last executing test programs: 24.043741923s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) fallocate(r2, 0x0, 0x0, 0x2c2) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000080)) 23.462008094s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) rt_sigsuspend(0x0, 0x0) 23.282796565s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) unshare(0x2040600) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) 23.210340938s ago: executing program 0: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='cachefiles_read\x00'}, 0x10) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f00000000c0), 0x4) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x2}, 0x4) setsockopt$packet_int(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r7 = open(&(0x7f0000000080)='./bus\x00', 0x181102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x28011, r7, 0x0) 23.089065738s ago: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='fdinfo/3\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f00000016c0)=""/243, 0xf3}], 0x1, 0x0, 0x0) 23.08083892s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x0, 0x0}, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) write$binfmt_script(r2, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001200)=ANY=[@ANYBLOB="180000003edf79edf2d0cffccf88426690ad3d4100000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) syz_open_procfs(0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=r0, 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000140)={r5, 0x20, &(0x7f0000000100)={&(0x7f0000000200)=""/4096, 0x1000, 0x0, &(0x7f0000000040)=""/146, 0x92}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='ext4_sync_file_enter\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.740486612s ago: executing program 3: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0xa) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000114b4d8170200000000000000ee", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=@newqdisc={0x58, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x0, 0x8}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0xfffffffb}]}}}]}, 0x58}}, 0x0) socket(0x0, 0x0, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0xffffff4d, &(0x7f0000000480)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 3.563738042s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000500)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20) getgroups(0x0, 0x0) 3.523795289s ago: executing program 3: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) 3.513257751s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r5, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r5, &(0x7f0000000580)=ANY=[@ANYRES64], 0x100000530) 2.955086558s ago: executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) r2 = dup(r0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x24, r4, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x64004040) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x4}, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x24, &(0x7f0000000540)=ANY=[@ANYBLOB='gid=', @ANYRESHEX, @ANYBLOB="2c0300000000000000370d5800454a5fd760d8a81c788f3a66ff0ca3f9950047013f72611586edf5eefc10514ee5dd89fb39f5c83c3f206ffc5e792a744a369a41bb8f418b298fdc540544d7da2fad464afda58f20e30cb597bbaf1a44ef6e5f7c8af2cd1ed419150000000000000000000000123a4d2575f58f7706eebab005fac6f91ffba651786bdfc1342fbb2354a4"]) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r7}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000000)) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r8}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r9 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0) write$binfmt_misc(r10, &(0x7f0000000400)=ANY=[], 0x386) ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f00000002c0)={r10, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1701ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 2.902205287s ago: executing program 1: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/block/loop0', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d54549b}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b80a0000000f23c80f21f866350c00a0000f23f866b9800000c00f326635000400000f300fc76a002e0f080f23742e3b5753baf80c66b8f494f78e66efbafc0c66b83ac8000066efda6509", 0x4f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.857625705s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 2.843326697s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, 0x0, &(0x7f0000000400)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 2.627200575s ago: executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000000)={0x5, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 2.616338377s ago: executing program 3: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010700020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002fd0000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000d00)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001040)={0x14, 0x0, &(0x7f0000001000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.562077386s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0xfff, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708000000000010"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000000), 0x400000) 2.533885261s ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000480)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.freeze\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f00000001c0)='./bus\x00', 0x0) mkdirat(r3, &(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x20000f7a, &(0x7f0000000500)='./bus\x00', &(0x7f0000000240), 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x24810, 0x0, 0x3, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') socket$nl_route(0x10, 0x3, 0x0) setrlimit(0x1, &(0x7f0000000040)) rt_sigaction(0x19, &(0x7f0000000140)={&(0x7f0000000180)="366465f029144d00000081f30fc27f5e06ae0d0fd82e2e460f01d626f00994aff7000000c4c1796f960600000040cd00c4e2f1453c99f340a56544ca0c00", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000)) r4 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) pwritev2(r4, &(0x7f0000000380)=[{&(0x7f0000000280)="ef", 0x1}], 0x1, 0x0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006d100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10) munlockall() ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000300)={0x1100, 0x0, 0x0, 0x10000}) ioctl$FIBMAP(r2, 0x1, &(0x7f00000002c0)=0xfffffff9) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x40305839, &(0x7f0000000680)={'erspan0\x00', @link_local}) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r7, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000280)={@private1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r7, 0x29, 0x1000000000021, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet6(r7, &(0x7f0000000340)={&(0x7f00000000c0)={0xa, 0x4e25, 0x80000, @mcast2}, 0x1c, 0x0}, 0x0) 2.514318304s ago: executing program 4: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000a39000/0x1000)=nil, 0x1000, 0x0) mlock2(&(0x7f0000a32000/0xe000)=nil, 0xe000, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 1.628520078s ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000080)='mm_page_alloc\x00', r1}, 0x10) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x2040}}, 0x50) syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a10000000000000000000000000000000000000000000000000000000000000000000000000000000093160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f40000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff0000000000000000000000000000002000", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r4, 0x0, 0x18) 1.38896122s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000980)={{r0}, &(0x7f0000000900), &(0x7f0000000940)='%pK \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000008000001000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) timer_create(0x2, &(0x7f0000000440)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_btf_id_by_name$bpf_lsm(0x0) 1.318743181s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r5, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r5, &(0x7f0000000580)=ANY=[@ANYRES64], 0x100000530) 781.269274ms ago: executing program 4: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x2808000, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@shortname_lower}, {@numtail}, {@rodir}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {}, {@fat=@nocase}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@utf8no}, {@rodir}, {@shortname_mixed}, {@uni_xlateno}]}, 0x1, 0x29c, &(0x7f00000003c0)="$eJzs3M9qY1UYAPDvtkmbqpAsXIngBV24KtN5gglSYTArJQvdaHEyILlhIIFAqxhn5V5w5Tv4Dj6AG9/AhUvBnbMQr6T33uZP09ZAJh3C77fJl3POd/7d0xYK93zx9qD/5Nno6fNvfo9GI4m9R/EoXiTRir2ofBcAwC55kefxV164q20tDiIib5bf9rYwPQDgJVjn7z8AsBs++fSzj9qdzunHadqIGHw/7iZRfBb17afxVWTRiwfRjH8i8itF/MbjzmnU0rT6Z8D4KLoRg89/Lb+3/4y4zD+JZrSu53/4uHN6khbivcFk3J2OPP2sx2tJRDtPio4eRjPejMjrUXYyy3+4Ij+6B/H+uz+V8/+3F8fRjN++jGeRxZPLLmb5356k6Qf5j39/XaygG5FMxt3Dy3Yz+f7WHgoAAAAAAAAAAAAAAAAAAAAAADvvOL3Smr8/p7oN8Ph4df2N9wOVN/xM5u7XeZCmaXWNz7hbjyK/Fm/VonZ/KwcAAAAAAAAAAAAAAAAAAIBXx+j8on+WZb3hQvBLvlxyd1CbK6le618jfSHo/xyxftb/CWK/nFqWXBsiqao2MNbhOo2PVg0aezftYS2LYvI/rD+xdza1wFuD6nT1z5K4o3Fj9SGZO5lHZWfDUXLroV0M8hVbt39j1sGG1n7w+mY3c7ri+tVmLrZpTJ/kXEl9wz8pS5KX8vsHAAAAAAAAAAAAAAAAAACYGZ1fVC/2/nGt8vnWpwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA92J0ftE/y7LecBZEa7lkOZiUybe1qYLD4WjFsK0tLxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAd918AAAD//xJzWp4=") mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x8000, &(0x7f0000000200)={0x7}, 0x20) 765.202337ms ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000959800001801000020a0702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00001009040000022a3e7400090507"], 0x0) 421.151997ms ago: executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)) 411.001329ms ago: executing program 2: r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xf, 0x11012, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000f00)={{r2}, &(0x7f0000000e80), &(0x7f0000000ec0)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r3}, 0x10) getdents64(r1, &(0x7f0000002f40)=""/4098, 0x1002) 396.828811ms ago: executing program 2: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev, 0x20000}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52ae}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000180)={[{@iocharset={'iocharset', 0x3d, 'ascii'}}, {@discard}, {@dmask={'dmask', 0x3d, 0x7}}, {}, {@dmask={'dmask', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@gid}, {@errors_remount}, {@discard}]}, 0x81, 0x14f4, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+/+879f7fX3f/+3/ua5v1u+69vXsNfez1rPuWXPNc9/Pdc380HNUvRb1azcjIvEvgb8+pAghYoQQw4QQNwghAiFEpfhK8VeOF1CQ8q+9CPtzPZp+rTtg1xLPP2/j+edtPP+8jeeft/H88zaef97G88/beP6M5WXb5xS7kVfeXfz5f17G7///i+SWn/zNxvI39/pvpPD88zaef97G88/beP55G88/b+P5/+9X6z85xvPP23j+jOVl1/rzZ17Xdl3rnz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY3nDOX+VFkJceTzrvb/WfTHGGGOMMcYYY+zP4/Nf6w4YY4wxxhhjjDH2/x8IKZTQIhD5RH4RIwqIWHGdiBPXi4LiBhERN4p4cZMoJG4WhUURUVQUEwmiuCghjEBhBYlQlBSlRFTcIkqLW0WiKCPKinLCifIiSdwmKojbRUVxh6gk7hSVxV2iiqgqqonq4m5RQ9wjaopaora4V9QRdUU9UV/cJxqI+0VD8YBoJB4UjcVDool4WDQVj4hm4lHRXDwmWojHRUvxhGglWos2oq1o9/+U/4roK14V/UR/kSIGiIHiNTFIDBZDxFAxTLwuhos3xAjxpkgVI8Uo8ZYYLd4WY8Q7YqwYJ8aLd8UEMVFMEpPFFDFVpIn3xDTxvpguPhAzxEwxS8wW6WKOmCs+FPPEfLFAfCQWio/FIrFYLBFLRYb4RGSKZSJLfCqWi89EtlghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4XOwQO8UusVvsEXvFPvGF2C++FAfEVyJHfP3fzD/77/J7gQABEiRo0JAP8kEMxEAsxEIcxEFBKAgRiEA8xEMhKASFoTAUhaKQAAlQAkoAAgIBQUkoCVGIQmkoDYmQCGWhLDhwkARJUAFuh4pQESpBJagMlaEKVIWqUB2qQw2oATWhJtSG2lAH6kA9qAf3wX1wPzSEhtAIGkFjaAxNoAk0habQDJpBc2gOLaAFtISW0ApaQRtoA+2gHbSH9tABOkAn6ASdoTN0gS6QDMnQFbpCN+gG3aE79IAe0BN6Qi/oDb3hFXgFXoVXoT/UkQNgIAyEQTAIhsBQGAqvw3B4A96ANyEVRsIoeAvegrdhDJyBsTAOxsN4qCEnwiSYDCSnQhqkwTSYBtNhOsyAmTATZkM6zIG5MBfmwXyYDx/BQvgYPobFsBiWQgZkQCYsgyzIguVwFrJhBayEVbAa1sBqWAfrYR1shE2wEbbAFtgG2+Bz+Bx2wk7YDbthL+yFL+AL+BK+hFTIgRw4CAfhEByCw3AYciEXjsAROApH4Rgcg+NwHE7ASTgFJ+E0nIYzcBbOwTm4ABfgIryU8F3zvWU2pAp5hZZa5pP5ZIyMkbEyVsbJOFlQFpQRGZHxMl4WkoVkYVlYFpVFZYJMkCVkCYkSJclQlpQlZVRGZWlZWibKRFlWlpVOOpkkk2QFWUFWlBVlJXmnrCzvklVkVdnRVZfVZQ3ZydWUtWRtWVvWkXVlPVlfxgkhGsiGsqFsJBvJxrKxbCIflk3lABgCj8ork2khR0JLOQpaydayjWwr34YnZXs5BjrIjrKTfFqOg7HQRbZ3yfI52VVOgm7yBTkZXpQ95FToKV+WvWRv2Ue+IvvKDq6f7C9nwAA5UM6GQXKwHCKHynlQV16ZWD35pkyVI+Uo+ZZcCm/LMfIdOVaOk+Plu3KCnCgnyclyipwq0+R7cpp8X06XH8gZcqacJWfLdDlHzpUfynlyvlwgP5IL5cdykVwsl8ilMkN+IjPlMpklP5XL5WcyW66QK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2uV1+LnfInXKX3C33yL1yn/xC7pdfygPyK5kjv5YH5V/kIfmNPCy/lbnyO3lEfi+Pyh/kMfmjPC5/kifkSXlK/ixPy1/kGXlWnpPn5QX5q7woL8nL0kuhQEmllFaByqfyqxhVQMWq61Scul4VVDeoiLpRxaubVCF1syqsiqiiqphKUMVVCWUUKqtIhaqkKqWi6hZVWt2qElUZVVaVU06VV0nqNlVB3a4qqjtUJXWnqqzuUlVUVVVNVVd3qxrqHlVT1VK11b2qjqqr6qn66j7VQN2vGqoHVCP1oGqsHlJN1MOqqXpENVOPqubqMdVCPa5aqidUK9VatVFtVTv1pGqvnlIdVEfVST2tOqtnVBf1rEpWz6mu6nnVTb2guqsXVQ/1kuqpXla9VG/VR11Sl5VX/VR/laIGqIHqNTVIDVZD1FA1TL2uhqs31Aj1pkpVI9Uo9ZYard5WY9Q7aqwap8ard9UENVFNUpPVFDVVpan31DT1vpquPlAz1Ew1S81W6WqOGvK3Sgv+C/nv/5P8Eb+9+ja1XX2udqidapfarfaovWqf2qf2q/3qgDqgclSOOqgOqkPqkDqsDqtclauOqCPqqDqqjqlj6rg6rk6ok+q8+lmdVr+oM+qsOqvOqwvqgrr4t++B0KClVlrrQOfT+XWMLqBj9XU6Tl+vC+obdETfqOP1TbqQvlkX1kV0UV1MJ+jiuoQ2GrXVpENdUpfSUX2LLq1v1Ym6jC6ry2mny+skfdu/nP9H/bXT7XR73V530B10J91Jd9addRfdRSfrZN1Vd9XddDfdXXfXPXQP3VP31L10L91H99F9dV/dT/fTKTpFD9Sv6UF6sB6ih+ph+nU9XA/XI/QInapT9Sg9So/Wo/UYPUaP1WP1eD1eT9AT9CQ9SU/RU3SaTtPT9DQ9XU/XM/QMPUvP0uk6Xc/Vc/U8PU8v0Av0Qr1QL9KL9BK9RGfoDJ2pM3WWztLL9XKdrVfoFXqVXqXX6DV6nV6nN+gNepPepLfoLTpbb9fb9Q69Q+/Su/QevUfv0/v0fr1fH9AHdI7O0Qf1QX1IH9KH9WGdq3P1EX1EH9VH9TF9TB/Xx/UJfUKf0qf0aX1an9Fn9Dl9Tl/QF/RFfVFf1pevXPYFMpCBDnSQL8gXxAQxQWwQG8QFcUHBoGAQCSJBfBAfFApuDgoHRYKiQbEgISgelAhMgIENKAiDkkGpIBrcEpQObg0SgzJB2aBc4ILyQVJwW1AhuD2oGNwRVAruDCoHdwVVgqpBtaB6cHdQI7gnqBnUCmoH9wZ1grpBvaB+cF/QILg/aBg8EDQKHgwaBw8FTYKHg6bBI0Gz4NGgefBY0CJ4PGgZPBG0CloHbYK2Qbs/tb73Z4o85fqZ/ibFxJiB5jUzyAw2Q8xQM8y8boabN8wI86ZJNSPNKPOWGW3eNmPMO2asGWfGm3fNBDPRTDKTzRQz1aSZ98w0876Zbj4wM8xMM8vMNulmjplrPjTzzHyzwHxkFpqPzSKz2CwxS02G+cRkmmUmy3xqlpvPTLZZYVaaVWa1WWPWmnVmvdlgNppNZrPZYraabWa7+dzsMDvNLrPb7DF7zT7zhdlvvjQHzFcmx3xtDpq/mEPmG3PYfGtyzXfmiPneHDU/mGPmR3Pc/GROmJPmlPnZnDa/mDPmrDlnzpsL5ldz0Vwyl42/cnF/5e0dNWrMh/kwBmMwFmMxDuOwIBbECEYwHuOxEBbCwlgYi2JRTMAELIEl8ApCwpJYEqMYxdJYGhMxEctiWXToMAmTsAJWwIpYESthJayMlbEKVsFqWA3vxrvxHrwHa2EtvBfvxbpYF+tjfWyADbAhNsRG2AgbY2Nsgk2wKTbFZtgMm2NzbIEtsCW2xFbYCttgG2yH7bA9tscO2AE7YSfsjJ2xC3bBZEzGrtgVu2E37I7dsQf2wJ7YE3thL+yDfbAv9sV+2A9TMAUH4kAchINwCA7BYTgMh+NwHIEjMBVTcRSOwtE4GsfgGByL43A8vosTcCJOwsk4BadiGqbhNJyG03E6zsAZOAtnYTqm41yci/NwHi7ABbgQF+IiIXAJLsEMzMBMzMQszMLluByzMRtX4kpcjatxLa7F9bgeN+JG3IybcStuxe24HXfgDtyFu3AP7sF9uA/34348gAcwB3PwIB7EQ3gID+NhzMVcPIJH8CgexWN4DI/jcTyBJ/AUnsLTeBrP4Bk8h+fwAv6KF/ESXkaPMVaKWHudjbPX24L2BhtjC9i/j4vaYjbBFrclrLGFbZF/iNFam2jL2LK2nHW2vE2yt/0urmKr2mq2ur3b1rD32Jq/ixvY+21D+4BtZB+09e19/xA3tg/ZJvZx29Q+YZvZ1ra5bWtb2MdtS/uEbWVb2za2re1sn7Fd7LM22T5nu9rnfxdn2mV2vd1gN9pNdr/90p6z5+1R+4O9YH+1/Wx/O8y+bofbN+wI+6ZNtSN/F4+379oJdqKdZCfbKXbq7+JZdrZNt3PsXPuhnWfn/y7OsJ/YhTbLLrKL7RK79Lf4Sk9Z9lO73H5ms+0Ku9KusqvtGrvWrvu3XlfZLXar3Wb32S/sDrvT7rK77R6797f4ynkcsF/ZHPu1PWK/t4fsN/awPWZz7Xe/xVfO75j90R63P9kT9qQ9ZX+2p+0v9ow9+9v5Xzn3n+0le9l6KwhIkiJNAeWj/BRDBSiWrqM4up4K0g0UoRspnm6iQnQzFaYiVJSKUQIVpxJkCMkSUUglqRRF6RYqTbdSIpWhslSOHJWnJLqNKtDtVJHuoEp0J1Wmu6gKVaVqVJ3uphp0D9WkWlSb7qU6VJfqUX26jxrQ/dSQHqBG9CA1poeoCT1MTekRakaPUnN6jFrQ49SSnqBW1JraUFtqR09Se3qKOlBH6kRPU2d6hrrQs5RMz1FXep660QvUnV6kHvQS9aSXqRf1pj70CvWlV6kf9acUGkAD6TUaRINpCA2lYfQ6Dac3aAS9Sak0kkbRWzSa3qYx9A6NpXE0nt6lCTSRJtFkmkJTKY3eo2n0Pk2nD2gGzaRZNJvSaQ7NpQ9pHs2nBfQRLaSPaREtpiW0lDLoE8qkZZRFn9Jy+oyyaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRtvpc9pBO2kX7aY9tJf20Re0n76kA/QV5dDXdJD+QofoGzpM31IufUdH6Hs6Sj/QMfqRjtNPdIJO0in6mU7TL3SGztI5Ok8X6Fe6SJfoMnkSIYQyVKEOgzBfmD+MCQuEseF1YVx4fVgwvCGMhDeG8eFNYaHw5rBwWCQsGhYLE8LiYYnQhBjakMIwLBmWCqPhLWHp8NYwMSwTlg3LhS4sHyaFt4UVwtvDiuEdYaXwzrByeFdYJawaPv5g9fDusEZ4T1gzrBXWDu8N64R1w3ph/fC+sEF4f9gwfCBsFD4YVgwfCpuED4dNw0fCZuGjYfPwsbBF+HjYMnwibBW2DtuEbcN24ZNh+/CpsEPYMewUPh12Dp8Ju4TPhsnhc2HX8Pk/PJ4SDggHhq+Fr4XeP6CWRJdGM6KfRDOjy6JZ0U+jy6OfRbOjK6Iro6uiq6Nromuj66LroxuiG6ObopujW6Jbo9ui3tfPLxw46ZTTLnD5XH4X4wq4WHedi3PXu4LuBhdxN7p4d5Mr5G52hV0RV9QVcwmuuCvhjENnHbnQlXSlXNTd4kq7W12iK+PKunLOufIuybV17Vw719495Tq4jq6Te9o97Z5xz7hn3bPuOdfVPe+6uRdcd/ei6+Feci+5l10v19v1ca+4vu5V18/1dykuxQ10A90gN8gNcUPcMDfMDXfD3Qg3wqW6VDfKjXKj3Wg3xo1xY91YN96NdxPcBDfJTXJT3BSX5tLcNDfNTXfT3Qw3w81ys1y6S3dz3Vw3z81zC9wCtzBxoVvkFrklbonLcBku02W6LJfllrvlLttlu5VupVvtVru1bq1b79a7jW6j2+w2u61uq9vutrsdbofb5Xa5PW6P2+f2uf1uvzvgDrgcl+MOuoPukDvkDrtvXa77zh1x37uj7gd3zP3ojruf3Al30p1yP7vT7hd3xp1159x5d8H96i66S+6y8y4t8l5kWuT9yPTIB5EZkZmRWZHZkfTInMjcyIeReZH5kQWRjyILIx9HFkUWR5ZElkYyIp9EMiPLIlmRTyPLI59FsiMrIisjqyKrI2si3hffEfqSvpSP+lt8aX+rT/RlfFlfzjtf3if523wFf7uv6O/wlfydvrK/y1fxVX01/4Rv5Vv7Nr6tb+ef9O39U76D7+g7+ad9Z/+M7+Kf9cn+Od/VP++7+Rd8d/+i7+Ff8j39y76X7+37+Fd8X/+q7+f7+xQ/wA/0r/lBfrAf4of6Yf51P9y/4Uf4N32qH+lH+bf8aP+2H+Pf8WP9OD/ev+sn+Il+kp/sp/ipPs2/56f59/10/4Gf4Wf6WX62T/dz/Fz/oZ/n5/sF/iO/0H/sF/nFfolf6jP8Jz7TL/NZ/lO/3H/ms/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9536H3+l3+d1+j9/r9/kv/H7/pT/gv/I5/mt/0P/FH/Lf+MP+W5/rv/NH/Pf+qP/BH/M/+uP+J3/Cn/Sn/M/+tP/Fn/Fn/Tl/3l/wv/qL/pK/zH+zxhhjjDH2X6L+4PiAf/I1+bd1xUAhxPU7i+X++5qbC/91P1gmdI4IIZ7r3/PR/7vq1ElJSfnbc7OVCEotFkJErubnE1fjFaKTeEYki46iwj/tb7DsfYH+oH70TiFi/y4nRlyNr9a//T+o/+TT4zMrh+fi/5P6i4VILHU1p4C4Gl+tX/E/qF+k/R/0X+CbNCE6/F1OnLgaX62fJJ4Sz4vkf3gmY4wxxhhjjDH2V4Nlte5/dP985f48QV/NyS+uxn90f84YY4wxxhhjjLFr78XefZ59Mjm5Y3fe8IY3vPm3zbX+zcQYY4wxxhj7s1296L/WnTDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY3nX/8S/E7vW58gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xda/8nAAD//wkPOlo=") 