last executing test programs: 6.903679217s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000080000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc) 6.896170099s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read(r2, &(0x7f00000000c0)=""/226, 0xe2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) read$watch_queue(r0, &(0x7f0000002e00)=""/4088, 0xff8) 6.453869298s ago: executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x0, 0x7, {0x7, 0x0, "5a7da32917"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x1, 0x3, 'aBT'}, 0x0}) 2.199342435s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) close(r1) fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 2.198555905s ago: executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r1, 0x4068aea3, &(0x7f0000000100)) 2.197382655s ago: executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) getpid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000540)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff303030303031373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e58fd37cea6623dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7"], 0x1, 0x291, &(0x7f0000000280)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000640)=ANY=[@ANYRES64=r0, @ANYRES16=r0, @ANYRESOCT=r0, @ANYBLOB="f1bcca05ed588d63a576cc3afd51baf29cde0400000092f4e66ff7ef22aa9af727ceae8a8ec95fc1b73083de2de825a0cb2b0be774fdb33650d7dace27c16bc23b2f7c7fb72585548939698f280d138aa9255a8a924008f8477e82ba11cdb11efd5ca2f1ab049ce2cc7815d2daf8daea25533a558d561654faf5e0924f1376174f374d664fad4a6ab24ec000ccace822e7f9426e8e5de1fe58085a0ae86fd02a118b9365961834d46208b9fb4c91a1fa962a8b00a9717fcbb46c2400dc2e319379ea1e5a07aeb3f9cd4e648df445a1b4213e732300000000000010000758027a472e7d263ef567a84166f26ee56e701c63a8863787889bf1c90fccf31954a940c8b584ca89a512f28edec08eb1c0823c028840eeaf3f5d8769023c01ac63f7f959571e8e899b43c293bc21a2b833e5c9c703c4cfa063dd050045706bde3d7ac373ab04b62b4111b59eabd436dd97e788a36ef25bad99beec474e667589d37100ec36292c15c6", @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRES64, @ANYRES32, @ANYRES64, @ANYRES8=0x0], 0x5, 0x0, &(0x7f0000000000)) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 2.196943865s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000400000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) munlock(&(0x7f0000bac000/0x4000)=nil, 0x4000) 2.193696846s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000ec0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) 2.193602406s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r1}, 0xc) 2.193504746s ago: executing program 4: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usb_connect$uac1(0x0, 0xda, &(0x7f0000000740)=ANY=[@ANYBLOB="1201b007000000086b1d01014000010203010902c80003010000800904000000010100000a24010000060201020c24020502020602060006ff090401000001020000090401010101020000072401090100000924020206000300060c240201270320cbb2bb9bcb0905010900021f0504072501000006000904020000010200000904020101ffff00000724d17bf018000724015afd05000f2402020000859900354fa656e9470c2402011f024808bac2ad3d07240100010000110502", @ANYRESDEC], &(0x7f0000000bc0)={0x0, 0x0, 0x9, 0x0}) 2.176563809s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), 0xffffffffffffffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0) r4 = dup(r2) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.140278204s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read(r2, &(0x7f00000000c0)=""/226, 0xe2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) read$watch_queue(r0, &(0x7f0000002e00)=""/4088, 0xff8) 1.998878026s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x7b, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000f40)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x20, 0x0, 0x4, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x2, 0xc}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18040000000000000000000000400000850000000800000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, &(0x7f0000000040)}, 0x20) read$usbmon(r3, &(0x7f0000000000)=""/91, 0x5b) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r5, 0x0, r4, 0x0, 0x6, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000a40)={0x14, 0x3, 0x1, 0x301}, 0x14}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000480)={0x0, 0x0, 0x4, "fda5248a"}, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x10012, r6, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r1, &(0x7f0000000200)="8a1e37a5f6a9c3ae3043eedf1528a8e1cc3e06aa5796aeeeb18d3879ff94822f25c44fb2e1bacae5fbbc50439de68d3831083395b20f3698e693d23382a8f89026f41e8caa2e8452f06b11d4409337b124338f9b734c19d5f8b4c4f4cd5af51280ac6dbb7b154dc20cfbf4aed3867ab444ebe1975cc160af4e1306f19e499a754df3bc55450986f62f3f6644c4e9640dae9937988e65c68acdf9041eaf617982d7156118053d315c2793f4a91053358d9422d62af652e63d842d79cdd164a440ecee0a8e1613e76c9641eec5d6", &(0x7f0000000000)=@udp6=r6}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 1.289141317s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a2824734ca454088df95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c305eaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f01000080000000004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5001000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e87973d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b16500000000000000000000000000cbf5e55f5adc0a7459f94def8b303c3db48ec4cbf211fbabb0559abb1a14edcb9d6aaf566ce5fc325c60a97a50a42ad405caaf3477ffad000000000000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x300, 0xbe, 0x9a, 0x8e, 0x40, 0x499, 0x1003, 0xa0fc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xec, 0x70, 0x91}}]}}]}}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0}) 478.722495ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000040)='ext4_unlink_enter\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x1f, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r2}, &(0x7f0000000640), &(0x7f0000000680)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000040)='ext4_unlink_enter\x00', r3}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 452.425249ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001412) 408.030546ms ago: executing program 0: syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000002ac0)=ANY=[], 0x2, 0x1e7, &(0x7f00000001c0)="$eJzsmb+LE0EUx78zu9mchwg2FjYWHniit9ndqFxzRQRLQYiilsGsIbpJJFkhCQgGGxtLC8HWxtLCwsrCv8BWCxUEC1PaCSMzO7s7JpsQf2BE3wdu7jszb+fNe7DfYgOCIP5bPrz/8u7B2d2LJwHsxxbKev2TlcdwI/7to9snHu6de/zszZNX3QN3XsyexwAIsXp+B8DLmoUYzE5Wvn96y7iC1rgEjuNaXwaDm8ivQpFMQjBc1TE3DN3bp0UUutd6UfN6Owo9OfhyCORQNfPLS00nDE0AG+p2QjBjfzAa32xEUdifFSWR5pnb+lGxrH/qfjWOPaTdE0I268r9exM5172BB571zweHr3UVDHWtd1GG67p5S4z6D9v5+dYq9a9XPFXi4M6fSpq+I39D7f+wKP2Wc9jsinyhs5VD09QDzZiPa6/954UyLgBzW683o+j8L5zsFDQqE7k/SWc/ZviTDTvzj0rcuVUZjMY77U6jFbbCbhBUz3inPO90UFFGlIxL/G9D+dOmcX5pQazDHAwbcdz3h0Dc97N5kIyG49af9z6rZ7jyP47to2qqPFWVXS7OwfQfV/+l2raKI+8urIkgCIIgCIIgCIIgCIIgCKKYI2BIfgkTTH8QLSK4oL5QfgsAAP//g4hmcg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000580)={0x0, 0x2000000}) 384.120659ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018001000800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f00000001c0)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) chdir(&(0x7f0000000040)='./file0\x00') bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pB \x00'}, 0x20) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 334.048757ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x1, 0x8a, 0xe7c9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8}, 0x48) 326.508788ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000440), 0xfecc) write$cgroup_subtree(r1, 0x0, 0x7ffffffff000) write$cgroup_pid(r0, &(0x7f0000000080)=0xffffffffffffffff, 0x12) 325.181239ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000080000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 242.645142ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 220.304605ms ago: executing program 0: sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) bind$can_raw(0xffffffffffffffff, &(0x7f0000000100), 0x10) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)) read$FUSE(0xffffffffffffffff, &(0x7f00000077c0)={0x2020}, 0x2020) getdents64(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, 0x0, 0x400, 0x0, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8840}, 0x0) 212.344156ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x143fdd, 0x80, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000000c0)={r2, &(0x7f0000000180), 0x0}, 0x20) 185.332371ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) close(r2) 172.903152ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x5c9c8df6) fallocate(r2, 0x8, 0x0, 0xffffffff000) ioctl$FIBMAP(r2, 0x1, &(0x7f00000000c0)) 98.651205ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001412) 70.602689ms ago: executing program 2: syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000002ac0)=ANY=[], 0x2, 0x1e7, &(0x7f00000001c0)="$eJzsmb+LE0EUx78zu9mchwg2FjYWHniit9ndqFxzRQRLQYiilsGsIbpJJFkhCQgGGxtLC8HWxtLCwsrCv8BWCxUEC1PaCSMzO7s7JpsQf2BE3wdu7jszb+fNe7DfYgOCIP5bPrz/8u7B2d2LJwHsxxbKev2TlcdwI/7to9snHu6de/zszZNX3QN3XsyexwAIsXp+B8DLmoUYzE5Wvn96y7iC1rgEjuNaXwaDm8ivQpFMQjBc1TE3DN3bp0UUutd6UfN6Owo9OfhyCORQNfPLS00nDE0AG+p2QjBjfzAa32xEUdifFSWR5pnb+lGxrH/qfjWOPaTdE0I268r9exM5172BB571zweHr3UVDHWtd1GG67p5S4z6D9v5+dYq9a9XPFXi4M6fSpq+I39D7f+wKP2Wc9jsinyhs5VD09QDzZiPa6/954UyLgBzW683o+j8L5zsFDQqE7k/SWc/ZviTDTvzj0rcuVUZjMY77U6jFbbCbhBUz3inPO90UFFGlIxL/G9D+dOmcX5pQazDHAwbcdz3h0Dc97N5kIyG49af9z6rZ7jyP47to2qqPFWVXS7OwfQfV/+l2raKI+8urIkgCIIgCIIgCIIgCIIgCKKYI2BIfgkTTH8QLSK4oL5QfgsAAP//g4hmcg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000580)={0x0, 0x2000000}) 40.088013ms ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r3, &(0x7f0000000000), 0x12) 0s ago: executing program 2: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usb_connect$uac1(0x0, 0xda, &(0x7f0000000740)=ANY=[@ANYBLOB="1201b007000000086b1d01014000010203010902c80003010000800904000000010100000a24010000060201020c24020502020602060006ff090401000001020000090401010101020000072401090100000924020206000300060c240201270320cbb2bb9bcb0905010900021f0504072501000006000904020000010200000904020101ffff00000724d17bf018000724015afd05000f2402020000859900354fa656e9470c2402011f024808bac2ad3d07240100010000110502", @ANYRESDEC], &(0x7f0000000bc0)={0x0, 0x0, 0x9, 0x0}) kernel console output (not intermixed with test programs): 62] loop0: detected capacity change from 0 to 256 [ 41.043864][ T964] loop0: detected capacity change from 0 to 256 [ 41.053708][ T964] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 41.095695][ T966] loop0: detected capacity change from 0 to 512 [ 41.101206][ T949] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.108663][ T949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.115703][ T949] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.122660][ T949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.124672][ T966] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 41.139613][ T966] ext4 filesystem being mounted at /root/syzkaller-testdir3907390490/syzkaller.H1FilU/3/bus supports timestamps until 2038 (0x7fffffff) [ 41.154233][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 41.154247][ T28] audit: type=1400 audit(1717646762.748:189): avc: denied { read } for pid=969 comm="syz-executor.2" name="usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 41.183701][ T359] device bridge_slave_1 left promiscuous mode [ 41.190260][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.193117][ T28] audit: type=1400 audit(1717646762.748:190): avc: denied { open } for pid=969 comm="syz-executor.2" path="/dev/usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 41.222672][ T359] device bridge_slave_0 left promiscuous mode [ 41.229478][ T28] audit: type=1400 audit(1717646762.758:191): avc: denied { ioctl } for pid=969 comm="syz-executor.2" path="/dev/usbmon0" dev="devtmpfs" ino=139 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 41.236061][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.262853][ T359] device bridge_slave_1 left promiscuous mode [ 41.268995][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.276422][ T359] device bridge_slave_0 left promiscuous mode [ 41.282666][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.290701][ T359] device bridge_slave_1 left promiscuous mode [ 41.296788][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.304493][ T359] device bridge_slave_0 left promiscuous mode [ 41.310571][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.322405][ T359] device veth1_macvtap left promiscuous mode [ 41.328366][ T359] device veth0_vlan left promiscuous mode [ 41.334514][ T359] device veth1_macvtap left promiscuous mode [ 41.340905][ T359] device veth0_vlan left promiscuous mode [ 41.347736][ T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 41.358265][ T359] device veth1_macvtap left promiscuous mode [ 41.364238][ T359] device veth0_vlan left promiscuous mode [ 41.537907][ T39] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1 [ 41.546835][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.554656][ T39] usb 2-1: Product: syz [ 41.558662][ T39] usb 2-1: Manufacturer: syz [ 41.563061][ T39] usb 2-1: SerialNumber: syz [ 41.570247][ T39] usb 2-1: config 0 descriptor?? [ 41.609954][ T39] usb_ehset_test: probe of 2-1:0.0 failed with error -32 [ 41.634297][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.642005][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.648550][ T931] EXT4-fs (loop0): unmounting filesystem. [ 