last executing test programs: 2.081608398s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup(r2) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10) dup3(r3, r4, 0x0) 1.817508409s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) setgroups(0x0, 0x0) 1.81047122s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) symlink(&(0x7f0000000540)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000280)=""/4096, 0x9005) 1.732217151s ago: executing program 1: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002780), &(0x7f00000027c0)='./file0\x00', 0x0, &(0x7f0000002800)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x2000}}, 0x0, 0x0, 0x0) getresgid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00010000,user_id=', @ANYRESDEC=r3], 0x0, 0x0, 0x0) 1.710141345s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000640)='console\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000000)={0x58, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x44, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x2d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x0, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1, @TIPC_NLA_NET_NODEID, @TIPC_NLA_NET_NODEID_W1, @TIPC_NLA_NET_ADDR, @TIPC_NLA_NET_ID, @TIPC_NLA_NET_NODEID_W1, @TIPC_NLA_NET_NODEID_W1, @TIPC_NLA_NET_ID]}]}, 0x58}}, 0x0) 1.698548217s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000ffff000000007200ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 1.640499146s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x0, 0x1c, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800"/20, @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x2c, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x84, 0x30, 0xffff, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x30}]]}, {0x10}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0) 1.637548786s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.605318911s ago: executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0x100000001, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup3(r2, r3, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) 1.603562572s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000000000406e05fb0000000000000109022400010000100009040000010300000009210700050122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000780)={0x24, 0x0, 0x0, &(0x7f0000000400)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "5254abe2"}]}}, 0x0}, 0x0) 1.496346289s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0x100000001, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup3(r2, r3, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) 1.234027839s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='proc\x00', 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000340)='./file0/bus\x00', 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r1, 0x100, 0x0) getdents64(r1, 0xfffffffffffffffe, 0x29) 1.191287945s ago: executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001000010700002000000000000a0000100c0002006e6c3830323131"], 0x20}}, 0x0) recvmmsg(r0, &(0x7f00000045c0)=[{{0x0, 0x0, &(0x7f00000047c0)=[{&(0x7f0000001400)=""/4086, 0xff6}], 0x1}}], 0x1, 0x0, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0) 1.182685837s ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x25, &(0x7f0000000000)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)={0x1}) fcntl$lock(r1, 0x7, &(0x7f00000006c0)) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000300)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) 695.047932ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 655.833208ms ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/power/pm_freeze_timeout', 0xea241, 0x0) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000480)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}}}, 0xa0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="116105cf0000000000000000b702000014001800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000073b2b55900000000009500000000000000d5b80872407d3803cda0cb539c229c9a6fdd0348b05261a650e4fe20100308dbd77dd2689ec1fba338c4af06"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffde9, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/fib_trie\x00') preadv(r7, &(0x7f0000000480)=[{&(0x7f0000000540)=""/115, 0x200005b3}], 0x1, 0x8, 0x0) 584.497579ms ago: executing program 3: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000000480)) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000040)=""/93, 0x5d) lseek(r0, 0x0, 0x2) 571.493181ms ago: executing program 3: socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x100, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000aa000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000003a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)=r2}, 0x20) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = dup(r5) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58302"]) setfsgid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000004000000000000000018110000", @ANYRES32=r0, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r7}, 0x10) r8 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r8, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "90737f0000ffffffffffffffff1e277fffffeb"}) r9 = dup(r8) ioctl$TCSETAF(r8, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x408, 0x82fa, 0xfe, "000000a33c485500"}) ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000400)=0x22) ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000180)=0xff) syz_open_dev$tty20(0xc, 0x4, 0x1) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000400)}], 0x1) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r10, 0x800448d2, &(0x7f0000000000)) 451.62614ms ago: executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008007f0fffeffe809005300fff5dd000000100001000903080000000000224e0000", 0x58}], 0x1) 326.183929ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) symlink(&(0x7f0000000540)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000280)=""/4096, 0x9005) 218.188806ms ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)) 205.414718ms ago: executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0x100000001, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup3(r2, r3, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) 198.229049ms ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/224, 0xe0}], 0x1, 0x5, 0x0) 187.3858ms ago: executing program 3: ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, &(0x7f0000000640)={{}, "f5f999ea9c12a2fbaa22f6015c79772fc8c4c3277dea3438acce73497fde621df13e2ee7d2e72d87a98ea431eabae5f4375d1fd83728724f64eebee1bb5a91107687cb89158478e8d101ee4298ba35dda64a294a1dddcf5f8b191a86f01ba61ce82a3c6b893399ff37f9d78d60d699a4c4114c926e4d1f231edadf10ed864c7ff072e1906a1a04fa4b21377e85fc4212a8e953b97c1a900673aa2b5d657cfeae7b24a0306b60521b6649177e16e935be6f53292385b7893a906c216be37f925321943dabfe368887450c70d7a3f0193496a6fb0ac2e363725b577555a2ec20f093f8cf6af738be6a8bb354269d38240b0d8ddfe202c99041fe91e69b46c3027b9a8e0c8b78043d5758848a0f6a41a575eae06ddba63182cb8fc239a1c0bb075409ca29ab1afa6d5cd6480d141e5b79bd6df4f732d19bafb1deb6e26657b1cf5e493010e896b3cfc74bc3bdff5e33ea0fcb4a563c304160e806ce629ab00651e425c45aee8c72b2b92af96e04b5dd827c8e06f237b642f0b180287b6c30661ac2e9d31ee8c3d7774c94d6ebc98bc254384e35ec6a134d11823df1eabd5004bcf54fcec139d0a755cbf7ee96b45ef28935dda7179ae1ed2f674a47ff01ba3506c4e8aa1ccdaf256df3e47e5dbf7c70bfe3cf91b1b4f5ab7bddd07bf2e758e4ab9472a12399a1219d3fdda427ee382c7f67130f1ea2814c0ca0843209d7d52a56fcecc7f6fcaba6aa75fb71c8fca73c917f1a1066e941979b953ff3db2bdb2fa79d43e902024cac0f375c3505780ffac385ea5608c72f65d12ae21b78207f7b41510633c625a855123a9c628672c377b9545b0921dd11a469311d2e52025a1e46df096534f34fd33c0b0afcd0bf1428351aa9e9ebd7d8c1ab5e879d43ede318fb74bbbdeec51ee4ca993f24596527155b522009ac56113627dc3b52b8a6231dd3cac01abe01ee8b35e3832c34827885e2623f7819de16a007e0e5117586cf040f715f1912a1cd7bed676121d560d754d9cbd5353c8b1bcf488ccdc38e4b45c8efb055b1221bcff9a6c6ff07fa77e39bf7547ec55a9fb4312710e908028d6a36dafb8cb33f8902d36772ea9cb11fc10ae9c65016ea7cb335e03be21ddcab7c398fb21458bb641fc91fe0a1b0ca7e1bf5643d443ff3c5e6b01e6b8fd18aa76430ea577eb9c1ff00eed05ddd37411558a4864fdfe516c8ef399611cc83fecd35c6f354e367959ae14ffbc2b6a73dbd43009430c07741db24d19ecbce449e907b1b7c3fe4d29406d1451e81a795b261485cd56968b2f0bf61ce95a84f228bb117f774a48330f14209e1fd729ff95216d90e2c9e141657ef424f733cb2e6c6e489c96a07279a66a651c95931da53162b6452819e785250c8e4be2c6e8fdc8e05c7f216c39ef41dff62921bdc63b98c1a0d99013ee5411b3568e07ce4b8eac54a7ba09147223fff2b4609fd1eff80bc6080f36cb7a3a44e2177323bb1baea9d6b55c8cfd2706ce39aa12029c4b940dc581c3b1d5f44c50db1109ba7ef5c93982363c789d6de67d995e684effc10b6c0c3d3e497fd669c5c424c0c8f548fe60e1640afa07316d6e1c26f9aae9282947fa509c6460d644950d6317de43bb591d319edea9dd719c2798e873409fa00d3bcad8b3fa16796ed9ac46ba370009c20b531dd8aaedb9d2ed898157408310bd6944f28d04bcfaea40e02e673131ba1f2fbac351fee3604490aa6c37f5a7e3982a5da0dbee413f113713f67fd28e1cf1d40f94360c63c5c66176facae576c92e942b61b224436cc4b4a2f35896f572f1b5fb037e064c159a44309c09ec4ff10ec6c3dd05d03d1bf3c1e15cb4deae23074068c659065cbd1b5451c9c64999cd3904b75bf2f93a507acf8fe69e9adf688488b21210beb721066e0dcaab762a7f6560b7cbf5b1b089c39078dc70e94d90412442afaaee024b1a6265f16b37f79f14106d0212976f089015294f74fd591af5f3ffcdf99785a6620ae70a0515d86ec8010ee0e5127e1160d88603ea69f98cc8b7a20dd75961f2057ec9ab23b014d37de350ed564d98dc1b3f7c7d1ac85d4b509a4ca151b242f37433ef052e235c9c3dfaf3eacc94faead45252e77614b28c2d71320f68afec8e685194385857fd076817f895618ca2fee4c26783d4257a78f1e9a59ad8fc7c767be8d531033fc0e50813138bf647f79d8b093855934da76e6d6d1f5073b652a6b26e270df247fc43546a06bdfe62edd1d227e29dac9d2297962951267d6f3329925ac5b9185c610af156298bb224ad1b42c9c48bc269b1a91bca1871c50a23e479b644e97c42c9459c173c41e666583c800c89d92516539638fac5c98f1fce75d6d9bf4b520148fd18cb85b37fcf9bd1f73d1be0b4740ba1a84a473b698270649efa36ee42ea2b04f8c4f4e057573fcbb7d9a38a74190913446f575be76d8ef63a3766661803e076835afad905b288978871a706d371eeb5b96f89d2949a1697027d3ad63805c4bfc7e859f6097f194b6814a85e6f5851bf02bb35d1305f4675dc6e43bed4574627d246dc22af95f756c76c074c7244f9d014b2d6657ad9a83c2e2575605b4b213f98bb1deb4eb4e563edc65496d07054fe27640e3cca6228a4335912bd832366512bb18b034ab0dbf7de354e2e500dcf62b0fc69a781fe4a375f7355de78026ab06fef972e51f21627a66b02f9c81a75d09604ed954833237390e1c65012cee39c9af046c8b2c960393566c04dd62179dd75cadd967236f0a23ff4f7c766dee3710250063ced1a0c33f517d6a7c7908a7c393b749fce59a25a3e2ddb0ec26bb81d23b16179f346761f0b6386db63611ee66a8318e4709b68fa926f7bac1cbbd0a6c6b8507ee502bb877f9871154031929d7779f6315f6b612eca21bfcc1e843bdfa253a89c2ec93b51b548eb6e87219296c21ee83dd4e2896b9ab671357fced127db18ada2fa75b47c8e811cfb850dd74eb0daca768b3b435dc581feaceecd87bd0610097fb96d511d769aece6d2fd9c683ac15c540fc73757e0b376516e10f2d775c4785fef898bc54097d8f91c1f70c82d7f401ad4a4a8c885cd690541c46dca4a9cc2ec083615059b737f62ed355679b5fc16b437e5e2f2840b1fe89a472c7b23af569fbb1f52336c0480ca3118880f3b2ad1db4710fe85ea4a0142ea90d62693658d5af626962256b7f6f0252601e117f97af089b1bc5cf8baaee8ecbc6e27a1e04698b40c6d5027be503020285d88e11de3ba0165775a81a686b3ff7b368b626c5a4d888f3728f86dbc23d52797703ef9bf8ff9adcf75991bbef36277a815e1bcf7edf06d8a11ed31bd44a75e848a8754eb324d111cc6e9b957450159cd9f371ac0c3f59486ab626dd06e05408c8a784bf149ceffd33d8bca59b14e19157eaf16f40bf9f71dfec3e80fe89657f1079a5c39f32987b5b9fab60824344d5f09834b6a8edfca18869eea64497596b2853e48c98d4e20ea585ebe3102965396823b410f617503edb137d2397ff669a9ed678d56d88df546a1b6c1d2f8dc9bd8e7eed24923cd5d3894f0fd43c96d50617c2b710ad59e299a27041d1809bf08b2ace15eb23db9e9eaf1c3b908850a6689d3f28f86b8dfa4aead552f75b71f13996fe8f74ad0c40d997c62585e5e4479e76fc6e70c28a72ad96546d37c8e8f8d44cb31a063a2d67fbcdad91ff71264715e12a90a91788959581c8168edda0077f54b32d7d3c044f8989c5f5ade977693f735092d4c103f66b340dd2239fee231202eee20d81002fa5188866728e0e2d0bfd79d8744d8fe8362b8a5352d7fb7778fcc20380f3478de04444b07b18d220b8c1fd45dc1e5ca2317ee189d975306fd53c8a547c882eaaf4e50f34ba513f022bbc14387a50f28bc6bce74ae239780e9312fa1efed366219ca87399fbaff184d6406672efd1dd87625ce6259f2858dcb2abc08fe5d031bb32f35aa8380054f15727898f812ea239cdc7f0cd39192cc36e1bd83491f41d821e80ab1d5e9a6df9712d48abac281e1b29383b6639b38ef2a907ad55432024f3d5d302d4dc3a1a4817e5cb4bca0fd5492cca59587f8d3dec2990002ef934574e6a98fcad1a90e025e00e6592681d525bc531a32d61ece02bd2f59a1636ad4af669fbbbe99461f1689b16f289da0d1bdd27ffa94455a8b588af691948575353678954fea6289c4ce3bf207210b6a4c458594edfd925cb2e6efaab32aa521b78a40ce8a5be8fb9c938387dc0496818782cdecca1b5d0ce32d15915ae847839f0646ab2fb67496b9ff81f0cb8bebd306ce17c3c54d41b3ef3c6756f741c1bdccd7e10cb4b8c693782c404068f4d27bab33f60b7df3db861658d597adb9a86997fe115e14413653880c7614594ada21ad472ed39ecc94dec642a88ef1b6c3de9fef2a4784810a3d08995096cbfbd029d02be954615d454782aa672e5fab66fa5ad74f94806e9e1d034a58a68b9f89a862fa2393feaf4098b8219bbde9dda40755e2cf28c56281245347fa1ce640bd9c020f88dbe69f2b17d5ac5b44e31f9c3087417aad491a8b57cefcb69d9fac360dfe8e9e9516b8d84c8a4cb37734eef4dbbf34de11e448cc39d346ee24b3d066b5512e4d81abac85e7edddc3b265fcecb69481e4467331443defb3ecfd2ee22d10821268ff5064d3e44e217f5e11038b105be4c25c1eccfedee5fac8873b4503b777efffdf15424019aa757008f5a0cd55665a8256fec998ef864914a6eb356ea7824469efc2c264ddd4713d95c639281083b701b61d2e8783e713b6aee620a3e1a71604e8b9ee838fcac3c40cafca58e335934b2efee4ed4a86a82cefc757ce511df7b3ce91640030d94a3c1629d4aecb8084d23e45d498e7685f44704894a035f9087652ef390dca138de874f23a72bfeb3f5cb9092462ccbc671aa7f9afb089951a1e2042d1036f368195b6908f3f7b72e5381e6ff851e64ee84da9d06b70c9f16b97f854ca579a4c806647d6174b4b54c7be094034f294fe778f22db039dbe6466f1deeab89bcf866aba8e81b4576256fab7b8e9c2eea8a28a23868f1c6dc755e179b059a129b1b5d5958ba1d076cb41b8be7a2b0e4decbd2dfd4c1d8c2244e824474c725bc67c1c9bea7f8f22c8fdbdd8ff999637592ecd66720911a21c3eee9b8ac7035ee276c05e6aade0b7de70b99812c99170820bbc1b043d01724604173b9ec912da7af3a36c3fdaa96fb1665f2f55c81fd7b7983d5f6e856103f64c02af58710adaa36f3a00de46270c73401513500ae3f96606636414b460c26452ebc493be064e6bf57723957a53609a1b50e4ae9e8ed0ee16b98f2821462a379275967936cda0810a07eaa627877472c6acc0945d5ae5eebae246ad5c8883a35d4aed9394986b4cc83159bc7232773414ffdf144ae966105acc3d085a2ab7b245f0e58fce61b21f68e565f1687573e82d0c33f36e0925eafcf8a3fa595c1895c7e98f4a5a16b0e63bca70e06348fa32b6d6cc7aba8db689a63009890951bc434b1016c85ffe7a2ba7504cc4830c9cc27813b0f79993f22dc87188d595f2f46f4650b967280be18a2c712c13f9ddced7ac6e99829d82abca014cb8132b00081743aab91f188a84a59c097ae534ce99247a031455659f825e8a72e0bfc466dafe1a5619fc09e9677930da3770b47ec9b5a9e636f392a2e388f29da4036cd221c1a80314b330028f11c760e5a551f5f4e5b82747c4bf0b6697e9594c5aeecc27aa6bcf2323838668bff238dabb9f970b438e9c97969cc8fb38093f5c01b61"}) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x4, 0x0, 0x20001100) 185.667331ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x2000) 159.238445ms ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 80.200127ms ago: executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x17, 