115.88523ms ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xdb, 0xdb, 0x5, [@restrict={0x0, 0x0, 0x0, 0xb, 0x2}, @ptr={0x1, 0x0, 0x0, 0x2, 0x2}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x5, 0x2}}, @datasec={0x3, 0x4, 0x0, 0xf, 0x3, [{0x2, 0x7f, 0x7fffffff}, {0x1, 0x7fffffff, 0x2}, {0x4, 0x200, 0x6}, {0x5, 0x6d000000, 0x10000}], "859420"}, @ptr={0x8, 0x0, 0x0, 0x2, 0x1}, @enum={0x0, 0x4, 0x0, 0x6, 0x4, [{0xd}, {0xf, 0xe0000000}, {0x2, 0x8}, {0x4, 0x4}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1, 0x8}}, @int={0xf, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, 0x7f, 0x1}, @restrict]}, {0x0, [0x61, 0x5f, 0x0]}}, &(0x7f0000000840)=""/238, 0xf9, 0xee, 0x0, 0x4}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@RTM_NEWMDB={0x38, 0x55, 0x1, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x0, {@ip4=@local, 0x800}}}]}, 0x38}, 0x1, 0xf00}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$TUNSETOFFLOAD(r3, 0x40086607, 0x20001412) syz_emit_ethernet(0xfdef, &(0x7f0000001800)={@link_local={0x1, 0x76}, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x16}}}}}, 0x0) 11.194358ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1: mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000640)=ANY=[@ANYBLOB='h'], 0x168) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) sendmsg$AUDIT_SIGNAL_INFO(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f2, 0x1, 0x70bd2c, 0x25dfdbfb, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000080}, 0x44) write$cgroup_int(r7, &(0x7f0000000000), 0xffffff6a) ioctl$FS_IOC_RESVSP(r7, 0x4030582b, &(0x7f0000000300)={0x1100, 0x0, 0x0, 0x2a40}) ioctl$FIBMAP(r7, 0x1, &(0x7f0000000080)) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r8, 0x0) kernel console output (not intermixed with test programs): with error -22 [ 687.536384][ T377] usb 3-1: USB disconnect, device number 59 [ 687.544105][ T1733] acrux 0003:1A34:0802.0093: unknown main item tag 0x0 [ 687.551683][ T1733] acrux 0003:1A34:0802.0093: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 687.562665][ T1733] acrux 0003:1A34:0802.0093: no inputs found [ 687.568527][ T1733] acrux 0003:1A34:0802.0093: Failed to enable force feedback support, error: -19 [ 687.751450][ T24] usb 1-1: USB disconnect, device number 57 [ 688.047263][ T28] audit: type=1326 audit(1718701287.450:25551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17579 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2b787cf29 code=0x7fc00000 [ 688.347110][T17606] syz-executor.2[17606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 688.347181][T17606] syz-executor.2[17606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 689.024569][ T28] audit: type=1400 audit(1718701288.431:25552): avc: denied { execmod } for pid=17620 comm="syz-executor.1" path="/root/syzkaller-testdir807155471/syzkaller.Y9xIyl/221/blkio.throttle.io_serviced_recursive" dev="sda1" ino=1959 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 689.069025][T17625] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 689.087014][ T28] audit: type=1326 audit(1718701288.491:25553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17619 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891ce7cf29 code=0x7fc00000 [ 689.133047][T17626] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 689.133231][ T28] audit: type=1326 audit(1718701288.541:25554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17619 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f891ce7cf29 code=0x7fc00000 [ 689.249434][T17628] loop2: detected capacity change from 0 to 256 [ 689.965065][T17655] loop2: detected capacity change from 0 to 2048 [ 689.983373][T17655] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz-executor.2: bad orphan inode 8192 [ 689.993943][T17655] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 690.556240][T17675] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 690.558532][T17673] loop3: detected capacity change from 0 to 512 [ 690.578936][T17675] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 690.589649][T17673] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 690.868796][T16728] EXT4-fs (loop2): unmounting filesystem. [ 691.603228][T17706] loop3: detected capacity change from 0 to 256 [ 691.814482][T17713] loop2: detected capacity change from 0 to 512 [ 691.825156][T17715] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 691.838994][T17713] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 691.852064][T17713] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 691.864138][T17713] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 691.877023][T17713] EXT4-fs (loop2): 1 orphan inode deleted [ 691.882699][T17713] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 691.893728][T17713] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 691.949127][T16728] EXT4-fs (loop2): unmounting filesystem. [ 691.995446][T17722] syz-executor.4[17722] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 691.995545][T17722] syz-executor.4[17722] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 692.432109][T17743] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.1'. [ 692.453259][T17743] device gretap0 entered promiscuous mode [ 692.467630][T17743] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'. [ 692.476895][T17743] 0XD: renamed from gretap0 [ 692.482421][T17743] device 40XD left promiscuous mode [ 692.488504][T17743] A link change request failed with some changes committed already. Interface 40XD may have been left with an inconsistent configuration, please check. [ 692.504026][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 692.504052][ T28] audit: type=1326 audit(1718701291.893:25556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.534552][ T28] audit: type=1326 audit(1718701291.893:25557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.558554][ T28] audit: type=1326 audit(1718701291.893:25558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.583720][ T28] audit: type=1326 audit(1718701291.893:25559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.608033][ T28] audit: type=1326 audit(1718701291.893:25560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.633583][ T28] audit: type=1326 audit(1718701291.893:25561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.657673][ T28] audit: type=1326 audit(1718701291.893:25562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.681653][ T28] audit: type=1326 audit(1718701291.893:25563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.706021][ T28] audit: type=1326 audit(1718701291.893:25564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.731803][T17749] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.742791][T17749] device bridge_slave_0 left promiscuous mode [ 692.748753][T17749] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.759399][ T28] audit: type=1326 audit(1718701291.893:25565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17741 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 692.785080][T17752] loop0: detected capacity change from 0 to 512 [ 692.793640][T17752] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 692.806037][T17752] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 692.818607][T17752] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 692.827722][T17752] EXT4-fs (loop0): unmounting filesystem. [ 693.147025][T17765] loop4: detected capacity change from 0 to 2048 [ 693.166600][T17761] loop2: detected capacity change from 0 to 40427 [ 693.180405][T17761] F2FS-fs (loop2): Wrong segment_count / block_count (64 > 16384) [ 693.182018][T17765] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 693.188245][T17761] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 693.196774][T17765] ext4 filesystem being mounted at /root/syzkaller-testdir1804600312/syzkaller.fpejhq/40/file0 supports timestamps until 2038 (0x7fffffff) [ 693.207218][T17761] F2FS-fs (loop2): Found nat_bits in checkpoint [ 693.223825][T17765] fs-verity (loop4, inode 13): Unknown hash algorithm number: 0 [ 693.255119][T17761] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 693.262079][T17761] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 693.288161][T17228] EXT4-fs (loop4): unmounting filesystem. [ 693.365405][T16728] syz-executor.2: attempt to access beyond end of device [ 693.365405][T16728] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 693.559042][T17783] loop4: detected capacity change from 0 to 512 [ 693.576244][T17783] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 693.584190][T17783] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 693.592745][T17783] EXT4-fs (loop4): 1 truncate cleaned up [ 693.598245][T17783] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 693.762927][T17791] loop2: detected capacity change from 0 to 256 [ 694.004374][T17228] EXT4-fs (loop4): unmounting filesystem. [ 694.019122][T17798] tipc: Failed to remove unknown binding: 66,1,1/0:3255894258/3255894260 [ 694.027656][T17798] tipc: Failed to remove unknown binding: 66,1,1/0:3255894258/3255894260 [ 694.612690][T17822] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 694.621872][T17822] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 694.631089][T17823] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 694.645180][T17822] 9pnet_fd: Insufficient options for proto=fd [ 694.652677][T17822] serio: Serial port pts0 [ 694.853707][T17833] tipc: Failed to remove unknown binding: 66,1,1/0:206025743/206025745 [ 694.862089][T17833] tipc: Failed to remove unknown binding: 66,1,1/0:206025743/206025745 [ 695.042385][T17842] fuse: Bad value for 'fd' [ 695.251246][T17851] incfs: Backing dir is not set, filesystem can't be mounted. [ 695.258700][T17851] incfs: mount failed -2 [ 695.434316][T17862] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 695.443887][T17862] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 695.459838][T17862] 9pnet_fd: Insufficient options for proto=fd [ 695.467585][T17862] serio: Serial port pts0 [ 695.957556][T17887] loop4: detected capacity change from 0 to 256 [ 695.992285][T17880] loop3: detected capacity change from 0 to 40427 [ 696.020529][T17880] F2FS-fs (loop3): Wrong segment_count / block_count (64 > 16384) [ 696.029939][T17880] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 696.077369][T17880] F2FS-fs (loop3): Found nat_bits in checkpoint [ 696.169138][T17880] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 696.176190][T17880] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 696.275252][T17295] syz-executor.3: attempt to access beyond end of device [ 696.275252][T17295] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 696.614230][T17911] loop2: detected capacity change from 0 to 512 [ 696.640798][T17911] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 696.649076][T17911] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 696.657387][T17911] EXT4-fs (loop2): 1 truncate cleaned up [ 696.663047][T17911] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 696.800488][T16728] EXT4-fs (loop2): unmounting filesystem. [ 696.989580][T17930] incfs: Backing dir is not set, filesystem can't be mounted. [ 696.996923][T17930] incfs: mount failed -2 [ 697.206700][T17938] syz-executor.1[17938] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 697.207004][T17938] syz-executor.1[17938] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 697.424448][T17941] binder: 17937:17941 ioctl 80087601 20000280 returned -22 [ 697.557255][ T28] kauditd_printk_skb: 37 callbacks suppressed [ 697.557271][ T28] audit: type=1326 audit(1718701296.965:25603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17943 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f891ce7cf29 code=0x0 [ 698.465582][ T28] audit: type=1326 audit(1718701297.876:25604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.490021][ T28] audit: type=1326 audit(1718701297.876:25605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.518572][ T28] audit: type=1326 audit(1718701297.876:25606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.542903][ T28] audit: type=1326 audit(1718701297.876:25607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.567457][ T28] audit: type=1326 audit(1718701297.876:25608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.591521][ T28] audit: type=1326 audit(1718701297.876:25609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.615469][ T28] audit: type=1326 audit(1718701297.876:25610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.639456][ T28] audit: type=1326 audit(1718701297.876:25611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.663471][ T28] audit: type=1326 audit(1718701297.876:25612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17979 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff43247cf29 code=0x7ffc0000 [ 698.910303][T17997] syz-executor.4[17997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.910359][T17997] syz-executor.4[17997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.922835][T17997] syz-executor.4[17997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.934756][T17997] syz-executor.4[17997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.946994][T17997] syz-executor.4[17997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.958652][T17997] syz-executor.4[17997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.997362][T17999] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 699.507154][T18014] loop4: detected capacity change from 0 to 512 [ 699.522533][T18014] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 699.538082][T18014] [EXT4 FS bs=4096, gc=1, bpg=71, ipg=32, mo=a842c09c, mo2=0000] [ 699.545857][T18014] System zones: 0-2, 18-18, 34-34 [ 699.551895][T18014] EXT4-fs (loop4): 1 orphan inode deleted [ 699.557497][T18014] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 699.566252][T18014] ext4 filesystem being mounted at /root/syzkaller-testdir1804600312/syzkaller.fpejhq/60/file1 supports timestamps until 2038 (0x7fffffff) [ 699.645309][T17228] EXT4-fs (loop4): unmounting filesystem. [ 699.746915][T18023] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.754035][T18023] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.888066][T18029] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 700.015418][T18033] loop2: detected capacity change from 0 to 128 [ 700.053868][T18033] syz-executor.2: attempt to access beyond end of device [ 700.053868][T18033] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 700.290619][T18041] syz-executor.2: attempt to access beyond end of device [ 700.290619][T18041] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 700.555110][T18050] input: syz0 as /devices/virtual/input/input142 [ 700.662199][T18057] loop0: detected capacity change from 0 to 256 [ 700.678332][T18057] exfat: Deprecated parameter 'utf8' [ 700.683786][T18057] exfat: Deprecated parameter 'namecase' [ 700.689504][T18057] exfat: Deprecated parameter 'utf8' [ 700.697817][T18057] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 700.713955][T18057] exFAT-fs (loop0): error, tried to truncate zeroed cluster. [ 700.721520][T18057] exFAT-fs (loop0): error, tried to truncate zeroed cluster. [ 701.433398][T18083] support for cryptoloop has been removed. Use dm-crypt instead. [ 701.457539][T18085] loop2: detected capacity change from 0 to 256 [ 701.474681][T18085] exfat: Deprecated parameter 'utf8' [ 701.479908][T18085] exfat: Deprecated parameter 'utf8' [ 701.487802][T18085] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x14f16447, utbl_chksum : 0xe619d30d) [ 701.503122][T18087] input: syz0 as /devices/virtual/input/input143 [ 702.143745][T18116] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 