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.033627][ T1299] loop4: detected capacity change from 0 to 512 [ 40.181630][ T1299] EXT4-fs (loop4): orphan cleanup on readonly fs [ 40.192493][ T1299] EXT4-fs (loop4): 1 orphan inode deleted [ 40.200012][ T1299] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 40.216465][ T453] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 40.283710][ T976] device bridge_slave_1 left promiscuous mode [ 40.290482][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.298401][ T976] device bridge_slave_0 left promiscuous mode [ 40.304953][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.312703][ T976] device veth1_macvtap left promiscuous mode [ 40.318623][ T976] device veth0_vlan left promiscuous mode [ 40.335925][ T30] audit: type=1400 audit(1719404256.924:262): avc: denied { bind } for pid=1300 comm="syz.2.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 40.418199][ T1304] tun0: tun_chr_ioctl cmd 1074812118 [ 40.458340][ T30] audit: type=1400 audit(1719404257.054:263): avc: denied { read } for pid=1317 comm="syz.0.385" path="socket:[19771]" dev="sockfs" ino=19771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 40.483187][ T1316] device pim6reg1 entered promiscuous mode [ 40.519194][ T1325] loop1: detected capacity change from 0 to 512 [ 40.578181][ T1325] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 40.589209][ T1325] ext4 filesystem being mounted at /root/syzkaller.pAVNmi/33/file0 supports timestamps until 2038 (0x7fffffff) [ 40.612364][ T30] audit: type=1400 audit(1719404257.204:264): avc: denied { rename } for pid=1324 comm="syz.1.388" name="file0" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 40.612746][ T1325] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 40.636048][ T30] audit: type=1400 audit(1719404257.204:265): avc: denied { reparent } for pid=1324 comm="syz.1.388" name="file0" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 40.644675][ T453] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.665995][ T1325] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 40.686830][ T453] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.697000][ T453] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 40.705894][ T453] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.718044][ T453] usb 4-1: config 0 descriptor?? [ 40.801234][ T1347] tun0: tun_chr_ioctl cmd 1074812118 [ 40.818171][ T1350] device pim6reg1 entered promiscuous mode [ 40.871344][ T1356] syz.4.402[1356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.871440][ T1356] syz.4.402[1356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.961673][ T1366] device pim6reg1 entered promiscuous mode [ 41.068569][ T1368] loop4: detected capacity change from 0 to 512 [ 41.246097][ T1368] EXT4-fs (loop4): orphan cleanup on readonly fs [ 41.253787][ T1368] EXT4-fs (loop4): 1 orphan inode deleted [ 41.261450][ T1368] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 41.372895][ T1378] syz.0.411[1378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.372971][ T1378] syz.0.411[1378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.407369][ T30] audit: type=1400 audit(1719404257.994:266): avc: denied { ioctl } for pid=1377 comm="syz.0.411" path="socket:[19861]" dev="sockfs" ino=19861 ioctlcmd=0x48ca scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 41.459053][ T30] audit: type=1326 audit(1719404257.994:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1377 comm="syz.0.411" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d6cdbbae9 code=0x0 [ 41.482787][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 43.033631][ T1395] syz.2.415[1395] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.033702][ T1395] syz.2.415[1395] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.045727][ T453] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71 [ 43.065560][ T1396] netlink: 23 bytes leftover after parsing attributes in process `syz.1.414'. [ 43.080566][ T453] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 43.092110][ T453] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71 [ 43.108520][ T30] audit: type=1400 audit(1719404259.704:268): avc: denied { create } for pid=1391 comm="syz.1.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 43.136886][ T1396] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1396 comm=syz.1.414 [ 43.149314][ T453] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 43.179916][ T1403] tipc: Started in network mode [ 43.185217][ T1403] tipc: Node identity 40020020000000006e, cluster identity 8 [ 43.192518][ T453] uclogic: probe of 0003:256C:006D.0003 failed with error -71 [ 43.226939][ T453] usb 4-1: USB disconnect, device number 3 [ 43.258951][ T1415] loop1: detected capacity change from 0 to 2048 [ 43.331320][ T1415] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 44.193618][ T20] Bluetooth: hci0: command 0x1003 tx timeout [ 44.206569][ T1380] Bluetooth: hci0: sending frame failed (-49) [ 44.297952][ T1440] tipc: Started in network mode [ 44.302729][ T1440] tipc: Node identity 40020020000000006e, cluster identity 8 [ 44.353436][ T1450] loop4: detected capacity change from 0 to 1024 [ 44.378548][ T1450] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 44.394036][ T1454] loop3: detected capacity change from 0 to 2048 [ 44.416691][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 44.416704][ T30] audit: type=1400 audit(1719404261.014:271): avc: denied { relabelfrom } for pid=1455 comm="syz.2.439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 44.443992][ T30] audit: type=1400 audit(1719404261.034:272): avc: denied { relabelto } for pid=1455 comm="syz.2.439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 44.464952][ T1450] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,dioread_nolock,,errors=continue. Quota mode: none. [ 44.497944][ T1454] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 44.624965][ T30] audit: type=1326 audit(1719404261.214:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1461 comm="syz.4.440" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f596bcd1ae9 code=0x0 [ 44.824081][ T1470] tipc: Cannot configure node identity twice [ 44.960008][ T1473] netlink: 64 bytes leftover after parsing attributes in process `syz.2.444'. [ 44.968820][ T1473] netlink: 64 bytes leftover after parsing attributes in process `syz.2.444'. [ 