41.650940][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.673665][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.681583][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.698674][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.710259][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.728063][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.736167][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.756317][ T988] syz-executor.2[988] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.756397][ T988] syz-executor.2[988] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.772811][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.792781][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.804534][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.813247][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.823535][ T990] loop3: detected capacity change from 0 to 256 [ 41.830123][ T19] usb 2-1: USB disconnect, device number 4 [ 41.834114][ T949] device veth0_vlan entered promiscuous mode [ 41.866585][ T28] audit: type=1400 audit(1717646763.458:192): avc: denied { create } for pid=991 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 41.886297][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.889609][ T28] audit: type=1400 audit(1717646763.458:193): avc: denied { connect } for pid=991 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 41.894773][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.923442][ T994] serio: Serial port pts0 [ 41.941236][ T997] loop2: detected capacity change from 0 to 256 [ 41.944506][ T949] device veth1_macvtap entered promiscuous mode [ 41.966863][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.991745][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.010939][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.032059][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.052366][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.056472][ T1012] loop0: detected capacity change from 0 to 256 [ 42.080123][ T1012] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 42.160262][ T1020] loop2: detected capacity change from 0 to 256 [ 42.167006][ T1022] ext4: Unknown parameter './file0' [ 42.185543][ T1024] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 42.198174][ T28] audit: type=1400 audit(1717646763.798:194): avc: denied { create } for pid=1023 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 42.198852][ T379] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 42.222313][ T28] audit: type=1400 audit(1717646763.818:195): avc: denied { ioctl } for pid=1023 comm="syz-executor.0" path="socket:[20541]" dev="sockfs" ino=20541 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 42.240470][ T1026] loop2: detected capacity change from 0 to 256 [ 42.584963][ T1031] serio: Serial port pts0 [ 42.904377][ T28] audit: type=1400 audit(1717646764.498:196): avc: denied { read } for pid=1041 comm="syz-executor.3" name="event0" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 42.968705][ T28] audit: type=1400 audit(1717646764.528:197): avc: denied { open } for pid=1041 comm="syz-executor.3" path="/dev/input/event0" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 42.993244][ T28] audit: type=1400 audit(1717646764.528:198): avc: denied { ioctl } for pid=1041 comm="syz-executor.3" path="/dev/input/event0" dev="devtmpfs" ino=168 ioctlcmd=0x45a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 43.032267][ T1047] ext4: Unknown parameter './file0' [ 43.139104][ T1029] loop0: detected capacity change from 0 to 40427 [ 43.146046][ T1029] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 43.153891][ T1029] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 43.156399][ T1040] loop1: detected capacity change from 0 to 40427 [ 43.179485][ T1040] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 43.187270][ T1040] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 43.196362][ T1029] F2FS-fs (loop0): Found nat_bits in checkpoint [ 43.203226][ T1040] F2FS-fs (loop1): invalid crc value [ 43.226339][ T1040] F2FS-fs (loop1): Found nat_bits in checkpoint [ 43.254930][ T1029] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 43.261938][ T1029] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 43.276855][ T1040] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 43.283913][ T1040] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 43.288871][ T1029] syz-executor.0: attempt to access beyond end of device [ 43.288871][ T1029] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 43.313756][ T1064] device veth1_macvtap left promiscuous mode [ 43.358661][ T547] kworker/u4:5: attempt to access beyond end of device [ 43.358661][ T547] loop0: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 43.372435][ T19] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 43.400947][ T1040] syz-executor.1: attempt to access beyond end of device [ 43.400947][ T1040] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 43.418664][ T359] device bridge_slave_1 left promiscuous mode [ 43.429102][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.443155][ T359] device bridge_slave_0 left promiscuous mode [ 43.453332][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.473129][ T359] device veth1_macvtap left promiscuous mode [ 43.483491][ T359] device veth0_vlan left promiscuous mode [ 43.688724][ T1085] ext4: Unknown parameter './file0' [ 43.737795][ T19] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 43.907691][ T19] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1 [ 43.916745][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.924562][ T19] usb 4-1: Product: syz [ 43.928787][ T19] usb 4-1: Manufacturer: syz [ 43.933202][ T19] usb 4-1: SerialNumber: syz [ 43.938622][ T19] usb 4-1: config 0 descriptor?? [ 43.978373][ T19] usb_ehset_test: probe of 4-1:0.0 failed with error -32 [ 44.007800][ T39] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 44.143130][ T1094] device pim6reg1 entered promiscuous mode [ 44.180629][ T24] usb 4-1: USB disconnect, device number 4 [ 44.212999][ T1096] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 44.224651][ T1096] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 44.237956][ T8] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 44.247140][ T8] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 44.258846][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 44.267168][ T8] kworker/u4:0: attempt to access beyond end of device [ 44.267168][ T8] loop1: rw=1, sector=45104, nr_sectors = 8 limit=40427 [ 44.320918][ T1100] syz-executor.2[1100] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.321007][ T1100] syz-executor.2[1100] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.342991][ T1102] syz-executor.2[1102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.354770][ T1102] syz-executor.2[1102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.430271][ T1111] ext4: Unknown parameter './file0' [ 44.448184][ T39] usb 1-1: unable to get BOS descriptor or descriptor too short [ 44.480865][ T1115] loop1: detected capacity change from 0 to 256 [ 44.518912][ T379] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 44.537628][ T39] usb 1-1: config 0 has no interfaces? [ 44.697732][ T39] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 44.706606][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.727856][ T39] usb 1-1: Product: syz [ 44.731859][ T39] usb 1-1: Manufacturer: syz [ 44.736285][ T39] usb 1-1: SerialNumber: syz [ 44.758264][ T39] usb 1-1: config 0 descriptor?? [ 44.775993][ T1121] loop1: detected capacity change from 0 to 40427 [ 44.783184][ T1121] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 44.793704][ T1123] loop2: detected capacity change from 0 to 40427 [ 44.797118][ T1121] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 44.805024][ T1123] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 44.813716][ T1121] F2FS-fs (loop1): invalid crc value [ 44.816984][ T1123] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 44.826145][ T1121] F2FS-fs (loop1): Found nat_bits in checkpoint [ 44.830874][ T1123] F2FS-fs (loop2): Found nat_bits in checkpoint [ 44.867060][ T1121] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 44.874128][ T1121] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 44.876692][ T1123] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 44.893455][ T1123] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 44.920490][ T1123] syz-executor.2: attempt to access beyond end of device [ 44.920490][ T1123] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 44.958422][ T8] kworker/u4:0: attempt to access beyond end of device [ 44.958422][ T8] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 45.002488][ T1121] syz-executor.1: attempt to access beyond end of device [ 45.002488][ T1121] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 45.091419][ T1138] syz-executor.2[1138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.092135][ T1138] syz-executor.2[1138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.109499][ T1140] syz-executor.4[1140] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.124107][ T1140] syz-executor.4[1140] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.158866][ T1146] loop4: detected capacity change from 0 to 256 [ 45.324813][ T1152] xt_bpf: check failed: parse error [ 45.561325][ T39] usb 1-1: USB disconnect, device number 3 [ 45.580600][ T1161] binder: BINDER_SET_CONTEXT_MGR already set [ 45.586500][ T1161] binder: 1160:1161 ioctl 4018620d 20000040 returned -16 [ 45.607279][ T1163] loop0: detected capacity change from 0 to 256 [ 45.776639][ T547] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 45.786160][ T547] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 45.803022][ T547] kworker/u4:5: attempt to access beyond end of device [ 45.803022][ T547] loop1: rw=1, sector=45104, nr_sectors = 8 limit=40427 [ 45.831872][ T1182] overlayfs: invalid redirect ((null)) [ 45.905920][ T1184] Illegal XDP return value 4294967274 on prog (id 192) dev N/A, expect packet loss! [ 45.984080][ T1188] device pim6reg1 entered promiscuous mode [ 46.047886][ T39] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 46.122368][ T1201] loop4: detected capacity change from 0 to 256 [ 46.325629][ T1209] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1209 comm=syz-executor.1 [ 46.338786][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 46.338800][ T28] audit: type=1400 audit(1717646767.938:221): avc: denied { read } for pid=1208 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 46.437418][ T1213] loop2: detected capacity change from 0 to 1024 [ 46.472213][ T1213] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 46.576992][ T39] usb 1-1: not running at top speed; connect to a high speed hub [ 46.599111][ T28] audit: type=1400 audit(1717646768.188:222): avc: denied { setopt } for pid=1204 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 46.711499][ T1231] xt_bpf: check failed: parse error [ 46.852817][ T1232] device pim6reg1 entered promiscuous mode [ 46.927719][ T39] usb 1-1: New USB device found, idVendor=19d2, idProduct=0113, bcdDevice=7c.57 [ 46.942016][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.950621][ T39] usb 1-1: Product: syz [ 46.956889][ T1237] bpf_get_probe_write_proto: 4 callbacks suppressed [ 46.956905][ T1237] syz-executor.1[1237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.969094][ T39] usb 1-1: Manufacturer: syz [ 46.989666][ T1237] syz-executor.1[1237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.998872][ T39] usb 1-1: SerialNumber: syz [ 47.021780][ T1243] loop1: detected capacity change from 0 to 512 [ 47.034799][ T39] usb 1-1: config 0 descriptor?? [ 47.055032][ T1243] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 47.069535][ T1243] ext4 filesystem being mounted at /root/syzkaller-testdir147510253/syzkaller.RDPUA4/26/file0 supports timestamps until 2038 (0x7fffffff) [ 47.094136][ T1243] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #2: comm syz-executor.1: corrupted inode contents [ 47.119188][ T1243] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #2: comm syz-executor.1: mark_inode_dirty error [ 47.141503][ T1243] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #2: comm syz-executor.1: corrupted inode contents [ 47.161745][ T1243] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz-executor.1: mark_inode_dirty error [ 47.162984][ T1249] syz-executor.4[1249] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.184489][ T28] audit: type=1400 audit(1717646768.778:223): avc: denied { write } for pid=1242 comm="syz-executor.1" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 47.231268][ T1249] syz-executor.4[1249] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.243618][ T28] audit: type=1400 audit(1717646768.778:224): avc: denied { add_name } for pid=1242 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 47.288711][ T916] EXT4-fs (loop1): unmounting filesystem. [ 47.294635][ T19] usb 1-1: USB disconnect, device number 4 [ 47.309768][ T28] audit: type=1400 audit(1717646768.778:225): avc: denied { create } for pid=1242 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 47.331571][ T843] EXT4-fs (loop2): unmounting filesystem. [ 47.345468][ T28] audit: type=1400 audit(1717646768.778:226): avc: denied { rename } for pid=1242 comm="syz-executor.1" name="file0" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 47.412889][ T1258] syz-executor.4[1258] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.412962][ T1258] syz-executor.4[1258] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.433300][ T1258] overlayfs: invalid redirect ((null)) [ 47.618407][ T1274] loop3: detected capacity change from 0 to 256 [ 47.827641][ T39] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 47.867142][ T1281] loop0: detected