702.228839][T18120] syz-executor.4[18120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.228919][T18120] syz-executor.4[18120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.241535][T18120] syz-executor.4[18120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.253205][T18120] syz-executor.4[18120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.265819][T18120] syz-executor.4[18120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.277633][T18120] syz-executor.4[18120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.545185][T18131] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.563765][T18131] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.571416][T18131] device bridge_slave_0 entered promiscuous mode [ 702.580401][T18128] overlayfs: statfs failed on './file0' [ 702.585872][T18131] bridge0: port 2(bridge_slave_1) entered blocking state [ 702.592637][T18131] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.600188][T18131] device bridge_slave_1 entered promiscuous mode [ 702.658671][T18131] bridge0: port 2(bridge_slave_1) entered blocking state [ 702.665649][T18131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 702.672750][T18131] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.679552][T18131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 702.715475][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 702.723413][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.730648][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.747495][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 702.755747][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.762607][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 702.770184][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 702.778231][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 702.785084][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 702.792631][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 702.815241][T18131] device veth0_vlan entered promiscuous mode [ 702.822180][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 702.830653][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 702.838557][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 702.848130][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 702.855574][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 702.867891][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 702.867906][ T28] audit: type=1326 audit(1718701301.961:25658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18104 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891ce7cf29 code=0x7fc00000 [ 702.904786][T18131] device veth1_macvtap entered promiscuous mode [ 702.921208][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 702.940286][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 702.948724][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 703.006808][ T8] device bridge_slave_1 left promiscuous mode [ 703.012885][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.020514][ T8] device bridge_slave_0 left promiscuous mode [ 703.026815][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.035768][ T8] device veth1_macvtap left promiscuous mode [ 703.041950][ T8] device veth0_vlan left promiscuous mode [ 703.291854][T18158] syz-executor.3[18158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 703.291931][T18158] syz-executor.3[18158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 703.323142][T18159] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 703.406017][T18162] loop4: detected capacity change from 0 to 512 [ 703.427810][T18162] EXT4-fs (loop4): 1 orphan inode deleted [ 703.433574][T18162] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 703.442816][T18162] ext4 filesystem being mounted at /root/syzkaller-testdir1804600312/syzkaller.fpejhq/72/file1 supports timestamps until 2038 (0x7fffffff) [ 703.755435][T18169] syz-executor.4[18169] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 703.755544][T18169] syz-executor.4[18169] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 704.244993][T18174] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 704.430918][T17228] EXT4-fs (loop4): unmounting filesystem. [ 704.863273][T18194] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 705.707720][T18224] tmpfs: Unknown parameter '' [ 705.964318][ T354] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 706.323982][ T354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 706.334910][ T354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 706.346046][ T354] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 706.354959][ T354] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.368375][ T354] usb 4-1: config 0 descriptor?? [ 706.373296][T10329] tipc: Subscription rejected, illegal request [ 707.018259][T18275] overlayfs: failed to resolve './file0': -2 [ 707.083579][ T24] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 707.433395][ T354] usb 4-1: string descriptor 0 read error: -71 [ 707.459442][ T354] uclogic 0003:256C:006D.0094: failed retrieving string descriptor #200: -71 [ 707.471707][ T354] uclogic 0003:256C:006D.0094: failed retrieving pen parameters: -71 [ 707.479804][ T354] uclogic 0003:256C:006D.0094: failed probing pen v2 parameters: -71 [ 707.487797][ T354] uclogic 0003:256C:006D.0094: failed probing parameters: -71 [ 707.493531][ T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 707.495275][ T354] uclogic: probe of 0003:256C:006D.0094 failed with error -71 [ 707.511246][ T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 707.513612][ T354] usb 4-1: USB disconnect, device number 62 [ 707.531444][ T24] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 707.626608][T18282] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 707.713286][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 707.722350][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.730216][ T24] usb 1-1: Product: syz [ 707.734259][ T24] usb 1-1: Manufacturer: syz [ 707.738827][ T24] usb 1-1: SerialNumber: syz [ 707.793601][ T24] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 707.800234][ T24] cdc_ncm 1-1:1.0: bind() failure [ 708.437270][T18293] overlayfs: failed to resolve './file0': -2 [ 709.479289][T18320] loop3: detected capacity change from 0 to 40427 [ 709.494668][T18320] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 709.502427][T18320] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 709.511031][T18320] F2FS-fs (loop3): invalid crc value [ 709.517600][T18320] F2FS-fs (loop3): Found nat_bits in checkpoint [ 709.551429][T18320] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 709.558369][T18320] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 709.578955][ T28] audit: type=1400 audit(1718701308.685:25659): avc: denied { reparent } for pid=18318 comm="syz-executor.3" name="#df" dev="loop3" ino=25 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 709.601320][ T28] audit: type=1400 audit(1718701308.685:25660): avc: denied { create } for pid=18318 comm="syz-executor.3" name="#e1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 709.622327][ T28] audit: type=1400 audit(1718701308.685:25661): avc: denied { link } for pid=18318 comm="syz-executor.3" name="#e1" dev="loop3" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 709.644672][ T28] audit: type=1400 audit(1718701308.685:25662): avc: denied { rename } for pid=18318 comm="syz-executor.3" name="#e2" dev="loop3" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 709.667658][T18131] syz-executor.3: attempt to access beyond end of device [ 709.667658][T18131] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 709.681893][T18131] syz-executor.3: attempt to access beyond end of device [ 709.681893][T18131] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 709.717398][T10329] kworker/u4:8: attempt to access beyond end of device [ 709.717398][T10329] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 709.737484][ T377] usb 1-1: USB disconnect, device number 58 [ 710.531648][T18348] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.538707][T18348] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.546971][T18348] device bridge_slave_0 entered promiscuous mode [ 710.556671][T18348] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.563599][T18348] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.571018][T18348] device bridge_slave_1 entered promiscuous mode [ 710.603679][ T3708] device bridge_slave_1 left promiscuous mode [ 710.609887][ T3708] bridge0: port 2(bridge_slave_1) entered disabled state [ 710.638651][ T3708] device bridge_slave_0 left promiscuous mode [ 710.651011][ T3708] bridge0: port 1(bridge_slave_0) entered disabled state [ 710.664477][ T1733] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 710.672777][ T3708] device veth1_macvtap left promiscuous mode [ 710.678638][ T3708] device veth0_vlan left promiscuous mode [ 710.721738][ T1029] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 710.786895][T18353] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 710.856505][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 710.863918][ T354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 710.882007][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 710.890250][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 710.899462][T12594] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.906346][T12594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 710.913538][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 710.921740][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 710.929662][T12594] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.936510][T12594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 710.944215][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 710.953000][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 710.961604][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 711.305988][T18361] loop2: detected capacity change from 0 to 2048 [ 712.178667][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 712.259284][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 712.272372][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 712.307467][T18348] device veth0_vlan entered promiscuous mode [ 712.338292][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 712.348107][T18361] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 712.392154][T18357] overlayfs: failed to resolve './file0': -2 [ 712.459036][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 712.474816][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 712.483172][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 712.500906][ T1733] usb 5-1: New USB device found, idVendor=0499, idProduct=1003, bcdDevice=a0.fc [ 712.510174][ T1029] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 712.521191][T18348] device veth1_macvtap entered promiscuous mode [ 712.527806][ T1029] usb 1-1: config 0 has no interfaces? [ 712.529136][ T1733] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.533174][ T1029] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 712.541983][ T1733] usb 5-1: Product: syz [ 712.549772][ T1029] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.550568][ T1029] usb 1-1: config 0 descriptor?? [ 712.555046][ T1733] usb 5-1: Manufacturer: syz [ 712.562671][T18365] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 712.571266][ T1733] usb 5-1: SerialNumber: syz [ 712.590827][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 712.591629][ T1733] usb 5-1: config 0 descriptor?? [ 712.598325][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 712.611633][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 712.619680][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 712.627670][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 712.652610][ T1733] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 712.668145][T16728] EXT4-fs (loop2): unmounting filesystem. [ 712.808761][T18347] loop0: detected capacity change from 0 to 512 [ 712.832440][T18347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 712.841313][T18347] ext4 filesystem being mounted at /root/syzkaller-testdir1384068647/syzkaller.bCoyJY/111/file0 supports timestamps until 2038 (0x7fffffff) [ 712.853724][ T1073] usb 5-1: USB disconnect, device number 65 [ 712.864426][ T1733] usb 1-1: USB disconnect, device number 59 [ 712.943745][T18375] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 712.953008][T18375] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 713.116607][T18381] loop3: detected capacity change from 0 to 1024 [ 713.141902][T18381] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 713.169988][T18381] EXT4-fs error (device loop3): ext4_xattr_ibody_get:603: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 713.182727][T18381] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 713.195181][T18381] syz-executor.3: attempt to access beyond end of device [ 713.195181][T18381] loop3: rw=2049, sector=3606377190, nr_sectors = 2 limit=1024 [ 713.209498][T18381] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 1803188595) [ 713.221255][T18381] Buffer I/O error on device loop3, logical block 1803188595 [ 713.228548][T18381] syz-executor.3: attempt to access beyond end of device [ 713.228548][T18381] loop3: rw=2049, sector=3403208898, nr_sectors = 2 limit=1024 [ 713.243066][T18381] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 1701604449) [ 713.254806][T18381] Buffer I/O error on device loop3, logical block 1701604449 [ 713.262050][T18381] syz-executor.3: attempt to access beyond end of device [ 713.262050][T18381] loop3: rw=2049, sector=59108, nr_sectors = 2 limit=1024 [ 713.275954][T18381] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 29554) [ 713.287302][T18381] Buffer I/O error on device loop3, logical block 29554 [ 713.323906][T18348] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor.3: path /root/syzkaller-testdir1370304970/syzkaller.rBRedn/2/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 713.346140][T18388] loop2: detected capacity change from 0 to 256 [ 713.355339][T18348] EXT4-fs (loop3): Inode 15 (ffff88811fa2a808): i_reserved_data_blocks (1) not cleared! [ 713.364910][T18388] FAT-fs (loop2): Unrecognized mount option "hash" or missing value [ 713.373102][T18348] EXT4-fs (loop3): unmounting filesystem. [ 713.698084][T18392] loop4: detected capacity change from 0 to 256 [ 713.912606][ T8] device bridge_slave_1 left promiscuous mode [ 713.920037][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 713.929083][ T8] device bridge_slave_0 left promiscuous mode [ 713.941622][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 713.992523][ T8] device veth1_macvtap left promiscuous mode [ 714.004401][ T8] device veth0_vlan left promiscuous mode [ 714.224875][T18401] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.232064][T18401] bridge0: port 1(bridge_slave_0) entered disabled state [ 714.239486][T18401] device bridge_slave_0 entered promiscuous mode [ 714.246530][T18401] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.253816][T18401] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.261569][T18401] device bridge_slave_1 entered promiscuous mode [ 714.323308][T18401] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.330196][T18401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 714.337260][T18401] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.344074][T18401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 714.372656][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 714.380470][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 714.387607][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.399174][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 714.407427][T12594] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.414296][T12594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 714.429782][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 714.438662][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 714.447734][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.454632][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 714.462431][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 714.474493][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 714.485961][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 714.493854][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 714.506640][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 714.515205][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 714.526721][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 714.535628][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 