45.291381][ T1489] loop3: detected capacity change from 0 to 1024 [ 45.300563][ T1447] loop1: detected capacity change from 0 to 131072 [ 45.323197][ T1489] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 45.337631][ T1489] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,dioread_nolock,,errors=continue. Quota mode: none. [ 45.370285][ T1447] F2FS-fs (loop1): Found nat_bits in checkpoint [ 45.407716][ T1447] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 45.434535][ T1500] loop3: detected capacity change from 0 to 128 [ 45.577847][ T1500] EXT4-fs (loop3): Ignoring removed oldalloc option [ 45.584532][ T1500] EXT4-fs (loop3): Unrecognized mount option "obj_user=" or missing value [ 45.656763][ T1500] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 45.703024][ T1500] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 45.729924][ T1500] fscrypt: sda1: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 2016 [ 45.786072][ T30] audit: type=1400 audit(1719404262.374:274): avc: denied { name_bind } for pid=1520 comm="syz.4.461" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 45.787508][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 45.837855][ T30] audit: type=1400 audit(1719404262.374:275): avc: denied { node_bind } for pid=1520 comm="syz.4.461" saddr=::ffff:172.20.20.170 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 45.896479][ T30] audit: type=1326 audit(1719404262.424:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1520 comm="syz.4.461" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f596bcd1ae9 code=0x0 [ 45.929119][ T30] audit: type=1400 audit(1719404262.514:277): avc: denied { ioctl } for pid=1525 comm="syz.1.457" path="socket:[20994]" dev="sockfs" ino=20994 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 45.998331][ T30] audit: type=1400 audit(1719404262.594:278): avc: denied { write } for pid=1530 comm="syz.2.463" name="uinput" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 46.022710][ T1531] input: syz1 as /devices/virtual/input/input4 [ 46.071264][ T30] audit: type=1326 audit(1719404262.664:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1532 comm="syz.2.464" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe053cd3ae9 code=0x0 [ 46.095441][ T30] audit: type=1400 audit(1719404262.694:280): avc: denied { create } for pid=1534 comm="syz.1.466" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 46.149599][ T1545] syz.1.470 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 46.197458][ T1555] input: syz1 as /devices/virtual/input/input5 [ 46.236508][ T306] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 46.268738][ T1561] loop3: detected capacity change from 0 to 512 [ 46.286481][ T6] Bluetooth: hci0: command 0x1001 tx timeout [ 46.292488][ T1380] Bluetooth: hci0: sending frame failed (-49) [ 46.308050][ T1561] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000008,grpquota,,errors=continue. Quota mode: writeback. [ 46.322886][ T1561] ext4 filesystem being mounted at /root/syzkaller.ujXFFJ/43/file0 supports timestamps until 2038 (0x7fffffff) [ 46.796556][ T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 46.807385][ T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 46.817001][ T306] usb 5-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 46.825874][ T306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 46.834288][ T306] usb 5-1: config 0 descriptor?? [ 46.970901][ T1590] input: syz1 as /devices/virtual/input/input6 [ 47.035758][ T1596] binder_alloc: 1595: binder_alloc_buf, no vma [ 47.071150][ T1602] loop2: detected capacity change from 0 to 2048 [ 47.148058][ T1602] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 47.889217][ T306] samsung 0003:0419:0001.0004: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.4-1/input0 [ 48.016475][ T1616] input: syz1 as /devices/virtual/input/input7 [ 48.166502][ T20] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 48.293137][ T1623] input: syz1 as /devices/virtual/input/input8 [ 48.335222][ T1629] binder_alloc: 1628: binder_alloc_buf, no vma [ 48.366452][ T293] Bluetooth: hci0: command 0x1009 tx timeout [ 48.426450][ T20] usb 2-1: Using ep0 maxpacket: 32 [ 48.546494][ T20] usb 2-1: config 0 has an invalid descriptor of length 110, skipping remainder of the config [ 48.556663][ T20] usb 2-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 48.565438][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.574188][ T20] usb 2-1: config 0 descriptor?? [ 48.616962][ T20] usb 2-1: bad CDC descriptors [ 48.761264][ T1637] netlink: 72 bytes leftover after parsing attributes in process `syz.3.504'. [ 48.822795][ T1612] loop1: detected capacity change from 0 to 16 [ 48.910833][ T1645] loop3: detected capacity change from 0 to 2048 [ 48.917243][ T1612] erofs: (device loop1): mounted with root inode @ nid 36. [ 48.979121][ T306] usb 2-1: USB disconnect, device number 4 [ 48.988872][ T1645] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 49.297811][ T306] usb 5-1: USB disconnect, device number 2 [ 49.336083][ T1652] loop4: detected capacity change from 0 to 1024 [ 49.397620][ T1652] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.417718][ T1652] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,dioread_nolock,,errors=continue. Quota mode: none. [ 49.765788][ T1671] loop1: detected capacity change from 0 to 512 [ 49.788103][ T1671] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.801116][ T1671] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 49.809281][ T1671] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.514: invalid indirect mapped block 2683928664 (level 1) [ 49.877673][ T1676] input: syz1 as /devices/virtual/input/input9 [ 49.900768][ T1671] EXT4-fs (loop1): Remounting filesystem read-only [ 49.982151][ T1671] EXT4-fs (loop1): 1 truncate cleaned up [ 50.047569][ T1671] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 50.502858][ T1680] loop3: detected capacity change from 0 to 512 [ 50.531721][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 50.543177][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 50.543226][ T30] audit: type=1326 audit(1719404267.134:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1685 comm="syz.2.519" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe053cd3ae9 code=0x0 [ 50.578744][ T1680] EXT4-fs (loop3): orphan cleanup on readonly fs [ 50.586050][ T1680] EXT4-fs (loop3): 1 orphan inode deleted [ 50.592081][ T1680] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 50.618527][ T1689] 9pnet: p9_errstr2errno: server reported unknown error 1 g;- [ 50.631097][ T933] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 50.651182][ T933] EXT4-fs (loop1): Remounting filesystem read-only [ 50.660069][ T933] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 50.672993][ T933] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 50.836098][ T1702] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.843232][ T1702] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.850711][ T1702] device bridge_slave_0 entered promiscuous mode [ 50.859216][ T1702] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.866039][ T1702] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.873333][ T1702] device bridge_slave_1 entered promiscuous mode [ 50.913026][ T1702] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.919890][ T1702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.927001][ T1702] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.933760][ T1702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.962568][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.970773][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.977978][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.998100][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.006057][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.012943][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.019355][ T1389] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 51.033471][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.041889][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.048734][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.055860][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.063568][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.077522][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.096520][ T306] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 51.112012][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.122203][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.133605][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.188677][ T1702] device veth0_vlan entered promiscuous mode [ 51.224950][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.251499][ T1702] device veth1_macvtap entered promiscuous mode [ 51.273290][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.284224][ T30] audit: type=1400 audit(1719404267.874:291): avc: denied { name_bind } for pid=1712 comm="syz.1.525" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 51.285716][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.329270][ T976] device bridge_slave_1 left promiscuous mode [ 51.335277][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.342686][ T976] device bridge_slave_0 left promiscuous mode [ 51.349270][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.357635][ T976] device veth1_macvtap left promiscuous mode [ 51.363528][ T976] device veth0_vlan left promiscuous mode [ 51.385051][ T30] audit: type=1400 audit(1719404267.974:292): avc: denied { write } for pid=1717 comm="syz.1.532" name="dev" dev="proc" ino=4026532305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 51.486677][ T1389] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.497680][ T1389] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.507507][ T1389] usb 3-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 51.516434][ T1389] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.546693][ T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.569973][ T1389] usb 3-1: config 0 descriptor?? [ 51.646633][ T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.697382][ T306] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 51.735613][ T306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.744280][ T306] usb 5-1: config 0 descriptor?? [ 51.841970][ T1719] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.850109][ T1719] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.857848][ T1719] device bridge_slave_0 entered promiscuous mode [ 51.864772][ T1719] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.871879][ T1719] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.879140][ T1719] device bridge_slave_1 entered promiscuous mode [ 51.928201][ T1719] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.935061][ T1719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.942178][ T1719] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.948942][ T1719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.978673][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.986313][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.994444][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.022820][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.030904][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.037758][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.045313][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.053355][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.060203][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.074628][ T30] audit: type=1400 audit(1719404268.664:293): avc: denied { create } for pid=1735 comm="syz.3.537" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 52.095427][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.103290][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.117632][ T1719] device veth0_vlan entered promiscuous mode [ 52.124107][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.133244][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.141120][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.148415][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.164868][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.176538][ T1389] samsung 0003:0419:0001.0005: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.2-1/input0 [ 52.190801][ T1719] device veth1_macvtap entered promiscuous mode [ 52.215935][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.235233][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.271089][ T1744] syz.1.541[1744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.271162][ T1744] syz.1.541[1744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.287427][ T324] Bluetooth: hci0: Frame reassembly