0x0, 0x1b, 0x2}, 0x48) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x2c000, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000060800c687000073ed7ba88007"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r3, 0x0, &(0x7f0000001780)=""/4082}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='mm_page_alloc\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x10) r5 = creat(&(0x7f0000000780)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r5, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="0200000008"], 0xfe44, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4) 57.801891ms ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000440)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) renameat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', r0, &(0x7f0000000140)='./file1\x00') 11.783788ms ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0x100000001, 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) dup3(r2, r3, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) 0s ago: executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008007f0fffeffe809005300fff5dd000000100001000903080000000000224e0000", 0x58}], 0x1) kernel console output (not intermixed with test programs): sr_slave_0: link becomes ready [ 50.794493][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.810650][ T1424] device veth0_vlan entered promiscuous mode [ 50.817551][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.825654][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.833508][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.841089][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.853875][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.862750][ T1424] device veth1_macvtap entered promiscuous mode [ 50.871752][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.883372][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.959308][ T28] audit: type=1400 audit(1717247920.388:598): avc: denied { read } for pid=1431 comm="syz-executor.1" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 50.981652][ T28] audit: type=1400 audit(1717247920.388:599): avc: denied { open } for pid=1431 comm="syz-executor.1" path="/root/syzkaller-testdir3020802557/syzkaller.roNl6Y/52/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 51.010992][ T341] device bridge_slave_1 left promiscuous mode [ 51.017330][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.027354][ T341] device bridge_slave_0 left promiscuous mode [ 51.033385][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.041744][ T341] device veth1_macvtap left promiscuous mode [ 51.047770][ T341] device veth0_vlan left promiscuous mode [ 51.062225][ T1437] loop1: detected capacity change from 0 to 2048 [ 51.077873][ T1437] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 51.089443][ T1437] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz-executor.1: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 51.129954][ T882] EXT4-fs (loop1): unmounting filesystem. [ 51.176415][ T40] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 51.206374][ T771] usb 4-1: config 0 has an invalid interface number: 175 but max is 0 [ 51.214413][ T771] usb 4-1: config 0 has an invalid interface number: 175 but max is 0 [ 51.222473][ T771] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.232368][ T771] usb 4-1: config 0 has no interface number 0 [ 51.238423][ T771] usb 4-1: config 0 interface 175 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 51.249134][ T771] usb 4-1: config 0 interface 175 altsetting 168 has an invalid endpoint with address 0x0, skipping [ 51.260222][ T771] usb 4-1: config 0 interface 175 altsetting 168 has 3 endpoint descriptors, different from the interface descriptor's value: 15 [ 51.273650][ T771] usb 4-1: config 0 interface 175 has no altsetting 1 [ 51.280503][ T771] usb 4-1: New USB device found, idVendor=059f, idProduct=1061, bcdDevice=8e.4f [ 51.432813][ T28] audit: type=1400 audit(1717247920.728:600): avc: denied { create } for pid=1441 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 51.437800][ T771] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.463218][ T771] usb 4-1: config 0 descriptor?? [ 51.465418][ T28] audit: type=1400 audit(1717247920.888:601): avc: denied { ioctl } for pid=1445 comm="syz-executor.2" path="socket:[20735]" dev="sockfs" ino=20735 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 51.526765][ T771] usb-storage 4-1:0.175: USB Mass Storage device detected [ 51.534261][ T771] usb-storage 4-1:0.175: Quirks match for vid 059f pid 1061: 44000000 [ 51.552599][ T28] audit: type=1400 audit(1717247920.978:602): avc: denied { mount } for pid=1453 comm="syz-executor.2" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 51.576407][ T40] usb 5-1: Using ep0 maxpacket: 8 [ 51.588293][ T28] audit: type=1400 audit(1717247921.018:603): avc: denied { unmount } for pid=736 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 51.636733][ T1458] process 'syz-executor.2' launched './file0' with NULL argv: empty string added [ 51.654394][ T28] audit: type=1400 audit(1717247921.078:604): avc: denied { create } for pid=1459 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 51.726689][ T40] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.736652][ T40] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 51.739839][ T772] usb 4-1: USB disconnect, device number 3 [ 51.745438][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.759304][ T40] usb 5-1: config 0 descriptor?? [ 51.946353][ T19] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 52.000561][ T772] usb 5-1: USB disconnect, device number 2 [ 52.132901][ T1471] loop1: detected capacity change from 0 to 512 [ 52.157865][ T1471] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 52.166732][ T1471] ext4 filesystem being mounted at /root/syzkaller-testdir3020802557/syzkaller.roNl6Y/58/bus supports timestamps until 2038 (0x7fffffff) [ 52.261635][ T1475] loop3: detected capacity change from 0 to 512 [ 52.278159][ T1475] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 52.287195][ T1475] ext4 filesystem being mounted at /root/syzkaller-testdir2805062203/syzkaller.whCwHk/117/file0 supports timestamps until 2038 (0x7fffffff) [ 52.306408][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 52.319357][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 52.329242][ T19] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 52.329745][ T316] EXT4-fs (loop3): unmounting filesystem. [ 52.338194][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.352896][ T19] usb 3-1: config 0 descriptor?? [ 52.401774][ T1481] loop3: detected capacity change from 0 to 512 [ 52.418461][ T1481] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 52.427230][ T1481] ext4 filesystem being mounted at /root/syzkaller-testdir2805062203/syzkaller.whCwHk/118/bus supports timestamps until 2038 (0x7fffffff) [ 52.539202][ T1485] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 52.656639][ T1488] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 52.778599][ T1491] loop4: detected capacity change from 0 to 512 [ 52.792902][ T1491] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 52.802228][ T1491] ext4 filesystem being mounted at /root/syzkaller-testdir2083382312/syzkaller.kMtEjE/3/file0 supports timestamps until 2038 (0x7fffffff) [ 52.837346][ T1424] EXT4-fs (loop4): unmounting filesystem. [ 52.994216][ T882] EXT4-fs (loop1): unmounting filesystem. [ 53.400932][ T316] EXT4-fs (loop3): unmounting filesystem. [ 53.438198][ T1508] loop3: detected capacity change from 0 to 2048 [ 53.457703][ T1508] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 53.466014][ T1508] ext4 filesystem being mounted at /root/syzkaller-testdir2805062203/syzkaller.whCwHk/119/bus supports timestamps until 2038 (0x7fffffff) [ 53.493619][ T316] EXT4-fs (loop3): unmounting filesystem. [ 53.840444][ T19] uclogic 0003:256C:006D.0004: interface is invalid, ignoring [ 53.890830][ T1518] loop1: detected capacity change from 0 to 512 [ 53.897611][ T1518] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 53.908361][ T1518] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (28729!=33349) [ 53.919114][ T1518] EXT4-fs (loop1): orphan cleanup on readonly fs [ 53.925469][ T1518] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz-executor.1: bad orphan inode 15 [ 53.936023][ T1518] ext4_test_bit(bit=14, block=20) = 0 [ 53.941372][ T1518] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 53.956553][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 53.956564][ T28] audit: type=1400 audit(1717247923.388:611): avc: denied { setopt } for pid=1520 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 53.991726][ T772] usb 3-1: USB disconnect, device number 4 [ 54.216408][ T19] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 54.456521][ T19] usb 2-1: Using ep0 maxpacket: 8 [ 54.576399][ T19] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 54.584480][ T19] usb 2-1: config 179 has no interface number 0 [ 54.590691][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 54.601613][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 54.612871][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 110, changing to 10 [ 54.624150][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 9317, setting to 1024 [ 54.635310][ T19] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 54.648355][ T19] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 54.657229][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.676397][ T1518] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 54.683411][ T1518] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 54.918456][ T6] usb 2-1: USB disconnect, device number 5 [ 54.936340][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 55.331910][ T28] audit: type=1400 audit(1717247924.758:612): avc: denied { unlink } for pid=1535 comm="syz-executor.4" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 55.425239][ T882] EXT4-fs (loop1): unmounting filesystem. [ 55.956367][ T6] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 56.029829][ T1561] loop4: detected capacity change from 0 to 512 [ 56.048539][ T1561] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 56.057514][ T1561] ext4 filesystem being mounted at /root/syzkaller-testdir2083382312/syzkaller.kMtEjE/13/bus supports timestamps until 2038 (0x7fffffff) [ 56.326416][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.346366][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.355931][ T6] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 56.369208][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.387433][ T6] usb 2-1: config 0 descriptor?? [ 56.529240][ T1573] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 56.919609][ T1424] EXT4-fs (loop4): unmounting filesystem. [ 57.206718][ T6] usb 2-1: string descriptor 0 read error: -71 [ 57.227151][ T6] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #200: -71 [ 57.235763][ T6] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71 [ 57.256528][ T6] uclogic 0003:256C:006D.0005: failed probing pen v2 parameters: -71 [ 57.264529][ T6] uclogic 0003:256C:006D.0005: failed probing parameters: -71 [ 57.286353][ T6] uclogic: probe of 0003:256C:006D.0005 failed with error -71 [ 57.294504][ T6] usb 2-1: USB disconnect, device number 6 [ 58.685315][ T1622] device syzkaller0 entered promiscuous mode [ 59.144234][ T1648] loop4: detected capacity change from 0 to 512 [ 59.182130][ T1648] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 59.219858][ T1648] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (28729!=33349) [ 59.252103][ T1648] EXT4-fs (loop4): orphan cleanup on readonly fs [ 59.260573][ T1648] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 15 [ 59.276556][ T1648] ext4_test_bit(bit=14, block=20) = 0 [ 59.281880][ T1648] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 59.566344][ T317] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 59.806368][ T317] usb 5-1: Using ep0 maxpacket: 8 [ 59.812728][ T28] audit: type=1400 audit(1717247929.238:613): avc: denied { append } for pid=1658 comm="syz-executor.2" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 59.843385][ T28] audit: type=1400 audit(1717247929.268:614): avc: denied { create } for pid=1658 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 59.863727][ T28] audit: type=1400 audit(1717247929.268:615): avc: denied { ioctl } for pid=1658 comm="syz-executor.2" path="socket:[21159]" dev="sockfs" ino=21159 ioctlcmd=0x48d7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 59.889117][ T28] audit: type=1400 audit(1717247929.268:616): avc: denied { setopt } for pid=1658 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 59.912247][ T28] audit: type=1400 audit(1717247929.268:617): avc: denied { bind } for pid=1658 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 59.956522][ T317] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 59.964604][ T317] usb 5-1: config 179 has no interface number 0 [ 59.988602][ T317] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 60.011792][ T317] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 60.036370][ T317] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 110, changing to 10 [ 60.056489][ T317] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 9317, setting to 1024 [ 60.060862][ T1663] device syzkaller0 entered promiscuous mode [ 60.073496][ T317] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 60.093209][ T317] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 60.102317][ T317] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.127102][ T1648] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 60.136820][ T1648] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 60.385517][ T317] usb 5-1: USB disconnect, device number 3 [ 60.396330][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 60.404421][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 60.550945][ T1683] netem: change failed [ 60.935307][ T1702] device syzkaller0 entered promiscuous mode [ 61.039350][ T1424] EXT4-fs (loop4): unmounting filesystem. [ 62.177792][ T28] audit: type=1400 audit(1717247931.608:618): avc: denied { bind } for pid=1733 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.214198][ T28] audit: type=1400 audit(1717247931.608:619): avc: denied { name_bind } for pid=1733 comm="syz-executor.4" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 62.226010][ T1736] device syzkaller0 entered promiscuous mode [ 62.235452][ T28] audit: type=1400 audit(1717247931.608:620): avc: denied { node_bind } for pid=1733 comm="syz-executor.4" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 62.283065][ T28] audit: type=1400 audit(1717247931.708:621): avc: denied { read } for pid=1739 comm="syz-executor.3" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 62.307490][ T28] audit: type=1400 audit(1717247931.708:622): avc: denied { open } for pid=1739 