capacity change from 0 to 512 [ 47.883644][ T1281] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 47.890492][ T1288] loop1: detected capacity change from 0 to 512 [ 47.895572][ T1281] ext4 filesystem being mounted at /root/syzkaller-testdir3907390490/syzkaller.H1FilU/21/file0 supports timestamps until 2038 (0x7fffffff) [ 47.902879][ T1288] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 47.924008][ T1288] EXT4-fs (loop1): 1 truncate cleaned up [ 47.925151][ T1281] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz-executor.0: corrupted inode contents [ 47.935705][ T1288] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 47.944821][ T1281] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #2: comm syz-executor.0: mark_inode_dirty error [ 47.970764][ T1281] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz-executor.0: corrupted inode contents [ 47.985487][ T1281] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz-executor.0: mark_inode_dirty error [ 47.996844][ T1291] loop2: detected capacity change from 0 to 1024 [ 48.017625][ T1288] loop1: detected capacity change from 512 to 64 [ 48.028868][ T1288] SELinux: inode_doinit_use_xattr: getxattr returned 12 for dev=loop1 ino=15 [ 48.064497][ T1288] SELinux: inode_doinit_use_xattr: getxattr returned 12 for dev=loop1 ino=15 [ 48.074349][ T1291] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 48.083375][ T1288] SELinux: inode_doinit_use_xattr: getxattr returned 12 for dev=loop1 ino=15 [ 48.105678][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.121425][ T931] EXT4-fs (loop0): unmounting filesystem. [ 48.137406][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.155900][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.171888][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.188016][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.191152][ T1295] loop0: detected capacity change from 0 to 1024 [ 48.211100][ T1295] EXT4-fs: Ignoring removed orlov option [ 48.215483][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.216700][ T1295] EXT4-fs: Ignoring removed oldalloc option [ 48.236151][ T1295] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.246102][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.249757][ T1295] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 48.259938][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.284218][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.284502][ T39] usb 5-1: config 0 has no interfaces? [ 48.298506][ T916] EXT4-fs warning (device loop1): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.1: error -12 reading directory block [ 48.317676][ T1295] EXT4-fs (loop0): group descriptors corrupted! [ 48.400426][ T916] EXT4-fs (loop1): unmounting filesystem. [ 48.417672][ T39] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 48.452887][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 48.469841][ T39] usb 5-1: SerialNumber: syz [ 48.474302][ T28] audit: type=1400 audit(1717646770.068:227): avc: denied { nlmsg_write } for pid=1301 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 48.503722][ T39] usb 5-1: config 0 descriptor?? [ 48.664676][ T1311] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.676140][ T1311] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.685349][ T1311] device bridge_slave_0 entered promiscuous mode [ 48.692170][ T1320] syz-executor.0[1320] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.692246][ T1320] syz-executor.0[1320] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.694583][ T1311] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.722441][ T1311] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.729730][ T1311] device bridge_slave_1 entered promiscuous mode [ 48.768008][ T24] usb 5-1: USB disconnect, device number 5 [ 48.778021][ T843] EXT4-fs (loop2): unmounting filesystem. [ 48.779423][ T1322] loop0: detected capacity change from 0 to 1024 [ 48.800204][ T1322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 48.827623][ T39] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 48.835949][ T931] EXT4-fs (loop0): unmounting filesystem. [ 48.936767][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.944078][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.966767][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.975054][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.098199][ T1339] loop2: detected capacity change from 0 to 2048 [ 49.130799][ T1339] Alternate GPT is invalid, using primary GPT. [ 49.137073][ T1339] loop2: p1 p2 p3 [ 49.297698][ T39] usb 4-1: not running at top speed; connect to a high speed hub [ 49.305101][ T526] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.312373][ T526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.322424][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.334427][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.342824][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.350876][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.357740][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.368581][ T547] device bridge_slave_1 left promiscuous mode [ 49.374593][ T547] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.382221][ T547] device bridge_slave_0 left promiscuous mode [ 49.388264][ T547] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.395910][ T547] device veth1_macvtap left promiscuous mode [ 49.401913][ T547] device veth0_vlan left promiscuous mode [ 49.485238][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.493256][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.501119][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.509064][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.521612][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.533796][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.541680][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.549238][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.557370][ T1311] device veth0_vlan entered promiscuous mode [ 49.567827][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.568247][ T39] usb 4-1: New USB device found, idVendor=19d2, idProduct=0113, bcdDevice=7c.57 [ 49.577462][ T1311] device veth1_macvtap entered promiscuous mode [ 49.584947][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.596026][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.598617][ T39] usb 4-1: Product: syz [ 49.606311][ T19] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 49.610326][ T39] usb 4-1: Manufacturer: syz [ 49.617978][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.621937][ T39] usb 4-1: SerialNumber: syz [ 49.632704][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.634806][ T39] usb 4-1: config 0 descriptor?? [ 49.646013][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.843325][ T1359] loop0: detected capacity change from 0 to 1024 [ 49.867640][ T19] usb 5-1: Using ep0 maxpacket: 16 [ 49.874107][ T1359] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 49.910962][ T1362] loop1: detected capacity change from 0 to 8192 [ 49.912101][ T539] usb 4-1: USB disconnect, device number 5 [ 49.928068][ T931] EXT4-fs (loop0): unmounting filesystem. [ 49.987698][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.007858][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.028867][ T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 50.053499][ T19] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 50.070030][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.096402][ T19] usb 5-1: config 0 descriptor?? [ 50.578477][ T1390] loop1: detected capacity change from 0 to 2048 [ 50.595555][ T1342] syz-executor.4[1342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.596157][ T1342] syz-executor.4[1342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.620673][ T1390] Alternate GPT is invalid, using primary GPT. [ 50.638448][ T1390] loop1: p1 p2 p3 [ 50.759015][ T19] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 50.769069][ T19] microsoft 0003:045E:07DA.0003: item fetching failed at offset 30/34 [ 50.786680][ T19] microsoft 0003:045E:07DA.0003: parse failed [ 50.798146][ T19] microsoft: probe of 0003:045E:07DA.0003 failed with error -22 [ 50.883462][ T1401] loop3: detected capacity change from 0 to 1024 [ 50.959790][ T1407] loop2: detected capacity change from 0 to 8192 [ 50.961571][ T1401] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 50.968450][ T313] usb 5-1: USB disconnect, device number 6 [ 51.003359][ T805] EXT4-fs (loop3): unmounting filesystem. [ 51.103419][ T1413] loop0: detected capacity change from 0 to 256 [ 51.334548][ T28] audit: type=1400 audit(1717646772.928:228): avc: denied { create } for pid=1414 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 51.354127][ T28] audit: type=1400 audit(1717646772.948:229): avc: denied { write } for pid=1414 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 51.597169][ T1438] loop1: detected capacity change from 0 to 1024 [ 51.629650][ T1438] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 51.660715][ T1311] EXT4-fs (loop1): unmounting filesystem. [ 52.376697][ T1456] device pim6reg1 entered promiscuous mode [ 52.401129][ T1453] loop4: detected capacity change from 0 to 2048 [ 52.411761][ T1462] loop0: detected capacity change from 0 to 512 [ 52.437141][ T1462] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 52.454577][ T1462] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 52.465825][ T1453] Alternate GPT is invalid, using primary GPT. [ 52.470652][ T1462] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 52.471949][ T1453] loop4: p1 p2 p3 [ 52.517849][ T1462] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 52.535514][ T1462] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 52.548011][ T1462] EXT4-fs (loop0): Remounting filesystem read-only [ 52.560615][ T1462] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 52.574333][ T1462] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 52.633539][ T931] EXT4-fs (loop0): unmounting filesystem. [ 52.667766][ T28] audit: type=1400 audit(1717646774.258:230): avc: denied { listen } for pid=1480 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.576463][ T1489] loop2: detected capacity change from 0 to 256 [ 53.870167][ T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 53.877502][ T28] audit: type=1400 audit(1717646775.468:231): avc: denied { write } for pid=1495 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 53.932993][ T1502] device pim6reg1 entered promiscuous mode [ 54.052715][ T1510] syz-executor.2 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 54.160668][ T313] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 54.219051][ T1517] loop0: detected capacity change from 0 to 2048 [ 54.280040][ T1517] Alternate GPT is invalid, using primary GPT. [ 54.286341][ T1517] loop0: p1 p2 p3 [ 54.427682][ T24] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 54.437971][ T24] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 54.446837][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.466638][ T1520] syz-executor.2[1520] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.466685][ T1520] syz-executor.2[1520] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.508477][ T24] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 54.607660][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 54.618403][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 54.627965][ T313] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 54.636791][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.645187][ T313] usb 5-1: config 0 descriptor?? [ 54.709172][ T39] usb 2-1: USB disconnect, device number 5 [ 54.767671][ T19] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 54.933114][ T1536] device pim6reg1 entered promiscuous mode [ 55.082759][ T1542] loop0: detected capacity change from 0 to 40427 [ 55.089799][ T1542] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 55.097422][ T1542] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 55.106125][ T1542] F2FS-fs (loop0): invalid crc value [ 55.112593][ T1542] F2FS-fs (loop0): Found nat_bits in checkpoint [ 55.127872][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.140573][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.143950][ T1542] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 55.150424][ T19] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 55.157073][ T1542] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 55.166174][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.187040][ T19] usb 3-1: config 0 descriptor?? [ 55.225580][ T1550] process 'syz-executor.1' launched './file0' with NULL argv: empty string added [ 55.267681][ T526] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 55.277247][ T1542] syz-executor.0: attempt to access beyond end of device [ 55.277247][ T1542] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 55.343231][ T28] audit: type=1326 audit(1717646776.938:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1541 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1047c7cf69 code=0x0 [ 55.366639][ T313] hid-led: probe of 0003:27B8:01ED.0004 failed with error -71 [ 55.369703][ T28] audit: type=1400 audit(1717646776.938:233): avc: denied { create } for pid=1554 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 55.389362][ T313] usb 5-1: USB disconnect, device number 7 [ 55.507682][ T526] usb 4-1: Using ep0 maxpacket: 16 [ 55.627718][ T526] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.638467][ T526] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.655243][ T526] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 55.670434][ T19] hid-rmi 0003:06CB:81A7.0005: item fetching failed at offset 3/5 [ 55.681313][ T19] hid-rmi 0003:06CB:81A7.0005: parse failed [ 55.687054][ T19] hid-rmi: probe of 0003:06CB:81A7.0005 failed with error -22 [ 55.695096][ T526] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 55.708718][ T526] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.727922][ T526] usb 4-1: config 0 descriptor?? [ 55.910720][ T313] usb 3-1: USB disconnect, device number 8 [ 55.935909][ T1570] loop4: detected capacity change from 0 to 512 [ 55.963280][ T1570] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 55.973471][ T1570] ext4 filesystem being mounted at /root/syzkaller-testdir3216284964/syzkaller.2NhW4K/37/file1 supports timestamps until 2038 (0x7fffffff) [ 56.029483][ T949] EXT4-fs (loop4): unmounting filesystem. [ 56.078376][ T1579] loop4: detected capacity change from 0 to 512 [ 56.090338][ T1579] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 56.091944][ T359] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 56.101747][ T1579] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 56.111099][ T359] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 56.120561][ T1579] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 56.144459][ T359] kworker/u4:3: attempt to access beyond end of device [ 56.144459][ T359] loop0: rw=1, sector=45104, nr_sectors = 8 limit=40427 [ 56.151537][ T1579] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 56.165819][ T1579] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 56.178020][ T1579] EXT4-fs (loop4): Remounting filesystem read-only [ 56.184365][ T1579] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 56.196698][ T1579] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 56.197213][ T1544] syz-executor.3[1544] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.205535][ T1544] syz-executor.3[1544] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.238480][ T526] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 56.257620][ T526] microsoft 0003:045E:07DA.0006: item fetching failed at offset 30/34 [ 56.258470][ T949] EXT4-fs (loop4): unmounting filesystem. [ 56.265758][ T526] microsoft 0003:045E:07DA.0006: parse failed [ 56.277074][ T526] microsoft: probe of 0003:045E:07DA.0006 failed with error -22 [ 56.315218][ T1584] tipc: Failed to remove unknown binding: 66,1,1/0:635696413/635696415 [ 56.323899][ T1584] tipc: Failed to remove unknown binding: 66,1,1/0:635696413/635696415 [ 56.333252][ T1584] tipc: Failed to remove unknown binding: 66,1,1/0:635696413/635696415 [ 56.406229][ T28] audit: type=1400 audit(1717646777.998:234): avc: denied { write } for pid=1590 comm="syz-executor.0" name="event0" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 56.471873][ T313] usb 4-1: USB disconnect, device number 6 [ 56.507528][ T28] audit: type=1400 audit(1717646778.098:235): avc: denied { watch } for pid=1597 comm="syz-executor.1" path="/proc/1597/task" dev="proc" ino=23150 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 56.599183][ T1610] loop2: detected capacity change from 0 to 256 [ 56.609480][ T1610] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xba7df490, utbl_chksum : 0xe619d30d) [ 56.632971][ T28] audit: type=1400 audit(1717646778.228:236): avc: denied { mount } for pid=1609 comm="syz-executor.2" name="/" dev="configfs" ino=12728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 56.656152][ T28] audit: type=1400 audit(1717646778.228:237): avc: denied { write } for pid=1609 comm="syz-executor.2" name="/" dev="configfs" ino=12728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 56.686610][ T28] audit: type=1400 audit(1717646778.278:238): avc: denied { unmount } for pid=843 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 56.712633][ T28] audit: type=1400 audit(1717646778.278:239): avc: denied { remove_name } for pid=843 comm="syz-executor.2" name="file0" dev="loop2" ino=1048674 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 56.748404][ T28] audit: type=1400 audit(1717646778.298:240): avc: denied { rmdir } for pid=843 comm="syz-executor.2" name="file0" dev="loop2" ino=1048669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 56.934154][ T1637] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.941110][ T1637] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.948625][ T1637] device bridge_slave_0 entered promiscuous mode [ 56.957071][ T1637] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.964050][ T1637] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.971721][ T1637] device bridge_slave_1 entered promiscuous mode [ 57.032752][ T1650] loop0: detected capacity change from 0 to 256 [ 57.078768][ T379] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 57.090357][ T1658] mmap: syz-executor.3 (1658) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 57.106445][ T1660] loop0: detected capacity change from 0 to 512 [ 57.136967][ T1637] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.143868][ T1637] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.150968][ T1637] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.157745][ T1637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.165818][ T1660] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 57.193570][ T1660] EXT4-fs warning (device loop0): dx_probe:868: inode #2: comm syz-executor.0: Unimplemented hash flags: 0x0001 [ 57.205556][ T1660] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 57.227661][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.227990][ T1660] EXT4-fs warning (device loop0): dx_probe:868: inode #2: comm syz-executor.0: Unimplemented hash flags: 0x0001 [ 57.235162][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.255645][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.268968][ T1660] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 57.284161][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.306743][ T1660] EXT4-fs warning (device loop0): dx_probe:868: inode #2: comm syz-executor.0: Unimplemented hash flags: 0x0001 [ 57.312778][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.318553][ T1660] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 57.340188][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.353245][ T1637] device veth0_vlan entered promiscuous mode [ 57.363660][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.373879][ T1660] EXT4-fs warning (device loop0): dx_probe:868: inode #2: comm syz-executor.0: Unimplemented hash flags: 0x0001 [ 57.385926][ T1660] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 57.389964][ T1637] device veth1_macvtap entered promiscuous mode [ 57.406855][ T1660] EXT4-fs warning (device loop0): dx_probe:868: inode #2: comm syz-executor.0: Unimplemented hash flags: 0x0001 [ 57.408654][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.427026][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.434947][ T539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.441671][ T1660] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 57.460518][ T1667] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir3907390490/syzkaller.H1FilU/58/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=4294967295, rec_len=7, size=1024 fake=0 [ 57.489391][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.502858][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.521356][ T1656] loop4: detected capacity change from 0 to 40427 [ 57.529246][ T359] device bridge_slave_1 left promiscuous mode [ 57.531135][ T1656] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 57.535185][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.542801][ T1656] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 57.559714][ T359] device bridge_slave_0 left promiscuous mode [ 57.565954][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.571277][ T1656] F2FS-fs (loop4): Found nat_bits in checkpoint [ 57.579352][ T931] EXT4-fs (loop0): unmounting filesystem. [ 57.603607][ T359] device veth1_macvtap left promiscuous mode [ 57.619853][ T359] device veth0_vlan left promiscuous mode [ 57.630363][ T1656] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 57.637387][ T1656] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 57.755635][ T28] audit: type=1326 audit(1717646779.348:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1682 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 57.808743][ T28] audit: type=1326 audit(1717646779.348:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1682 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 57.834540][ T28] audit: type=1326 audit(1717646779.348:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1682 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 57.938298][ T39] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 58.026612][ T1711] device pim6reg1 entered promiscuous mode [ 58.102719][ T1715] loop2: detected capacity change from 0 to 256 [ 58.127835][ T1715] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 58.177590][ T39] usb 4-1: Using ep0 maxpacket: 16 [ 58.307722][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.323484][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.335398][ T39] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 58.349364][ T1741] loop0: detected capacity change from 0 to 128 [ 58.356631][ T39] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 58.365697][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.374842][ T39] usb 4-1: config 0 descriptor?? [ 58.439994][ T1747] raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! [ 58.458525][ T1749] loop0: detected capacity change from 0 to 256 [ 58.478251][ T1749] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 58.528574][ T1755] tipc: Failed to remove unknown binding: 66,1,1/0:1173049822/1173049824 [ 58.542905][ T1755] tipc: Failed to remove unknown binding: 66,1,1/0:1173049822/1173049824 [ 58.556289][ T1755] tipc: Failed to remove unknown binding: 66,1,1/0:1173049822/1173049824 [ 58.588489][ T1762] device batadv_slave_1 entered promiscuous mode [ 58.594865][ T1761] device batadv_slave_1 left promiscuous mode [ 58.640881][ T1759] exFAT-fs (loop0): hint_cluster is invalid (17) [ 58.647523][ T1759] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 58.655515][ T1759] exFAT-fs (loop0): Filesystem has been set read-only [ 58.662153][ T1759] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 58.727580][ T1784] tipc: Failed to remove unknown binding: 66,1,1/0:2582098148/2582098150 [ 58.736160][ T1784] tipc: Failed to remove unknown binding: 66,1,1/0:2582098148/2582098150 [ 58.744504][ T1784] tipc: Failed to remove unknown binding: 66,1,1/0:2582098148/2582098150 [ 58.767188][ T1786] kvm [1785]: vcpu0, guest rIP: 0xfff0 unimplemented HWCR wrmsr: 0x1fff00000000 [ 58.858462][ T39] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0 [ 58.865524][ T39] microsoft 0003:045E:07DA.0007: item fetching failed at offset 30/34 [ 58.877622][ T39] microsoft 0003:045E:07DA.0007: parse failed [ 58.883561][ T39] microsoft: probe of 0003:045E:07DA.0007 failed with error -22 [ 59.061168][ T39] usb 4-1: USB disconnect, device number 7 [ 59.448602][ T1816] loop2: detected capacity change from 0 to 256 [ 59.697750][ T39] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 60.277627][ T331] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 60.517693][ T331] usb 3-1: Using ep0 maxpacket: 16 [ 60.561942][ T1933] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 60.637760][ T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.659997][ T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.675592][ T331] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 60.694829][ T331] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 60.702505][ T1951] loop1: detected capacity change from 0 to 256 [ 60.717804][ T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.726375][ T331] usb 3-1: config 0 descriptor?? [ 60.803082][ T1947] loop4: detected capacity change from 0 to 40427 [ 60.812191][ T1947] F2FS-fs (loop4): Found nat_bits in checkpoint [ 60.835344][ T1947] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 60.850696][ T949] syz-executor.4: attempt to access beyond end of device [ 60.850696][ T949] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 60.864709][ T314] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 61.017598][ T313] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 61.188321][ T1855] syz-executor.2[1855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.188400][ T1855] syz-executor.2[1855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.207746][ T39] usb 1-1: device descriptor read/64, error -71 [ 61.208617][ T331] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 61.232486][ T331] microsoft 0003:045E:07DA.0008: item fetching failed at offset 30/34 [ 61.237640][ T314] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.240628][ T331] microsoft 0003:045E:07DA.0008: parse failed [ 61.251299][ T314] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.257022][ T331] microsoft: probe of 0003:045E:07DA.0008 failed with error -22 [ 61.266703][ T314] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 61.282888][ T313] usb 2-1: Using ep0 maxpacket: 32 [ 61.287846][ T314] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.296027][ T314] usb 4-1: config 0 descriptor?? [ 61.407648][ T313] usb 2-1: config 0 has no interfaces? [ 61.413045][ T313] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 61.421879][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.430218][ T313] usb 2-1: config 0 descriptor?? [ 61.432773][ T331] usb 3-1: USB disconnect, device number 9 [ 61.673315][ T331] usb 2-1: USB disconnect, device number 6 [ 61.727679][ T39] usb 1-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 61.737809][ T39] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 