failed (-84) [ 52.311363][ T30] audit: type=1326 audit(1719404268.904:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1743 comm="syz.1.541" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5d6843fae9 code=0x0 [ 52.416099][ T1753] input: syz1 as /devices/virtual/input/input10 [ 53.924438][ T432] usb 3-1: USB disconnect, device number 2 [ 53.998880][ T1764] loop0: detected capacity change from 0 to 512 [ 54.028441][ T1764] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.050119][ T1764] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 54.058515][ T1764] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.546: invalid indirect mapped block 2683928664 (level 1) [ 54.072697][ T1764] EXT4-fs (loop0): Remounting filesystem read-only [ 54.079409][ T1764] EXT4-fs (loop0): 1 truncate cleaned up [ 54.085011][ T1764] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 54.535481][ T1719] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 54.555699][ T306] uclogic 0003:256C:006D.0006: failed retrieving string descriptor #100: -71 [ 54.567304][ T306] uclogic 0003:256C:006D.0006: failed retrieving pen parameters: -71 [ 54.575242][ T306] uclogic 0003:256C:006D.0006: failed probing pen v1 parameters: -71 [ 54.583765][ T306] uclogic 0003:256C:006D.0006: failed probing parameters: -71 [ 54.591289][ T306] uclogic: probe of 0003:256C:006D.0006 failed with error -71 [ 54.599769][ T306] usb 5-1: USB disconnect, device number 3 [ 54.607720][ T1719] EXT4-fs (loop0): Remounting filesystem read-only [ 54.615130][ T1719] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 54.627972][ T976] device bridge_slave_1 left promiscuous mode [ 54.629885][ T1719] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 54.646584][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.654163][ T976] device bridge_slave_0 left promiscuous mode [ 54.660271][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.668087][ T976] device veth1_macvtap left promiscuous mode [ 54.673933][ T976] device veth0_vlan left promiscuous mode [ 55.236486][ T306] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 55.274835][ T1798] syz.4.559[1798] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.275636][ T1798] syz.4.559[1798] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.298599][ T1380] Bluetooth: hci0: sending frame failed (-49) [ 55.322729][ T30] audit: type=1326 audit(1719404271.914:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1796 comm="syz.4.559" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f596bcd1ae9 code=0x0 [ 55.462112][ T1799] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.469444][ T1799] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.476767][ T1799] device bridge_slave_0 entered promiscuous mode [ 55.483741][ T1799] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.494746][ T1799] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.502188][ T1799] device bridge_slave_1 entered promiscuous mode [ 55.563920][ T1799] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.570812][ T1799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.577911][ T1799] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.584681][ T1799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.623147][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.630858][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.638082][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.646787][ T306] usb 3-1: Using ep0 maxpacket: 8 [ 55.776565][ T30] audit: type=1400 audit(1719404272.324:296): avc: denied { append } for pid=1807 comm="syz.3.562" name="001" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 55.857105][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.865131][ T1789] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.872005][ T1789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.879237][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.928742][ T306] usb 3-1: config 3 has an invalid interface number: 209 but max is 1 [ 55.935154][ T1789] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.943583][ T1789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.951999][ T306] usb 3-1: config 3 has an invalid descriptor of length 199, skipping remainder of the config [ 55.963548][ T306] usb 3-1: config 3 has no interface number 0 [ 55.966593][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.969535][ T306] usb 3-1: config 3 interface 209 altsetting 2 has an invalid endpoint descriptor of length 5, skipping [ 55.979518][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.000137][ T306] usb 3-1: config 3 interface 209 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 56.008223][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.013314][ T306] usb 3-1: too many endpoints for config 3 interface 1 altsetting 7: 37, using maximum allowed: 30 [ 56.021649][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.035618][ T306] usb 3-1: config 3 interface 1 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 56.039410][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.051935][ T306] usb 3-1: config 3 interface 209 has no altsetting 0 [ 56.060416][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.065429][ T306] usb 3-1: config 3 interface 1 has no altsetting 0 [ 56.081178][ T1799] device veth0_vlan entered promiscuous mode [ 56.093278][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.101410][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.113295][ T1799] device veth1_macvtap entered promiscuous mode [ 56.126898][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.134513][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.144585][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.163675][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.171782][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.191027][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 56.202471][ T30] audit: type=1326 audit(1719404272.794:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1825 comm="syz.4.567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f596bcd1ae9 code=0x0 [ 56.246748][ T306] usb 3-1: New USB device found, idVendor=2040, idProduct=7070, bcdDevice=19.44 [ 56.256298][ T306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.264490][ T306] usb 3-1: Product: ᜡ౲Ꝛற⬮濤椽씤윷壥䴠쟂퇵姙篈ꍷٖퟔꭂꔈ䚤樓䖁慝骂얾柃璘ず깜䠖⫢垻醒솑悼ﶀ´贔驾屫জ䐱ꅮ欚背砀ὅ龜哢屖ꑟ帏醠랝쒇磈ᑘ泀棕ꞓ戦〧쯰ᬗ埶褴绖⮩뒍ཏ䌢⃽㪹㧅ꅺ䫵擠䦾銓뇰踉髫詓鵢쀥㞋绪잁왯놂 [ 56.295458][ T306] usb 3-1: Manufacturer: Џ [ 56.301031][ T306] usb 3-1: SerialNumber: Ћ [ 56.457187][ T976] device bridge_slave_1 left promiscuous mode [ 56.467879][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.477887][ T976] device bridge_slave_0 left promiscuous mode [ 56.484024][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.491920][ T976] device veth1_macvtap left promiscuous mode [ 56.498426][ T976] device veth0_vlan left promiscuous mode [ 56.586441][ T432] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 56.650238][ T1843] loop3: detected capacity change from 0 to 2048 [ 56.748245][ T1843] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 56.857283][ T1848] loop1: detected capacity change from 0 to 512 [ 57.016930][ T306] usb 3-1: MIDIStreaming interface descriptor not found [ 57.030624][ T1848] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.060059][ T1848] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 57.068736][ T1848] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.573: invalid indirect mapped block 2683928664 (level 1) [ 57.071077][ T306] usb 3-1: USB disconnect, device number 3 [ 57.092314][ T358] udevd[358]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:3.1/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 57.108035][ T1848] EXT4-fs (loop1): Remounting filesystem read-only [ 57.114772][ T1848] EXT4-fs (loop1): 1 truncate cleaned up [ 57.120571][ T1848] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 57.139854][ T432] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 57.151084][ T432] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 57.160717][ T432] usb 5-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 57.169574][ T432] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.178134][ T432] usb 5-1: config 0 descriptor?? [ 57.228344][ T1857] syz.0.575[1857] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.228385][ T1857] syz.0.575[1857] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.241752][ T976] Bluetooth: hci0: Frame reassembly failed (-84) [ 57.259630][ T30] audit: type=1326 audit(1719404273.854:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1856 comm="syz.0.575" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafacb61ae9 code=0x0 [ 57.364258][ T1702] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 57.384298][ T1702] EXT4-fs (loop1): Remounting filesystem read-only [ 57.391567][ T1702] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 57.403981][ T1702] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 57.526274][ T30] audit: type=1400 audit(1719404274.114:299): avc: denied { listen } for pid=1870 comm="syz.2.582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 57.584542][ T1874] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.591935][ T1874] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.599314][ T1874] device bridge_slave_0 entered promiscuous mode [ 57.608129][ T1874] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.614959][ T1874] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.622273][ T1874] device bridge_slave_1 entered promiscuous mode [ 57.661491][ T432] samsung 0003:0419:0001.0007: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.4-1/input0 [ 57.699829][ T1874] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.706685][ T1874] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.713802][ T1874] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.720580][ T1874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.740126][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.748309][ T432] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.755429][ T432] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.765941][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.774364][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.781223][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.790109][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.798380][ T1789] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.805219][ T1789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.820049][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.829144][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.850879][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.864683][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.872848][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.881323][ T1789] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.895225][ T1874] device veth0_vlan entered promiscuous mode [ 57.896677][ T1886] overlayfs: statfs failed on './file0' [ 57.901267][ T30] audit: type=1400 audit(1719404274.484:300): avc: denied { mounton } for pid=1885 comm="syz.3.587" path="/root/syzkaller.ujXFFJ/77/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 57.916921][ T1874] device veth1_macvtap entered promiscuous mode [ 57.945155][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.955117][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.964822][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.997504][ T976] device bridge_slave_1 left promiscuous mode [ 58.014678][ T976] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.022416][ T976] device bridge_slave_0 left promiscuous mode [ 58.029087][ T976] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.037821][ T976] device veth1_macvtap left promiscuous mode [ 58.043760][ T976] device veth0_vlan left promiscuous mode [ 58.118052][ T1898] loop0: detected capacity change from 0 to 512 [ 58.167990][ T1898] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.196304][ T1898] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 58.223350][ T1898] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.592: invalid indirect mapped block 2683928664 (level 1) [ 58.242150][ T1898] EXT4-fs (loop0): Remounting filesystem read-only [ 58.252085][ T1898] EXT4-fs (loop0): 1 truncate cleaned up [ 58.258135][ T1898] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 58.531924][ T1799] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 58.552411][ T1799] EXT4-fs (loop0): Remounting filesystem read-only [ 58.561407][ T1799] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 58.566512][ T20] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 58.582298][ T1799] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 58.833922][ T1914] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.842020][ T1914] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.849818][ T1914] device bridge_slave_0 entered promiscuous mode [ 58.859466][ T1914] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.866470][ T1914] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.873778][ T1914] device bridge_slave_1 entered promiscuous mode [ 58.936508][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.951466][ T1914] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.958365][ T1914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.965436][ T1914] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.972242][ T1914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.979455][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.989263][ T20] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 58.998234][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.006887][ T20] usb 3-1: config 0 descriptor?? [ 59.027374][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.035029][ T1790] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.043289][ T1790] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.056667][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.064712][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.071573][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.100220][ T30] audit: type=1400 audit(1719404275.694:301): avc: denied { create } for pid=1919 comm="syz.3.598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 59.121287][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.129459][ T1790] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.136304][ T1790] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.150474][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.158458][ T1922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.599'. [ 59.158579][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.184759][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.184911][ T1920] loop3: detected capacity change from 0 to 8192 [ 59.201091][ T1914] device veth0_vlan entered promiscuous mode [ 59.209864][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.211981][ T308] usb 5-1: USB disconnect, device number 4 [ 59.227248][ T45] device bridge_slave_1 left promiscuous mode [ 59.233184][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.241474][ T45] device bridge_slave_0 left promiscuous mode [ 59.248156][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.255945][ T45] device veth1_macvtap left promiscuous mode [ 59.262054][ T45] device veth0_vlan left promiscuous mode [ 59.299844][ T30] audit: type=1400 audit(1719404275.894:302): avc: denied { remount } for pid=1929 comm="syz.4.603" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 59.299876][ T1930] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 59.339519][ T1930] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 59.411338][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.418738][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.431540][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.446771][ T1790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.456144][ T30] audit: type=1400 audit(1719404276.044:303): avc: denied { write } for pid=1929 comm="syz.4.603" path="socket:[22409]" dev="sockfs" ino=22409 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 59.490909][ T1914] device veth1_macvtap entered promiscuous mode [ 59.498048][ T20] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 59.533612][ T20] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0008/input/input11 [ 59.561026][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.568856][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.577527][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.585606][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.593728][ T432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.629513][ T30] audit: type=1400 audit(1719404276.224:304): avc: denied { read } for pid=85 comm="acpid" name="event3" dev="devtmpfs" ino=518 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.651996][ T20] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 59.671824][ T30] audit: type=1400 audit(1719404276.224:305): avc: denied { open } for pid=85 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=518 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.730462][ T432] usb 3-1: USB disconnect, device number 4 [ 59.856470][ T1790] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 60.282238][ T1790] usb 1-1: Using ep0 maxpacket: 32 [ 60.309554][ T1978] device syzkaller0 entered promiscuous mode [ 60.566529][ T1790] usb 1-1: config 0 has an invalid descriptor of length 110, skipping remainder of the config [ 60.576768][ T1790] usb 1-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 60.585637][ T1790] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.594119][ T1790] usb 1-1: config 0 descriptor?? [ 60.637126][ T1790] usb 1-1: bad CDC descriptors [ 60.744912][ T1988] device pim6reg1 entered promiscuous mode [ 60.816615][ T1389] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 61.196577][ T1937] loop0: detected capacity change from 0 to 16 [ 61.206094][ T1937] erofs: (device loop0): mounted with root inode @ nid 36. [ 61.256769][ T1389] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 61.270051][ T1389] usb 4-1: New USB device found, idVendor=046d, idProduct=1017, bcdDevice= 0.00 [ 61.394236][ T1389] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.442002][ T1389] usb 4-1: config 0 descriptor?? [ 61.448887][ T312] usb 1-1: USB disconnect, device number 4 [ 61.486041][ T2023] device pim6reg1 entered promiscuous mode [ 61.497085][ T1389] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 61.707979][ T1978] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 61.856449][ T1389] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 61.926440][ T432] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 62.020816][ T2047] device pim6reg1 entered promiscuous mode [ 62.081951][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 62.081964][ T30] audit: type=1400 audit(1719404278.674:311): avc: denied { nlmsg_read } for pid=2054 comm="syz.0.