comm="syz-executor.3" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 63.029920][ T1773] device syzkaller0 entered promiscuous mode [ 63.218209][ T1781] input: syz0 as /devices/virtual/input/input6 [ 63.411909][ T1801] loop1: detected capacity change from 0 to 1024 [ 63.427412][ T1801] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 63.460570][ T882] EXT4-fs error (device loop1): ext4_lookup:1855: inode #16: comm syz-executor.1: unexpected EA_INODE flag [ 63.474905][ T882] EXT4-fs error (device loop1): ext4_lookup:1855: inode #16: comm syz-executor.1: unexpected EA_INODE flag [ 63.518523][ T882] EXT4-fs (loop1): unmounting filesystem. [ 63.733847][ T1806] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.748452][ T1806] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.765373][ T1806] device bridge_slave_0 entered promiscuous mode [ 63.782430][ T1806] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.789535][ T1806] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.798652][ T1806] device bridge_slave_1 entered promiscuous mode [ 63.901816][ T1806] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.908694][ T1806] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.915775][ T1806] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.922583][ T1806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.972500][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.986848][ T317] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.995130][ T317] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.006943][ T1822] loop2: detected capacity change from 0 to 512 [ 64.021022][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.029233][ T317] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.036094][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.043427][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.052460][ T317] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.059328][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.067523][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.070724][ T1822] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 205: padding at end of block bitmap is not set [ 64.075468][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.105891][ T1806] device veth0_vlan entered promiscuous mode [ 64.112915][ T341] device bridge_slave_1 left promiscuous mode [ 64.118895][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.126236][ T341] device bridge_slave_0 left promiscuous mode [ 64.132786][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.136768][ T1822] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 64.148894][ T341] device veth1_macvtap left promiscuous mode [ 64.154791][ T341] device veth0_vlan left promiscuous mode [ 64.168767][ T1822] EXT4-fs (loop2): 1 orphan inode deleted [ 64.186407][ T1822] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 64.219721][ T1822] ext4 filesystem being mounted at /root/syzkaller-testdir2492676187/syzkaller.q6TFzS/89/file1 supports timestamps until 2038 (0x7fffffff) [ 64.261658][ T736] EXT4-fs (loop2): unmounting filesystem. [ 64.284672][ T1838] loop4: detected capacity change from 0 to 128 [ 64.293570][ T1838] FAT-fs (loop4): error, corrupted file size (i_pos 548, 512) [ 64.301374][ T1838] FAT-fs (loop4): Filesystem has been set read-only [ 64.308455][ T1838] FAT-fs (loop4): error, corrupted file size (i_pos 548, 512) [ 64.328786][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.337139][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.345354][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.358945][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.366942][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.374258][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.410530][ T1806] device veth1_macvtap entered promiscuous mode [ 64.416496][ T1848] loop2: detected capacity change from 0 to 1024 [ 64.424172][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.432511][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.441232][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.622126][ T1848] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 64.666409][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.674940][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.684894][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.693099][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.731930][ T736] EXT4-fs error (device loop2): ext4_lookup:1855: inode #16: comm syz-executor.2: unexpected EA_INODE flag [ 64.743772][ T736] EXT4-fs error (device loop2): ext4_lookup:1855: inode #16: comm syz-executor.2: unexpected EA_INODE flag [ 64.807984][ T736] EXT4-fs (loop2): unmounting filesystem. [ 64.873611][ T1869] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 64.970974][ T1880] loop1: detected capacity change from 0 to 1024 [ 64.989897][ T1880] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 65.030173][ T1806] EXT4-fs error (device loop1): ext4_lookup:1855: inode #16: comm syz-executor.1: unexpected EA_INODE flag [ 65.050153][ T1881] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.057167][ T1806] EXT4-fs error (device loop1): ext4_lookup:1855: inode #16: comm syz-executor.1: unexpected EA_INODE flag [ 65.066372][ T1881] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.076005][ T1881] device bridge_slave_0 entered promiscuous mode [ 65.088086][ T1881] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.095017][ T1881] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.103191][ T1881] device bridge_slave_1 entered promiscuous mode [ 65.178653][ T1806] EXT4-fs (loop1): unmounting filesystem. [ 65.199019][ T1896] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 65.223788][ T1898] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 65.291174][ T1881] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.298036][ T1881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.305111][ T1881] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.311930][ T1881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.354188][ T772] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.361667][ T772] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.370214][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.377543][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.389772][ T341] device bridge_slave_1 left promiscuous mode [ 65.395694][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.396405][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 65.396416][ T28] audit: type=1400 audit(1717247934.818:648): avc: denied { relabelfrom } for pid=1909 comm="syz-executor.3" name="" dev="pipefs" ino=22397 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 65.431305][ T341] device bridge_slave_0 left promiscuous mode [ 65.437540][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.445106][ T341] device veth1_macvtap left promiscuous mode [ 65.454155][ T341] device veth0_vlan left promiscuous mode [ 65.538031][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.546304][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.553169][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.560437][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.581137][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.588029][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.599019][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.606866][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.184611][ T1881] device veth0_vlan entered promiscuous mode [ 66.199414][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.207671][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.215548][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.223003][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.242446][ T1911] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.249513][ T1911] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.257196][ T1911] device bridge_slave_0 entered promiscuous mode [ 66.266235][ T1911] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.273471][ T1911] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.280984][ T1911] device bridge_slave_1 entered promiscuous mode [ 66.288501][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.296657][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.336608][ T1881] device veth1_macvtap entered promiscuous mode [ 66.364632][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.374702][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.389740][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.404578][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.413214][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.463402][ T28] audit: type=1326 audit(1717247935.888:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1939 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a3c7cee9 code=0x7ffc0000 [ 66.488345][ T28] audit: type=1326 audit(1717247935.898:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1939 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a3c7cee9 code=0x7ffc0000 [ 66.513783][ T28] audit: type=1326 audit(1717247935.898:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1939 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7fe5a3c7cee9 code=0x7ffc0000 [ 66.538692][ T28] audit: type=1326 audit(1717247935.898:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1939 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a3c7cee9 code=0x7ffc0000 [ 66.562642][ T28] audit: type=1326 audit(1717247935.898:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1939 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a3c7cee9 code=0x7ffc0000 [ 66.612028][ T1911] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.618895][ T1911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.625962][ T1911] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.632791][ T1911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.676904][ T1949] loop2: detected capacity change from 0 to 256 [ 66.683493][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.691408][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.702396][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.719792][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.720946][ T1953] loop4: detected capacity change from 0 to 512 [ 66.733951][ T1953] EXT4-fs: Ignoring removed orlov option [ 66.745094][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.761303][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.768155][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.811781][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.826363][ T1953] EXT4-fs (loop4): 1 orphan inode deleted [ 66.857291][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.864159][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.872396][ T1953] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 66.882027][ T1953] ext4 filesystem being mounted at /root/syzkaller-testdir2083382312/syzkaller.kMtEjE/64/file1 supports timestamps until 2038 (0x7fffffff) [ 66.938288][ T1959] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 66.979719][ T1953] EXT4-fs error (device loop4): ext4_map_blocks:721: inode #16: block 41: comm syz-executor.4: lblock 0 mapped to illegal pblock 41 (length 2) [ 66.994885][ T1953] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 66.995342][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.004341][ T1953] EXT4-fs error (device loop4): ext4_alloc_file_blocks:4477: inode #16: comm syz-executor.4: mark_inode_dirty error [ 67.013230][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.032137][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.040881][ T1424] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 67.055268][ T1424] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 67.064839][ T1424] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error [ 67.081387][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.090765][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.098393][ T1424] EXT4-fs (loop4): unmounting filesystem. [ 67.104083][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.112292][ T1911] device veth0_vlan entered promiscuous mode [ 67.118205][ T1424] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 67.127860][ T1424] EXT4-fs error (device loop4): ext4_quota_off:7041: inode #3: comm syz-executor.4: mark_inode_dirty error [ 67.147961][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.157151][ T1911] device veth1_macvtap entered promiscuous mode [ 67.168157][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.180292][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.301863][ T28] audit: type=1326 audit(1717247936.718:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1972 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 67.326202][ T28] audit: type=1326 audit(1717247936.718:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1972 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 67.377316][ T28] audit: type=1326 audit(1717247936.718:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1972 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 67.403905][ T341] device bridge_slave_1 left promiscuous mode [ 67.410628][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.429771][ T341] device bridge_slave_0 left promiscuous mode [ 67.437448][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.455853][ T341] device veth1_macvtap left promiscuous mode [ 67.463094][ T341] device veth0_vlan left promiscuous mode [ 67.670389][ T1986] loop3: detected capacity change from 0 to 512 [ 67.680188][ T1986] EXT4-fs: Ignoring removed orlov option [ 67.699345][ T1986] EXT4-fs (loop3): 1 orphan inode deleted [ 67.708117][ T1986] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 67.719072][ T1986] ext4 filesystem being mounted at /root/syzkaller-testdir2805062203/syzkaller.whCwHk/159/file1 supports timestamps until 2038 (0x7fffffff) [ 67.744444][ T1986] EXT4-fs error (device loop3): ext4_map_blocks:721: inode #16: block 41: comm syz-executor.3: lblock 0 mapped to illegal pblock 41 (length 2) [ 67.759856][ T1986] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 67.769591][ T1986] EXT4-fs error (device loop3): ext4_alloc_file_blocks:4477: inode #16: comm syz-executor.3: mark_inode_dirty error [ 67.788170][ T316] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.3: lblock 0 mapped to illegal pblock 3 (length 1) [ 67.803102][ T316] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 67.812877][ T316] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error [ 67.826856][ T316] EXT4-fs (loop3): unmounting filesystem. [ 67.836514][ T316] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 67.845930][ T316] EXT4-fs error (device loop3): ext4_quota_off:7041: inode #3: comm syz-executor.3: mark_inode_dirty error [ 67.895842][ T1984] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.902753][ T1984] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.910259][ T1984] device bridge_slave_0 entered promiscuous mode [ 67.918164][ T1984] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.924996][ T1984] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.933287][ T1984] device bridge_slave_1 entered promiscuous mode [ 68.046960][ T1984] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.053815][ T1984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.060927][ T1984] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.067724][ T1984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.105374][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.109347][ T1994] loop2: detected capacity change from 0 to 256 [ 68.118576][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.125653][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.147641][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.155573][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.162421][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.169575][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.177937][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.184770][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.191955][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.200153][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.227532][ T1998] loop1: detected capacity change from 0 to 256 [ 68.242950][ T1984] device veth0_vlan entered promiscuous mode [ 68.255475][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.265066][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.272858][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.280174][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.290187][ T1994] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 68.326145][ T1998] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 68.362051][ T1984] device veth1_macvtap entered promiscuous mode [ 68.373424][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.381803][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.390283][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.405600][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.414071][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.424575][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.436244][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.444324][ T2006] loop1: detected capacity change from 0 to 256 [ 68.452080][ T1995] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.459547][ T1995] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.467682][ T1995] device bridge_slave_0 entered promiscuous mode [ 68.488502][ T1995] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.497257][ T1995] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.504344][ T1995] device bridge_slave_1 entered promiscuous mode [ 68.535665][ T2006] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 68.567549][ T28] audit: type=1326 audit(1717247937.998:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2011 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b207cee9 code=0x7ffc0000 [ 68.610308][ T2014] loop2: detected capacity change from 0 to 128 [ 68.629205][ T1995] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.631477][ T2016] incfs: Can't find or create .index dir in ./file0 [ 68.636062][ T1995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.636145][ T1995] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.642578][ T2016] incfs: mount failed -14 [ 68.649521][ T1995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.670655][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.678402][ T772] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.685748][ T772] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.708892][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.717134][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.723996][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.749660][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.759020][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.765856][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.773491][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.781452][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.022057][ T1995] device veth0_vlan entered promiscuous mode [ 69.074115][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.082452][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.090440][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.090718][ T2027] loop4: detected capacity change from 0 to 256 [ 69.097784][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.123430][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.132439][ T1995] device veth1_macvtap entered promiscuous mode [ 69.153833][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.162199][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.182596][ T2034] loop3: detected capacity change from 0 to 256 [ 69.192174][ T2027] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 69.238124][ T341] device bridge_slave_1 left promiscuous mode [ 69.245078][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.256421][ T341] device bridge_slave_0 left promiscuous mode [ 69.262517][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.268239][ T2038] loop1: detected capacity change from 0 to 256 [ 69.278181][ T2034] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 69.295397][ T341] device bridge_slave_1 left promiscuous mode [ 69.303873][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.316772][ T341] device bridge_slave_0 left promiscuous mode [ 69.322746][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.331505][ T341] device veth1_macvtap left promiscuous mode [ 69.338389][ T341] device veth0_vlan left promiscuous mode [ 69.344436][ T341] device veth1_macvtap left promiscuous mode [ 69.351156][ T341] device veth0_vlan left promiscuous mode [ 69.361267][ T2038] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 69.551526][ T2057] loop3: detected capacity change from 0 to 256 [ 69.734044][ T2064] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (393216 ns). Using initial count to start timer. [ 70.166411][ T335] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 70.226381][ T772] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 70.526428][ T335] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 70.539095][ T335] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 70.548014][ T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.556352][ T19] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 70.563671][ T335] usb 3-1: config 0 descriptor?? [ 70.586381][ T772] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 70.599182][ T772] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 70.608432][ T335] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 70.615922][ T772] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.624113][ T772] usb 4-1: config 0 descriptor?? [ 70.666690][ T772] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 70.810778][ T317] usb 3-1: USB disconnect, device number 5 [ 70.869143][ T40] usb 4-1: USB disconnect, device number 4 [ 70.916363][ T19] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 70.926535][ T19] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 71.016432][ T19] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 71.025330][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 71.033149][ T19] usb 2-1: SerialNumber: syz [ 71.395573][ T2094] loop2: detected capacity change from 0 to 512 [ 71.396998][ T2090] device syzkaller0 entered promiscuous mode [ 71.402470][ T2094] EXT4-fs: Ignoring removed orlov option [ 71.420354][ T2094] EXT4-fs (loop2): 1 orphan inode deleted [ 71.425919][ T2094] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 71.434693][ T2094] ext4 filesystem being mounted at /root/syzkaller-testdir3523729424/syzkaller.ZD91tw/24/file1 supports timestamps until 2038 (0x7fffffff) [ 71.467257][ T2094] EXT4-fs error (device loop2): ext4_map_blocks:721: inode #16: block 41: comm syz-executor.2: lblock 0 mapped to illegal pblock 41 (length 2) [ 71.481822][ T2094] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 71.491446][ T2094] EXT4-fs error (device loop2): ext4_alloc_file_blocks:4477: inode #16: comm syz-executor.2: mark_inode_dirty error [ 71.498842][ T317] usb 2-1: USB disconnect, device number 7 [ 71.513193][ T1881] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.2: lblock 0 mapped to illegal pblock 3 (length 1) [ 71.527927][ T1881] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 71.537304][ T1881] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor.2: mark_inode_dirty error [ 71.552161][ T1881] EXT4-fs (loop2): unmounting filesystem. [ 71.576401][ T1881] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 71.585712][ T1881] EXT4-fs error (device loop2): ext4_quota_off:7041: inode #3: comm syz-executor.2: mark_inode_dirty error [ 71.735836][ T2103] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.742706][ T2103] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.750094][ T2103] device bridge_slave_0 entered promiscuous mode [ 71.758533][ T2103] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.765399][ T2103] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.772500][ T2103] device bridge_slave_1 entered promiscuous mode [ 71.819088][ T2103] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.826062][ T2103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.826344][ T772] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 71.833179][ T2103] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.847250][ T2103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.866090][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.873628][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.880924][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.897468][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.905390][ T317] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.912219][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.919381][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.927331][ T317] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.934148][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.941312][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.949040][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.964151][ T2103] device veth0_vlan entered promiscuous mode [ 71.970502][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.979089][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.986764][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.993901][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.006673][ T2103] device veth1_macvtap entered promiscuous mode [ 72.016374][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.025970][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.034384][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.035962][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 72.035973][ T28] audit: type=1400 audit(1717247941.468:666): avc: denied { read } for pid=2107 comm="syz-executor.1" name="usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 72.073342][ T28] audit: type=1400 audit(1717247941.468:667): avc: denied { open } for pid=2107 comm="syz-executor.1" path="/dev/usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 72.084141][ T2110] loop1: detected capacity change from 0 to 128 [ 72.196381][ T772] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 72.209341][ T772] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 72.218226][ T772] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.445721][ T772] usb 4-1: config 0 descriptor?? [ 72.486809][ T772] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 72.496939][ T341] device bridge_slave_1 left promiscuous mode [ 72.502914][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.510100][ T341] device bridge_slave_0 left promiscuous mode [ 72.516046][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.523994][ T341] device veth1_macvtap left promiscuous mode [ 72.530132][ T341] device veth0_vlan left promiscuous mode [ 72.596349][ T19] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 72.694885][ T335] usb 4-1: USB disconnect, device number 5 [ 72.956421][ T19] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 72.967820][ T2126] loop1: detected capacity change from 0 to 128 [ 72.969626][ T19] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 72.984027][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.992685][ T19] usb 3-1: config 0 descriptor?? [ 73.037066][ T19] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 73.318429][ T19] usb 3-1: USB disconnect, device number 6 [ 73.336273][ T2132] syz-executor.4[2132] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.336437][ T2132] syz-executor.4[2132] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.364064][ T28] audit: type=1400 audit(1717247942.788:668): avc: denied { read } for pid=2134 comm="syz-executor.4" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 73.398271][ T28] audit: type=1400 audit(1717247942.788:669): avc: denied { open } for pid=2134 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 73.474110][ T2137] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 73.488905][ T28] audit: type=1400 audit(1717247942.898:670): avc: denied { ioctl } for pid=2134 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 73.726073][ T2143] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.733106][ T2143] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.740427][ T2143] device bridge_slave_0 entered promiscuous mode [ 73.749277][ T2143] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.756168][ T2143] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.763390][ T2143] device bridge_slave_1 entered promiscuous mode [ 73.823573][ T2143] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.830471][ T2143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.837514][ T2143] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.844311][ T2143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.851653][ T19] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 73.893445][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.900997][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.913740][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.939445][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.949224][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.957331][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.964178][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.972339][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.980667][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.987519][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.994926][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.002827][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.017185][ T2143] device veth0_vlan entered promiscuous mode [ 74.023301][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.032361][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.039622][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.054488][ T2143] device veth1_macvtap entered promiscuous mode [ 74.061387][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.072213][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.082326][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.218739][ T344] device bridge_slave_1 left promiscuous mode [ 74.225322][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.226416][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.242928][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.243152][ T344] device bridge_slave_0 left promiscuous mode [ 74.252611][ T19] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 74.258733][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.274300][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.283072][ T19] usb 4-1: config 0 descriptor?? [ 74.288727][ T344] device veth1_macvtap left promiscuous mode [ 74.294624][ T344] device veth0_vlan left promiscuous mode [ 74.366427][ T317] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 74.455901][ T2174] syz-executor.4 uses obsolete (PF_INET,SOCK_PACKET) [ 74.463195][ T2174] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 74.474111][ T2174] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 74.767371][ T317] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 74.768990][ T19] logitech-hidpp-device 0003:046D:C086.0006: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.3-1/input0 [ 74.780157][ T317] usb 2-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 74.801354][ T40] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 74.808700][ T317] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.816919][ T317] usb 2-1: config 0 descriptor?? [ 74.856725][ T317] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 74.974698][ T317] usb 4-1: USB disconnect, device number 6 [ 75.063895][ T330] usb 2-1: USB disconnect, device number 8 [ 75.196460][ T40] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 75.209224][ T40] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 75.218010][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.226216][ T40] usb 5-1: config 0 descriptor?? [ 75.226347][ T19] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 75.276765][ T40] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 75.479091][ T330] usb 5-1: USB disconnect, device number 4 [ 75.589909][ T2192] loop1: detected capacity change from 0 to 2048 [ 75.617017][ T2192] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 75.628357][ T2192] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 75.636395][ T19] usb 1-1: not running at top speed; connect to a high speed hub [ 75.643387][ T2192] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28 [ 75.662778][ T2192] EXT4-fs (loop1): This should not happen!! Data will be lost [ 75.662778][ T2192] [ 75.672381][ T2192] EXT4-fs (loop1): Total free blocks count 0 [ 75.678542][ T2192] EXT4-fs (loop1): Free/Dirty block details [ 75.678880][ T2198] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 16383 with max blocks 1 with error 28 [ 75.684367][ T2192] EXT4-fs (loop1): free_blocks=2415919104 [ 75.702237][ T2192] EXT4-fs (loop1): dirty_blocks=48 [ 75.707195][ T2192] EXT4-fs (loop1): Block reservation details [ 75.712969][ T2192] EXT4-fs (loop1): i_reserved_data_blocks=3 [ 75.916397][ T19] usb 1-1: New USB device found, idVendor=19d2, idProduct=0113, bcdDevice=7c.57 [ 75.925309][ T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.933236][ T19] usb 1-1: Product: syz [ 75.937151][ T19] usb 1-1: Manufacturer: syz [ 75.941562][ T19] usb 1-1: SerialNumber: syz [ 75.946483][ T19] usb 1-1: config 0 descriptor?? [ 76.051934][ T2218] loop4: detected capacity change from 0 to 2048 [ 76.077195][ T2218] Alternate GPT is invalid, using primary GPT. [ 76.083245][ T2218] loop4: p1 p2 p3 [ 76.126576][ T6] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 76.190563][ T335] usb 1-1: USB disconnect, device number 3 [ 76.486371][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.497336][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 76.506917][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 76.515720][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.523913][ T6] usb 4-1: config 0 descriptor?? [ 76.526339][ T60] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 76.668868][ T2231] loop1: detected capacity change from 0 to 512 [ 76.675520][ T2231] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 76.683678][ T2231] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349) [ 76.693655][ T2231] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 76.703726][ T2231] EXT4-fs (loop1): orphan cleanup on readonly fs [ 76.709994][ T2231] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 4: comm syz-executor.1: lblock 0 mapped to illegal pblock 4 (length 1) [ 76.724278][ T2231] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -117 [ 76.732348][ T2231] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 76.741777][ T28] audit: type=1400 audit(1717247946.168:671): avc: denied { remount } for pid=2230 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 76.741802][ T2231] EXT4-fs (loop1): ext4_remount: Checksum for group 0 failed (20904!=33349) [ 76.779903][ T1911] EXT4-fs (loop1): unmounting filesystem. [ 76.926422][ T60] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 76.999937][ T6] logitech-hidpp-device 0003:046D:C086.0007: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.3-1/input0 [ 77.017482][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 77.030774][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 77.043834][ T60] usb 5-1: SerialNumber: syz [ 77.108867][ T2264] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 77.168821][ T28] audit: type=1326 audit(1717247946.598:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.210436][ T28] audit: type=1326 audit(1717247946.608:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.214628][ T40] usb 4-1: USB disconnect, device number 7 [ 77.237311][ T28] audit: type=1326 audit(1717247946.608:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.264784][ T2267] loop1: detected capacity change from 0 to 16 [ 77.272171][ T2267] erofs: (device loop1): mounted with root inode @ nid 36. [ 77.285027][ T28] audit: type=1326 audit(1717247946.608:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.312347][ T2267] syz-executor.1: attempt to access beyond end of device [ 77.312347][ T2267] loop1: rw=0, sector=3489784, nr_sectors = 8 limit=16 [ 77.326137][ T28] audit: type=1326 audit(1717247946.608:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.342549][ T2273] audit: audit_backlog=65 > audit_backlog_limit=64 [ 77.349926][ T28] audit: type=1326 audit(1717247946.618:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.356616][ T2273] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 77.380375][ T28] audit: type=1326 audit(1717247946.628:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2265 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f119607cee9 code=0x7ffc0000 [ 77.387462][ T2273] audit: backlog limit exceeded [ 77.431313][ T2276] fscrypt (sda1, inode 1960): Unsupported encryption flags (0xcb) [ 77.529153][ T2286] syz-executor.0[2286] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.529255][ T2286] syz-executor.0[2286] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.573902][ T2290] Driver unsupported XDP return value 0 on prog (id 560) dev N/A, expect packet loss! [ 77.838311][ T60] cdc_ether 5-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.4-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 77.857625][ T2300] loop3: detected capacity change from 0 to 512 [ 77.864279][ T2300] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 77.878708][ T2300] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 77.886346][ T317] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 77.897700][ T2300] EXT4-fs (loop3): 1 truncate cleaned up [ 77.904227][ T2300] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 77.906187][ T2305] loop2: detected capacity change from 0 to 256 [ 77.914498][ T2300] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 77.931316][ T2300] EXT4-fs warning (device loop3): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.3: unable to update i_inline_off [ 77.933170][ T2305] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 77.944283][ T2300] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2810: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 77.956238][ T2305] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 77.968906][ T2300] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 78.002260][ T2103] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 78.012436][ T1995] EXT4-fs (loop3): unmounting filesystem. [ 78.016330][ T2103] exFAT-fs (loop2): Filesystem has been set read-only [ 78.024602][ T2103] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 78.038470][ T24] usb 5-1: USB disconnect, device number 5 [ 78.044452][ T24] cdc_ether 5-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.4-1, CDC Ethernet Device [ 78.044606][ T2307] loop3: detected capacity change from 0 to 256 [ 78.064992][ T2307] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 78.146387][ T317] usb 2-1: Using ep0 maxpacket: 16 [ 78.182981][ T2318] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. [ 78.195053][ T2318] syz-executor.3 (2318) used greatest stack depth: 18344 bytes left [ 78.208935][ T2321] loop3: detected capacity change from 0 to 256 [ 78.220871][ T2316] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.228465][ T2316] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.238582][ T2316] device bridge_slave_0 entered promiscuous mode [ 78.245474][ T2316] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.252406][ T2316] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.259828][ T2316] device bridge_slave_1 entered promiscuous mode [ 78.286513][ T317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.291559][ T2327] loop3: detected capacity change from 0 to 256 [ 78.297564][ T317] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 78.306088][ T2327] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 78.313132][ T317] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 78.325424][ T2327] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 78.337350][ T317] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 78.355084][ T317] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.366238][ T317] usb 2-1: config 0 descriptor?? [ 78.389133][ T2316] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.392010][ T1995] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000005) [ 78.396003][ T2316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.404960][ T1995] exFAT-fs (loop3): Filesystem has been set read-only [ 78.412040][ T2316] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.419594][ T1995] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000005) [ 78.425409][ T2316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.443746][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.451490][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.460352][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.476475][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.484414][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.491268][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.503709][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.512217][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.519082][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.536864][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.545146][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.553373][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.561340][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.574333][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.587551][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.608718][ T2316] device veth0_vlan entered promiscuous mode [ 78.614178][ T2340] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.4'. [ 78.626727][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.635821][ T2342] loop4: detected capacity change from 0 to 256 [ 78.635950][ T2316] device veth1_macvtap entered promiscuous mode [ 78.671356][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.686979][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.788695][ T2350] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.795787][ T2350] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.805431][ T2350] device bridge_slave_0 entered promiscuous mode [ 78.898688][ T2350] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.912049][ T317] microsoft 0003:045E:07DA.0008: No inputs registered, leaving [ 78.975666][ T2350] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.028024][ T317] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 79.056669][ T2363] 9pnet_fd: Insufficient options for proto=fd [ 79.065408][ T2350] device bridge_slave_1 entered promiscuous mode [ 79.074372][ T317] microsoft 0003:045E:07DA.0008: no inputs found [ 79.107479][ T317] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 79.152122][ T317] usb 2-1: USB disconnect, device number 9 [ 79.201793][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.209644][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.225717][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.233976][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.242597][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.249458][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.256958][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.265194][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.273668][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.280524][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.287879][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.296009][ T2369] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.372838][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.380577][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.392455][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.403488][ T2350] device veth0_vlan entered promiscuous mode [ 79.410366][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.418334][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.425539][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.441989][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.450873][ T2350] device veth1_macvtap entered promiscuous mode [ 79.460115][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.470138][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.569461][ T2379] device pim6reg1 entered promiscuous mode [ 79.585122][ T2382] serio: Serial port pts0 [ 79.808664][ T2407] syz-executor.3[2407] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.808711][ T2407] syz-executor.3[2407] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.834726][ T2411] loop1: detected capacity change from 0 to 256 [ 80.116702][ T317] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 80.208877][ T341] device bridge_slave_1 left promiscuous mode [ 80.214906][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.222404][ T341] device bridge_slave_0 left promiscuous mode [ 80.228500][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.240138][ T341] device veth1_macvtap left promiscuous mode [ 80.246094][ T341] device veth0_vlan left promiscuous mode [ 80.386343][ T317] usb 4-1: Using ep0 maxpacket: 16 [ 80.526412][ T317] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.537176][ T317] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.547457][ T317] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 80.560456][ T317] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 80.569392][ T317] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.575019][ T2437] loop2: detected capacity change from 0 to 512 [ 80.577710][ T317] usb 4-1: config 0 descriptor?? [ 80.586535][ T2437] EXT4-fs (loop2): 1 truncate cleaned up [ 80.594587][ T2437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 80.613199][ T2437] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #13: block 25: comm syz-executor.2: lblock 0 mapped to illegal pblock 25 (length 2) [ 80.631977][ T2316] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 13: comm syz-executor.2: lblock 0 mapped to illegal pblock 13 (length 1) [ 80.637478][ T2441] syz-executor.4[2441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.646393][ T2441] syz-executor.4[2441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.646728][ T2316] EXT4-fs warning (device loop2): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.2: error -117 reading directory block [ 80.684057][ T2316] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 80.696714][ T2316] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor.2: mark_inode_dirty error [ 80.712420][ T2316] EXT4-fs (loop2): unmounting filesystem. [ 80.880842][ T2445] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.887842][ T2445] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.894947][ T2445] device bridge_slave_0 entered promiscuous mode [ 80.903528][ T2445] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.910425][ T2445] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.917625][ T2445] device bridge_slave_1 entered promiscuous mode [ 80.960223][ T2445] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.967075][ T2445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.974159][ T2445] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.980971][ T2445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.004065][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.011990][ T330] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.021363][ T330] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.046995][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.054880][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.061649][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.068886][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.077278][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.084112][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.097880][ T317] microsoft 0003:045E:07DA.0009: No inputs registered, leaving [ 81.106220][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 81.114512][ T317] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 81.116031][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.135136][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.142443][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.149867][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.152826][ T317] microsoft 0003:045E:07DA.0009: no inputs found [ 81.158033][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.167926][ T317] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway [ 81.172270][ T2445] device veth0_vlan entered promiscuous mode [ 81.219934][ T2445] device veth1_macvtap entered promiscuous mode [ 81.238560][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 81.247550][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 81.255547][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 81.276543][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 81.285827][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 81.312192][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 81.326886][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 81.355762][ T24] usb 4-1: USB disconnect, device number 8 [ 81.358966][ T2458] loop2: detected capacity change from 0 to 256 [ 81.377984][ T341] device bridge_slave_1 left promiscuous mode [ 81.385104][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.394181][ T2458] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 81.406241][ T341] device bridge_slave_0 left promiscuous mode [ 81.418783][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.426524][ T2458] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 81.438782][ T341] device veth1_macvtap left promiscuous mode [ 81.444774][ T341] device veth0_vlan left promiscuous mode [ 81.478165][ T2445] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 81.487442][ T2445] exFAT-fs (loop2): Filesystem has been set read-only [ 81.494121][ T2445] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 81.584537][ T2462] serio: Serial port pts0 [ 81.625623][ T2470] loop0: detected capacity change from 0 to 512 [ 81.638457][ T2470] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 81.651691][ T2470] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.0: missing EA_INODE flag [ 81.663624][ T2470] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 2 err=-117 [ 81.680255][ T2470] EXT4-fs (loop0): 1 orphan inode deleted [ 81.685886][ T2470] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 81.695108][ T2470] EXT4-fs (loop0): unmounting filesystem. [ 81.825783][ T2483] syz-executor.4[2483] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.825912][ T2483] syz-executor.4[2483] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.843484][ T2452] loop1: detected capacity change from 0 to 131072 [ 81.867454][ T2452] F2FS-fs (loop1): QUOTA feature is enabled, so ignore jquota_fmt [ 81.878096][ T2452] F2FS-fs (loop1): invalid crc value [ 81.895518][ T2481] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.902919][ T2481] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.911116][ T2452] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 81.911376][ T2481] device bridge_slave_0 entered promiscuous mode [ 81.933742][ T2481] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.949291][ T2481] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.956215][ T2452] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 81.977263][ T2481] device bridge_slave_1 entered promiscuous mode [ 81.990442][ T2452] syz-executor.1 (pid 2452) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 82.097445][ T2510] loop4: detected capacity change from 0 to 256 [ 82.140508][ T2513] syz-executor.4[2513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.140579][ T2513] syz-executor.4[2513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.142196][ T2481] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.170355][ T2481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.177476][ T2481] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.184230][ T2481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.249391][ T2516] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.1'. [ 82.268531][ T2516] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.1'. [ 82.296524][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.307173][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.540091][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.548560][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.562940][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.572158][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.585875][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.592745][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.599933][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.608328][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.616481][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.623336][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.649235][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.658181][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.664159][ T2536] loop0: detected capacity change from 0 to 512 [ 82.668370][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.680861][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.690634][ T2536] loop0: detected capacity change from 0 to 256 [ 82.701145][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.709266][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.720686][ T2481] device veth0_vlan entered promiscuous mode [ 82.727827][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.742418][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.767537][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.782997][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.793362][ T2547] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 82.803146][ T28] kauditd_printk_skb: 139 callbacks suppressed [ 82.803157][ T28] audit: type=1400 audit(1717247952.228:818): avc: denied { setopt } for pid=2548 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 82.804866][ T2481] device veth1_macvtap entered promiscuous mode [ 82.838478][ T2547] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. [ 82.856479][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.865183][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.869516][ T28] audit: type=1400 audit(1717247952.298:819): avc: denied { getopt } for pid=2554 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 82.873304][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 82.903772][ T341] device bridge_slave_1 left promiscuous mode [ 82.918216][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.925878][ T341] device bridge_slave_0 left promiscuous mode [ 82.933641][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.942514][ T341] device bridge_slave_1 left promiscuous mode [ 82.952033][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.959999][ T341] device bridge_slave_0 left promiscuous mode [ 82.966673][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.978587][ T341] device veth1_macvtap left promiscuous mode [ 82.984537][ T341] device veth0_vlan left promiscuous mode [ 82.990728][ T341] device veth1_macvtap left promiscuous mode [ 82.996655][ T341] device veth0_vlan left promiscuous mode [ 83.996282][ C1] sched: RT throttling activated [ 84.120230][ T2580] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.4'. [ 84.174249][ T28] audit: type=1400 audit(1717247953.598:820): avc: denied { read } for pid=2586 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 84.287749][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.296585][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.304811][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.315197][ T2592] syz-executor.3[2592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.315266][ T2592] syz-executor.3[2592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.327062][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.369214][ T2590] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 84.428454][ T2601] device pim6reg1 entered promiscuous mode [ 84.698883][ T2607] serio: Serial port pts0 [ 85.184032][ T28] audit: type=1400 audit(1717247954.608:821): avc: denied { getopt } for pid=2621 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 85.312538][ T28] audit: type=1400 audit(1717247954.738:822): avc: denied { create } for pid=2636 comm="syz-executor.2" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.355963][ T28] audit: type=1400 audit(1717247954.768:823): avc: denied { write } for pid=2636 comm="syz-executor.2" name="file1" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.396451][ T28] audit: type=1400 audit(1717247954.768:824): avc: denied { setattr } for pid=2636 comm="syz-executor.2" name="file1" dev="overlay" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.420264][ T28] audit: type=1400 audit(1717247954.768:825): avc: denied { rename } for pid=2636 comm="syz-executor.2" name="#35" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.447559][ T2628] loop1: detected capacity change from 0 to 40427 [ 85.455421][ T28] audit: type=1400 audit(1717247954.848:826): avc: denied { unlink } for pid=2481 comm="syz-executor.2" name="file1" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.478147][ T2628] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 85.489658][ T2628] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 85.500356][ T2643] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.506579][ T2628] F2FS-fs (loop1): invalid crc value [ 85.514260][ T2628] F2FS-fs (loop1): Found nat_bits in checkpoint [ 85.539289][ T2628] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 85.546571][ T2628] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 85.562849][ T2628] syz-executor.1: attempt to access beyond end of device [ 85.562849][ T2628] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 85.580281][ T2628] syz-executor.1: attempt to access beyond end of device [ 85.580281][ T2628] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 85.600161][ T1911] syz-executor.1: attempt to access beyond end of device [ 85.600161][ T1911] loop1: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 85.786398][ T6] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 85.807106][ T2663] loop1: detected capacity change from 0 to 512 [ 85.815506][ T2663] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz-executor.1: Invalid inode bitmap blk 4 in block_group 0 [ 85.828737][ T2663] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 85.839990][ T28] audit: type=1400 audit(1717247955.268:827): avc: denied { append } for pid=2662 comm="syz-executor.1" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 85.841720][ T2663] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 85.888604][ T1911] EXT4-fs (loop1): unmounting filesystem. [ 86.146428][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.158327][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.168165][ T6] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 86.179938][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.189295][ T6] usb 4-1: config 0 descriptor?? [ 86.713740][ T2718] syz-executor.4[2718] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 