61.746745][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.780354][ T1968] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 61.796895][ T39] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 61.967662][ T314] hid-led: probe of 0003:27B8:01ED.0009 failed with error -71 [ 61.999452][ T19] usb 1-1: USB disconnect, device number 5 [ 62.000490][ T314] usb 4-1: USB disconnect, device number 8 [ 62.006900][ T1972] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 62.288757][ T1980] loop2: detected capacity change from 0 to 40427 [ 62.299097][ T1980] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 62.307727][ T1980] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 62.348719][ T1980] F2FS-fs (loop2): Found nat_bits in checkpoint [ 62.384572][ T1993] loop1: detected capacity change from 0 to 256 [ 62.401016][ T1980] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 62.408476][ T1980] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 62.425036][ T1996] loop1: detected capacity change from 0 to 128 [ 62.504353][ T2007] loop2: detected capacity change from 0 to 512 [ 62.513210][ T2007] EXT4-fs: Ignoring removed orlov option [ 62.520744][ T2007] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.532174][ T2007] EXT4-fs (loop2): Test dummy encryption mode enabled [ 62.552221][ T2007] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 62.560270][ T2007] System zones: 1-12 [ 62.565026][ T2007] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 62.578539][ T2007] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 62.590706][ T2007] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 62.608027][ T2007] EXT4-fs (loop2): 1 orphan inode deleted [ 62.613947][ T2007] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 62.637063][ T2023] incfs: Error accessing: ./file0. [ 62.642226][ T2023] incfs: mount failed -20 [ 62.652595][ T28] kauditd_printk_skb: 13672 callbacks suppressed [ 62.652615][ T28] audit: type=1400 audit(1717646784.228:13916): avc: denied { mounton } for pid=2022 comm="syz-executor.1" path="/root/syzkaller-testdir3700215824/syzkaller.CTGCjf/42/file0" dev="sda1" ino=1948 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 62.713141][ T2029] loop1: detected capacity change from 0 to 128 [ 62.746485][ T2034] loop1: detected capacity change from 0 to 256 [ 62.813911][ T45] Bluetooth: hci0: sending frame failed (-49) [ 62.819928][ T2005] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 62.857705][ T331] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 62.874953][ T2044] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 62.909780][ T2044] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 62.930617][ T28] audit: type=1400 audit(1717646784.528:13917): avc: denied { reparent } for pid=2006 comm="syz-executor.2" name="file0" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 62.933304][ T2054] loop0: detected capacity change from 0 to 512 [ 62.962833][ T28] audit: type=1400 audit(1717646784.558:13918): avc: denied { remove_name } for pid=2006 comm="syz-executor.2" name="file2" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 62.994568][ T28] audit: type=1400 audit(1717646784.558:13919): avc: denied { rename } for pid=2006 comm="syz-executor.2" name="file2" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 63.027633][ T39] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 63.074613][ T2060] loop0: detected capacity change from 0 to 128 [ 63.287913][ T331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.298889][ T331] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.308677][ T331] usb 4-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 63.317442][ T331] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.325772][ T331] usb 4-1: config 0 descriptor?? [ 63.363473][ T1637] EXT4-fs (loop2): unmounting filesystem. [ 63.377830][ T539] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 63.387670][ T39] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 63.397980][ T39] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 63.406922][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.448228][ T39] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 63.467052][ T2070] syz-executor.2[2070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.467110][ T2070] syz-executor.2[2070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.627750][ T539] usb 1-1: Using ep0 maxpacket: 8 [ 63.650819][ T39] usb 2-1: USB disconnect, device number 7 [ 63.706054][ T2084] loop2: detected capacity change from 0 to 512 [ 63.767775][ T539] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 63.776641][ T539] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.785194][ T539] usb 1-1: config 0 descriptor?? [ 63.818289][ T331] pantherlord 0003:0810:0002.000A: item fetching failed at offset 0/3 [ 63.826375][ T331] pantherlord 0003:0810:0002.000A: parse failed [ 63.832385][ T331] pantherlord: probe of 0003:0810:0002.000A failed with error -22 [ 63.867288][ T28] audit: type=1400 audit(1717646785.458:13920): avc: denied { bind } for pid=2088 comm="syz-executor.2" lport=42 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 63.887954][ T28] audit: type=1400 audit(1717646785.458:13921): avc: denied { node_bind } for pid=2088 comm="syz-executor.2" saddr=fe88::3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 63.931967][ T2096] syz-executor.4[2096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.932018][ T2096] syz-executor.4[2096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.019069][ T24] usb 4-1: USB disconnect, device number 9 [ 64.141540][ T28] audit: type=1400 audit(1717646785.738:13922): avc: denied { bind } for pid=2115 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 64.161568][ T28] audit: type=1400 audit(1717646785.738:13923): avc: denied { listen } for pid=2115 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 64.181869][ T28] audit: type=1400 audit(1717646785.738:13924): avc: denied { write } for pid=2115 comm="syz-executor.2" path="socket:[25909]" dev="sockfs" ino=25909 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 64.205707][ T2112] binder: 2111:2112 ioctl c0306201 20000380 returned -14 [ 64.227142][ T2121] syz-executor.4[2121] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.227196][ T2121] syz-executor.4[2121] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.240831][ T2123] Invalid ELF header magic: != ELF [ 64.242771][ T28] audit: type=1400 audit(1717646785.838:13925): avc: denied { sys_module } for pid=2122 comm="syz-executor.2" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 64.474321][ T2129] loop1: detected capacity change from 0 to 40427 [ 64.481361][ T2129] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 64.489071][ T2129] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 64.498908][ T2129] F2FS-fs (loop1): invalid crc value [ 64.505712][ T2129] F2FS-fs (loop1): Found nat_bits in checkpoint [ 64.546471][ T2129] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 64.557406][ T2129] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 64.611007][ T2149] binder: 2148:2149 ioctl c0306201 20000380 returned -14 [ 65.067786][ T331] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 65.188180][ T1458] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 65.197321][ T1458] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 65.227277][ T2162] device pim6reg1 entered promiscuous mode [ 65.462689][ T2183] Invalid ELF header magic: != ELF [ 65.467875][ T331] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 65.478314][ T331] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 65.487263][ T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.495327][ T539] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 65.505501][ T539] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 65.515817][ T539] asix: probe of 1-1:0.0 failed with error -71 [ 65.522495][ T539] usb 1-1: USB disconnect, device number 6 [ 65.529088][ T2185] device wg2 entered promiscuous mode [ 65.548101][ T331] aiptek 3-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 65.677699][ T526] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 65.778115][ T39] usb 3-1: USB disconnect, device number 10 [ 65.957690][ T331] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 66.057658][ T526] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.069060][ T526] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.078790][ T526] usb 5-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 66.087918][ T526] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.096368][ T526] usb 5-1: config 0 descriptor?? [ 66.127831][ T2212] device wg2 entered promiscuous mode [ 66.207650][ T331] usb 2-1: Using ep0 maxpacket: 32 [ 66.296117][ T2223] loop2: detected capacity change from 0 to 128 [ 66.305637][ T2223] incfs: ino conflict with backing FS 1 [ 66.338035][ T331] usb 2-1: New USB device found, idVendor=0424, idProduct=7505, bcdDevice=32.a8 [ 66.346962][ T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.355334][ T331] usb 2-1: config 0 descriptor?? [ 66.397988][ T331] smsc75xx v1.0.0 [ 66.401466][ T331] smsc75xx 2-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 66.411275][ T331] smsc75xx: probe of 2-1:0.0 failed with error -22 [ 66.457616][ T39] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 66.568445][ T526] pantherlord 0003:0810:0002.000B: item fetching failed at offset 0/3 [ 66.576529][ T526] pantherlord 0003:0810:0002.000B: parse failed [ 66.582571][ T526] pantherlord: probe of 0003:0810:0002.000B failed with error -22 [ 66.598758][ T331] usb 2-1: USB disconnect, device number 8 [ 66.737619][ T526] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 66.787904][ T314] usb 5-1: USB disconnect, device number 8 [ 66.817681][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.828775][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.838382][ T39] usb 1-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 66.847157][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.855508][ T39] usb 1-1: config 0 descriptor?? [ 66.987613][ T526] usb 3-1: Using ep0 maxpacket: 8 [ 67.166098][ T2248] loop1: detected capacity change from 0 to 256 [ 67.172753][ T2248] exfat: Deprecated parameter 'namecase' [ 67.178483][ T2248] exfat: Deprecated parameter 'utf8' [ 67.183587][ T2248] exfat: Deprecated parameter 'namecase' [ 67.189087][ T2248] exfat: Deprecated parameter 'utf8' [ 67.196598][ T2248] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 67.307744][ T526] usb 3-1: New USB device found, idVendor=0403, idProduct=bca0, bcdDevice=a3.0d [ 67.316807][ T526] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.324702][ T526] usb 3-1: Product: syz [ 67.328468][ T39] pantherlord 0003:0810:0002.000C: item fetching failed at offset 0/3 [ 67.328616][ T526] usb 3-1: Manufacturer: syz [ 67.336892][ T39] pantherlord 0003:0810:0002.000C: parse failed [ 67.341049][ T526] usb 3-1: SerialNumber: syz [ 67.347191][ T39] pantherlord: probe of 0003:0810:0002.000C failed with error -22 [ 67.352426][ T526] usb 3-1: config 0 descriptor?? [ 67.398661][ T526] ftdi_sio 3-1:0.0: Ignoring interface reserved for JTAG [ 67.468254][ T2261] loop1: detected capacity change from 0 to 40427 [ 67.475033][ T2261] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 67.482591][ T2261] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 67.491391][ T2261] F2FS-fs (loop1): invalid crc value [ 67.497916][ T2261] F2FS-fs (loop1): Found nat_bits in checkpoint [ 67.521919][ T2261] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 67.528844][ T2261] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 67.540057][ T526] usb 1-1: USB disconnect, device number 7 [ 67.578306][ T314] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 67.599971][ T331] usb 3-1: USB disconnect, device number 11 [ 68.007645][ T314] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 68.017632][ T314] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 68.107906][ T314] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 68.116973][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 68.125285][ T314] usb 5-1: SerialNumber: syz [ 68.136086][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 68.136101][ T28] audit: type=1400 audit(1717646789.728:13934): avc: denied { read } for pid=2286 comm="syz-executor.3" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 68.164998][ T28] audit: type=1400 audit(1717646789.728:13935): avc: denied { open } for pid=2286 comm="syz-executor.3" path="/dev/ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 68.188844][ T314] usb 5-1: bad CDC descriptors [ 68.188952][ T28] audit: type=1400 audit(1717646789.728:13936): avc: denied { ioctl } for pid=2286 comm="syz-executor.3" path="/dev/ppp" dev="devtmpfs" ino=138 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 68.278209][ T1458] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 68.287297][ T1458] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 68.318927][ T2301] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 68.325411][ T2298] loop0: detected capacity change from 0 to 2048 [ 68.325977][ T2301] IPv6: NLM_F_CREATE should be set when creating new route [ 68.373593][ T2308] device pim6reg1 entered promiscuous mode [ 68.380573][ T2310] loop3: detected capacity change from 0 to 256 [ 68.380843][ T2298] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 68.391887][ T526] usb 5-1: USB disconnect, device number 9 [ 68.401157][ T2298] ext4 filesystem being mounted at /root/syzkaller-testdir3907390490/syzkaller.H1FilU/119/bus supports timestamps until 2038 (0x7fffffff) [ 68.408215][ T2310] exfat: Deprecated parameter 'namecase' [ 68.424086][ T2310] exfat: Deprecated parameter 'utf8' [ 68.429333][ T2310] exfat: Deprecated parameter 'namecase' [ 68.435335][ T2310] exfat: Deprecated parameter 'utf8' [ 68.435685][ T28] audit: type=1400 audit(1717646790.028:13937): avc: denied { ioctl } for pid=2297 comm="syz-executor.0" path="/root/syzkaller-testdir3907390490/syzkaller.H1FilU/119/bus/file0/file0" dev="loop0" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 68.473928][ T931] EXT4-fs (loop0): unmounting filesystem. [ 68.480278][ T2310] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 68.509402][ T2314] loop2: detected capacity change from 0 to 512 [ 68.523812][ T28] audit: type=1400 audit(1717646790.118:13938): avc: denied { read } for pid=2317 comm="syz-executor.1" name="ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 68.548251][ T28] audit: type=1400 audit(1717646790.148:13939): avc: denied { open } for pid=2317 comm="syz-executor.1" path="/dev/ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 68.553532][ T2314] EXT4-fs (loop2): 1 orphan inode deleted [ 68.575001][ T28] audit: type=1400 audit(1717646790.168:13940): avc: denied { ioctl } for pid=2317 comm="syz-executor.1" path="/dev/ptp0" dev="devtmpfs" ino=172 ioctlcmd=0x3d0f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 68.583011][ T2314] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 68.611711][ T2314] ext4 filesystem being mounted at /root/syzkaller-testdir3209649240/syzkaller.VZhp73/77/file1 supports timestamps until 2038 (0x7fffffff) [ 68.630982][ T2314] EXT4-fs error (device loop2): ext4_free_blocks:6197: comm syz-executor.2: Freeing blocks not in datazone - block = 41, count = 1 [ 68.653166][ T2314] EXT4-fs (loop2): Remounting filesystem read-only [ 68.662454][ T2324] device pim6reg1 entered promiscuous mode [ 68.668145][ T2314] EXT4-fs error (device loop2): __ext4_get_inode_loc:4497: comm syz-executor.2: Invalid inode table block 34 in block_group 0 [ 68.685228][ T2314] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 68.694784][ T2314] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz-executor.2: mark_inode_dirty error [ 68.706557][ T2314] EXT4-fs error (device loop2): __ext4_get_inode_loc:4497: comm syz-executor.2: Invalid inode table block 34 in block_group 0 [ 68.723807][ T2314] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 68.733323][ T2314] EXT4-fs error (device loop2): ext4_punch_hole:4142: inode #16: comm syz-executor.2: mark_inode_dirty error [ 68.775365][ T1637] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.2: lblock 0 mapped to illegal pblock 3 (length 1) [ 68.786905][ T2320] loop3: detected capacity change from 0 to 40427 [ 68.796457][ T2320] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 68.804253][ T2320] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 68.812909][ T1637] EXT4-fs (loop2): unmounting filesystem. [ 68.813254][ T2320] F2FS-fs (loop3): invalid crc value [ 68.818517][ T314] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 68.836068][ T2320] F2FS-fs (loop3): Found nat_bits in checkpoint [ 68.866187][ T2335] 9pnet: Could not find request transport: xen [ 68.871534][ T2320] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 68.880596][ T2320] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 69.067628][ T314] usb 1-1: Using ep0 maxpacket: 8 [ 69.247770][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.259106][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.300993][ T2353] device pim6reg1 entered promiscuous mode [ 69.301024][ T314] usb 1-1: New USB device found, idVendor=056a, idProduct=033e, bcdDevice= 0.00 [ 69.315603][ T314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.324056][ T314] usb 1-1: config 0 descriptor?? [ 69.339212][ T2355] loop1: detected capacity change from 0 to 512 [ 69.349966][ T2355] EXT4-fs (loop1): 1 orphan inode deleted [ 69.355606][ T2355] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 69.364940][ T2355] ext4 filesystem being mounted at /root/syzkaller-testdir3700215824/syzkaller.CTGCjf/87/file1 supports timestamps until 2038 (0x7fffffff) [ 69.387363][ T2355] EXT4-fs error (device loop1): ext4_free_blocks:6197: comm syz-executor.1: Freeing blocks not in datazone - block = 41, count = 1 [ 69.401384][ T2355] EXT4-fs (loop1): Remounting filesystem read-only [ 69.413527][ T2355] EXT4-fs error (device loop1): __ext4_get_inode_loc:4497: comm syz-executor.1: Invalid inode table block 34 in block_group 0 [ 69.413608][ T359] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 69.430007][ T2355] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 69.445062][ T2351] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.447451][ T2355] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz-executor.1: mark_inode_dirty error [ 69.463473][ T2351] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.470790][ T2351] device bridge_slave_0 entered promiscuous mode [ 69.473865][ T359] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 69.486586][ T2355] EXT4-fs error (device loop1): __ext4_get_inode_loc:4497: comm syz-executor.1: Invalid inode table block 34 in block_group 0 [ 69.500705][ T2355] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 69.511080][ T2351] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.518237][ T2355] EXT4-fs error (device loop1): ext4_punch_hole:4142: inode #16: comm syz-executor.1: mark_inode_dirty error [ 69.519814][ T2351] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.548581][ T2351] device bridge_slave_1 entered promiscuous mode [ 69.564860][ T1311] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.1: lblock 0 mapped to illegal pblock 3 (length 1) [ 69.589700][ T1311] EXT4-fs (loop1): unmounting filesystem. [ 69.612279][ T2371] loop3: detected capacity change from 0 to 256 [ 69.625579][ T2371] FAT-fs (loop3): Directory bread(block 64) failed [ 69.632001][ T2371] FAT-fs (loop3): Directory bread(block 65) failed [ 69.638380][ T2371] FAT-fs (loop3): Directory bread(block 66) failed [ 69.644748][ T2371] FAT-fs (loop3): Directory bread(block 67) failed [ 69.651549][ T2371] FAT-fs (loop3): Directory bread(block 68) failed [ 69.658550][ T2371] FAT-fs (loop3): Directory bread(block 69) failed [ 69.665012][ T2371] FAT-fs (loop3): Directory bread(block 70) failed [ 69.671439][ T2371] FAT-fs (loop3): Directory bread(block 71) failed [ 69.677808][ T2371] FAT-fs (loop3): Directory bread(block 72) failed [ 69.684192][ T2371] FAT-fs (loop3): Directory bread(block 73) failed [ 69.737449][ T2377] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 69.759378][ T2377] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.4'. [ 69.770217][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.782468][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.808847][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.819105][ T314] wacom 0003:056A:033E.000D: Unknown device_type for 'HID 056a:033e'. Assuming pen. [ 69.820289][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.836408][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.843283][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.845430][ T314] input: Wacom Intuos PT M 2 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:033E.000D/input/input11 [ 69.854007][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.876477][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.881800][ T314] wacom 0003:056A:033E.000D: hidraw0: USB HID v0.00 Device [HID 056a:033e] on usb-dummy_hcd.0-1/input0 [ 69.897347][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.904244][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.917430][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.925328][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.933200][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.956505][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.974539][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.982395][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.990291][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.999390][ T2351] device veth0_vlan entered promiscuous mode [ 70.025286][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.036587][ T2351] device veth1_macvtap entered promiscuous mode [ 70.043929][ T526] usb 1-1: USB disconnect, device number 8 [ 70.066436][ T2395] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 70.075892][ T2395] EXT4-fs (loop4): unable to read superblock [ 70.084063][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.097398][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.119246][ T2401] loop4: detected capacity change from 0 to 256 [ 70.126039][ T2386] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.135243][ T2386] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.137315][ T2401] FAT-fs (loop4): Directory bread(block 64) failed [ 70.147257][ T2386] device bridge_slave_0 entered promiscuous mode [ 70.148531][ T2401] FAT-fs (loop4): Directory bread(block 65) failed [ 70.161270][ T1458] device bridge_slave_1 left promiscuous mode [ 70.167247][ T1458] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.174388][ T2401] FAT-fs (loop4): Directory bread(block 66) failed [ 70.181258][ T1458] device bridge_slave_0 left promiscuous mode [ 70.187199][ T2401] FAT-fs (loop4): Directory bread(block 67) failed [ 70.193660][ T1458] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.200758][ T2401] FAT-fs (loop4): Directory bread(block 68) failed [ 70.208134][ T1458] device veth1_macvtap left promiscuous mode [ 70.214018][ T1458] device veth0_vlan left promiscuous mode [ 70.219609][ T2401] FAT-fs (loop4): Directory bread(block 69) failed [ 70.231457][ T2401] FAT-fs (loop4): Directory bread(block 70) failed [ 70.245691][ T2401] FAT-fs (loop4): Directory bread(block 71) failed [ 70.258456][ T2401] FAT-fs (loop4): Directory bread(block 72) failed [ 70.271668][ T2401] FAT-fs (loop4): Directory bread(block 73) failed [ 70.310094][ T2397] loop3: detected capacity change from 0 to 40427 [ 70.317397][ T2397] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 70.325451][ T2397] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 70.338432][ T2397] F2FS-fs (loop3): invalid crc value [ 70.346249][ T2397] F2FS-fs (loop3): Found nat_bits in checkpoint [ 70.375876][ T2397] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 70.383000][ T2397] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 70.395482][ T2386] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.403960][ T2386] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.412461][ T2386] device bridge_slave_1 entered promiscuous mode [ 70.419659][ T28] audit: type=1326 audit(1717646792.018:13941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2407 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 70.426754][ T2411] loop2: detected capacity change from 0 to 2048 [ 70.465147][ T28] audit: type=1326 audit(1717646792.018:13942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2407 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 70.489710][ T28] audit: type=1326 audit(1717646792.048:13943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2407 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 70.524259][ T2411] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 70.542581][ T2411] ext4 filesystem being mounted at /root/syzkaller-testdir1659795071/syzkaller.T99YLG/0/bus supports timestamps until 2038 (0x7fffffff) [ 70.592328][ T2351] EXT4-fs (loop2): unmounting filesystem. [ 70.600640][ T2417] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 70.619975][ T2397] syz-executor.3: attempt to access beyond end of device [ 70.619975][ T2397] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 70.622562][ T2417] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.0'. [ 70.719729][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.727224][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.740897][ T2426] loop0: detected capacity change from 0 to 256 [ 70.775000][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.786078][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.804360][ T526] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.811248][ T526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.819644][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.827963][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.836052][ T526] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.842923][ T526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.850203][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.858173][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.332849][ T2428] loop0: detected capacity change from 0 to 512 [ 71.340268][ T2428] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.350577][ T2428] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: casefold flag without casefold feature [ 71.363660][ T2428] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002] [ 71.371511][ T2428] System zones: 0-2, 18-18, 34-35 [ 71.376860][ T2428] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 71.399577][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.407252][ T931] EXT4-fs (loop0): unmounting filesystem. [ 71.416076][ T526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.429868][ T2386] device veth0_vlan entered promiscuous mode [ 71.442040][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.450649][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.458039][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.469306][ T2386] device veth1_macvtap entered promiscuous mode [ 71.479781][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.495708][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.504152][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.512321][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.538248][ T2438] loop3: detected capacity change from 0 to 2048 [ 71.549287][ T2443] tun0: tun_chr_ioctl cmd 1074025677 [ 71.554612][ T2443] tun0: linktype set to 823 [ 71.576179][ T2448] loop4: detected capacity change from 0 to 256 [ 71.582687][ T2438] loop3: p1 < > p4 [ 71.586810][ T2438] loop3: p4 size 8388608 extends beyond EOD, truncated [ 71.591059][ T2448] FAT-fs (loop4): Directory bread(block 64) failed [ 71.600040][ T2448] FAT-fs (loop4): Directory bread(block 65) failed [ 71.606558][ T2448] FAT-fs (loop4): Directory bread(block 66) failed [ 71.615477][ T2448] FAT-fs (loop4): Directory bread(block 67) failed [ 71.622418][ T2448] FAT-fs (loop4): Directory bread(block 68) failed [ 71.628841][ T2448] FAT-fs (loop4): Directory bread(block 69) failed [ 71.635192][ T2448] FAT-fs (loop4): Directory bread(block 70) failed [ 71.641572][ T2448] FAT-fs (loop4): Directory bread(block 71) failed [ 71.652984][ T2448] FAT-fs (loop4): Directory bread(block 72) failed [ 71.660015][ T2448] FAT-fs (loop4): Directory bread(block 73) failed [ 71.715398][ T2457] loop1: detected capacity change from 0 to 128 [ 71.757801][ T526] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 72.129258][ T2478] loop1: detected capacity change from 0 to 2048 [ 72.177954][ T2478] loop1: p1 < > p4 [ 72.181983][ T2478] loop1: p4 size 8388608 extends beyond EOD, truncated [ 72.372540][ T2506] loop1: detected capacity change from 0 to 256 [ 72.382352][ T2508] loop4: detected capacity change from 0 to 256 [ 72.386039][ T2506] FAT-fs (loop1): Directory bread(block 64) failed [ 72.395078][ T2506] FAT-fs (loop1): Directory bread(block 65) failed [ 72.402378][ T2508] FAT-fs (loop4): Directory bread(block 1285) failed [ 72.409259][ T526] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.415495][ T2510] loop0: detected capacity change from 0 to 2048 [ 72.420293][ T2506] FAT-fs (loop1): Directory bread(block 66) failed [ 72.432952][ T2506] FAT-fs (loop1): Directory bread(block 67) failed [ 72.432954][ T526] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.432987][ T526] usb 3-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 72.439529][ T2506] FAT-fs (loop1): Directory bread(block 68) failed [ 72.464426][ T2506] FAT-fs (loop1): Directory bread(block 69) failed [ 72.470767][ T2506] FAT-fs (loop1): Directory bread(block 70) failed [ 72.475131][ T526] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.477070][ T2506] FAT-fs (loop1): Directory bread(block 71) failed [ 72.491371][ T526] usb 3-1: config 0 descriptor?? [ 72.491679][ T2506] FAT-fs (loop1): Directory bread(block 72) failed [ 72.491702][ T2506] FAT-fs (loop1): Directory bread(block 73) failed [ 72.495051][ T2510] loop0: p1 < > p4 [ 72.495553][ T2510] loop0: p4 size 8388608 extends beyond EOD, truncated [ 72.606352][ T2521] tun0: tun_chr_ioctl cmd 1074025677 [ 72.611687][ T2521] tun0: linktype set to 823 [ 73.113960][ T526] pantherlord 0003:0810:0002.000E: item fetching failed at offset 0/3 [ 73.122655][ T526] pantherlord 0003:0810:0002.000E: parse failed [ 73.129122][ T526] pantherlord: probe of 0003:0810:0002.000E failed with error -22 [ 73.443526][ T526] usb 3-1: USB disconnect, device number 12 [ 73.466387][ T2545] loop4: detected capacity change from 0 to 2048 [ 73.488157][ T2545] loop4: p1 < > p4 [ 73.493551][ T2545] loop4: p4 size 8388608 extends beyond EOD, truncated [ 73.530345][ T2549] loop3: detected capacity change from 0 to 128 [ 73.530582][ T2547] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 73.543657][ T2547] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 73.553096][ T2547] device wg2 left promiscuous mode [ 73.560587][ T28] kauditd_printk_skb: 1387 callbacks suppressed [ 73.560601][ T28] audit: type=1326 audit(1717646795.158:15331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.612100][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 73.614638][ T28] audit: type=1326 audit(1717646795.158:15332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.621398][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.652527][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 73.653293][ T28] audit: type=1326 audit(1717646795.158:15333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.661237][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.685510][ T28] audit: type=1326 audit(1717646795.158:15334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.693506][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.715720][ T28] audit: type=1326 audit(1717646795.158:15335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.747505][ T28] audit: type=1326 audit(1717646795.158:15336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.747784][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.771688][ T28] audit: type=1326 audit(1717646795.188:15337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.803067][ T28] audit: type=1326 audit(1717646795.188:15338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd51e27cf69 code=0x7ffc0000 [ 73.803346][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.827242][ T28] audit: type=1400 audit(1717646795.188:15339): avc: denied { read } for pid=2546 comm="syz-executor.0" path="socket:[29067]" dev="sockfs" ino=29067 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 73.858132][ T28] audit: type=1326 audit(1717646795.198:15340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd51e27a6e7 code=0x7ffc0000 [ 73.858388][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.932462][ T2562] tun0: tun_chr_ioctl cmd 1074025677 [ 73.937724][ T2562] tun0: linktype set to 823 [ 74.076568][ T2577] loop2: detected capacity change from 0 to 128 [ 74.265902][ T2582] loop2: detected capacity change from 0 to 256 [ 74.336700][ T2582] FAT-fs (loop2): Directory bread(block 64) failed [ 74.381702][ T2582] FAT-fs (loop2): Directory bread(block 65) failed [ 74.393655][ T2582] FAT-fs (loop2): Directory bread(block 66) failed [ 74.404882][ T2582] FAT-fs (loop2): Directory bread(block 67) failed [ 74.412650][ T2582] FAT-fs (loop2): Directory bread(block 68) failed [ 74.419221][ T2582] FAT-fs (loop2): Directory bread(block 69) failed [ 74.425686][ T2582] FAT-fs (loop2): Directory bread(block 70) failed [ 74.432543][ T2582] FAT-fs (loop2): Directory bread(block 71) failed [ 74.440500][ T2570] loop1: detected capacity change from 0 to 40427 [ 74.441602][ T2582] FAT-fs (loop2): Directory bread(block 72) failed [ 74.447638][ T2570] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 74.453470][ T2582] FAT-fs (loop2): Directory bread(block 73) failed [ 74.460861][ T2570] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 74.477477][ T2570] F2FS-fs (loop1): Found nat_bits in checkpoint [ 74.512569][ T2570] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 74.517993][ T314] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 74.519740][ T2570] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 74.540518][ T2570] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 74.549764][ T2570] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 74.677625][ T39] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 74.877654][ T314] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 74.888118][ T314] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 74.906228][ T2624] syz-executor.2[2624] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.906308][ T2624] syz-executor.2[2624] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.917954][ T39] usb 1-1: Using ep0 maxpacket: 32 [ 74.934357][ T944] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 74.977686][ T314] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 74.986553][ T314] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 74.996645][ T314] usb 4-1: SerialNumber: syz [ 75.038030][ T314] usb 4-1: bad CDC descriptors [ 75.100899][ T39] usb 1-1: New USB device found, idVendor=0424, idProduct=7505, bcdDevice=32.a8 [ 75.109961][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.118779][ T39] usb 1-1: config 0 descriptor?? [ 75.158061][ T39] smsc75xx v1.0.0 [ 75.161617][ T39] smsc75xx 1-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 75.171952][ T39] smsc75xx: probe of 1-1:0.0 failed with error -22 [ 75.368222][ T944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.418584][ T944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.469754][ T944] usb 2-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 75.478814][ T944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.487395][ T944] usb 2-1: config 0 descriptor?? [ 75.493816][ T314] usb 4-1: USB disconnect, device number 10 [ 75.499699][ T39] usb 1-1: USB disconnect, device number 9 [ 75.599198][ T2648] loop4: detected capacity change from 0 to 65536 [ 75.656542][ T2652] syz-executor.4[2652] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 75.656589][ T2652] syz-executor.4[2652] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 75.969280][ T944] pantherlord 0003:0810:0002.000F: item fetching failed at offset 0/3 [ 75.998449][ T944] pantherlord 0003:0810:0002.000F: parse failed [ 76.004593][ T944] pantherlord: probe of 0003:0810:0002.000F failed with error -22 [ 76.172307][ T526] usb 2-1: USB disconnect, device number 9 [ 77.348108][ T2709] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program [ 77.642365][ T331] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 78.288959][ T2726] loop2: detected capacity change from 0 to 2048 [ 78.297647][ T331] usb 1-1: Using ep0 maxpacket: 32 [ 78.303426][ T2726] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 78.847712][ T331] usb 1-1: New USB device found, idVendor=0424, idProduct=7505, bcdDevice=32.a8 [ 78.856592][ T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.865935][ T331] usb 1-1: config 0 descriptor?? [ 78.908023][ T331] smsc75xx v1.0.0 [ 78.911502][ T331] smsc75xx 1-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 78.922661][ T2738] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 78.931640][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 78.931657][ T28] audit: type=1400 audit(2000000001.579:15363): avc: denied { create } for pid=2737 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 78.958525][ T331] smsc75xx: probe of 1-1:0.0 failed with error -22 [ 78.965130][ T2738] FAT-fs (loop3): unable to read boot sector [ 78.974651][ T28] audit: type=1400 audit(2000000001.579:15364): avc: denied { mounton } for pid=2737 comm="syz-executor.1" path="/root/syzkaller-testdir3218417023/syzkaller.90qIZp/24/file0" dev="sda1" ino=1964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 79.003949][ T28] audit: type=1400 audit(2000000001.629:15365): avc: denied { unlink } for pid=2386 comm="syz-executor.1" name="file0" dev="sda1" ino=1964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 79.020732][ T2711] loop3: detected capacity change from 0 to 131072 [ 79.034007][ T2711] F2FS-fs (loop3): Test dummy encryption mode enabled [ 79.041608][ T2711] F2FS-fs (loop3): invalid crc value [ 79.048983][ T2711] F2FS-fs (loop3): Found nat_bits in checkpoint [ 79.080978][ T2711] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 79.088639][ T28] audit: type=1400 audit(2000000000.039:15366): avc: denied { mount } for pid=2710 comm="syz-executor.3" name="/" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 79.117586][ T331] usb 1-1: USB disconnect, device number 10 [ 79.152527][ T28] audit: type=1400 audit(2000000000.099:15367): avc: denied { unmount } for pid=2351 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 79.174566][ T2351] EXT4-fs (loop2): unmounting filesystem. [ 79.186207][ T2751] futex_wake_op: syz-executor.1 tries to shift op by -1; fix this program [ 80.224783][ T2767] syz-executor.1[2767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.224856][ T2767] syz-executor.1[2767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.696657][ T2802] syz-executor.0[2802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.728280][ T2802] syz-executor.0[2802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.835248][ T2812] loop1: detected capacity change from 0 to 2048 [ 82.032227][ T2812] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 83.324123][ T2386] EXT4-fs (loop1): unmounting filesystem. [ 83.341694][ T2837] tmpfs: Unknown parameter 'n' [ 83.396093][ T2850] syz-executor.0[2850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.396162][ T2850] syz-executor.0[2850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.388788][ T2855] device wireguard0 entered promiscuous mode [ 84.875099][ T28] audit: type=1400 audit(2000000005.819:15368): avc: denied { setopt } for pid=2862 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 84.897961][ T2878] fuse: Bad value for 'fd' [ 85.001500][ T28] audit: type=1400 audit(2000000005.949:15369): avc: denied { bind } for pid=2883 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 85.021619][ T28] audit: type=1400 audit(2000000005.949:15370): avc: denied { write } for pid=2883 comm="syz-executor.2" path="socket:[28609]" dev="sockfs" ino=28609 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 85.590056][ T2917] device veth1_macvtap left promiscuous mode [ 85.666299][ T2923] loop4: detected capacity change from 0 to 512 [ 85.689135][ T2923] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 85.719957][ T2923] EXT4-fs (loop4): 1 truncate cleaned up [ 85.732043][ T2923] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 85.769268][ T28] audit: type=1400 audit(2000000006.719:15371): avc: denied { remount } for pid=2922 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 85.769333][ T2923] EXT4-fs (loop4): can't enable nombcache during remount [ 85.853793][ T2905] loop1: detected capacity change from 0 