last executing test programs: 25.69916136s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) quotactl$Q_QUOTAON(0x0, 0x0, 0x0, 0x0) 25.663494976s ago: executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x6, &(0x7f00000000c0)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x77, 0xfffffffffffffffc}, @exit, @ldst={0x3, 0x3, 0x3, 0xb, 0x7, 0xfffffffffffffffe, 0x1}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000001d000100000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="0004000004000100aaaaaaaaaa000000"], 0x28}}, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYRES64=0x0], 0x0, 0x238, &(0x7f0000000500)="$eJzs3c9qE10YB+B3krRf+rlIFq5EcEAXrkrbK2iRCmJXShbqQottQZJQsBBoFWNXXoGX5cY78AKE7nRRGJlM0rSQaov5U+rzbHJgzm/Oe5ITspo3r263m1u7ezuH779FtZpEaTVWk6OIepRi4GMAANfJzyyLo6xwuWSlNKmaAIDJuuDv/8IUSwIAJuzps+eP1zY21p+kaTWi/anTSKJ4La6v7cSbaMV2LEUtjiOyE8X44aON9aikuXrca3c7jTzZfvmlf/+17xG9/HLUoj46v5wWTuW7ncZc/N9ffzXPr0Qtbo7Or4zIR2M+7t89Vf9i1OLr69iNVmxFnh3mPyyn6YPs8493L/KK83zS7TT+680byspT/3AAAAAAAAAAAAAAAAAAAAAAALi2FtM0Tfsddbpn+u+Uj3vXF9OB+tn+PEX+vP5A3VP9dZbyJZJi/jBfiVuVqMxy7wAAAAAAAAAAAAAAAAAAAHBV7O0fNDdbre23Yx0MHusf/53/dhDlfmmtJOIK1NMbLOT1TGetOzHhtaK0f9AcnK7mZhJ/SFUndEiyEcevfG5qfkyrz98Y7y6SiJg7eTN/N7kac2P+pgAAAAAAAAAAAAAAAAAAAFM2fOh3xMXDGRQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMw/P//Swy6/fAFUzPeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+AXwEAAP//QBx8JQ==") newfstatat(0xffffffffffffff9c, &(0x7f00000008c0)='./file0\x00', 0x0, 0x400) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r2, &(0x7f0000001040)=[{&(0x7f0000000040)='\n', 0x1}], 0x1) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) add_key(&(0x7f0000000180)='logon\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000740)=[{&(0x7f0000000440)=""/113, 0x71}], 0x1, 0x401, 0x0) 25.598812306s ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b2388a8"], 0xffdd) 25.487643263s ago: executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc32}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x240c80c0, &(0x7f0000000240)={0xa, 0xe20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x2400c010, 0x0, 0x0) getpgrp(0x0) 25.050852031s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000040000000000000000008c8618110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) r4 = dup3(r3, r2, 0x0) sendmsg$key(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)={0x2, 0x7, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x17, 0x0, 0x0, 0x2000, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x38}}, 0x0) 24.902034254s ago: executing program 2: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$getenv(0x4205, r1, 0x201, &(0x7f0000000000)) 13.786103434s ago: executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x45}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)=r2}, 0x20) ioctl$TCFLSH(r0, 0x400455c8, 0x40000000004) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x33) 3.042361966s ago: executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x13}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) 3.042255506s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettclass={0x1b, 0x2a, 0xa13}, 0x24}}, 0x0) 3.042099766s ago: executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001412) 2.924653155s ago: executing program 0: r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00'}}) 2.839186998s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nouid32}, {@minixdf}]}, 0x1, 0x504, &(0x7f0000001480)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9sCWE0KoEqJHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lAMSPyJQg8TBaMaT1E3tJtokdhR/PtJo3ps3nu97cea9+Dn2C2BoXY2I3YgYi4h7ETGdHc9lW9xqb8l5z/ceLe3vPVrKRat155+5tDw5Fh2PSVzJrlmMiB9+N+InuVfjNrZ31har1cpmlp9t1jZmG9s7N1ZriyuVlcp6ubwwvzD3yc2Py2fW1vdqY1nqq8/+sPutnyXVmsqOdLbjLLWbXjiMkxiNiO+fR7ABGMnaMzboivC55CPi7Yh4P73/p2MkfTYBgMus1ZqO1nRnHgC47PLpHFguX8rmAqYiny+V2nN478RkvlpvNK/fr2+tL7fnymaikL+/Wq3MZXOFM1HIJfn5NP0iXz6SvxkRb0XEL8Yn0nxpqV5dHuQfPgAwxK4cGf//M94e/wGAS6446AoAAH1n/AeA4WP8B4DhY/wHgOHTHv8nBl0NAKCPvP4HgOFj/AeAofKD27eTrbWfff/18oPtrbX6gxvLlcZaqba1VFqqb26UVur1lfQ7e2rHXa9ar2/MfxRbD2e+vdFozja2d+7W6lvrzbvp93rfrRTSs3b70DIAoJe33nv651wyIn86kW7RsZZDYaA1A85bftAVAAZmZNAVAAbGal8wvE7xGt/0AFwSXZbofUmx2weEWq1W6/yqBJyza18y/w/DqmP+338Bw5Ax/w/Dy/w/DK9WK3fSNf/jpCcCABebOX6gx/v/b2f732ZvDvx4+egZT7o+bjfrXs6uggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHABHaz/W8rWAp+KfL5UingjImaikLu/Wq3MRcSbEfGn8cJ4kp8fcJ0BgNPK/y2Xrf91bfrDqZeK3r1ymByLiJ/+6s4vHy42m5t/jBjL/Wv84HjzSXa83P/aAwDHOxin033HC/nne4+WDrZ+1ufv34mIYjv+/t5Y7B/GH43RdF+MQkRM/juX5dtyHXMXp7H7OCK+2K39uZhK50DaK58ejZ/EfqOv8fMvxc+nZe198rP4whnUBYbN06T/udXt/svH1XTf/f4vpj3U6WX9X3Kppf20D3wR/6D/G+nR/109aYyPfv+9dmri1bLHEV8ejTiIvd/R/xzEz/WI/+EJ4//lK+++36us9euIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m85Rz/YeDf7x6fU3e5Ul7Z/sEb94TPu/fsL2/+Z/9370tdfE/+YH3eLn453XxE/GxG+cMP7i5O+KvcqS+Ms92n/c83/9hPGf/XXnlWXDAYDBaWzvrC1Wq5VNCYmLn0h+ZS9ANbomPutXrLHoXvTzD9r39JGiVuv1F/yse1GvHuMsZt2Ai+Dwpo+I/w66MgAAAAAAAAAAAAAAQFf9+MTSoNsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA5fX/AAAA//+YXdZi") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) 2.707906518s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r5, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@mss, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x22400049, &(0x7f00000002c0)={[{@dioread_nolock}, {@noinit_itable}, {@nomblk_io_submit}, {@noblock_validity}, {@data_err_abort}, {@nouser_xattr}, {@jqfmt_vfsv0}, {@barrier_val={'barrier', 0x3d, 0xd95b}}, {@debug}]}, 0x84, 0x471, &(0x7f0000000bc0)="$eJzs3M9vFFUcAPDvzLZFfpQuiD9AlFUkNqItLagcvGg04WJiogc91lIJsoChNRFCBI3Bo/EvUI8m/gWe9GLUk8ar3o0JMVxED2bN7M7Att3WdrfLgvP5JNN9b3699+bN67yZt7MBlFYt+5NEbIuIXyJirBVdvEKt9XH92sXZv65dnE2i0Xjlj6S53p/XLs4Wq27LP7fm+xxPI9IPk7jcId358xdOzdTrc+fy+OTC6bcn589fePLk6ZkTcyfmzkwfPXrk8NQzT08/tSHlHM3yuue9s3t3H3v9k5dmG/HG919m+a/ky9vL0VLtOc1a1KLRaDTSRXNHmn8P9Lz328toWzgZGmBGWJfs/M+qa7jZ/seiEjcrbyxe/GCgmQP6Krs+7Vg2t3VVTA8kzeXA/5U2DmVVXPGz+99iurU9kMG6+lzrBigr9/V8ai0Ziuy+Pam27tgrfUp/W0S8dvnvT7MpOj6HAADYWF9n/Z8nOvX/0ri3bb3t+dhQNSIORsTOiLg7InZFxD0RzXXvi4j715l+bUl8ef/np81dFWyNsv7fs/nY1uL+341Rm2olj402yz+cvHmyPncoPybjMbwpi0+tksY3L/z88UrLam39v2zK0i/6gnk+fh/atHib4zMLM72Uud3V9yP2DHUqf3JjJCCJiN0RsaeL/WfH7OTjX+zNwtu3Ll/+3+VfxQaMMzU+j3isVf+XY0n5C0krpZXGJyfvivrcocnirFjuhx+vvNweH24L91T+DZDV/5aO539e/qIZFOO18+tP48qvH614T9Pt+T+SvNoMj+Tz3p1ZWDg3FTGSz1g0f/rmtkW8WD8r//j+zu1/Z8Q/n+XbPRAR2Un8YEQ8FBH78rw/HBGPRMT+Vcr/3fOPvrX6ERps/R9frf4jqkn7eH0Xgcqpb79aKf211f+RZmg8n7OW/39rzWAvxw4AAADuFGlzDDpJJ26E03RiovUd/l2xJa2fnV84WIt3zhxvjVVXYzgtnnSNtT0PncqfDRfx6SXxwxGxo/lNo83N+MTs2frooAsPJbd1hfaf+a1fX3oBbh/rGkdL+pcP4NbzviaUl/YP5aX9Q3lp/1Bendr/pYjrA8gKcIu5/kN5af9QXto/lJf2D6W0/JX44udWunnT/2Zg57GeNi9RoNKnPUf7j3b0IRDpwA9d94H0dsjGvjywKSLWutWlvtbp0vMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzvdvAAAA//+bHeQQ") mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) creat(0x0, 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r6, 0x0, 0x0) 2.128963849s ago: executing program 3: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000280)={0x0, 0x0, 0x1, "a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.695764526s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040ac056502000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f0000000b7b4d6f64031797041e9c"], 0x0}, 0x0) socket$unix(0x1, 0x0, 0x0) 566.395231ms ago: executing program 4: syz_emit_ethernet(0x5e, &(0x7f0000000200)={@local, @random="d451299de494", @void, {@ipv4={0x800, @tcp={{0xf, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0xb, 0xe2, [@empty, @empty]}, @timestamp={0x44, 0x14, 0x5, 0x3, 0x0, [0x0, 0x0, 0x2, 0x0]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 558.941603ms ago: executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@fscache}]}}) chdir(&(0x7f0000000000)='./file0\x00') mount$incfs(0x0, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) lstat(&(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x0) 528.692998ms ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x578, 0x3d8, 0x0, 0x1c0, 0x3d8, 0x1c0, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x6, 0x0, {[{{@ipv6={@empty, @private2, [], [], 'gre0\x00', 'bond0\x00'}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@loopback, @ipv6=@private0}}}, {{@ipv6={@mcast2, @rand_addr=' \x01\x00', [], [], 'batadv_slave_1\x00', 'lo\x00'}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @dev, [], [], 'veth1_macvtap\x00', 'team_slave_1\x00'}, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@realm={{0x30}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@remote, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d8) 514.92226ms ago: executing program 4: timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000380)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000300)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00'}, 0x45c) ioctl$UI_SET_PROPBIT(r3, 0x5501, 0x0) write$input_event(r3, &(0x7f00000005c0), 0x200005d8) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x0) 99.415314ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) get_robust_list(0x0, 0x0, 0x0) 89.937056ms ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r2}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 70.476719ms ago: executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@fscache}]}}) chdir(&(0x7f0000000000)='./file0\x00') mount$incfs(0x0, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) lstat(&(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x0) 54.677601ms ago: executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x7, [@enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x4}, {0x1}]}]}, {0x0, [0x5f, 0x0, 0x0, 0x5f, 0x2e]}}, 0x0, 0x3b}, 0x20) 48.462812ms ago: executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc250d40f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c9837d5ac03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a9b893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c5452f42e09b388a14b22bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66cf8aeb1f98bd67bfd38ec2beac3ca99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94d81150c68ab27987655e1dd676ceef54ad4d663f88b6f82a65f7c94a0e40cbb782ff536bd67ba81125f8e0af199094b407f630dc6eb3b79615a4e63f75ab30b1e475748cb5dce6581dc92f740a21fb8dec725b4f2a0b0972f852504245d5ce11cfdead09c9b6e094261084cd20c2294525061a4638c0bfd08dfa70d24bf85d9cfd940e1a4f1509bed8233f22506e5b000000000000862a01def6c9e879a87688ad151c14ae7ff8a090aebe7e4f936c26e565ae96d38ee5f794468caa17419e22ff13df60a95596490358a3b8121511e427d619ad87fe998702ea0b659eff3f5cd8f4094fdd6b1d45facfe6629846170d99de670a9e72e21ed7363876612bf58a17142abccbbe4762f531067f92af24f5354f432ed1df74f8168d05de528f63a98bca22820439c567973de0077c068d1b70b6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_DEL(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x14}}, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYRES16, @ANYBLOB="859e58da3bf237c5e197cb6db92d52a592bbbd083d015a6a5f4c02b999e2134b97331ca90e775f649d8339a0daa622ffe333e04ff9aa22523241b4a2c7d2028c77679f014a2a84ff12484a1db97c13bc95da64a662a84a01b5ed2d08e0fb2428b88719af450dbbb1807e782114ff596bcce7c7d328a66851367783a4048c13625f191cc0f7e83eeb27635e6ea6eaea2f47a6cac1eed494", @ANYRESOCT, @ANYBLOB="7fbf54"], 0x48}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001c00050200000000000000000a000000", @ANYRES32, @ANYBLOB="00000a00140001"], 0x30}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000011000104000000000000000002000000", @ANYRES32, @ANYBLOB="b4d8b4eea87a05ee69f8cef1ba1daa9e02"], 0x20}, 0x1, 0xfffffff0}, 0x0) unshare(0x60600) mount$incfs(&(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000000180), 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) 45.919133ms ago: executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000440), 0x10) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) accept4$unix(r2, 0x0, 0x0, 0x0) 21.099636ms ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000b80), 0x4) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000000)={0x6, {{0x2, 0x0, @multicast1}}}, 0x88) getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb) 15.649877ms ago: executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f0000000a80), 0x4) 10.170908ms ago: executing program 1: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) keyctl$restrict_keyring(0xa, r0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000100)='e\'.\x00') 6.455719ms ago: executing program 4: socket$nl_audit(0x10, 0x3, 0x9) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) 0s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='ext4_da_release_space\x00', r1}, 0x10) write$cgroup_type(r0, &(0x7f0000000000), 0x9) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001480)={&(0x7f0000000040)='ext4_da_release_space\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) kernel console output (not intermixed with test programs): 0 [ 699.675590][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 699.684038][ T746] hub 1-1:4.0: USB hub found [ 699.684987][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 699.698155][ T45] device bridge_slave_0 left promiscuous mode [ 699.704264][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.713565][ T45] device veth1_macvtap left promiscuous mode [ 699.719488][ T45] device veth0_vlan left promiscuous mode [ 699.899241][ T746] hub 1-1:4.0: 2 ports detected [ 699.935581][T18923] loop4: detected capacity change from 0 to 8192 [ 700.040040][T18932] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 700.070187][T18946] loop4: detected capacity change from 0 to 512 [ 700.100191][T18946] EXT4-fs (loop4): Ignoring removed oldalloc option [ 700.106733][T18946] EXT4-fs (loop4): Unrecognized mount option "dont_measure" or missing value [ 700.236640][T18938] kvm_set_msr_common: 13 callbacks suppressed [ 700.236708][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x4e00 [ 700.268019][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xb800 [ 700.291827][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x4200 [ 700.652603][ T746] hub 1-1:4.0: set hub depth failed [ 700.677837][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xf800 [ 700.686826][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xf800 [ 700.697060][ T746] usb 1-1: USB disconnect, device number 49 [ 700.706516][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xf800 [ 700.752089][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0xd200 [ 700.761126][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0xc400 [ 700.770012][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0xb000 [ 700.818369][T18938] kvm [18937]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xf800 [ 700.989709][ T30] kauditd_printk_skb: 108 callbacks suppressed [ 700.989722][ T30] audit: type=1326 audit(2000000027.070:27966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.089288][T18965] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 701.333313][ T30] audit: type=1326 audit(2000000027.070:27967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.365727][ T30] audit: type=1326 audit(2000000027.070:27968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.389902][ T30] audit: type=1326 audit(2000000027.070:27969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.413928][ T30] audit: type=1326 audit(2000000027.070:27970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.439280][ T30] audit: type=1326 audit(2000000027.070:27971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.463411][ T30] audit: type=1326 audit(2000000027.070:27972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.489050][ T30] audit: type=1326 audit(2000000027.270:27973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18960 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 701.547105][T18979] loop4: detected capacity change from 0 to 2048 [ 701.560032][T18981] loop3: detected capacity change from 0 to 2048 [ 701.570201][T18979] Alternate GPT is invalid, using primary GPT. [ 701.576244][T18979] loop4: p1 p2 p3 [ 701.582089][T18981] Alternate GPT is invalid, using primary GPT. [ 701.588420][T18981] loop3: p1 p2 p3 [ 701.642909][T18977] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 701.679419][T18985] syz-executor.3[18985] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 701.679512][T18985] syz-executor.3[18985] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 701.682257][T18986] loop4: detected capacity change from 0 to 512 [ 701.749588][T18985] syz-executor.3[18985] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 701.749677][T18985] syz-executor.3[18985] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 701.776309][T18986] EXT4-fs (loop4): Ignoring removed oldalloc option [ 701.794520][T18986] EXT4-fs (loop4): Unrecognized mount option "dont_measure" or missing value [ 701.892306][T18996] overlayfs: statfs failed on './file0' [ 702.380338][T19010] syz-executor.0[19010] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 702.380425][T19010] syz-executor.0[19010] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 704.091528][T19032] loop4: detected capacity change from 0 to 256 [ 704.149585][ T30] audit: type=1400 audit(2000000030.230:27974): avc: denied { mounton } for pid=19031 comm="syz-executor.4" path="/root/syzkaller-testdir2001742677/syzkaller.c9TxDX/12/file0/file0" dev="loop4" ino=1048843 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 704.264622][T19047] loop3: detected capacity change from 0 to 512 [ 704.304134][T19047] EXT4-fs (loop3): filesystem is read-only [ 704.799015][ T1746] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 704.862138][ T30] audit: type=1400 audit(2000000030.940:27975): avc: denied { write } for pid=19082 comm="syz-executor.3" name="file0" dev="sda1" ino=1964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 705.038368][T19091] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 705.049325][T19103] loop3: detected capacity change from 0 to 256 [ 705.169084][ T1746] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 705.184038][ T1746] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 705.193757][ T1746] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 705.202853][ T1746] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 705.211989][ T1746] usb 2-1: config 0 descriptor?? [ 706.097094][T19136] loop3: detected capacity change from 0 to 8192 [ 706.116505][T19136] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 706.129826][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 706.129843][ T30] audit: type=1400 audit(2000000032.210:27977): avc: denied { watch } for pid=19135 comm="syz-executor.3" path="/root/syzkaller-testdir3706343228/syzkaller.m9GBwz/473/file2" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 706.350575][ T1746] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.006B/input/input50 [ 706.364225][ T1746] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.006B/input/input51 [ 706.377079][ T1746] uclogic 0003:256C:006D.006B: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 706.568155][ T1746] usb 2-1: USB disconnect, device number 50 [ 706.617321][T19155] loop4: detected capacity change from 0 to 131072 [ 706.670101][T19155] F2FS-fs (loop4): Test dummy encryption mode enabled [ 706.679560][T19155] F2FS-fs (loop4): Found nat_bits in checkpoint [ 706.711952][T19155] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 707.249470][ T30] audit: type=1326 audit(2000000033.330:27978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.273617][ T30] audit: type=1326 audit(2000000033.330:27979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.305799][ T30] audit: type=1326 audit(2000000033.380:27980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.334211][ T30] audit: type=1326 audit(2000000033.380:27981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.363222][ T30] audit: type=1326 audit(2000000033.380:27982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.387513][ T30] audit: type=1326 audit(2000000033.410:27983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.411651][ T30] audit: type=1326 audit(2000000033.410:27984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.435996][ T30] audit: type=1326 audit(2000000033.410:27985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.461408][ T30] audit: type=1326 audit(2000000033.410:27986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcfe2317f29 code=0x7ffc0000 [ 707.769983][T19247] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 707.780390][T19247] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 707.810948][T19251] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 707.925663][T19269] loop3: detected capacity change from 0 to 512 [ 707.959954][T19269] EXT4-fs (loop3): Ignoring removed oldalloc option [ 707.966529][T19269] EXT4-fs (loop3): Unrecognized mount option "dont_measure" or missing value [ 708.029039][ T1671] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 708.136331][T19275] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 708.147038][T19275] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 708.512096][T19284] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 708.579079][ T1671] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 708.589861][ T1671] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 708.599760][ T1671] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 708.608636][ T1671] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.617043][ T1671] usb 5-1: config 0 descriptor?? [ 708.976492][T19306] loop3: detected capacity change from 0 to 40427 [ 709.062706][T19306] F2FS-fs (loop3): Found nat_bits in checkpoint [ 709.105039][T19306] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 709.136185][T14695] attempt to access beyond end of device [ 709.136185][T14695] loop3: rw=524288, want=45072, limit=40427 [ 709.148482][T14695] attempt to access beyond end of device [ 709.148482][T14695] loop3: rw=0, want=45072, limit=40427 [ 709.177403][ T939] attempt to access beyond end of device [ 709.177403][ T939] loop3: rw=2049, want=41088, limit=40427 [ 709.466590][T19315] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.473535][T19315] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.481168][T19315] device bridge_slave_0 entered promiscuous mode [ 709.488215][T19315] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.495246][T19315] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.502613][T19315] device bridge_slave_1 entered promiscuous mode [ 709.619077][ T1671] usb 5-1: string descriptor 0 read error: -71 [ 709.639126][ T1671] uclogic 0003:256C:006D.006C: failed retrieving string descriptor #200: -71 [ 709.663204][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 709.671567][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 709.679197][ T1671] uclogic 0003:256C:006D.006C: failed retrieving pen parameters: -71 [ 709.686995][ T1671] uclogic 0003:256C:006D.006C: failed probing pen v2 parameters: -71 [ 709.695229][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 710.173730][ T1671] uclogic 0003:256C:006D.006C: failed probing parameters: -71 [ 710.181933][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 710.189019][ T1671] uclogic: probe of 0003:256C:006D.006C failed with error -71 [ 710.196570][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 710.204394][ T1671] usb 5-1: USB disconnect, device number 42 [ 710.210580][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 710.219911][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 710.228388][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.235246][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 710.242464][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 710.250657][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 710.258657][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.265520][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 710.287268][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 710.294996][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 710.302928][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 710.310248][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 710.321178][T19315] device veth0_vlan entered promiscuous mode [ 710.336076][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 710.345871][T19315] device veth1_macvtap entered promiscuous mode [ 710.361044][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 710.370165][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 710.428712][T19345] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 710.446321][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 711.413221][T19394] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 711.873790][T19466] Invalid ELF header magic: != ELF [ 711.920533][T19470] tipc: Started in network mode [ 711.925228][T19470] tipc: Node identity 1, cluster identity 4711 [ 711.932288][T19470] tipc: Node number set to 1 [ 711.938163][T19470] tipc: Cannot configure node identity twice [ 712.025701][T19491] Invalid ELF header magic: != ELF [ 714.008939][ C1] sched: RT throttling activated [ 714.105632][T19565] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.3'. [ 714.359086][ T559] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 714.769053][ T559] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 714.779907][ T559] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 714.789392][ T559] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 714.798266][ T559] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.806664][ T559] usb 2-1: config 0 descriptor?? [ 715.290518][ T559] hid (null): bogus close delimiter [ 715.344006][T19591] ªªªªªª: renamed from vlan0 [ 715.369673][ T30] kauditd_printk_skb: 67 callbacks suppressed [ 715.369690][ T30] audit: type=1326 audit(2000000041.450:28054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19593 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b57fcbf29 code=0x7ffc0000 [ 715.399650][ T30] audit: type=1326 audit(2000000041.450:28055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19593 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b57fcbf29 code=0x7ffc0000 [ 715.424137][ T30] audit: type=1326 audit(2000000041.450:28056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19593 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f7b57fcbf29 code=0x7ffc0000 [ 715.448213][ T30] audit: type=1326 audit(2000000041.450:28057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19593 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b57fcbf29 code=0x7ffc0000 [ 715.472258][ T30] audit: type=1326 audit(2000000041.450:28058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19593 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b57fcbf29 code=0x7ffc0000 [ 715.502636][ T559] usb 2-1: string descriptor 0 read error: -22 [ 715.624553][T19602] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.631545][T19602] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.638852][T19602] device bridge_slave_0 entered promiscuous mode [ 715.645820][T19602] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.652819][T19602] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.660626][T19602] device bridge_slave_1 entered promiscuous mode [ 715.715538][T19602] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.722426][T19602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.729514][T19602] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.736277][T19602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 715.764078][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 715.771700][T13074] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.791124][T13074] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.807954][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 715.816436][T13074] bridge0: port 1(bridge_slave_0) entered blocking state [ 715.823312][T13074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 715.841035][T19020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 715.849782][T19020] bridge0: port 2(bridge_slave_1) entered blocking state [ 715.856676][T19020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.864021][T19020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 715.877854][T19020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 715.895644][T19020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 715.914519][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 715.919638][ T559] uclogic 0003:256C:006D.006D: failed retrieving string descriptor #100: -71 [ 715.923394][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 715.931383][ T559] uclogic 0003:256C:006D.006D: failed retrieving pen parameters: -71 [ 715.938760][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 715.946344][ T559] uclogic 0003:256C:006D.006D: failed probing pen v1 parameters: -71 [ 715.958893][T19602] device veth0_vlan entered promiscuous mode [ 715.960869][ T559] uclogic 0003:256C:006D.006D: failed probing parameters: -71 [ 715.973910][ T559] uclogic: probe of 0003:256C:006D.006D failed with error -71 [ 715.983458][ T559] usb 2-1: USB disconnect, device number 51 [ 715.993687][T19020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 716.001798][T19609] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. [ 716.013352][T19602] device veth1_macvtap entered promiscuous mode [ 716.029451][T19020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 716.040481][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 716.162631][T19623] ªªªªªª: renamed from vlan0 [ 716.169798][ T8] device bridge_slave_1 left promiscuous mode [ 716.175824][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 716.183348][ T8] device bridge_slave_0 left promiscuous mode [ 716.350828][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.396577][ T8] device veth1_macvtap left promiscuous mode [ 716.607570][T19625] loop4: detected capacity change from 0 to 40427 [ 716.650001][T19625] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 716.657619][T19625] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 716.678071][T19625] F2FS-fs (loop4): Found nat_bits in checkpoint [ 716.734842][T19639] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.1'. [ 716.752072][T19625] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 716.759932][T19625] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 716.813557][T19637] bridge0: port 1(bridge_slave_0) entered blocking state [ 716.820524][T19637] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.828079][T19637] device bridge_slave_0 entered promiscuous mode [ 716.835333][T19637] bridge0: port 2(bridge_slave_1) entered blocking state [ 716.842351][T19637] bridge0: port 2(bridge_slave_1) entered disabled state [ 716.849906][T19637] device bridge_slave_1 entered promiscuous mode [ 717.012866][ T30] audit: type=1326 audit(2000000043.090:28059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f2c8a8f29 code=0x7ffc0000 [ 717.054760][ T30] audit: type=1326 audit(2000000043.090:28060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1f2c8a8f29 code=0x7ffc0000 [ 717.080633][ T30] audit: type=1326 audit(2000000043.090:28061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f2c8a8f29 code=0x7ffc0000 [ 717.109915][ T30] audit: type=1326 audit(2000000043.090:28062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1f2c8a8f29 code=0x7ffc0000 [ 717.110721][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 717.143166][ T30] audit: type=1326 audit(2000000043.090:28063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19655 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f2c8a8f29 code=0x7ffc0000 [ 717.168226][T19661] ªªªªªª: renamed from vlan0 [ 717.182567][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 717.194446][ T746] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.201372][ T746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 717.213741][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 717.229129][T19669] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.3'. [ 717.246840][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 717.255140][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.262025][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 717.294666][T19637] device veth0_vlan entered promiscuous mode [ 717.306188][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 717.314836][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 717.323828][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 717.331403][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 717.341477][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 717.351544][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 717.373500][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 717.385298][T19637] device veth1_macvtap entered promiscuous mode [ 717.397756][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 717.414325][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 717.440410][T19671] loop4: detected capacity change from 0 to 40427 [ 717.470032][T19671] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 717.477755][T19671] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 717.489900][T19671] F2FS-fs (loop4): Found nat_bits in checkpoint [ 717.533514][T19671] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 717.540510][T19671] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 717.647925][ T8] device bridge_slave_0 left promiscuous mode [ 717.677804][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.779122][ T8] device veth1_macvtap left promiscuous mode [ 717.842554][ T8] device veth0_vlan left promiscuous mode [ 717.954886][T19696] loop4: detected capacity change from 0 to 16 [ 717.981225][T19696] erofs: (device loop4): mounted with root inode @ nid 36. [ 717.991566][T19696] erofs: (device loop4): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36 [ 718.001444][T19696] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117] [ 718.229332][T19718] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 718.375172][T19743] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 718.543687][T19772] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 720.265136][T19829] loop2: detected capacity change from 0 to 512 [ 720.310161][T19829] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 720.317356][T19829] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 720.333622][T19829] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 720.345615][T19829] System zones: 1-12 [ 720.355257][T19829] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr [ 720.371463][T19829] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 720.393741][T19829] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,nolazytime,debug,noload,mblk_io_submit,commit=0x0000000000000005,lazytime,acl,,errors=continue. Quota mode: none. [ 720.829003][ T6] usb 2-1: new full-speed USB device number 52 using dummy_hcd [ 721.189090][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 721.209480][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 255, setting to 64 [ 721.238684][ T6] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 721.272274][ T6] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 721.291292][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 721.304347][ T6] usb 2-1: config 0 descriptor?? [ 721.329068][T19857] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 721.600241][ T30] kauditd_printk_skb: 195 callbacks suppressed [ 721.600258][ T30] audit: type=1326 audit(2000000047.680:28259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.631042][ T30] audit: type=1326 audit(2000000047.720:28260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.663963][ T30] audit: type=1326 audit(2000000047.720:28261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.692324][T19910] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 721.693091][ T30] audit: type=1326 audit(2000000047.720:28262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.718496][T19896] loop2: detected capacity change from 0 to 40427 [ 721.733583][ T30] audit: type=1326 audit(2000000047.720:28263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.758299][ T30] audit: type=1326 audit(2000000047.720:28264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.784210][ T6] plantronics 0003:047F:FFFF.006E: unknown main item tag 0x4 [ 721.790129][ T30] audit: type=1326 audit(2000000047.720:28265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.815932][ T30] audit: type=1326 audit(2000000047.720:28266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.816854][ T6] plantronics 0003:047F:FFFF.006E: No inputs registered, leaving [ 721.847520][ T30] audit: type=1326 audit(2000000047.720:28267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.873498][T19896] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 721.873555][ T6] plantronics 0003:047F:FFFF.006E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 721.881622][T19896] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 721.899923][ T30] audit: type=1326 audit(2000000047.720:28268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19906 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b9861ef29 code=0x7ffc0000 [ 721.914819][T19896] F2FS-fs (loop2): invalid crc value [ 721.937314][T19896] F2FS-fs (loop2): Found nat_bits in checkpoint [ 721.977052][T19896] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 721.984123][T19896] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 722.429583][ T6] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 722.669016][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 723.029712][T19969] syz-executor.3[19969] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 723.029808][T19969] syz-executor.3[19969] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 723.053277][T19973] syz-executor.3[19973] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 723.065774][T19973] syz-executor.3[19973] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 723.206987][T19982] device syzkaller0 entered promiscuous mode [ 723.233926][T19976] loop3: detected capacity change from 0 to 40427 [ 723.269911][T19976] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 723.277528][T19976] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 723.279138][ T6] usb 5-1: New USB device found, idVendor=b924, idProduct=da93, bcdDevice=d3.4e [ 723.287056][T19976] F2FS-fs (loop3): invalid crc value [ 723.294400][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.307330][ T6] usb 5-1: Product: syz [ 723.311276][ T6] usb 5-1: Manufacturer: syz [ 723.315664][ T6] usb 5-1: SerialNumber: syz [ 723.321006][ T6] usb 5-1: config 0 descriptor?? [ 723.321885][T19976] F2FS-fs (loop3): Found nat_bits in checkpoint [ 723.369894][T19976] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 723.376793][T19976] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 723.844111][ T3909] usb 5-1: USB disconnect, device number 43 [ 723.871689][T20003] loop2: detected capacity change from 0 to 512 [ 723.910486][T20003] EXT4-fs (loop2): Ignoring removed oldalloc option [ 723.917029][T20003] EXT4-fs (loop2): Unrecognized mount option "dont_measure" or missing value [ 723.959571][ T559] usb 2-1: USB disconnect, device number 52 [ 725.201988][T20017] syz-executor.0[20017] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.202078][T20017] syz-executor.0[20017] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 725.827201][T20050] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.4'. [ 726.954391][T20081] loop2: detected capacity change from 0 to 256 [ 728.011177][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 728.011194][ T30] audit: type=1400 audit(2000000054.090:28323): avc: denied { getopt } for pid=20080 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 728.714359][T20091] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.4'. [ 729.875539][T20124] loop4: detected capacity change from 0 to 512 [ 729.985022][ T30] audit: type=1326 audit(2000000056.060:28324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.000373][T20124] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor.4: casefold flag without casefold feature [ 730.023778][ T30] audit: type=1326 audit(2000000056.070:28325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.029942][T20124] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.4: missing EA_INODE flag [ 730.053448][T20149] syz-executor.3[20149] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 730.062478][T20124] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor.4: error while reading EA inode 12 err=-117 [ 730.074322][T20149] syz-executor.3[20149] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 730.087245][ T30] audit: type=1326 audit(2000000056.070:28326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.122800][T20124] EXT4-fs (loop4): 1 orphan inode deleted [ 730.128400][T20124] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 730.138810][ T30] audit: type=1326 audit(2000000056.070:28327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.163112][ T30] audit: type=1326 audit(2000000056.070:28328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.187277][ T30] audit: type=1326 audit(2000000056.070:28329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.211239][ T30] audit: type=1326 audit(2000000056.070:28330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.236597][ T30] audit: type=1326 audit(2000000056.070:28331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.260933][ T30] audit: type=1326 audit(2000000056.070:28332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20143 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 730.466333][T20185] loop2: detected capacity change from 0 to 256 [ 731.355187][T20204] loop4: detected capacity change from 0 to 512 [ 731.392508][T20204] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 731.405718][T20204] EXT4-fs (loop4): 1 truncate cleaned up [ 731.411421][T20204] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 733.512389][T20242] loop3: detected capacity change from 0 to 128 [ 733.533515][T20245] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 733.543158][T20245] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 733.554075][T20242] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 733.573394][T20245] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20245 comm=syz-executor.4 [ 733.581084][T20249] loop2: detected capacity change from 0 to 512 [ 733.593272][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 733.593287][ T30] audit: type=1400 audit(2000000059.670:28353): avc: denied { read } for pid=20244 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 733.621502][ T30] audit: type=1326 audit(2000000059.710:28354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.645561][ T30] audit: type=1326 audit(2000000059.710:28355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.681632][ T30] audit: type=1326 audit(2000000059.750:28356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.685348][T20249] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 733.706189][ T30] audit: type=1326 audit(2000000059.750:28357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.740551][ T30] audit: type=1326 audit(2000000059.750:28358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.765686][ T30] audit: type=1326 audit(2000000059.750:28359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.770622][T20249] EXT4-fs (loop2): 1 truncate cleaned up [ 733.799142][T20249] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 733.810524][ T30] audit: type=1326 audit(2000000059.750:28360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.834569][ T30] audit: type=1326 audit(2000000059.750:28361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 733.858864][ T30] audit: type=1326 audit(2000000059.750:28362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20251 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f8113967f29 code=0x7ffc0000 [ 734.083790][T20265] bridge0: port 1(bridge_slave_0) entered blocking state [ 734.106416][T20265] bridge0: port 1(bridge_slave_0) entered disabled state [ 734.134450][T20265] device bridge_slave_0 entered promiscuous mode [ 734.176578][T20265] bridge0: port 2(bridge_slave_1) entered blocking state [ 734.186828][T20265] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.208682][T20265] device bridge_slave_1 entered promiscuous mode [ 735.860705][T20277] loop2: detected capacity change from 0 to 40427 [ 735.880570][T20277] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 735.888172][T20277] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 735.897885][ T8] device bridge_slave_1 left promiscuous mode [ 735.909366][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.916554][T20277] F2FS-fs (loop2): invalid crc value [ 735.924978][ T8] device bridge_slave_0 left promiscuous mode [ 735.931919][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.933529][T20277] F2FS-fs (loop2): Found nat_bits in checkpoint [ 735.961974][ T8] device veth1_macvtap left promiscuous mode [ 735.990132][T20277] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 735.997077][T20277] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 736.157356][T20327] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.1'. [ 736.173501][T20328] raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! [ 737.248786][T20287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 737.260264][T20287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 737.292711][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 737.328022][T20357] loop2: detected capacity change from 0 to 512 [ 737.329425][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 737.346073][T20292] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.353045][T20292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.360354][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 737.368681][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 737.392077][T20357] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 737.403615][T20357] EXT4-fs (loop2): Ignoring removed nobh option [ 737.410563][T20357] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 737.419840][T20357] EXT4-fs (loop2): failed to open journal device unknown-block(228,169) -6 [ 737.575938][T20292] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.582901][T20292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.596878][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 737.604328][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 737.612168][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 737.619904][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 737.627704][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 737.640091][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 737.648273][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 737.662921][T20265] device veth0_vlan entered promiscuous mode [ 737.670625][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 737.678446][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 737.693351][T20265] device veth1_macvtap entered promiscuous mode [ 737.706536][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 737.719300][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 737.726609][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 737.737283][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 737.745406][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 737.766826][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 737.775215][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 737.783467][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 737.791633][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 737.802810][T20370] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 738.213732][T20424] loop3: detected capacity change from 0 to 256 [ 739.039402][T20483] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 739.524140][T20490] loop3: detected capacity change from 0 to 40427 [ 739.569758][T20490] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 739.577447][T20490] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 739.587732][T20490] F2FS-fs (loop3): invalid crc value [ 739.597726][T20490] F2FS-fs (loop3): Found nat_bits in checkpoint [ 739.644700][T20490] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 739.651695][T20490] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 739.663368][T20490] attempt to access beyond end of device [ 739.663368][T20490] loop3: rw=2049, want=45104, limit=40427 [ 739.674906][T20490] attempt to access beyond end of device [ 739.674906][T20490] loop3: rw=2049, want=45112, limit=40427 [ 739.819159][T14518] Bluetooth: hci0: command 0x1003 tx timeout [ 739.849218][T15680] Bluetooth: hci0: sending frame failed (-49) [ 739.856593][T20265] attempt to access beyond end of device [ 739.856593][T20265] loop3: rw=2051, want=45112, limit=40427 [ 739.868662][T20265] F2FS-fs (loop3): Issue discard(5637, 5637, 2) failed, ret: -5 [ 739.968185][ T441] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 740.569656][ T441] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 740.660793][T20520] loop3: detected capacity change from 0 to 40427 [ 740.709931][T20520] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 740.717495][T20520] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 740.726701][T20520] F2FS-fs (loop3): invalid crc value [ 740.733676][T20520] F2FS-fs (loop3): Found nat_bits in checkpoint [ 740.749074][ T441] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 740.758204][ T441] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 740.766083][ T441] usb 5-1: Product: syz [ 740.770267][ T441] usb 5-1: Manufacturer: syz [ 740.774758][ T441] usb 5-1: SerialNumber: syz [ 740.779808][T20520] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 740.786877][T20520] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 740.803258][T20520] attempt to access beyond end of device [ 740.803258][T20520] loop3: rw=2049, want=45104, limit=40427 [ 740.814906][T20520] attempt to access beyond end of device [ 740.814906][T20520] loop3: rw=2049, want=45112, limit=40427 [ 740.844154][T20265] attempt to access beyond end of device [ 740.844154][T20265] loop3: rw=2051, want=45112, limit=40427 [ 740.859598][T20265] F2FS-fs (loop3): Issue discard(5637, 5637, 2) failed, ret: -5 [ 741.000763][T20539] loop3: detected capacity change from 0 to 512 [ 741.022149][T20539] EXT4-fs (loop3): 1 truncate cleaned up [ 741.027647][T20539] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000c32,nolazytime,jqfmt=vfsold,acl,nodiscard,errors=continue,usrjquota=,,errors=continue. Quota mode: none. [ 741.480289][T20545] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #2: block 13: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 741.501412][T20547] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.0'. [ 741.899038][ T559] Bluetooth: hci0: command 0x1001 tx timeout [ 741.905355][T15680] Bluetooth: hci0: sending frame failed (-49) [ 741.933008][T20559] input: syz1 as /devices/virtual/input/input53 [ 742.329071][ T441] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 742.335352][ T441] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 742.348999][ T441] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 742.549049][ T441] cdc_ncm 5-1:1.0: setting tx_max = 184 [ 742.555799][ T441] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42 [ 742.567041][ T441] usb 5-1: USB disconnect, device number 44 [ 742.573152][ T441] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM [ 742.720807][T20589] input: syz1 as /devices/virtual/input/input54 [ 742.919467][T20604] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 742.932073][T20604] loop3: detected capacity change from 0 to 1024 [ 742.951506][T20604] EXT4-fs (loop3): required journal recovery suppressed and not mounted read-only [ 743.029032][T20292] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 743.034759][T20604] xt_CT: You must specify a L4 protocol and not use inversions on it [ 743.116035][T20619] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 743.142102][T20619] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 743.184582][T20622] device syzkaller0 entered promiscuous mode [ 743.250779][T20617] loop3: detected capacity change from 0 to 40427 [ 743.268971][T20292] usb 2-1: Using ep0 maxpacket: 32 [ 743.276122][T20617] F2FS-fs (loop3): invalid crc value [ 743.283270][T20617] F2FS-fs (loop3): Found nat_bits in checkpoint [ 743.327878][T20617] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 743.334814][T20617] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 743.389084][T20292] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 743.401908][T20292] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 743.414421][T20643] loop4: detected capacity change from 0 to 256 [ 743.421094][T20292] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 743.430020][T20292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.438518][T20292] usb 2-1: config 0 descriptor?? [ 743.459209][T20595] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 743.474673][T20643] FAT-fs (loop4): Directory bread(block 64) failed [ 743.481647][T20292] hub 2-1:0.0: USB hub found [ 743.486174][T20643] FAT-fs (loop4): Directory bread(block 65) failed [ 743.492577][T20643] FAT-fs (loop4): Directory bread(block 66) failed [ 743.499004][T20643] FAT-fs (loop4): Directory bread(block 67) failed [ 743.505363][T20643] FAT-fs (loop4): Directory bread(block 68) failed [ 743.511819][T20643] FAT-fs (loop4): Directory bread(block 69) failed [ 743.518252][T20643] FAT-fs (loop4): Directory bread(block 70) failed [ 743.524666][T20643] FAT-fs (loop4): Directory bread(block 71) failed [ 743.531080][T20643] FAT-fs (loop4): Directory bread(block 72) failed [ 743.537453][T20643] FAT-fs (loop4): Directory bread(block 73) failed [ 743.627288][T20650] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 743.637233][T20650] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 743.699010][T20292] hub 2-1:0.0: 2 ports detected [ 743.745097][T20265] attempt to access beyond end of device [ 743.745097][T20265] loop3: rw=524288, want=45072, limit=40427 [ 743.759102][T20265] attempt to access beyond end of device [ 743.759102][T20265] loop3: rw=0, want=45072, limit=40427 [ 743.790130][ T939] attempt to access beyond end of device [ 743.790130][ T939] loop3: rw=2049, want=40992, limit=40427 [ 743.889052][T20659] device syzkaller0 entered promiscuous mode [ 743.979038][T14518] Bluetooth: hci0: command 0x1009 tx timeout [ 744.189357][T20665] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.190483][T20664] loop4: detected capacity change from 0 to 40427 [ 744.202635][T20665] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.210704][T20665] device bridge_slave_0 entered promiscuous mode [ 744.228905][T20665] bridge0: port 2(bridge_slave_1) entered blocking state [ 744.236392][T20665] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.243645][T20664] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 744.244702][T20665] device bridge_slave_1 entered promiscuous mode [ 744.257420][T20664] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 744.265499][T20292] hub 2-1:0.0: set hub depth failed [ 744.270318][T20664] F2FS-fs (loop4): invalid crc value [ 744.295155][T20664] F2FS-fs (loop4): Found nat_bits in checkpoint [ 744.309771][T20292] usb 2-1: USB disconnect, device number 53 [ 744.389573][T20664] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 744.397927][ T939] device bridge_slave_1 left promiscuous mode [ 744.404152][T20664] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 744.411910][ T939] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.422086][ T939] device bridge_slave_0 left promiscuous mode [ 744.428034][ T939] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.438131][ T939] device veth1_macvtap left promiscuous mode [ 744.444113][ T939] device veth0_vlan left promiscuous mode [ 744.596109][T20665] bridge0: port 2(bridge_slave_1) entered blocking state [ 744.603132][T20665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 744.610244][T20665] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.616993][T20665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 744.699656][ T559] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.707948][ T559] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.829510][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 744.838011][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 744.931240][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 744.940486][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 744.949112][T18906] attempt to access beyond end of device [ 744.949112][T18906] loop4: rw=2049, want=45104, limit=40427 [ 744.960452][T20292] bridge0: port 1(bridge_slave_0) entered blocking state [ 744.967297][T20292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 744.974777][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 745.276627][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 745.298614][T20292] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.305715][T20292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 745.328693][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 745.337433][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 745.345423][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 745.365837][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 745.386379][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 745.395770][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 745.409738][T20665] device veth0_vlan entered promiscuous mode [ 745.416093][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 745.425102][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 745.435089][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 745.442893][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 745.469149][T20699] device syzkaller0 entered promiscuous mode [ 745.480329][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 745.488577][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 745.510537][T20665] device veth1_macvtap entered promiscuous mode [ 745.535620][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 745.544274][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 745.552334][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 745.560813][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 745.568867][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 745.691846][T20703] loop4: detected capacity change from 0 to 40427 [ 745.709961][T20703] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 745.717670][T20703] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 745.726897][T20703] F2FS-fs (loop4): invalid crc value [ 745.734061][T20703] F2FS-fs (loop4): Found nat_bits in checkpoint [ 745.765488][T20703] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 745.772452][T20703] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 745.788384][T20703] attempt to access beyond end of device [ 745.788384][T20703] loop4: rw=2049, want=45104, limit=40427 [ 745.799940][T20703] attempt to access beyond end of device [ 745.799940][T20703] loop4: rw=2049, want=45112, limit=40427 [ 745.811310][T13074] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 745.842933][T18906] attempt to access beyond end of device [ 745.842933][T18906] loop4: rw=2051, want=45112, limit=40427 [ 745.854856][T18906] F2FS-fs (loop4): Issue discard(5637, 5637, 2) failed, ret: -5 [ 746.083866][T20731] loop4: detected capacity change from 0 to 256 [ 746.155981][T20731] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 747.290482][T13074] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 747.302684][T13074] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 747.312702][T13074] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 747.325691][T13074] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.336952][T13074] usb 2-1: config 0 descriptor?? [ 747.625731][T20765] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 747.635053][T20765] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 747.689151][ T441] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 747.928992][ T441] usb 4-1: Using ep0 maxpacket: 8 [ 748.229099][ T441] usb 4-1: New USB device found, idVendor=b924, idProduct=da93, bcdDevice=d3.4e [ 748.238023][ T441] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 748.246406][ T441] usb 4-1: Product: syz [ 748.250447][ T441] usb 4-1: Manufacturer: syz [ 748.254805][ T441] usb 4-1: SerialNumber: syz [ 748.259959][ T441] usb 4-1: config 0 descriptor?? [ 748.501728][ T441] usb 4-1: USB disconnect, device number 51 [ 748.509049][T13074] uclogic 0003:256C:006D.006F: interface is invalid, ignoring [ 748.712438][T20701] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 748.723057][T20701] SELinux: security_context_str_to_sid(root) failed for (dev 9p, type 9p) errno=-22 [ 748.741242][T20292] usb 2-1: USB disconnect, device number 54 [ 748.814987][T20785] loop2: detected capacity change from 0 to 40427 [ 748.872462][T20785] F2FS-fs (loop2): Found nat_bits in checkpoint [ 748.902437][T20785] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 749.199492][T20796] loop3: detected capacity change from 0 to 40427 [ 749.229946][T20796] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 749.237664][T20796] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 749.265455][T20796] F2FS-fs (loop3): invalid crc value [ 749.273067][T20796] F2FS-fs (loop3): Found nat_bits in checkpoint [ 749.314386][T20804] loop2: detected capacity change from 0 to 40427 [ 749.316364][T20796] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 749.327654][T20796] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 749.413530][T20804] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 749.433594][T20804] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 749.480268][T20804] F2FS-fs (loop2): invalid crc value [ 749.540041][T20804] F2FS-fs (loop2): Found nat_bits in checkpoint [ 749.623400][T20804] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 749.630404][T20804] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 750.236170][T20665] attempt to access beyond end of device [ 750.236170][T20665] loop3: rw=2049, want=40968, limit=40427 [ 750.593319][T20828] overlayfs: failed to get inode (-116) [ 750.598816][T20828] overlayfs: failed to get inode (-116) [ 750.653105][T20832] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 751.110016][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 751.110033][ T30] audit: type=1400 audit(2000000077.190:28423): avc: denied { mount } for pid=20843 comm="syz-executor.1" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 751.142242][ T30] audit: type=1400 audit(2000000077.220:28424): avc: denied { unmount } for pid=18797 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 751.509202][ T3909] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 752.019063][ T3909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 752.029800][ T3909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 752.039356][ T3909] usb 3-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 752.048158][ T3909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.056556][ T3909] usb 3-1: config 0 descriptor?? [ 752.590677][ T3909] pantherlord 0003:0810:0002.0070: hidraw0: USB HID v0.00 Device [HID 0810:0002] on usb-dummy_hcd.2-1/input0 [ 752.602261][ T3909] pantherlord 0003:0810:0002.0070: no output reports found [ 752.790849][T20848] UDC core: couldn't find an available UDC or it's busy: -16 [ 752.798166][T20848] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 752.806226][ T746] usb 3-1: USB disconnect, device number 47 [ 753.118486][T20875] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 753.679066][ T746] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 753.939008][ T746] usb 3-1: Using ep0 maxpacket: 32 [ 754.069063][ T746] usb 3-1: config index 0 descriptor too short (expected 12336, got 18) [ 754.077350][ T746] usb 3-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 754.085873][ T746] usb 3-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config [ 754.095977][ T746] usb 3-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 754.279082][ T746] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 754.287996][ T746] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.296044][ T746] usb 3-1: Product: syz [ 754.300072][ T746] usb 3-1: Manufacturer: syz [ 754.304414][ T746] usb 3-1: SerialNumber: syz [ 754.699535][ T746] usb 3-1: USB disconnect, device number 48 [ 755.359786][T20955] loop2: detected capacity change from 0 to 40427 [ 755.400818][T20955] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 755.408377][T20955] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 755.419026][T20955] F2FS-fs (loop2): Found nat_bits in checkpoint [ 755.446703][T20955] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 755.458129][T20955] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 755.465012][T20955] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 755.690259][T14518] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 756.048976][T14518] usb 2-1: Using ep0 maxpacket: 32 [ 756.121181][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.121205][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.128713][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.136574][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.144008][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.151515][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.158891][T19637] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 756.219087][T14518] usb 2-1: config index 0 descriptor too short (expected 12336, got 18) [ 756.234850][T14518] usb 2-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 756.243379][T14518] usb 2-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config [ 756.253903][T14518] usb 2-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 756.423418][T20977] device pim6reg1 entered promiscuous mode [ 756.439735][T14518] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 756.448874][T14518] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.456729][T14518] usb 2-1: Product: syz [ 756.461266][T14518] usb 2-1: Manufacturer: syz [ 756.465672][T14518] usb 2-1: SerialNumber: syz [ 756.770127][T14518] usb 2-1: USB disconnect, device number 55 [ 756.841968][T20999] loop2: detected capacity change from 0 to 40427 [ 756.879976][T20999] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 756.887473][T20999] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 756.896658][T20999] F2FS-fs (loop2): invalid crc value [ 756.903521][T20999] F2FS-fs (loop2): Found nat_bits in checkpoint [ 756.934226][T20999] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 756.941181][T20999] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 757.352199][T21015] device pim6reg1 entered promiscuous mode [ 757.620453][T19637] attempt to access beyond end of device [ 757.620453][T19637] loop2: rw=2049, want=45104, limit=40427 [ 759.161314][T21089] loop2: detected capacity change from 0 to 40427 [ 759.199800][T21089] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 759.207353][T21089] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 759.216655][T21089] F2FS-fs (loop2): invalid crc value [ 759.223405][T21089] F2FS-fs (loop2): Found nat_bits in checkpoint [ 759.254714][T21089] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 759.261598][T21089] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 759.944410][T19637] attempt to access beyond end of device [ 759.944410][T19637] loop2: rw=2049, want=40968, limit=40427 [ 761.324257][T21121] loop2: detected capacity change from 0 to 512 [ 761.371586][T21121] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 761.379707][T21121] EXT4-fs (loop2): 1 truncate cleaned up [ 761.385157][T21121] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_dev=0x0000000000000009,noblock_validity,usrquota,journal_dev=0x0000000000000002,debug_want_extra_isize=0x0000000000000008,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback. [ 761.500421][T21129] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 763.579018][ T441] Bluetooth: hci0: command 0x1003 tx timeout [ 763.584885][T15680] Bluetooth: hci0: sending frame failed (-49) [ 764.109128][ T3909] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 764.359102][ T3909] usb 2-1: Using ep0 maxpacket: 8 [ 764.399166][ T3909] usb 2-1: too many configurations: 22, using maximum allowed: 8 [ 764.479152][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.569091][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.659059][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.749041][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.839060][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 764.929037][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.019069][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.109088][ T3909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.199060][ T3909] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 765.207989][ T3909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 765.215823][ T3909] usb 2-1: SerialNumber: syz [ 765.471663][ T3909] usb 2-1: USB disconnect, device number 56 [ 765.658968][ T746] Bluetooth: hci0: command 0x1001 tx timeout [ 765.664810][T15680] Bluetooth: hci0: sending frame failed (-49) [ 766.954279][T21181] overlayfs: statfs failed on './file0' [ 767.015951][ T30] audit: type=1400 audit(2000000093.090:28425): avc: denied { setattr } for pid=21190 comm="syz-executor.1" name="/" dev="configfs" ino=12788 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 767.748991][ T441] Bluetooth: hci0: command 0x1009 tx timeout [ 768.548452][ T30] audit: type=1400 audit(2000000094.620:28426): avc: denied { mounton } for pid=21217 comm="syz-executor.1" path="/root/syzkaller-testdir1539347426/syzkaller.bBuruD/281/bus" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 768.548594][T21218] overlayfs: upper fs is r/o, try multi-lower layers mount [ 768.591227][ T30] audit: type=1400 audit(2000000094.670:28427): avc: denied { unmount } for pid=18797 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 768.660703][T21225] ./bus: Can't open blockdev [ 768.936269][ T30] audit: type=1326 audit(2000000095.010:28428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 768.960395][ T30] audit: type=1326 audit(2000000095.010:28429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 768.984368][ T30] audit: type=1326 audit(2000000095.010:28430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 769.008831][ T30] audit: type=1326 audit(2000000095.040:28431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 769.033089][ T30] audit: type=1326 audit(2000000095.050:28432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 769.057052][ T30] audit: type=1326 audit(2000000095.050:28433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 769.081009][ T30] audit: type=1326 audit(2000000095.080:28434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21245 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 771.485807][T21294] device syzkaller0 entered promiscuous mode [ 772.491471][ T939] device bridge_slave_1 left promiscuous mode [ 772.497486][ T939] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.505109][ T939] device bridge_slave_0 left promiscuous mode [ 772.511149][ T939] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.519480][ T939] device veth1_macvtap left promiscuous mode [ 772.525431][ T939] device veth0_vlan left promiscuous mode [ 772.943968][T21310] bridge0: port 1(bridge_slave_0) entered blocking state [ 772.950877][T21310] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.958563][T21310] device bridge_slave_0 entered promiscuous mode [ 772.966150][T21310] bridge0: port 2(bridge_slave_1) entered blocking state [ 772.973082][T21310] bridge0: port 2(bridge_slave_1) entered disabled state [ 772.980417][T21310] device bridge_slave_1 entered promiscuous mode [ 772.999271][T21319] loop2: detected capacity change from 0 to 256 [ 773.030139][T21319] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 773.081573][T21310] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.088435][T21310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 773.095572][T21310] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.102330][T21310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.121784][T21323] device syzkaller0 entered promiscuous mode [ 773.173302][ T939] tipc: Left network mode [ 773.179829][ T30] kauditd_printk_skb: 167 callbacks suppressed [ 773.179844][ T30] audit: type=1326 audit(2000000099.250:28602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 773.215765][T21321] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.222701][T21321] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.230664][T21321] device bridge_slave_0 entered promiscuous mode [ 773.237561][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 773.243169][ T30] audit: type=1326 audit(2000000099.260:28603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 773.268724][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.269265][ T30] audit: type=1326 audit(2000000099.290:28604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 773.299674][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.315986][ T30] audit: type=1326 audit(2000000099.290:28605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 773.348181][ T30] audit: type=1326 audit(2000000099.290:28606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 773.367444][T21321] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.379338][T21321] bridge0: port 2(bridge_slave_1) entered disabled state [ 773.382214][ T30] audit: type=1326 audit(2000000099.320:28607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc174543f29 code=0x7ffc0000 [ 773.388881][T21321] device bridge_slave_1 entered promiscuous mode [ 773.421293][ T30] audit: type=1326 audit(2000000099.320:28608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1745416a7 code=0x7ffc0000 [ 773.445484][ T30] audit: type=1326 audit(2000000099.320:28609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc174507379 code=0x7ffc0000 [ 773.469752][ T30] audit: type=1326 audit(2000000099.320:28610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1745416a7 code=0x7ffc0000 [ 773.494189][ T30] audit: type=1326 audit(2000000099.320:28611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21327 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc174507379 code=0x7ffc0000 [ 773.518875][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 773.549276][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.556306][ T441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.579246][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 773.587312][ T441] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.594260][ T441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 773.607370][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 773.616038][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 773.637139][T21310] device veth0_vlan entered promiscuous mode [ 773.644435][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 773.653308][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 773.661595][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 773.669683][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 773.690447][T21310] device veth1_macvtap entered promiscuous mode [ 773.707181][ T459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 773.731150][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 773.766133][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 773.885735][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 773.903226][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 773.923825][ T441] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.930719][ T441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.952719][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 773.961403][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 773.972841][ T746] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.979707][ T746] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.267291][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 774.275283][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 774.302284][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 774.310810][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 774.319391][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 774.327268][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 774.336609][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 774.344006][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 774.352349][T21321] device veth0_vlan entered promiscuous mode [ 774.372587][T21321] device veth1_macvtap entered promiscuous mode [ 774.385045][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 774.398699][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 774.412761][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 774.447021][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 774.458626][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 774.478588][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 774.488795][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 774.531537][ T939] device bridge_slave_1 left promiscuous mode [ 774.537577][ T939] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.559721][ T939] device bridge_slave_0 left promiscuous mode [ 774.568476][ T939] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.579655][ T939] device bridge_slave_1 left promiscuous mode [ 774.585733][ T939] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.593340][ T939] device bridge_slave_0 left promiscuous mode [ 774.600375][ T939] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.636712][ T939] device veth1_macvtap left promiscuous mode [ 774.652292][ T939] device veth0_vlan left promiscuous mode [ 774.659785][ T939] device veth1_macvtap left promiscuous mode [ 774.959927][T21386] loop4: detected capacity change from 0 to 40427 [ 775.004152][T21380] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 775.015986][T21382] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 775.023035][T21382] IPv6: NLM_F_CREATE should be set when creating new route [ 775.035008][T21386] F2FS-fs (loop4): Found nat_bits in checkpoint [ 775.086448][T21396] tipc: Started in network mode [ 775.091288][T21396] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 775.100211][T21396] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 775.108316][T21396] tipc: Enabled bearer , priority 10 [ 775.114821][T21386] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 775.202049][T21407] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 775.535818][T21409] attempt to access beyond end of device [ 775.535818][T21409] loop4: rw=2049, want=54224, limit=40427 [ 775.558629][T21421] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 775.573930][T21421] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 775.580979][T21421] IPv6: NLM_F_CREATE should be set when creating new route [ 775.710938][T21310] attempt to access beyond end of device [ 775.710938][T21310] loop4: rw=2049, want=45112, limit=40427 [ 775.935385][T21438] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 776.099669][ T3909] tipc: Node number set to 1 [ 776.373777][T21467] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 776.826982][T13074] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 776.902524][T21489] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 777.059377][T21493] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 777.078967][T13074] usb 2-1: Using ep0 maxpacket: 16 [ 777.149232][T21494] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.161981][T21494] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.179691][T21494] device bridge_slave_0 entered promiscuous mode [ 777.194047][T21494] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.208966][T21494] bridge0: port 2(bridge_slave_1) entered disabled state [ 777.227823][T21494] device bridge_slave_1 entered promiscuous mode [ 777.239387][T21503] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 777.254102][T21503] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 777.261160][T21503] IPv6: NLM_F_CREATE should be set when creating new route [ 777.298503][T21507] loop4: detected capacity change from 0 to 512 [ 777.326196][T21494] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.333056][T21494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.340386][T21494] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.347123][T21494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 777.361059][T21507] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 777.372447][T21507] ext4 filesystem being mounted at /root/syzkaller-testdir2026028696/syzkaller.TzJdBh/15/file0 supports timestamps until 2038 (0x7fffffff) [ 777.380613][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 777.391079][T21507] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 777.393841][T13074] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 777.416738][T21507] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 777.417871][T13074] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.428721][T21507] EXT4-fs (loop4): This should not happen!! Data will be lost [ 777.428721][T21507] [ 777.436602][T13074] usb 2-1: Product: syz [ 777.446383][T21507] EXT4-fs (loop4): Total free blocks count 0 [ 777.450101][T14518] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.455730][T21507] EXT4-fs (loop4): Free/Dirty block details [ 777.463983][T13074] usb 2-1: Manufacturer: syz [ 777.468393][T21507] EXT4-fs (loop4): free_blocks=65280 [ 777.473145][T13074] usb 2-1: SerialNumber: syz [ 777.477936][T21507] EXT4-fs (loop4): dirty_blocks=1 [ 777.483989][T13074] r8152-cfgselector 2-1: config 0 descriptor?? [ 777.487234][T21507] EXT4-fs (loop4): Block reservation details [ 777.493374][T14518] bridge0: port 2(bridge_slave_1) entered disabled state [ 777.499048][T21507] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 777.512068][T21511] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 777.535129][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 777.543042][T21511] EXT4-fs (loop4): This should not happen!! Data will be lost [ 777.543042][T21511] [ 777.552822][T14518] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.559693][T14518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 777.567873][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 777.575952][T14518] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.582813][T14518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.603469][T21507] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 777.622395][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 777.630348][T21507] EXT4-fs warning (device loop4): ext4_resize_begin:83: There are errors in the filesystem, so online resizing is not allowed [ 777.643634][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 777.660233][ T939] device bridge_slave_1 left promiscuous mode [ 777.667350][ T939] bridge0: port 2(bridge_slave_1) entered disabled state [ 777.678325][ T939] device bridge_slave_0 left promiscuous mode [ 777.684391][ T939] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.693723][ T939] device veth1_macvtap left promiscuous mode [ 777.701313][ T939] device veth0_vlan left promiscuous mode [ 777.799045][T13074] r8152-cfgselector 2-1: Unknown version 0x0000 [ 777.846743][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 777.859445][T21494] device veth0_vlan entered promiscuous mode [ 777.866172][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 777.884820][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 777.892484][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 777.900229][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 777.908226][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 777.917647][T21494] device veth1_macvtap entered promiscuous mode [ 777.930121][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 777.937908][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 777.946238][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 777.961600][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 777.975082][T14518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 778.026628][T21543] loop3: detected capacity change from 0 to 512 [ 778.033935][T13074] r8152-cfgselector 2-1: Unknown version 0x0000 [ 778.045092][T13074] r8152-cfgselector 2-1: bad CDC descriptors [ 778.079034][T13074] r8152-cfgselector 2-1: Unknown version 0x0000 [ 778.086506][T13074] r8152-cfgselector 2-1: USB disconnect, device number 57 [ 778.124001][T21543] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 778.146797][T21543] ext4 filesystem being mounted at /root/syzkaller-testdir1934736847/syzkaller.2UnGgh/1/file0 supports timestamps until 2038 (0x7fffffff) [ 778.169705][T21543] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 778.185204][T21543] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 778.197276][T21543] EXT4-fs (loop3): This should not happen!! Data will be lost [ 778.197276][T21543] [ 778.206893][T21543] EXT4-fs (loop3): Total free blocks count 0 [ 778.229173][T21543] EXT4-fs (loop3): Free/Dirty block details [ 778.236040][T21543] EXT4-fs (loop3): free_blocks=65280 [ 778.242225][T21543] EXT4-fs (loop3): dirty_blocks=1 [ 778.247089][T21543] EXT4-fs (loop3): Block reservation details [ 778.273725][T21543] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 778.289234][T21552] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 778.306049][T21552] EXT4-fs (loop3): This should not happen!! Data will be lost [ 778.306049][T21552] [ 778.311509][T21543] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 778.350175][T21543] EXT4-fs warning (device loop3): ext4_resize_begin:83: There are errors in the filesystem, so online resizing is not allowed [ 778.417529][T21555] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.431583][T21555] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.439106][T21555] device bridge_slave_0 entered promiscuous mode [ 778.449153][T21555] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.456193][T21555] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.464538][T21555] device bridge_slave_1 entered promiscuous mode [ 778.490736][T21562] loop3: detected capacity change from 0 to 256 [ 778.604728][T21555] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.611608][T21555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 778.618723][T21555] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.625501][T21555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 778.689438][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 778.697248][ T1746] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.705211][ T1746] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.751885][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 778.769502][ T1746] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.776356][ T1746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 778.799043][ T1746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 778.807226][ T1746] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.814079][ T1746] bridge0: port 2(bridge_slave_1) entered forwarding state [ 778.850035][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 778.861302][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 778.901914][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 778.910511][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 778.918393][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 778.941832][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 778.962983][T21555] device veth0_vlan entered promiscuous mode [ 778.984772][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 778.995489][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 779.013479][T19019] device bridge_slave_1 left promiscuous mode [ 779.029083][T19019] bridge0: port 2(bridge_slave_1) entered disabled state [ 779.036819][T19019] device bridge_slave_0 left promiscuous mode [ 779.046469][T19019] bridge0: port 1(bridge_slave_0) entered disabled state [ 779.067757][T19019] device veth1_macvtap left promiscuous mode [ 779.074083][T19019] device veth0_vlan left promiscuous mode [ 779.363132][T21555] device veth1_macvtap entered promiscuous mode [ 779.388564][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 779.395923][T21573] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 779.416482][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 779.425091][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 779.455687][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 779.477313][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 779.872380][T21605] bridge0: port 1(bridge_slave_0) entered blocking state [ 779.888982][ T1746] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 779.896514][T21605] bridge0: port 1(bridge_slave_0) entered disabled state [ 779.910473][T21605] device bridge_slave_0 entered promiscuous mode [ 779.920136][T21605] bridge0: port 2(bridge_slave_1) entered blocking state [ 779.926984][T21605] bridge0: port 2(bridge_slave_1) entered disabled state [ 779.939579][T21605] device bridge_slave_1 entered promiscuous mode [ 779.958781][ T30] kauditd_printk_skb: 583 callbacks suppressed [ 779.958797][ T30] audit: type=1326 audit(2000000106.030:29195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21614 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe55ef0f29 code=0x7ffc0000 [ 780.047513][ T30] audit: type=1326 audit(2000000106.050:29196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21614 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7efe55ef0f29 code=0x7ffc0000 [ 780.095926][ T30] audit: type=1326 audit(2000000106.050:29197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21614 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe55ef0f29 code=0x7ffc0000 [ 780.127344][ T30] audit: type=1326 audit(2000000106.080:29198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21614 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe55ef0f29 code=0x7ffc0000 [ 780.154209][ T1746] usb 2-1: Using ep0 maxpacket: 8 [ 780.200602][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 780.207964][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 780.233367][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 780.242325][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 780.250659][T20292] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.257584][T20292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.264926][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 780.273271][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 780.281448][ T1746] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 780.291777][T20292] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.298625][T20292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 780.308166][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 780.316307][T20292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 780.329419][T19019] device bridge_slave_1 left promiscuous mode [ 780.337600][T19019] bridge0: port 2(bridge_slave_1) entered disabled state [ 780.345700][T19019] device bridge_slave_0 left promiscuous mode [ 780.351741][T19019] bridge0: port 1(bridge_slave_0) entered disabled state [ 780.359891][T19019] device veth1_macvtap left promiscuous mode [ 780.365720][T19019] device veth0_vlan left promiscuous mode [ 780.379226][ T1746] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 780.398982][ T1746] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 780.407137][ T1746] usb 2-1: SerialNumber: syz [ 780.420508][ T1746] usb 2-1: config 0 descriptor?? [ 780.469437][ T1746] usb 2-1: Found UVC 0.00 device (05ac:8501) [ 780.476276][ T1746] uvcvideo 2-1:0.0: Entity type for entity Output 255 was not initialized! [ 780.484897][ T1746] usb 2-1: Failed to create links for entity 255 [ 780.491202][ T1746] usb 2-1: Failed to register entities (-22). [ 780.516769][T21605] device veth0_vlan entered promiscuous mode [ 780.525645][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 780.534331][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 780.542550][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 780.549983][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 780.557276][ T746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 780.578013][T21605] device veth1_macvtap entered promiscuous mode [ 780.589145][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 780.617118][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 780.626342][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 780.672733][T13074] usb 2-1: USB disconnect, device number 58 [ 780.694215][T21619] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.701507][T21619] bridge0: port 1(bridge_slave_0) entered disabled state [ 780.708857][T21619] device bridge_slave_0 entered promiscuous mode [ 780.716483][T21619] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.723443][T21619] bridge0: port 2(bridge_slave_1) entered disabled state [ 780.730810][T21619] device bridge_slave_1 entered promiscuous mode [ 780.814372][T21635] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=21635 comm=syz-executor.3 [ 780.878689][T21619] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.885585][T21619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 780.892720][T21619] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.899580][T21619] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.919674][T20292] bridge0: port 1(bridge_slave_0) entered disabled state [ 780.927432][T20292] bridge0: port 2(bridge_slave_1) entered disabled state [ 780.974744][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 780.982582][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 781.004649][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 781.015261][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 781.023663][T13074] bridge0: port 1(bridge_slave_0) entered blocking state [ 781.030544][T13074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 781.038754][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 781.046999][T13074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 781.055134][T13074] bridge0: port 2(bridge_slave_1) entered blocking state [ 781.061988][T13074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.089207][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 781.097981][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 781.168901][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 781.177333][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 781.197483][T21619] device veth0_vlan entered promiscuous mode [ 781.204055][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 781.215328][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 781.223681][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 781.234266][ T3909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 781.321802][T21619] device veth1_macvtap entered promiscuous mode [ 781.561683][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 781.571464][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 781.589405][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 781.610008][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 781.618643][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 781.628162][ T30] audit: type=1326 audit(2000000107.700:29199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21656 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 781.663796][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 781.673498][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 781.682327][ T30] audit: type=1326 audit(2000000107.730:29200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21656 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 781.706811][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 781.716210][ T559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 781.740067][ T30] audit: type=1326 audit(2000000107.730:29201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21656 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 781.798427][ T30] audit: type=1326 audit(2000000107.730:29202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21656 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 781.848294][ T30] audit: type=1326 audit(2000000107.730:29203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21656 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47976c6f29 code=0x7ffc0000 [ 782.163335][T19019] device bridge_slave_1 left promiscuous mode [ 782.174974][T19019] bridge0: port 2(bridge_slave_1) entered disabled state [ 782.289319][T19019] device bridge_slave_0 left promiscuous mode [ 782.295321][T19019] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.303546][T19019] device veth1_macvtap left promiscuous mode [ 782.309549][T19019] device veth0_vlan left promiscuous mode [ 782.351331][T21677] loop3: detected capacity change from 0 to 512 [ 782.390081][T21677] EXT4-fs (loop3): Ignoring removed nobh option [ 782.398928][T21667] loop4: detected capacity change from 0 to 40427 [ 782.405252][T21677] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 782.433649][T21667] F2FS-fs (loop4): Found nat_bits in checkpoint [ 782.478237][T21681] overlayfs: failed to resolve './file0': -2 [ 782.492038][T21667] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 782.593196][ T30] audit: type=1326 audit(2000000108.670:29204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9081223f29 code=0x7ffc0000 [ 782.965411][T21693] attempt to access beyond end of device [ 782.965411][T21693] loop4: rw=2049, want=54224, limit=40427 [ 783.033050][T21699] xt_CT: You must specify a L4 protocol and not use inversions on it [ 783.465455][T21619] attempt to access beyond end of device [ 783.465455][T21619] loop4: rw=2049, want=45112, limit=40427 [ 783.746349][T21720] loop4: detected capacity change from 0 to 256 [ 783.773879][T21720] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a37, chksum : 0x9279b0ee, utbl_chksum : 0xe619d30d) [ 783.816929][T21724] device veth0_to_bridge entered promiscuous mode [ 783.823347][T21724] device vlan2 entered promiscuous mode [ 783.829860][T21724] device veth0_to_bridge left promiscuous mode [ 784.888589][T21744] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 785.169061][ T441] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 785.256715][T21757] device veth0_to_bridge entered promiscuous mode [ 785.263304][T21757] device vlan0 entered promiscuous mode [ 785.271263][T21757] device veth0_to_bridge left promiscuous mode [ 785.539088][ T441] usb 5-1: Using ep0 maxpacket: 8 [ 786.232739][ T441] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 786.319050][ T441] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 786.327954][ T441] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 786.335938][ T441] usb 5-1: SerialNumber: syz [ 786.341109][ T441] usb 5-1: config 0 descriptor?? [ 786.379942][ T441] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 786.386657][ T441] uvcvideo 5-1:0.0: Entity type for entity Output 255 was not initialized! [ 786.395079][ T441] usb 5-1: Failed to create links for entity 255 [ 786.401244][ T441] usb 5-1: Failed to register entities (-22). [ 786.581891][ T441] usb 5-1: USB disconnect, device number 45 [ 786.949109][ T459] Bluetooth: hci0: command 0x1003 tx timeout [ 786.955066][T15680] Bluetooth: hci0: sending frame failed (-49) [ 787.773043][T21791] xt_CT: You must specify a L4 protocol and not use inversions on it [ 788.538946][ T441] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 788.790422][ T441] usb 5-1: Using ep0 maxpacket: 16 [ 788.992972][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 788.992989][ T30] audit: type=1326 audit(2000000115.070:29209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.022934][T14518] Bluetooth: hci0: command 0x1001 tx timeout [ 789.028849][T15680] Bluetooth: hci0: sending frame failed (-49) [ 789.038980][ T30] audit: type=1326 audit(2000000115.090:29210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.063111][ T30] audit: type=1326 audit(2000000115.110:29211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.069078][ T441] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 789.087099][ T30] audit: type=1326 audit(2000000115.110:29212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.121068][ T30] audit: type=1326 audit(2000000115.110:29213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.130409][ T441] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.145142][ T30] audit: type=1326 audit(2000000115.110:29214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.176675][ T30] audit: type=1326 audit(2000000115.110:29215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.196720][ T441] usb 5-1: Product: syz [ 789.200919][ T30] audit: type=1326 audit(2000000115.110:29216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.204524][ T441] usb 5-1: Manufacturer: syz [ 789.204542][ T441] usb 5-1: SerialNumber: syz [ 789.228538][ T30] audit: type=1326 audit(2000000115.110:29217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.259757][ T441] r8152-cfgselector 5-1: config 0 descriptor?? [ 789.274977][ T30] audit: type=1326 audit(2000000115.110:29218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cecc79f29 code=0x7ffc0000 [ 789.519075][ T441] r8152-cfgselector 5-1: Unknown version 0x0000 [ 789.739426][ T441] r8152-cfgselector 5-1: Unknown version 0x0000 [ 789.746259][ T441] r8152-cfgselector 5-1: bad CDC descriptors [ 789.769040][ T441] r8152-cfgselector 5-1: Unknown version 0x0000 [ 789.789066][ T441] r8152-cfgselector 5-1: USB disconnect, device number 46 [ 790.482254][T21851] loop4: detected capacity change from 0 to 40427 [ 790.521131][T21851] F2FS-fs (loop4): invalid crc value [ 790.530865][T21851] F2FS-fs (loop4): Found nat_bits in checkpoint [ 790.610610][T21851] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 791.099552][ T3909] Bluetooth: hci0: command 0x1009 tx timeout [ 791.338441][T21619] attempt to access beyond end of device [ 791.338441][T21619] loop4: rw=2049, want=45104, limit=40427 [ 791.429146][ T3909] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 791.689042][ T3909] usb 2-1: Using ep0 maxpacket: 16 [ 792.029054][ T3909] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 792.037951][ T3909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.046351][ T3909] usb 2-1: Product: syz [ 792.050621][ T3909] usb 2-1: Manufacturer: syz [ 792.055078][ T3909] usb 2-1: SerialNumber: syz [ 792.060233][ T3909] r8152-cfgselector 2-1: config 0 descriptor?? [ 792.329053][ T3909] r8152-cfgselector 2-1: Unknown version 0x0000 [ 792.539246][ T3909] r8152-cfgselector 2-1: Unknown version 0x0000 [ 792.545706][ T3909] r8152-cfgselector 2-1: bad CDC descriptors [ 792.579012][ T3909] r8152-cfgselector 2-1: Unknown version 0x0000 [ 792.586308][ T3909] r8152-cfgselector 2-1: USB disconnect, device number 59 [ 792.762948][T21921] loop4: detected capacity change from 0 to 40427 [ 792.822986][T21921] F2FS-fs (loop4): Found nat_bits in checkpoint [ 792.868424][T21921] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 792.901861][T21619] attempt to access beyond end of device [ 792.901861][T21619] loop4: rw=2049, want=45104, limit=40427 [ 793.046442][T21931] loop4: detected capacity change from 0 to 512 [ 793.117770][T21931] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nouid32,minixdf,,errors=continue. Quota mode: writeback. [ 793.149152][T21931] ext4 filesystem being mounted at /root/syzkaller-testdir3188662031/syzkaller.Ci9ihs/26/file0 supports timestamps until 2038 (0x7fffffff) [ 793.427695][T21965] syz-executor.1[21965] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 793.427777][T21965] syz-executor.1[21965] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 793.532246][T21976] loop1: detected capacity change from 0 to 512 [ 793.569111][ T459] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 793.611111][T21976] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nouid32,minixdf,,errors=continue. Quota mode: writeback. [ 793.624279][T21976] ext4 filesystem being mounted at /root/syzkaller-testdir1539347426/syzkaller.bBuruD/402/file0 supports timestamps until 2038 (0x7fffffff) [ 793.791113][T21992] syz-executor.1[21992] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 793.791200][T21992] syz-executor.1[21992] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 793.818956][ T459] usb 5-1: Using ep0 maxpacket: 16 [ 794.282193][ T459] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 794.291219][ T459] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.299391][ T459] usb 5-1: Product: syz [ 794.303448][ T459] usb 5-1: Manufacturer: syz [ 794.307857][ T459] usb 5-1: SerialNumber: syz [ 794.313151][ T459] r8152-cfgselector 5-1: config 0 descriptor?? [ 794.569070][ T459] r8152-cfgselector 5-1: Unknown version 0x0000 [ 794.779089][ T459] r8152-cfgselector 5-1: Unknown version 0x0000 [ 794.785934][ T459] r8152-cfgselector 5-1: bad CDC descriptors [ 794.809274][ T459] r8152-cfgselector 5-1: Unknown version 0x0000 [ 794.817781][ T459] r8152-cfgselector 5-1: USB disconnect, device number 47 [ 794.835746][T22026] loop1: detected capacity change from 0 to 1024 [ 794.890973][T22026] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 794.909070][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 794.909087][ T30] audit: type=1400 audit(2000000120.990:29235): avc: denied { map } for pid=22025 comm="syz-executor.1" path="socket:[119579]" dev="sockfs" ino=119579 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 795.198992][ T3909] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 795.609062][ T3909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 795.620005][ T3909] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 795.632776][ T3909] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 795.641619][ T3909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.654822][ T3909] usb 2-1: config 0 descriptor?? [ 796.513826][ T3909] plantronics 0003:047F:FFFF.0071: unknown main item tag 0x0 [ 796.523819][ T3909] plantronics 0003:047F:FFFF.0071: No inputs registered, leaving [ 796.532596][ T3909] plantronics 0003:047F:FFFF.0071: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 796.946296][ T3909] usb 2-1: USB disconnect, device number 60 [ 797.019416][ T441] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 797.229021][T20292] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 797.258986][ T441] usb 4-1: Using ep0 maxpacket: 16 [ 797.539081][ T441] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 797.548038][ T441] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.556154][ T441] usb 4-1: Product: syz [ 797.560280][ T441] usb 4-1: Manufacturer: syz [ 797.564760][ T441] usb 4-1: SerialNumber: syz [ 797.570740][ T441] r8152-cfgselector 4-1: config 0 descriptor?? [ 797.589096][T20292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 797.599951][T20292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 797.609880][T20292] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 797.618755][T20292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.629387][T20292] usb 1-1: config 0 descriptor?? [ 797.823463][T22087] loop4: detected capacity change from 0 to 512 [ 797.874042][T22087] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 797.894637][T22087] EXT4-fs (loop4): 1 truncate cleaned up [ 797.900263][T22087] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback. [ 797.933416][ T441] r8152-cfgselector 4-1: Unknown version 0x0000 [ 797.994845][ T30] audit: type=1400 audit(2000000124.070:29236): avc: denied { setopt } for pid=22090 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 798.069176][ T441] r8152-cfgselector 4-1: Unknown version 0x0000 [ 798.076047][ T441] r8152-cfgselector 4-1: bad CDC descriptors [ 798.099026][ T441] r8152-cfgselector 4-1: Unknown version 0x0000 [ 798.105732][ T441] r8152-cfgselector 4-1: USB disconnect, device number 52 [ 798.143630][T22109] input: syz0 as /devices/virtual/input/input56 [ 798.410444][T20292] magicmouse 0003:05AC:0265.0072: unknown main item tag 0x0 [ 798.437911][T20292] magicmouse 0003:05AC:0265.0072: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.0-1/input0 [ 798.612343][ T459] usb 1-1: USB disconnect, device number 50 [ 798.679219][ C1] ------------[ cut here ]------------ [ 798.684500][ C1] WARNING: CPU: 1 PID: 459 at kernel/softirq.c:358 __local_bh_enable_ip+0x6c/0x80 [ 798.693528][ C1] Modules linked in: [ 798.697260][ C1] CPU: 1 PID: 459 Comm: kworker/1:3 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 798.706981][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 798.716874][ C1] Workqueue: usb_hub_wq hub_event [ 798.721739][ C1] RIP: 0010:__local_bh_enable_ip+0x6c/0x80 [ 798.727377][ C1] Code: 66 8b 05 e7 87 c0 7e 66 85 c0 75 22 bf 01 00 00 00 e8 98 42 09 00 65 8b 05 59 85 bf 7e 85 c0 74 02 5d c3 e8 5a 99 bd ff 5d c3 <0f> 0b eb a2 e8 0b 00 00 00 eb d7 66 0f 1f 84 00 00 00 00 00 55 48 [ 798.746813][ C1] RSP: 0018:ffffc900001d0cc0 EFLAGS: 00010006 [ 798.752718][ C1] RAX: 0000000080010202 RBX: ffff888113e69358 RCX: dffffc0000000000 [ 798.760538][ C1] RDX: 0000000080010202 RSI: 0000000000000201 RDI: ffffffff83fe6af2 [ 798.768339][ C1] RBP: ffffc900001d0cc0 R08: ffffffff83fe694f R09: 0000000000000003 [ 798.776266][ C1] R10: fffff5200003a18c R11: dffffc0000000001 R12: 0000000000000000 [ 798.784079][ C1] R13: dffffc0000000000 R14: 00000000fffffffe R15: ffff888127ca4010 [ 798.791903][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 798.800656][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 798.807090][ C1] CR2: 0000001b32833000 CR3: 000000000680f000 CR4: 00000000003506a0 [ 798.814894][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 798.822702][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 798.830515][ C1] Call Trace: [ 798.833636][ C1] [ 798.836329][ C1] ? show_regs+0x58/0x60 [ 798.840411][ C1] ? __warn+0x160/0x2f0 [ 798.844399][ C1] ? __local_bh_enable_ip+0x6c/0x80 [ 798.849436][ C1] ? report_bug+0x3d9/0x5b0 [ 798.853772][ C1] ? __local_bh_enable_ip+0x6c/0x80 [ 798.858805][ C1] ? handle_bug+0x41/0x70 [ 798.862974][ C1] ? exc_invalid_op+0x1b/0x50 [ 798.867488][ C1] ? asm_exc_invalid_op+0x1b/0x20 [ 798.872347][ C1] ? sock_hash_delete_elem+0xff/0x2f0 [ 798.877554][ C1] ? sock_hash_delete_elem+0x2a2/0x2f0 [ 798.882845][ C1] ? __local_bh_enable_ip+0x6c/0x80 [ 798.887880][ C1] _raw_spin_unlock_bh+0x51/0x60 [ 798.892658][ C1] sock_hash_delete_elem+0x2a2/0x2f0 [ 798.897777][ C1] bpf_prog_bc4ba9860fbb0da4+0x3e/0x534 [ 798.903157][ C1] bpf_trace_run2+0xec/0x210 [ 798.907584][ C1] ? swake_up_one+0x152/0x170 [ 798.912097][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 798.916785][ C1] __bpf_trace_tlb_flush+0x23/0x30 [ 798.921730][ C1] ? perf_trace_tlb_flush+0x3e0/0x3e0 [ 798.926938][ C1] __traceiter_tlb_flush+0x77/0xd0 [ 798.931888][ C1] switch_mm_irqs_off+0x616/0x9b0 [ 798.936748][ C1] flush_tlb_func+0x11e/0x550 [ 798.941258][ C1] ? sched_clock+0x9/0x10 [ 798.945429][ C1] ? sched_clock_cpu+0x18/0x3b0 [ 798.950113][ C1] flush_smp_call_function_queue+0x222/0x6a0 [ 798.955925][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 798.961308][ C1] generic_smp_call_function_single_interrupt+0x13/0x20 [ 798.968074][ C1] __sysvec_call_function_single+0x63/0x1b0 [ 798.973805][ C1] sysvec_call_function_single+0x92/0xb0 [ 798.979275][ C1] [ 798.982053][ C1] [ 798.984830][ C1] asm_sysvec_call_function_single+0x1b/0x20 [ 798.990642][ C1] RIP: 0010:kasan_check_range+0x17a/0x2a0 [ 798.996197][ C1] Code: 08 00 00 00 44 29 fb 49 01 d9 4d 29 ce 4d 89 f5 49 8d 5d 07 4d 85 ed 49 0f 49 dd 48 c1 eb 03 85 db 74 23 45 31 ff 4f 8b 34 39 <4d> 85 f6 75 48 49 83 c7 08 ff cb 75 ef 4d 29 ca 4d 29 fa 4d 01 da [ 799.015638][ C1] RSP: 0018:ffffc90003db7270 EFLAGS: 00000202 [ 799.021540][ C1] RAX: 0000000000000101 RBX: 0000000000000004 RCX: ffffffff81b2435c [ 799.029354][ C1] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffffc90003db72d0 [ 799.037161][ C1] RBP: ffffc90003db7298 R08: dffffc0000000000 R09: fffff520007b6e60 [ 799.044976][ C1] R10: 1ffff920007b6e99 R11: dffffc0000000001 R12: 1ffff920007b6e5a [ 799.052787][ C1] R13: 000000000000003a R14: 0000000000000000 R15: 0000000000000018 [ 799.060600][ C1] ? kasan_set_track+0x3c/0x70 [ 799.065199][ C1] ? kfree+0xc8/0x220 [ 799.069022][ C1] memset+0x23/0x40 [ 799.072675][ C1] kasan_set_track+0x3c/0x70 [ 799.077089][ C1] ? preempt_schedule+0xd9/0xe0 [ 799.081887][ C1] ? __kasan_check_read+0x11/0x20 [ 799.086746][ C1] ? preempt_schedule_common+0xbe/0xf0 [ 799.092040][ C1] ? preempt_schedule+0xd9/0xe0 [ 799.096726][ C1] ? schedule_preempt_disabled+0x20/0x20 [ 799.102194][ C1] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 799.107666][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 799.112872][ C1] ? tracing_record_taskinfo+0x50/0x230 [ 799.118335][ C1] ? _raw_spin_unlock_irq+0x61/0x70 [ 799.123374][ C1] ? __kasan_check_write+0x14/0x20 [ 799.128402][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 799.133367][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 799.138749][ C1] ? dma_map_single_attrs+0x160/0x160 [ 799.143938][ C1] ? irqentry_exit_cond_resched+0x2a/0x30 [ 799.149496][ C1] ? irqentry_exit+0x30/0x40 [ 799.153932][ C1] kasan_set_free_info+0x23/0x40 [ 799.158703][ C1] ____kasan_slab_free+0x126/0x160 [ 799.163644][ C1] __kasan_slab_free+0x11/0x20 [ 799.168244][ C1] slab_free_freelist_hook+0xbd/0x190 [ 799.173452][ C1] ? usb_free_urb+0xcf/0x110 [ 799.177880][ C1] kfree+0xc8/0x220 [ 799.181524][ C1] usb_free_urb+0xcf/0x110 [ 799.185782][ C1] usb_start_wait_urb+0x241/0x350 [ 799.190635][ C1] ? usb_api_blocking_completion+0xb0/0xb0 [ 799.196276][ C1] ? __kmalloc+0x13a/0x270 [ 799.200531][ C1] ? __kasan_check_write+0x14/0x20 [ 799.205494][ C1] usb_control_msg+0x2ad/0x4c0 [ 799.210086][ C1] ? usb_anchor_empty+0x40/0x40 [ 799.214764][ C1] ? console_conditional_schedule+0x30/0x30 [ 799.220499][ C1] ? update_process_times+0x200/0x200 [ 799.225698][ C1] hub_ext_port_status+0xfe/0x6b0 [ 799.230562][ C1] hub_port_debounce+0x2e8/0x470 [ 799.235332][ C1] ? hub_port_disable+0x690/0x690 [ 799.240193][ C1] hub_event+0x1dd2/0x4770 [ 799.244454][ C1] ? __queue_work+0x94d/0xcd0 [ 799.248959][ C1] ? led_work+0x590/0x590 [ 799.253124][ C1] ? queue_work_on+0x12e/0x170 [ 799.257724][ C1] ? wq_worker_last_func+0x50/0x50 [ 799.262673][ C1] ? __kasan_check_write+0x14/0x20 [ 799.267620][ C1] ? __kasan_check_read+0x11/0x20 [ 799.272477][ C1] ? read_word_at_a_time+0x12/0x20 [ 799.277424][ C1] ? strscpy+0x9c/0x260 [ 799.281427][ C1] process_one_work+0x6bb/0xc10 [ 799.286109][ C1] worker_thread+0xad5/0x12a0 [ 799.290629][ C1] kthread+0x421/0x510 [ 799.294525][ C1] ? worker_clr_flags+0x180/0x180 [ 799.299385][ C1] ? kthread_blkcg+0xd0/0xd0 [ 799.303813][ C1] ret_from_fork+0x1f/0x30 [ 799.308065][ C1] [ 799.310927][ C1] ---[ end trace d875c30036f36f0d ]--- [ 799.317058][ C1] ================================================================== [ 799.324930][ C1] BUG: KASAN: null-ptr-deref in flush_tlb_func+0x43/0x550 [ 799.331872][ C1] Read of size 8 at addr 0000000000000329 by task kworker/1:3/459 [ 799.339509][ C1] [ 799.341681][ C1] CPU: 1 PID: 459 Comm: kworker/1:3 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 799.352911][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 799.362808][ C1] Workqueue: usb_hub_wq hub_event [ 799.367756][ C1] Call Trace: [ 799.370879][ C1] [ 799.373571][ C1] dump_stack_lvl+0x151/0x1b7 [ 799.378081][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 799.383636][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 799.388496][ C1] ? get_stack_info_noinstr+0x1b/0x130 [ 799.393788][ C1] kasan_report+0x16f/0x1c0 [ 799.398127][ C1] ? flush_tlb_func+0x43/0x550 [ 799.402731][ C1] ? flush_tlb_func+0x43/0x550 [ 799.407329][ C1] kasan_check_range+0x293/0x2a0 [ 799.412110][ C1] __kasan_check_read+0x11/0x20 [ 799.416790][ C1] flush_tlb_func+0x43/0x550 [ 799.421213][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 799.426246][ C1] ? sched_clock+0x9/0x10 [ 799.430416][ C1] ? sched_clock_cpu+0x18/0x3b0 [ 799.435104][ C1] flush_smp_call_function_queue+0x222/0x6a0 [ 799.440918][ C1] ? debug_smp_processor_id+0x17/0x20 [ 799.446122][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 799.451505][ C1] generic_smp_call_function_single_interrupt+0x13/0x20 [ 799.458275][ C1] __sysvec_call_function_single+0x63/0x1b0 [ 799.464001][ C1] sysvec_call_function_single+0x41/0xb0 [ 799.469470][ C1] asm_sysvec_call_function_single+0x1b/0x20 [ 799.475299][ C1] RIP: 0010:__stack_depot_save+0x167/0x470 [ 799.480929][ C1] Code: de eb 03 44 89 ff 48 8b 05 0e a5 ab 04 44 89 f1 81 e1 ff 0f 00 00 48 89 45 b0 48 89 4d b8 4c 8b 24 c8 4c 89 cb 41 89 df eb 04 <4d> 8b 24 24 4d 85 e4 74 2d 45 39 74 24 08 75 f0 41 39 5c 24 0c 75 [ 799.500371][ C1] RSP: 0018:ffffc900001d0478 EFLAGS: 00000287 [ 799.506269][ C1] RAX: ffff88823fe80000 RBX: 000000000000000b RCX: 0000000000000cb7 [ 799.514083][ C1] RDX: ffffc900001d0534 RSI: 0000000000000001 RDI: 0000000000000a20 [ 799.521904][ C1] RBP: ffffc900001d04d0 R08: 0000000000000001 R09: 000000000000000b [ 799.529704][ C1] R10: ffffc900001d0450 R11: dffffc0000000001 R12: ffff8881183e8460 [ 799.537523][ C1] R13: ffffc900001d04e0 R14: 0000000011b34cb7 R15: 000000000000000b [ 799.545333][ C1] ? __stack_depot_save+0x34/0x470 [ 799.550293][ C1] __kasan_slab_alloc+0xc3/0xe0 [ 799.554959][ C1] ? __kasan_slab_alloc+0xb1/0xe0 [ 799.559821][ C1] ? slab_post_alloc_hook+0x53/0x2c0 [ 799.564945][ C1] ? kmem_cache_alloc+0xf5/0x200 [ 799.569718][ C1] ? __build_skb+0x2a/0x300 [ 799.574056][ C1] ? build_skb+0x25/0x1f0 [ 799.578223][ C1] ? page_to_skb+0x154/0xb40 [ 799.582650][ C1] ? receive_buf+0xed6/0x5720 [ 799.587161][ C1] ? virtnet_poll+0x628/0x1260 [ 799.591762][ C1] ? __napi_poll+0xc4/0x5a0 [ 799.596102][ C1] ? net_rx_action+0x47d/0xc50 [ 799.600700][ C1] ? __do_softirq+0x26d/0x5bf [ 799.605216][ C1] ? do_softirq+0xf6/0x150 [ 799.609466][ C1] ? __local_bh_enable_ip+0x75/0x80 [ 799.614502][ C1] ? _raw_spin_unlock_bh+0x51/0x60 [ 799.619473][ C1] ? sock_hash_delete_elem+0x2a2/0x2f0 [ 799.624745][ C1] ? bpf_prog_bc4ba9860fbb0da4+0x3e/0x534 [ 799.630295][ C1] ? bpf_trace_run2+0xec/0x210 [ 799.634897][ C1] ? __bpf_trace_tlb_flush+0x23/0x30 [ 799.640018][ C1] ? __traceiter_tlb_flush+0x77/0xd0 [ 799.645138][ C1] ? switch_mm_irqs_off+0x616/0x9b0 [ 799.650174][ C1] ? __schedule+0xb2b/0x1590 [ 799.654599][ C1] ? preempt_schedule_irq+0xc7/0x140 [ 799.659720][ C1] ? irqentry_exit_cond_resched+0x2a/0x30 [ 799.665272][ C1] ? irqentry_exit+0x30/0x40 [ 799.669699][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 799.675345][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 799.681332][ C1] ? kasan_check_range+0x17a/0x2a0 [ 799.686275][ C1] ? memset+0x23/0x40 [ 799.690096][ C1] ? kasan_set_track+0x3c/0x70 [ 799.694694][ C1] ? kasan_set_free_info+0x23/0x40 [ 799.699642][ C1] ? ____kasan_slab_free+0x126/0x160 [ 799.704765][ C1] ? __kasan_slab_free+0x11/0x20 [ 799.709540][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 799.714919][ C1] ? kfree+0xc8/0x220 [ 799.718736][ C1] ? usb_free_urb+0xcf/0x110 [ 799.723162][ C1] ? usb_start_wait_urb+0x241/0x350 [ 799.728197][ C1] ? usb_control_msg+0x2ad/0x4c0 [ 799.732972][ C1] ? hub_ext_port_status+0xfe/0x6b0 [ 799.738004][ C1] ? hub_port_debounce+0x2e8/0x470 [ 799.742953][ C1] ? hub_event+0x1dd2/0x4770 [ 799.747378][ C1] ? process_one_work+0x6bb/0xc10 [ 799.752240][ C1] ? worker_thread+0xad5/0x12a0 [ 799.756925][ C1] ? kthread+0x421/0x510 [ 799.761004][ C1] ? ret_from_fork+0x1f/0x30 [ 799.765439][ C1] slab_post_alloc_hook+0x53/0x2c0 [ 799.770381][ C1] ? __build_skb+0x2a/0x300 [ 799.774719][ C1] ? __build_skb+0x2a/0x300 [ 799.779057][ C1] kmem_cache_alloc+0xf5/0x200 [ 799.783662][ C1] __build_skb+0x2a/0x300 [ 799.787826][ C1] build_skb+0x25/0x1f0 [ 799.791819][ C1] ? kasan_set_track+0x3c/0x70 [ 799.796415][ C1] ? kasan_set_free_info+0x23/0x40 [ 799.801364][ C1] page_to_skb+0x154/0xb40 [ 799.805619][ C1] receive_buf+0xed6/0x5720 [ 799.809960][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 799.815341][ C1] ? virtnet_poll_tx+0x500/0x500 [ 799.820111][ C1] ? kfree+0xc8/0x220 [ 799.823930][ C1] ? virtqueue_get_buf_ctx+0x482/0xe30 [ 799.829232][ C1] ? detach_buf_split+0x71a/0xae0 [ 799.834084][ C1] ? napi_skb_cache_put+0x10d/0x250 [ 799.839120][ C1] ? virtqueue_get_buf_ctx+0x6de/0xe30 [ 799.844415][ C1] virtnet_poll+0x628/0x1260 [ 799.848841][ C1] ? refill_work+0x220/0x220 [ 799.853269][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 799.858652][ C1] __napi_poll+0xc4/0x5a0 [ 799.862815][ C1] net_rx_action+0x47d/0xc50 [ 799.867242][ C1] ? net_tx_action+0x550/0x550 [ 799.871838][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 799.876872][ C1] ? sched_clock+0x9/0x10 [ 799.881040][ C1] ? irqtime_account_irq+0x79/0x3c0 [ 799.886075][ C1] __do_softirq+0x26d/0x5bf [ 799.890415][ C1] do_softirq+0xf6/0x150 [ 799.894492][ C1] [ 799.897280][ C1] [ 799.900044][ C1] ? __local_bh_enable_ip+0x80/0x80 [ 799.905079][ C1] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 799.909940][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 799.914978][ C1] __local_bh_enable_ip+0x75/0x80 [ 799.919833][ C1] _raw_spin_unlock_bh+0x51/0x60 [ 799.924607][ C1] sock_hash_delete_elem+0x2a2/0x2f0 [ 799.929730][ C1] bpf_prog_bc4ba9860fbb0da4+0x3e/0x534 [ 799.935109][ C1] bpf_trace_run2+0xec/0x210 [ 799.939537][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 799.944224][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 799.949274][ C1] __bpf_trace_tlb_flush+0x23/0x30 [ 799.954205][ C1] ? perf_trace_tlb_flush+0x3e0/0x3e0 [ 799.959414][ C1] __traceiter_tlb_flush+0x77/0xd0 [ 799.964362][ C1] switch_mm_irqs_off+0x616/0x9b0 [ 799.969220][ C1] __schedule+0xb2b/0x1590 [ 799.973472][ C1] ? __sched_text_start+0x8/0x8 [ 799.978159][ C1] ? _raw_write_unlock_bh+0x40/0x48 [ 799.983194][ C1] preempt_schedule_irq+0xc7/0x140 [ 799.988145][ C1] ? __cond_resched+0x20/0x20 [ 799.992653][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 799.997685][ C1] ? sched_clock+0x9/0x10 [ 800.001855][ C1] irqentry_exit_cond_resched+0x2a/0x30 [ 800.007233][ C1] irqentry_exit+0x30/0x40 [ 800.011486][ C1] sysvec_call_function_single+0x52/0xb0 [ 800.016956][ C1] asm_sysvec_call_function_single+0x1b/0x20 [ 800.022772][ C1] RIP: 0010:kasan_check_range+0x17a/0x2a0 [ 800.028379][ C1] Code: 08 00 00 00 44 29 fb 49 01 d9 4d 29 ce 4d 89 f5 49 8d 5d 07 4d 85 ed 49 0f 49 dd 48 c1 eb 03 85 db 74 23 45 31 ff 4f 8b 34 39 <4d> 85 f6 75 48 49 83 c7 08 ff cb 75 ef 4d 29 ca 4d 29 fa 4d 01 da [ 800.047768][ C1] RSP: 0018:ffffc90003db7270 EFLAGS: 00000202 [ 800.053669][ C1] RAX: 0000000000000101 RBX: 0000000000000004 RCX: ffffffff81b2435c [ 800.061567][ C1] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffffc90003db72d0 [ 800.069463][ C1] RBP: ffffc90003db7298 R08: dffffc0000000000 R09: fffff520007b6e60 [ 800.077274][ C1] R10: 1ffff920007b6e99 R11: dffffc0000000001 R12: 1ffff920007b6e5a [ 800.085087][ C1] R13: 000000000000003a R14: 0000000000000000 R15: 0000000000000018 [ 800.092907][ C1] ? kasan_set_track+0x3c/0x70 [ 800.097617][ C1] ? kfree+0xc8/0x220 [ 800.101422][ C1] memset+0x23/0x40 [ 800.105068][ C1] kasan_set_track+0x3c/0x70 [ 800.109495][ C1] ? preempt_schedule+0xd9/0xe0 [ 800.114182][ C1] ? __kasan_check_read+0x11/0x20 [ 800.119043][ C1] ? preempt_schedule_common+0xbe/0xf0 [ 800.124333][ C1] ? preempt_schedule+0xd9/0xe0 [ 800.129036][ C1] ? schedule_preempt_disabled+0x20/0x20 [ 800.134488][ C1] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 800.139957][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 800.145163][ C1] ? tracing_record_taskinfo+0x50/0x230 [ 800.150544][ C1] ? _raw_spin_unlock_irq+0x61/0x70 [ 800.155582][ C1] ? __kasan_check_write+0x14/0x20 [ 800.160539][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 800.165471][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 800.170852][ C1] ? dma_map_single_attrs+0x160/0x160 [ 800.176061][ C1] ? irqentry_exit_cond_resched+0x2a/0x30 [ 800.181616][ C1] ? irqentry_exit+0x30/0x40 [ 800.186041][ C1] kasan_set_free_info+0x23/0x40 [ 800.190817][ C1] ____kasan_slab_free+0x126/0x160 [ 800.195763][ C1] __kasan_slab_free+0x11/0x20 [ 800.200361][ C1] slab_free_freelist_hook+0xbd/0x190 [ 800.205572][ C1] ? usb_free_urb+0xcf/0x110 [ 800.209995][ C1] kfree+0xc8/0x220 [ 800.213644][ C1] usb_free_urb+0xcf/0x110 [ 800.217895][ C1] usb_start_wait_urb+0x241/0x350 [ 800.222754][ C1] ? usb_api_blocking_completion+0xb0/0xb0 [ 800.228399][ C1] ? __kmalloc+0x13a/0x270 [ 800.232651][ C1] ? __kasan_check_write+0x14/0x20 [ 800.237599][ C1] usb_control_msg+0x2ad/0x4c0 [ 800.242216][ C1] ? usb_anchor_empty+0x40/0x40 [ 800.246883][ C1] ? console_conditional_schedule+0x30/0x30 [ 800.252615][ C1] ? update_process_times+0x200/0x200 [ 800.257907][ C1] hub_ext_port_status+0xfe/0x6b0 [ 800.262769][ C1] hub_port_debounce+0x2e8/0x470 [ 800.267627][ C1] ? hub_port_disable+0x690/0x690 [ 800.272492][ C1] hub_event+0x1dd2/0x4770 [ 800.276747][ C1] ? __queue_work+0x94d/0xcd0 [ 800.281261][ C1] ? led_work+0x590/0x590 [ 800.285419][ C1] ? queue_work_on+0x12e/0x170 [ 800.290108][ C1] ? wq_worker_last_func+0x50/0x50 [ 800.295053][ C1] ? __kasan_check_write+0x14/0x20 [ 800.300000][ C1] ? __kasan_check_read+0x11/0x20 [ 800.304859][ C1] ? read_word_at_a_time+0x12/0x20 [ 800.309818][ C1] ? strscpy+0x9c/0x260 [ 800.313959][ C1] process_one_work+0x6bb/0xc10 [ 800.318650][ C1] worker_thread+0xad5/0x12a0 [ 800.323159][ C1] kthread+0x421/0x510 [ 800.327057][ C1] ? worker_clr_flags+0x180/0x180 [ 800.331921][ C1] ? kthread_blkcg+0xd0/0xd0 [ 800.336345][ C1] ret_from_fork+0x1f/0x30 [ 800.340602][ C1] [ 800.343462][ C1] ================================================================== [ 800.351379][ C1] Disabling lock debugging due to kernel taint [ 800.357388][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000065: 0000 [#1] PREEMPT SMP KASAN [ 800.369258][ C1] KASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f] [ 800.377503][ C1] CPU: 1 PID: 459 Comm: kworker/1:3 Tainted: G B W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 800.388612][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 800.398508][ C1] Workqueue: usb_hub_wq hub_event [ 800.403547][ C1] RIP: 0010:flush_tlb_func+0x4a/0x550 [ 800.408751][ C1] Code: 8b 35 2a 96 cd 7e 65 66 44 8b 25 31 96 cd 7e 49 8d 9e 28 03 00 00 48 89 df be 08 00 00 00 e8 fd 97 7c 00 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 07 96 7c 00 4c 8b 3b 66 44 89 65 [ 800.428195][ C1] RSP: 0018:ffffc900001d02a0 EFLAGS: 00010006 [ 800.434246][ C1] RAX: 0000000000000065 RBX: 0000000000000329 RCX: ffff888106fe4f00 [ 800.441990][ C1] RDX: 0000000080010104 RSI: 0000000000000096 RDI: 00000000ffffffff [ 800.449800][ C1] RBP: ffffc900001d0310 R08: ffffffff8141701b R09: 0000000000000003 [ 800.457613][ C1] R10: fffffbfff0e5284c R11: dffffc0000000001 R12: 1ffff1103ee20000 [ 800.465424][ C1] R13: ffff8881f7037180 R14: 0000000000000001 R15: dffffc0000000000 [ 800.473235][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 800.482002][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 800.488421][ C1] CR2: 0000001b32833000 CR3: 0000000119185000 CR4: 00000000003506a0 [ 800.496236][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 800.504044][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 800.511858][ C1] Call Trace: [ 800.515000][ C1] [ 800.517684][ C1] ? __die_body+0x62/0xb0 [ 800.521837][ C1] ? die_addr+0x9f/0xd0 [ 800.525832][ C1] ? exc_general_protection+0x311/0x4b0 [ 800.531221][ C1] ? asm_exc_general_protection+0x27/0x30 [ 800.536767][ C1] ? check_panic_on_warn+0x5b/0xb0 [ 800.541715][ C1] ? flush_tlb_func+0x4a/0x550 [ 800.546315][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 800.551347][ C1] ? sched_clock+0x9/0x10 [ 800.555513][ C1] ? sched_clock_cpu+0x18/0x3b0 [ 800.560203][ C1] flush_smp_call_function_queue+0x222/0x6a0 [ 800.566020][ C1] ? debug_smp_processor_id+0x17/0x20 [ 800.571223][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 800.576605][ C1] generic_smp_call_function_single_interrupt+0x13/0x20 [ 800.583383][ C1] __sysvec_call_function_single+0x63/0x1b0 [ 800.589103][ C1] sysvec_call_function_single+0x41/0xb0 [ 800.594570][ C1] asm_sysvec_call_function_single+0x1b/0x20 [ 800.600387][ C1] RIP: 0010:__stack_depot_save+0x167/0x470 [ 800.606098][ C1] Code: de eb 03 44 89 ff 48 8b 05 0e a5 ab 04 44 89 f1 81 e1 ff 0f 00 00 48 89 45 b0 48 89 4d b8 4c 8b 24 c8 4c 89 cb 41 89 df eb 04 <4d> 8b 24 24 4d 85 e4 74 2d 45 39 74 24 08 75 f0 41 39 5c 24 0c 75 [ 800.625468][ C1] RSP: 0018:ffffc900001d0478 EFLAGS: 00000287 [ 800.631371][ C1] RAX: ffff88823fe80000 RBX: 000000000000000b RCX: 0000000000000cb7 [ 800.639183][ C1] RDX: ffffc900001d0534 RSI: 0000000000000001 RDI: 0000000000000a20 [ 800.646990][ C1] RBP: ffffc900001d04d0 R08: 0000000000000001 R09: 000000000000000b [ 800.654803][ C1] R10: ffffc900001d0450 R11: dffffc0000000001 R12: ffff8881183e8460 [ 800.662614][ C1] R13: ffffc900001d04e0 R14: 0000000011b34cb7 R15: 000000000000000b [ 800.670433][ C1] ? __stack_depot_save+0x34/0x470 [ 800.675376][ C1] __kasan_slab_alloc+0xc3/0xe0 [ 800.680060][ C1] ? __kasan_slab_alloc+0xb1/0xe0 [ 800.684918][ C1] ? slab_post_alloc_hook+0x53/0x2c0 [ 800.690044][ C1] ? kmem_cache_alloc+0xf5/0x200 [ 800.694814][ C1] ? __build_skb+0x2a/0x300 [ 800.699155][ C1] ? build_skb+0x25/0x1f0 [ 800.703318][ C1] ? page_to_skb+0x154/0xb40 [ 800.707745][ C1] ? receive_buf+0xed6/0x5720 [ 800.712262][ C1] ? virtnet_poll+0x628/0x1260 [ 800.716858][ C1] ? __napi_poll+0xc4/0x5a0 [ 800.721199][ C1] ? net_rx_action+0x47d/0xc50 [ 800.725799][ C1] ? __do_softirq+0x26d/0x5bf [ 800.730314][ C1] ? do_softirq+0xf6/0x150 [ 800.734564][ C1] ? __local_bh_enable_ip+0x75/0x80 [ 800.739620][ C1] ? _raw_spin_unlock_bh+0x51/0x60 [ 800.744547][ C1] ? sock_hash_delete_elem+0x2a2/0x2f0 [ 800.749840][ C1] ? bpf_prog_bc4ba9860fbb0da4+0x3e/0x534 [ 800.755395][ C1] ? bpf_trace_run2+0xec/0x210 [ 800.760025][ C1] ? __bpf_trace_tlb_flush+0x23/0x30 [ 800.765114][ C1] ? __traceiter_tlb_flush+0x77/0xd0 [ 800.770238][ C1] ? switch_mm_irqs_off+0x616/0x9b0 [ 800.775270][ C1] ? __schedule+0xb2b/0x1590 [ 800.779696][ C1] ? preempt_schedule_irq+0xc7/0x140 [ 800.784818][ C1] ? irqentry_exit_cond_resched+0x2a/0x30 [ 800.790371][ C1] ? irqentry_exit+0x30/0x40 [ 800.794799][ C1] ? sysvec_call_function_single+0x52/0xb0 [ 800.800442][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 800.806441][ C1] ? kasan_check_range+0x17a/0x2a0 [ 800.811390][ C1] ? memset+0x23/0x40 [ 800.815194][ C1] ? kasan_set_track+0x3c/0x70 [ 800.819795][ C1] ? kasan_set_free_info+0x23/0x40 [ 800.824742][ C1] ? ____kasan_slab_free+0x126/0x160 [ 800.829863][ C1] ? __kasan_slab_free+0x11/0x20 [ 800.834636][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 800.840016][ C1] ? kfree+0xc8/0x220 [ 800.843838][ C1] ? usb_free_urb+0xcf/0x110 [ 800.848264][ C1] ? usb_start_wait_urb+0x241/0x350 [ 800.853297][ C1] ? usb_control_msg+0x2ad/0x4c0 [ 800.858082][ C1] ? hub_ext_port_status+0xfe/0x6b0 [ 800.863102][ C1] ? hub_port_debounce+0x2e8/0x470 [ 800.868052][ C1] ? hub_event+0x1dd2/0x4770 [ 800.872479][ C1] ? process_one_work+0x6bb/0xc10 [ 800.877338][ C1] ? worker_thread+0xad5/0x12a0 [ 800.882025][ C1] ? kthread+0x421/0x510 [ 800.886104][ C1] ? ret_from_fork+0x1f/0x30 [ 800.890537][ C1] slab_post_alloc_hook+0x53/0x2c0 [ 800.895475][ C1] ? __build_skb+0x2a/0x300 [ 800.899818][ C1] ? __build_skb+0x2a/0x300 [ 800.904157][ C1] kmem_cache_alloc+0xf5/0x200 [ 800.908759][ C1] __build_skb+0x2a/0x300 [ 800.912923][ C1] build_skb+0x25/0x1f0 [ 800.916916][ C1] ? kasan_set_track+0x3c/0x70 [ 800.921514][ C1] ? kasan_set_free_info+0x23/0x40 [ 800.926462][ C1] page_to_skb+0x154/0xb40 [ 800.930717][ C1] receive_buf+0xed6/0x5720 [ 800.935060][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 800.940448][ C1] ? virtnet_poll_tx+0x500/0x500 [ 800.945210][ C1] ? kfree+0xc8/0x220 [ 800.949029][ C1] ? virtqueue_get_buf_ctx+0x482/0xe30 [ 800.954324][ C1] ? detach_buf_split+0x71a/0xae0 [ 800.959182][ C1] ? napi_skb_cache_put+0x10d/0x250 [ 800.964219][ C1] ? virtqueue_get_buf_ctx+0x6de/0xe30 [ 800.969515][ C1] virtnet_poll+0x628/0x1260 [ 800.973953][ C1] ? refill_work+0x220/0x220 [ 800.978368][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 800.983749][ C1] __napi_poll+0xc4/0x5a0 [ 800.987911][ C1] net_rx_action+0x47d/0xc50 [ 800.992351][ C1] ? net_tx_action+0x550/0x550 [ 800.996954][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 801.001974][ C1] ? sched_clock+0x9/0x10 [ 801.006141][ C1] ? irqtime_account_irq+0x79/0x3c0 [ 801.011173][ C1] __do_softirq+0x26d/0x5bf [ 801.015514][ C1] do_softirq+0xf6/0x150 [ 801.019613][ C1] [ 801.022456][ C1] [ 801.025235][ C1] ? __local_bh_enable_ip+0x80/0x80 [ 801.030700][ C1] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 801.035562][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 801.040596][ C1] __local_bh_enable_ip+0x75/0x80 [ 801.045455][ C1] _raw_spin_unlock_bh+0x51/0x60 [ 801.050229][ C1] sock_hash_delete_elem+0x2a2/0x2f0 [ 801.055350][ C1] bpf_prog_bc4ba9860fbb0da4+0x3e/0x534 [ 801.060731][ C1] bpf_trace_run2+0xec/0x210 [ 801.065162][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 801.069844][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 801.074877][ C1] __bpf_trace_tlb_flush+0x23/0x30 [ 801.079912][ C1] ? perf_trace_tlb_flush+0x3e0/0x3e0 [ 801.085125][ C1] __traceiter_tlb_flush+0x77/0xd0 [ 801.090067][ C1] switch_mm_irqs_off+0x616/0x9b0 [ 801.094927][ C1] __schedule+0xb2b/0x1590 [ 801.099182][ C1] ? __sched_text_start+0x8/0x8 [ 801.103887][ C1] ? _raw_write_unlock_bh+0x40/0x48 [ 801.108901][ C1] preempt_schedule_irq+0xc7/0x140 [ 801.113975][ C1] ? __cond_resched+0x20/0x20 [ 801.118481][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 801.123515][ C1] ? sched_clock+0x9/0x10 [ 801.127682][ C1] irqentry_exit_cond_resched+0x2a/0x30 [ 801.133072][ C1] irqentry_exit+0x30/0x40 [ 801.137315][ C1] sysvec_call_function_single+0x52/0xb0 [ 801.142898][ C1] asm_sysvec_call_function_single+0x1b/0x20 [ 801.148685][ C1] RIP: 0010:kasan_check_range+0x17a/0x2a0 [ 801.154237][ C1] Code: 08 00 00 00 44 29 fb 49 01 d9 4d 29 ce 4d 89 f5 49 8d 5d 07 4d 85 ed 49 0f 49 dd 48 c1 eb 03 85 db 74 23 45 31 ff 4f 8b 34 39 <4d> 85 f6 75 48 49 83 c7 08 ff cb 75 ef 4d 29 ca 4d 29 fa 4d 01 da [ 801.173677][ C1] RSP: 0018:ffffc90003db7270 EFLAGS: 00000202 [ 801.179579][ C1] RAX: 0000000000000101 RBX: 0000000000000004 RCX: ffffffff81b2435c [ 801.187392][ C1] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffffc90003db72d0 [ 801.195202][ C1] RBP: ffffc90003db7298 R08: dffffc0000000000 R09: fffff520007b6e60 [ 801.203014][ C1] R10: 1ffff920007b6e99 R11: dffffc0000000001 R12: 1ffff920007b6e5a [ 801.210825][ C1] R13: 000000000000003a R14: 0000000000000000 R15: 0000000000000018 [ 801.218639][ C1] ? kasan_set_track+0x3c/0x70 [ 801.223239][ C1] ? kfree+0xc8/0x220 [ 801.227057][ C1] memset+0x23/0x40 [ 801.230702][ C1] kasan_set_track+0x3c/0x70 [ 801.235128][ C1] ? preempt_schedule+0xd9/0xe0 [ 801.239816][ C1] ? __kasan_check_read+0x11/0x20 [ 801.244676][ C1] ? preempt_schedule_common+0xbe/0xf0 [ 801.249970][ C1] ? preempt_schedule+0xd9/0xe0 [ 801.254657][ C1] ? schedule_preempt_disabled+0x20/0x20 [ 801.260124][ C1] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 801.265592][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 801.270799][ C1] ? tracing_record_taskinfo+0x50/0x230 [ 801.276181][ C1] ? _raw_spin_unlock_irq+0x61/0x70 [ 801.281216][ C1] ? __kasan_check_write+0x14/0x20 [ 801.286173][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 801.291109][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 801.296490][ C1] ? dma_map_single_attrs+0x160/0x160 [ 801.301696][ C1] ? irqentry_exit_cond_resched+0x2a/0x30 [ 801.307252][ C1] ? irqentry_exit+0x30/0x40 [ 801.311678][ C1] kasan_set_free_info+0x23/0x40 [ 801.316453][ C1] ____kasan_slab_free+0x126/0x160 [ 801.321404][ C1] __kasan_slab_free+0x11/0x20 [ 801.325999][ C1] slab_free_freelist_hook+0xbd/0x190 [ 801.331297][ C1] ? usb_free_urb+0xcf/0x110 [ 801.335729][ C1] kfree+0xc8/0x220 [ 801.339367][ C1] usb_free_urb+0xcf/0x110 [ 801.343622][ C1] usb_start_wait_urb+0x241/0x350 [ 801.348483][ C1] ? usb_api_blocking_completion+0xb0/0xb0 [ 801.354124][ C1] ? __kmalloc+0x13a/0x270 [ 801.358377][ C1] ? __kasan_check_write+0x14/0x20 [ 801.363323][ C1] usb_control_msg+0x2ad/0x4c0 [ 801.367922][ C1] ? usb_anchor_empty+0x40/0x40 [ 801.372607][ C1] ? console_conditional_schedule+0x30/0x30 [ 801.378350][ C1] ? update_process_times+0x200/0x200 [ 801.383545][ C1] hub_ext_port_status+0xfe/0x6b0 [ 801.388492][ C1] hub_port_debounce+0x2e8/0x470 [ 801.393265][ C1] ? hub_port_disable+0x690/0x690 [ 801.398353][ C1] hub_event+0x1dd2/0x4770 [ 801.402607][ C1] ? __queue_work+0x94d/0xcd0 [ 801.407118][ C1] ? led_work+0x590/0x590 [ 801.411360][ C1] ? queue_work_on+0x12e/0x170 [ 801.415964][ C1] ? wq_worker_last_func+0x50/0x50 [ 801.420910][ C1] ? __kasan_check_write+0x14/0x20 [ 801.425857][ C1] ? __kasan_check_read+0x11/0x20 [ 801.430715][ C1] ? read_word_at_a_time+0x12/0x20 [ 801.435972][ C1] ? strscpy+0x9c/0x260 [ 801.439962][ C1] process_one_work+0x6bb/0xc10 [ 801.444653][ C1] worker_thread+0xad5/0x12a0 [ 801.449168][ C1] kthread+0x421/0x510 [ 801.453067][ C1] ? worker_clr_flags+0x180/0x180 [ 801.457929][ C1] ? kthread_blkcg+0xd0/0xd0 [ 801.462354][ C1] ret_from_fork+0x1f/0x30 [ 801.466608][ C1] [ 801.469470][ C1] Modules linked in: [ 801.473210][ C1] ---[ end trace d875c30036f36f0e ]--- [ 801.478500][ C1] RIP: 0010:flush_tlb_func+0x4a/0x550 [ 801.483706][ C1] Code: 8b 35 2a 96 cd 7e 65 66 44 8b 25 31 96 cd 7e 49 8d 9e 28 03 00 00 48 89 df be 08 00 00 00 e8 fd 97 7c 00 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 07 96 7c 00 4c 8b 3b 66 44 89 65 [ 801.503151][ C1] RSP: 0018:ffffc900001d02a0 EFLAGS: 00010006 [ 801.509068][ C1] RAX: 0000000000000065 RBX: 0000000000000329 RCX: ffff888106fe4f00 [ 801.516861][ C1] RDX: 0000000080010104 RSI: 0000000000000096 RDI: 00000000ffffffff [ 801.524673][ C1] RBP: ffffc900001d0310 R08: ffffffff8141701b R09: 0000000000000003 [ 801.532484][ C1] R10: fffffbfff0e5284c R11: dffffc0000000001 R12: 1ffff1103ee20000 [ 801.540385][ C1] R13: ffff8881f7037180 R14: 0000000000000001 R15: dffffc0000000000 [ 801.548308][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 801.557075][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 801.563497][ C1] CR2: 0000001b32833000 CR3: 0000000119185000 CR4: 00000000003506a0 [ 801.571322][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 801.579225][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 801.587049][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 802.736713][ C1] Shutting down cpus with NMI [ 802.741535][ C1] Kernel Offset: disabled [ 802.745662][ C1] Rebooting in 86400 seconds..