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.082320][ T2055] netlink: 272 bytes leftover after parsing attributes in process `syz.0.657'. [ 62.148011][ T2061] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 62.286737][ T1389] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.299740][ T1389] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 62.314034][ T1389] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 62.323462][ T1389] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.364863][ T1389] usb 2-1: config 0 descriptor?? [ 62.405947][ T20] usb 4-1: USB disconnect, device number 4 [ 62.436457][ T432] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 62.446438][ T432] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 62.455033][ T432] usb 5-1: config 1 has no interface number 0 [ 62.461892][ T432] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.473224][ T432] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 62.482525][ T432] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 62.656813][ T432] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 62.674796][ T432] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.683114][ T432] usb 5-1: Product: syz [ 62.687501][ T432] usb 5-1: Manufacturer: syz [ 62.691944][ T432] usb 5-1: SerialNumber: syz [ 62.726640][ T30] audit: type=1400 audit(1719404279.324:312): avc: denied { watch } for pid=2079 comm="syz.3.668" path="/root/syzkaller.ujXFFJ/95/file0" dev="incremental-fs" ino=2040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 62.759885][ T2082] ------------[ cut here ]------------ [ 62.765171][ T2082] WARNING: CPU: 1 PID: 2082 at mm/page_alloc.c:5751 __alloc_pages+0x770/0x8f0 [ 62.774112][ T2082] Modules linked in: [ 62.777872][ T2082] CPU: 1 PID: 2082 Comm: syz.3.669 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 62.787599][ T2082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 62.797544][ T2082] RIP: 0010:__alloc_pages+0x770/0x8f0 [ 62.802715][ T2082] Code: df e9 aa fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ba fb ff ff e8 5f 11 05 00 48 ba 00 00 00 00 00 fc ff df e9 a6 fb ff ff <0f> 0b 45 31 e4 e9 73 fc ff ff 48 8d 4c 24 40 80 e1 07 80 c1 03 38 [ 62.822191][ T2082] RSP: 0018:ffffc90000a57a20 EFLAGS: 00010246 [ 62.828085][ T2082] RAX: 0000000000000004 RBX: 0000000000040dc0 RCX: ffffc90000a57a03 [ 62.835870][ T2082] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffc90000a57ab8 [ 62.843913][ T2082] RBP: ffffc90000a57b30 R08: dffffc0000000000 R09: ffffc90000a57a90 [ 62.844509][ T1389] plantronics 0003:047F:FFFF.0009: bogus close delimiter [ 62.852046][ T2082] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 62.860343][ T1389] plantronics 0003:047F:FFFF.0009: item 0 4 2 10 parsing failed [ 62.867068][ T2082] R13: 1ffff9200014af4c R14: 1ffff9200014af4e R15: 1ffff9200014af48 [ 62.874031][ T1389] plantronics 0003:047F:FFFF.0009: parse failed [ 62.882073][ T2082] FS: 00007f2472de26c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 62.887784][ T1389] plantronics: probe of 0003:047F:FFFF.0009 failed with error -22 [ 62.896620][ T2082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.916550][ T2082] CR2: 0000000020001540 CR3: 000000012ce19000 CR4: 00000000003506b0 [ 62.924776][ T2082] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.933290][ T2082] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.942718][ T2082] Call Trace: [ 62.945910][ T2082] [ 62.949108][ T2082] ? show_regs+0x58/0x60 [ 62.953345][ T2082] ? __warn+0x160/0x2f0 [ 62.958046][ T2082] ? __alloc_pages+0x770/0x8f0 [ 62.962676][ T2082] ? report_bug+0x3d9/0x5b0 [ 62.967367][ T2082] ? __alloc_pages+0x770/0x8f0 [ 62.972140][ T2082] ? handle_bug+0x41/0x70 [ 62.975008][ T2086] loop2: detected capacity change from 0 to 256 [ 62.976331][ T2082] ? exc_invalid_op+0x1b/0x50 [ 62.987275][ T2082] ? asm_exc_invalid_op+0x1b/0x20 [ 62.992150][ T2082] ? __alloc_pages+0x770/0x8f0 [ 62.996914][ T2082] ? prep_new_page+0x110/0x110 [ 63.001543][ T2082] ? do_vfs_ioctl+0xbc1/0x2a80 [ 63.006197][ T2082] ? memcpy+0x56/0x70 [ 63.010203][ T2082] ? __x64_compat_sys_ioctl+0x90/0x90 [ 63.015442][ T2082] kmalloc_order+0x4a/0x160 [ 63.019844][ T2082] kmalloc_order_trace+0x1a/0xb0 [ 63.024661][ T2082] __kmalloc+0x19c/0x270 [ 63.028779][ T2082] input_mt_init_slots+0xcf/0xa50 [ 63.033582][ T2082] ? mutex_lock_interruptible+0xb6/0x1e0 [ 63.093368][ T1789] usb 2-1: USB disconnect, device number 5 [ 63.106668][ T2082] uinput_create_device+0x522/0x630 [ 63.111714][ T2082] uinput_ioctl_handler+0xa63/0x16a0 [ 63.117952][ T2082] ? uinput_release+0x50/0x50 [ 63.126949][ T2090] loop0: detected capacity change from 0 to 128 [ 63.128076][ T2082] ? selinux_file_ioctl+0x3cc/0x540 [ 63.138103][ T2082] ? __fget_files+0x31e/0x380 [ 63.142560][ T2082] uinput_ioctl+0x28/0x30 [ 63.146742][ T2082] ? uinput_poll+0x120/0x120 [ 63.151147][ T2082] __se_sys_ioctl+0x114/0x190 [ 63.155658][ T2082] __x64_sys_ioctl+0x7b/0x90 [ 63.160408][ T2082] do_syscall_64+0x3d/0xb0 [ 63.164633][ T2082] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 63.170694][ T2082] RIP: 0033:0x7f2473b60ae9 [ 63.174967][ T2082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.194602][ T2082] RSP: 002b:00007f2472de2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.248401][ T2082] RAX: ffffffffffffffda RBX: 00007f2473ceefa0 RCX: 00007f2473b60ae9 [ 63.345815][ T2082] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000007 [ 63.359537][ T2094] attempt to access beyond end of device [ 63.359537][ T2094] loop0: rw=0, want=241, limit=128 [ 63.367908][ T2082] RBP: 00007f2473be1746 R08: 0000000000000000 R09: 0000000000000000 [ 63.377944][ T2082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.385788][ T2082] R13: 000000000000000b R14: 00007f2473ceefa0 R15: 00007ffce5f31a28 [ 63.393613][ T2082] [ 63.396539][ T2082] ---[ end trace 92f1882c14b1f402 ]--- [ 63.402360][ T45] attempt to access beyond end of device [ 63.402360][ T45] loop0: rw=1, want=1041, limit=128 [ 63.627092][ T2109] loop0: detected capacity change from 0 to 128 [ 63.803998][ T432] cdc_ncm 5-1:1.1: bind() failure [ 63.832372][ T2112] incfs: mount failed -22 [ 63.900469][ T2120] loop2: detected capacity change from 0 to 128 [ 64.045932][ T1389] usb 5-1: USB disconnect, device number 5 [ 64.172983][ T2120] attempt to access beyond end of device [ 64.172983][ T2120] loop2: rw=0, want=241, limit=128 [ 64.187660][ T45] attempt to access beyond end of device [ 64.187660][ T45] loop2: rw=1, want=1041, limit=128 [ 64.236671][ T2124] loop2: detected capacity change from 0 to 1024 [ 64.325673][ T2124] EXT4-fs (loop2): Ignoring removed orlov option [ 64.333354][ T2124] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 64.359346][ T2134] fscrypt (sda1, inode 2034): Direct key flag not allowed with different contents and filenames modes [ 64.369598][ T2137] syz.1.690[2137] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.370186][ T2137] syz.1.690[2137] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.381587][ T2124] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 64.431965][ T2124] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz.2.685: corrupt xattr in inline inode [ 64.445152][ T2124] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz.2.685: corrupted in-inode xattr [ 64.447378][ T2141] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 64.467561][ T2134] overlayfs: missing 'lowerdir' [ 64.473507][ T2141] SELinux: security_context_str_to_sid(s) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 64.499068][ T30] audit: type=1400 audit(1719404281.094:313): avc: denied { unlink } for pid=1077 comm="syz-executor" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 64.522376][ T1077] ================================================================== [ 64.530250][ T1077] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 64.538060][ T1077] Read of size 4 at addr ffff88812ad51000 by task syz-executor/1077 [ 64.545868][ T1077] [ 64.548052][ T1077] CPU: 1 PID: 1077 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 64.559322][ T1077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 64.569217][ T1077] Call Trace: [ 64.572340][ T1077] [ 64.575205][ T1077] dump_stack_lvl+0x151/0x1b7 [ 64.579718][ T1077] ? io_uring_drop_tctx_refs+0x190/0x190 [ 64.585186][ T1077] ? panic+0x751/0x751 [ 64.589094][ T1077] print_address_description+0x87/0x3b0 [ 64.594475][ T1077] kasan_report+0x179/0x1c0 [ 64.598822][ T1077] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 64.604286][ T1077] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 64.609757][ T1077] __asan_report_load4_noabort+0x14/0x20 [ 64.615220][ T1077] ext4_xattr_delete_inode+0xcd0/0xce0 [ 64.620514][ T1077] ? sb_end_intwrite+0x120/0x120 [ 64.625285][ T1077] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 64.631187][ T1077] ? ext4_journal_check_start+0x16c/0x230 [ 64.636742][ T1077] ? __kasan_check_read+0x11/0x20 [ 64.641601][ T1077] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 64.647328][ T1077] ? ext4_evict_inode+0xb8d/0x14e0 [ 64.652277][ T1077] ext4_evict_inode+0xea1/0x14e0 [ 64.657049][ T1077] ? _raw_spin_unlock+0x4d/0x70 [ 64.661737][ T1077] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 64.667464][ T1077] ? _raw_spin_unlock+0x4d/0x70 [ 64.672151][ T1077] ? inode_io_list_del+0x18b/0x1a0 [ 64.677098][ T1077] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 64.682918][ T1077] evict+0x2a3/0x630 [ 64.686648][ T1077] iput+0x63b/0x7e0 [ 64.690291][ T1077] vfs_rmdir+0x359/0x470 [ 64.694371][ T1077] do_rmdir+0x3ab/0x630 [ 64.698364][ T1077] ? d_delete_notify+0x160/0x160 [ 64.703139][ T1077] __x64_sys_unlinkat+0xdf/0xf0 [ 64.707825][ T1077] do_syscall_64+0x3d/0xb0 [ 64.712075][ T1077] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.717805][ T1077] RIP: 0033:0x7fe053cd3167 [ 64.722057][ T1077] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.741505][ T1077] RSP: 002b:00007ffc49fe7378 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 64.749743][ T1077] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe053cd3167 [ 64.757552][ T1077] RDX: 0000000000000200 RSI: 00007ffc49fe8520 RDI: 00000000ffffff9c [ 64.765365][ T1077] RBP: 00007fe053d4164a R08: 0000000000000000 R09: 0000000000000000 [ 64.773175][ T1077] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc49fe8520 [ 64.780987][ T1077] R13: 00007fe053d4164a R14: 000000000000fad6 R15: 00007ffc49fea700 [ 64.788813][ T1077] [ 64.791667][ T1077] [ 64.793835][ T1077] The buggy address belongs to the page: [ 64.799315][ T1077] page:ffffea0004ab5440 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12ad51 [ 64.809366][ T1077] flags: 0x4000000000000000(zone=1) [ 64.814409][ T1077] raw: 4000000000000000 ffffea0004a490c8 ffffea00049ee648 0000000000000000 [ 64.822824][ T1077] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 64.831240][ T1077] page dumped because: kasan: bad access detected [ 64.837492][ T1077] page_owner tracks the page as freed [ 64.842694][ T1077] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 2140, ts 64428246492, free_ts 64496022336 [ 64.857979][ T1077] post_alloc_hook+0x1a3/0x1b0 [ 64.862570][ T1077] prep_new_page+0x1b/0x110 [ 64.866912][ T1077] get_page_from_freelist+0x3550/0x35d0 [ 64.872290][ T1077] __alloc_pages+0x27e/0x8f0 [ 64.876719][ T1077] wp_page_copy+0x1d4/0x1b00 [ 64.881144][ T1077] do_wp_page+0x6fa/0xb60 [ 64.885308][ T1077] handle_pte_fault+0x7c0/0x24d0 [ 64.890083][ T1077] do_handle_mm_fault+0x1ea9/0x23a0 [ 64.895118][ T1077] exc_page_fault+0x26f/0x830 [ 64.899632][ T1077] asm_exc_page_fault+0x27/0x30 [ 64.904318][ T1077] page last free stack trace: [ 64.908832][ T1077] free_unref_page_prepare+0x7c8/0x7d0 [ 64.914124][ T1077] free_unref_page_list+0x14b/0xa60 [ 64.919159][ T1077] release_pages+0x1310/0x1370 [ 64.923758][ T1077] free_pages_and_swap_cache+0x8a/0xa0 [ 64.929053][ T1077] tlb_finish_mmu+0x177/0x320 [ 64.933566][ T1077] exit_mmap+0x40d/0x940 [ 64.937644][ T1077] __mmput+0x95/0x310 [ 64.941464][ T1077] mmput+0x5b/0x170 [ 64.945108][ T1077] do_exit+0xb9c/0x2ca0 [ 64.949101][ T1077] do_group_exit+0x141/0x310 [ 64.953527][ T1077] __x64_sys_exit_group+0x3f/0x40 [ 64.958387][ T1077] do_syscall_64+0x3d/0xb0 [ 64.962642][ T1077] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.968378][ T1077] [ 64.970539][ T1077] Memory state around the buggy address: [ 64.976009][ T1077] ffff88812ad50f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.983911][ T1077] ffff88812ad50f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.991805][ T1077] >ffff88812ad51000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.999702][ T1077] ^ [ 65.003609][ T1077] ffff88812ad51080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 65.011507][ T1077] ffff88812ad51100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 65.019402][ T1077] ================================================================== [ 65.027300][ T1077] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [