last executing test programs: 13.512483134s ago: executing program 0 (id=617): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000001c40)=ANY=[@ANYBLOB="3cadf09abc68dce16f161d904c45b6ed0c4acc5ad77db26152e746cc60e70bd2c7043d87acd25c00384ab6326e65f5576f2813b66af4eae0d68ada67d5b3a4d81ad749b2ae2d09771e1d49538ad6c18ae6d8fea856b7c416c4738906b5a0a739866f85044eed26997362cd0a3567ef16d880c30e8ad168490498c774143a7c5f564c7c4d54af811763ee356753fa3b32cec3239d5ed6f473d7584cf58f370b2e377066aeff5fe04ae3ced7f96b28836c6cfd53a6de77a1642b476c41d8dfa28f0b"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f00000000c0)) 13.487240815s ago: executing program 0 (id=618): r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4) recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000300)}}], 0x1, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10010000004e20}, 0x1c) sendmmsg$inet(r0, &(0x7f0000000b00)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000000)="c1", 0x1}], 0x1}}], 0x1, 0x0) 13.344594704s ago: executing program 0 (id=622): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x4, 0x7fdf, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) getitimer(0x1, &(0x7f0000000240)) 13.212067813s ago: executing program 0 (id=627): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@minixdf}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8000000000000002, 0x0, 0x0, 0x0, 0x1d, 0x4, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "0347c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a12ffffffffffffffe000000000e8f20000000200", "b90000cd1a0900000000000000000002000000000200", [0x1]}) 13.057013803s ago: executing program 0 (id=628): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) link(0x0, 0x0) 12.980388863s ago: executing program 0 (id=630): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) setgid(0x0) 12.978834983s ago: executing program 32 (id=630): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) setgid(0x0) 9.20033693s ago: executing program 2 (id=772): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x38, r2, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x38}}, 0x0) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x0, 0xfffffffd, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6b32}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x0) 9.199971081s ago: executing program 2 (id=773): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000380)='.\x00', 0x2042023, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) chdir(&(0x7f0000000380)='./file0\x00') 8.904876589s ago: executing program 2 (id=778): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 6.270926131s ago: executing program 2 (id=782): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==") rmdir(&(0x7f0000000180)='./file0/../file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 6.09074426s ago: executing program 2 (id=786): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4871b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 5.644269218s ago: executing program 2 (id=793): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pipe(&(0x7f00000042c0)={0xffffffffffffffff}) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r1, r2, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.639289149s ago: executing program 33 (id=793): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pipe(&(0x7f00000042c0)={0xffffffffffffffff}) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r1, r2, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.346767314s ago: executing program 5 (id=817): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000400)='sys_enter\x00', r1}, 0x10) utimes(0x0, 0x0) 4.327691684s ago: executing program 5 (id=820): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) brk(0x20ffc004) 4.312182294s ago: executing program 5 (id=821): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 4.076673033s ago: executing program 6 (id=835): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448de, &(0x7f0000000040)) 2.023595446s ago: executing program 6 (id=833): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@data_err_abort}, {@noinit_itable}]}, 0xfe, 0x585, &(0x7f0000001500)="$eJzs3d9rFNceAPDvbLLRGO81gsi99+ES8KEWcWOS/rDQB/tYWqnQvtuQrEGycSW7EZMK1Yf60pcihVIqlP4Bfe9Tkf4D/SssrSBFQluwD1tmM6ubZDfJxtWs2c8HRufMnJ0zZ2e+J+fsmWUD6Ftj6T+5iP9GxBdJxJGmfYOR7Rxby7f66MZMuiRRq334exJJtq2RP8n+H8kS/4mInz6LOJXbXG5leWV+ulQqLmbp8erC1fHK8srpywvTc8W54pXJqamzr09NvvXmG12r66sX/vz6g3vvnv38xOpX3z84eieJc3E429dcjy0d2HLvzebEWIxl70k+zm3IONHJib8Ekr0+AXZlIIvzfKRtwJEYyKIe2P8+jYha5x7v4jVAz0l2E//APtDoBzTG9jseB+8TD99ZGwBtrn+y9tlIHKyPjQ6tJutGRul4d7QL5adl/PDb3TvpEp18DgHwjG7eiogzg4Pt278N/q7t+NhndpBnYxnaP3hx7qX9nx+HIzbFf+5J/yda9H9GWsTubmwf/7kHa5NQTYa6UHAm7f+93bL/+6TI0YEs9a96ny+fXLpcKqZt278j4mTkD6TpreZzzq7eb9toNvf/0iUtv9EXzM7jweCGOafZ6er0s9S52cNbEf/bpv+btLj+6ftxYYdlHC/e/X+7fdvX//mqfRfxSsvr/3RGK9l6fnK8fj+MN+6Kzf64ffznduXvdf3T639o6/qPJs3ztZXOy/j24ONiu31jSTZp2uH9P5R8VG+ZGk3B9elqdXEiYih5v55et33y6Wsb6Ub+tP4nT7SO/63u/+GI+HiH9b997HbbrL1w/Wc7uv6dr9x/75Nv2pW/s/bvtfrayWzLTtq/tqcztH7Ls7x3AAAAAAAA0GtyQxGHI8kVsjn9w5HLFQprz3cci0O5UrlSPXWpvHRlNurflR2NfK4x0z3S9DzERPb6Rnoyez62kZ6KiKMR8eXAcD1dmCmXZve68gAAAAAAAAAAAAAAAAAAANAjRqL19/9Tvw7s9dkBz52f/Ib+tS7+D7TI0I1fegJ6kr//0L/EP/Qv8Q/9S/xD/xL/0L/EP/Qv8Q/9S/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAV104fz5daquPbsxExMG4trw0X752eraYny8sLM0UZsqLVwtz5fJcqViYKS9sd7xSuXx1YjKWro9Xi5XqeGV55eJCeelK9eLlhem54sVi/sVUCwAAAAAAAAAAAAAAAAAAAF4qleWV+elSqbjYmyv5Lh/wlx6p1z5aGeyN07CyWBmOLh5wfTvxV61W26s2CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+CQAA//87lDlV") syz_usb_control_io(r0, 0x0, 0x0) 2.020985326s ago: executing program 5 (id=845): stat(0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_read_part_table(0x59e, &(0x7f0000000000)="$eJzs0r1Lc1ccB/BzUx7CA49EROhgB8Hg0qgQBx3MYCWGLEbElg7OgoMOgoODpERnX/4BxTcQF7GzoxhBFOIkGcW5oLhkSmm9pa1bW4xYPp/lcs75nvM7h98NfGiJ8Euz2YxCCM3kP9/9/XF+vNg9OTo1HUIUZkII+W++/L4SxYk/Tj2Nx6V4XExma7tXY0/H7dc9t9X0fiJeP0uE8FMIYf7+IPVf38b/30nuIrW6tlhYX87N3RVWHgZn+/JdG/mFraG9kfIPX4/8GP9YZ4nW1E/Xhg9vmqXH7bb+T9VaI3sZ5zLR29Tnfb3u/05npV5pTPQeLQ1kOurn5c2478/6DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvLGT3EVqdW2xsL6cm7srrDwMzvbluzbyC1tDeyPlr/7MnSVaUz9dGz68aZYet9v6P1VrjexlnMtE4currd/9/DZXooW+DX/v/05npV5pTPQeLQ1kOurn5c3oJfccvfdNAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICP4vN4sXtydGo6hCjMhBDGEu0Hv803ky/rUZw7jb+leL6YzNZ2r8aejtuve26r6f3JZAjJv5w7f3+Q+tzKh/Cv/BoAAP//vsKFIA==") ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000140)={&(0x7f00000000c0)=""/88, 0x58}) 1.859714676s ago: executing program 5 (id=841): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18) r2 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @auto=[0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x66, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x38, 0x32]}, &(0x7f0000000080)={0x0, "69dcaf2086ec9a8545f45826cb35be51ca73845d177dd8dba7221faeccfda56b75cfe286fdd14cb5b11b1cab614fec2236da7d88ea0f0700"}, 0x48, 0xfffffffffffffffe) keyctl$search(0xa, r2, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0) 1.740337646s ago: executing program 5 (id=847): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448de, &(0x7f0000000040)) 703.099012ms ago: executing program 1 (id=873): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) 689.265502ms ago: executing program 1 (id=863): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00', r1}, 0x10) timer_create(0x2, 0x0, &(0x7f0000000100)) timer_delete(0x0) 658.818602ms ago: executing program 1 (id=865): syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000200)={0x0, 0x31, 0xb, "0b95c9ac6263e7474784fd"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = open(&(0x7f0000000100)='./bus\x00', 0x101c42, 0x0) socketpair(0x1, 0x801, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) io_setup(0xc, &(0x7f0000000000)=0x0) io_submit(r2, 0x2, &(0x7f00000008c0)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x4, r1, 0x0, 0x0, 0x9}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x8, 0x6, r0, &(0x7f0000000200)="cc10", 0x2, 0x4, 0x0, 0xf04165e29300fdf8, r0}]) 463.031161ms ago: executing program 6 (id=868): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000014b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r2}, 0x10) 462.873291ms ago: executing program 4 (id=870): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x2208050, &(0x7f0000000140)=ANY=[], 0x1, 0x1520, &(0x7f0000011680)="$eJzs3Au4TtX2MPAx5pyLbefyJrmvMcfiTS6TJMklSS5JkoQj9yQJSZIkscktCUnIdSe5h9zTTtv9fsk9SY4kSUJCkvk9u/R3upyvc86/8znf2eP3POvZc6y15njH2mO/73rnu5+9v+wytFrD6pXrMTP8K/TPA/zpSxIAJADAAADIBgABAJTOXjp72vFMGpP+pQcR/yb1p1/pCsSVJP1P36T/6Zv0P32T/qdv0v/0Tfqfvkn/0zfpvxDp2sw8V8uWfjf5/P//c+p/M1nu//99EH+76++dK/3/b6P/qbOl/+lGht/bKf1PL37/FiD9T9+k/+lZcKULEFeYPP/TN+m/EOnan/6Z8vpzV/ozbdn+iU0IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhPh/4Jy/zADAz+MrXZcQQgghhBBCCCH+PP7tK12BEEIIIYQQQggh/v0QFGgwEEAGyAgJkAkS4SrIDFkgK2SDGFwN2eEayAHXQk7IBbkhD+SFfJAfQiCwwBBBASgIcbgOCsH1UBiKQFEoBg6KQwm4AUrCjVAKboLScDOUgVugLJSD8lABboWKcBtUgtuhMtwBVaAqVIPqcCfUgLugJtwNteAeqA33Qh24D+rC/VAP6kMD+As0hAegETSGJtAUmkFzaPEH85Oz/d78Z6E7PAc9oCckQS/oDc9DH+gL/aA/DIAXYCC8CIPgJRgMQ2AovAzD4BUYDq/CCBgJo+A1GA1jYCyMg/EwAZLhdZgIb8AkePOBLDAFpsI0mA4zYCa8BbNgNsyBt2EuzIP5kJxpISyCxfAOLIF3IQXeg6XwPqTCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsIHsA22ww7YCbtgN+yBD2EvfAT74GPYj5/8k/PP/nI+dEVAQIUKDRrMgBkwARMwERMxM2bGrJgVYxjD7Jgdc2AOzIk5MTfmxryYF/NjfiQkZGQsgAUwjnEshIWwMBbGolgUHTosgSWwJN6IpbAUlsbSWAbLYFksh+WwAlbAilgRK2ElrIyVsQpWwWpYDe/EO/EurIk1sRbWwtpYG+tgHayLdbEe1sMG2AAbYkNshI2wCTbBZtgMW2ALbIktsRW2wtbYGttgG2yLbbE9tscO2AE7YkfshJ2wM3bGLtgFu+Iz+Aw+i8/ic/gc9sQqqhf2xt7YB/tgP+yP/fEFHIgv4ov4Eg7GITgUX8aX8RUcjmdwBI7EUTgKK6oxOBbHIasJmIzJmBEm4iSchJNxCk7BaTgdZ+BMnImzcDbOxrdxLs7DebgAF+AiXIyLcQm+iymYgkvxLKbiMlyOK3AlrsKVuAbX4hpcjxtwPW7CTbgFt+AH+AFux+24E3fibtyNH+KH+BF+hINxP+7HA3gAD+JBPISH8DAexiN4BI/iUTyGx/A4HscTeBJP4Uk8jafxDJ7FcwBwHs/jBbyAF/Fi2pNfpTHKqAwqg0pQCSpRJarMKrPKqrKqmIqp7Cq7yqFyqJwqp8qtcqu8Kq/Kr/IrUqRYRaqAKqDiKq4KqUKqsCqsiqqiyimnSqgSqqQqqUqpUqq0ulmVUbeosqqcethVUBVURdXaVVK3q8qqsqqiqqpqqrqqrmqoGqqmqqlqqVqqtqqt6qj7VF3VC/thfZXWmYZqCDZSQ7GJaqqaqebqFXxQtVTDsZV6WLVWj6iROALbqpauvXpMdVBjsaN6Qo3DJ1VnNQG7qKdVV/WM6qaeVd1VK9dD9VSTsZfqraZhH9VX9VP91SysqtI6Vk29pAarIWqoelktwlfUcPWqGqFGqlHqNTVajVFj1Tg1Xk1Qyep1NVG9oSapN9VkNUVNVdPUdDVDzVRvqVlqtpqj3lZz1Tw1Xy1QC9UitVi9o5aod1WKek8tVe+rVLVMLVcr1Eq1Sq1Wa9RatU6tVxvURrVJbVZb1Fb1gdqmtqsdaqfapXarPepDtVd9pPapj9V+9Yk6oP6qDqpP1SH1mTqsPldH1BfqqPpSHVNfqePqa3VCnVSn1DfqtPpWnVFn1Tn1nTqvvlcX1A/qovIKNGqltTY60Bl0Rp2gM+lEfZXOrLPorDqbjumrdXZ9jc6hr9U5dS6d2+TReXU+nV+HmrTVrCNdQBfUcX2dLqSv14V1EV1UF9NOF9cl9A26pL5Rl9I36dL6Zl1G36LL6nK6vAd9q66ob9OV9O26sr5DV9FVdTVdXd+pa+i7dE19t66l79G19b26jr5P19X363q6vm6gM1y6ZzXWTXRT3Uw31y30g7qlfki30g/r1voR3UY/Ckm6nW6vH9Md9OO6o35Cd9JP6s76Kd1FP6276md0N/2Dvqi97qF76iTdS/fWz+s+uq/up/vrAfoFPVC/qAfpl/RgPUQP1S/rYfoVPVy/qkfokXqUfk2P1mP0WD1Oj9cTdLJ+XU/Ub+hJ+k09WU/RU/U0PV3P0P0uZZrzD8x/43fmD/rx0bforfoDvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9nf5Gn9bf6jP6rD6rv9Pn9Xl94dL3AAwaZbQxJjAZTEaTYDKZRHOVyWyymKwmm4mZq012c43JYa41OU0uk9vkMXlNPpPfhIaMNWwiU8AUNHFznSlkrjeFTRFT1BQzzhQ3JcwN/+v5f1RfC9PCtDQtTSvTyrQ2rU0b08a0NW1Ne9PedDAdTEfT0XQynUxn09l0MV1MV9PVdDPdTHfT3fQwPUySSTK9zfOmj+lr+pn+ZoB5wQw0A80gM8gMNoPNUDPUDDPDzHAz3IwwI8woM8qMNqPNWDPWjDfjTbLPZiaaiWaSmWQmm8lm6oBsZrqZbmaamWaWmWXmmDlmrplr5pv5ZqFZaBabxWaJWWJSTIpZapaaVLPMLDMrzAqzyqwya8was86sMxvMBrPJbDKpZqvZaraZbWaH2WF2mV1mj9lj9pq9Zp/ZZ/ab/eaAOWAOmoPmkDlkDpvD5og5Yo6ao+aYOWaOm+PmhDlhTplT5rQ5bc6YM+acOWfOm/PmgrlgLpqLaW/7AhWowAQmyBBkCBKChCAxSAwyB5mDrEHWIBbEguxB9iBHcG2QM8gV5A7yBHmDfEH+IAwosAEHUVAgKBjEg+uCQsH1QeGgSFA0KBa4oHhQIrghKBncGJQKbgpKBzcHZYJbgrJBuaB8UCG4NagY3BZUCm4PKgd3BFWCqkG1oHpwZ1AjuCuoGdwd1AruCWoH9wZ1gvuCusH9Qb2gftAg+EvQMHggaBQ0DpoETYNmQfOgxZ+a3/szuR5yPcKeYVLYK+wdPh/2CfuG/cL+4YDwhXBg+GI4KHwpHBwOCYeGL4fDwlfC4eGr4YhwZDgqfC0cHY4Jx4bjwvHhhDA5fD2cGL4RTgrfDCeHU8KpwbRwejgjnBm+Fc4KZ4dzwrfDueG8cH64IFwYLgoRf3plSwnfC5eG74ep4bJwebgiXBmuCleHa8K14bpwfbgh3BhuKj3wp1PDbeH2cEe4M9wV7g73hB+Ge8OPwn3hx+H+8JPwQPjX8GD4aXgo/Cw8HH4eHgm/CI+GX4bHwq/C4+HX4YnwZCYIvwlPh9+GZ8Kz4bnwu/B8+H14IfwhvBj6tDf3abd3MmQoA2WgBEqgREqkzJSZslJWilGMslN2ykE5KCflpNyUm/JSXspP+SkNE1MBKkBxilMhKkSFqTAVpaLkyFEJKkElqSSVolJUmkpTGSpDZclSeSpPt9KtdBvdRrfT7XQH3UFVqSpVp+qEWINqUk2qRbWoNtWmOlSH6lJdqkf1qAE1oIbUkBpRI2pCTagZNaMW1IJaUktqRa2oNbWmNtSG2lJbak/tqQN1oI7UkTpRJ+pMnakLdaGu1JW6UTfqTt2pB/WgJEqi3tSb+lAf6kf9aAANoIE0kAbRIBpMg2koDaVhNIyG03AaQSNpFL1Go2kMjaVxNJ4mUDIl00SaSJNoEk2myTSVptJ0mk4zaSbNolk0h+bQXJpL82k+LaSFtJgW0xJaQimUQktpKaVSKi2n5bSSVtJqWk1raS2tp/W0kTbSZtpMW2krbaNttIN20C7aRXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifoBJ2iU3SaTtMZOkPn6Bydp+/pAv1AF8lTgs1kE+1VNrPNYrPabPbXcW6bx+a1+Wx+G9qcNtcvYrLWFrZFbFFbzDpb3JawN/wmLmvL2fK2gr3VVrS32Uq2rM0EfxvXsHfZmvZuW8veY6vbO38R17b32jr2AVvXNrb1bFPbwDa3De0DtpFtbJvYpraZbW7b2EdtW9vOtreP2Q728d/ES+y7dq1dZ9fbDXav/cies9/Zo/ZLe95+b3vYnnaAfcEOtC/aQfYlO9gO+WUMYEfZ1+xoO8aOtePseDvhN/FUO81OtzPA2LfsLDv759jOvBQvtu/YuTbFzrcL7EK76Mc4raYU+55dat+3qXaZXW5X2JV2lV1t1/xPrSvsJrvZbrF77Id2m91ud9iddpfd/WOcdh377Md2v/3EHrFf2IP2U3vIHrOH7ec/xmnXd8x+ZY/br+0Je9Kest/Y0/Zbe8ae/fH60679G/uDvWi9BUZWrNlwwBk4IydwJk7kqzgzZ+GsnI1jfDVn52s4B1/LOTkX5+Y8nJfzcX4Omdgyc8QFuCDH+TouxNdzYS7CRbkYOy7OJfgGLsk3cim+iUvzzVyGb+GyXI7LcwW+lSvybVyJb+fKfAdX4apcjavznVyD7+KafDfX4nu4Nt/Ldfg+rsv3cz2uzw34L9yQH+BG3JibcFNuxs0Z+EFuyQ9xK36YW/Mj3IYf5bbcjtvzY9yBH+eO/AR34ie5Mz/FXfhp7srPcDd+lrvzc9yDe3IS9+Le/Dz34b7cj/vzAH6BB/KLPIhf4sE8hIfyyzyMX+Hh/CqP4JE8il/j0TyGx/I4Hs8TOJlf54n8Bk/iN3kyT+GpPI2n8wyeyW/xLJ7Nc/htnsvzeD4v4IW8iBfzO7yE3+UUfo+X8vucyst4Oa/glbyKV/MaXsvreD1v4I28iTfzFt7KH/A23s47eCfv4t28hz/kvfwR7+OPeT9/wgf4r3yQP+VD/Bkf5s/5CH/BR/lLPsZf8XH+mk/wST7F3/Bp/pbP8Fk+x9/xef6eL/APfJE9Q4SRinRkoiDKEGWMEqJMUWJ0VZQ5yhJljbJFsejqKHt0TZQjujbKGeWKckd5orxRvih/FEYU2YijKCoQFYzi0XVRoej6qHBUJCoaFYtcVDwqEd0QlYxujEpFN0Wlo5ujMtEtUdmoXFQ+qhDdGlWMbosqRbdHlaM7oipR1ahaVD26M6oR3RXVjO6OakX3RKWie6M60X1R3ej+qF5UP2oQ/SVqGD0QNYoaR02iplGzqHnUInowahk9FCUAQOvokahN9GjUNmoXtY8eizpEj//P8VZFgp/upr86nhT1ivSl1cbdemF8UXxx/J34kvi78ZT4e/Gl8ffjqfFl8eXxFfGV8VXx1fE18bXxdfH18Q3xjfFN8c3xLXHvq2cEh2kLYTAucBlcRpfgMrlEd5XL7LK4rC6bi7mrXXZ3jcvhrnU5XS6X2+VxeV0+l9+FjtylyqCgi7vrXCF3vSvsiriirphzrrgr4Zq7Fq6Fa+kecq3cw661e8Q94h51j7p2rp17zHVwj7uO7gnXyT3pOrun3FPuadfVPeO6uWddd/ec6+F6uiSX5Hq73q6P6+P6uX5ugBvgBrqBbpAb5Aa7wW6oG+qGuWFuuBvuRrgRbpQb5Ua70W6sG+vGu/Eu2SW7iW6im+Qmucluspvqprrpbrqb6Wa6WW6Wm+PmuLlurpvv5ruFbqFb7Ba7JW6JS3Epbqlb6lJdqlvulruVbqVb7Va7tW6tW+/Wu41uo9vsNrutbqvb5ra5HW6H2+V2uT1uj9vr9rp9bp/b7/a7A+6AO+gOukPuM3fYfe6OuC/cUfelO+a+csfd1+6EO+lOuW/cafetO+POunPuO3fefe8uuB/cReddcuz12MTYG7FJsTdjk2NTYlNj02LTYzNiM2NvxWbFZsfmxN6OzY3Ni82PLYgtjC2KLY69E1sSezeWEnsvtjT2fiw1tiy2PLYitjK2KuZ9vm2RL+AL+ri/zhfy1/vCvogv6ot554v7Ev4GX9Lf6Ev5m3xpf7Mv42/xZX05X9439k18U9/MN/ct/IO+pX/It/IP+9b+Ed/GP+rb+na+vX/Md/CP+47+Cd/JP+k7+6d8F//0vEs/Hr67f8738D19ku/le/vnfR/f1/fz/f0A/4If6F/0g/xLfrAf4of6l/0w/4of7l/1I/xIP8q/5kf7MX6sH+fH+wk+2b/uJ/o3/CT/pp/sp/ipfpqf7mf4mf4tP8vP9nP8236un+fn+wV+oV/kF/t3/BL/rk/x7/ml/n2f6pf55X6FX+lX+dV+jV/r1/n1foPf6Df5zX6L3+ozwja/3e/wO/0uv9vv8R/6vf4jv89/7Pf7T/wB/1d/0H/qD/nP/GH/uT/iv/BH/Zf+mP/KH/df+xP+pD/lv/Gn/bf+jD/rz/nv/Hn/vb/gf/AX5W/WhBBCCCH+IfoPjvf6nX3q0mYAoDcAZNme5/Cvc27M+dO4r9rbIQYAj/XsUv/nrX79pKSkS+emGggKLgCA2OX5P/6W51K8DFrDo9AeHoaSv1tfX1Ue+Vf5g785nqohiN8MkAiQ6ed9aWvCRPh1/hv/Tv7G7/w6/y/qT8u/AKBwwctz0h7o5/hy/lJ/J//uNn+QP9OnyQCt/mZOZrgcX85fAh6Cx6H9L84UQgghhBBCCCF+0led7/pH69u09Xlec3lORrgc/9H6/A9U+jOuQQghhBBCCCGEEP93Tz7Trd2D7ds/3Om/cqAA4Jlu7TL+p9RzxQcIAP8BZcjgP39wpV+ZhBBCCCGEEH+2y2/6r3QlQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vWv/4cw9Q+ffKWvUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLjS/k8AAAD//8zaSEs=") chdir(&(0x7f0000000000)='./file0\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, 0x0, 0x0) 411.537041ms ago: executing program 6 (id=871): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fc0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) time(0x0) 377.221081ms ago: executing program 6 (id=872): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000280)=0xfffffffa, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000002c0)=0x1, 0x4) write(r0, &(0x7f0000000340)="91", 0x1) syz_clone(0x40200400, 0x0, 0x0, 0x0, 0x0, 0x0) 300.993251ms ago: executing program 6 (id=875): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100000001", 0x15}], 0x1) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000140)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff0924031300010005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 300.8404ms ago: executing program 4 (id=876): r0 = creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1f5) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sys_enter\x00', r2}, 0x10) sync_file_range(r0, 0x8, 0x0, 0x3) 286.892811ms ago: executing program 4 (id=877): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0) 229.513421ms ago: executing program 4 (id=879): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0xe, &(0x7f0000000200)={[{@i_version}, {@noblock_validity}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7c}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000008) sched_setscheduler(0x0, 0x1, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x2) 229.08934ms ago: executing program 3 (id=889): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 209.31254ms ago: executing program 3 (id=880): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x7) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4) connect$unix(r0, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000540)=@abs={0x1, 0x0, 0x4e23}, 0x6e) 166.76533ms ago: executing program 4 (id=881): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000680)='net/tcp6\x00') preadv2(r1, &(0x7f0000000380)=[{&(0x7f0000000180)=""/142, 0x8e}], 0x1, 0x9e2, 0x0, 0x0) 160.72796ms ago: executing program 3 (id=892): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@init_itable}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") chdir(&(0x7f0000000100)='./file0\x00') rename(&(0x7f0000000300)='./file0\x00', &(0x7f00000000c0)='./file1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0) 120.26107ms ago: executing program 3 (id=882): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8000, &(0x7f0000000140), 0xfc, 0x560, &(0x7f00000008c0)="$eJzs3d9rW1UcAPDvTdut+6HtYAz1QQp7cDKXrq0/JvgwH0WHA33XkGRlNF1Gk461Dtwe3IsvMgQRB6Lvvvs4/Af8KwY6GDKKPuwlctObLluTNu3StVs+H7jtOffe9Jxv7v2enpubkAAG1kT6IxfxakR8l0SMtW0bjmzjxOp+Kw+uFdMliUbjs3+SSLJ1rf2T7PehrPJKRPzxTcTJ3Pp2a0vLc4VKpbyQ1Sfr85cna0vLpy7OF2bLs+VL0zMzZ96ZmX7/vXf7Fuub5//78dM7H5359vjKD7/dO3IribNxONvWHsdTuN5emYiJ7DkZibNP7DjVh8b2kmS3O8C2DGV5PhLpGDAWQ1nWd9QYe5ZdA3bY12laAwMqkf8woFrzgNa1fZ+ug58b9z9cvQBaH//w6msjMdq8Njq4kjx2ZZRe7473of20jd//vn0rXaJ/r0MAbOr6jYg4PTy8fvxLsvFv+073sM+TbRj/4Nm5k85/3uo0/8mtzX+iw/znUIfc3Y7N8z93rw/NdJXO/z7oOP9du2k1PpTVXmrO+UaSCxcr5XRsezkiTsTI/rS+wf2cL3MrdxvdNrbP/9Ilbb81F8z6cW94/+OPKRXqhacKus39GxGvdZz/JmvHP+lw/NPn43yPbRwr336927bN499ZjV8i3uh4/B/d0Uo2vj852TwfJltnxXr/3jz2Z7f2dzv+9Pgf3Dj+8aT9fm1t6238PPqw3G3bds//fcnnzfK+bN3VQr2+MBWxL/lk/frpR49t1Vv7p/GfOL7x+Nfp/D+QJnaP8d88erN919Gtxb+z0vhLWzr+Wy/c/firn7q139vxf7tZOpGt6WX867WDT/PcAQAAAAAAwF6Ti4jDkeTya+VcLp9ffX/H0TiYq1Rr9ZMXqouXStH8rOx4jORad7rH2t4PMZW9H7ZVn36iPhMRRyLi+6EDzXq+WK2Udjt4AAAAAAAAAAAAAAAAAAAA2CMORYx2+vx/6q+h3e4dsOM2+Mpv4AXXPf+zLf34pidgT/L/HwaX/IfBJf9hcMl/GFzyHwaX/IfBJf9hcG0l/389t4MdAQAAAAAAAAAAAAAAAAAAAAAAAAAAgBfD+XPn0qWx8uBaMa2XriwtzlWvnCqVa3P5+cVivlhduJyfrVZnK+V8sTq/2d+rVKuXp6Zj8epkvVyrT9aWlr+Yry5eethYVR55JlEBAAAAAAAAAAAAAAAAAADA86W2tDxXqFTKCwoK2yoM741uKPS5sNsjEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA88n8AAAD//75iP7A=") socket(0x10, 0x3, 0x0) rmdir(&(0x7f00000001c0)='./file0\x00') 88.24351ms ago: executing program 4 (id=883): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 59.67676ms ago: executing program 3 (id=884): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fc0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) time(0x0) 59.24245ms ago: executing program 1 (id=896): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) close(r1) getsockname$packet(r0, 0x0, 0x0) 38.44918ms ago: executing program 1 (id=885): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) 195.439µs ago: executing program 1 (id=886): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) munlockall() syz_mount_image$vfat(&(0x7f0000003880), &(0x7f0000000000)='./file0\x00', 0x88, &(0x7f0000000740)=ANY=[@ANYBLOB='uni_xlate=0,shortname=win95,shortname=winnt,iocharset=macromanian,shortname=lower,shortname=lower,utf8=0,utf8=0,nfs=nostale_ro,uid=', @ANYRESHEX=0x0, @ANYBLOB=',rodir,shortname=win95,shortname=winnt,iocharset=ascii,uid=', @ANYRESHEX, @ANYBLOB="c204ec5d4c8e2398215a7777ae6c509f190a9c9eea3500c553a78fc83652b8c4c6c912c2553475cdf39a4df7d5a72cb10b9077c313039800c86ed739dc74b52e6350ca08f987bf38fecf7cfc35508e8fef5b70a7026c3e7a69d3fe593862750672d97b011356d155df27e910facb4c"], 0x1, 0x2a9, &(0x7f0000000480)="$eJzs3c9KM1cYB+B3YkzSdpGsS6Gz6FrUbTdxoVDqqsVFu2mlKogJBQXBUhpdddsb6BUUCt2V3kM3vYNCt4UuhQpTJpkxxiRT82H0+/B5Nh7PnN+cP45kIfP65Xv9k4M0jq6+/TNarSRq3ejGdRKdqEXpMiZ0fwgA4E12nWXxTzaySC6JiNbylgUALNHU53+SVAd+eZp1AQDL8+lnn3+8tbu7/UmatmKn//35Xv75n38dXd86iuPoxWGsRztuIrJbo/ZOlmWDeprrxAf9wflenux/8Xtx/62/I4b5jWhHZ9g1mf9od3sjHbmTH+TreLuYv5vnN6Md/07MX/6BYntzKh8R9c7k+teiHX98FV9HLw6GixjP/91Gmh7/Vp5Ink8G53vN4bixbOUJfhwAAAAAAAAAAAAAAAAAAAAAALwQa0XtnGYM6/fkXUX9nZWb/JvVSEudyfo8o/xttcB79YEGWfxY1tdZT9M0KwaO8/V4tx7159k1AAAAAAAAAAAAAAAAAAAAvF7OLr452e/1Dk8fpVFWAyhf63/V+3Tv9Lwfcwfn0+w3x3PVimbFnWOlHJNEVC4j38QjHUt14/LirXlr/unninhrVqr1/5OuVp3P4zTKp+tkPxmdYXJvTDPGuygav969TyNOz7KHzNWYdylb6PFrzLzUXnjvjXeGjUHFmEiqFvbhX6OTK3qS+7toDE91Zny1aBTx2tTT28p7GvPiU78pUxLVOgAAAAAAAAAAAAAAAAAAYKnGL/3OuHhVGa1lzaUtCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACe1Pj//y/QGBThBwxuxOnZM28RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAF+C/AAAA//+zK1UG") 0s ago: executing program 3 (id=887): getpid() r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x1f, &(0x7f0000000000)={0x0, 0x8, 0x7, {0x7, 0x7, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) kernel console output (not intermixed with test programs): 072][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.928120][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.935969][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.944180][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.952475][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.960494][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.968662][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.975930][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.983202][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.990560][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.001455][ T300] device veth0_vlan entered promiscuous mode [ 28.021178][ T297] request_module fs-gadgetfs succeeded, but still no fs? [ 28.023479][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.038286][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.046421][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.074117][ T300] device veth1_macvtap entered promiscuous mode [ 28.083279][ T322] loop3: detected capacity change from 0 to 512 [ 28.085793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.098610][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.107997][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.119017][ T322] ======================================================= [ 28.119017][ T322] WARNING: The mand mount option has been deprecated and [ 28.119017][ T322] and is ignored by this kernel. Remove the mand [ 28.119017][ T322] option from the mount to silence this warning. [ 28.119017][ T322] ======================================================= [ 28.154968][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.164610][ T299] device veth1_macvtap entered promiscuous mode [ 28.179503][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.188396][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.217986][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.236285][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.244964][ T322] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 28.247385][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.262417][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.270847][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.277948][ T322] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.279151][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.339796][ T345] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.364247][ T322] EXT4-fs (loop3): shut down requested (1) [ 28.392763][ T298] EXT4-fs (loop3): unmounting filesystem. [ 28.502423][ T369] loop3: detected capacity change from 0 to 512 [ 28.527512][ T375] loop0: detected capacity change from 0 to 512 [ 28.547269][ T379] loop1: detected capacity change from 0 to 256 [ 28.563130][ T379] FAT-fs (loop1): Directory bread(block 64) failed [ 28.570264][ T379] FAT-fs (loop1): Directory bread(block 65) failed [ 28.576738][ T375] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 28.577377][ T379] FAT-fs (loop1): Directory bread(block 66) failed [ 28.591778][ T369] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 28.601284][ T369] ext4 filesystem being mounted at /2/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 28.611525][ T379] FAT-fs (loop1): Directory bread(block 67) failed [ 28.618044][ T379] FAT-fs (loop1): Directory bread(block 68) failed [ 28.624482][ T379] FAT-fs (loop1): Directory bread(block 69) failed [ 28.632722][ T379] FAT-fs (loop1): Directory bread(block 70) failed [ 28.639722][ T379] FAT-fs (loop1): Directory bread(block 71) failed [ 28.646094][ T379] FAT-fs (loop1): Directory bread(block 72) failed [ 28.652725][ T379] FAT-fs (loop1): Directory bread(block 73) failed [ 28.653511][ T298] EXT4-fs (loop3): unmounting filesystem. [ 28.671324][ T375] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 28.697741][ T375] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.745899][ T375] syz.0.22 (375) used greatest stack depth: 21808 bytes left [ 28.753983][ T379] syz.1.25: attempt to access beyond end of device [ 28.753983][ T379] loop1: rw=2049, sector=1264, nr_sectors = 4 limit=256 [ 28.768229][ T296] EXT4-fs (loop0): unmounting filesystem. [ 28.774043][ T379] syz.1.25: attempt to access beyond end of device [ 28.774043][ T379] loop1: rw=2049, sector=1224, nr_sectors = 44 limit=256 [ 28.956688][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.963762][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.000887][ T440] loop3: detected capacity change from 0 to 16 [ 29.013016][ T440] erofs: (device loop3): mounted with root inode @ nid 36. [ 29.025423][ T440] syz.3.49: attempt to access beyond end of device [ 29.025423][ T440] loop3: rw=0, sector=14546590680, nr_sectors = 16 limit=16 [ 29.041394][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 29.054192][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 29.064324][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 29.073447][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 34 @ nid 36 [ 29.081067][ T429] syz.4.46 (429) used greatest stack depth: 21520 bytes left [ 29.082606][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 32 @ nid 36 [ 29.102761][ T440] syz.3.49: attempt to access beyond end of device [ 29.102761][ T440] loop3: rw=524288, sector=72, nr_sectors = 16 limit=16 [ 29.120589][ T445] SELinux: policydb version 4376 does not match my version range 15-33 [ 29.124011][ T440] syz.3.49: attempt to access beyond end of device [ 29.124011][ T440] loop3: rw=524288, sector=24, nr_sectors = 8 limit=16 [ 29.129122][ T445] SELinux: failed to load policy [ 29.142024][ T440] syz.3.49: attempt to access beyond end of device [ 29.142024][ T440] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 29.160478][ T440] syz.3.49: attempt to access beyond end of device [ 29.160478][ T440] loop3: rw=524288, sector=221968, nr_sectors = 8 limit=16 [ 29.174329][ T440] syz.3.49: attempt to access beyond end of device [ 29.174329][ T440] loop3: rw=524288, sector=14552337248, nr_sectors = 16 limit=16 [ 29.192799][ T440] syz.3.49: attempt to access beyond end of device [ 29.192799][ T440] loop3: rw=524288, sector=14546590680, nr_sectors = 8 limit=16 [ 29.209632][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 29.220167][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 29.229885][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 80 @ nid 36 [ 29.239862][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 29.250465][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 29.255095][ T451] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 29.265716][ T453] loop2: detected capacity change from 0 to 1024 [ 29.280154][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 29.283120][ T451] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 29.290596][ T440] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 29.304007][ T451] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 29.314267][ T453] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 29.321555][ T455] netlink: 48 bytes leftover after parsing attributes in process `syz.0.55'. [ 29.328946][ T453] EXT4-fs (loop2): orphan cleanup on readonly fs [ 29.343096][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 29.354015][ T440] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 29.363401][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 62 @ nid 36 [ 29.372670][ T453] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5887: Corrupt filesystem [ 29.382092][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 29.390890][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.391416][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 29.407893][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 29.412149][ T453] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #3: comm syz.2.57: mark_inode_dirty error [ 29.416798][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 29.437008][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 52 @ nid 36 [ 29.446995][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 29.456067][ T440] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 29.465239][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 29.474658][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 29.483644][ T440] erofs: (device loop3): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 29.492581][ T440] syz.3.49: attempt to access beyond end of device [ 29.492581][ T440] loop3: rw=524288, sector=14425508768, nr_sectors = 8 limit=16 [ 29.506481][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.517539][ T453] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.57: Invalid block bitmap block 3 in block_group 0 [ 29.536752][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.543352][ T453] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5887: Corrupt filesystem [ 29.554953][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.561954][ T453] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #3: comm syz.2.57: mark_inode_dirty error [ 29.575989][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.582673][ T453] EXT4-fs error (device loop2): ext4_map_blocks:634: inode #3: block 1: comm syz.2.57: lblock 6 mapped to illegal pblock 1 (length 1) [ 29.621856][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.628604][ T453] EXT4-fs error (device loop2): ext4_map_blocks:634: inode #3: block 48: comm syz.2.57: lblock 0 mapped to illegal pblock 48 (length 1) [ 29.657547][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.675118][ T453] EXT4-fs error (device loop2): ext4_acquire_dquot:6788: comm syz.2.57: Failed to acquire dquot type 0 [ 29.698109][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.704491][ T453] EXT4-fs error (device loop2): ext4_map_blocks:634: inode #3: block 49: comm syz.2.57: lblock 1 mapped to illegal pblock 49 (length 1) [ 29.754392][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.762972][ T453] EXT4-fs error (device loop2): ext4_acquire_dquot:6788: comm syz.2.57: Failed to acquire dquot type 0 [ 29.775730][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.796224][ T453] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5887: Corrupt filesystem [ 29.818523][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.827896][ T453] EXT4-fs error (device loop2): ext4_evict_inode:279: inode #15: comm syz.2.57: mark_inode_dirty error [ 29.847769][ T453] EXT4-fs (loop2): Remounting filesystem read-only [ 29.870904][ T453] EXT4-fs warning (device loop2): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 29.888104][ T453] EXT4-fs (loop2): 1 orphan inode deleted [ 29.897780][ T453] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 29.972168][ T475] loop0: detected capacity change from 0 to 40427 [ 29.976577][ T453] syz.2.57 (453) used greatest stack depth: 19656 bytes left [ 29.987791][ T475] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 29.999154][ T475] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 30.007724][ T299] EXT4-fs (loop2): unmounting filesystem. [ 30.017959][ T475] F2FS-fs (loop0): Found nat_bits in checkpoint [ 30.097908][ T475] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 30.112766][ T475] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 30.117522][ T506] loop4: detected capacity change from 0 to 256 [ 30.146798][ T506] exfat: Deprecated parameter 'namecase' [ 30.161354][ T508] capability: warning: `syz.2.77' uses deprecated v2 capabilities in a way that may be insecure [ 30.173676][ T506] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d) [ 30.277366][ T517] loop3: detected capacity change from 0 to 512 [ 30.312552][ T517] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 30.327610][ T517] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 30.389098][ T517] EXT4-fs (loop3): 1 truncate cleaned up [ 30.396787][ T517] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 30.439456][ T517] EXT4-fs (loop3): Online resizing not supported with sparse_super2 [ 30.476520][ T298] EXT4-fs (loop3): unmounting filesystem. [ 30.488332][ T530] loop0: detected capacity change from 0 to 256 [ 30.508159][ T28] kauditd_printk_skb: 104 callbacks suppressed [ 30.508173][ T28] audit: type=1400 audit(1736532979.021:174): avc: denied { append } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.536881][ T530] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 30.554977][ T530] FAT-fs (loop0): Filesystem has been set read-only [ 30.585748][ T28] audit: type=1400 audit(1736532979.021:175): avc: denied { open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.621454][ T538] loop3: detected capacity change from 0 to 256 [ 30.643759][ T538] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 30.660498][ T28] audit: type=1400 audit(1736532979.021:176): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.724750][ T28] audit: type=1400 audit(1736532979.081:177): avc: denied { bind } for pid=531 comm="syz.3.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 30.765146][ T28] audit: type=1400 audit(1736532979.081:178): avc: denied { name_bind } for pid=531 comm="syz.3.87" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 30.807840][ T28] audit: type=1400 audit(1736532979.081:179): avc: denied { node_bind } for pid=531 comm="syz.3.87" saddr=ffff:ffff:800:: src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 30.839916][ T502] loop1: detected capacity change from 0 to 131072 [ 30.854031][ T28] audit: type=1400 audit(1736532979.151:180): avc: denied { ioctl } for pid=539 comm="syz.0.91" path="/dev/ashmem" dev="devtmpfs" ino=265 ioctlcmd=0x7703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.882102][ T28] audit: type=1400 audit(1736532979.151:181): avc: denied { map } for pid=539 comm="syz.0.91" path="/dev/ashmem" dev="devtmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.916209][ T28] audit: type=1400 audit(1736532979.421:182): avc: denied { ioctl } for pid=557 comm="syz.0.97" path="socket:[16691]" dev="sockfs" ino=16691 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 30.942303][ T502] F2FS-fs (loop1): Found nat_bits in checkpoint [ 30.973840][ T28] audit: type=1400 audit(1736532979.481:183): avc: denied { name_bind } for pid=561 comm="syz.0.99" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 31.013249][ T502] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 31.199251][ T572] loop0: detected capacity change from 0 to 1024 [ 31.227237][ T572] EXT4-fs: Ignoring removed bh option [ 31.326045][ T572] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 31.335279][ T590] loop3: detected capacity change from 0 to 1024 [ 31.377475][ T296] EXT4-fs (loop0): unmounting filesystem. [ 31.416191][ T601] syz.4.116[601] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.416275][ T601] syz.4.116[601] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.446835][ T590] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 31.473833][ T590] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.489314][ T590] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.112: bg 0: block 393: padding at end of block bitmap is not set [ 31.524938][ T298] EXT4-fs (loop3): unmounting filesystem. [ 31.546843][ T603] loop1: detected capacity change from 0 to 8192 [ 31.578942][ T624] loop0: detected capacity change from 0 to 1024 [ 31.587768][ T325] I/O error, dev loop1, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 31.635456][ T624] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 31.649532][ T624] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.650576][ T636] loop1: detected capacity change from 0 to 512 [ 31.673362][ T636] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 31.687095][ T636] EXT4-fs (loop1): orphan cleanup on readonly fs [ 31.688136][ T296] EXT4-fs (loop0): unmounting filesystem. [ 31.696331][ T636] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.130: Failed to acquire dquot type 1 [ 31.710476][ T636] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.130: bg 0: block 40: padding at end of block bitmap is not set [ 31.724832][ T636] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 31.733805][ T636] EXT4-fs (loop1): 1 truncate cleaned up [ 31.739507][ T636] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 31.785206][ T647] loop0: detected capacity change from 0 to 512 [ 31.803188][ T297] EXT4-fs (loop1): unmounting filesystem. [ 31.834289][ T647] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 31.843928][ T647] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.856813][ T654] loop4: detected capacity change from 0 to 2048 [ 31.867896][ T647] EXT4-fs error (device loop0): ext4_get_first_dir_block:3594: inode #12: comm syz.0.134: directory missing '.' [ 31.875664][ T654] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 31.879934][ T647] EXT4-fs (loop0): Remounting filesystem read-only [ 31.888069][ T654] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.916700][ T296] EXT4-fs (loop0): unmounting filesystem. [ 31.966203][ T654] fs-verity: sha512 using implementation "sha512-avx2" [ 31.974325][ T654] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.137: bg 0: block 448: padding at end of block bitmap is not set [ 31.988820][ T654] fs-verity (loop4, inode 13): ext4_end_enable_verity() failed with err -117 [ 33.017619][ C1] sched: RT throttling activated [ 34.953606][ T300] EXT4-fs (loop4): unmounting filesystem. [ 35.007196][ T680] loop4: detected capacity change from 0 to 2048 [ 35.019656][ T690] loop3: detected capacity change from 0 to 1024 [ 35.026568][ T45] Bluetooth: hci0: sending frame failed (-49) [ 35.033022][ T515] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 35.033187][ T680] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 35.054179][ T690] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 35.057800][ T680] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.076584][ T697] loop1: detected capacity change from 0 to 1024 [ 35.089934][ T690] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 35.121685][ T702] loop2: detected capacity change from 0 to 4096 [ 35.129330][ T702] EXT4-fs: Ignoring removed nobh option [ 35.130167][ T697] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 35.137956][ T702] EXT4-fs: Ignoring removed i_version option [ 35.156859][ T300] EXT4-fs (loop4): unmounting filesystem. [ 35.168044][ T690] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 35.192999][ T702] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 35.202243][ T690] EXT4-fs (loop3): This should not happen!! Data will be lost [ 35.202243][ T690] [ 35.253245][ T690] EXT4-fs (loop3): Total free blocks count 0 [ 35.265613][ T690] EXT4-fs (loop3): Free/Dirty block details [ 35.279584][ T717] loop0: detected capacity change from 0 to 128 [ 35.283553][ T690] EXT4-fs (loop3): free_blocks=68451041280 [ 35.297776][ T690] EXT4-fs (loop3): dirty_blocks=16 [ 35.304307][ T690] EXT4-fs (loop3): Block reservation details [ 35.305774][ T297] EXT4-fs (loop1): unmounting filesystem. [ 35.310502][ T690] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 35.318076][ T717] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 35.341794][ T717] ext4 filesystem being mounted at /39/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 35.375589][ T720] loop1: detected capacity change from 0 to 2048 [ 35.386493][ T298] EXT4-fs (loop3): unmounting filesystem. [ 35.411359][ T299] EXT4-fs (loop2): unmounting filesystem. [ 35.418935][ T296] EXT4-fs (loop0): unmounting filesystem. [ 35.457053][ T720] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 35.469428][ T720] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.499554][ T733] netlink: 28 bytes leftover after parsing attributes in process `syz.2.160'. [ 35.510195][ T297] EXT4-fs (loop1): unmounting filesystem. [ 35.518007][ T733] netlink: 28 bytes leftover after parsing attributes in process `syz.2.160'. [ 35.521273][ T735] loop3: detected capacity change from 0 to 128 [ 35.537696][ T319] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 35.551379][ T735] FAT-fs (loop3): Directory bread(block 162) failed [ 35.576671][ T735] FAT-fs (loop3): Directory bread(block 163) failed [ 35.587710][ T735] FAT-fs (loop3): Directory bread(block 164) failed [ 35.596723][ T735] FAT-fs (loop3): Directory bread(block 165) failed [ 35.604687][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 35.604699][ T28] audit: type=1400 audit(1736532984.111:221): avc: denied { setopt } for pid=740 comm="syz.1.168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.610195][ T735] FAT-fs (loop3): Directory bread(block 166) failed [ 35.636777][ T735] FAT-fs (loop3): Directory bread(block 167) failed [ 35.643437][ T28] audit: type=1400 audit(1736532984.151:222): avc: denied { listen } for pid=743 comm="syz.2.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.663301][ T735] FAT-fs (loop3): Directory bread(block 168) failed [ 35.670714][ T735] FAT-fs (loop3): Directory bread(block 169) failed [ 35.675542][ T747] loop2: detected capacity change from 0 to 1024 [ 35.681952][ T735] FAT-fs (loop3): Directory bread(block 162) failed [ 35.689894][ T735] FAT-fs (loop3): Directory bread(block 163) failed [ 35.696970][ T735] bio_check_eod: 11 callbacks suppressed [ 35.696985][ T735] syz.3.165: attempt to access beyond end of device [ 35.696985][ T735] loop3: rw=3, sector=226, nr_sectors = 6 limit=128 [ 35.719224][ T735] syz.3.165: attempt to access beyond end of device [ 35.719224][ T735] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 35.745099][ T747] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.762476][ T753] input: syz0 as /devices/virtual/input/input6 [ 35.778741][ T319] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 35.796130][ T319] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 35.815921][ T319] usb 5-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 35.831215][ T319] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 35.839900][ T747] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2809: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 35.853732][ T319] usb 5-1: Product: syz [ 35.857765][ T319] usb 5-1: SerialNumber: syz [ 35.870642][ T299] EXT4-fs (loop2): unmounting filesystem. [ 35.871304][ T319] usb 5-1: bad CDC descriptors [ 35.917707][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 35.928954][ T28] audit: type=1400 audit(1736532984.441:223): avc: denied { search } for pid=763 comm="syz.2.178" name="/" dev="configfs" ino=14174 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 36.014861][ T760] loop3: detected capacity change from 0 to 40427 [ 36.034388][ T773] tmpfs: Unknown parameter 'mpo' [ 36.035918][ T760] F2FS-fs (loop3): Found nat_bits in checkpoint [ 36.076944][ T760] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 36.090746][ T319] usb 5-1: USB disconnect, device number 2 [ 36.112747][ T783] SELinux: security policydb version 18 (MLS) not backwards compatible [ 36.121196][ T783] SELinux: failed to load policy [ 36.128715][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.149387][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.156235][ T787] loop2: detected capacity change from 0 to 2048 [ 36.165622][ T785] netlink: 'syz.0.185': attribute type 4 has an invalid length. [ 36.173197][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 36.186273][ T785] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.185'. [ 36.188363][ T787] loop2: p1 < > p4 [ 36.198925][ T24] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 36.208484][ T787] loop2: p4 size 8388608 extends beyond EOD, truncated [ 36.221143][ T789] netlink: 20 bytes leftover after parsing attributes in process `syz.0.187'. [ 36.230049][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.247742][ T24] usb 2-1: config 0 descriptor?? [ 36.248507][ T102] loop2: p1 < > p4 [ 36.268637][ T102] loop2: p4 size 8388608 extends beyond EOD, truncated [ 36.304659][ T28] audit: type=1400 audit(1736532984.811:224): avc: denied { read write } for pid=786 comm="syz.2.186" name="loop2p4" dev="devtmpfs" ino=559 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 36.353834][ T28] audit: type=1400 audit(1736532984.841:225): avc: denied { open } for pid=786 comm="syz.2.186" path="/dev/loop2p4" dev="devtmpfs" ino=559 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 36.381900][ T298] syz-executor: attempt to access beyond end of device [ 36.381900][ T298] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 36.491616][ T810] Illegal XDP return value 4291235840 on prog (id 88) dev N/A, expect packet loss! [ 36.658835][ T24] isku 0003:1E7D:319C.0001: invalid report_size 23040 [ 36.665433][ T24] isku 0003:1E7D:319C.0001: item 0 2 1 7 parsing failed [ 36.686073][ T24] isku 0003:1E7D:319C.0001: parse failed [ 36.691803][ T24] isku: probe of 0003:1E7D:319C.0001 failed with error -22 [ 36.697734][ T6] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 36.873288][ T328] usb 2-1: USB disconnect, device number 2 [ 36.897692][ T6] usb 3-1: Using ep0 maxpacket: 8 [ 36.903766][ T6] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 36.911999][ T6] usb 3-1: config 0 has no interface number 0 [ 36.920253][ T6] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 36.929484][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.937432][ T6] usb 3-1: Product: syz [ 36.941704][ T6] usb 3-1: Manufacturer: syz [ 36.946171][ T6] usb 3-1: SerialNumber: syz [ 36.953847][ T6] usb 3-1: config 0 descriptor?? [ 36.967666][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 37.147721][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 37.153689][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 37.162203][ T6] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 37.165212][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 37.178567][ T6] usb 3-1: No valid video chain found. [ 37.187604][ T6] usb 3-1: USB disconnect, device number 2 [ 37.188873][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 37.203680][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.211734][ T24] usb 5-1: Product: syz [ 37.215781][ T24] usb 5-1: Manufacturer: syz [ 37.220387][ T24] usb 5-1: SerialNumber: syz [ 37.347904][ T28] audit: type=1400 audit(1736532985.861:226): avc: denied { mount } for pid=844 comm="syz.3.210" name="/" dev="pstore" ino=14248 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 37.348765][ T845] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 37.407381][ T28] audit: type=1400 audit(1736532985.911:227): avc: denied { unmount } for pid=298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 37.438711][ T24] usb 5-1: 0:1 : does not exist [ 37.467534][ T24] usb 5-1: USB disconnect, device number 3 [ 37.574264][ T28] audit: type=1326 audit(1736532986.081:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.0.204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc83ad85d29 code=0x7fc00000 [ 37.671936][ T28] audit: type=1400 audit(1736532986.181:229): avc: denied { bind } for pid=869 comm="syz.3.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 37.697028][ T28] audit: type=1400 audit(1736532986.201:230): avc: denied { write } for pid=871 comm="syz.3.222" path="socket:[17325]" dev="sockfs" ino=17325 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 37.817278][ T876] loop3: detected capacity change from 0 to 40427 [ 37.824037][ T876] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 37.831990][ T876] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 37.840913][ T876] F2FS-fs (loop3): invalid crc value [ 37.847202][ T876] F2FS-fs (loop3): Found nat_bits in checkpoint [ 37.870170][ T876] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 37.877107][ T876] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 37.884374][ T319] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.909317][ T876] syz.3.224: attempt to access beyond end of device [ 37.909317][ T876] loop3: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 37.923155][ T876] syz.3.224: attempt to access beyond end of device [ 37.923155][ T876] loop3: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 37.938675][ T876] F2FS-fs (loop3): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 37.938763][ T876] F2FS-fs (loop3): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 38.069405][ T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.109724][ T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.122005][ T319] usb 1-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 38.123016][ T896] netlink: 12 bytes leftover after parsing attributes in process `syz.3.231'. [ 38.131165][ T319] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.146028][ T884] loop4: detected capacity change from 0 to 40427 [ 38.149131][ T319] usb 1-1: config 0 descriptor?? [ 38.180208][ T884] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 38.187844][ T884] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 38.188820][ T884] F2FS-fs (loop4): invalid crc value [ 38.204878][ T884] F2FS-fs (loop4): Found nat_bits in checkpoint [ 38.233621][ T884] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 38.240529][ T884] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 38.372069][ T911] loop4: detected capacity change from 0 to 512 [ 38.421142][ T911] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 38.434985][ T911] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.457810][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 38.474376][ T911] capability: warning: `syz.4.235' uses 32-bit capabilities (legacy support in use) [ 38.513016][ T300] EXT4-fs (loop4): unmounting filesystem. [ 38.570656][ T319] elecom 0003:056E:00FE.0002: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.0-1/input0 [ 38.582212][ T942] loop3: detected capacity change from 0 to 256 [ 38.590313][ T942] exfat: Deprecated parameter 'utf8' [ 38.596590][ T942] exfat: Deprecated parameter 'namecase' [ 38.602326][ T942] exfat: Deprecated parameter 'utf8' [ 38.615673][ T945] loop1: detected capacity change from 0 to 128 [ 38.617156][ T942] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 38.625572][ T945] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 38.649863][ T945] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.659960][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.670739][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.689240][ T947] device bridge1 entered promiscuous mode [ 38.695518][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 38.708361][ T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 38.708460][ T326] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.717194][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.718063][ T24] usb 3-1: config 0 descriptor?? [ 38.771186][ T954] loop1: detected capacity change from 0 to 512 [ 38.785729][ T954] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a816c098, mo2=0002] [ 38.793698][ T954] System zones: 1-12 [ 38.798586][ T6] usb 1-1: USB disconnect, device number 2 [ 38.798625][ T954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.256: inode #1: comm syz.1.256: iget: illegal inode # [ 38.817007][ T954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.256: error while reading EA inode 1 err=-117 [ 38.829298][ T954] EXT4-fs (loop1): 1 orphan inode deleted [ 38.834853][ T954] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 38.862975][ T954] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.256: invalid indirect mapped block 234881024 (level 0) [ 38.883798][ T297] EXT4-fs (loop1): unmounting filesystem. [ 38.902953][ T961] process 'syz.1.258' launched './file0' with NULL argv: empty string added [ 38.989482][ T970] loop3: detected capacity change from 0 to 128 [ 39.033289][ T976] loop3: detected capacity change from 0 to 512 [ 39.041467][ T976] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 39.060782][ T298] EXT4-fs (loop3): unmounting filesystem. [ 39.142841][ T24] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 39.150501][ T24] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 39.159173][ T24] plantronics 0003:047F:FFFF.0003: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 39.418573][ T24] usb 3-1: USB disconnect, device number 3 [ 39.526964][ T1000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.276'. [ 39.536532][ T1000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.276'. [ 39.554758][ T1002] SELinux: policydb version 0 does not match my version range 15-33 [ 39.563025][ T1002] SELinux: failed to load policy [ 39.629817][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.637177][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.644361][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.651720][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.658941][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.666131][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.673931][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.681152][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.688362][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.695531][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.703008][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.710210][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.717397][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.724621][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.731843][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.739071][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.746233][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.753471][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.760675][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.767866][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.775036][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.782378][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.789627][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.796787][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.804014][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.811254][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.818431][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.825607][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.832878][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.840064][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.847225][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.854460][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.861669][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.869015][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.876275][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.883499][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.892643][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.900196][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.907544][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.914973][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.922284][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.929740][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.936995][ T39] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 39.944701][ T39] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 40.102909][ T1044] loop1: detected capacity change from 0 to 256 [ 40.247689][ T328] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 40.271202][ T1048] loop4: detected capacity change from 0 to 128 [ 40.293687][ T1050] loop4: detected capacity change from 0 to 512 [ 40.300416][ T1050] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 40.312051][ T1050] EXT4-fs (loop4): 1 truncate cleaned up [ 40.317493][ T1050] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 40.357673][ T39] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 40.427683][ T328] usb 3-1: Using ep0 maxpacket: 32 [ 40.433687][ T328] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.443671][ T328] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 40.452447][ T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.460889][ T328] usb 3-1: config 0 descriptor?? [ 40.538691][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.549440][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.558946][ T39] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 40.567888][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.576337][ T39] usb 4-1: config 0 descriptor?? [ 40.607670][ T6] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 40.669097][ T328] usb 3-1: USB disconnect, device number 4 [ 40.788097][ T6] usb 5-1: no configurations [ 40.792535][ T6] usb 5-1: can't read configurations, error -22 [ 40.929410][ T1080] syz.0.311[1080] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.929456][ T1080] syz.0.311[1080] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.952017][ T6] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 40.989835][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 40.996886][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 41.005377][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 41.012520][ T1086] loop1: detected capacity change from 0 to 1024 [ 41.018840][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 41.025771][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 41.032594][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 41.040011][ T39] uclogic 0003:5543:0042.0005: unknown main item tag 0x0 [ 41.040108][ T1086] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 41.047046][ T39] uclogic 0003:5543:0042.0005: No inputs registered, leaving [ 41.065568][ T39] uclogic 0003:5543:0042.0005: hidraw0: USB HID v0.00 Device [HID 5543:0042] on usb-dummy_hcd.3-1/input0 [ 41.069492][ T1086] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 41.106034][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 41.106049][ T28] audit: type=1400 audit(1736532989.611:264): avc: denied { execute } for pid=1085 comm="syz.1.314" path="/50/file1/bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 41.135302][ T297] EXT4-fs (loop1): unmounting filesystem. [ 41.158597][ T28] audit: type=1400 audit(1736532989.671:265): avc: denied { execute } for pid=1092 comm="syz.1.316" name="file0" dev="tmpfs" ino=293 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 41.180543][ T28] audit: type=1400 audit(1736532989.671:266): avc: denied { execute_no_trans } for pid=1092 comm="syz.1.316" path="/52/file0" dev="tmpfs" ino=293 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 41.205473][ T6] usb 5-1: no configurations [ 41.214244][ T6] usb 5-1: can't read configurations, error -22 [ 41.221054][ T6] usb usb5-port1: attempt power cycle [ 41.231747][ T319] usb 4-1: USB disconnect, device number 2 [ 41.373290][ T28] audit: type=1400 audit(1736532989.881:267): avc: denied { append } for pid=1116 comm="syz.2.327" name="001" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 41.421083][ T1121] loop1: detected capacity change from 0 to 4096 [ 41.429642][ T1121] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 41.440267][ T28] audit: type=1400 audit(1736532989.951:268): avc: denied { mounton } for pid=1120 comm="syz.1.329" path="/57/file0/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 41.444698][ T1121] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 41.463801][ T28] audit: type=1400 audit(1736532989.951:269): avc: denied { remount } for pid=1120 comm="syz.1.329" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 41.497795][ T297] EXT4-fs (loop1): unmounting filesystem. [ 41.627686][ T6] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 41.658496][ T6] usb 5-1: no configurations [ 41.663011][ T6] usb 5-1: can't read configurations, error -22 [ 41.669788][ T1130] loop1: detected capacity change from 0 to 40427 [ 41.676662][ T1130] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 41.684225][ T1130] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 41.692437][ T1130] F2FS-fs (loop1): fault_injection options not supported [ 41.699924][ T1130] F2FS-fs (loop1): invalid crc value [ 41.706023][ T1130] F2FS-fs (loop1): Found nat_bits in checkpoint [ 41.728055][ T1130] F2FS-fs (loop1): Start checkpoint disabled! [ 41.734676][ T1130] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 41.741585][ T1130] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 41.762895][ T1134] input: syz1 as /devices/virtual/input/input7 [ 41.772054][ T28] audit: type=1400 audit(1736532990.281:270): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=605 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.777487][ T1130] F2FS-fs (loop1): access invalid blkaddr:3 [ 41.797852][ T28] audit: type=1400 audit(1736532990.281:271): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=605 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.823206][ T1130] CPU: 1 PID: 1130 Comm: syz.1.332 Not tainted 6.1.118-syzkaller-00015-g770852bf7d99 #0 [ 41.824485][ T6] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 41.832746][ T1130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 41.832761][ T1130] Call Trace: [ 41.832777][ T1130] [ 41.832784][ T1130] dump_stack_lvl+0x151/0x1b7 [ 41.832809][ T1130] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 41.832827][ T1130] ? f2fs_get_next_page_offset+0x770/0x770 [ 41.832849][ T1130] dump_stack+0x15/0x18 [ 41.832864][ T1130] __f2fs_is_valid_blkaddr+0xda6/0x1450 [ 41.852052][ T28] audit: type=1400 audit(1736532990.281:272): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=605 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.853315][ T1130] f2fs_is_valid_blkaddr+0x25/0x30 [ 41.853340][ T1130] f2fs_map_blocks+0xd16/0x4340 [ 41.878380][ T6] usb 5-1: no configurations [ 41.880925][ T1130] ? avc_has_perm_noaudit+0x2dd/0x430 [ 41.905578][ T6] usb 5-1: can't read configurations, error -22 [ 41.910259][ T1130] ? f2fs_map_lock+0x260/0x260 [ 41.910287][ T1130] ? rwsem_write_trylock+0x153/0x340 [ 41.910306][ T1130] ? __wake_up_bit+0x2b0/0x2b0 [ 41.910327][ T1130] f2fs_precache_extents+0x282/0x440 [ 41.915425][ T6] usb usb5-port1: unable to enumerate USB device [ 41.919365][ T1130] ? f2fs_pin_file_control+0x1e0/0x1e0 [ 41.919393][ T1130] ? __kasan_check_write+0x14/0x20 [ 41.919408][ T1130] ? __switch_to+0x62c/0x1190 [ 41.971010][ T1130] f2fs_fiemap+0x179/0x1e20 [ 41.975352][ T1130] ? __update_idle_core+0x310/0x310 [ 41.980379][ T1130] ? avc_has_extended_perms+0x90b/0x10f0 [ 41.985848][ T1130] ? memcpy+0x56/0x70 [ 41.989670][ T1130] ? f2fs_overwrite_io+0x310/0x310 [ 41.994611][ T1130] ? avc_has_extended_perms+0xad7/0x10f0 [ 42.000083][ T1130] ? __kasan_check_write+0x14/0x20 [ 42.005029][ T1130] ? f2fs_overwrite_io+0x310/0x310 [ 42.010003][ T1130] do_vfs_ioctl+0x182a/0x29a0 [ 42.014489][ T1130] ? __x64_compat_sys_ioctl+0x90/0x90 [ 42.019698][ T1130] ? futex_unqueue+0x110/0x140 [ 42.024307][ T1130] ? futex_wait_setup+0x330/0x330 [ 42.029171][ T1130] ? ioctl_has_perm+0x1f8/0x560 [ 42.033846][ T1130] ? ioctl_has_perm+0x3f0/0x560 [ 42.038539][ T1130] ? has_cap_mac_admin+0x3c0/0x3c0 [ 42.043482][ T1130] ? putname+0xfa/0x150 [ 42.047469][ T1130] ? do_futex+0x55a/0x9a0 [ 42.051650][ T1130] ? selinux_file_ioctl+0x3cc/0x540 [ 42.056672][ T1130] ? selinux_file_alloc_security+0x120/0x120 [ 42.062484][ T1130] ? __htab_map_lookup_elem+0x1c6/0x240 [ 42.067870][ T1130] ? __fget_files+0x2cb/0x330 [ 42.072404][ T1130] ? security_file_ioctl+0x84/0xb0 [ 42.077329][ T1130] __se_sys_ioctl+0x99/0x190 [ 42.081762][ T1130] __x64_sys_ioctl+0x7b/0x90 [ 42.086180][ T1130] x64_sys_call+0x98/0x9a0 [ 42.090435][ T1130] do_syscall_64+0x3b/0xb0 [ 42.094685][ T1130] ? clear_bhb_loop+0x55/0xb0 [ 42.099200][ T1130] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.104924][ T1130] RIP: 0033:0x7fcca2985d29 [ 42.109181][ T1130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.127688][ T301] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 42.128620][ T1130] RSP: 002b:00007fcca3793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.128643][ T1130] RAX: ffffffffffffffda RBX: 00007fcca2b75fa0 RCX: 00007fcca2985d29 [ 42.152058][ T1130] RDX: 0000000020000180 RSI: 00000000c020660b RDI: 0000000000000004 [ 42.159872][ T1130] RBP: 00007fcca2a01b08 R08: 0000000000000000 R09: 0000000000000000 [ 42.167695][ T1130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.175492][ T1130] R13: 0000000000000000 R14: 00007fcca2b75fa0 R15: 00007fff17e7c2d8 [ 42.183313][ T1130] [ 42.199424][ T28] audit: type=1400 audit(1736532990.711:273): avc: denied { setopt } for pid=1138 comm="syz.2.335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 42.224652][ T1141] loop3: detected capacity change from 0 to 256 [ 42.240583][ T326] Bluetooth: hci0: Frame reassembly failed (-84) [ 42.250314][ T1141] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 42.276147][ T326] kworker/u4:3: attempt to access beyond end of device [ 42.276147][ T326] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 42.319302][ T301] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 42.334442][ T301] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 42.346594][ T6] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 42.356016][ T301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.371830][ T301] usb 1-1: config 0 descriptor?? [ 42.395603][ T1153] loop3: detected capacity change from 0 to 512 [ 42.406291][ T1153] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.342: casefold flag without casefold feature [ 42.419561][ T1153] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.342: couldn't read orphan inode 15 (err -117) [ 42.431353][ T1153] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 42.454912][ T298] EXT4-fs (loop3): unmounting filesystem. [ 42.467729][ T1160] tmpfs: Unknown parameter 'e' [ 42.548059][ T6] usb 5-1: no configurations [ 42.552612][ T6] usb 5-1: can't read configurations, error -22 [ 42.572374][ T1178] SELinux: policydb version 4376 does not match my version range 15-33 [ 42.580770][ T1178] SELinux: failed to load policy [ 42.586634][ T301] usb 1-1: USB disconnect, device number 3 [ 42.727737][ T6] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 42.781848][ T1194] loop1: detected capacity change from 0 to 512 [ 42.799383][ T1194] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 42.808277][ T1194] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 42.828384][ T297] EXT4-fs (loop1): unmounting filesystem. [ 42.883979][ T1202] loop1: detected capacity change from 0 to 1024 [ 42.890628][ T1202] EXT4-fs: Ignoring removed nobh option [ 42.896132][ T1202] EXT4-fs: Ignoring removed bh option [ 42.901513][ T1202] EXT4-fs: Ignoring removed nobh option [ 42.917735][ T1202] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 42.926305][ T6] usb 5-1: no configurations [ 42.931772][ T6] usb 5-1: can't read configurations, error -22 [ 42.933530][ T1202] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.372: Allocating blocks 385-513 which overlap fs metadata [ 42.940523][ T6] usb usb5-port1: attempt power cycle [ 42.960070][ T1202] EXT4-fs (loop1): pa ffff888136e0da80: logic 16, phys. 129, len 24 [ 42.967951][ T1202] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 42.985812][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.992828][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.001374][ T297] EXT4-fs (loop1): unmounting filesystem. [ 43.083430][ T1213] loop3: detected capacity change from 0 to 512 [ 43.113548][ T1213] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 43.158652][ T1213] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 43.179088][ T1213] ext4 filesystem being mounted at /112/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.235612][ T298] EXT4-fs (loop3): unmounting filesystem. [ 43.259730][ T1240] SELinux: policydb version 0 does not match my version range 15-33 [ 43.273536][ T1240] SELinux: failed to load policy [ 43.305504][ T300] EXT4-fs (loop4): unmounting filesystem. [ 43.368276][ T6] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 43.392771][ T1258] netlink: 28 bytes leftover after parsing attributes in process `syz.0.385'. [ 43.443644][ T1263] loop0: detected capacity change from 0 to 256 [ 43.464508][ T1263] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 43.502618][ T1263] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 43.559343][ T1263] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000006) [ 43.577727][ T1263] exFAT-fs (loop0): Filesystem has been set read-only [ 43.595002][ T1263] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000006) [ 43.640128][ T1274] loop0: detected capacity change from 0 to 128 [ 43.827691][ T6] usb 5-1: device not accepting address 10, error -71 [ 44.263994][ T1291] loop3: detected capacity change from 0 to 256 [ 44.275244][ T1291] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 44.280793][ T1290] loop1: detected capacity change from 0 to 2048 [ 44.295358][ T1290] EXT4-fs: Ignoring removed i_version option [ 44.307688][ T515] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 44.307705][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 44.348525][ T1290] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 44.381040][ T1290] EXT4-fs (loop1): Online resizing not supported with bigalloc [ 44.403425][ T297] EXT4-fs (loop1): unmounting filesystem. [ 44.469923][ T1313] loop0: detected capacity change from 0 to 16 [ 44.476409][ T1313] erofs: (device loop0): mounted with root inode @ nid 36. [ 44.494175][ T1313] syz.0.409: attempt to access beyond end of device [ 44.494175][ T1313] loop0: rw=0, sector=14546590680, nr_sectors = 16 limit=16 [ 44.509466][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 44.518393][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 44.527297][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 44.536565][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 34 @ nid 36 [ 44.553099][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 32 @ nid 36 [ 44.563831][ T1313] syz.0.409: attempt to access beyond end of device [ 44.563831][ T1313] loop0: rw=524288, sector=72, nr_sectors = 16 limit=16 [ 44.568088][ T1297] loop2: detected capacity change from 0 to 40427 [ 44.577502][ T1313] syz.0.409: attempt to access beyond end of device [ 44.577502][ T1313] loop0: rw=524288, sector=24, nr_sectors = 8 limit=16 [ 44.592494][ T1297] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 44.597277][ T1313] syz.0.409: attempt to access beyond end of device [ 44.597277][ T1313] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 44.617141][ T1297] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 44.618036][ T1297] F2FS-fs (loop2): invalid crc value [ 44.625527][ T1313] syz.0.409: attempt to access beyond end of device [ 44.625527][ T1313] loop0: rw=524288, sector=221968, nr_sectors = 8 limit=16 [ 44.636084][ T1297] F2FS-fs (loop2): Found nat_bits in checkpoint [ 44.643965][ T1313] syz.0.409: attempt to access beyond end of device [ 44.643965][ T1313] loop0: rw=524288, sector=14552337248, nr_sectors = 16 limit=16 [ 44.650117][ T319] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 44.664279][ T1313] syz.0.409: attempt to access beyond end of device [ 44.664279][ T1313] loop0: rw=524288, sector=14546590680, nr_sectors = 8 limit=16 [ 44.685686][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 44.694791][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 84 @ nid 36 [ 44.701977][ T1297] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 44.703848][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 80 @ nid 36 [ 44.710765][ T1297] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 44.719749][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 44.737132][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 44.752115][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 44.766847][ T1313] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 44.778530][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 63 @ nid 36 [ 44.787415][ T1313] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 44.796579][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 62 @ nid 36 [ 44.796892][ T326] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 44.805559][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 44.823371][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 44.830174][ T326] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 44.832453][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 44.849865][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 44.858756][ T319] usb 4-1: Using ep0 maxpacket: 16 [ 44.863783][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 52 @ nid 36 [ 44.872772][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 44.886465][ T319] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.901346][ T319] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.911031][ T1313] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 44.920228][ T319] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 44.929276][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 44.938172][ T319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.946076][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 44.947801][ T6] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 44.955458][ T1313] erofs: (device loop0): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 44.973917][ T319] usb 4-1: config 0 descriptor?? [ 44.977771][ T1313] syz.0.409: attempt to access beyond end of device [ 44.977771][ T1313] loop0: rw=524288, sector=14425508768, nr_sectors = 8 limit=16 [ 44.998613][ T1313] syz.0.409: attempt to access beyond end of device [ 44.998613][ T1313] loop0: rw=524288, sector=15353996136, nr_sectors = 8 limit=16 [ 45.019174][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.045949][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.059868][ T6] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 45.077668][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.091001][ T1337] loop2: detected capacity change from 0 to 1024 [ 45.097545][ T6] usb 5-1: config 0 descriptor?? [ 45.103714][ T1337] EXT4-fs: Ignoring removed i_version option [ 45.117971][ T1337] EXT4-fs: Ignoring removed i_version option [ 45.132287][ T1337] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 45.143284][ T1337] EXT4-fs (loop2): unmounting filesystem. [ 45.278719][ T1357] SELinux: Context : is not valid (left unmapped). [ 45.395784][ T319] appleir 0003:05AC:8241.0006: unknown main item tag 0x0 [ 45.413176][ T319] appleir 0003:05AC:8241.0006: unknown main item tag 0x0 [ 45.420111][ T319] appleir 0003:05AC:8241.0006: unknown main item tag 0x0 [ 45.426927][ T319] appleir 0003:05AC:8241.0006: unknown main item tag 0x0 [ 45.447674][ T319] appleir 0003:05AC:8241.0006: unknown main item tag 0x0 [ 45.454681][ T319] appleir 0003:05AC:8241.0006: No inputs registered, leaving [ 45.478723][ T319] appleir 0003:05AC:8241.0006: hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0 [ 45.567701][ T301] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 45.688688][ T328] usb 4-1: USB disconnect, device number 3 [ 45.748770][ T301] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 45.766327][ T301] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 45.789241][ T301] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 45.806494][ T301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.821350][ T1359] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 45.860880][ T1366] netlink: 20 bytes leftover after parsing attributes in process `syz.1.428'. [ 45.907169][ T6] hid-led 0003:27B8:01ED.0007: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.4-1/input0 [ 45.920295][ T6] hid-led 0003:27B8:01ED.0007: ThingM blink(1) initialized [ 46.037485][ T1359] loop0: detected capacity change from 0 to 1024 [ 46.059065][ T1359] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 46.154623][ T319] usb 5-1: USB disconnect, device number 11 [ 46.275410][ T301] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 46.287505][ T301] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input10 [ 46.289512][ T1401] syz.1.443[1401] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.296725][ T1401] syz.1.443[1401] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.330846][ T301] usb 1-1: USB disconnect, device number 4 [ 46.330882][ C0] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 46.435421][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 46.435436][ T28] audit: type=1400 audit(1736532994.941:282): avc: denied { create } for pid=1403 comm="syz.1.444" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 46.462806][ T1404] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 46.474915][ T1404] FAT-fs (loop3): unable to read boot sector [ 46.480978][ T28] audit: type=1400 audit(1736532994.971:283): avc: denied { mounton } for pid=1403 comm="syz.1.444" path="/100/file0" dev="tmpfs" ino=543 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 46.515846][ T28] audit: type=1400 audit(1736532995.021:284): avc: denied { unlink } for pid=297 comm="syz-executor" name="file0" dev="tmpfs" ino=543 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 46.578003][ T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 46.760154][ T6] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 46.777668][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.789139][ T296] EXT4-fs (loop0): unmounting filesystem. [ 46.795634][ T6] usb 4-1: Product: syz [ 46.806006][ T6] usb 4-1: Manufacturer: syz [ 46.815805][ T6] usb 4-1: SerialNumber: syz [ 46.832998][ T6] r8152-cfgselector 4-1: config 0 descriptor?? [ 47.049976][ T6] r8152-cfgselector 4-1: Unknown version 0x0000 [ 47.052325][ T1412] loop4: detected capacity change from 0 to 40427 [ 47.057840][ T6] r8152-cfgselector 4-1: Unknown version 0x0020 [ 47.078251][ T1412] F2FS-fs (loop4): fault_type options not supported [ 47.106610][ T1412] F2FS-fs (loop4): invalid crc value [ 47.118481][ T1412] F2FS-fs (loop4): Found nat_bits in checkpoint [ 47.173732][ T1412] F2FS-fs (loop4): Start checkpoint disabled! [ 47.188332][ T1412] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 47.275563][ T301] r8152-cfgselector 4-1: USB disconnect, device number 4 [ 47.328097][ T1430] loop0: detected capacity change from 0 to 512 [ 47.343690][ T1430] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 47.358874][ T1430] EXT4-fs (loop0): mount failed [ 47.406243][ T28] audit: type=1400 audit(1736532995.911:285): avc: denied { ioctl } for pid=1440 comm="syz.1.459" path="socket:[20678]" dev="sockfs" ino=20678 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 47.443757][ T28] audit: type=1400 audit(1736532995.941:286): avc: denied { nlmsg_read } for pid=1443 comm="syz.1.461" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 47.474554][ T28] audit: type=1400 audit(1736532995.981:287): avc: denied { getopt } for pid=1451 comm="syz.4.465" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.507658][ T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 47.524699][ T1463] random: crng reseeded on system resumption [ 47.530866][ T28] audit: type=1400 audit(1736532995.991:288): avc: denied { mount } for pid=1453 comm="syz.0.463" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 47.559928][ T28] audit: type=1400 audit(1736532996.001:289): avc: denied { watch } for pid=1453 comm="syz.0.463" path="/106/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 47.582251][ T28] audit: type=1400 audit(1736532996.001:290): avc: denied { unmount } for pid=1453 comm="syz.0.463" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 47.604596][ T28] audit: type=1400 audit(1736532996.031:291): avc: denied { write } for pid=1462 comm="syz.1.469" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 47.633563][ T1467] syz.1.471 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 47.662866][ T1471] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.699367][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.713528][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.723444][ T6] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 47.732525][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.744493][ T6] usb 3-1: config 0 descriptor?? [ 47.753541][ T1481] loop0: detected capacity change from 0 to 512 [ 47.760793][ T1481] EXT4-fs: Ignoring removed i_version option [ 47.767146][ T1481] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 47.784368][ T1481] EXT4-fs (loop0): 1 truncate cleaned up [ 47.792614][ T1481] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 47.805885][ T1487] loop4: detected capacity change from 0 to 512 [ 47.815399][ T1487] EXT4-fs: Ignoring removed mblk_io_submit option [ 47.830073][ T1487] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 47.839756][ T1489] loop3: detected capacity change from 0 to 1024 [ 47.851489][ T1487] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 47.854552][ T296] EXT4-fs (loop0): unmounting filesystem. [ 47.859360][ T1487] System zones: 1-12 [ 47.870768][ T1487] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.479: corrupted in-inode xattr [ 47.883203][ T1487] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.479: couldn't read orphan inode 15 (err -117) [ 47.906817][ T1487] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 47.924609][ T1489] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 47.942522][ T1502] loop1: detected capacity change from 0 to 128 [ 47.962512][ T300] EXT4-fs (loop4): unmounting filesystem. [ 47.977377][ T1502] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 47.985970][ T1502] ext4 filesystem being mounted at /114/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 48.067513][ T1512] 9pnet: p9_errstr2errno: server reported unknown error  [ 48.068478][ T1510] loop0: detected capacity change from 0 to 256 [ 48.081904][ T297] EXT4-fs (loop1): unmounting filesystem. [ 48.119222][ T1518] xt_TCPMSS: Only works on TCP SYN packets [ 48.156324][ T6] holtek 0003:1241:5015.0008: unknown main item tag 0x0 [ 48.163890][ T6] holtek 0003:1241:5015.0008: unknown main item tag 0x0 [ 48.171041][ T6] holtek 0003:1241:5015.0008: unknown main item tag 0x0 [ 48.180559][ T6] holtek 0003:1241:5015.0008: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.2-1/input0 [ 48.193256][ T6] holtek 0003:1241:5015.0008: no inputs found [ 48.361412][ T6] usb 3-1: USB disconnect, device number 5 [ 48.370602][ T301] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 48.496520][ T1548] loop0: detected capacity change from 0 to 512 [ 48.508841][ T1548] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 48.517706][ T1548] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.536029][ T296] EXT4-fs (loop0): unmounting filesystem. [ 48.558829][ T301] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 48.569217][ T301] usb 4-1: config 0 has no interfaces? [ 48.576595][ T301] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 48.585792][ T301] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.593894][ T301] usb 4-1: Product: syz [ 48.598091][ T301] usb 4-1: Manufacturer: syz [ 48.602798][ T301] usb 4-1: SerialNumber: syz [ 48.610519][ T301] usb 4-1: config 0 descriptor?? [ 48.652385][ T1564] loop0: detected capacity change from 0 to 256 [ 48.717776][ T1360] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 48.818225][ T301] usb 4-1: USB disconnect, device number 5 [ 48.897697][ T1360] usb 2-1: Using ep0 maxpacket: 8 [ 48.903737][ T1360] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 48.912197][ T1360] usb 2-1: config 0 has no interface number 0 [ 48.919826][ T1360] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 48.929022][ T1360] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.936823][ T1360] usb 2-1: Product: syz [ 48.941048][ T1360] usb 2-1: Manufacturer: syz [ 48.945506][ T1360] usb 2-1: SerialNumber: syz [ 48.959579][ T1360] usb 2-1: config 0 descriptor?? [ 49.174085][ T1360] usb 2-1: Found UVC 0.04 device syz (046d:08c3) [ 49.181552][ T1360] usb 2-1: No valid video chain found. [ 49.198229][ T1360] usb 2-1: USB disconnect, device number 3 [ 49.345843][ T1579] loop3: detected capacity change from 0 to 1024 [ 49.358437][ T1579] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (1764!=20869) [ 49.370102][ T1579] EXT4-fs (loop3): invalid journal inode [ 49.380848][ T1579] EXT4-fs (loop3): can't get journal size [ 49.387299][ T1579] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 49.411633][ T1579] EXT4-fs (loop3): shut down requested (2) [ 49.423398][ T298] EXT4-fs (loop3): unmounting filesystem. [ 49.638896][ T1585] loop3: detected capacity change from 0 to 40427 [ 49.651786][ T1585] F2FS-fs (loop3): fault_injection options not supported [ 49.661822][ T1585] F2FS-fs (loop3): invalid crc value [ 49.672931][ T1585] F2FS-fs (loop3): Found nat_bits in checkpoint [ 49.710946][ T1585] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 49.760857][ T1594] bio_check_eod: 11 callbacks suppressed [ 49.760876][ T1594] f2fs_ckpt-7:3: attempt to access beyond end of device [ 49.760876][ T1594] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 49.927704][ T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 49.952172][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 49.959801][ T1604] loop3: detected capacity change from 0 to 512 [ 49.967498][ T1606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.529'. [ 49.976394][ T1606] netlink: 24 bytes leftover after parsing attributes in process `syz.4.529'. [ 49.996677][ T1608] loop4: detected capacity change from 0 to 1024 [ 49.999055][ T1604] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 50.011711][ T1604] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.028936][ T1608] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 50.052213][ T1604] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 50.053038][ T300] EXT4-fs (loop4): unmounting filesystem. [ 50.078163][ T298] EXT4-fs (loop3): unmounting filesystem. [ 50.120126][ T6] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 50.136238][ T1616] loop3: detected capacity change from 0 to 1024 [ 50.144642][ T6] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 50.153515][ T1616] ext4: Bad value for 'commit' [ 50.162461][ T6] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 50.179147][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.192839][ T1593] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 50.296535][ T1635] mmap: syz.3.540 (1635) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 50.296854][ T1614] loop4: detected capacity change from 0 to 40427 [ 50.338476][ T1614] F2FS-fs (loop4): Image doesn't support compression [ 50.346227][ T1614] F2FS-fs (loop4): invalid crc value [ 50.356986][ T1614] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 50.396537][ T1614] F2FS-fs (loop4): Start checkpoint disabled! [ 50.409268][ T1650] syz.0.546[1650] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.409347][ T1650] syz.0.546[1650] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.421388][ T1593] loop2: detected capacity change from 0 to 1024 [ 50.442925][ T1614] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 50.481931][ T1593] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 50.511510][ T24] kernel write not supported for file bpf-prog (pid: 24 comm: kworker/1:0) [ 50.560154][ T1671] loop0: detected capacity change from 0 to 512 [ 50.571361][ T1671] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.556: corrupted inode contents [ 50.583168][ T1671] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #16: comm syz.0.556: mark_inode_dirty error [ 50.594509][ T1671] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.556: corrupted inode contents [ 50.606303][ T1671] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.556: mark_inode_dirty error [ 50.617732][ T1671] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.556: corrupted inode contents [ 50.629508][ T1671] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 50.638044][ T1671] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.556: corrupted inode contents [ 50.649791][ T1671] EXT4-fs error (device loop0): ext4_truncate:4313: inode #16: comm syz.0.556: mark_inode_dirty error [ 50.660823][ T1671] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 50.670116][ T1671] EXT4-fs (loop0): 1 truncate cleaned up [ 50.675845][ T1671] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 50.685071][ T1671] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.696075][ T326] EXT4-fs error (device loop0): ext4_release_dquot:6811: comm kworker/u4:3: Failed to release dquot type 1 [ 50.708126][ T6] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 50.723190][ T6] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input11 [ 50.724667][ T6] usb 3-1: USB disconnect, device number 6 [ 50.733005][ C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 50.748934][ T296] EXT4-fs (loop0): unmounting filesystem. [ 50.777731][ T301] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 50.959593][ T301] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 50.967455][ T301] usb 5-1: config 0 has no interface number 0 [ 50.973430][ T301] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.985412][ T301] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.995801][ T301] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 51.004696][ T301] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.032144][ T301] usb 5-1: config 0 descriptor?? [ 51.227702][ T319] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 51.243882][ T299] EXT4-fs (loop2): unmounting filesystem. [ 51.260258][ T1726] loop2: detected capacity change from 0 to 1024 [ 51.269228][ T1726] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.578: Invalid block bitmap block 0 in block_group 0 [ 51.282821][ T1726] EXT4-fs error (device loop2): ext4_acquire_dquot:6788: comm syz.2.578: Failed to acquire dquot type 0 [ 51.294253][ T1726] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz.2.578: Freeing blocks not in datazone - block = 0, count = 4096 [ 51.307529][ T1726] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.578: Invalid inode bitmap blk 0 in block_group 0 [ 51.319951][ T326] EXT4-fs error (device loop2): ext4_release_dquot:6811: comm kworker/u4:3: Failed to release dquot type 0 [ 51.320091][ T1726] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 51.339753][ T1726] EXT4-fs (loop2): 1 orphan inode deleted [ 51.345294][ T1726] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 51.374790][ T1726] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz.2.578: path /74/file2: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 51.399007][ T299] EXT4-fs (loop2): unmounting filesystem. [ 51.438815][ T319] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 51.449541][ T319] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 51.449987][ T301] prodikeys 0003:041E:2801.0009: unbalanced delimiter at end of report description [ 51.459163][ T319] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 51.467588][ T301] prodikeys 0003:041E:2801.0009: hid parse failed [ 51.482645][ T301] prodikeys: probe of 0003:041E:2801.0009 failed with error -22 [ 51.490518][ T319] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 51.499089][ T319] usb 1-1: SerialNumber: syz [ 51.517199][ T1734] input: syz0 as /devices/virtual/input/input12 [ 51.544996][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 51.545010][ T28] audit: type=1400 audit(1736533256.057:307): avc: denied { read } for pid=1737 comm="syz.2.583" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 51.576579][ T28] audit: type=1400 audit(1736533256.057:308): avc: denied { open } for pid=1737 comm="syz.2.583" path="/79/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 51.600830][ T28] audit: type=1400 audit(1736533256.057:309): avc: denied { ioctl } for pid=1737 comm="syz.2.583" path="/79/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 51.680867][ T224] usb 5-1: USB disconnect, device number 12 [ 51.707039][ T319] usb 1-1: 0:2 : does not exist [ 51.713459][ T319] usb 1-1: USB disconnect, device number 5 [ 51.847707][ T1741] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 51.928021][ T797] udevd[797]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 51.987724][ T1293] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 51.987741][ T689] Bluetooth: hci0: command 0x1003 tx timeout [ 51.999591][ T1603] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 52.016246][ T1745] netlink: 36 bytes leftover after parsing attributes in process `syz.1.585'. [ 52.029950][ T1741] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 52.040882][ T1741] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 52.050883][ T1741] usb 3-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 52.059943][ T1741] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.068476][ T1741] usb 3-1: config 0 descriptor?? [ 52.269415][ T28] audit: type=1400 audit(1736533256.787:310): avc: denied { mounton } for pid=1775 comm="syz.4.596" path="/74/file0" dev="configfs" ino=14174 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 52.315970][ T1780] loop4: detected capacity change from 0 to 512 [ 52.332825][ T1741] usbhid 3-1:0.0: can't add hid device: -71 [ 52.342999][ T1741] usbhid: probe of 3-1:0.0 failed with error -71 [ 52.350371][ T1782] loop0: detected capacity change from 0 to 256 [ 52.356549][ T1780] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 52.369219][ T1741] usb 3-1: USB disconnect, device number 7 [ 52.377250][ T1780] EXT4-fs (loop4): external journal has bad superblock [ 52.397708][ T319] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 52.408899][ T1782] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001) [ 52.437773][ T1782] FAT-fs (loop0): Filesystem has been set read-only [ 52.454636][ T1782] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001) [ 52.554268][ T1784] loop4: detected capacity change from 0 to 40427 [ 52.560995][ T1784] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 52.568186][ T1784] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 52.577802][ T1784] F2FS-fs (loop4): fault_injection options not supported [ 52.584734][ T1784] F2FS-fs (loop4): Image doesn't support compression [ 52.591896][ T1784] F2FS-fs (loop4): invalid crc value [ 52.600996][ T1784] F2FS-fs (loop4): Found nat_bits in checkpoint [ 52.602040][ T319] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 52.619677][ T319] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 52.631709][ T319] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 52.640838][ T319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.643695][ T1784] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 52.652470][ T1753] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 52.661434][ T1784] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 52.707526][ T1784] syz.4.604: attempt to access beyond end of device [ 52.707526][ T1784] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 52.721948][ T1784] syz.4.604: attempt to access beyond end of device [ 52.721948][ T1784] loop4: rw=2049, sector=53256, nr_sectors = 16 limit=40427 [ 52.739930][ T300] syz-executor: attempt to access beyond end of device [ 52.739930][ T300] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 52.826645][ T1802] input: syz1 as /devices/virtual/input/input14 [ 52.832766][ T1802] input: failed to attach handler leds to device input14, error: -6 [ 52.887753][ T1810] input: syz0 as /devices/virtual/input/input15 [ 52.897793][ T1753] loop3: detected capacity change from 0 to 1024 [ 52.898628][ T1812] input: syz0 as /devices/virtual/input/input16 [ 52.944761][ T1753] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 53.043996][ T28] audit: type=1400 audit(1736533257.557:311): avc: denied { bind } for pid=1817 comm="syz.0.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 53.125268][ T28] audit: type=1400 audit(1736533257.557:312): avc: denied { name_bind } for pid=1817 comm="syz.0.618" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 53.155036][ T28] audit: type=1400 audit(1736533257.557:313): avc: denied { node_bind } for pid=1817 comm="syz.0.618" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 53.187314][ T1808] loop2: detected capacity change from 0 to 40427 [ 53.195333][ T319] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 53.213467][ T319] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input13 [ 53.227759][ T1838] loop0: detected capacity change from 0 to 512 [ 53.233905][ T1808] F2FS-fs (loop2): invalid crc value [ 53.234764][ T1838] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 53.241930][ T319] usb 4-1: USB disconnect, device number 6 [ 53.241962][ C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 53.263015][ T1838] EXT4-fs (loop0): 1 truncate cleaned up [ 53.269939][ T1808] F2FS-fs (loop2): Found nat_bits in checkpoint [ 53.270171][ T1838] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 53.292150][ T28] audit: type=1400 audit(1736533257.807:314): avc: denied { mounton } for pid=1837 comm="syz.0.627" path="/164/bus/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 53.322369][ T1808] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 53.335479][ T296] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 53.376227][ T299] syz-executor: attempt to access beyond end of device [ 53.376227][ T299] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 53.427689][ T1741] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 53.528898][ T28] audit: type=1400 audit(1736533258.047:315): avc: denied { mount } for pid=1851 comm="syz.2.632" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 53.552356][ T1852] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 53.569187][ T28] audit: type=1400 audit(1736533258.087:316): avc: denied { unmount } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 53.599517][ T1850] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.606432][ T1850] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.614152][ T1850] device bridge_slave_0 entered promiscuous mode [ 53.623602][ T1850] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.630791][ T1850] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.638742][ T1741] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.649741][ T1850] device bridge_slave_1 entered promiscuous mode [ 53.658191][ T1741] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.677948][ T1741] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 53.686814][ T1741] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.703463][ T1741] usb 2-1: config 0 descriptor?? [ 53.778783][ T1869] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 53.784849][ T1850] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.793648][ T1850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.800738][ T1850] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.807512][ T1850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.841526][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.843965][ T1873] syz.3.642[1873] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.849306][ T1873] syz.3.642[1873] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.860486][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.879343][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.883370][ T1873] SELinux: policydb version 0 does not match my version range 15-33 [ 53.894281][ T1873] SELinux: failed to load policy [ 53.914224][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.922391][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.929266][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.936986][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.946190][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.953068][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.960517][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.970278][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.992994][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.004690][ T1850] device veth0_vlan entered promiscuous mode [ 54.006788][ T1880] loop3: detected capacity change from 0 to 128 [ 54.011437][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.024726][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.032124][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.039558][ T630] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 54.046304][ T1850] device veth1_macvtap entered promiscuous mode [ 54.064365][ T10] device bridge_slave_1 left promiscuous mode [ 54.074648][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.085982][ T10] device bridge_slave_0 left promiscuous mode [ 54.091606][ T1886] loop3: detected capacity change from 0 to 2048 [ 54.093246][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.105847][ T10] device veth1_macvtap left promiscuous mode [ 54.111808][ T10] device veth0_vlan left promiscuous mode [ 54.121525][ T1741] hid-led 0003:0FC5:B080.000A: item fetching failed at offset 0/3 [ 54.129815][ T1741] hid-led: probe of 0003:0FC5:B080.000A failed with error -22 [ 54.150155][ T1886] Alternate GPT is invalid, using primary GPT. [ 54.156220][ T1886] loop3: p2 p3 p7 [ 54.222870][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.236166][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.245836][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.335252][ T319] usb 2-1: USB disconnect, device number 4 [ 54.347857][ T224] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 54.374950][ T1892] loop5: detected capacity change from 0 to 40427 [ 54.381900][ T1892] F2FS-fs (loop5): fault_injection options not supported [ 54.390220][ T1892] F2FS-fs (loop5): Image doesn't support compression [ 54.396839][ T1892] F2FS-fs (loop5): Image doesn't support compression [ 54.403576][ T1892] F2FS-fs (loop5): fault_type options not supported [ 54.410794][ T1892] F2FS-fs (loop5): invalid crc value [ 54.416816][ T1892] F2FS-fs (loop5): Found nat_bits in checkpoint [ 54.439315][ T1892] F2FS-fs (loop5): Start checkpoint disabled! [ 54.445805][ T1892] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 54.529232][ T1902] loop3: detected capacity change from 0 to 512 [ 54.539851][ T224] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 54.543432][ T1902] EXT4-fs (loop3): Test dummy encryption mode enabled [ 54.553526][ T224] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 54.567144][ T224] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 54.578391][ T224] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.579267][ T1902] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz.3.652: inline data xattr refers to an external xattr inode [ 54.586769][ T224] usb 5-1: config 0 descriptor?? [ 54.606241][ T1902] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.652: couldn't read orphan inode 12 (err -117) [ 54.624611][ T1902] EXT4-fs (loop3): shut down requested (1) [ 54.699521][ T1917] loop2: detected capacity change from 0 to 512 [ 54.706268][ T1917] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 54.714862][ T1917] EXT4-fs (loop2): external journal has bad superblock [ 54.864046][ T1930] binder: 1929:1930 ioctl c0306201 200001c0 returned -14 [ 54.878321][ T319] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 54.940739][ T1938] input: syz1 as /devices/virtual/input/input17 [ 55.013638][ T224] pyra 0003:1E7D:2CF6.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0 [ 55.048218][ T1935] loop2: detected capacity change from 0 to 40427 [ 55.059731][ T1935] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 55.069031][ T319] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 55.084737][ T319] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 55.085870][ T1935] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 55.096113][ T319] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 55.106577][ T1935] F2FS-fs (loop2): invalid crc value [ 55.112840][ T319] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.119772][ T1935] F2FS-fs (loop2): Found nat_bits in checkpoint [ 55.126770][ T1905] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 55.182969][ T1935] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 55.191439][ T1935] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 55.209188][ T224] pyra 0003:1E7D:2CF6.000B: couldn't init struct pyra_device [ 55.219234][ T224] pyra 0003:1E7D:2CF6.000B: couldn't install mouse [ 55.233257][ T224] pyra: probe of 0003:1E7D:2CF6.000B failed with error -71 [ 55.249118][ T224] usb 5-1: USB disconnect, device number 13 [ 55.271930][ T299] syz-executor: attempt to access beyond end of device [ 55.271930][ T299] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 55.350808][ T1966] loop3: detected capacity change from 0 to 256 [ 55.379373][ T630] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 55.401531][ T1905] loop5: detected capacity change from 0 to 1024 [ 55.518808][ T1987] loop2: detected capacity change from 0 to 128 [ 55.559273][ T1987] ext4 filesystem being mounted at /102/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 55.650565][ T319] aiptek 6-1:17.0: Aiptek using 400 ms programming speed [ 55.659932][ T319] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input18 [ 55.676661][ T2002] netlink: 76 bytes leftover after parsing attributes in process `syz.3.694'. [ 55.679327][ T319] usb 6-1: USB disconnect, device number 2 [ 55.679360][ C1] aiptek 6-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 55.738068][ T2004] netlink: 16 bytes leftover after parsing attributes in process `syz.3.695'. [ 55.869139][ T2015] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 55.887327][ T2019] loop3: detected capacity change from 0 to 256 [ 55.925328][ T2019] FAT-fs (loop3): Directory bread(block 64) failed [ 55.937758][ T2019] FAT-fs (loop3): Directory bread(block 65) failed [ 55.945058][ T2019] FAT-fs (loop3): Directory bread(block 66) failed [ 55.951493][ T2019] FAT-fs (loop3): Directory bread(block 67) failed [ 55.957909][ T2019] FAT-fs (loop3): Directory bread(block 68) failed [ 55.964565][ T2019] FAT-fs (loop3): Directory bread(block 69) failed [ 55.979173][ T2019] FAT-fs (loop3): Directory bread(block 70) failed [ 56.007293][ T2019] FAT-fs (loop3): Directory bread(block 71) failed [ 56.017401][ T2019] FAT-fs (loop3): Directory bread(block 72) failed [ 56.031954][ T2019] FAT-fs (loop3): Directory bread(block 73) failed [ 56.071408][ T2010] loop2: detected capacity change from 0 to 40427 [ 56.093576][ T2010] F2FS-fs (loop2): invalid crc value [ 56.122518][ T2010] F2FS-fs (loop2): Found nat_bits in checkpoint [ 56.150837][ T2038] loop3: detected capacity change from 0 to 128 [ 56.209722][ T2042] input: syz0 as /devices/virtual/input/input19 [ 56.217975][ T2010] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 56.256367][ T2010] syz.2.697: attempt to access beyond end of device [ 56.256367][ T2010] loop2: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 56.290321][ T299] syz-executor: attempt to access beyond end of device [ 56.290321][ T299] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 56.493218][ T2077] syz.4.729[2077] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.493292][ T2077] syz.4.729[2077] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.550531][ T2082] syz.2.716[2082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.562961][ T2082] syz.2.716[2082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.599392][ T2092] loop5: detected capacity change from 0 to 512 [ 56.625449][ T2096] loop1: detected capacity change from 0 to 256 [ 56.628290][ T2092] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.734: casefold flag without casefold feature [ 56.644319][ T2092] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.734: couldn't read orphan inode 15 (err -117) [ 56.653208][ T2096] FAT-fs (loop1): Directory bread(block 64) failed [ 56.664268][ T2096] FAT-fs (loop1): Directory bread(block 65) failed [ 56.671265][ T2096] FAT-fs (loop1): Directory bread(block 66) failed [ 56.678113][ T2096] FAT-fs (loop1): Directory bread(block 67) failed [ 56.684530][ T2096] FAT-fs (loop1): Directory bread(block 68) failed [ 56.691152][ T2096] FAT-fs (loop1): Directory bread(block 69) failed [ 56.697858][ T2096] FAT-fs (loop1): Directory bread(block 70) failed [ 56.704197][ T2096] FAT-fs (loop1): Directory bread(block 71) failed [ 56.711031][ T2096] FAT-fs (loop1): Directory bread(block 72) failed [ 56.717460][ T2096] FAT-fs (loop1): Directory bread(block 73) failed [ 56.736445][ T2101] loop5: detected capacity change from 0 to 128 [ 56.752563][ T6] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 56.762056][ T338] kworker/u4:4: attempt to access beyond end of device [ 56.762056][ T338] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 56.796104][ T2103] binder: 2102:2103 ioctl c0306201 200001c0 returned -14 [ 56.848981][ T2116] SELinux: policydb table sizes (149,0) do not match mine (8,7) [ 56.856639][ T2116] SELinux: failed to load policy [ 56.928085][ T2134] bridge0: port 3(gretap0) entered blocking state [ 56.935028][ T2134] bridge0: port 3(gretap0) entered disabled state [ 56.938783][ T6] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 56.942033][ T2134] device gretap0 entered promiscuous mode [ 56.953774][ T6] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 56.960578][ T2134] bridge0: port 3(gretap0) entered blocking state [ 56.975835][ T2134] bridge0: port 3(gretap0) entered forwarding state [ 56.983122][ T6] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 56.992162][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.028927][ T2074] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 57.115007][ T2161] loop5: detected capacity change from 0 to 128 [ 57.121184][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 57.121199][ T28] audit: type=1400 audit(1736535839.633:330): avc: denied { shutdown } for pid=2162 comm="syz.2.768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 57.149904][ T2161] netlink: 8 bytes leftover after parsing attributes in process `syz.5.767'. [ 57.160724][ T2161] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.170683][ T2161] netlink: 'syz.5.767': attribute type 2 has an invalid length. [ 57.198611][ T2170] tipc: Started in network mode [ 57.203315][ T2170] tipc: Node identity 7, cluster identity 4711 [ 57.209478][ T2170] tipc: Node number set to 7 [ 57.234777][ T2175] loop2: detected capacity change from 0 to 512 [ 57.246886][ T2177] netlink: 8 bytes leftover after parsing attributes in process `syz.5.775'. [ 57.248001][ T2074] loop3: detected capacity change from 0 to 1024 [ 57.255615][ T2177] netlink: 8 bytes leftover after parsing attributes in process `syz.5.775'. [ 57.262557][ T2175] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 57.274758][ T2177] netlink: 2 bytes leftover after parsing attributes in process `syz.5.775'. [ 57.290477][ T2175] EXT4-fs (loop2): 1 truncate cleaned up [ 57.312568][ T28] audit: type=1400 audit(1736535839.823:331): avc: denied { mounton } for pid=2173 comm="syz.2.773" path="/125/bus/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 57.326875][ T2175] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 59.046751][ T1483] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 440: padding at end of block bitmap is not set [ 60.020038][ T6] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 60.030201][ T2191] loop4: detected capacity change from 0 to 512 [ 60.038237][ T6] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input20 [ 60.051841][ T6] usb 4-1: USB disconnect, device number 7 [ 60.051888][ C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 60.062932][ T2191] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.083848][ T28] audit: type=1400 audit(1736535842.594:332): avc: denied { rmdir } for pid=2190 comm="syz.4.779" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 60.084280][ T2191] EXT4-fs error (device loop4): ext4_get_first_dir_block:3591: inode #12: block 32: comm syz.4.779: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 60.138117][ T28] audit: type=1400 audit(1736535842.644:333): avc: denied { create } for pid=2197 comm="syz.2.778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 60.165588][ T28] audit: type=1400 audit(1736535842.644:334): avc: denied { write } for pid=2197 comm="syz.2.778" path="socket:[24627]" dev="sockfs" ino=24627 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 60.171505][ T2202] loop2: detected capacity change from 0 to 512 [ 60.190440][ T28] audit: type=1400 audit(1736535842.644:335): avc: denied { nlmsg_write } for pid=2197 comm="syz.2.778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 60.206354][ T2191] EXT4-fs error (device loop4): ext4_get_first_dir_block:3594: inode #12: comm syz.4.779: directory missing '.' [ 60.256474][ T2202] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.292939][ T2191] ./file0: Can't open blockdev [ 60.303431][ T2202] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz.2.782: invalid size [ 60.317742][ T28] audit: type=1326 audit(1736535842.834:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2209 comm="syz.1.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca2985d29 code=0x7ffc0000 [ 60.324502][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.372441][ T2213] loop1: detected capacity change from 0 to 128 [ 60.378754][ T28] audit: type=1400 audit(1736535842.834:337): avc: denied { mounton } for pid=2201 comm="syz.2.782" path="/127/file1/control" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 60.386674][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.416184][ T2198] loop5: detected capacity change from 0 to 40427 [ 60.419079][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.423584][ T28] audit: type=1326 audit(1736535842.854:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2209 comm="syz.1.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcca2984690 code=0x7ffc0000 [ 60.448280][ T2198] F2FS-fs (loop5): fault_injection options not supported [ 60.455931][ T28] audit: type=1326 audit(1736535842.864:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2209 comm="syz.1.785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca2985d29 code=0x7ffc0000 [ 60.463316][ T2213] ext4 filesystem being mounted at /157/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 60.493780][ T2198] F2FS-fs (loop5): Image doesn't support compression [ 60.503518][ T2198] F2FS-fs (loop5): Image doesn't support compression [ 60.503556][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.510061][ T2198] F2FS-fs (loop5): fault_type options not supported [ 60.513022][ T2198] F2FS-fs (loop5): invalid crc value [ 60.532089][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.543684][ T2198] F2FS-fs (loop5): Found nat_bits in checkpoint [ 60.547682][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.589129][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.599985][ T2198] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 60.607887][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.623996][ T299] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size [ 60.634967][ T1850] syz-executor: attempt to access beyond end of device [ 60.634967][ T1850] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 60.731625][ T8] tipc: Left network mode [ 60.847312][ T319] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 60.879317][ T2225] loop1: detected capacity change from 0 to 40427 [ 60.896776][ T2225] F2FS-fs (loop1): invalid crc value [ 60.926675][ T2225] F2FS-fs (loop1): Found nat_bits in checkpoint [ 60.969977][ T2225] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 61.030818][ T2247] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.038783][ T319] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 61.050132][ T2247] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.058226][ T2247] device bridge_slave_0 entered promiscuous mode [ 61.064464][ T319] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 61.073174][ T2247] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.082446][ T2247] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.090122][ T297] syz-executor: attempt to access beyond end of device [ 61.090122][ T297] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 61.090664][ T2247] device bridge_slave_1 entered promiscuous mode [ 61.112961][ T319] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 61.134260][ T319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.152067][ T2220] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 61.228873][ T2247] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.235759][ T2247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.242899][ T2247] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.249761][ T2247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.285066][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.294589][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.301793][ T1742] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 61.310210][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.318084][ T8] device bridge_slave_1 left promiscuous mode [ 61.324121][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.331723][ T8] device bridge_slave_0 left promiscuous mode [ 61.337779][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.345702][ T8] device veth1_macvtap left promiscuous mode [ 61.351661][ T8] device veth0_vlan left promiscuous mode [ 61.370828][ T2220] loop3: detected capacity change from 0 to 1024 [ 61.432220][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.440386][ T326] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.447259][ T326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.464788][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.474874][ T326] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.481739][ T326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.488968][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.496756][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.508407][ T1742] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 61.512829][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.518416][ T1742] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 61.530423][ T2247] device veth0_vlan entered promiscuous mode [ 61.536004][ T1742] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 61.546965][ T2247] device veth1_macvtap entered promiscuous mode [ 61.555776][ T1742] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 61.557599][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.563936][ T1742] usb 5-1: SerialNumber: syz [ 61.576187][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.583794][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.591435][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.591882][ T319] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 61.608123][ T319] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input21 [ 61.617851][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.619498][ T319] usb 4-1: USB disconnect, device number 8 [ 61.619531][ C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 61.638844][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.666325][ T2271] loop6: detected capacity change from 0 to 512 [ 61.676696][ T2271] EXT4-fs (loop6): Test dummy encryption mode enabled [ 61.688750][ T2271] EXT4-fs error (device loop6): ext4_find_inline_data_nolock:164: inode #12: comm syz.6.805: inline data xattr refers to an external xattr inode [ 61.703721][ T2271] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.805: couldn't read orphan inode 12 (err -117) [ 61.725758][ T2271] EXT4-fs (loop6): shut down requested (1) [ 61.751319][ T2278] I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 61.763001][ T2278] FAT-fs (loop13): unable to read boot sector [ 61.786853][ T1742] usb 5-1: 0:2 : does not exist [ 61.805138][ T1742] usb 5-1: USB disconnect, device number 14 [ 61.891854][ T2276] loop1: detected capacity change from 0 to 40427 [ 61.907645][ T2276] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 61.933042][ T2276] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 61.941871][ T2276] F2FS-fs (loop1): invalid crc value [ 61.948440][ T2276] F2FS-fs (loop1): Found nat_bits in checkpoint [ 61.982969][ T2280] loop6: detected capacity change from 0 to 256 [ 61.985502][ T2276] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 61.996391][ T2276] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 62.070092][ T297] syz-executor: attempt to access beyond end of device [ 62.070092][ T297] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 62.262195][ T2310] loop1: detected capacity change from 0 to 512 [ 62.278703][ T2302] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 62.307251][ T2310] EXT4-fs (loop1): Test dummy encryption mode enabled [ 62.329697][ T2310] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz.1.823: inline data xattr refers to an external xattr inode [ 62.357228][ T2310] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.823: couldn't read orphan inode 12 (err -117) [ 62.372946][ T2310] EXT4-fs (loop1): shut down requested (1) [ 62.383639][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 62.580722][ T2332] loop1: detected capacity change from 0 to 2048 [ 62.637990][ T2332] Alternate GPT is invalid, using primary GPT. [ 62.638807][ T2317] loop4: detected capacity change from 0 to 256 [ 62.644033][ T2332] loop1: p2 p3 p7 [ 62.712627][ T797] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 64.386857][ T1293] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 64.386847][ T515] Bluetooth: hci0: command 0x1003 tx timeout [ 64.398791][ T2313] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 64.472439][ T2341] loop5: detected capacity change from 0 to 2048 [ 64.499579][ T2341] Alternate GPT is invalid, using primary GPT. [ 64.509461][ T2354] loop4: detected capacity change from 0 to 512 [ 64.509603][ T2341] loop5: p2 p3 p7 [ 64.518676][ T2354] EXT4-fs (loop4): Test dummy encryption mode enabled [ 64.537379][ T2354] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.839: inline data xattr refers to an external xattr inode [ 64.555058][ T2354] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.839: couldn't read orphan inode 12 (err -117) [ 64.594011][ T2354] EXT4-fs (loop4): shut down requested (1) [ 64.609606][ T806] udevd[806]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory [ 64.620621][ T797] udevd[797]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 64.625069][ T630] udevd[630]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 64.655831][ T2361] loop1: detected capacity change from 0 to 512 [ 64.662153][ T2361] EXT4-fs: Ignoring removed i_version option [ 64.668948][ T326] Bluetooth: hci0: Frame reassembly failed (-84) [ 64.679885][ T2361] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 64.692082][ T2361] EXT4-fs (loop1): 1 truncate cleaned up [ 64.716894][ T319] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 64.746821][ T1742] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 64.869970][ T2390] syz.1.858[2390] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.870015][ T2390] syz.1.858[2390] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.917758][ T319] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 64.940187][ T319] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 64.951516][ T319] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 64.960441][ T319] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.968388][ T1742] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 64.978461][ T1742] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 64.988341][ T2347] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 64.996386][ T1742] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 65.005285][ T1742] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 65.013100][ T1742] usb 4-1: SerialNumber: syz [ 65.200652][ T2347] loop6: detected capacity change from 0 to 1024 [ 65.220343][ T1742] usb 4-1: 0:2 : does not exist [ 65.226845][ T1742] usb 4-1: USB disconnect, device number 9 [ 65.234295][ T2347] EXT4-fs mount: 30 callbacks suppressed [ 65.234305][ T2347] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 65.451095][ T319] aiptek 7-1:17.0: Aiptek using 400 ms programming speed [ 65.458615][ T630] udevd[630]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 65.474755][ T319] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input22 [ 65.485250][ T319] usb 7-1: USB disconnect, device number 2 [ 65.485292][ C1] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 65.748383][ T2406] loop3: detected capacity change from 0 to 512 [ 65.754758][ T2406] EXT4-fs: Ignoring removed i_version option [ 65.763398][ T2406] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 65.774822][ T2406] EXT4-fs (loop3): 1 truncate cleaned up [ 65.783917][ T2406] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 65.800964][ T298] EXT4-fs (loop3): unmounting filesystem. [ 65.972189][ T2247] EXT4-fs (loop6): unmounting filesystem. [ 65.972925][ T2421] loop4: detected capacity change from 0 to 256 [ 65.998854][ T2421] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 66.026791][ T2421] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 66.048556][ T2421] exFAT-fs (loop4): error, invalid access to FAT free cluster (entry 0x00000006) [ 66.058079][ T2421] exFAT-fs (loop4): Filesystem has been set read-only [ 66.083164][ T2421] exFAT-fs (loop4): error, invalid access to FAT free cluster (entry 0x00000006) [ 66.168476][ T2439] loop3: detected capacity change from 0 to 128 [ 66.187459][ T797] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.210828][ T2441] binder: 2440:2441 ioctl c0306201 200001c0 returned -14 [ 66.211805][ T2443] loop4: detected capacity change from 0 to 512 [ 66.224096][ T2443] EXT4-fs: Ignoring removed i_version option [ 66.230526][ T2443] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 66.242651][ T2443] EXT4-fs (loop4): 1 truncate cleaned up [ 66.249148][ T2443] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 66.265648][ T300] EXT4-fs (loop4): unmounting filesystem. [ 66.279154][ T2448] loop3: detected capacity change from 0 to 1024 [ 66.291747][ T2448] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 66.312195][ T298] EXT4-fs (loop3): unmounting filesystem. [ 66.329818][ T2454] loop3: detected capacity change from 0 to 1024 [ 66.348763][ T2454] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 66.380516][ T298] EXT4-fs (loop3): unmounting filesystem. [ 66.406648][ T319] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 66.476573][ C0] ================================================================== [ 66.484461][ C0] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10 [ 66.491319][ C0] Write of size 8 at addr ffff88811b474a00 by task syz.1.886/2469 [ 66.498954][ C0] [ 66.501124][ C0] CPU: 0 PID: 2469 Comm: syz.1.886 Not tainted 6.1.118-syzkaller-00015-g770852bf7d99 #0 [ 66.510684][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.520572][ C0] Call Trace: [ 66.523690][ C0] [ 66.526388][ C0] dump_stack_lvl+0x151/0x1b7 [ 66.530901][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 66.536273][ C0] ? _printk+0xd1/0x111 [ 66.540355][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 66.545307][ C0] print_report+0x158/0x4e0 [ 66.549640][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 66.554586][ C0] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 66.560665][ C0] ? __run_timers+0x34a/0xa10 [ 66.565174][ C0] kasan_report+0x13c/0x170 [ 66.569516][ C0] ? __run_timers+0x34a/0xa10 [ 66.574030][ C0] __asan_report_store8_noabort+0x17/0x20 [ 66.579583][ C0] __run_timers+0x34a/0xa10 [ 66.583925][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 66.588968][ C0] ? calc_index+0x270/0x270 [ 66.593297][ C0] ? sched_clock+0x9/0x10 [ 66.597466][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 66.597700][ T319] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 66.602154][ C0] run_timer_softirq+0x69/0xf0 [ 66.602184][ C0] handle_softirqs+0x1db/0x650 [ 66.612159][ T319] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 66.616649][ C0] __irq_exit_rcu+0x52/0xf0 [ 66.616675][ C0] irq_exit_rcu+0x9/0x10 [ 66.616690][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 66.623481][ T319] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 66.629928][ C0] [ 66.629939][ C0] [ 66.629943][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 66.629971][ C0] RIP: 0010:__kernel_text_address+0x26/0x40 [ 66.634380][ T319] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 66.638344][ C0] Code: 0f 1f 40 00 55 48 89 e5 53 48 89 fb e8 33 00 00 00 85 c0 0f 95 c0 48 c7 c1 00 60 9a 87 48 39 cb 0f 93 c1 48 c7 c2 e9 da a8 87 <48> 39 d3 0f 92 c2 20 ca 08 c2 0f b6 c2 5b 5d c3 66 2e 0f 1f 84 00 [ 66.638362][ C0] RSP: 0018:ffffc90000ad6a00 EFLAGS: 00000283 [ 66.638376][ C0] RAX: 0000000000000001 RBX: ffffffff81c2a751 RCX: ffffffff879a6000 [ 66.638387][ C0] RDX: ffffffff87a8dae9 RSI: ffffc90000ad6ce8 RDI: ffffffff81c2a751 [ 66.638399][ C0] RBP: ffffc90000ad6a08 R08: ffffc90000ad6b28 R09: 0000000000000000 [ 66.644610][ T319] usb 7-1: SerialNumber: syz [ 66.652667][ C0] R10: ffffc90000ad6b30 R11: dffffc0000000001 R12: ffff88810e623cc0 [ 66.652685][ C0] R13: ffffffff8165add0 R14: dffffc0000000000 R15: 1ffff9200015ad51 [ 66.652698][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 66.751446][ C0] ? __set_page_owner+0x21/0x70 [ 66.756125][ C0] ? __init_begin+0x3a000/0x3a000 [ 66.760985][ C0] ? __set_page_owner+0x21/0x70 [ 66.765769][ C0] unwind_get_return_address+0x4d/0x90 [ 66.771219][ C0] arch_stack_walk+0xf3/0x140 [ 66.775681][ C0] ? __set_page_owner+0x21/0x70 [ 66.780367][ C0] stack_trace_save+0x113/0x1c0 [ 66.785053][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 66.790101][ C0] ? __stack_depot_save+0x36/0x480 [ 66.795043][ C0] save_stack+0xf6/0x1e0 [ 66.799127][ C0] ? __reset_page_owner+0x190/0x190 [ 66.804158][ C0] ? __set_page_owner_handle+0x38a/0x3d0 [ 66.809630][ C0] __set_page_owner+0x21/0x70 [ 66.814135][ C0] post_alloc_hook+0x213/0x220 [ 66.818738][ C0] prep_new_page+0x1b/0x110 [ 66.823083][ C0] get_page_from_freelist+0x2f41/0x2fc0 [ 66.828463][ C0] ? __stack_depot_save+0x36/0x480 [ 66.833405][ C0] ? kasan_save_alloc_info+0x1f/0x30 [ 66.838529][ C0] ? lruvec_init+0x240/0x240 [ 66.842952][ C0] ? shmem_add_to_page_cache+0x79d/0xc20 [ 66.848423][ C0] ? shmem_fault+0x1f7/0x840 [ 66.852846][ C0] ? do_fault+0xbc5/0x1f10 [ 66.857095][ C0] ? handle_mm_fault+0x189f/0x30e0 [ 66.861423][ T319] usb 7-1: 0:2 : does not exist [ 66.862070][ C0] ? __alloc_pages+0x610/0x610 [ 66.871341][ C0] __alloc_pages+0x234/0x610 [ 66.875765][ C0] ? prep_new_page+0x110/0x110 [ 66.880371][ C0] ? try_charge_memcg+0x2ea/0x16e0 [ 66.882789][ T319] usb 7-1: USB disconnect, device number 3 [ 66.885307][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 66.895823][ C0] __folio_alloc+0x15/0x40 [ 66.900072][ C0] shmem_alloc_and_acct_folio+0x78c/0xa50 [ 66.905618][ C0] ? mem_cgroup_swap_full+0x1a0/0x1a0 [ 66.910824][ C0] ? shmem_replace_folio+0x6a0/0x6a0 [ 66.915960][ C0] ? xas_load+0x39d/0x3b0 [ 66.920116][ C0] ? __filemap_get_folio+0xaa1/0xae0 [ 66.925378][ C0] ? page_cache_prev_miss+0x410/0x410 [ 66.930577][ C0] shmem_get_folio_gfp+0x12d4/0x24b0 [ 66.935699][ C0] ? shmem_get_folio+0xa0/0xa0 [ 66.940303][ C0] ? filemap_map_pages+0x11e4/0x1470 [ 66.945424][ C0] shmem_fault+0x1f7/0x840 [ 66.949675][ C0] ? zero_user_segments+0x350/0x350 [ 66.954706][ C0] ? filemap_read_folio+0x2a0/0x2a0 [ 66.959745][ C0] ? folio_unlock+0x5c/0x70 [ 66.964081][ C0] do_fault+0xbc5/0x1f10 [ 66.968169][ C0] ? pte_marker_clear+0x2f0/0x2f0 [ 66.973029][ C0] ? __kasan_check_write+0x14/0x20 [ 66.977968][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 66.982621][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 66.987780][ C0] handle_mm_fault+0x189f/0x30e0 [ 66.992552][ C0] ? _raw_spin_unlock+0x4c/0x70 [ 66.997240][ C0] ? numa_migrate_prep+0xe0/0xe0 [ 67.002012][ C0] ? follow_page_mask+0x94f/0x1070 [ 67.006964][ C0] ? follow_page+0x250/0x250 [ 67.011386][ C0] __get_user_pages+0x377/0xf20 [ 67.016076][ C0] ? populate_vma_page_range+0x120/0x120 [ 67.021537][ C0] ? userfaultfd_unmap_complete+0x308/0x360 [ 67.027265][ C0] __mm_populate+0x375/0x570 [ 67.031691][ C0] ? userfaultfd_unmap_prep+0x3e0/0x3e0 [ 67.037075][ C0] ? check_vma_flags+0x2d0/0x2d0 [ 67.041842][ C0] ? do_futex+0x501/0x9a0 [ 67.046011][ C0] vm_mmap_pgoff+0x290/0x430 [ 67.050436][ C0] ? account_locked_vm+0x250/0x250 [ 67.055390][ C0] ? xfd_validate_state+0x6f/0x170 [ 67.060332][ C0] ksys_mmap_pgoff+0xed/0x1e0 [ 67.064849][ C0] ? __kasan_check_write+0x14/0x20 [ 67.069800][ C0] ? fpregs_restore_userregs+0x130/0x290 [ 67.075269][ C0] __x64_sys_mmap+0x103/0x120 [ 67.079774][ C0] x64_sys_call+0x67/0x9a0 [ 67.084035][ C0] do_syscall_64+0x3b/0xb0 [ 67.088374][ C0] ? clear_bhb_loop+0x55/0xb0 [ 67.092886][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.098632][ C0] RIP: 0033:0x7fcca2985d29 [ 67.102879][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.122478][ C0] RSP: 002b:00007fcca3793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 67.130720][ C0] RAX: ffffffffffffffda RBX: 00007fcca2b75fa0 RCX: 00007fcca2985d29 [ 67.138532][ C0] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 67.146342][ C0] RBP: 00007fcca2a01b08 R08: ffffffffffffffff R09: 0000000000000000 [ 67.154177][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 67.161983][ C0] R13: 0000000000000000 R14: 00007fcca2b75fa0 R15: 00007fff17e7c2d8 [ 67.169788][ C0] [ 67.172653][ C0] [ 67.174815][ C0] Allocated by task 2313: [ 67.178979][ C0] kasan_set_track+0x4b/0x70 [ 67.183491][ C0] kasan_save_alloc_info+0x1f/0x30 [ 67.188438][ C0] __kasan_kmalloc+0x9c/0xb0 [ 67.192866][ C0] __kmalloc+0xb4/0x1e0 [ 67.196865][ C0] hci_alloc_dev_priv+0x27/0x1c00 [ 67.201718][ C0] hci_uart_tty_ioctl+0x401/0xa70 [ 67.206576][ C0] tty_ioctl+0x903/0xc50 [ 67.210674][ C0] __se_sys_ioctl+0x114/0x190 [ 67.215172][ C0] __x64_sys_ioctl+0x7b/0x90 [ 67.219597][ C0] x64_sys_call+0x98/0x9a0 [ 67.223848][ C0] do_syscall_64+0x3b/0xb0 [ 67.228100][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.233829][ C0] [ 67.235998][ C0] Freed by task 2313: [ 67.239819][ C0] kasan_set_track+0x4b/0x70 [ 67.244246][ C0] kasan_save_free_info+0x2b/0x40 [ 67.249106][ C0] ____kasan_slab_free+0x131/0x180 [ 67.254055][ C0] __kasan_slab_free+0x11/0x20 [ 67.258653][ C0] __kmem_cache_free+0x21d/0x410 [ 67.263428][ C0] kfree+0x7a/0xf0 [ 67.266990][ C0] hci_release_dev+0x14d3/0x1640 [ 67.271759][ C0] bt_host_release+0x83/0xa0 [ 67.276186][ C0] device_release+0x95/0x1c0 [ 67.280613][ C0] kobject_put+0x178/0x260 [ 67.284870][ C0] put_device+0x1f/0x30 [ 67.288857][ C0] hci_dev_cmd+0x2be/0x9b0 [ 67.293114][ C0] hci_sock_ioctl+0x415/0x7f0 [ 67.297639][ C0] sock_do_ioctl+0x152/0x450 [ 67.302051][ C0] sock_ioctl+0x455/0x740 [ 67.306217][ C0] __se_sys_ioctl+0x114/0x190 [ 67.310737][ C0] __x64_sys_ioctl+0x7b/0x90 [ 67.315194][ C0] x64_sys_call+0x98/0x9a0 [ 67.319409][ C0] do_syscall_64+0x3b/0xb0 [ 67.323671][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.329392][ C0] [ 67.331562][ C0] Last potentially related work creation: [ 67.337117][ C0] kasan_save_stack+0x3b/0x60 [ 67.341630][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 67.346837][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 67.352477][ C0] insert_work+0x56/0x310 [ 67.356648][ C0] __queue_work+0x9b6/0xd70 [ 67.360988][ C0] queue_work_on+0x105/0x170 [ 67.365412][ C0] __hci_cmd_sync_sk+0xc2a/0xf70 [ 67.370184][ C0] hci_cmd_sync_status+0x52/0x130 [ 67.375043][ C0] hci_dev_cmd+0x771/0x9b0 [ 67.379295][ C0] hci_sock_ioctl+0x415/0x7f0 [ 67.383811][ C0] sock_do_ioctl+0x152/0x450 [ 67.388247][ C0] sock_ioctl+0x455/0x740 [ 67.392403][ C0] __se_sys_ioctl+0x114/0x190 [ 67.396918][ C0] __x64_sys_ioctl+0x7b/0x90 [ 67.401347][ C0] x64_sys_call+0x98/0x9a0 [ 67.405600][ C0] do_syscall_64+0x3b/0xb0 [ 67.409848][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.415578][ C0] [ 67.417756][ C0] Second to last potentially related work creation: [ 67.424174][ C0] kasan_save_stack+0x3b/0x60 [ 67.428682][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 67.433892][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 67.439534][ C0] insert_work+0x56/0x310 [ 67.443699][ C0] __queue_work+0x9b6/0xd70 [ 67.448038][ C0] queue_work_on+0x105/0x170 [ 67.452466][ C0] hci_cmd_timeout+0x199/0x200 [ 67.457064][ C0] process_one_work+0x73d/0xcb0 [ 67.461758][ C0] worker_thread+0xa60/0x1260 [ 67.466264][ C0] kthread+0x26d/0x300 [ 67.470177][ C0] ret_from_fork+0x1f/0x30 [ 67.474429][ C0] [ 67.476639][ C0] The buggy address belongs to the object at ffff88811b474000 [ 67.476639][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 67.490487][ C0] The buggy address is located 2560 bytes inside of [ 67.490487][ C0] 8192-byte region [ffff88811b474000, ffff88811b476000) [ 67.503763][ C0] [ 67.505931][ C0] The buggy address belongs to the physical page: [ 67.512274][ C0] page:ffffea00046d1c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b470 [ 67.522345][ C0] head:ffffea00046d1c00 order:3 compound_mapcount:0 compound_pincount:0 [ 67.530496][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 67.536620][ C0] raw: 4000000000010200 ffffea0004400200 dead000000000002 ffff888100043500 [ 67.545118][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 67.553636][ C0] page dumped because: kasan: bad access detected [ 67.559899][ C0] page_owner tracks the page as allocated [ 67.565443][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 550, tgid 549 (syz.0.95), ts 30878188629, free_ts 30831724287 [ 67.587531][ C0] post_alloc_hook+0x213/0x220 [ 67.592085][ C0] prep_new_page+0x1b/0x110 [ 67.596424][ C0] get_page_from_freelist+0x2f41/0x2fc0 [ 67.601815][ C0] __alloc_pages+0x234/0x610 [ 67.606250][ C0] alloc_slab_page+0x6c/0xf0 [ 67.610658][ C0] new_slab+0x90/0x3e0 [ 67.614562][ C0] ___slab_alloc+0x6f9/0xb80 [ 67.618998][ C0] __slab_alloc+0x5d/0xa0 [ 67.623156][ C0] __kmem_cache_alloc_node+0x207/0x2a0 [ 67.628659][ C0] __kmalloc+0xa3/0x1e0 [ 67.632617][ C0] vhost_dev_set_owner+0x5b6/0xac0 [ 67.637572][ C0] vhost_dev_ioctl+0xe1/0x11a0 [ 67.642168][ C0] vhost_vsock_dev_ioctl+0x2b5/0xf70 [ 67.647290][ C0] __se_sys_ioctl+0x114/0x190 [ 67.651797][ C0] __x64_sys_ioctl+0x7b/0x90 [ 67.656226][ C0] x64_sys_call+0x98/0x9a0 [ 67.661614][ C0] page last free stack trace: [ 67.666130][ C0] free_unref_page_prepare+0x83d/0x850 [ 67.671416][ C0] free_unref_page+0xb2/0x5c0 [ 67.675925][ C0] __free_pages+0x61/0xf0 [ 67.680092][ C0] __free_slab+0xce/0x1a0 [ 67.684260][ C0] __unfreeze_partials+0x165/0x1a0 [ 67.689740][ C0] put_cpu_partial+0xa9/0x100 [ 67.694240][ C0] __slab_free+0x1c8/0x280 [ 67.698494][ C0] ___cache_free+0xc6/0xd0 [ 67.702745][ C0] qlist_free_all+0xc5/0x140 [ 67.707174][ C0] kasan_quarantine_reduce+0x15a/0x180 [ 67.712477][ C0] __kasan_slab_alloc+0x24/0x80 [ 67.717154][ C0] slab_post_alloc_hook+0x53/0x2c0 [ 67.722162][ C0] kmem_cache_alloc+0x175/0x320 [ 67.726788][ C0] prepare_creds+0x2f/0x6a0 [ 67.731128][ C0] do_faccessat+0xee/0x860 [ 67.735467][ C0] __x64_sys_faccessat2+0x9a/0xb0 [ 67.740328][ C0] [ 67.742498][ C0] Memory state around the buggy address: [ 67.747967][ C0] ffff88811b474900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.755865][ C0] ffff88811b474980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.763763][ C0] >ffff88811b474a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.771753][ C0] ^ [ 67.775656][ C0] ffff88811b474a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.783551][ C0] ffff88811b474b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.791452][ C0] ================================================================== [ 67.799348][ C0] Disabling lock debugging due to kernel taint [ 67.805400][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 67.816884][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 67.825129][ C0] CPU: 0 PID: 2469 Comm: syz.1.886 Tainted: G B 6.1.118-syzkaller-00015-g770852bf7d99 #0 [ 67.836151][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 67.846049][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 67.851165][ C0] Code: 39 03 0f 84 40 01 00 00 e8 8c 6b 2a 00 4c 89 e7 e8 e4 d3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 a0 df 71 00 49 8b 3e e8 98 cc d6 [ 67.870609][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 67.876511][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810e623cc0 [ 67.884320][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 67.892133][ C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007 [ 67.899945][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88811b4749c8 [ 67.907757][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88811b4749e0 [ 67.915566][ C0] FS: 00007fcca37936c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 67.924331][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.930754][ C0] CR2: 000055557f0474a8 CR3: 00000001285e6000 CR4: 00000000003506b0 [ 67.938570][ C0] Call Trace: [ 67.941693][ C0] [ 67.944383][ C0] ? __die_body+0x62/0xb0 [ 67.948567][ C0] ? die_addr+0x9f/0xd0 [ 67.952541][ C0] ? exc_general_protection+0x317/0x4c0 [ 67.957934][ C0] ? asm_exc_general_protection+0x27/0x30 [ 67.963476][ C0] ? __queue_work+0x28b/0xd70 [ 67.967991][ C0] ? __queue_work+0x4f1/0xd70 [ 67.972502][ C0] ? __queue_work+0x29c/0xd70 [ 67.977015][ C0] delayed_work_timer_fn+0x61/0x80 [ 67.981965][ C0] ? queue_work_node+0x1d0/0x1d0 [ 67.986738][ C0] call_timer_fn+0x3b/0x2d0 [ 67.991075][ C0] ? queue_work_node+0x1d0/0x1d0 [ 67.995850][ C0] __run_timers+0x756/0xa10 [ 68.000189][ C0] ? calc_index+0x270/0x270 [ 68.004530][ C0] ? sched_clock+0x9/0x10 [ 68.008695][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 68.013384][ C0] run_timer_softirq+0x69/0xf0 [ 68.017987][ C0] handle_softirqs+0x1db/0x650 [ 68.022585][ C0] __irq_exit_rcu+0x52/0xf0 [ 68.026924][ C0] irq_exit_rcu+0x9/0x10 [ 68.031004][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 68.036471][ C0] [ 68.039250][ C0] [ 68.042024][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 68.047840][ C0] RIP: 0010:__kernel_text_address+0x26/0x40 [ 68.053574][ C0] Code: 0f 1f 40 00 55 48 89 e5 53 48 89 fb e8 33 00 00 00 85 c0 0f 95 c0 48 c7 c1 00 60 9a 87 48 39 cb 0f 93 c1 48 c7 c2 e9 da a8 87 <48> 39 d3 0f 92 c2 20 ca 08 c2 0f b6 c2 5b 5d c3 66 2e 0f 1f 84 00 [ 68.073187][ C0] RSP: 0018:ffffc90000ad6a00 EFLAGS: 00000283 [ 68.079086][ C0] RAX: 0000000000000001 RBX: ffffffff81c2a751 RCX: ffffffff879a6000 [ 68.086897][ C0] RDX: ffffffff87a8dae9 RSI: ffffc90000ad6ce8 RDI: ffffffff81c2a751 [ 68.094709][ C0] RBP: ffffc90000ad6a08 R08: ffffc90000ad6b28 R09: 0000000000000000 [ 68.102546][ C0] R10: ffffc90000ad6b30 R11: dffffc0000000001 R12: ffff88810e623cc0 [ 68.111120][ C0] R13: ffffffff8165add0 R14: dffffc0000000000 R15: 1ffff9200015ad51 [ 68.118935][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 68.123790][ C0] ? __set_page_owner+0x21/0x70 [ 68.128479][ C0] ? __init_begin+0x3a000/0x3a000 [ 68.133342][ C0] ? __set_page_owner+0x21/0x70 [ 68.138034][ C0] unwind_get_return_address+0x4d/0x90 [ 68.143322][ C0] arch_stack_walk+0xf3/0x140 [ 68.147833][ C0] ? __set_page_owner+0x21/0x70 [ 68.152524][ C0] stack_trace_save+0x113/0x1c0 [ 68.157290][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 68.162235][ C0] ? __stack_depot_save+0x36/0x480 [ 68.167190][ C0] save_stack+0xf6/0x1e0 [ 68.171275][ C0] ? __reset_page_owner+0x190/0x190 [ 68.176300][ C0] ? __set_page_owner_handle+0x38a/0x3d0 [ 68.181766][ C0] __set_page_owner+0x21/0x70 [ 68.186280][ C0] post_alloc_hook+0x213/0x220 [ 68.190879][ C0] prep_new_page+0x1b/0x110 [ 68.195217][ C0] get_page_from_freelist+0x2f41/0x2fc0 [ 68.200604][ C0] ? __stack_depot_save+0x36/0x480 [ 68.205810][ C0] ? kasan_save_alloc_info+0x1f/0x30 [ 68.210929][ C0] ? lruvec_init+0x240/0x240 [ 68.215360][ C0] ? shmem_add_to_page_cache+0x79d/0xc20 [ 68.220821][ C0] ? shmem_fault+0x1f7/0x840 [ 68.225249][ C0] ? do_fault+0xbc5/0x1f10 [ 68.229500][ C0] ? handle_mm_fault+0x189f/0x30e0 [ 68.234457][ C0] ? __alloc_pages+0x610/0x610 [ 68.239050][ C0] __alloc_pages+0x234/0x610 [ 68.243490][ C0] ? prep_new_page+0x110/0x110 [ 68.248073][ C0] ? try_charge_memcg+0x2ea/0x16e0 [ 68.253020][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 68.257971][ C0] __folio_alloc+0x15/0x40 [ 68.262308][ C0] shmem_alloc_and_acct_folio+0x78c/0xa50 [ 68.267865][ C0] ? mem_cgroup_swap_full+0x1a0/0x1a0 [ 68.273250][ C0] ? shmem_replace_folio+0x6a0/0x6a0 [ 68.278374][ C0] ? xas_load+0x39d/0x3b0 [ 68.282646][ C0] ? __filemap_get_folio+0xaa1/0xae0 [ 68.287764][ C0] ? page_cache_prev_miss+0x410/0x410 [ 68.292971][ C0] shmem_get_folio_gfp+0x12d4/0x24b0 [ 68.298094][ C0] ? shmem_get_folio+0xa0/0xa0 [ 68.302687][ C0] ? filemap_map_pages+0x11e4/0x1470 [ 68.307819][ C0] shmem_fault+0x1f7/0x840 [ 68.312069][ C0] ? zero_user_segments+0x350/0x350 [ 68.317094][ C0] ? filemap_read_folio+0x2a0/0x2a0 [ 68.322128][ C0] ? folio_unlock+0x5c/0x70 [ 68.326468][ C0] do_fault+0xbc5/0x1f10 [ 68.330548][ C0] ? pte_marker_clear+0x2f0/0x2f0 [ 68.335406][ C0] ? __kasan_check_write+0x14/0x20 [ 68.340358][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 68.344953][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 68.350164][ C0] handle_mm_fault+0x189f/0x30e0 [ 68.354935][ C0] ? _raw_spin_unlock+0x4c/0x70 [ 68.359633][ C0] ? numa_migrate_prep+0xe0/0xe0 [ 68.364400][ C0] ? follow_page_mask+0x94f/0x1070 [ 68.369347][ C0] ? follow_page+0x250/0x250 [ 68.373780][ C0] __get_user_pages+0x377/0xf20 [ 68.378462][ C0] ? populate_vma_page_range+0x120/0x120 [ 68.383924][ C0] ? userfaultfd_unmap_complete+0x308/0x360 [ 68.389654][ C0] __mm_populate+0x375/0x570 [ 68.394079][ C0] ? userfaultfd_unmap_prep+0x3e0/0x3e0 [ 68.399462][ C0] ? check_vma_flags+0x2d0/0x2d0 [ 68.404334][ C0] ? do_futex+0x501/0x9a0 [ 68.408498][ C0] vm_mmap_pgoff+0x290/0x430 [ 68.412922][ C0] ? account_locked_vm+0x250/0x250 [ 68.418133][ C0] ? xfd_validate_state+0x6f/0x170 [ 68.423076][ C0] ksys_mmap_pgoff+0xed/0x1e0 [ 68.427590][ C0] ? __kasan_check_write+0x14/0x20 [ 68.432535][ C0] ? fpregs_restore_userregs+0x130/0x290 [ 68.438003][ C0] __x64_sys_mmap+0x103/0x120 [ 68.442521][ C0] x64_sys_call+0x67/0x9a0 [ 68.446771][ C0] do_syscall_64+0x3b/0xb0 [ 68.451025][ C0] ? clear_bhb_loop+0x55/0xb0 [ 68.455537][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.461267][ C0] RIP: 0033:0x7fcca2985d29 [ 68.465520][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.484962][ C0] RSP: 002b:00007fcca3793038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 68.493204][ C0] RAX: ffffffffffffffda RBX: 00007fcca2b75fa0 RCX: 00007fcca2985d29 [ 68.501015][ C0] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000000020000000 [ 68.508828][ C0] RBP: 00007fcca2a01b08 R08: ffffffffffffffff R09: 0000000000000000 [ 68.516640][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 68.524450][ C0] R13: 0000000000000000 R14: 00007fcca2b75fa0 R15: 00007fff17e7c2d8 [ 68.532269][ C0] [ 68.535128][ C0] Modules linked in: [ 68.538867][ C0] ---[ end trace 0000000000000000 ]--- [ 68.544156][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 68.549283][ C0] Code: 39 03 0f 84 40 01 00 00 e8 8c 6b 2a 00 4c 89 e7 e8 e4 d3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 a0 df 71 00 49 8b 3e e8 98 cc d6 [ 68.568716][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 68.574617][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810e623cc0 [ 68.582436][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 68.590241][ C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007 [ 68.598054][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88811b4749c8 [ 68.605862][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88811b4749e0 [ 68.613673][ C0] FS: 00007fcca37936c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 68.622440][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.628870][ C0] CR2: 000055557f0474a8 CR3: 00000001285e6000 CR4: 00000000003506b0 [ 68.636681][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 68.643913][ C0] Kernel Offset: disabled [ 68.648028][ C0] Rebooting in 86400 seconds..