last executing test programs: 7.411362468s ago: executing program 0: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)) syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0) 7.379647513s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) socket$inet6(0xa, 0x2, 0x3a) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d"], 0x0, 0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f00000000c0)={0x3, 0xffffffff}) 5.248746675s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b7040000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r2}, 0x10) setitimer(0x0, 0x0, 0x0) 5.20931492s ago: executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newsa={0x140, 0x10, 0x113, 0x0, 0x0, {{@in=@multicast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@multicast2, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_thresh={0x8}]}, 0x140}}, 0x0) 5.193826293s ago: executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid_for_children\x00') unshare(0x4020400) ioctl$NS_GET_NSTYPE(r0, 0xb703, 0x0) 5.178592915s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0}, &(0x7f00000005c0), &(0x7f0000000600)='%pi6 \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) ptrace(0x10, 0x1) 3.258417724s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b7040000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r2}, 0x10) setitimer(0x0, 0x0, 0x0) 3.238500867s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 1.304086378s ago: executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2058) write$FUSE_LSEEK(r0, &(0x7f00000021c0)={0x18, 0x0, r2, {0x7}}, 0x18) read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_IOCTL(r0, &(0x7f0000002140)={0x20, 0x0, r3}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xcd, 0x1}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x200000000006}]}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r5}, 0x10) getdents64(r1, 0x0, 0x300) 1.22531912s ago: executing program 1: write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f00000020c0)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00)'], 0x58) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb929"], 0xfdef) 1.147255962s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.137217184s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='ext4_es_lookup_extent_exit\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='ext4_es_lookup_extent_exit\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) 1.134709454s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000800)='kfree_skb\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, 0x0}, 0x0) 1.126707815s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 1.108870758s ago: executing program 3: rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x5, 0x4, @tid=r0}, &(0x7f0000000300)) r1 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8) timer_settime(0x0, 0x3, &(0x7f000004a000)={{0x0, 0x1}, {0x7, 0xe4c}}, 0x0) clock_gettime(0x0, &(0x7f0000000040)) readv(r1, &(0x7f0000000000)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x5) 1.102476869s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00'}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000840)={0x14, r7, 0x1, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f00000004c0)={&(0x7f0000000280), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, r7, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7ff, 0x6a}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_int(r0, &(0x7f0000000200), 0x42400) 725.096988ms ago: executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x4}, @sadb_spirange={0x2}, @sadb_address={0x3, 0x17, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, @sadb_address={0x1e, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}]}, 0x70}}, 0x0) 718.423379ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe(&(0x7f0000000180)={0xffffffffffffffff}) close(r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100004b028ee7000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='ext4_forget\x00', r1}, 0x10) pipe(&(0x7f0000000180)={0xffffffffffffffff}) close(r2) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='ext4_forget\x00', r2}, 0x10) mkdir(&(0x7f0000000140)='./control\x00', 0x0) rmdir(&(0x7f0000000100)='./control\x00') 708.52581ms ago: executing program 2: bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000300), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb705000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 699.271882ms ago: executing program 2: syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="646f74732c646f74732c646f74732c636865636b3d72656c617865642c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030302c6e6f646f74732c646f74732c6e6f646f74732c6e6f646f74732c636865636b3d7374726963742c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c646f74732c646f74732c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c6e6f646f74732c646f74732c666d61736b3d30303030303030303030303030303030303030303030322c6e6f646f74732c646f74732c666c7573682c6e6f646f74732c636865636b3d6e6f726d616c2c0079c7cebee7a0df8765ffc536c4e752679b645307d1bf097e07b8e261bb27d1bb80ee490fc501e4f230ddf1483b11ac5c39a93cfc3ba360037c79a9be063a3bf5015e3d6a8cad0e98ccb29619c51c44ec612fc7ff44fa8cf7759eada764c43ba9d602a958bd209ace3df01c3dae04baa94aedc5515da8160ae0"], 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") mknod$loop(&(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 684.425174ms ago: executing program 2: io_setup(0x2, &(0x7f0000000040)=0x0) pipe2(&(0x7f0000012c00)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) io_submit(r0, 0x1, &(0x7f0000000780)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) vmsplice(r2, &(0x7f0000003b80)=[{&(0x7f0000003ac0)="16", 0x1}], 0x1, 0x0) writev(r2, &(0x7f0000000240)=[{&(0x7f0000000100)='a', 0x1}], 0x1) 599.886897ms ago: executing program 2: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x0, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$inet6(r6, &(0x7f00000000c0), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x200000a, 0x11012, r7, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x77e4}, 0x90) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) 377.882341ms ago: executing program 4: socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f0000000040), 0x8) r2 = dup2(r1, r1) listen(r2, 0x0) setsockopt$packet_int(r2, 0x107, 0x7, &(0x7f0000000800), 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x8, 0x4) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x16, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0x3}]}, 0x44}}, 0x0) 117.212962ms ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) sched_getattr(0x0, &(0x7f0000000240)={0x38}, 0x38, 0x0) 114.054523ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x4, 0x7, 0x11}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000f000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) utime(0x0, 0x0) r2 = io_uring_setup(0x48ae, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0xf, &(0x7f0000000540)={0x7, 0x0, 0x0, 0x0}, 0x20) chdir(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 93.637526ms ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000080)) chdir(&(0x7f0000000000)='./bus\x00') sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000003000000", @ANYRES32, @ANYBLOB="0100000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3}}}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880), 0x38}, 0x5}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00') pread64(r3, 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0x4, 0x4, 0x7}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000001c0)={r4, &(0x7f0000000500), 0x20000000}, 0x20) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) r7 = dup3(r6, r5, 0x0) sendmsg$key(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="020a0000020000000000000000000000268d5b939f45323c72198598c7aa6a50f2df37732342042651fa7adda64c89fd53b75cd3eaf67b5b95e63277a6fd8cbc0df91ae96787d4936a972e75c60d0aff5e1132cc"], 0x10}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000580)=r1}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000600)={r4, 0xffffffffffffffff}, 0x4) r10 = syz_open_procfs(0x0, &(0x7f0000000640)='schedstat\x00') r11 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000680)='io.stat\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x9, &(0x7f0000000400)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @jmp={0x5, 0x0, 0xd, 0x0, 0xa, 0x80}, @alu={0x7, 0x0, 0xb, 0xb, 0xa, 0x50, 0xfffffffffffffffc}, @tail_call], &(0x7f0000000340)='GPL\x00', 0x7f, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000480)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0x2, 0x6}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000006c0)=[r3, r4, r7, r8, r9, r10, r11], &(0x7f0000000700)=[{0x0, 0x4, 0x9, 0xb}, {0x2, 0x5, 0xf}, {0x3, 0x3, 0x9, 0xb}, {0x6, 0x1, 0x2, 0x8}, {0x0, 0x1, 0x1, 0x2}], 0x10, 0x800}, 0xffffffffffffff25) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) linkat(r0, &(0x7f0000000040)='./file0\x00', r0, &(0x7f0000000300)='./file1\x00', 0x0) r12 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) r13 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) linkat(r13, &(0x7f0000000200)='./file1\x00', r12, &(0x7f0000000380)='./file2\x00', 0x0) 62.272211ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = userfaultfd(0x1) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) read(r2, &(0x7f00000002c0)=""/196, 0xc4) close(r2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000b4bffc), 0x4) 58.814402ms ago: executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x4}, @sadb_spirange={0x2}, @sadb_address={0x3, 0x17, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, @sadb_address={0x1e, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}]}, 0x70}}, 0x0) 50.594133ms ago: executing program 4: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0) 0s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='global_dirty_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='global_dirty_state\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40001) kernel console output (not intermixed with test programs): ): veth0_to_batadv: link becomes ready [ 64.134682][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.143903][ T2103] device pim6reg1 entered promiscuous mode [ 64.159831][ T2105] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 65.006791][ T2149] device pim6reg1 entered promiscuous mode [ 66.426306][ T2224] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 66.771384][ T2243] sch_fq: defrate 0 ignored. [ 67.037195][ T2260] kvm: emulating exchange as write [ 67.058610][ T925] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 67.217069][ T2277] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 67.299357][ T925] usb 2-1: Using ep0 maxpacket: 8 [ 67.338492][ T331] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 67.418570][ T925] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 67.508521][ T925] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 67.517611][ T925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 67.525752][ T925] usb 2-1: SerialNumber: syz [ 67.578528][ T331] usb 1-1: Using ep0 maxpacket: 16 [ 67.600324][ T2299] loop3: detected capacity change from 0 to 256 [ 67.610601][ T925] usb-storage 2-1:1.0: USB Mass Storage device detected [ 67.623288][ T925] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 67.773794][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 67.836420][ T925] usb 2-1: USB disconnect, device number 5 [ 67.953370][ T331] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 67.998530][ T331] usb 1-1: language id specifier not provided by device, defaulting to English [ 68.118525][ T331] usb 1-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.40 [ 68.127403][ T331] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.135250][ T331] usb 1-1: Product: syz [ 68.139206][ T331] usb 1-1: Manufacturer: 㓊첥눂㺷ᅯ⫦⮴儑끷눙 [ 68.146614][ T331] usb 1-1: SerialNumber: syz [ 68.188573][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 68.198934][ T331] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 68.199710][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 68.217897][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 68.229025][ T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 68.237932][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.268587][ T2294] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 68.393449][ T2317] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 68.421330][ T342] usb 1-1: USB disconnect, device number 4 [ 68.514549][ T24] usb 5-1: USB disconnect, device number 3 [ 68.587528][ T2331] loop2: detected capacity change from 0 to 256 [ 68.611078][ T2333] loop2: detected capacity change from 0 to 16 [ 68.617712][ T2333] erofs: (device loop2): z_erofs_load_lz4_config: invalid lz4 cfgs, size=4 [ 68.682172][ T2349] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 68.753627][ T2355] loop3: detected capacity change from 0 to 256 [ 68.948559][ T1230] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 69.223072][ T28] kauditd_printk_skb: 7258 callbacks suppressed [ 69.223088][ T28] audit: type=1326 audit(1718677632.786:17572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7ee7cf29 code=0x7ffc0000 [ 69.254397][ T28] audit: type=1326 audit(1718677632.816:17573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcd7ee7cf29 code=0x7ffc0000 [ 69.280745][ T28] audit: type=1326 audit(1718677632.816:17574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7ee7cf29 code=0x7ffc0000 [ 69.314054][ T28] audit: type=1326 audit(1718677632.816:17575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcd7ee7cf29 code=0x7ffc0000 [ 69.341915][ T28] audit: type=1326 audit(1718677632.866:17576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7ee7cf29 code=0x7ffc0000 [ 69.366141][ T28] audit: type=1326 audit(1718677632.866:17577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcd7ee7a6a7 code=0x7ffc0000 [ 69.390031][ T28] audit: type=1326 audit(1718677632.866:17578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcd7ee40379 code=0x7ffc0000 [ 69.418572][ T1230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.427098][ T28] audit: type=1326 audit(1718677632.866:17579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcd7ee7a6a7 code=0x7ffc0000 [ 69.453030][ T1230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.471508][ T1230] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 69.476663][ T28] audit: type=1326 audit(1718677632.866:17580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcd7ee40379 code=0x7ffc0000 [ 69.488503][ T1230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.533295][ T28] audit: type=1326 audit(1718677632.866:17581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2374 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcd7ee7a6a7 code=0x7ffc0000 [ 69.539730][ T1230] usb 3-1: config 0 descriptor?? [ 69.606697][ T2386] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 69.898755][ T2414] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 69.958503][ T342] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 70.038770][ T1230] hid (null): bogus close delimiter [ 70.268702][ T1230] usb 3-1: language id specifier not provided by device, defaulting to English [ 70.318578][ T342] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 70.342949][ T342] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 70.363912][ T342] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 70.375169][ T342] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 70.384114][ T342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.395564][ T2433] kvm_set_msr_common: 17 callbacks suppressed [ 70.395582][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000 [ 70.410989][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0xd00000800 [ 70.418728][ T2395] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 70.420774][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xe00000000 [ 70.444043][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1100000800 [ 70.454837][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x1200000000 [ 70.465373][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1500000800 [ 70.475598][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x1600000000 [ 70.485451][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1900000800 [ 70.502085][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x1a00000000 [ 70.511912][ T2433] kvm [2432]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1d00000800 [ 70.644147][ T925] usb 2-1: USB disconnect, device number 6 [ 70.730259][ T1230] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.000A/input/input7 [ 70.751516][ T1230] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.000A/input/input8 [ 70.764350][ T1230] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.000A/input/input9 [ 70.777882][ T1230] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.000A/input/input10 [ 70.791301][ T1230] uclogic 0003:256C:006D.000A: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 70.931776][ T925] usb 3-1: USB disconnect, device number 8 [ 70.953933][ T2463] loop4: detected capacity change from 0 to 8192 [ 70.988835][ T2463] loop4: p2 p3 p4 [ 70.992666][ T2463] loop4: p2 start 452985600 is beyond EOD, truncated [ 71.003673][ T2463] loop4: p3 start 4177527808 is beyond EOD, truncated [ 71.013605][ T2463] loop4: p4 size 3599499392 extends beyond EOD, truncated [ 71.166364][ T2471] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 71.225969][ T2478] sch_fq: defrate 0 ignored. [ 71.336630][ T2485] tipc: Started in network mode [ 71.341449][ T2485] tipc: Node identity ac1414aa, cluster identity 4711 [ 71.348383][ T2485] tipc: New replicast peer: 100.1.1.1 [ 71.353957][ T2485] tipc: Enabled bearer , priority 10 [ 71.685181][ T2493] loop2: detected capacity change from 0 to 512 [ 71.719383][ T2493] EXT4-fs warning (device loop2): ext4_multi_mount_protect:324: fsck is running on the filesystem [ 71.738239][ T2493] EXT4-fs warning (device loop2): ext4_multi_mount_protect:324: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 71.758495][ T1230] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 71.917606][ T2501] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 71.990710][ T2519] loop3: detected capacity change from 0 to 128 [ 71.997408][ T2519] FAT-fs (loop3): Directory bread(block 3145772) failed [ 72.004275][ T2519] FAT-fs (loop3): Directory bread(block 3145773) failed [ 72.011201][ T1230] usb 2-1: Using ep0 maxpacket: 8 [ 72.011224][ T2519] FAT-fs (loop3): Directory bread(block 3145774) failed [ 72.023068][ T2519] FAT-fs (loop3): Directory bread(block 3145775) failed [ 72.029914][ T2519] FAT-fs (loop3): Directory bread(block 3145776) failed [ 72.037558][ T2519] FAT-fs (loop3): Directory bread(block 3145777) failed [ 72.053042][ T2519] FAT-fs (loop3): Directory bread(block 3145778) failed [ 72.061623][ T2519] FAT-fs (loop3): Directory bread(block 3145779) failed [ 72.084192][ T2519] FAT-fs (loop3): FAT read failed (blocknr 128) [ 72.111124][ T2532] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 72.138581][ T1230] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 72.216201][ T2546] loop3: detected capacity change from 0 to 2048 [ 72.226576][ T2546] EXT4-fs: Ignoring removed nobh option [ 72.238596][ T1230] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 72.248529][ T1230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 72.258741][ T1230] usb 2-1: SerialNumber: syz [ 72.264841][ T2546] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 72.273620][ T2546] ext4 filesystem being mounted at /root/syzkaller-testdir3730915536/syzkaller.sNHOjI/45/file0 supports timestamps until 2038 (0x7fffffff) [ 72.290295][ T2546] fs-verity: sha256 using implementation "sha256-avx2" [ 72.297841][ T2546] fs-verity (loop3, inode 13): ext4_end_enable_verity() failed with err -30 [ 72.308848][ T1230] usb-storage 2-1:1.0: USB Mass Storage device detected [ 72.380483][ T2557] tipc: Started in network mode [ 72.385271][ T2557] tipc: Node identity ac1414aa, cluster identity 4711 [ 72.392133][ T2557] tipc: New replicast peer: 100.1.1.1 [ 72.397656][ T2557] tipc: Enabled bearer , priority 10 [ 72.468517][ T342] tipc: Node number set to 2886997162 [ 72.478733][ T60] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 72.530747][ T2064] EXT4-fs (loop3): unmounting filesystem. [ 72.658369][ T1230] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 72.677496][ T2563] loop3: detected capacity change from 0 to 128 [ 72.685272][ T2563] FAT-fs (loop3): Directory bread(block 3145772) failed [ 72.692613][ T2563] FAT-fs (loop3): Directory bread(block 3145773) failed [ 72.700087][ T2563] FAT-fs (loop3): Directory bread(block 3145774) failed [ 72.707067][ T2563] FAT-fs (loop3): Directory bread(block 3145775) failed [ 72.707598][ T1230] usb 2-1: USB disconnect, device number 7 [ 72.713932][ T2563] FAT-fs (loop3): Directory bread(block 3145776) failed [ 72.726383][ T2563] FAT-fs (loop3): Directory bread(block 3145777) failed [ 72.733278][ T60] usb 5-1: Using ep0 maxpacket: 8 [ 72.738508][ T2563] FAT-fs (loop3): Directory bread(block 3145778) failed [ 72.745572][ T2563] FAT-fs (loop3): Directory bread(block 3145779) failed [ 72.769954][ T2563] FAT-fs (loop3): FAT read failed (blocknr 128) [ 72.848713][ T60] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 72.857699][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.866511][ T60] usb 5-1: config 0 descriptor?? [ 73.073990][ T2589] loop1: detected capacity change from 0 to 128 [ 73.081359][ T2589] FAT-fs (loop1): Directory bread(block 3145772) failed [ 73.088551][ T2589] FAT-fs (loop1): Directory bread(block 3145773) failed [ 73.117863][ T2589] FAT-fs (loop1): Directory bread(block 3145774) failed [ 73.134961][ T2589] FAT-fs (loop1): Directory bread(block 3145775) failed [ 73.148917][ T2589] FAT-fs (loop1): Directory bread(block 3145776) failed [ 73.155792][ T2589] FAT-fs (loop1): Directory bread(block 3145777) failed [ 73.162573][ T2589] FAT-fs (loop1): Directory bread(block 3145778) failed [ 73.169475][ T2589] FAT-fs (loop1): Directory bread(block 3145779) failed [ 73.195100][ T2589] FAT-fs (loop1): FAT read failed (blocknr 128) [ 73.304596][ T2592] loop2: detected capacity change from 0 to 40427 [ 73.312000][ T2592] F2FS-fs (loop2): old and new quota format mixing [ 73.601053][ T342] tipc: Node number set to 2886997162 [ 73.672414][ T2620] loop1: detected capacity change from 0 to 256 [ 73.822276][ T2629] tipc: Started in network mode [ 73.827122][ T2629] tipc: Node identity ac1414aa, cluster identity 4711 [ 73.834129][ T2629] tipc: New replicast peer: 100.1.1.1 [ 73.839740][ T2629] tipc: Enabled bearer , priority 10 [ 74.263228][ T2639] overlayfs: missing 'lowerdir' [ 74.319751][ T28] kauditd_printk_skb: 84 callbacks suppressed [ 74.319768][ T28] audit: type=1326 audit(1718677637.886:17666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.356926][ T28] audit: type=1326 audit(1718677637.916:17667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.380801][ T60] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 74.380830][ T60] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 74.380893][ T60] asix: probe of 5-1:0.0 failed with error -71 [ 74.392255][ T28] audit: type=1326 audit(1718677637.916:17668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.413244][ T60] usb 5-1: USB disconnect, device number 4 [ 74.430519][ T28] audit: type=1326 audit(1718677637.916:17669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.464803][ T28] audit: type=1326 audit(1718677637.916:17670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.489207][ T28] audit: type=1326 audit(1718677637.916:17671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.523377][ T28] audit: type=1326 audit(1718677637.916:17672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.568189][ T28] audit: type=1326 audit(1718677637.916:17673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.594190][ T28] audit: type=1326 audit(1718677637.916:17674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.619497][ T28] audit: type=1326 audit(1718677637.916:17675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2642 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f618a47cf29 code=0x7ffc0000 [ 74.807274][ T2676] loop1: detected capacity change from 0 to 512 [ 74.814438][ T2676] EXT4-fs warning (device loop1): ext4_multi_mount_protect:324: fsck is running on the filesystem [ 74.825105][ T2676] EXT4-fs warning (device loop1): ext4_multi_mount_protect:324: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 74.843662][ T342] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 74.958483][ T19] tipc: Node number set to 2886997162 [ 75.393627][ T2691] loop2: detected capacity change from 0 to 256 [ 75.402421][ T2691] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 75.458764][ T342] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.470425][ T342] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 75.479366][ T342] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.487734][ T342] usb 4-1: config 0 descriptor?? [ 75.494694][ T334] tipc: Disabling bearer [ 75.499937][ T334] tipc: Left network mode [ 75.725457][ T2711] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.738488][ T2711] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.746188][ T2711] device bridge_slave_0 entered promiscuous mode [ 75.773131][ T2711] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.780486][ T2711] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.788452][ T2711] device bridge_slave_1 entered promiscuous mode [ 75.796668][ T2699] kvm_set_msr_common: 44 callbacks suppressed [ 75.796684][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000 [ 75.820397][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0xd00000800 [ 75.829816][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xe00000000 [ 75.839864][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1100000800 [ 75.858655][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x1200000000 [ 75.882289][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1500000800 [ 75.901647][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x1600000000 [ 75.921749][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1900000800 [ 75.931442][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x1a00000000 [ 75.941041][ T2699] kvm [2698]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x1d00000800 [ 75.961204][ T2711] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.968086][ T2711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.975218][ T2711] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.982081][ T2711] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.989203][ T342] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor [ 76.009473][ T342] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000B/input/input11 [ 76.074079][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.097862][ T1230] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.100294][ T342] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 76.119203][ T1230] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.141985][ T334] device bridge_slave_1 left promiscuous mode [ 76.153241][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.161249][ T334] device bridge_slave_0 left promiscuous mode [ 76.167583][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.176153][ T334] device veth1_macvtap left promiscuous mode [ 76.182718][ T334] device veth0_vlan left promiscuous mode [ 76.404791][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.410317][ T342] usb 4-1: USB disconnect, device number 6 [ 76.413438][ T925] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.425236][ T925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.440862][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.448967][ T925] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.455813][ T925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.496365][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.509095][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.537043][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.545543][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.563640][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.579071][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.602619][ T2711] device veth0_vlan entered promiscuous mode [ 76.609315][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.617151][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.636249][ T2711] device veth1_macvtap entered promiscuous mode [ 76.654065][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.662929][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.671031][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.679343][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.687555][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.703320][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.711397][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.719746][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.727870][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.976980][ T2800] overlayfs: failed to get inode (-116) [ 76.989014][ T2800] overlayfs: failed to get inode (-116) [ 77.027915][ T2806] loop2: detected capacity change from 0 to 256 [ 77.048269][ T2806] exfat: Deprecated parameter 'utf8' [ 77.071370][ T2806] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 77.316914][ T2833] bridge0: port 3(veth1_macvtap) entered blocking state [ 77.324198][ T2833] bridge0: port 3(veth1_macvtap) entered disabled state [ 77.498502][ T331] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 77.538517][ T925] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 77.606236][ T2840] loop4: detected capacity change from 0 to 256 [ 77.623169][ T2840] exfat: Deprecated parameter 'utf8' [ 77.657013][ T2840] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 77.748506][ T331] usb 4-1: Using ep0 maxpacket: 16 [ 77.810352][ T2856] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 77.825195][ T2859] IPv6: NLM_F_REPLACE set, but no existing node found! [ 77.868867][ T331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.885063][ T331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.896743][ T2866] loop1: detected capacity change from 0 to 256 [ 77.912238][ T331] usb 4-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 77.926198][ T2866] exfat: Deprecated parameter 'utf8' [ 77.933346][ T331] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.941366][ T925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.941889][ T331] usb 4-1: config 0 descriptor?? [ 77.961130][ T2866] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 77.965369][ T925] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 77.985324][ T925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.002099][ T925] usb 3-1: config 0 descriptor?? [ 78.061682][ T2884] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 78.075836][ T2886] IPv6: NLM_F_REPLACE set, but no existing node found! [ 78.092817][ T2888] loop4: detected capacity change from 0 to 2048 [ 78.110016][ T2888] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 8192 [ 78.341835][ T2888] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 78.381173][ T2888] EXT4-fs error (device loop4): ext4_get_max_inline_size:116: inode #18: comm syz-executor.4: can't get inode location 18 [ 78.396233][ T1897] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 78.410701][ T342] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 78.418248][ T1897] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 78.427997][ T1897] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #18: comm syz-executor.4: mark_inode_dirty error [ 78.440213][ T1897] EXT4-fs (loop4): unmounting filesystem. [ 78.490572][ T334] tipc: Disabling bearer [ 78.495819][ T334] tipc: Left network mode [ 78.509714][ T925] keytouch 0003:0926:3333.000C: fixing up Keytouch IEC report descriptor [ 78.519537][ T925] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.000C/input/input12 [ 78.593884][ T2894] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.601044][ T2894] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.602657][ T925] keytouch 0003:0926:3333.000C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 78.608552][ T331] usb 4-1: string descriptor 0 read error: -71 [ 78.620003][ T2894] device bridge_slave_0 entered promiscuous mode [ 78.635055][ T2894] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.641922][ T2894] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.649063][ T2894] device bridge_slave_1 entered promiscuous mode [ 78.691247][ T2894] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.698093][ T2894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.705189][ T2894] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.712019][ T2894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.718526][ T331] usbhid 4-1:0.0: can't add hid device: -71 [ 78.725554][ T331] usbhid: probe of 4-1:0.0 failed with error -71 [ 78.735155][ T331] usb 4-1: USB disconnect, device number 7 [ 78.739900][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.748124][ T925] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.755823][ T925] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.768556][ T342] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 78.780031][ T342] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 78.791116][ T342] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 78.802155][ T342] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 78.802426][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.811064][ T342] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.827147][ T925] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.828555][ T2873] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 78.833998][ T925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.848181][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.856539][ T925] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.863410][ T925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.884632][ T2894] device veth0_vlan entered promiscuous mode [ 78.900633][ T2894] device veth1_macvtap entered promiscuous mode [ 78.909892][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.918189][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.926167][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.937690][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.945312][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.953493][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.962267][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.970733][ T1230] usb 3-1: USB disconnect, device number 9 [ 78.979967][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.989017][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.061358][ T39] usb 1-1: USB disconnect, device number 5 [ 79.129343][ T2912] loop3: detected capacity change from 0 to 256 [ 79.135977][ T2912] exfat: Deprecated parameter 'utf8' [ 79.143238][ T2912] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 79.162326][ T2914] syz-executor.4[2914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.162395][ T2914] syz-executor.4[2914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.178401][ T2914] incfs: Options parsing error. -22 [ 79.197104][ T2914] incfs: mount failed -22 [ 79.201918][ T2916] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 79.259317][ T334] device bridge_slave_1 left promiscuous mode [ 79.268870][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.279190][ T334] device bridge_slave_0 left promiscuous mode [ 79.285154][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.293448][ T334] device veth1_macvtap left promiscuous mode [ 79.299362][ T334] device veth0_vlan left promiscuous mode [ 79.322942][ T2930] Zero length message leads to an empty skb [ 79.456503][ T2938] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 79.466262][ T2938] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 79.580742][ T28] kauditd_printk_skb: 134 callbacks suppressed [ 79.580757][ T28] audit: type=1400 audit(1718677642.720:17810): avc: denied { connect } for pid=2941 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 79.604451][ T2949] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.917065][ T2956] device syzkaller0 entered promiscuous mode [ 79.923776][ T2961] loop4: detected capacity change from 0 to 256 [ 79.933752][ T28] audit: type=1400 audit(1718677643.070:17811): avc: denied { mounton } for pid=2960 comm="syz-executor.4" path="/root/syzkaller-testdir2461642067/syzkaller.Ob7T8A/13/file0/bus" dev="loop4" ino=1048661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 79.944357][ T2894] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 79.962043][ T342] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 79.976970][ T28] audit: type=1400 audit(1718677643.070:17812): avc: denied { map } for pid=2960 comm="syz-executor.4" path="/root/syzkaller-testdir2461642067/syzkaller.Ob7T8A/13/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.977649][ T2894] FAT-fs (loop4): Filesystem has been set read-only [ 80.012247][ T2894] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 80.076911][ T2963] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 80.278701][ T342] usb 2-1: Using ep0 maxpacket: 16 [ 80.289617][ T2978] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 80.299395][ T2969] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.306307][ T2969] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.313915][ T2969] device bridge_slave_0 entered promiscuous mode [ 80.314639][ T2969] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.327262][ T2969] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.343008][ T2969] device bridge_slave_1 entered promiscuous mode [ 80.388119][ T2986] loop3: detected capacity change from 0 to 256 [ 80.398972][ T2986] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 80.439347][ T342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.473053][ T342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.493637][ T342] usb 2-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 80.502580][ T342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.511808][ T342] usb 2-1: config 0 descriptor?? [ 80.521834][ T2990] device syzkaller0 entered promiscuous mode [ 80.735382][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.744213][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.758685][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 80.766970][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.776715][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.783579][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.790961][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.799254][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.807161][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.814006][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.823311][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.108798][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.110744][ T3012] loop3: detected capacity change from 0 to 512 [ 81.116884][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.123061][ T3012] EXT4-fs: Ignoring removed mblk_io_submit option [ 81.138543][ T342] usb 2-1: string descriptor 0 read error: -71 [ 81.139012][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 81.147158][ T3012] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.3: inline data xattr refers to an external xattr inode [ 81.168166][ T3012] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 12 (err -117) [ 81.180401][ T3012] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 81.192582][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.201451][ T2969] device veth0_vlan entered promiscuous mode [ 81.208327][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.215502][ T28] audit: type=1400 audit(1718677644.340:17813): avc: denied { write } for pid=3011 comm="syz-executor.3" name="bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 81.237733][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.238172][ T2064] EXT4-fs (loop3): unmounting filesystem. [ 81.248550][ T342] usbhid 2-1:0.0: can't add hid device: -71 [ 81.251610][ T28] audit: type=1400 audit(1718677644.340:17814): avc: denied { add_name } for pid=3011 comm="syz-executor.3" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 81.256566][ T342] usbhid: probe of 2-1:0.0 failed with error -71 [ 81.283398][ T28] audit: type=1400 audit(1718677644.340:17815): avc: denied { link } for pid=3011 comm="syz-executor.3" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 81.285282][ T342] usb 2-1: USB disconnect, device number 8 [ 81.326917][ T28] audit: type=1400 audit(1718677644.340:17816): avc: denied { remove_name } for pid=3011 comm="syz-executor.3" name="file0" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 81.354954][ T28] audit: type=1400 audit(1718677644.340:17817): avc: denied { rename } for pid=3011 comm="syz-executor.3" name="file0" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 81.385397][ T2969] device veth1_macvtap entered promiscuous mode [ 81.394268][ T3016] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 81.403940][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 81.419006][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 81.419358][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 81.444083][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 81.539380][ T334] device bridge_slave_1 left promiscuous mode [ 81.546511][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.557245][ T334] device bridge_slave_0 left promiscuous mode [ 81.563374][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.571700][ T334] device veth1_macvtap left promiscuous mode [ 81.577692][ T334] device veth0_vlan left promiscuous mode [ 82.008330][ T28] audit: type=1400 audit(1718677645.140:17818): avc: denied { mount } for pid=3045 comm="syz-executor.3" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 82.033846][ T3046] loop3: detected capacity change from 0 to 512 [ 82.041258][ T28] audit: type=1400 audit(1718677645.180:17819): avc: denied { mounton } for pid=3045 comm="syz-executor.3" path="/root/syzkaller-testdir3730915536/syzkaller.sNHOjI/85/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 82.085940][ T3046] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 82.094968][ T3046] ext4 filesystem being mounted at /root/syzkaller-testdir3730915536/syzkaller.sNHOjI/85/file0 supports timestamps until 2038 (0x7fffffff) [ 82.115056][ T2064] EXT4-fs (loop3): unmounting filesystem. [ 82.208650][ T3064] loop1: detected capacity change from 0 to 256 [ 82.216135][ T3064] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 82.288468][ T331] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 82.367355][ T3082] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.376039][ T3082] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.383653][ T3082] device bridge_slave_0 entered promiscuous mode [ 82.398201][ T3082] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.406154][ T3082] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.414443][ T3082] device bridge_slave_1 entered promiscuous mode [ 82.423955][ T3068] loop1: detected capacity change from 0 to 512 [ 82.435628][ T3095] loop4: detected capacity change from 0 to 256 [ 82.442103][ T3068] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 82.450547][ T3068] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 82.451125][ T3095] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 82.460618][ T3068] EXT4-fs error (device loop1): __ext4_get_inode_loc:4497: comm syz-executor.1: Invalid inode table block 0 in block_group 0 [ 82.485950][ T3068] EXT4-fs (loop1): get root inode failed [ 82.491812][ T3068] EXT4-fs (loop1): mount failed [ 82.537785][ T3082] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.544782][ T3082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.551995][ T3082] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.558866][ T3082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.579520][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.588879][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.595996][ T3101] Bluetooth: hci0: Frame reassembly failed (-84) [ 82.603422][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 82.629515][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.636815][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.645092][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.653493][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.658883][ T331] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.661803][ T925] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.678378][ T925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.678463][ T331] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 82.696538][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.704795][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.712863][ T925] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.719703][ T925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.727178][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.735009][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.742749][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.750735][ T925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.763921][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.768570][ T331] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 82.772130][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.780897][ T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 82.793133][ T3082] device veth0_vlan entered promiscuous mode [ 82.796510][ T331] usb 3-1: SerialNumber: syz [ 82.803602][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.814366][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.822462][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.830307][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.842792][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.851085][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.860261][ T3082] device veth1_macvtap entered promiscuous mode [ 82.871542][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 82.879043][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 82.887207][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 82.895318][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 82.903682][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 82.911619][ T925] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 82.954532][ T3109] loop3: detected capacity change from 0 to 512 [ 82.961801][ T3109] EXT4-fs (loop3): orphan cleanup on readonly fs [ 82.968812][ T3109] EXT4-fs (loop3): 1 truncate cleaned up [ 82.974920][ T3109] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 82.984088][ T3109] EXT4-fs (loop3): unmounting filesystem. [ 83.079108][ T331] usb 3-1: invalid UAC_HEADER (v1) [ 83.085226][ T331] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 83.093768][ T331] usb 3-1: USB disconnect, device number 10 [ 83.229505][ T334] device bridge_slave_1 left promiscuous mode [ 83.235469][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.243048][ T334] device bridge_slave_0 left promiscuous mode [ 83.249399][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.257380][ T334] device veth1_macvtap left promiscuous mode [ 83.265893][ T334] device veth0_vlan left promiscuous mode [ 83.328633][ T925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.342963][ T925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.352864][ T925] usb 5-1: New USB device found, idVendor=06a3, idProduct=0cfa, bcdDevice= 0.00 [ 83.361756][ T925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.373635][ T925] usb 5-1: config 0 descriptor?? [ 83.560926][ T3137] loop2: detected capacity change from 0 to 512 [ 83.568978][ T3137] EXT4-fs (loop2): orphan cleanup on readonly fs [ 83.575827][ T3137] EXT4-fs (loop2): 1 truncate cleaned up [ 83.586005][ T331] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 83.598593][ T3137] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 83.608204][ T3137] EXT4-fs (loop2): unmounting filesystem. [ 83.849327][ T925] saitek 0003:06A3:0CFA.000D: unknown main item tag 0x0 [ 83.860285][ T925] saitek 0003:06A3:0CFA.000D: hidraw0: USB HID v0.00 Device [HID 06a3:0cfa] on usb-dummy_hcd.4-1/input0 [ 83.888584][ T3135] loop3: detected capacity change from 0 to 131072 [ 83.895729][ T3135] F2FS-fs (loop3): QUOTA feature is enabled, so ignore qf_name [ 83.904178][ T3135] F2FS-fs (loop3): invalid crc value [ 83.911005][ T3135] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 83.932792][ T3135] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 83.948536][ T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.959493][ T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.969149][ T331] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 83.978089][ T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.986280][ T331] usb 1-1: config 0 descriptor?? [ 84.049643][ T60] usb 5-1: USB disconnect, device number 5 [ 84.148483][ T342] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 84.618826][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 84.618927][ T28] audit: type=1326 audit(1718677647.730:17857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.684978][ T331] arvo 0003:1E7D:30D4.000E: unknown main item tag 0x0 [ 84.691823][ T3103] Bluetooth: hci0: command 0x1003 tx timeout [ 84.697679][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 84.706453][ T331] arvo 0003:1E7D:30D4.000E: item fetching failed at offset 5/7 [ 84.713927][ T3166] loop1: detected capacity change from 0 to 128 [ 84.714135][ T331] arvo 0003:1E7D:30D4.000E: parse failed [ 84.724124][ T28] audit: type=1326 audit(1718677647.750:17858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.725456][ T331] arvo: probe of 0003:1E7D:30D4.000E failed with error -22 [ 84.756386][ T342] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.768365][ T331] usb 1-1: USB disconnect, device number 6 [ 84.774090][ T342] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 84.784446][ T342] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.792921][ T342] usb 3-1: config 0 descriptor?? [ 84.798821][ T28] audit: type=1326 audit(1718677647.860:17859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.823856][ T28] audit: type=1326 audit(1718677647.940:17860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.847901][ T28] audit: type=1326 audit(1718677647.960:17861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.871812][ T28] audit: type=1326 audit(1718677647.960:17862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.895603][ T28] audit: type=1326 audit(1718677647.960:17863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.919948][ T28] audit: type=1326 audit(1718677647.960:17864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cd6c7cc8b code=0x7ffc0000 [ 84.945478][ T28] audit: type=1326 audit(1718677647.980:17865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f7cd6ca8335 code=0x7ffc0000 [ 85.008574][ T925] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 85.056305][ T28] audit: type=1326 audit(1718677648.180:17866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3152 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 85.297221][ T3177] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 85.308159][ T342] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor [ 85.458734][ T925] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 85.470042][ T925] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 85.545296][ T342] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.000F/input/input13 [ 85.570276][ T3183] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 85.630933][ T342] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 85.640139][ T925] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 85.663694][ T925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 85.671582][ T925] usb 5-1: SerialNumber: syz [ 85.717663][ T342] usb 3-1: USB disconnect, device number 11 [ 85.988911][ T925] usb 5-1: invalid UAC_HEADER (v1) [ 85.994965][ T925] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 86.002318][ T925] usb 5-1: USB disconnect, device number 6 [ 86.118613][ T6] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 86.461989][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 86.479436][ T3210] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 86.554316][ T3213] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 86.578723][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.578754][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.578782][ T6] usb 2-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 86.578803][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.579375][ T6] usb 2-1: config 0 descriptor?? [ 86.688561][ T925] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 86.968523][ T342] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 87.320349][ T925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.332805][ T925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.342590][ T925] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 87.351518][ T925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.358558][ T6] usb 2-1: string descriptor 0 read error: -71 [ 87.361942][ T925] usb 3-1: config 0 descriptor?? [ 87.459171][ T6] usbhid 2-1:0.0: can't add hid device: -71 [ 87.464968][ T6] usbhid: probe of 2-1:0.0 failed with error -71 [ 87.471902][ T6] usb 2-1: USB disconnect, device number 9 [ 87.578544][ T342] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.589407][ T342] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 87.598220][ T342] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.606513][ T342] usb 1-1: config 0 descriptor?? [ 87.829292][ T925] arvo 0003:1E7D:30D4.0010: unknown main item tag 0x0 [ 87.836021][ T925] arvo 0003:1E7D:30D4.0010: item fetching failed at offset 5/7 [ 87.844102][ T925] arvo 0003:1E7D:30D4.0010: parse failed [ 87.849975][ T925] arvo: probe of 0003:1E7D:30D4.0010 failed with error -22 [ 87.957805][ T3247] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 88.033513][ T1230] usb 3-1: USB disconnect, device number 12 [ 88.089355][ T342] keytouch 0003:0926:3333.0011: fixing up Keytouch IEC report descriptor [ 88.098602][ T342] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0011/input/input14 [ 88.128610][ T925] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 88.180070][ T342] keytouch 0003:0926:3333.0011: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 88.388531][ T39] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 88.495914][ T24] usb 1-1: USB disconnect, device number 7 [ 88.501880][ T925] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 88.512260][ T925] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 88.598553][ T925] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 88.607929][ T925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 88.616803][ T925] usb 2-1: SerialNumber: syz [ 88.989318][ T925] usb 2-1: invalid UAC_HEADER (v1) [ 88.995162][ T925] snd-usb-audio: probe of 2-1:1.0 failed with error -22 [ 89.002352][ T925] usb 2-1: USB disconnect, device number 10 [ 89.008517][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.019505][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.029174][ T39] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 89.038006][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.046438][ T39] usb 4-1: config 0 descriptor?? [ 89.520329][ T39] logitech-hidpp-device 0003:046D:C086.0012: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.3-1/input0 [ 89.720314][ T1230] usb 4-1: USB disconnect, device number 8 [ 90.506380][ T3337] loop3: detected capacity change from 0 to 128 [ 90.561863][ T3313] loop1: detected capacity change from 0 to 131072 [ 90.570534][ T3313] F2FS-fs (loop1): QUOTA feature is enabled, so ignore qf_name [ 90.586352][ T3313] F2FS-fs (loop1): invalid crc value [ 90.593545][ T3313] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 90.630564][ T3313] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 90.747708][ T3349] xt_socket: unknown flags 0x50 [ 90.918868][ T3356] loop2: detected capacity change from 0 to 16 [ 90.925734][ T3356] erofs: (device loop2): mounted with root inode @ nid 36. [ 90.934193][ T3356] syz-executor.2: attempt to access beyond end of device [ 90.934193][ T3356] loop2: rw=0, sector=8, nr_sectors = 32 limit=16 [ 91.238522][ T1230] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 91.277681][ T3386] loop1: detected capacity change from 0 to 1024 [ 91.294186][ T3386] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 91.302746][ T3386] ext4 filesystem being mounted at /root/syzkaller-testdir756456637/syzkaller.LrQWTj/116/file0 supports timestamps until 2038 (0x7fffffff) [ 91.388445][ T3401] input: syz1 as /devices/virtual/input/input15 [ 91.521553][ T28] kauditd_printk_skb: 107 callbacks suppressed [ 91.521568][ T28] audit: type=1400 audit(1718677654.660:17974): avc: denied { shutdown } for pid=3412 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 91.540295][ T3405] loop0: detected capacity change from 0 to 40427 [ 91.556127][ T3405] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 91.563784][ T3405] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 91.573756][ T3405] F2FS-fs (loop0): Found nat_bits in checkpoint [ 91.596702][ T3405] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 91.603725][ T3405] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 91.619615][ T28] audit: type=1400 audit(1718677654.760:17975): avc: denied { execute } for pid=3404 comm="syz-executor.0" path="/root/syzkaller-testdir359547398/syzkaller.nOlxCF/293/bus/bus" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 91.647118][ T1230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.657917][ T1230] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.667734][ T1230] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 91.676704][ T1230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.685246][ T1230] usb 3-1: config 0 descriptor?? [ 91.691103][ T43] kworker/u4:2: attempt to access beyond end of device [ 91.691103][ T43] loop0: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 91.873649][ T3427] loop0: detected capacity change from 0 to 40427 [ 91.880663][ T3427] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 91.888348][ T3427] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 91.890318][ T3434] syz-executor.3[3434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.896550][ T3434] syz-executor.3[3434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.897158][ T3427] F2FS-fs (loop0): invalid crc value [ 91.925795][ T3427] F2FS-fs (loop0): Found nat_bits in checkpoint [ 91.957541][ T3427] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 91.964532][ T3427] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 92.147731][ T28] audit: type=1400 audit(1718677655.280:17976): avc: denied { mounton } for pid=3426 comm="syz-executor.0" path="/root/syzkaller-testdir359547398/syzkaller.nOlxCF/294/bus/bus" dev="loop0" ino=456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 92.175245][ T3446] overlayfs: missing 'lowerdir' [ 92.190594][ T1230] logitech-hidpp-device 0003:046D:C086.0013: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.2-1/input0 [ 92.235470][ T1757] EXT4-fs (loop1): unmounting filesystem. [ 92.406910][ T1230] usb 3-1: USB disconnect, device number 13 [ 92.839288][ T334] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 92.848933][ T334] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 93.075901][ T28] audit: type=1400 audit(1718677656.210:17977): avc: denied { map } for pid=3460 comm="syz-executor.2" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 93.477463][ T3476] xt_socket: unknown flags 0x50 [ 93.539728][ T3485] input: syz1 as /devices/virtual/input/input16 [ 93.588468][ T39] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 93.799700][ T3495] loop0: detected capacity change from 0 to 40427 [ 93.809365][ T3495] F2FS-fs (loop0): invalid crc value [ 93.816460][ T3495] F2FS-fs (loop0): Found nat_bits in checkpoint [ 93.928530][ T3495] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 93.952064][ T314] syz-executor.0: attempt to access beyond end of device [ 93.952064][ T314] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 94.227090][ T39] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.237365][ T39] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 94.288013][ T3505] xt_socket: unknown flags 0x50 [ 94.318524][ T39] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 94.327390][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 94.335825][ T39] usb 2-1: SerialNumber: syz [ 94.354425][ T3515] input: syz1 as /devices/virtual/input/input17 [ 94.441502][ T3507] loop3: detected capacity change from 0 to 40427 [ 94.448467][ T3507] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 94.456052][ T3507] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 94.466072][ T3507] F2FS-fs (loop3): Found nat_bits in checkpoint [ 94.489588][ T3507] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 94.496495][ T3507] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 94.800028][ T39] usb 2-1: invalid UAC_HEADER (v1) [ 94.806775][ T39] snd-usb-audio: probe of 2-1:1.0 failed with error -22 [ 94.821842][ T39] usb 2-1: USB disconnect, device number 11 [ 94.822288][ T43] kworker/u4:2: attempt to access beyond end of device [ 94.822288][ T43] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 94.835829][ T3529] Bluetooth: hci0: Frame reassembly failed (-84) [ 94.847374][ T456] Bluetooth: hci0: Frame reassembly failed (-84) [ 94.853602][ T456] Bluetooth: hci0: Frame reassembly failed (-84) [ 95.262625][ T3537] loop0: detected capacity change from 0 to 512 [ 95.269527][ T3537] EXT4-fs: Ignoring removed mblk_io_submit option [ 95.275874][ T3537] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.282869][ T3537] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.295188][ T3537] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0002] [ 95.303172][ T3537] System zones: 1-12 [ 95.307917][ T3537] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 95.321561][ T3537] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag [ 95.333624][ T3537] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 95.346341][ T3537] EXT4-fs (loop0): 1 orphan inode deleted [ 95.351912][ T3537] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 95.353621][ T28] audit: type=1400 audit(1718677658.490:17978): avc: denied { mounton } for pid=3536 comm="syz-executor.0" path="/root/syzkaller-testdir359547398/syzkaller.nOlxCF/312/file0/file0" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 95.392650][ T314] EXT4-fs (loop0): unmounting filesystem. [ 95.408383][ T3551] device pim6reg1 entered promiscuous mode [ 95.530039][ T3564] serio: Serial port pts1 [ 95.710619][ T3569] loop0: detected capacity change from 0 to 1024 [ 95.730370][ T3569] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 95.738692][ T3569] ext4 filesystem being mounted at /root/syzkaller-testdir359547398/syzkaller.nOlxCF/317/file0 supports timestamps until 2038 (0x7fffffff) [ 95.847518][ T3580] syz-executor.3[3580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.847595][ T3580] syz-executor.3[3580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.941397][ T3584] loop3: detected capacity change from 0 to 512 [ 95.961227][ T3584] EXT4-fs: Ignoring removed mblk_io_submit option [ 95.967599][ T3584] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.974336][ T3584] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.986568][ T3584] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a064e01c, mo2=0002] [ 95.994569][ T3584] System zones: 1-12 [ 95.998799][ T3584] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 96.011917][ T3584] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: missing EA_INODE flag [ 96.024476][ T3584] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 96.037366][ T3584] EXT4-fs (loop3): 1 orphan inode deleted [ 96.043071][ T3584] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 96.058876][ T3082] EXT4-fs (loop3): unmounting filesystem. [ 96.107899][ T3591] device pim6reg1 entered promiscuous mode [ 96.282087][ T3595] loop3: detected capacity change from 0 to 40427 [ 96.289324][ T3595] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 96.297225][ T3595] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 96.307517][ T3595] F2FS-fs (loop3): Found nat_bits in checkpoint [ 96.341329][ T3604] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 96.343029][ T3595] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 96.357378][ T3595] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 96.387003][ T10] kworker/u4:1: attempt to access beyond end of device [ 96.387003][ T10] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 96.526440][ T3619] device pim6reg1 entered promiscuous mode [ 96.572311][ T3611] loop1: detected capacity change from 0 to 40427 [ 96.579797][ T3611] F2FS-fs (loop1): invalid crc value [ 96.586389][ T3611] F2FS-fs (loop1): Found nat_bits in checkpoint [ 96.616269][ T3611] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 96.639726][ T1757] syz-executor.1: attempt to access beyond end of device [ 96.639726][ T1757] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 96.704857][ T314] EXT4-fs (loop0): unmounting filesystem. [ 96.722798][ T3634] loop0: detected capacity change from 0 to 512 [ 96.723200][ T3637] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3637 comm=syz-executor.3 [ 96.742902][ T3634] EXT4-fs: Ignoring removed orlov option [ 96.748684][ T3634] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 96.769043][ T3634] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002] [ 96.776819][ T3634] System zones: 1-12 [ 96.787782][ T3637] loop3: detected capacity change from 0 to 512 [ 96.794482][ T3634] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 96.816414][ T3634] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag [ 96.829249][ T3637] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 96.842957][ T3634] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 96.862938][ T3634] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag [ 96.884099][ T3637] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 96.897058][ T3634] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 96.910621][ T3103] Bluetooth: hci0: command 0x1003 tx timeout [ 96.916460][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 96.924162][ T3634] EXT4-fs (loop0): 1 orphan inode deleted [ 96.929783][ T3634] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 96.952558][ T314] EXT4-fs (loop0): unmounting filesystem. [ 96.996562][ T3637] loop3: detected capacity change from 0 to 512 [ 97.008205][ T3637] EXT4-fs (loop3): orphan cleanup on readonly fs [ 97.014668][ T3637] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #3: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 97.045348][ T3658] loop0: detected capacity change from 0 to 1024 [ 97.051788][ T3637] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 3, type: 0 [ 97.135035][ T3637] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 97.149869][ T3637] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 97.156415][ T3637] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 97.169366][ T3658] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 97.180243][ T3658] ext4 filesystem being mounted at /root/syzkaller-testdir359547398/syzkaller.nOlxCF/320/file0 supports timestamps until 2038 (0x7fffffff) [ 97.534404][ T3637] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 97.561302][ T3677] loop1: detected capacity change from 0 to 128 [ 97.622203][ T3637] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #3: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 97.640671][ T3637] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 3, type: 0 [ 97.652146][ T3637] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 97.930993][ T3082] EXT4-fs (loop3): unmounting filesystem. [ 97.953092][ T3683] loop3: detected capacity change from 0 to 512 [ 97.960370][ T3683] EXT4-fs: Ignoring removed orlov option [ 97.966151][ T3683] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.979222][ T3683] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002] [ 97.987036][ T3683] System zones: 1-12 [ 97.991321][ T3683] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 98.005025][ T3683] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: missing EA_INODE flag [ 98.018117][ T3683] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 98.031209][ T3683] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: missing EA_INODE flag [ 98.043359][ T3683] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 98.058166][ T314] EXT4-fs (loop0): unmounting filesystem. [ 98.065187][ T3683] EXT4-fs (loop3): 1 orphan inode deleted [ 98.071320][ T3683] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 98.094044][ T3082] EXT4-fs (loop3): unmounting filesystem. [ 98.215632][ T28] audit: type=1326 audit(1718677661.350:17979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 98.789975][ T28] audit: type=1326 audit(1718677661.350:17980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 98.806121][ T3714] loop1: detected capacity change from 0 to 256 [ 98.825699][ T28] audit: type=1326 audit(1718677661.360:17981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 98.865889][ T28] audit: type=1326 audit(1718677661.360:17982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 98.892070][ T3714] loop1: detected capacity change from 256 to 0 [ 98.898709][ C0] I/O error, dev loop1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.907819][ T3717] FAT-fs (loop1): FAT read failed (blocknr 1) [ 98.913916][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.923056][ T3717] FAT-fs (loop1): unable to read inode block for updating (i_pos 203) [ 98.931302][ T28] audit: type=1326 audit(1718677661.380:17983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 98.959298][ T28] audit: type=1326 audit(1718677661.990:17984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cd6c7cf29 code=0x7ffc0000 [ 98.983569][ T28] audit: type=1326 audit(1718677661.990:17985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7cd6c7a6a7 code=0x7ffc0000 [ 99.007933][ T28] audit: type=1326 audit(1718677661.990:17986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7cd6c40379 code=0x7ffc0000 [ 99.012623][ T3704] loop3: detected capacity change from 0 to 40427 [ 99.039006][ T3704] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 99.051966][ T3704] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 99.062163][ T3719] loop0: detected capacity change from 0 to 256 [ 99.111272][ T28] audit: type=1326 audit(1718677661.990:17987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7cd6c7a6a7 code=0x7ffc0000 [ 99.140131][ T28] audit: type=1326 audit(1718677661.990:17988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7cd6c40379 code=0x7ffc0000 [ 99.159072][ T3704] F2FS-fs (loop3): Found nat_bits in checkpoint [ 99.199718][ T3704] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 99.208960][ T3704] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 99.212288][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 99.228806][ T1757] FAT-fs (loop1): Directory bread(block 3) failed [ 99.237330][ T3082] syz-executor.3: attempt to access beyond end of device [ 99.237330][ T3082] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 99.259695][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 99.268760][ T1757] FAT-fs (loop1): unable to read boot sector to mark fs as dirty [ 99.651740][ T3737] syz-executor.3[3737] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 99.651813][ T3737] syz-executor.3[3737] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 99.723983][ T3740] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.742425][ T3740] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.750008][ T3740] device bridge_slave_0 entered promiscuous mode [ 99.757015][ T3740] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.764025][ T3740] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.771380][ T3740] device bridge_slave_1 entered promiscuous mode [ 99.828924][ T3740] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.835806][ T3740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.842882][ T3740] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.849689][ T3740] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.864953][ T3753] loop3: detected capacity change from 0 to 256 [ 99.877389][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.884845][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.892182][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.900978][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.909161][ T3753] loop3: detected capacity change from 256 to 0 [ 99.915396][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.916573][ C1] I/O error, dev loop3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 99.922254][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.931276][ T3753] FAT-fs (loop3): FAT read failed (blocknr 1) [ 99.944576][ C1] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 99.953676][ T3753] FAT-fs (loop3): unable to read inode block for updating (i_pos 203) [ 99.965587][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.973704][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.980568][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.991820][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.001859][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.018800][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 100.028952][ T3740] device veth0_vlan entered promiscuous mode [ 100.036995][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 100.045406][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 100.053088][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 100.064670][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 100.069525][ T3755] loop0: detected capacity change from 0 to 2048 [ 100.074219][ T3740] device veth1_macvtap entered promiscuous mode [ 100.089496][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 100.110059][ T3755] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 100.123483][ T3755] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 100.139964][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 100.148222][ T3755] EXT4-fs (loop0): Remounting filesystem read-only [ 100.159897][ T314] EXT4-fs (loop0): unmounting filesystem. [ 100.177975][ T3762] loop0: detected capacity change from 0 to 512 [ 100.192197][ C1] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 100.201400][ T3082] FAT-fs (loop3): Directory bread(block 3) failed [ 100.212637][ T3762] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 100.223221][ T3762] ext4 filesystem being mounted at /root/syzkaller-testdir359547398/syzkaller.nOlxCF/327/file0 supports timestamps until 2038 (0x7fffffff) [ 100.225850][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 100.246313][ T3082] FAT-fs (loop3): unable to read boot sector to mark fs as dirty [ 100.278629][ T314] EXT4-fs (loop0): unmounting filesystem. [ 100.320614][ T10] tipc: Disabling bearer [ 100.325928][ T10] tipc: Left network mode [ 100.452842][ T3785] loop2: detected capacity change from 0 to 2048 [ 100.479602][ T3785] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 100.530121][ T3788] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.537109][ T3788] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.545051][ T3788] device bridge_slave_0 entered promiscuous mode [ 100.554780][ T3788] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.561792][ T3788] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.569177][ T3788] device bridge_slave_1 entered promiscuous mode [ 100.612720][ T3788] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.619593][ T3788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.626653][ T3788] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.633482][ T3788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.816674][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.828324][ T1230] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.836609][ T1230] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.868665][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.876862][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.883742][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.890942][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.898951][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.905873][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.919150][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.926923][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.944958][ T3788] device veth0_vlan entered promiscuous mode [ 100.951239][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 100.959434][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 100.967128][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 100.974319][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 100.985913][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 100.995166][ T3788] device veth1_macvtap entered promiscuous mode [ 101.002761][ T10] device bridge_slave_1 left promiscuous mode [ 101.008786][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.016042][ T10] device bridge_slave_0 left promiscuous mode [ 101.022134][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.029616][ T10] device veth1_macvtap left promiscuous mode [ 101.035434][ T10] device veth0_vlan left promiscuous mode [ 101.096883][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.106358][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.165002][ T3797] loop3: detected capacity change from 0 to 2048 [ 101.180490][ T3797] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 101.185174][ T3801] loop1: detected capacity change from 0 to 256 [ 101.193015][ T3797] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 101.210886][ T3797] EXT4-fs (loop3): Remounting filesystem read-only [ 101.229142][ T3788] EXT4-fs (loop3): unmounting filesystem. [ 101.244735][ T3805] loop0: detected capacity change from 0 to 512 [ 101.260009][ T3805] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 101.269177][ T3801] loop1: detected capacity change from 256 to 0 [ 101.269775][ C0] I/O error, dev loop1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.275752][ T3805] ext4 filesystem being mounted at /root/syzkaller-testdir359547398/syzkaller.nOlxCF/331/file0 supports timestamps until 2038 (0x7fffffff) [ 101.284665][ T3801] FAT-fs (loop1): FAT read failed (blocknr 1) [ 101.310499][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.320970][ T3801] FAT-fs (loop1): unable to read inode block for updating (i_pos 203) [ 101.351681][ T2711] EXT4-fs (loop2): unmounting filesystem. [ 101.372102][ T6] kernel write not supported for file bpf-prog (pid: 6 comm: kworker/0:0) [ 101.386906][ T314] EXT4-fs (loop0): unmounting filesystem. [ 101.502005][ T3831] loop2: detected capacity change from 0 to 2048 [ 101.524280][ T3831] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 101.536429][ T3831] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 101.550710][ T3841] loop0: detected capacity change from 0 to 2048 [ 101.552218][ T3831] EXT4-fs (loop2): Remounting filesystem read-only [ 101.570060][ T3841] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 101.579169][ T2711] EXT4-fs (loop2): unmounting filesystem. [ 101.594228][ T3740] FAT-fs (loop1): Directory bread(block 3) failed [ 101.603744][ T3740] FAT-fs (loop1): unable to read boot sector to mark fs as dirty [ 101.631159][ T6] kernel write not supported for file bpf-prog (pid: 6 comm: kworker/0:0) [ 101.661062][ T3851] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 101.692777][ T3853] loop2: detected capacity change from 0 to 1024 [ 101.927048][ T3853] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c118, mo2=0002] [ 101.955984][ T3853] System zones: 0-1, 3-12 [ 101.966241][ T3853] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 101.979120][ T10] device bridge_slave_1 left promiscuous mode [ 101.985164][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.992918][ T10] device bridge_slave_0 left promiscuous mode [ 101.999321][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.000050][ T2711] EXT4-fs (loop2): unmounting filesystem. [ 102.012549][ T10] device veth1_macvtap left promiscuous mode [ 102.018692][ T10] device veth0_vlan left promiscuous mode [ 102.074760][ T3868] loop2: detected capacity change from 0 to 2048 [ 102.089968][ T3868] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 102.101916][ T3868] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 102.116974][ T3868] EXT4-fs (loop2): Remounting filesystem read-only [ 102.127080][ T2711] EXT4-fs (loop2): unmounting filesystem. [ 102.142980][ T3872] loop2: detected capacity change from 0 to 256 [ 102.170184][ T3862] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.177064][ T3862] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.184668][ T3862] device bridge_slave_0 entered promiscuous mode [ 102.186294][ T3872] loop2: detected capacity change from 256 to 0 [ 102.192023][ T3862] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.203897][ T3862] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.206370][ T3872] FAT-fs (loop2): FAT read failed (blocknr 1) [ 102.211281][ T3862] device bridge_slave_1 entered promiscuous mode [ 102.216861][ T3872] FAT-fs (loop2): unable to read inode block for updating (i_pos 203) [ 102.273603][ T6] kernel write not supported for file bpf-prog (pid: 6 comm: kworker/0:0) [ 102.296116][ T3881] loop3: detected capacity change from 0 to 512 [ 102.302083][ T3862] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.309097][ T3862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.316130][ T3862] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.322955][ T3862] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.329952][ T3881] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 102.330026][ T3881] ext4 filesystem being mounted at /root/syzkaller-testdir1815371363/syzkaller.rl2DEy/10/file0 supports timestamps until 2038 (0x7fffffff) [ 102.352961][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.360542][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.384662][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.393392][ T3788] EXT4-fs (loop3): unmounting filesystem. [ 102.412311][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.422469][ T314] EXT4-fs (loop0): unmounting filesystem. [ 102.428200][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.436811][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.444832][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.451704][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.459508][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.467712][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.476085][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.483059][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.493452][ T2711] FAT-fs (loop2): Directory bread(block 3) failed [ 102.504128][ T2711] FAT-fs (loop2): unable to read boot sector to mark fs as dirty [ 102.515809][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.524494][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.533376][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.541399][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.549357][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 102.558947][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.571769][ T3862] device veth0_vlan entered promiscuous mode [ 102.573075][ T3893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3893 comm=syz-executor.0 [ 102.595987][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 102.608753][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.622968][ T3862] device veth1_macvtap entered promiscuous mode [ 102.634015][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.646774][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.658604][ T3893] loop0: detected capacity change from 0 to 512 [ 102.666046][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 102.673954][ T3893] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 102.692879][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 102.700979][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.708569][ T3893] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal [ 102.728726][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.746971][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.771587][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.788896][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.834331][ T3893] loop0: detected capacity change from 0 to 512 [ 102.866253][ T3893] EXT4-fs (loop0): orphan cleanup on readonly fs [ 102.898774][ T3893] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz-executor.0: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 102.937943][ T3893] EXT4-fs error (device loop0): ext4_quota_enable:6946: comm syz-executor.0: Bad quota inode: 3, type: 0 [ 102.949468][ T3893] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 102.964900][ T3893] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 102.971786][ T3893] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 103.007400][ T3912] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.030324][ T3912] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.037630][ T3912] device bridge_slave_0 entered promiscuous mode [ 103.049105][ T3912] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.056396][ T3912] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.065059][ T3893] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 103.074820][ T3912] device bridge_slave_1 entered promiscuous mode [ 103.102550][ T3893] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz-executor.0: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 103.151513][ T3938] loop3: detected capacity change from 0 to 1024 [ 103.167985][ T3893] EXT4-fs error (device loop0): ext4_quota_enable:6946: comm syz-executor.0: Bad quota inode: 3, type: 0 [ 103.192287][ T3893] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 103.207439][ T3912] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.207849][ T3938] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a002c118, mo2=0002] [ 103.214330][ T3912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.214423][ T3912] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.222448][ T3938] System zones: [ 103.229373][ T3912] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.247135][ T3938] 0-1, 3-12 [ 103.250593][ T3938] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 103.276470][ T3788] EXT4-fs (loop3): unmounting filesystem. [ 103.277554][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.289586][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.297010][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.311231][ T342] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 103.319139][ T314] EXT4-fs (loop0): unmounting filesystem. [ 103.326663][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.335756][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.342612][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.349900][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.358265][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.365115][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.380013][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 103.387885][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 103.395843][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 103.403754][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 103.635782][ T10] device bridge_slave_1 left promiscuous mode [ 103.641957][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.649030][ T3948] loop3: detected capacity change from 0 to 512 [ 103.656871][ T3948] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 103.665299][ T10] device bridge_slave_0 left promiscuous mode [ 103.665614][ T3948] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6 [ 103.671552][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.687815][ T10] device veth1_macvtap left promiscuous mode [ 103.694025][ T10] device veth0_vlan left promiscuous mode [ 103.771776][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 103.780615][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 103.793261][ T3912] device veth0_vlan entered promiscuous mode [ 103.804130][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.812482][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.820776][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.827986][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 103.838879][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 103.846887][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 103.855879][ T3912] device veth1_macvtap entered promiscuous mode [ 103.866228][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 103.868572][ T342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.873835][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 103.884199][ T342] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.892510][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 103.908776][ T342] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 103.918928][ T342] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.927511][ T342] usb 2-1: config 0 descriptor?? [ 103.928505][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 103.940581][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 103.984093][ T3955] loop2: detected capacity change from 0 to 512 [ 104.009961][ T3955] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 104.019022][ T3955] ext4 filesystem being mounted at /root/syzkaller-testdir3783543786/syzkaller.qvhKlZ/0/file0 supports timestamps until 2038 (0x7fffffff) [ 104.047141][ T3912] EXT4-fs (loop2): unmounting filesystem. [ 104.118512][ T39] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 104.428823][ T28] kauditd_printk_skb: 68 callbacks suppressed [ 104.428838][ T28] audit: type=1400 audit(1718677667.570:18057): avc: denied { ioctl } for pid=3968 comm="syz-executor.0" path="socket:[32540]" dev="sockfs" ino=32540 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 104.461811][ T3969] device lo entered promiscuous mode [ 104.467558][ T3968] device lo left promiscuous mode [ 104.479835][ T342] uclogic 0003:5543:0781.0014: unknown main item tag 0x0 [ 104.487260][ T342] uclogic 0003:5543:0781.0014: unknown main item tag 0x0 [ 104.496572][ T342] uclogic 0003:5543:0781.0014: unknown main item tag 0x0 [ 104.503806][ T342] uclogic 0003:5543:0781.0014: unknown main item tag 0x0 [ 104.510742][ T342] uclogic 0003:5543:0781.0014: unknown main item tag 0x0 [ 104.517797][ T342] uclogic 0003:5543:0781.0014: No inputs registered, leaving [ 104.525443][ T342] uclogic 0003:5543:0781.0014: hidraw0: USB HID v0.00 Device [HID 5543:0781] on usb-dummy_hcd.1-1/input0 [ 104.538533][ T39] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 104.547273][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.558171][ T39] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 104.570992][ T39] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 104.579920][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.588622][ T39] usb 4-1: config 0 descriptor?? [ 104.595884][ T3977] loop0: detected capacity change from 0 to 512 [ 104.603169][ T3977] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 104.684524][ T925] usb 2-1: USB disconnect, device number 12 [ 104.729352][ T10] device bridge_slave_1 left promiscuous mode [ 104.735604][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.743479][ T10] device bridge_slave_0 left promiscuous mode [ 104.749580][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.757225][ T10] device veth1_macvtap left promiscuous mode [ 104.763160][ T10] device veth0_vlan left promiscuous mode [ 104.912216][ T3982] loop0: detected capacity change from 0 to 1024 [ 104.918878][ T3982] EXT4-fs: Ignoring removed oldalloc option [ 104.924859][ T3982] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 104.934482][ T3982] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 104.943513][ T3982] EXT4-fs (loop0): orphan cleanup on readonly fs [ 104.949910][ T3982] EXT4-fs error (device loop0): ext4_free_blocks:6197: comm syz-executor.0: Freeing blocks not in datazone - block = 0, count = 4096 [ 104.963708][ T3982] EXT4-fs (loop0): Remounting filesystem read-only [ 104.970278][ T3982] EXT4-fs (loop0): 1 orphan inode deleted [ 104.975826][ T3982] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 104.995982][ T314] EXT4-fs (loop0): unmounting filesystem. [ 105.079097][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.086682][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.094178][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.101607][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.108957][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.116154][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.123586][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.131053][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.138312][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.145657][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.153000][ T39] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 105.161230][ T39] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 105.291655][ T39] plantronics 0003:047F:FFFF.0015: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 105.376553][ T4012] loop1: detected capacity change from 0 to 256 [ 105.389377][ T4012] FAT-fs (loop1): Directory bread(block 64) failed [ 105.395710][ T4012] FAT-fs (loop1): Directory bread(block 65) failed [ 105.399154][ T39] usb 4-1: USB disconnect, device number 9 [ 105.402415][ T4012] FAT-fs (loop1): Directory bread(block 66) failed [ 105.414127][ T4012] FAT-fs (loop1): Directory bread(block 67) failed [ 105.421008][ T4012] FAT-fs (loop1): Directory bread(block 68) failed [ 105.427592][ T4012] FAT-fs (loop1): Directory bread(block 69) failed [ 105.434532][ T4012] FAT-fs (loop1): Directory bread(block 70) failed [ 105.441242][ T4012] FAT-fs (loop1): Directory bread(block 71) failed [ 105.447704][ T4012] FAT-fs (loop1): Directory bread(block 72) failed [ 105.454621][ T4012] FAT-fs (loop1): Directory bread(block 73) failed [ 105.677666][ T43] kworker/u4:2: attempt to access beyond end of device [ 105.677666][ T43] loop1: rw=1, sector=1224, nr_sectors = 32 limit=256 [ 105.691275][ T43] kworker/u4:2: attempt to access beyond end of device [ 105.691275][ T43] loop1: rw=1, sector=1288, nr_sectors = 96 limit=256 [ 105.720536][ T4020] loop1: detected capacity change from 0 to 1024 [ 105.727084][ T4020] EXT4-fs: Ignoring removed oldalloc option [ 105.733179][ T4020] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 105.742413][ T4020] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 105.750633][ T4020] EXT4-fs (loop1): orphan cleanup on readonly fs [ 105.757064][ T4020] EXT4-fs error (device loop1): ext4_free_blocks:6197: comm syz-executor.1: Freeing blocks not in datazone - block = 0, count = 4096 [ 105.770788][ T4020] EXT4-fs (loop1): Remounting filesystem read-only [ 105.777215][ T4020] EXT4-fs (loop1): 1 orphan inode deleted [ 105.782734][ T4020] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 105.797633][ T3862] EXT4-fs (loop1): unmounting filesystem. [ 105.896141][ T4031] loop2: detected capacity change from 0 to 256 [ 105.907275][ T4031] incfs: Can't find or create .incomplete dir in ./file0 [ 105.914451][ T4031] incfs: mount failed -28 [ 106.003607][ T4046] loop2: detected capacity change from 0 to 512 [ 106.010387][ T4046] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 106.298544][ T925] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 106.568564][ T925] usb 2-1: Using ep0 maxpacket: 8 [ 106.698557][ T925] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 106.798481][ T60] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 106.826182][ T4064] loop3: detected capacity change from 0 to 256 [ 106.837123][ T4064] incfs: Can't find or create .incomplete dir in ./file0 [ 106.844265][ T4064] incfs: mount failed -28 [ 107.008510][ T925] usb 2-1: string descriptor 0 read error: -22 [ 107.014574][ T925] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 107.023599][ T925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.137530][ T4084] syz-executor.3[4084] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.137848][ T4084] syz-executor.3[4084] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.174489][ T28] audit: type=1400 audit(1718677670.310:18058): avc: denied { read } for pid=4075 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 107.331065][ T1230] usb 2-1: USB disconnect, device number 13 [ 107.418541][ T60] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 107.426497][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.437228][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 107.450943][ T60] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 107.460110][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.468975][ T60] usb 1-1: config 0 descriptor?? [ 107.861064][ T4097] loop1: detected capacity change from 0 to 256 [ 107.872213][ T4097] incfs: Can't find or create .incomplete dir in ./file0 [ 107.890194][ T4097] incfs: mount failed -28 [ 107.916746][ T4101] loop1: detected capacity change from 0 to 512 [ 107.925618][ T4101] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2760: inode #11: comm syz-executor.1: corrupted xattr block 95 [ 107.938921][ T4101] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz-executor.1: bg 0: block 7: invalid block bitmap [ 107.952500][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 107.960238][ T4101] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 107.968895][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 107.976273][ T4101] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2926: inode #11: comm syz-executor.1: corrupted xattr block 95 [ 107.988707][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 107.990731][ T4101] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117) [ 108.005174][ T4101] EXT4-fs (loop1): 1 orphan inode deleted [ 108.010779][ T4101] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 108.011314][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.026720][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.033992][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.034569][ T3862] EXT4-fs (loop1): unmounting filesystem. [ 108.041246][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.053983][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.061126][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.068353][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.075619][ T60] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0 [ 108.270392][ T60] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 108.280289][ T60] plantronics 0003:047F:FFFF.0016: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 108.294247][ T60] usb 1-1: USB disconnect, device number 8 [ 108.507710][ T4118] syz-executor.3[4118] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.507759][ T4118] syz-executor.3[4118] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.584787][ T4129] loop3: detected capacity change from 0 to 256 [ 108.607289][ T4129] incfs: Can't find or create .incomplete dir in ./file0 [ 108.614532][ T4129] incfs: mount failed -28 [ 108.649013][ T4133] loop3: detected capacity change from 0 to 256 [ 108.656540][ T4133] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 108.675948][ T4135] fuse: Unknown parameter '' [ 108.748473][ T925] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 108.912007][ T4152] syz-executor.2[4152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.912080][ T4152] syz-executor.2[4152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.984747][ T4163] fuse: Unknown parameter '' [ 109.001399][ T925] usb 2-1: Using ep0 maxpacket: 8 [ 109.038570][ T39] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 109.128682][ T925] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 109.278557][ T60] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 109.429134][ T925] usb 2-1: string descriptor 0 read error: -22 [ 109.435812][ T925] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 109.444843][ T925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.518604][ T39] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 109.628795][ T39] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 109.637852][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 109.645791][ T39] usb 4-1: SerialNumber: syz [ 109.751243][ T6] usb 2-1: USB disconnect, device number 14 [ 109.798527][ T60] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 109.806449][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.817209][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 109.829794][ T60] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 109.838635][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.846900][ T60] usb 1-1: config 0 descriptor?? [ 109.893378][ T4148] loop3: detected capacity change from 0 to 2048 [ 109.909888][ T4148] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 109.919822][ T28] audit: type=1400 audit(1718677673.060:18059): avc: denied { rename } for pid=4147 comm="syz-executor.3" name="file2" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 110.085474][ T28] audit: type=1400 audit(1718677673.220:18060): avc: denied { ioctl } for pid=4181 comm="syz-executor.2" path="pid:[4026532294]" dev="nsfs" ino=4026532294 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 110.198943][ T4194] SELinux: Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped). [ 110.209407][ T28] audit: type=1400 audit(1718677673.350:18061): avc: denied { relabelto } for pid=4193 