86.713812][ T2718] syz-executor.4[2718] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 86.783222][ T2723] loop2: detected capacity change from 0 to 16 [ 86.801637][ T2723] erofs: (device loop2): mounted with root inode @ nid 36. [ 87.156850][ T2747] SELinux: Context is not valid (left unmapped). [ 87.239883][ T2753] loop2: detected capacity change from 0 to 16 [ 87.246535][ T2753] erofs: (device loop2): mounted with root inode @ nid 36. [ 87.426381][ T6] uclogic 0003:256C:006D.000A: failed retrieving string descriptor #200: -71 [ 87.435043][ T19] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 87.442449][ T6] uclogic 0003:256C:006D.000A: failed retrieving pen parameters: -71 [ 87.450442][ T6] uclogic 0003:256C:006D.000A: failed probing pen v2 parameters: -71 [ 87.458376][ T6] uclogic 0003:256C:006D.000A: failed probing parameters: -71 [ 87.465680][ T6] uclogic: probe of 0003:256C:006D.000A failed with error -71 [ 87.473624][ T6] usb 4-1: USB disconnect, device number 9 [ 87.557675][ T330] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 87.594926][ T2761] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 87.602873][ T2761] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.4'. [ 87.650709][ T2765] ./file0: Can't open blockdev [ 87.796424][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.812711][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.822315][ T19] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 87.831243][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.839821][ T19] usb 2-1: config 0 descriptor?? [ 87.865895][ T2777] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.873023][ T2777] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.880621][ T2777] device bridge_slave_0 entered promiscuous mode [ 87.887741][ T2777] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.894637][ T2777] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.902309][ T2777] device bridge_slave_1 entered promiscuous mode [ 87.926406][ T330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.949513][ T330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.969387][ T330] usb 3-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 87.978512][ T330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.991060][ T330] usb 3-1: config 0 descriptor?? [ 88.015337][ T2777] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.022189][ T2777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.029297][ T2777] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.036065][ T2777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.067922][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.077805][ T772] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.085712][ T772] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.100437][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.108884][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.115731][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.123691][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.132230][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.139089][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.156515][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 88.164428][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 88.177599][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 88.191197][ T2777] device veth0_vlan entered promiscuous mode [ 88.201862][ T2807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 88.209977][ T2807] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 88.217332][ T2807] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 88.230863][ T2777] device veth1_macvtap entered promiscuous mode [ 88.237771][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 88.254722][ T2807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.270736][ T772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.308936][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 88.308949][ T28] audit: type=1326 audit(1717247957.738:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2756 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6381a7cee9 code=0x0 [ 88.376368][ T19] usbhid 2-1:0.0: can't add hid device: -71 [ 88.382290][ T19] usbhid: probe of 2-1:0.0 failed with error -71 [ 88.389597][ T19] usb 2-1: USB disconnect, device number 10 [ 88.397756][ T10] device bridge_slave_1 left promiscuous mode [ 88.408082][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.412067][ T28] audit: type=1400 audit(1717247957.838:832): avc: denied { create } for pid=2756 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 88.432283][ T2827] loop4: detected capacity change from 0 to 2048 [ 88.434595][ T6] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 88.441069][ T10] device bridge_slave_0 left promiscuous mode [ 88.453981][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.456252][ T28] audit: type=1400 audit(1717247957.838:833): avc: denied { write } for pid=2756 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 88.482948][ T10] device veth1_macvtap left promiscuous mode [ 88.490552][ T10] device veth0_vlan left promiscuous mode [ 88.497658][ T2827] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 88.525955][ T2777] EXT4-fs (loop4): unmounting filesystem. [ 88.681498][ T2845] loop3: detected capacity change from 0 to 2048 [ 88.697408][ T330] itetech 0003:06CB:73F5.000B: unknown main item tag 0x0 [ 88.704980][ T330] itetech 0003:06CB:73F5.000B: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.2-1/input0 [ 88.718623][ T2845] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 88.736672][ T2350] EXT4-fs (loop3): unmounting filesystem. [ 88.816432][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.828055][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.837938][ T6] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 88.847132][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.855589][ T6] usb 1-1: config 0 descriptor?? [ 89.176343][ T19] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 89.416357][ T19] usb 2-1: Using ep0 maxpacket: 32 [ 89.474576][ T2862] loop4: detected capacity change from 0 to 2048 [ 89.488125][ T2862] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 89.532937][ T2777] EXT4-fs (loop4): unmounting filesystem. [ 89.536396][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 89.549940][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 89.561399][ T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 89.570783][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.579277][ T19] usb 2-1: config 0 descriptor?? [ 89.596425][ T2855] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 89.626483][ T19] hub 2-1:0.0: USB hub found [ 89.846390][ T19] hub 2-1:0.0: 2 ports detected [ 89.996397][ T6] uclogic 0003:256C:006D.000C: failed retrieving string descriptor #200: -71 [ 90.005351][ T6] uclogic 0003:256C:006D.000C: failed retrieving pen parameters: -71 [ 90.013384][ T6] uclogic 0003:256C:006D.000C: failed probing pen v2 parameters: -71 [ 90.021351][ T6] uclogic 0003:256C:006D.000C: failed probing parameters: -71 [ 90.028637][ T6] uclogic: probe of 0003:256C:006D.000C failed with error -71 [ 90.036894][ T6] usb 1-1: USB disconnect, device number 4 [ 90.277762][ T6] usb 3-1: USB disconnect, device number 7 [ 90.478225][ T2889] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 90.552078][ T2897] device syzkaller0 entered promiscuous mode [ 90.846568][ T6] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 91.026377][ T19] hub 2-1:0.0: hub_hub_status failed (err = -32) [ 91.033007][ T19] hub 2-1:0.0: config failed, can't get hub status (err -32) [ 91.136372][ T19] usbhid 2-1:0.0: can't add hid device: -32 [ 91.142112][ T19] usbhid: probe of 2-1:0.0 failed with error -32 [ 91.179871][ T2919] loop3: detected capacity change from 0 to 512 [ 91.188273][ T2919] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 91.200542][ T2919] EXT4-fs (loop3): 1 orphan inode deleted [ 91.206085][ T2919] EXT4-fs (loop3): 1 truncate cleaned up [ 91.211675][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.216339][ T2919] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 91.231164][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.240785][ T6] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 91.249604][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.258177][ T6] usb 1-1: config 0 descriptor?? [ 91.451579][ T2350] EXT4-fs (loop3): unmounting filesystem. [ 91.552093][ T28] audit: type=1326 audit(1717247960.978:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2900 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fddcf87cee9 code=0x0 [ 91.786344][ T19] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 91.887271][ T6] itetech 0003:06CB:73F5.000D: unknown main item tag 0x0 [ 91.894711][ T6] itetech 0003:06CB:73F5.000D: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.0-1/input0 [ 92.026388][ T19] usb 5-1: Using ep0 maxpacket: 8 [ 92.146406][ T19] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.216463][ T772] usb 2-1: USB disconnect, device number 11 [ 92.236393][ T19] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 92.245647][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 92.255016][ T19] usb 5-1: SerialNumber: syz [ 92.260268][ T19] usb 5-1: config 0 descriptor?? [ 92.296734][ T19] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 92.303635][ T19] usb 5-1: Failed to create links for entity 255 [ 92.310264][ T19] usb 5-1: Failed to register entities (-22). [ 92.402671][ T2968] bridge0: port 3(gretap1) entered blocking state [ 92.402847][ T2967] loop3: detected capacity change from 0 to 256 [ 92.409020][ T2968] bridge0: port 3(gretap1) entered disabled state [ 92.416432][ T2967] FAT-fs (loop3): bogus logical sector size 0 [ 92.421796][ T2968] device gretap1 entered promiscuous mode [ 92.427618][ T2967] FAT-fs (loop3): Can't find a valid FAT filesystem [ 92.438673][ T2968] bridge0: port 3(gretap1) entered blocking state [ 92.445402][ T2968] bridge0: port 3(gretap1) entered forwarding state [ 92.498038][ T19] usb 5-1: USB disconnect, device number 6 [ 92.622603][ T2973] netlink: 1280 bytes leftover after parsing attributes in process `syz-executor.3'. [ 93.007770][ T2979] loop4: detected capacity change from 0 to 512 [ 93.015874][ T2979] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz-executor.4: bg 0: block 5: invalid block bitmap [ 93.028564][ T2979] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 93.037361][ T2979] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 3 (level 2) [ 93.050881][ T2979] EXT4-fs (loop4): 1 orphan inode deleted [ 93.056571][ T2979] EXT4-fs (loop4): 1 truncate cleaned up [ 93.062120][ T2979] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 93.077023][ T2777] EXT4-fs (loop4): unmounting filesystem. [ 93.221861][ T2986] loop4: detected capacity change from 0 to 40427 [ 93.228785][ T2986] F2FS-fs (loop4): Invalid segment/section count (31, 24 x 1281) [ 93.238188][ T2986] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 93.248739][ T2986] F2FS-fs (loop4): Found nat_bits in checkpoint [ 93.275799][ T2986] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 93.282789][ T772] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 93.286984][ T2986] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 93.308891][ T28] audit: type=1400 audit(1717247962.738:835): avc: denied { create } for pid=2985 comm="syz-executor.4" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 93.536354][ T772] usb 2-1: Using ep0 maxpacket: 32 [ 93.564818][ T28] audit: type=1326 audit(1717247962.988:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.592149][ T6] usb 1-1: USB disconnect, device number 5 [ 93.608113][ T28] audit: type=1326 audit(1717247962.988:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.631994][ T28] audit: type=1326 audit(1717247962.998:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.658272][ T28] audit: type=1326 audit(1717247963.008:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.682577][ T772] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 93.695808][ T772] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 93.707481][ T772] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 93.716550][ T28] audit: type=1326 audit(1717247963.008:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.740910][ T772] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.749607][ T772] usb 2-1: config 0 descriptor?? [ 93.754579][ T28] audit: type=1326 audit(1717247963.008:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.778285][ T2977] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 93.778304][ T28] audit: type=1326 audit(1717247963.028:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9783e7cee9 code=0x7ffc0000 [ 93.809455][ T772] hub 2-1:0.0: USB hub found [ 93.814292][ T28] audit: type=1326 audit(1717247963.028:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9783e7a667 code=0x7ffc0000 [ 93.838353][ T28] audit: type=1326 audit(1717247963.028:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9783e40329 code=0x7ffc0000 [ 93.862033][ T28] audit: type=1326 audit(1717247963.028:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3013 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9783e7a667 code=0x7ffc0000 [ 93.986597][ T3032] loop4: detected capacity change from 0 to 16 [ 93.993413][ T3032] erofs: (device loop4): mounted with root inode @ nid 36. [ 94.018507][ T3032] erofs: (device loop4): erofs_find_target_block: corrupted dir block 0 @ nid 36 [ 94.027633][ T772] hub 2-1:0.0: 2 ports detected [ 94.068540][ T3044] Invalid ELF header magic: != ELF [ 94.289906][ T3082] incfs: Can't find or create .index dir in ./file0 [ 94.296432][ T3082] incfs: mount failed -14 [ 94.309782][ T3087] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64812 sclass=netlink_route_socket pid=3087 comm=syz-executor.2 [ 94.330001][ T3087] loop2: detected capacity change from 0 to 1024 [ 94.338124][ T3087] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 94.408173][ T3096] loop2: detected capacity change from 0 to 256 [ 94.463411][ T3105] overlayfs: statfs failed on './file0' [ 94.499822][ T3109] incfs: Can't find or create .index dir in ./file0 [ 94.508468][ T3109] incfs: mount failed -14 [ 94.522473][ T3113] incfs: Can't find or create .index dir in ./file0 [ 94.530269][ T3113] incfs: mount failed -14 [ 95.186368][ T772] hub 2-1:0.0: hub_hub_status failed (err = -32) [ 95.192592][ T772] hub 2-1:0.0: config failed, can't get hub status (err -32) [ 95.316365][ T772] usbhid 2-1:0.0: can't add hid device: -32 [ 95.322198][ T772] usbhid: probe of 2-1:0.0 failed with error -32 [ 95.535060][ T3151] loop2: detected capacity change from 0 to 40427 [ 95.541906][ T3151] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 95.549513][ T3151] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 95.559412][ T3151] F2FS-fs (loop2): Found nat_bits in checkpoint [ 95.584080][ T3151] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 95.591489][ T3151] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 95.886418][ T772] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 96.126329][ T772] usb 1-1: Using ep0 maxpacket: 8 [ 96.160978][ T3187] loop3: detected capacity change from 0 to 1024 [ 96.188178][ T3187] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 96.217505][ T2350] EXT4-fs (loop3): unmounting filesystem. [ 96.256485][ T772] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 96.265069][ T772] usb 1-1: config 1 has an invalid interface descriptor of length 6, skipping [ 96.273752][ T772] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.283827][ T772] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 96.328187][ T3197] Zero length message leads to an empty skb [ 96.416443][ T24] usb 2-1: USB disconnect, device number 12 [ 96.456385][ T772] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 96.465281][ T772] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.473115][ T772] usb 1-1: Product: syz [ 96.477351][ T772] usb 1-1: Manufacturer: syz [ 96.481758][ T772] usb 1-1: SerialNumber: syz [ 96.738872][ T772] usb 1-1: USB disconnect, device number 6 [ 96.816344][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 96.956336][ T330] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 97.056339][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 97.081549][ T3238] loop2: detected capacity change from 0 to 256 [ 97.088874][ T3238] FAT-fs (loop2): bogus logical sector size 0 [ 97.094763][ T3238] FAT-fs (loop2): Can't find a valid FAT filesystem [ 97.182578][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 97.193600][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 97.204572][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 97.213305][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.223981][ T24] usb 2-1: config 0 descriptor?? [ 97.247591][ T3217] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 97.271273][ T24] hub 2-1:0.0: USB hub found [ 97.276848][ T3250] netlink: 1280 bytes leftover after parsing attributes in process `syz-executor.2'. [ 97.303104][ T3256] device bridge_slave_0 left promiscuous mode [ 97.309142][ T3256] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.317064][ T3256] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 97.377622][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.388821][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.398376][ T330] usb 5-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00 [ 97.407267][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.415870][ T3261] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 97.416151][ T330] usb 5-1: config 0 descriptor?? [ 97.430414][ T3260] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 97.454009][ T3254] loop3: detected capacity change from 0 to 40427 [ 97.465740][ T3254] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 97.473326][ T3254] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 97.482567][ T3254] F2FS-fs (loop3): invalid crc value [ 97.490863][ T3254] F2FS-fs (loop3): Found nat_bits in checkpoint [ 97.507583][ T24] hub 2-1:0.0: 2 ports detected [ 97.517713][ T3254] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 97.524683][ T3254] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 97.561365][ T3254] syz-executor.3: attempt to access beyond end of device [ 97.561365][ T3254] loop3: rw=34817, sector=77824, nr_sectors = 2048 limit=40427 [ 97.594332][ T43] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 97.603435][ T43] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 97.649099][ T3273] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 97.670842][ T3273] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 97.942229][ T330] wacom 0003:056A:0315.000E: unbalanced delimiter at end of report description [ 97.951161][ T330] wacom 0003:056A:0315.000E: parse failed [ 97.952998][ T3295] loop0: detected capacity change from 0 to 40427 [ 97.961088][ T3293] loop3: detected capacity change from 0 to 40427 [ 97.963680][ T3295] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 97.969857][ T330] wacom: probe of 0003:056A:0315.000E failed with error -22 [ 97.976873][ T3295] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 97.983928][ T3293] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 98.000775][ T3293] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 98.002726][ T3295] F2FS-fs (loop0): Found nat_bits in checkpoint [ 98.038010][ T3293] F2FS-fs (loop3): Found nat_bits in checkpoint [ 98.049040][ T3295] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 98.056140][ T3295] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 98.110791][ T3293] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 98.118879][ T3293] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 98.175300][ T317] usb 5-1: USB disconnect, device number 7 [ 98.280361][ T3300] loop2: detected capacity change from 0 to 40427 [ 98.293879][ T3300] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 98.303208][ T3300] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 98.318371][ T3300] F2FS-fs (loop2): invalid crc value [ 98.335818][ T3300] F2FS-fs (loop2): Found nat_bits in checkpoint [ 98.360314][ T3316] loop3: detected capacity change from 0 to 128 [ 98.377927][ T3316] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 98.387320][ T3316] ext4 filesystem being mounted at /root/syzkaller-testdir996023121/syzkaller.Q7S0SN/83/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 98.423034][ T3300] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 98.430789][ T3300] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 98.438979][ T2350] EXT4-fs (loop3): unmounting filesystem. [ 98.458150][ T3322] overlayfs: missing 'lowerdir' [ 98.507256][ T3300] syz-executor.2: attempt to access beyond end of device [ 98.507256][ T3300] loop2: rw=34817, sector=77824, nr_sectors = 2048 limit=40427 [ 98.563413][ T43] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 98.572689][ T43] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 98.693504][ T330] kernel write not supported for file bpf-prog (pid: 330 comm: kworker/0:2) [ 98.742775][ T24] hub 2-1:0.0: hub_hub_status failed (err = -32) [ 98.748941][ T24] hub 2-1:0.0: config failed, can't get hub status (err -32) [ 98.785266][ T3354] overlayfs: missing 'lowerdir' [ 98.790446][ T3352] serio: Serial port pts0 [ 98.825720][ T3359] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 98.872815][ T24] usbhid 2-1:0.0: can't add hid device: -32 [ 98.878731][ T24] usbhid: probe of 2-1:0.0 failed with error -32 [ 98.880293][ T3375] loop3: detected capacity change from 0 to 128 [ 98.894173][ T3375] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 98.906356][ T3375] ext4 filesystem being mounted at /root/syzkaller-testdir996023121/syzkaller.Q7S0SN/92/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 98.919283][ T3380] loop0: detected capacity change from 0 to 256 [ 98.948527][ T3380] exfat: Deprecated parameter 'namecase' [ 98.961169][ T3380] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 98.961574][ T2350] EXT4-fs (loop3): unmounting filesystem. [ 98.978870][ T28] kauditd_printk_skb: 120 callbacks suppressed [ 98.978883][ T28] audit: type=1400 audit(1717247968.264:966): avc: denied { append } for pid=3378 comm="syz-executor.0" path="/root/syzkaller-testdir3066389746/syzkaller.LooQw7/110/file0/cpu.stat" dev="loop0" ino=1048694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.013329][ T28] audit: type=1400 audit(1717247968.264:967): avc: denied { map } for pid=3378 comm="syz-executor.0" path="/root/syzkaller-testdir3066389746/syzkaller.LooQw7/110/file0/cpu.stat" dev="loop0" ino=1048694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.043161][ T28] audit: type=1400 audit(1717247968.264:968): avc: denied { execute } for pid=3378 comm="syz-executor.0" path="/root/syzkaller-testdir3066389746/syzkaller.LooQw7/110/file0/cpu.stat" dev="loop0" ino=1048694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.047108][ T3384] overlayfs: missing 'lowerdir' [ 99.219395][ T330] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 99.233621][ T28] audit: type=1400 audit(1717247968.495:969): avc: denied { read } for pid=3390 comm="syz-executor.3" dev="nsfs" ino=4026532897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 99.255044][ T28] audit: type=1400 audit(1717247968.495:970): avc: denied { open } for pid=3390 comm="syz-executor.3" path="net:[4026532897]" dev="nsfs" ino=4026532897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 99.538261][ T3387] loop0: detected capacity change from 0 to 131072 [ 99.555366][ T3387] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name [ 99.577267][ T3387] F2FS-fs (loop0): invalid crc value [ 99.588858][ T3387] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 99.619903][ T3387] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 99.652794][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.668209][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.687042][ T330] usb 5-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00 [ 99.706901][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.715276][ T330] usb 5-1: config 0 descriptor?? [ 99.805562][ T3406] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 99.916833][ T3413] loop0: detected capacity change from 0 to 128 [ 99.930763][ T3413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 99.943815][ T3413] ext4 filesystem being mounted at /root/syzkaller-testdir3066389746/syzkaller.LooQw7/115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 100.010955][ T2143] EXT4-fs (loop0): unmounting filesystem. [ 100.044144][ T3423] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 100.087752][ T3426] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 100.108093][ T6] usb 2-1: USB disconnect, device number 13 [ 100.120740][ T3415] loop2: detected capacity change from 0 to 40427 [ 100.127848][ T3415] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 100.135565][ T3415] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 100.145672][ T3415] F2FS-fs (loop2): Found nat_bits in checkpoint [ 100.171200][ T3415] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 100.178125][ T3415] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 100.247497][ T3439] overlayfs: missing 'lowerdir' [ 100.262060][ T330] wacom 0003:056A:0315.000F: unbalanced delimiter at end of report description [ 100.273750][ T330] wacom 0003:056A:0315.000F: parse failed [ 100.282133][ T330] wacom: probe of 0003:056A:0315.000F failed with error -22 [ 100.415133][ T3447] loop2: detected capacity change from 0 to 128 [ 100.422901][ T3447] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 100.431343][ T3447] ext4 filesystem being mounted at /root/syzkaller-testdir1385779928/syzkaller.FEwCuv/85/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 100.466783][ T330] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 100.480473][ T317] usb 5-1: USB disconnect, device number 8 [ 100.487873][ T2481] EXT4-fs (loop2): unmounting filesystem. [ 100.499121][ T28] audit: type=1400 audit(1717247969.667:971): avc: denied { watch } for pid=3449 comm="syz-executor.2" path="/root/syzkaller-testdir1385779928/syzkaller.FEwCuv/86/file0/bus" dev="proc" ino=4026531855 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 100.909559][ T330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.920334][ T330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.929814][ T330] usb 1-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 100.938639][ T330] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.946943][ T330] usb 1-1: config 0 descriptor?? [ 101.037201][ T3459] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 101.045237][ T3459] netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.4'. [ 101.140423][ T3467] overlayfs: missing 'lowerdir' [ 101.440507][ T3478] loop2: detected capacity change from 0 to 128 [ 101.451074][ T3478] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 101.459644][ T3478] ext4 filesystem being mounted at /root/syzkaller-testdir1385779928/syzkaller.FEwCuv/90/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 101.495863][ T330] elecom 0003:056E:00FB.0010: unknown main item tag 0x0 [ 101.506335][ T330] elecom 0003:056E:00FB.0010: hidraw0: USB HID v0.07 Device [HID 056e:00fb] on usb-dummy_hcd.0-1/input0 [ 101.518346][ T2481] EXT4-fs (loop2): unmounting filesystem. [ 101.537799][ T28] audit: type=1400 audit(1717247970.617:972): avc: denied { connect } for pid=3488 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 101.567969][ T3493] loop3: detected capacity change from 0 to 1024 [ 101.623751][ T3493] EXT4-fs: Ignoring removed orlov option [ 101.629403][ T3493] EXT4-fs: Ignoring removed nomblk_io_submit option [ 101.662402][ T3493] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 101.679716][ T3493] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 101.694578][ T3493] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 101.712948][ T24] usb 1-1: USB disconnect, device number 7 [ 101.721520][ T28] audit: type=1400 audit(1717247970.784:973): avc: denied { unmount } for pid=2350 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 101.721777][ T2350] ================================================================== [ 101.749275][ T2350] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 101.757084][ T2350] Read of size 4 at addr ffff88813c677000 by task syz-executor.3/2350 [ 101.765068][ T2350] [ 101.767241][ T2350] CPU: 0 PID: 2350 Comm: syz-executor.3 Not tainted 6.1.78-syzkaller-00133-g74c507aab139 #0 2024/06/01 13:19:30 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 101.777134][ T2350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 101.787036][ T2350] Call Trace: [ 101.790160][ T2350] [ 101.792930][ T2350] dump_stack_lvl+0x151/0x1b7 [ 101.797455][ T2350] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 101.802740][ T2350] ? _printk+0xd1/0x111 [ 101.806737][ T2350] ? __virt_addr_valid+0x242/0x2f0 [ 101.811684][ T2350] print_report+0x158/0x4e0 [ 101.816020][ T2350] ? __virt_addr_valid+0x242/0x2f0 [ 101.820968][ T2350] ? kasan_addr_to_slab+0xd/0x80 [ 101.825745][ T2350] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 101.831212][ T2350] kasan_report+0x13c/0x170 [ 101.835553][ T2350] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 101.841021][ T2350] __asan_report_load4_noabort+0x14/0x20 [ 101.846485][ T2350] ext4_xattr_delete_inode+0xcd0/0xce0 [ 101.851781][ T2350] ? sb_end_intwrite+0x130/0x130 [ 101.856553][ T2350] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 101.862573][ T2350] ? __kasan_check_read+0x11/0x20 [ 101.867430][ T2350] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 101.873158][ T2350] ? ext4_evict_inode+0xbc2/0x1550 [ 101.878105][ T2350] ext4_e