714.543835][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 714.551264][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 714.565638][T18401] device veth0_vlan entered promiscuous mode [ 714.578963][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 714.589173][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 714.599542][T18401] device veth1_macvtap entered promiscuous mode [ 714.610999][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 714.618916][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 714.627427][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 714.657160][ T1733] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 714.665430][ T1733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 714.994430][T18428] loop2: detected capacity change from 0 to 256 [ 715.014442][T18428] FAT-fs (loop2): Unrecognized mount option "hash" or missing value [ 715.362230][T18434] overlayfs: failed to resolve './file0': -2 [ 715.464705][T18438] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.3'. [ 715.473867][T18439] loop2: detected capacity change from 0 to 256 [ 715.861358][T18447] loop3: detected capacity change from 0 to 256 [ 716.568847][ T377] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 716.827723][T18476] loop2: detected capacity change from 0 to 256 [ 716.851669][T18476] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 716.866980][T18476] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 716.988617][ T377] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 716.998902][ T377] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 717.009607][ T377] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 717.019328][ T377] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 717.115002][T18482] bridge0: port 3(vlan2) entered blocking state [ 717.121269][T18482] bridge0: port 3(vlan2) entered disabled state [ 717.132186][T18483] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.139159][T18483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 717.188557][ T377] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 717.197514][ T377] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.205399][ T377] usb 5-1: Product: syz [ 717.209591][ T377] usb 5-1: Manufacturer: syz [ 717.214027][ T377] usb 5-1: SerialNumber: syz [ 717.578373][ T377] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 717.586211][ T377] usb 5-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 717.594562][ T377] usb 5-1: found format II with max.bitrate = 0, frame size=0 [ 717.601939][ T377] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 717.609599][ T377] usb 5-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 717.617824][ T377] usb 5-1: found format II with max.bitrate = 0, frame size=0 [ 717.690556][ T377] usb 5-1: USB disconnect, device number 66 [ 719.096293][T18519] incfs_lookup_dentry err:-5 [ 719.100841][T18519] incfs: Can't find or create .index dir in ./file0 [ 719.107282][T18519] incfs: mount failed -5 [ 719.360475][T18530] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'. [ 719.505213][T18534] x_tables: duplicate underflow at hook 2 [ 719.641325][T18541] loop2: detected capacity change from 0 to 256 [ 719.702873][T18542] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 720.542811][ T28] audit: type=1326 audit(1718701319.650:25663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18546 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530067cf29 code=0x7ffc0000 [ 720.566935][ T361] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 720.574948][ T28] audit: type=1326 audit(1718701319.650:25664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18546 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530067cf29 code=0x7ffc0000 [ 720.956668][ T361] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 720.967513][ T361] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 720.977147][ T361] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 720.986009][ T361] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 720.996676][ T361] usb 4-1: config 0 descriptor?? [ 721.554345][T18580] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 721.564852][T18580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 721.574287][T18580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 721.583765][T18580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 722.026111][ T361] usb 4-1: string descriptor 0 read error: -71 [ 722.046313][ T361] uclogic 0003:256C:006D.0095: failed retrieving string descriptor #200: -71 [ 722.055053][ T361] uclogic 0003:256C:006D.0095: failed retrieving pen parameters: -71 [ 722.063149][ T361] uclogic 0003:256C:006D.0095: failed probing pen v2 parameters: -71 [ 722.088312][ T361] uclogic 0003:256C:006D.0095: failed probing parameters: -71 [ 722.099933][ T361] uclogic: probe of 0003:256C:006D.0095 failed with error -71 [ 722.108783][ T361] usb 4-1: USB disconnect, device number 63 [ 723.073160][T18620] bpf_get_probe_write_proto: 8 callbacks suppressed [ 723.073178][T18620] syz-executor.4[18620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 723.080294][T18620] syz-executor.4[18620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.153583][T18668] syz-executor.3[18668] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.165236][T18668] syz-executor.3[18668] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.560907][T18672] overlayfs: overlapping lowerdir path [ 726.094064][T18698] A link change request failed with some changes committed already. Interface veth0_to_bridge may have been left with an inconsistent configuration, please check. [ 726.161647][T18700] kvm: pic: non byte read [ 726.166080][T18700] kvm: pic: non byte read [ 726.170321][T18700] kvm: pic: non byte read [ 726.174683][T18700] kvm: pic: single mode not supported [ 726.174691][T18700] kvm: pic: level sensitive irq not supported [ 726.179893][T18700] kvm: pic: non byte read [ 726.190053][T18700] kvm: pic: level sensitive irq not supported [ 726.190088][T18700] kvm: pic: non byte read [ 726.200265][T18700] kvm: pic: non byte read [ 726.204635][T18700] kvm: pic: level sensitive irq not supported [ 726.204673][T18700] kvm: pic: non byte read [ 726.891095][T18721] overlayfs: overlapping lowerdir path [ 727.554345][T18743] loop2: detected capacity change from 0 to 256 [ 728.701377][ T28] audit: type=1400 audit(1718701327.814:25665): avc: denied { mounton } for pid=18767 comm="syz-executor.3" path="/root/syzkaller-testdir220772423/syzkaller.BnBPBA/29/file0/bus" dev="ramfs" ino=106883 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 728.729624][T18770] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 728.737156][T18770] overlayfs: failed to set xattr on upper [ 728.742838][T18770] overlayfs: ...falling back to index=off,metacopy=off. [ 728.789316][T18770] overlayfs: missing 'lowerdir' [ 730.476022][T18833] loop3: detected capacity change from 0 to 256 [ 730.815668][T18848] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 730.830100][T18848] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 730.838484][T18848] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 730.846568][T18848] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 730.854501][T18848] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.1'. [ 730.927420][T18849] loop4: detected capacity change from 0 to 256 [ 730.945289][T18849] FAT-fs (loop4): Unrecognized mount option "uid=.)BlSJbȆmSAKj" or missing value [ 731.023685][T18849] loop4: detected capacity change from 0 to 256 [ 731.039703][T18855] loop3: detected capacity change from 0 to 2048 [ 731.073298][T18855] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 731.125077][T18401] EXT4-fs (loop3): unmounting filesystem. [ 731.313075][T18865] loop3: detected capacity change from 0 to 256 [ 731.469654][T18869] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 731.536554][T18873] device batadv_slave_0 entered promiscuous mode [ 731.542976][T18871] device batadv_slave_0 left promiscuous mode [ 731.894587][T18885] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 731.921605][T18885] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 731.975539][T18885] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 731.984687][T18885] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 732.000594][T18885] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.3'. [ 732.525373][T18899] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 732.572158][T18901] loop2: detected capacity change from 0 to 256 [ 732.783302][T18909] loop2: detected capacity change from 0 to 1024 [ 732.800668][T18909] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 732.811167][T18909] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 732.823285][T18909] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2740: inode #2: comm syz-executor.2: corrupted in-inode xattr [ 732.835955][T18909] EXT4-fs error (device loop2): ext4_xattr_ibody_get:603: inode #2: comm syz-executor.2: corrupted in-inode xattr [ 732.900777][ T24] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 732.917501][T16728] EXT4-fs (loop2): unmounting filesystem. [ 733.059876][T18921] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 733.068012][T18921] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 733.076044][T18921] netlink: 328 bytes leftover after parsing attributes in process `syz-executor.2'. [ 733.160501][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 733.305633][ T24] usb 4-1: config 0 interface 0 has no altsetting 0 [ 733.361115][T18929] loop2: detected capacity change from 0 to 256 [ 733.669933][ T24] usb 4-1: New USB device found, idVendor=c95e, idProduct=8813, bcdDevice=25.d8 [ 733.678862][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.686934][ T24] usb 4-1: Product: syz [ 733.734284][ T24] usb 4-1: Manufacturer: syz [ 734.732711][ T24] usb 4-1: SerialNumber: syz [ 734.920094][ T24] usb 4-1: config 0 descriptor?? [ 734.980073][ T24] usb-storage 4-1:0.0: USB Mass Storage device detected [ 735.182497][ T24] usb 4-1: USB disconnect, device number 64 [ 735.366644][T18947] loop2: detected capacity change from 0 to 1024 [ 735.412423][T18947] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 735.422837][T18947] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 735.435341][T18947] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2740: inode #2: comm syz-executor.2: corrupted in-inode xattr [ 735.448037][T18947] EXT4-fs error (device loop2): ext4_xattr_ibody_get:603: inode #2: comm syz-executor.2: corrupted in-inode xattr [ 735.536957][T16728] EXT4-fs (loop2): unmounting filesystem. [ 735.976154][T18966] loop3: detected capacity change from 0 to 40427 [ 736.005877][ T24] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 736.017842][T18966] F2FS-fs (loop3): Unrecognized mount option "ifline_xattr" or missing value [ 736.269162][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 736.479287][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 63, changing to 9 [ 736.490671][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 736.512233][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.559138][ T24] hub 3-1:4.0: USB hub found [ 736.631752][ T28] audit: type=1326 audit(1718701335.738:25666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18963 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3243a7cf29 code=0x7ffc0000 [ 736.658885][ T28] audit: type=1326 audit(1718701335.738:25667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18963 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3243a7cf29 code=0x7ffc0000 [ 736.888731][ T24] hub 3-1:4.0: 6 ports detected [ 736.908938][ T24] hub 3-1:4.0: insufficient power available to use all downstream ports [ 737.098569][ T24] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 737.104817][ T24] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 737.148708][ T24] usb 3-1: USB disconnect, device number 60 [ 737.528021][T19011] loop3: detected capacity change from 0 to 256 [ 737.588311][T19011] loop3: detected capacity change from 256 to 0 [ 737.595271][ T28] audit: type=1400 audit(1718701336.709:25668): avc: denied { remount } for pid=19010 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 738.279667][T19042] loop2: detected capacity change from 0 to 2048 [ 738.376171][T16869] EXT4-fs (loop0): unmounting filesystem. [ 738.741085][T19054] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.748066][T19054] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.755216][T19054] device bridge_slave_0 entered promiscuous mode [ 738.761903][T19054] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.768813][T19054] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.775990][T19054] device bridge_slave_1 entered promiscuous mode [ 738.824829][T19054] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.831680][T19054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.838779][T19054] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.845554][T19054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.869272][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 738.876871][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.884197][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.893500][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 738.901998][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.908847][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.928572][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 738.936574][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.943437][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.950734][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 738.960100][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 738.969136][ T8] device bridge_slave_1 left promiscuous mode [ 738.975139][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 738.982920][ T8] device veth1_macvtap left promiscuous mode [ 738.988889][ T8] device veth0_vlan left promiscuous mode [ 739.104844][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 739.113508][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 739.121411][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 739.128727][ T1073] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 739.143532][T19054] device veth0_vlan entered promiscuous mode [ 739.157175][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 739.167177][T19054] device veth1_macvtap entered promiscuous mode [ 739.179449][ T1733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 739.194589][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 739.294362][T19073] can0: slcan on ptm0. [ 739.357638][T19070] can0 (unregistered): slcan off ptm0. [ 739.577354][ T1073] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 740.157053][ T1073] usb 3-1: config 0 has no interfaces? [ 740.162382][ T1073] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 740.171305][ T1073] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.179692][ T1073] usb 3-1: config 0 descriptor?? [ 740.187628][ T1733] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 740.262050][T19100] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.269562][T19100] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.277051][T19100] device bridge_slave_0 entered promiscuous mode [ 740.283826][T19100] bridge0: port 2(bridge_slave_1) entered blocking state [ 740.290727][T19100] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.298372][T19100] device bridge_slave_1 entered promiscuous mode [ 740.356488][T19100] bridge0: port 2(bridge_slave_1) entered blocking state [ 740.363381][T19100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 740.370483][T19100] bridge0: port 1(bridge_slave_0) entered blocking state [ 740.377335][T19100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 740.447491][T19074] loop2: detected capacity change from 0 to 256 [ 741.669624][T19074] exfat: Bad value for 'uid' [ 741.727539][ T361] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.734581][ T361] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.757279][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 741.764544][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 741.786391][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 741.794655][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 741.802763][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 741.809619][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 741.818147][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 741.818405][ T1029] usb 3-1: USB disconnect, device number 61 [ 741.826482][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 741.839672][ T1733] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 741.848690][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 741.855625][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 741.862772][ T1733] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.871201][ T1733] usb 4-1: config 0 descriptor?? [ 741.876019][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 741.883913][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 741.891849][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 741.899825][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 741.907882][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 741.916109][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 741.927837][T19100] device veth0_vlan entered promiscuous mode [ 741.936225][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 741.944074][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 741.952088][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 741.959441][ T361] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 741.974534][T19100] device veth1_macvtap entered promiscuous mode [ 741.981323][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 741.992695][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 742.000781][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 742.020725][T19113] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 742.028349][T19113] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 742.044086][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 742.052179][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 742.060739][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 742.068801][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 742.076910][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 742.084748][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 742.092684][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 742.100642][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 742.108828][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 742.117186][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 742.125185][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 742.133147][ T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 742.176651][ T3708] device bridge_slave_1 left promiscuous mode [ 742.182694][ T3708] bridge2: port 1(bridge_slave_1) entered disabled state [ 742.191436][ T3708] device bridge_slave_0 left promiscuous mode [ 742.197506][ T3708] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.205354][ T3708] device veth1_macvtap left promiscuous mode [ 742.211316][ T3708] device veth0_vlan left promiscuous mode [ 742.800652][T19132] xt_policy: neither incoming nor outgoing policy selected [ 743.015790][T19135] loop1: detected capacity change from 0 to 256 [ 743.025708][ T1733] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 743.038525][ T1733] asix: probe of 4-1:0.0 failed with error -71 [ 743.097147][ T1733] usb 4-1: USB disconnect, device number 65 [ 743.377149][T19144] loop0: detected capacity change from 0 to 256 [ 743.385638][T19146] loop4: detected capacity change from 0 to 512 [ 743.396641][T19144] FAT-fs (loop0): Unrecognized mount option "uid=.)BlSJbȆmSAKj" or missing value [ 743.402610][T19146] EXT4-fs (loop4): 1 truncate cleaned up [ 743.413774][T19146] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 743.460997][T19144] loop0: detected capacity change from 0 to 256 [ 743.482850][T19150] loop2: detected capacity change from 0 to 512 [ 743.483331][T17228] EXT4-fs (loop4): unmounting filesystem. [ 743.506694][T19150] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 743.515851][T19150] ext4 filesystem being mounted at /root/syzkaller-testdir3482533149/syzkaller.u7DXfV/178/file0 supports timestamps until 2038 (0x7fffffff) [ 743.592039][T16728] EXT4-fs (loop2): unmounting filesystem. [ 744.222962][T19164] loop3: detected capacity change from 0 to 131072 [ 744.242776][T19164] F2FS-fs (loop3): Found nat_bits in checkpoint [ 744.278781][T19164] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 744.473740][T19188] xt_policy: neither incoming nor outgoing policy selected [ 744.556362][T19189] 9pnet_fd: Insufficient options for proto=fd [ 745.186804][T19210] device syz_tun entered promiscuous mode [ 745.192737][T19210] device syz_tun left promiscuous mode [ 745.200561][T19211] loop3: detected capacity change from 0 to 512 [ 745.225481][T19211] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 745.233327][T19211] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 745.242228][T19211] EXT4-fs (loop3): 1 truncate cleaned up [ 745.247741][T19211] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 745.353388][T18401] EXT4-fs (loop3): unmounting filesystem. [ 745.380441][T19218] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 745.759974][T19220] loop2: detected capacity change from 0 to 131072 [ 745.784698][T19220] F2FS-fs (loop2): Found nat_bits in checkpoint [ 745.819413][T19220] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 746.746356][T19285] loop0: detected capacity change from 0 to 512 [ 746.776772][T19286] loop4: detected capacity change from 0 to 512 [ 746.776893][T19285] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 746.791752][T19285] ext4 filesystem being mounted at /root/syzkaller-testdir336659408/syzkaller.26H45X/22/file0 supports timestamps until 2038 (0x7fffffff) [ 746.794495][T19286] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 746.866234][T19054] EXT4-fs (loop0): unmounting filesystem. [ 747.836656][T19324] validate_nla: 2 callbacks suppressed [ 747.836676][T19324] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 748.256795][T19340] loop4: detected capacity change from 0 to 256 [ 748.292938][T12594] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 748.652804][T12594] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 748.662933][T12594] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 748.675677][T12594] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 748.684544][T12594] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.692826][T12594] usb 2-1: config 0 descriptor?? [ 748.733078][T12594] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 749.468420][T19372] loop0: detected capacity change from 0 to 256 [ 749.489926][T19372] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 750.272263][T19401] 9pnet_fd: Insufficient options for proto=fd [ 750.660655][T19404] loop1: detected capacity change from 0 to 40427 [ 750.680368][T19404] F2FS-fs (loop1): Mismatch valid blocks 5 vs. 7 [ 750.687054][T19404] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-117) [ 750.886438][T19420] loop0: detected capacity change from 0 to 128 [ 750.907534][T19420] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 750.916045][T19420] ext4 filesystem being mounted at /root/syzkaller-testdir336659408/syzkaller.26H45X/37/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 750.924776][T19424] loop2: detected capacity change from 0 to 256 [ 750.991775][T19424] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x84cb8d72, utbl_chksum : 0xe619d30d) [ 751.104898][T19054] EXT4-fs (loop0): unmounting filesystem. [ 751.194868][T19428] loop4: detected capacity change from 0 to 256 [ 752.090626][T19450] loop0: detected capacity change from 0 to 256 [ 752.110881][T19450] FAT-fs (loop0): Directory bread(block 64) failed [ 752.117279][T19450] FAT-fs (loop0): Directory bread(block 65) failed [ 752.123651][T19450] FAT-fs (loop0): Directory bread(block 66) failed [ 752.129943][T19450] FAT-fs (loop0): Directory bread(block 67) failed [ 752.136279][T19450] FAT-fs (loop0): Directory bread(block 68) failed [ 752.142662][T19450] FAT-fs (loop0): Directory bread(block 69) failed [ 752.148973][T19450] FAT-fs (loop0): Directory bread(block 70) failed [ 752.155323][T19450] FAT-fs (loop0): Directory bread(block 71) failed [ 752.161606][T19450] FAT-fs (loop0): Directory bread(block 72) failed [ 752.167899][T19450] FAT-fs (loop0): Directory bread(block 73) failed [ 752.274833][T19457] loop4: detected capacity change from 0 to 256 [ 752.292415][T19457] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 752.516798][ T1733] usb 2-1: USB disconnect, device number 62 [ 752.794898][T19477] loop2: detected capacity change from 0 to 128 [ 752.888629][T19479] loop1: detected capacity change from 0 to 256 [ 753.048276][T19477] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 753.058590][T19477] ext4 filesystem being mounted at /root/syzkaller-testdir3482533149/syzkaller.u7DXfV/210/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 753.197836][T16728] EXT4-fs (loop2): unmounting filesystem. [ 753.257512][T19484] 9pnet_fd: Insufficient options for proto=fd [ 753.444059][T19487] syz-executor.0[19487] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 753.444614][T19487] syz-executor.0[19487] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 754.098516][T19491] loop0: detected capacity change from 0 to 256 [ 754.160428][T19491] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x84cb8d72, utbl_chksum : 0xe619d30d) [ 754.399781][T19506] incfs: Options parsing error. -22 [ 754.404921][T19506] incfs: mount failed -22 [ 754.611657][T19509] loop3: detected capacity change from 0 to 1024 [ 754.623301][T19509] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 754.640000][T19509] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 754.691589][T19515] loop0: detected capacity change from 0 to 256 [ 754.887297][T19521] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 755.196869][ T28] audit: type=1400 audit(1718701354.318:25669): avc: denied { create } for pid=19523 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 755.236953][T19532] loop3: detected capacity change from 0 to 256 [ 755.239699][ T28] audit: type=1400 audit(1718701354.318:25670): avc: denied { ioctl } for pid=19523 comm="syz-executor.1" path="socket:[109818]" dev="sockfs" ino=109818 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 755.285138][T19532] FAT-fs (loop3): Directory bread(block 64) failed [ 755.298949][T19532] FAT-fs (loop3): Directory bread(block 65) failed [ 755.312845][T19532] FAT-fs (loop3): Directory bread(block 66) failed [ 755.325936][T19532] FAT-fs (loop3): Directory bread(block 67) failed [ 755.339050][T19532] FAT-fs (loop3): Directory bread(block 68) failed [ 755.352487][T19532] FAT-fs (loop3): Directory bread(block 69) failed [ 755.358839][T19528] loop4: detected capacity change from 0 to 40427 [ 755.365390][T19532] FAT-fs (loop3): Directory bread(block 70) failed [ 755.372152][T19532] FAT-fs (loop3): Directory bread(block 71) failed [ 755.378882][T19532] FAT-fs (loop3): Directory bread(block 72) failed [ 755.385506][T19532] FAT-fs (loop3): Directory bread(block 73) failed [ 755.391955][T19528] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 755.403583][T19528] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 755.417841][T19528] F2FS-fs (loop4): invalid crc value [ 755.436924][T19528] F2FS-fs (loop4): Found nat_bits in checkpoint [ 755.476406][T19528] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 755.483303][T19528] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 755.517476][T17228] syz-executor.4: attempt to access beyond end of device [ 755.517476][T17228] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 755.703150][T19541] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 755.710420][T19541] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 755.726883][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 755.735440][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 755.743641][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 755.751610][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 755.759586][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 755.767464][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 755.775400][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 755.783242][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 755.834949][T19549] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 755.845121][T19549] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=io+mem:owns=io+mem [ 756.135698][T19562] syz-executor.0[19562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 756.135770][T19562] syz-executor.0[19562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 756.148418][T19562] syz-executor.0[19562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 756.160268][T19562] syz-executor.0[19562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 756.299647][T19565] loop4: detected capacity change from 0 to 256 [ 756.378895][ T1733] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 756.520626][T19571] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 756.771567][T19577] futex_wake_op: syz-executor.3 tries to shift op by 32; fix this program [ 756.788783][ T1733] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 756.807745][ T1733] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 756.898741][ T1733] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 756.907969][ T1733] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 756.916060][ T1733] usb 3-1: SerialNumber: syz [ 757.199241][ T1733] usb 3-1: 0:2 : does not exist [ 757.205776][ T1733] usb 3-1: USB disconnect, device number 62 [ 757.797593][T19600] loop0: detected capacity change from 0 to 40427 [ 757.877271][T19600] F2FS-fs (loop0): Invalid segment count (0) [ 757.883273][T19600] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 757.891975][T19600] F2FS-fs (loop0): invalid crc value [ 757.898324][T19600] F2FS-fs (loop0): Found nat_bits in checkpoint [ 757.932044][T19600] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 757.939314][T19600] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 758.005305][T19617] syz-executor.3[19617] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 758.005380][T19617] syz-executor.3[19617] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 758.018270][T19617] syz-executor.3[19617] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 758.030463][T19617] syz-executor.3[19617] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 758.043314][T19054] syz-executor.0: attempt to access beyond end of device [ 758.043314][T19054] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 758.362416][T19629] input: syz0 as /devices/virtual/input/input147 [ 758.542234][T19633] futex_wake_op: syz-executor.3 tries to shift op by 32; fix this program [ 758.596702][T19631] loop1: detected capacity change from 0 to 2048 [ 758.648976][T19631] Alternate GPT is invalid, using primary GPT. [ 758.655063][T19631] loop1: p1 p2 p3 [ 761.267212][T19658] SELinux: security_context_str_to_sid () failed with errno=-22 [ 761.383102][T19663] bridge0: port 3(gretap0) entered blocking state [ 761.389533][T19663] bridge0: port 3(gretap0) entered disabled state [ 761.398109][T19663] device gretap0 entered promiscuous mode [ 761.404050][T19663] bridge0: port 3(gretap0) entered blocking state [ 761.410310][T19663] bridge0: port 3(gretap0) entered forwarding state [ 761.433566][T19663] device gretap0 left promiscuous mode [ 761.439472][T19663] bridge0: port 3(gretap0) entered disabled state [ 761.996148][T12594] usb 2-1: new full-speed USB device number 63 using dummy_hcd [ 762.065944][T19677] loop0: detected capacity change from 0 to 512 [ 762.104919][T19677] EXT4-fs: Ignoring removed oldalloc option [ 762.112553][T19677] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 11 (level 0) [ 762.126482][T19677] EXT4-fs (loop0): Remounting filesystem read-only [ 762.133040][T19677] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz-executor.0: attempt to clear invalid blocks 1024 len 1 [ 762.146714][T19677] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 762.161242][T19677] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 1819239214 (level 0) [ 762.175651][T19677] EXT4-fs (loop0): 1 truncate cleaned up [ 762.181179][T19677] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 762.243076][T19054] EXT4-fs (loop0): unmounting filesystem. [ 762.441946][T19689] device wg2 entered promiscuous mode [ 762.555824][T12594] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 762.565797][T12594] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 762.574404][T12594] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 762.745832][T12594] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 762.754724][T12594] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.762609][T12594] usb 2-1: Product: syz [ 762.766587][T12594] usb 2-1: Manufacturer: syz [ 762.770933][T12594] usb 2-1: SerialNumber: syz [ 762.905675][T19707] SELinux: security_context_str_to_sid () failed with errno=-22 [ 763.021548][T19711] bridge0: port 3(gretap0) entered blocking state [ 763.027957][T19711] bridge0: port 3(gretap0) entered disabled state [ 763.036722][T19711] device gretap0 entered promiscuous mode [ 763.058273][T19711] device gretap0 left promiscuous mode [ 763.063943][T19711] bridge0: port 3(gretap0) entered disabled state [ 763.265884][T12594] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 763.272647][T12594] cdc_ncm 2-1:1.0: bind() failure [ 763.278151][T12594] usb 2-1: USB disconnect, device number 63 [ 763.315392][ T1029] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 763.379278][T19716] loop2: detected capacity change from 0 to 512 [ 763.396198][T19716] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 763.705487][ T1029] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.716658][ T1029] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.787920][ T1029] usb 1-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 763.820776][ T1029] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.831864][ T1029] usb 1-1: config 0 descriptor?? [ 764.315908][ T1029] dragonrise 0003:0079:0011.0096: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.0-1/input0 [ 764.583452][T19749] loop4: detected capacity change from 0 to 512 [ 764.596331][T19749] EXT4-fs: Ignoring removed oldalloc option [ 764.603679][T19749] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 11 (level 0) [ 764.617832][T19749] EXT4-fs (loop4): Remounting filesystem read-only [ 764.624286][T19749] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz-executor.4: attempt to clear invalid blocks 1024 len 1 [ 764.637972][T19749] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 764.652444][T19749] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 1819239214 (level 0) [ 764.667620][T19749] EXT4-fs (loop4): 1 truncate cleaned up [ 764.673254][T19749] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 764.785284][T17228] EXT4-fs (loop4): unmounting filesystem. [ 765.099215][ T24] usb 1-1: USB disconnect, device number 60 [ 765.255077][T19767] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 765.929240][T19779] loop0: detected capacity change from 0 to 131072 [ 765.949660][T19779] F2FS-fs (loop0): invalid crc value [ 765.960813][T19779] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 765.989778][T19779] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 766.234083][ T1733] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 766.523776][ T1733] usb 4-1: Using ep0 maxpacket: 16 [ 766.682187][T19806] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 766.724113][T19812] loop2: detected capacity change from 0 to 1024 [ 766.731206][T19812] EXT4-fs: Ignoring removed orlov option [ 766.741455][T19812] EXT4-fs (loop2): Test dummy encryption mode enabled [ 766.766807][T19812] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 766.820351][T19819] loop0: detected capacity change from 0 to 512 [ 766.832782][T16728] EXT4-fs (loop2): unmounting filesystem. [ 766.843667][ T1733] usb 4-1: New USB device found, idVendor=1d7c, idProduct=74dc, bcdDevice=b8.3a [ 766.852693][ T1733] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.861572][T19819] EXT4-fs (loop0): unsupported inode size: 264 [ 766.867762][ T1733] usb 4-1: Product: syz [ 766.871753][ T1733] usb 4-1: Manufacturer: syz [ 766.876230][T19819] EXT4-fs (loop0): blocksize: 1024 [ 766.881172][ T1733] usb 4-1: SerialNumber: syz [ 766.886368][ T1733] usb 4-1: config 0 descriptor?? [ 766.995809][T19819] loop0: detected capacity change from 0 to 1024 [ 766.998224][ T1733] cdc_wdm: probe of 4-1:0.0 failed with error -22 [ 767.014770][T19819] EXT4-fs: Ignoring removed mblk_io_submit option [ 767.200649][T19819] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 767.218659][ T1073] usb 4-1: USB disconnect, device number 66 [ 767.246232][T19054] EXT4-fs (loop0): unmounting filesystem. [ 767.284264][T19833] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 767.343529][T19837] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 767.361750][T19837] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 767.379754][T19808] loop4: detected capacity change from 0 to 131072 [ 767.392094][T19808] F2FS-fs (loop4): invalid crc value [ 767.405822][T19839] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 767.422717][T19808] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 767.460227][T19808] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 767.729734][T19826] loop1: detected capacity change from 0 to 131072 [ 767.777758][T19826] F2FS-fs (loop1): Test dummy encryption mode enabled [ 767.795502][T19826] F2FS-fs (loop1): invalid crc value [ 767.831403][T19826] F2FS-fs (loop1): Found nat_bits in checkpoint [ 767.866386][ T28] audit: type=1400 audit(1718701367.004:25671): avc: denied { remount } for pid=19862 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 767.897384][T19866] serio: Serial port pts0 [ 767.901646][T19826] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 768.053004][ T1029] usb 4-1: new low-speed USB device number 67 using dummy_hcd [ 768.069873][T19885] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 768.412921][ T1029] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 768.421018][ T1029] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 768.459433][ T1029] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 768.477721][ T1029] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 768.522612][T19911] serio: Serial port pts1 [ 768.732746][ T1029] usb 4-1: string descriptor 0 read error: -22 [ 768.740314][ T1029] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 768.778804][ T1029] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 768.788739][ T1029] usb 4-1: config 0 descriptor?? [ 768.812747][T19852] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 768.823862][T19926] device wg2 left promiscuous mode [ 768.832964][ T1029] hub 4-1:0.0: bad descriptor, ignoring hub [ 768.839665][ T1029] hub: probe of 4-1:0.0 failed with error -5 [ 768.846364][ T1029] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input148 [ 768.879730][T19897] loop4: detected capacity change from 0 to 131072 [ 768.887212][T19897] F2FS-fs (loop4): Test dummy encryption mode enabled [ 768.896991][T19897] F2FS-fs (loop4): invalid crc value [ 768.907410][T19897] F2FS-fs (loop4): Found nat_bits in checkpoint [ 768.908208][T19937] loop1: detected capacity change from 0 to 1024 [ 768.930361][T19937] EXT4-fs: Ignoring removed orlov option [ 768.944537][T19937] EXT4-fs (loop1): Test dummy encryption mode enabled [ 768.953510][T19937] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 768.957553][T19897] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 768.988315][T19100] EXT4-fs (loop1): unmounting filesystem. [ 769.033553][T19947] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 769.047199][ T1029] usb 4-1: USB disconnect, device number 67 [ 769.132592][ T377] usb 3-1: new full-speed USB device number 63 using dummy_hcd [ 769.179355][T19960] loop4: detected capacity change from 0 to 256 [ 769.876325][T19966] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 770.215039][T19974] 9pnet_fd: Insufficient options for proto=fd [ 770.254269][ T377] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 770.264704][ T377] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 770.277883][ T377] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 770.375239][T19985] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 770.428807][T19989] loop3: detected capacity change from 0 to 512 [ 770.437213][T19989] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 770.450376][T19989] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 15 [ 770.461319][T19989] ext4_test_bit(bit=14, block=18) = 1 [ 770.466876][T19989] is_bad_inode(inode)=0 [ 770.466914][ T377] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 770.470946][T19989] NEXT_ORPHAN(inode)=1023 [ 770.484793][T19989] max_ino=32 [ 770.487815][ T377] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.498520][ T377] usb 3-1: Product: syz [ 770.498617][T19989] i_nlink=0 [ 770.502567][ T377] usb 3-1: Manufacturer: syz [ 770.507104][T19989] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.3: corrupted xattr block 19 [ 770.509970][ T377] usb 3-1: SerialNumber: syz [ 770.522495][T19989] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 770.536437][T19989] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 770.545002][T19989] ext4 filesystem being mounted at /root/syzkaller-testdir220772423/syzkaller.BnBPBA/115/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 770.585526][T18401] EXT4-fs (loop3): unmounting filesystem. [ 770.610794][T19998] loop3: detected capacity change from 0 to 1024 [ 770.617988][T19998] EXT4-fs: Ignoring removed orlov option [ 770.622686][T20001] loop1: detected capacity change from 0 to 256 [ 770.624124][T19998] EXT4-fs (loop3): Test dummy encryption mode enabled [ 770.639324][T19998] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 770.756209][T18401] EXT4-fs (loop3): unmounting filesystem. [ 770.820892][ T377] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 771.056663][T20003] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 771.056714][ T377] cdc_ncm 3-1:1.0: bind() failure [ 771.073113][ T377] usb 3-1: USB disconnect, device number 63 [ 771.117183][T20012] futex_wake_op: syz-executor.3 tries to shift op by 32; fix this program [ 771.519893][ T28] audit: type=1400 audit(1718701370.656:25672): avc: denied { mount } for pid=20027 comm="syz-executor.2" name="/" dev="pstore" ino=13143 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 771.543082][T20028] loop2: detected capacity change from 0 to 512 [ 771.554145][T20028] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 248: padding at end of block bitmap is not set [ 771.569010][T20028] Quota error (device loop2): write_blk: dquota write failed [ 771.576308][T20028] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 771.586486][T20028] EXT4-fs (loop2): 1 truncate cleaned up [ 771.591979][T20028] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 771.600714][T20028] ext4 filesystem being mounted at /root/syzkaller-testdir3482533149/syzkaller.u7DXfV/254/file0 supports timestamps until 2038 (0x7fffffff) [ 771.623280][T16728] EXT4-fs (loop2): unmounting filesystem. [ 771.629001][ T28] audit: type=1400 audit(1718701370.766:25673): avc: denied { execmem } for pid=20032 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 771.858961][T20038] device pim6reg1 entered promiscuous mode [ 772.022055][T20043] serio: Serial port pts1 [ 772.283250][T20041] input: syz0 as /devices/virtual/input/input151 [ 772.338336][T20035] loop2: detected capacity change from 0 to 131072 [ 772.368176][T20035] F2FS-fs (loop2): Test dummy encryption mode enabled [ 772.375737][T20035] F2FS-fs (loop2): invalid crc value [ 772.382910][T20035] F2FS-fs (loop2): Found nat_bits in checkpoint [ 772.415178][T20035] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 772.440208][ T28] audit: type=1326 audit(1718701371.576:25674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 772.464134][ T28] audit: type=1326 audit(1718701371.576:25675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 772.488149][ T28] audit: type=1326 audit(1718701371.576:25676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3243a7cf29 code=0x7ffc0000 [ 772.512510][ T28] audit: type=1326 audit(1718701371.576:25677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 772.537281][ T28] audit: type=1326 audit(1718701371.576:25678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 772.720778][T20067] loop2: detected capacity change from 0 to 256 [ 772.727837][T20067] FAT-fs (loop2): Unrecognized mount option "" or missing value [ 772.837103][T20071] netem: unknown loss type 8 [ 772.841634][T20071] netem: change failed [ 772.873075][ T28] kauditd_printk_skb: 2137 callbacks suppressed [ 772.873090][ T28] audit: type=1326 audit(1718701372.006:27816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 772.903061][ T28] audit: type=1326 audit(1718701372.016:27817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 772.926883][ T28] audit: type=1326 audit(1718701372.016:27818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 772.950735][ T28] audit: type=1326 audit(1718701372.016:27819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 772.974528][ T28] audit: type=1326 audit(1718701372.016:27820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 772.998294][ T28] audit: type=1326 audit(1718701372.016:27821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 773.022092][ T28] audit: type=1326 audit(1718701372.016:27822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 773.045886][ T28] audit: type=1326 audit(1718701372.016:27823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 773.070062][ T28] audit: type=1326 audit(1718701372.016:27824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 773.094194][ T28] audit: type=1326 audit(1718701372.016:27825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20051 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 773.297606][T20082] loop4: detected capacity change from 0 to 512 [ 773.328216][T20082] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 773.341323][T20082] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 15 [ 773.351680][T20082] ext4_test_bit(bit=14, block=18) = 1 [ 773.356895][T20082] is_bad_inode(inode)=0 [ 773.360943][T20082] NEXT_ORPHAN(inode)=1023 [ 773.365128][T20082] max_ino=32 [ 773.368271][T20082] i_nlink=0 [ 773.371699][T20082] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.4: corrupted xattr block 19 [ 773.384272][T20082] EXT4-fs warning (device loop4): ext4_evict_inode:299: xattr delete (err -117) [ 773.393209][T20082] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 773.401535][T20082] ext4 filesystem being mounted at /root/syzkaller-testdir1804600312/syzkaller.fpejhq/241/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 773.430335][T17228] EXT4-fs (loop4): unmounting filesystem. [ 773.458769][T20089] syz-executor.4[20089] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 773.458885][T20089] syz-executor.4[20089] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 773.526720][T20085] loop3: detected capacity change from 0 to 40427 [ 773.554837][T20085] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 773.569042][T20085] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 773.631140][T20085] F2FS-fs (loop3): invalid crc value [ 773.677904][T20085] F2FS-fs (loop3): Found nat_bits in checkpoint [ 774.011186][T20085] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 774.018064][T20085] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 774.718860][ T3708] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 774.728377][ T3708] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 774.859609][ T1733] usb 3-1: new low-speed USB device number 64 using dummy_hcd [ 775.249499][ T1733] usb 3-1: config index 0 descriptor too short (expected 1307, got 27) [ 775.257721][ T1733] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 775.278119][ T1733] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 775.295761][ T1733] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 775.482475][T20144] netlink: 'syz-executor.1': attribute type 298 has an invalid length. [ 775.579603][ T1733] usb 3-1: string descriptor 0 read error: -22 [ 775.585712][ T1733] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 775.594681][ T1733] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 775.609782][ T1733] usb 3-1: config 0 descriptor?? [ 775.629292][T20114] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 775.657094][ T1733] hub 3-1:0.0: bad descriptor, ignoring hub [ 775.666822][ T1733] hub: probe of 3-1:0.0 failed with error -5 [ 775.674650][ T1733] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input152 [ 775.861012][ T1733] usb 3-1: USB disconnect, device number 64 [ 776.210658][T20193] loop4: detected capacity change from 0 to 512 [ 776.251184][T20193] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 776.264283][T20193] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 15 [ 776.274713][T20193] ext4_test_bit(bit=14, block=18) = 1 [ 776.279989][T20193] is_bad_inode(inode)=0 [ 776.283938][T20193] NEXT_ORPHAN(inode)=1023 [ 776.288104][T20193] max_ino=32 [ 776.291264][T20193] i_nlink=0 [ 776.294422][T20193] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.4: corrupted xattr block 19 [ 776.307445][T20193] EXT4-fs warning (device loop4): ext4_evict_inode:299: xattr delete (err -117) [ 