comm="syz-executor.2" name="file0" dev="sda1" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 110.269156][ T28] audit: type=1400 audit(1718677673.410:18062): avc: denied { rmdir } for pid=3912 comm="syz-executor.2" name="file0" dev="sda1" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 110.329350][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.336815][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.344135][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.351553][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.370880][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.378223][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.385494][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.392711][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.399894][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.407079][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.414330][ T60] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 110.421688][ T60] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 110.436303][ T4196] syz-executor.2[4196] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.436613][ T4196] syz-executor.2[4196] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.448711][ T39] cdc_ether: probe of 4-1:1.0 failed with error -71 [ 110.470444][ T39] usb 4-1: USB disconnect, device number 10 [ 110.615945][ T60] plantronics 0003:047F:FFFF.0017: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 110.629056][ T60] usb 1-1: USB disconnect, device number 9 [ 110.705744][ T28] audit: type=1400 audit(1718677673.840:18063): avc: denied { ioctl } for pid=4218 comm="syz-executor.2" path="/dev/usbmon0" dev="devtmpfs" ino=139 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 110.953943][ T43] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 110.968807][ T43] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 2048 with error 28 [ 110.981217][ T43] EXT4-fs (loop3): This should not happen!! Data will be lost [ 110.981217][ T43] [ 110.990638][ T43] EXT4-fs (loop3): Total free blocks count 0 [ 110.996410][ T43] EXT4-fs (loop3): Free/Dirty block details [ 111.002146][ T43] EXT4-fs (loop3): free_blocks=2415919104 [ 111.007756][ T43] EXT4-fs (loop3): dirty_blocks=16384 [ 111.012909][ T43] EXT4-fs (loop3): Block reservation details [ 111.018712][ T43] EXT4-fs (loop3): i_reserved_data_blocks=1024 [ 111.031701][ T456] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 2066 with max blocks 2048 with error 28 [ 111.048493][ T1230] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 111.248388][ T4225] loop3: detected capacity change from 0 to 40427 [ 111.257943][ T4225] F2FS-fs (loop3): Found nat_bits in checkpoint [ 111.282494][ T4225] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 111.293685][ T28] audit: type=1400 audit(1718677674.430:18064): avc: denied { setattr } for pid=4224 comm="syz-executor.3" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 111.316496][ T3788] syz-executor.3: attempt to access beyond end of device [ 111.316496][ T3788] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 111.330532][ T1230] usb 3-1: Using ep0 maxpacket: 8 [ 111.331549][ T4231] syz-executor.1[4231] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.335426][ T4231] syz-executor.1[4231] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.458543][ T1230] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 111.798963][ T1230] usb 3-1: string descriptor 0 read error: -22 [ 111.805281][ T1230] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 111.814267][ T1230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.905842][ T28] audit: type=1400 audit(1718677675.040:18065): avc: denied { mounton } for pid=4263 comm="syz-executor.4" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 111.943713][ T4263] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.951250][ T4263] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.958485][ T4263] device bridge_slave_0 entered promiscuous mode [ 111.966652][ T4263] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.973516][ T4263] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.980640][ T4263] device bridge_slave_1 entered promiscuous mode [ 112.022642][ T4263] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.029542][ T4263] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.036580][ T4263] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.043403][ T4263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.061866][ T60] usb 3-1: USB disconnect, device number 14 [ 112.066763][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.075451][ T1230] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.082644][ T1230] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.101858][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.109844][ T1230] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.116669][ T1230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.123941][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.131878][ T1230] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.138711][ T1230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.146432][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 112.154181][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 112.165381][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 112.176403][ T4263] device veth0_vlan entered promiscuous mode [ 112.182639][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 112.190548][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 112.198282][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 112.212384][ T4263] device veth1_macvtap entered promiscuous mode [ 112.219104][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 112.232578][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 112.241078][ T1230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 112.395333][ T4274] loop4: detected capacity change from 0 to 40427 [ 112.409340][ T43] device bridge_slave_1 left promiscuous mode [ 112.415325][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.430737][ T4274] F2FS-fs (loop4): Found nat_bits in checkpoint [ 112.435725][ T43] device bridge_slave_0 left promiscuous mode [ 112.444744][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.467006][ T4274] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 112.474518][ T43] device veth1_macvtap left promiscuous mode [ 112.482768][ T43] device veth0_vlan left promiscuous mode [ 112.501014][ T4263] syz-executor.4: attempt to access beyond end of device [ 112.501014][ T4263] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 112.936467][ T60] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 113.178468][ T60] usb 4-1: Using ep0 maxpacket: 8 [ 113.299036][ T60] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 113.307907][ T60] usb 4-1: config 1 has no interface number 1 [ 113.314063][ T60] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 113.327235][ T60] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 113.438533][ T1230] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 113.463648][ T4378] overlayfs: missing 'lowerdir' [ 113.508535][ T60] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 113.517426][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.535411][ T60] usb 4-1: Product: syz [ 113.539703][ T60] usb 4-1: Manufacturer: syz [ 113.544116][ T60] usb 4-1: SerialNumber: syz [ 113.550210][ T4388] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 113.558311][ T4388] netem: change failed [ 113.625996][ T4380] loop4: detected capacity change from 0 to 40427 [ 113.641241][ T4380] F2FS-fs (loop4): Found nat_bits in checkpoint [ 113.678113][ T4380] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 113.704453][ T4263] syz-executor.4: attempt to access beyond end of device [ 113.704453][ T4263] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 113.718576][ T1230] usb 2-1: Using ep0 maxpacket: 8 [ 113.888712][ T1230] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 114.019549][ T60] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 114.027160][ T60] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 114.034761][ T60] usb 4-1: 2:1 : invalid channels 0 [ 114.198534][ T1230] usb 2-1: string descriptor 0 read error: -22 [ 114.205005][ T1230] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 114.214218][ T1230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.297763][ T60] usb 4-1: USB disconnect, device number 11 [ 114.500717][ T24] usb 2-1: USB disconnect, device number 15 [ 114.623673][ T4438] loop2: detected capacity change from 0 to 256 [ 114.630156][ T4438] exfat: Deprecated parameter 'namecase' [ 114.638065][ T4438] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 115.041835][ T4456] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 115.054244][ T4454] device wg2 entered promiscuous mode [ 115.202506][ T4483] device wg2 entered promiscuous mode [ 115.487614][ T4507] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 115.548569][ T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 115.642607][ T4509] device wg2 entered promiscuous mode [ 115.695587][ T4519] loop2: detected capacity change from 0 to 256 [ 115.859593][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 116.278601][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 116.319929][ T4535] overlayfs: missing 'lowerdir' [ 116.344829][ T4541] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 116.356378][ T4541] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 116.364616][ T4541] CPU: 1 PID: 4541 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00016-gbda57805ab9f #0 [ 116.374654][ T4541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 116.384588][ T4541] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 [ 116.390668][ T4541] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b [ 116.410116][ T4541] RSP: 0018:ffffc9000a0df6c0 EFLAGS: 00010246 [ 116.416004][ T4541] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 116.423815][ T4541] RDX: ffffc900067dc000 RSI: 0000000000000422 RDI: 0000000000000423 [ 116.431629][ T4541] RBP: ffffc9000a0df818 R08: 0000000000000005 R09: ffffffff8411e3d3 [ 116.439438][ T4541] R10: 0000000000000004 R11: ffff888116533cc0 R12: dffffc0000000000 [ 116.447274][ T4541] R13: ffff88812d4803c0 R14: 1ffff9200141bee4 R15: 0000000000000000 [ 116.455060][ T4541] FS: 00007f8b2c87c6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 116.463827][ T4541] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.470251][ T4541] CR2: 0000000020010000 CR3: 0000000139efe000 CR4: 00000000003526a0 [ 116.478063][ T4541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 116.485873][ T4541] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 116.493690][ T4541] Call Trace: [ 116.496828][ T4541] [ 116.499591][ T4541] ? __die_body+0x62/0xb0 [ 116.503755][ T4541] ? die_addr+0x9f/0xd0 [ 116.507746][ T4541] ? exc_general_protection+0x317/0x4c0 [ 116.513138][ T4541] ? asm_exc_general_protection+0x27/0x30 [ 116.518681][ T4541] ? xdp_do_generic_redirect+0x303/0xad0 [ 116.524157][ T4541] ? dev_map_generic_redirect+0x90/0x7d0 [ 116.529622][ T4541] ? __free_pages_core+0x180/0x180 [ 116.534565][ T4541] ? __this_cpu_preempt_check+0x13/0x20 [ 116.539946][ T4541] ? bq_enqueue+0x3e0/0x3e0 [ 116.544286][ T4541] ? bpf_prog_run_generic_xdp+0x9aa/0x1110 [ 116.549931][ T4541] xdp_do_generic_redirect+0x411/0xad0 [ 116.555234][ T4541] do_xdp_generic+0x53e/0x800 [ 116.559738][ T4541] ? generic_xdp_tx+0x560/0x560 [ 116.564430][ T4541] ? __schedule+0xcaf/0x1550 [ 116.568847][ T4541] ? tun_get_user+0x2340/0x3a90 [ 116.573534][ T4541] tun_get_user+0x238a/0x3a90 [ 116.578048][ T4541] ? futex_q_unlock+0x30/0x30 [ 116.582568][ T4541] ? tun_do_read+0x1ee0/0x1ee0 [ 116.587169][ T4541] ? ref_tracker_alloc+0x31d/0x450 [ 116.592110][ T4541] ? ref_tracker_dir_print+0x160/0x160 [ 116.597502][ T4541] ? futex_wait+0x4b7/0x7e0 [ 116.601848][ T4541] ? avc_policy_seqno+0x1b/0x70 [ 116.606670][ T4541] ? tun_get+0xe9/0x120 [ 116.610640][ T4541] tun_chr_write_iter+0x129/0x210 [ 116.615504][ T4541] vfs_write+0x902/0xeb0 [ 116.619579][ T4541] ? __x64_sys_prctl+0xd0/0xd0 [ 116.624192][ T4541] ? file_end_write+0x1c0/0x1c0 [ 116.628874][ T4541] ? __fget_files+0x2cb/0x330 [ 116.633472][ T4541] ? __fdget_pos+0x204/0x390 [ 116.637891][ T4541] ? ksys_write+0x77/0x2c0 [ 116.642143][ T4541] ksys_write+0x199/0x2c0 [ 116.646311][ T4541] ? __x64_sys_futex+0x100/0x100 [ 116.651087][ T4541] ? __ia32_sys_read+0x90/0x90 [ 116.655685][ T4541] ? fpregs_restore_userregs+0x130/0x290 [ 116.661153][ T4541] __x64_sys_write+0x7b/0x90 [ 116.665580][ T4541] do_syscall_64+0x3d/0xb0 [ 116.669832][ T4541] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.675560][ T4541] RIP: 0033:0x7f8b2ba7bc6f [ 116.679814][ T4541] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48 [ 116.699255][ T4541] RSP: 002b:00007f8b2c87c090 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 116.707499][ T4541] RAX: ffffffffffffffda RBX: 00007f8b2bbb3f80 RCX: 00007f8b2ba7bc6f [ 116.715313][ T4541] RDX: 000000000000fdef RSI: 0000000020000780 RDI: 00000000000000c8 [ 116.723122][ T4541] RBP: 00007f8b2baec074 R08: 0000000000000000 R09: 0000000000000000 [ 116.730937][ T4541] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 116.738746][ T4541] R13: 000000000000000b R14: 00007f8b2bbb3f80 R15: 00007ffe0e5f2f98 [ 116.746562][ T4541] [ 116.749424][ T4541] Modules linked in: [ 116.753359][ T4541] ---[ end trace 0000000000000000 ]--- [ 116.758587][ T4541] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 [ 116.764641][ T4541] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b [ 116.784103][ T4541] RSP: 0018:ffffc9000a0df6c0 EFLAGS: 00010246 [ 116.789992][ T4541] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 116.797799][ T4541] RDX: ffffc900067dc000 RSI: 0000000000000422 RDI: 0000000000000423 [ 116.805625][ T4541] RBP: ffffc9000a0df818 R08: 0000000000000005 R09: ffffffff8411e3d3 [ 116.813441][ T4541] R10: 0000000000000004 R11: ffff888116533cc0 R12: dffffc0000000000 [ 116.821256][ T4541] R13: ffff88812d4803c0 R14: 1ffff9200141bee4 R15: 0000000000000000 [ 116.829056][ T4541] FS: 00007f8b2c87c6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 116.837801][ T4541] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.844242][ T4541] CR2: 0000000020010000 CR3: 0000000139efe000 CR4: 00000000003526a0 [ 116.852072][ T4541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 116.859878][ T4541] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 116.867666][ T4541] Kernel panic - not syncing: Fatal exception in interrupt [ 116.874945][ T4541] Kernel Offset: disabled [ 116.879067][ T4541] Rebooting in 86400 seconds..