776.316424][T20193] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 776.324880][T20193] ext4 filesystem being mounted at /root/syzkaller-testdir1804600312/syzkaller.fpejhq/257/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 776.355296][T17228] EXT4-fs (loop4): unmounting filesystem. [ 777.135760][T20229] loop3: detected capacity change from 0 to 512 [ 777.169292][T20229] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 777.182437][T20229] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 15 [ 777.193010][T20229] ext4_test_bit(bit=14, block=18) = 1 [ 777.198338][T20229] is_bad_inode(inode)=0 [ 777.202366][T20229] NEXT_ORPHAN(inode)=1023 [ 777.206477][T20229] max_ino=32 [ 777.209569][T20229] i_nlink=0 [ 777.212628][T20229] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.3: corrupted xattr block 19 [ 777.511610][T20229] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 777.521623][T20229] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 777.530699][T20229] ext4 filesystem being mounted at /root/syzkaller-testdir220772423/syzkaller.BnBPBA/137/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 777.613902][T18401] EXT4-fs (loop3): unmounting filesystem. [ 777.878314][ T28] kauditd_printk_skb: 10419 callbacks suppressed [ 777.878336][ T28] audit: type=1326 audit(1718701377.009:38245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 777.918108][ T1733] usb 3-1: new low-speed USB device number 65 using dummy_hcd [ 777.941370][ T28] audit: type=1326 audit(1718701377.049:38246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 777.969170][ T28] audit: type=1326 audit(1718701377.049:38247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3243a7cf29 code=0x7ffc0000 [ 778.008435][ T28] audit: type=1326 audit(1718701377.049:38248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 778.032489][ T28] audit: type=1326 audit(1718701377.049:38249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 778.056867][ T28] audit: type=1326 audit(1718701377.049:38250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3243a7cf29 code=0x7ffc0000 [ 778.081878][ T28] audit: type=1326 audit(1718701377.049:38251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 778.106153][ T28] audit: type=1326 audit(1718701377.049:38252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3243a40379 code=0x7ffc0000 [ 778.131018][ T28] audit: type=1326 audit(1718701377.049:38253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3243a7cf29 code=0x7ffc0000 [ 778.155386][ T28] audit: type=1326 audit(1718701377.049:38254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20241 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3243a7a6a7 code=0x7ffc0000 [ 778.325957][T20257] loop1: detected capacity change from 0 to 256 [ 778.329078][T20259] loop4: detected capacity change from 0 to 16 [ 778.340467][T20257] FAT-fs (loop1): Unrecognized mount option "" or missing value [ 778.340669][T20259] erofs: (device loop4): mounted with root inode @ nid 36. [ 778.368014][ T1733] usb 3-1: config index 0 descriptor too short (expected 1307, got 27) [ 778.376292][ T1733] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 778.384199][ T1733] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 778.406126][ T1733] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 778.455200][T20262] netem: unknown loss type 8 [ 778.463145][T20262] netem: change failed [ 778.710914][ T1733] usb 3-1: string descriptor 0 read error: -22 [ 778.720737][ T1733] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 778.729966][ T1733] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.738522][ T1733] usb 3-1: config 0 descriptor?? [ 778.757749][T20235] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 778.785684][T20276] netlink: 228 bytes leftover after parsing attributes in process `syz-executor.4'. [ 778.796014][ T1733] hub 3-1:0.0: bad descriptor, ignoring hub [ 778.801895][ T1733] hub: probe of 3-1:0.0 failed with error -5 [ 778.811756][ T1733] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input153 [ 778.937098][T20285] device syzkaller0 entered promiscuous mode [ 779.223464][ T1029] usb 3-1: USB disconnect, device number 65 [ 779.248543][T20288] loop1: detected capacity change from 0 to 512 [ 779.259510][T20288] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 248: padding at end of block bitmap is not set [ 779.274856][T20288] EXT4-fs (loop1): 1 truncate cleaned up [ 779.280893][T20288] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 779.289949][T20288] ext4 filesystem being mounted at /root/syzkaller-testdir3587071013/syzkaller.zdHlgh/85/file0 supports timestamps until 2038 (0x7fffffff) [ 779.293378][T20294] SELinux: security_context_str_to_sid () failed with errno=-22 [ 779.314652][T19100] EXT4-fs (loop1): unmounting filesystem. [ 779.446782][T20299] bridge0: port 3(gretap0) entered blocking state [ 779.453279][T20299] bridge0: port 3(gretap0) entered disabled state [ 779.465764][T20299] device gretap0 entered promiscuous mode [ 779.472241][T20299] bridge0: port 3(gretap0) entered blocking state [ 779.478485][T20299] bridge0: port 3(gretap0) entered forwarding state [ 779.545962][T20299] device gretap0 left promiscuous mode [ 779.552418][T20299] bridge0: port 3(gretap0) entered disabled state [ 780.012185][T20310] netlink: 228 bytes leftover after parsing attributes in process `syz-executor.4'. [ 780.044779][T20319] loop4: detected capacity change from 0 to 256 [ 780.051505][T20319] FAT-fs (loop4): Unrecognized mount option "" or missing value [ 780.142322][T20321] device syzkaller0 entered promiscuous mode [ 780.154263][T20323] netem: unknown loss type 8 [ 780.159100][T20323] netem: change failed [ 780.319263][T20338] serio: Serial port pts2 [ 780.558164][T20346] Invalid ELF header type: 0 != 1 [ 780.571030][T20346] /dev/loop0: Can't open blockdev [ 780.690838][T20351] SELinux: security_context_str_to_sid () failed with errno=-22 [ 780.839986][T20354] bridge0: port 3(gretap0) entered blocking state [ 780.846411][T20354] bridge0: port 3(gretap0) entered disabled state [ 780.860029][T20354] device gretap0 entered promiscuous mode [ 780.866948][T20354] bridge0: port 3(gretap0) entered blocking state [ 780.873180][T20354] bridge0: port 3(gretap0) entered forwarding state [ 780.987694][T20354] device gretap0 left promiscuous mode [ 780.994435][T20354] bridge0: port 3(gretap0) entered disabled state [ 781.107546][T20362] device syzkaller0 entered promiscuous mode [ 781.208562][T20371] loop3: detected capacity change from 0 to 128 [ 781.215374][T20371] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 781.230779][T20371] syz-executor.3: attempt to access beyond end of device [ 781.230779][T20371] loop3: rw=3, sector=6950, nr_sectors = 2 limit=128 [ 781.244331][T20371] syz-executor.3: attempt to access beyond end of device [ 781.244331][T20371] loop3: rw=2051, sector=6952, nr_sectors = 942 limit=128 [ 781.347147][T20381] input: syz1 as /devices/virtual/input/input154 [ 781.476311][ T377] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 782.020852][T20387] loop1: detected capacity change from 0 to 40427 [ 782.027958][T20387] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 782.035439][T20387] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 782.044202][T20387] F2FS-fs (loop1): invalid crc value [ 782.051019][T20387] F2FS-fs (loop1): Found nat_bits in checkpoint [ 782.066036][ T377] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 782.076799][ T377] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 782.086329][ T377] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 782.092296][T20387] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 782.095165][ T377] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 782.102192][T20387] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 782.110488][ T377] usb 5-1: config 0 descriptor?? [ 782.133692][T19100] syz-executor.1: attempt to access beyond end of device [ 782.133692][T19100] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 782.147949][T19100] syz-executor.1: attempt to access beyond end of device [ 782.147949][T19100] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 782.174249][T18405] kworker/u4:1: attempt to access beyond end of device [ 782.174249][T18405] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 782.212007][T20393] device syzkaller0 entered promiscuous mode [ 782.480631][T20402] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.487980][T20402] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.495250][T20402] device bridge_slave_0 entered promiscuous mode [ 782.502196][T20402] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.509102][T20402] bridge0: port 2(bridge_slave_1) entered disabled state [ 782.516505][T20402] device bridge_slave_1 entered promiscuous mode [ 782.590077][T20402] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.597073][T20402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 782.604129][T20402] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.610949][T20402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 782.636326][ T377] hid (null): bogus close delimiter [ 782.673497][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 782.681760][T12594] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.696134][T12594] bridge0: port 2(bridge_slave_1) entered disabled state [ 782.726834][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 782.745175][ T1029] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.752203][ T1029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 782.759460][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 782.767841][ T1029] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.774713][ T1029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 782.791191][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 782.806933][ T1733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 782.818344][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 782.827087][T18405] device bridge_slave_1 left promiscuous mode [ 782.833045][T18405] bridge0: port 2(bridge_slave_1) entered disabled state [ 782.840705][T18405] device bridge_slave_0 left promiscuous mode [ 782.847033][T18405] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.855723][ T377] usb 5-1: language id specifier not provided by device, defaulting to English [ 782.864971][T18405] device veth1_macvtap left promiscuous mode [ 782.870841][T18405] device veth0_vlan left promiscuous mode [ 782.982023][T20402] device veth0_vlan entered promiscuous mode [ 782.988026][ T19] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 783.006840][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 783.014892][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 783.026473][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 783.040598][T20402] device veth1_macvtap entered promiscuous mode [ 783.048037][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 783.066153][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 783.074427][ T1029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 783.345453][ T19] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 783.355720][ T19] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.366572][ T19] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 783.442978][ T28] kauditd_printk_skb: 2865 callbacks suppressed [ 783.442994][ T28] audit: type=1326 audit(1718701382.582:41118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.473649][ T28] audit: type=1326 audit(1718701382.582:41119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.497717][ T28] audit: type=1326 audit(1718701382.582:41120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.521908][ T28] audit: type=1326 audit(1718701382.582:41121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.545883][ T377] uclogic 0003:256C:006D.0097: failed retrieving string descriptor #100: -71 [ 783.546734][ T28] audit: type=1326 audit(1718701382.582:41122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.554385][ T377] uclogic 0003:256C:006D.0097: failed retrieving pen parameters: -71 [ 783.554404][ T377] uclogic 0003:256C:006D.0097: failed probing pen v1 parameters: -71 [ 783.578490][ T19] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 783.586308][ T377] uclogic 0003:256C:006D.0097: failed probing parameters: -71 [ 783.594096][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.603023][ T377] uclogic: probe of 0003:256C:006D.0097 failed with error -71 [ 783.610660][ T28] audit: type=1326 audit(1718701382.582:41123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.619880][ T377] usb 5-1: USB disconnect, device number 67 [ 783.628187][ T19] usb 3-1: Product: syz [ 783.651225][ T28] audit: type=1326 audit(1718701382.622:41124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efff687cf29 code=0x7ffc0000 [ 783.655285][ T19] usb 3-1: Manufacturer: syz [ 783.659793][ T28] audit: type=1326 audit(1718701382.622:41125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efff687a6a7 code=0x7ffc0000 [ 783.683262][ T19] usb 3-1: SerialNumber: syz [ 783.687484][ T28] audit: type=1326 audit(1718701382.622:41126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efff6840379 code=0x7ffc0000 [ 783.687512][ T28] audit: type=1326 audit(1718701382.622:41127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efff687a6a7 code=0x7ffc0000 [ 784.055858][T20468] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 784.066329][T20468] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 784.094620][T20473] SELinux: security_context_str_to_sid () failed with errno=-22 [ 784.276865][T20476] bridge0: port 3(gretap0) entered blocking state [ 784.284273][T20476] bridge0: port 3(gretap0) entered disabled state [ 784.315619][T20476] device gretap0 entered promiscuous mode [ 784.656182][T20475] device gretap0 left promiscuous mode [ 784.661545][T20475] bridge0: port 3(gretap0) entered disabled state [ 784.761491][T20479] loop1: detected capacity change from 0 to 40427 [ 784.768550][T20479] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 784.776114][T20479] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 784.784947][T20479] F2FS-fs (loop1): invalid crc value [ 784.791416][T20479] F2FS-fs (loop1): Found nat_bits in checkpoint [ 784.823879][T20479] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 784.830804][T20479] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 785.214479][ T19] cdc_ncm 3-1:1.0: bind() failure [ 785.234433][ T19] cdc_ncm: probe of 3-1:1.1 failed with error -71 [ 785.254427][ T19] cdc_mbim: probe of 3-1:1.1 failed with error -71 [ 785.261973][ T19] usb 3-1: USB disconnect, device number 66 [ 785.551024][ T8] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 785.560199][ T8] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 785.753512][T20514] input: syz1 as /devices/virtual/input/input155 [ 785.866516][T20518] loop2: detected capacity change from 0 to 40427 [ 785.873440][T20518] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 785.881130][T20518] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 785.890057][T20518] F2FS-fs (loop2): invalid crc value [ 785.896586][T20518] F2FS-fs (loop2): Found nat_bits in checkpoint [ 785.928547][T20518] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 785.935486][T20518] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 785.992203][ T377] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 786.707796][T18405] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 786.717075][T18405] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 786.813793][ T377] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 786.824729][ T377] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 786.834385][ T377] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 786.843355][ T377] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.852103][ T377] usb 2-1: config 0 descriptor?? [ 787.252048][T20557] input: syz1 as /devices/virtual/input/input156 [ 787.453597][ T377] hid (null): bogus close delimiter [ 787.673261][ T377] usb 2-1: language id specifier not provided by device, defaulting to English [ 788.113163][ T24] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 788.318176][T20603] syz-executor.3[20603] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 788.318265][T20603] syz-executor.3[20603] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 788.332964][ T377] uclogic 0003:256C:006D.0098: failed retrieving string descriptor #100: -71 [ 788.360333][ T377] uclogic 0003:256C:006D.0098: failed retrieving pen parameters: -71 [ 788.368707][ T377] uclogic 0003:256C:006D.0098: failed probing pen v1 parameters: -71 [ 788.378607][ T377] uclogic 0003:256C:006D.0098: failed probing parameters: -71 [ 788.386404][ T377] uclogic: probe of 0003:256C:006D.0098 failed with error -71 [ 788.394271][T20607] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 788.394963][ T377] usb 2-1: USB disconnect, device number 64 [ 788.414725][T20607] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20607 comm=syz-executor.3 [ 788.427995][T20607] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 788.502832][ T24] usb 5-1: config 27 has an invalid descriptor of length 72, skipping remainder of the config [ 788.513204][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 231, changing to 11 [ 788.524222][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 25303, setting to 1024 [ 788.542239][ T24] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 788.557912][ T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 788.567110][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 788.675277][ T24] usb 5-1: invalid MIDI in EP 0 [ 788.691590][ T24] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 789.010561][ T1029] usb 5-1: USB disconnect, device number 68 [ 789.156432][ T28] kauditd_printk_skb: 79 callbacks suppressed [ 789.156450][ T28] audit: type=1400 audit(1718701388.305:41207): avc: denied { remount } for pid=20625 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 789.184858][T20626] loop0: detected capacity change from 0 to 1 [ 789.542372][ T1029] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 789.576651][T20662] overlayfs: missing 'lowerdir' [ 789.919289][ T24] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 790.082215][ T1029] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 790.093084][ T1029] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 790.102579][ T1029] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 790.111419][ T1029] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.119708][ T1029] usb 2-1: config 0 descriptor?? [ 790.287835][T20668] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.294835][T20668] bridge0: port 1(bridge_slave_0) entered disabled state [ 790.302055][T20668] device bridge_slave_0 entered promiscuous mode [ 790.308976][T20668] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.315849][T20668] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.323037][T20668] device bridge_slave_1 entered promiscuous mode [ 790.341981][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 790.381382][T20668] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.388235][T20668] bridge0: port 2(bridge_slave_1) entered forwarding state [ 790.395317][T20668] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.402125][T20668] bridge0: port 1(bridge_slave_0) entered forwarding state [ 790.422811][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 790.439486][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 790.446920][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.462814][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 790.470919][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.477778][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 790.486638][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 790.494742][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.501596][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 790.511950][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 790.528600][T20668] device veth0_vlan entered promiscuous mode [ 790.535644][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 790.544279][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 790.551834][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 790.552182][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 790.561155][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.575935][ T24] usb 4-1: Product: syz [ 790.576047][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 790.579909][ T24] usb 4-1: Manufacturer: syz [ 790.587449][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 790.591430][ T24] usb 4-1: SerialNumber: syz [ 790.602077][ T1029] hid (null): bogus close delimiter [ 790.613260][T20668] device veth1_macvtap entered promiscuous mode [ 790.619848][T12594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 790.632037][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 790.640155][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 790.821693][ T1029] usb 2-1: language id specifier not provided by device, defaulting to English [ 791.127323][T18405] device bridge_slave_1 left promiscuous mode [ 791.133925][T18405] bridge0: port 2(bridge_slave_1) entered disabled state [ 791.141903][T18405] device bridge_slave_0 left promiscuous mode [ 791.147929][T18405] bridge0: port 1(bridge_slave_0) entered disabled state [ 791.155687][T18405] device veth1_macvtap left promiscuous mode [ 791.161592][T18405] device veth0_vlan left promiscuous mode [ 791.327551][T20688] loop4: detected capacity change from 0 to 256 [ 791.601290][ T1029] uclogic 0003:256C:006D.0099: failed retrieving string descriptor #100: -71 [ 791.610052][ T1029] uclogic 0003:256C:006D.0099: failed retrieving pen parameters: -71 [ 791.617940][ T1029] uclogic 0003:256C:006D.0099: failed probing pen v1 parameters: -71 [ 791.621237][ T377] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 791.647647][ T1029] uclogic 0003:256C:006D.0099: failed probing parameters: -71 [ 791.655079][ T1029] uclogic: probe of 0003:256C:006D.0099 failed with error -71 [ 791.663225][ T1029] usb 2-1: USB disconnect, device number 65 [ 791.791191][ T24] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 791.797552][ T24] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 791.804820][ T24] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 791.845267][T20698] loop2: detected capacity change from 0 to 256 [ 791.854243][T20698] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d) [ 791.866754][T20698] exFAT-fs (loop2): error, invalid access to FAT bad cluster (entry 0x00000005) [ 791.875673][T20698] exFAT-fs (loop2): Filesystem has been set read-only [ 791.882466][T20698] exFAT-fs (loop2): failed to initialize root inode [ 792.001074][ T24] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 792.008148][ T24] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 792.059575][ T377] usb 5-1: config 27 has an invalid descriptor of length 72, skipping remainder of the config [ 792.071368][ T24] usb 4-1: USB disconnect, device number 68 [ 792.077199][ T377] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 231, changing to 11 [ 792.088602][ T24] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 792.105645][ T377] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 25303, setting to 1024 [ 792.116775][ T377] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 792.130843][ T377] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 792.139921][ T377] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.405710][ T679] ================================================================== [ 792.413604][ T679] BUG: KASAN: use-after-free in worker_thread+0xa36/0x1260 [ 792.420637][ T679] Read of size 8 at addr ffff88813a7eace0 by task kworker/1:5/679 [ 792.428269][ T679] [ 792.430452][ T679] CPU: 1 PID: 679 Comm: kworker/1:5 Tainted: G W 6.1.78-syzkaller-00016-gbda57805ab9f #0 [ 792.441461][ T679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 792.451352][ T679] Workqueue: 0x0 (rcu_gp) [ 792.455605][ T679] Call Trace: [ 792.458728][ T679] [ 792.461507][ T679] dump_stack_lvl+0x151/0x1b7 [ 792.466023][ T679] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 792.471325][ T679] ? _printk+0xd1/0x111 [ 792.475342][ T679] ? __virt_addr_valid+0x242/0x2f0 [ 792.480253][ T679] print_report+0x158/0x4e0 [ 792.484594][ T679] ? __virt_addr_valid+0x242/0x2f0 [ 792.489547][ T679] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 792.495615][ T679] ? worker_thread+0xa36/0x1260 [ 792.500303][ T679] kasan_report+0x13c/0x170 [ 792.504640][ T679] ? worker_thread+0xa36/0x1260 [ 792.509331][ T679] __asan_report_load8_noabort+0x14/0x20 [ 792.514795][ T679] worker_thread+0xa36/0x1260 [ 792.519317][ T679] kthread+0x26d/0x300 [ 792.523241][ T679] ? worker_clr_flags+0x1a0/0x1a0 [ 792.528098][ T679] ? kthread_blkcg+0xd0/0xd0 [ 792.532500][ T679] ret_from_fork+0x1f/0x30 [ 792.536758][ T679] [ 792.539619][ T679] [ 792.541788][ T679] Allocated by task 24: [ 792.545782][ T679] kasan_set_track+0x4b/0x70 [ 792.550239][ T679] kasan_save_alloc_info+0x1f/0x30 [ 792.555155][ T679] __kasan_kmalloc+0x9c/0xb0 [ 792.559578][ T679] __kmalloc_node+0xb4/0x1e0 [ 792.564008][ T679] kvmalloc_node+0x221/0x640 [ 792.568431][ T679] alloc_netdev_mqs+0x8c/0xf90 [ 792.573031][ T679] alloc_etherdev_mqs+0x36/0x40 [ 792.577735][ T679] usbnet_probe+0x207/0x27c0 [ 792.582152][ T679] usb_probe_interface+0x5b6/0xa90 [ 792.587091][ T679] really_probe+0x2b8/0x920 [ 792.591432][ T679] __driver_probe_device+0x1a0/0x310 [ 792.596554][ T679] driver_probe_device+0x54/0x3d0 [ 792.601412][ T679] __device_attach_driver+0x2e3/0x490 [ 792.606622][ T679] bus_for_each_drv+0x183/0x200 [ 792.611306][ T679] __device_attach+0x312/0x510 [ 792.615908][ T679] device_initial_probe+0x1a/0x20 [ 792.620769][ T679] bus_probe_device+0xbe/0x1e0 [ 792.625367][ T679] device_add+0xb60/0xf10 [ 792.629531][ T679] usb_set_configuration+0x190f/0x1e80 [ 792.634829][ T679] usb_generic_driver_probe+0x8b/0x150 [ 792.640121][ T679] usb_probe_device+0x144/0x260 [ 792.644809][ T679] really_probe+0x2b8/0x920 [ 792.649147][ T679] __driver_probe_device+0x1a0/0x310 [ 792.654269][ T679] driver_probe_device+0x54/0x3d0 [ 792.659127][ T679] __device_attach_driver+0x2e3/0x490 [ 792.664369][ T679] bus_for_each_drv+0x183/0x200 [ 792.669023][ T679] __device_attach+0x312/0x510 [ 792.673641][ T679] device_initial_probe+0x1a/0x20 [ 792.678483][ T679] bus_probe_device+0xbe/0x1e0 [ 792.683084][ T679] device_add+0xb60/0xf10 [ 792.687251][ T679] usb_new_device+0xf32/0x1810 [ 792.691848][ T679] hub_event+0x2db1/0x4830 [ 792.696103][ T679] process_one_work+0x73d/0xcb0 [ 792.700789][ T679] worker_thread+0xa60/0x1260 [ 792.705303][ T679] kthread+0x26d/0x300 [ 792.709208][ T679] ret_from_fork+0x1f/0x30 [ 792.713461][ T679] [ 792.715633][ T679] Freed by task 24: [ 792.719286][ T679] kasan_set_track+0x4b/0x70 [ 792.723703][ T679] kasan_save_free_info+0x2b/0x40 [ 792.728563][ T679] ____kasan_slab_free+0x131/0x180 [ 792.733508][ T679] __kasan_slab_free+0x11/0x20 [ 792.738109][ T679] __kmem_cache_free+0x218/0x3b0 [ 792.742884][ T679] kfree+0x7a/0xf0 [ 792.746443][ T679] kvfree+0x35/0x40 [ 792.750085][ T679] netdev_freemem+0x3f/0x60 [ 792.754427][ T679] netdev_release+0x7f/0xb0 [ 792.758765][ T679] device_release+0x95/0x1c0 [ 792.763195][ T679] kobject_put+0x178/0x260 [ 792.767469][ T679] put_device+0x1f/0x30 [ 792.771448][ T679] free_netdev+0x393/0x480 [ 792.775690][ T679] usbnet_disconnect+0x245/0x390 [ 792.780464][ T679] usb_unbind_interface+0x1fa/0x8c0 [ 792.785502][ T679] device_release_driver_internal+0x53e/0x870 [ 792.791399][ T679] device_release_driver+0x19/0x20 [ 792.796348][ T679] bus_remove_device+0x2fa/0x360 [ 792.801118][ T679] device_del+0x663/0xe90 [ 792.805287][ T679] usb_disable_device+0x380/0x720 [ 792.810163][ T679] usb_disconnect+0x32a/0x890 [ 792.814659][ T679] hub_event+0x1ed8/0x4830 [ 792.818911][ T679] process_one_work+0x73d/0xcb0 [ 792.823597][ T679] worker_thread+0xd71/0x1260 [ 792.828111][ T679] kthread+0x26d/0x300 [ 792.832017][ T679] ret_from_fork+0x1f/0x30 [ 792.836281][ T679] [ 792.838442][ T679] Last potentially related work creation: [ 792.843994][ T679] kasan_save_stack+0x3b/0x60 [ 792.848507][ T679] __kasan_record_aux_stack+0xb4/0xc0 [ 792.853716][ T679] kasan_record_aux_stack_noalloc+0xb/0x10 [ 792.859361][ T679] insert_work+0x56/0x310 [ 792.863523][ T679] __queue_work+0x9b6/0xd70 [ 792.867863][ T679] queue_work_on+0x105/0x170 [ 792.872288][ T679] usbnet_link_change+0xeb/0x100 [ 792.877062][ T679] usbnet_probe+0x1dbe/0x27c0 [ 792.881637][ T679] usb_probe_interface+0x5b6/0xa90 [ 792.886524][ T679] really_probe+0x2b8/0x920 [ 792.890863][ T679] __driver_probe_device+0x1a0/0x310 [ 792.895983][ T679] driver_probe_device+0x54/0x3d0 [ 792.900841][ T679] __device_attach_driver+0x2e3/0x490 [ 792.906053][ T679] bus_for_each_drv+0x183/0x200 [ 792.910738][ T679] __device_attach+0x312/0x510 [ 792.915338][ T679] device_initial_probe+0x1a/0x20 [ 792.920216][ T679] bus_probe_device+0xbe/0x1e0 [ 792.924798][ T679] device_add+0xb60/0xf10 [ 792.928987][ T679] usb_set_configuration+0x190f/0x1e80 [ 792.934376][ T679] usb_generic_driver_probe+0x8b/0x150 [ 792.939665][ T679] usb_probe_device+0x144/0x260 [ 792.944380][ T679] really_probe+0x2b8/0x920 [ 792.948689][ T679] __driver_probe_device+0x1a0/0x310 [ 792.953808][ T679] driver_probe_device+0x54/0x3d0 [ 792.958675][ T679] __device_attach_driver+0x2e3/0x490 [ 792.963876][ T679] bus_for_each_drv+0x183/0x200 [ 792.968562][ T679] __device_attach+0x312/0x510 [ 792.973164][ T679] device_initial_probe+0x1a/0x20 [ 792.978029][ T679] bus_probe_device+0xbe/0x1e0 [ 792.982625][ T679] device_add+0xb60/0xf10 [ 792.986797][ T679] usb_new_device+0xf32/0x1810 [ 792.991392][ T679] hub_event+0x2db1/0x4830 [ 792.995732][ T679] process_one_work+0x73d/0xcb0 [ 793.000415][ T679] worker_thread+0xa60/0x1260 [ 793.004929][ T679] kthread+0x26d/0x300 [ 793.008836][ T679] ret_from_fork+0x1f/0x30 [ 793.013088][ T679] [ 793.015259][ T679] The buggy address belongs to the object at ffff88813a7ea000 [ 793.015259][ T679] which belongs to the cache kmalloc-4k of size 4096 [ 793.029143][ T679] The buggy address is located 3296 bytes inside of [ 793.029143][ T679] 4096-byte region [ffff88813a7ea000, ffff88813a7eb000) [ 793.042423][ T679] [ 793.044594][ T679] The buggy address belongs to the physical page: [ 793.050860][ T679] page:ffffea0004e9fa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13a7e8 [ 793.060912][ T679] head:ffffea0004e9fa00 order:3 compound_mapcount:0 compound_pincount:0 [ 793.069069][ T679] flags: 0x4000000000010200(slab|head|zone=1) [ 793.074979][ T679] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 793.083393][ T679] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 793.091805][ T679] page dumped because: kasan: bad access detected [ 793.098065][ T679] page_owner tracks the page as allocated [ 793.103609][ T679] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 19981, tgid 19981 (syz-executor.3), ts 770323054810, free_ts 770320302419 [ 793.126701][ T679] post_alloc_hook+0x213/0x220 [ 793.131297][ T679] prep_new_page+0x1b/0x110 [ 793.135639][ T679] get_page_from_freelist+0x27ea/0x2870 [ 793.141019][ T679] __alloc_pages+0x3a1/0x780 [ 793.145443][ T679] alloc_slab_page+0x6c/0xf0 [ 793.149869][ T679] new_slab+0x90/0x3e0 [ 793.153775][ T679] ___slab_alloc+0x6f9/0xb80 [ 793.158203][ T679] __slab_alloc+0x5d/0xa0 [ 793.162413][ T679] __kmem_cache_alloc_node+0x1af/0x250 [ 793.167663][ T679] kmalloc_trace+0x2a/0xa0 [ 793.171915][ T679] kvm_uevent_notify_change+0x22b/0x3c0 [ 793.177296][ T679] kvm_put_kvm+0x99/0x1340 [ 793.181574][ T679] kvm_vm_release+0x46/0x50 [ 793.185899][ T679] __fput+0x3ab/0x870 [ 793.189707][ T679] ____fput+0x15/0x20 [ 793.193525][ T679] task_work_run+0x24d/0x2e0 [ 793.197952][ T679] page last free stack trace: [ 793.202467][ T679] free_unref_page_prepare+0x83d/0x850 [ 793.207760][ T679] free_unref_page+0xb2/0x5c0 [ 793.212272][ T679] __free_pages+0x61/0xf0 [ 793.216440][ T679] free_pages+0x7c/0x90 [ 793.220431][ T679] packet_set_ring+0x19bc/0x24e0 [ 793.225205][ T679] packet_release+0x7a5/0xd10 [ 793.229719][ T679] sock_close+0xdf/0x270 [ 793.233796][ T679] __fput+0x3ab/0x870 [ 793.237617][ T679] ____fput+0x15/0x20 [ 793.241435][ T679] task_work_run+0x24d/0x2e0 [ 793.245862][ T679] exit_to_user_mode_loop+0x94/0xa0 [ 793.250896][ T679] exit_to_user_mode_prepare+0x5a/0xa0 [ 793.256191][ T679] syscall_exit_to_user_mode+0x26/0x140 [ 793.261575][ T679] do_syscall_64+0x49/0xb0 [ 793.265823][ T679] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 793.271552][ T679] [ 793.273722][ T679] Memory state around the buggy address: [ 793.279192][ T679] ffff88813a7eab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 793.287090][ T679] ffff88813a7eac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 793.294989][ T679] >ffff88813a7eac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 793.302884][ T679] ^ 2024/06/18 09:03:12 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 793.309915][ T679] ffff88813a7ead00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 793.317813][ T679] ffff88813a7ead80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 793.325710][ T679] ================================================================== [ 793.333607][ T679] Disabling lock debugging due to kernel taint