to 40427 [ 85.869977][ T2905] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 85.877652][ T2905] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 85.888539][ T2905] F2FS-fs (loop1): invalid crc value [ 85.897925][ T949] EXT4-fs (loop4): unmounting filesystem. [ 85.919755][ T2905] F2FS-fs (loop1): Found nat_bits in checkpoint [ 85.971768][ T2905] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 85.982554][ T2905] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 86.158123][ T28] audit: type=1400 audit(2000000007.109:15372): avc: denied { mounton } for pid=2904 comm="syz-executor.1" path="/root/syzkaller-testdir3218417023/syzkaller.90qIZp/39/file0/bus" dev="loop1" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 86.158156][ T2940] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 86.388580][ T2952] SELinux: security_context_str_to_sid () failed with errno=-22 [ 86.406715][ T2953] fuse: Bad value for 'fd' [ 86.501074][ T2957] loop0: detected capacity change from 0 to 256 [ 86.537429][ T2957] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 86.843293][ T2970] loop1: detected capacity change from 0 to 256 [ 86.850249][ T2970] exfat: Deprecated parameter 'utf8' [ 86.855546][ T2970] exfat: Deprecated parameter 'namecase' [ 86.861422][ T2970] exfat: Deprecated parameter 'namecase' [ 86.866941][ T2970] exfat: Deprecated parameter 'utf8' [ 86.872059][ T2970] exfat: Deprecated parameter 'utf8' [ 86.887457][ T2970] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 87.467613][ T6] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 87.492265][ T28] audit: type=1400 audit(2000000008.429:15373): avc: denied { create } for pid=2987 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 87.512118][ T28] audit: type=1400 audit(2000000008.439:15374): avc: denied { connect } for pid=2987 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 87.532193][ T28] audit: type=1400 audit(2000000008.439:15375): avc: denied { setopt } for pid=2987 comm="syz-executor.3" laddr=fe80::11 lport=1 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 87.556212][ T28] audit: type=1400 audit(2000000008.439:15376): avc: denied { write } for pid=2987 comm="syz-executor.3" laddr=fe80::11 lport=1 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 87.579968][ T28] audit: type=1400 audit(2000000008.439:15377): avc: denied { read } for pid=2987 comm="syz-executor.3" laddr=fe80::11 lport=1 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 87.588885][ T2992] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 87.612598][ T2992] FAT-fs (loop3): unable to read boot sector [ 87.867704][ T6] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 87.897824][ T6] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 87.919743][ T6] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 87.929472][ T6] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 87.946751][ T3012] loop0: detected capacity change from 0 to 512 [ 87.958238][ T3012] EXT4-fs: Ignoring removed mblk_io_submit option [ 87.967744][ T6] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 87.976047][ T3012] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 87.986650][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.987670][ T39] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 88.030442][ T3012] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 88.045052][ T3012] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 88.046720][ T6] snd-usb-audio: probe of 5-1:27.0 failed with error -12 [ 88.065429][ T3012] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 88.084295][ T931] EXT4-fs (loop0): unmounting filesystem. [ 88.096940][ T3018] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 88.129152][ T3022] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 88.138361][ T3022] FAT-fs (loop1): unable to read boot sector [ 88.172333][ T3025] loop0: detected capacity change from 0 to 1024 [ 88.293358][ T3040] loop0: detected capacity change from 0 to 512 [ 88.300290][ T3040] EXT4-fs: Ignoring removed mblk_io_submit option [ 88.306940][ T3040] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 88.319016][ T3040] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 88.331891][ T3040] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 88.344219][ T3040] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 88.362028][ T3030] loop2: detected capacity change from 0 to 40427 [ 88.368863][ T931] EXT4-fs (loop0): unmounting filesystem. [ 88.368991][ T3030] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 88.382111][ T39] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 88.383156][ T3030] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 88.392052][ T39] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 88.400975][ T3030] F2FS-fs (loop2): invalid crc value [ 88.419359][ T3030] F2FS-fs (loop2): Found nat_bits in checkpoint [ 88.445236][ T3030] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 88.452284][ T3030] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 88.509634][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 88.518564][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 88.526417][ T39] usb 2-1: SerialNumber: syz [ 88.568629][ T39] usb 2-1: bad CDC descriptors [ 88.575636][ T3054] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 88.584852][ T3054] FAT-fs (loop7): unable to read boot sector [ 88.593472][ T3055] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 88.900429][ T6] usb 2-1: USB disconnect, device number 10 [ 88.939038][ T3060] device wireguard0 entered promiscuous mode [ 89.222929][ T3066] loop2: detected capacity change from 0 to 1024 [ 89.544574][ T3091] loop0: detected capacity change from 0 to 1024 [ 89.848887][ T3107] loop0: detected capacity change from 0 to 512 [ 89.857614][ T3107] EXT4-fs error (device loop0): mb_free_blocks:1813: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 89.867397][ T3112] loop3: detected capacity change from 0 to 512 [ 89.872454][ T3107] EXT4-fs (loop0): Remounting filesystem read-only [ 89.880550][ T3112] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #11: comm syz-executor.3: corrupted in-inode xattr [ 89.884402][ T3107] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz-executor.0: invalid indirect mapped block 1 (level 1) [ 89.896769][ T3112] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 11 (err -117) [ 89.910327][ T3107] EXT4-fs (loop0): 1 truncate cleaned up [ 89.922475][ T3112] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 89.927229][ T3107] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 89.955990][ T805] EXT4-fs (loop3): unmounting filesystem. [ 89.971527][ T931] EXT4-fs (loop0): unmounting filesystem. [ 90.118901][ T3105] usb 5-1: USB disconnect, device number 10 [ 90.184816][ T3132] loop4: detected capacity change from 0 to 1024 [ 91.296185][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 91.296199][ T28] audit: type=1400 audit(2000000012.239:15383): avc: denied { write } for pid=3145 comm="syz-executor.0" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 91.357613][ T6] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 91.365046][ T331] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 91.434316][ T3154] loop0: detected capacity change from 0 to 256 [ 91.449266][ T3154] FAT-fs (loop0): Directory bread(block 64) failed [ 91.455648][ T3154] FAT-fs (loop0): Directory bread(block 65) failed [ 91.462074][ T3154] FAT-fs (loop0): Directory bread(block 66) failed [ 91.468574][ T3154] FAT-fs (loop0): Directory bread(block 67) failed [ 91.474954][ T3154] FAT-fs (loop0): Directory bread(block 68) failed [ 91.481307][ T3154] FAT-fs (loop0): Directory bread(block 69) failed [ 91.487711][ T3154] FAT-fs (loop0): Directory bread(block 70) failed [ 91.494060][ T3154] FAT-fs (loop0): Directory bread(block 71) failed [ 91.500442][ T3154] FAT-fs (loop0): Directory bread(block 72) failed [ 91.506702][ T3154] FAT-fs (loop0): Directory bread(block 73) failed [ 91.533944][ T392] kworker/u4:4: attempt to access beyond end of device [ 91.533944][ T392] loop0: rw=1, sector=1224, nr_sectors = 12 limit=256 [ 91.707619][ T3105] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 91.757706][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.768617][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.778193][ T6] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 91.786990][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.795264][ T6] usb 5-1: config 0 descriptor?? [ 91.807671][ T331] usb 2-1: unable to get BOS descriptor or descriptor too short [ 91.947591][ T3105] usb 3-1: Using ep0 maxpacket: 8 [ 91.957608][ T314] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 92.057736][ T331] usb 2-1: New USB device found, idVendor=0499, idProduct=1003, bcdDevice=a0.fc [ 92.066632][ T331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.067727][ T3105] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 92.074481][ T331] usb 2-1: Product: syz [ 92.083554][ T3105] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.087265][ T331] usb 2-1: Manufacturer: syz [ 92.095830][ T3105] usb 3-1: config 0 descriptor?? [ 92.099497][ T331] usb 2-1: SerialNumber: syz [ 92.100054][ T331] usb 2-1: config 0 descriptor?? [ 92.159191][ T331] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 92.197644][ T314] usb 1-1: Using ep0 maxpacket: 32 [ 92.277855][ T6] hid (null): bogus close delimiter [ 92.317697][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 92.328762][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 92.339845][ T314] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 92.348717][ T314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.357066][ T314] usb 1-1: config 0 descriptor?? [ 92.365777][ T320] usb 2-1: USB disconnect, device number 11 [ 92.377687][ T3164] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 92.397891][ T314] hub 1-1:0.0: USB hub found [ 92.617675][ T314] hub 1-1:0.0: 2 ports detected [ 92.887642][ T6] usb 5-1: string descriptor 0 read error: -71 [ 92.907641][ T6] uclogic 0003:256C:006D.0010: failed retrieving string descriptor #200: -71 [ 92.916324][ T6] uclogic 0003:256C:006D.0010: failed retrieving pen parameters: -71 [ 92.924178][ T6] uclogic 0003:256C:006D.0010: failed probing pen v2 parameters: -71 [ 92.932079][ T6] uclogic 0003:256C:006D.0010: failed probing parameters: -71 [ 92.939349][ T6] uclogic: probe of 0003:256C:006D.0010 failed with error -71 [ 92.947218][ T6] usb 5-1: USB disconnect, device number 11 [ 93.052740][ T3181] loop3: detected capacity change from 0 to 256 [ 93.059366][ T3181] exfat: Deprecated parameter 'utf8' [ 93.067404][ T3181] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xc61f63e4, utbl_chksum : 0xe619d30d) [ 93.164289][ T28] audit: type=1400 audit(2000000014.109:15384): avc: denied { ioctl } for pid=3187 comm="syz-executor.3" path="socket:[31085]" dev="sockfs" ino=31085 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 93.189249][ T28] audit: type=1400 audit(2000000014.109:15385): avc: denied { bind } for pid=3187 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 93.208826][ T28] audit: type=1400 audit(2000000014.109:15386): avc: denied { read } for pid=3187 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 93.610291][ T3207] loop4: detected capacity change from 0 to 256 [ 93.617708][ T3207] exFAT-fs (loop4): failed to read boot sector [ 93.623999][ T3207] exFAT-fs (loop4): failed to recognize exfat type [ 93.647647][ T3105] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 93.657605][ T3105] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 93.667640][ T3105] asix: probe of 3-1:0.0 failed with error -71 [ 93.674497][ T3105] usb 3-1: USB disconnect, device number 13 [ 93.698568][ T3209] loop4: detected capacity change from 0 to 512 [ 93.705321][ T3209] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 93.716987][ T3209] EXT4-fs (loop4): 1 truncate cleaned up [ 93.722581][ T3209] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 93.735660][ T949] EXT4-fs (loop4): unmounting filesystem. [ 94.037597][ T3200] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 94.182733][ T3223] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 94.192073][ T28] audit: type=1400 audit(2000000015.139:15387): avc: denied { read } for pid=3163 comm="syz-executor.0" path="socket:[30384]" dev="sockfs" ino=30384 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 94.237045][ T3235] loop3: detected capacity change from 0 to 128 [ 94.253228][ T3235] FAT-fs (loop3): error, corrupted directory (invalid i_start) [ 94.260737][ T3235] FAT-fs (loop3): Filesystem has been set read-only [ 94.271331][ T28] audit: type=1400 audit(2000000015.199:15388): avc: denied { remount } for pid=3233 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 94.457764][ T3200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.468975][ T3200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.478883][ T3200] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 94.487943][ T3200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.506929][ T3200] usb 5-1: config 0 descriptor?? [ 94.938016][ T6] usb 1-1: USB disconnect, device number 11 [ 94.957617][ T3105] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 94.964382][ T3105] usb 1-1-port2: attempt power cycle [ 94.970753][ T3200] isku 0003:1E7D:319C.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 95.379085][ T3105] usb 5-1: USB disconnect, device number 12 [ 98.030358][ T3250] syz-executor.3[3250] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.030422][ T3250] syz-executor.3[3250] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 98.044581][ T3252] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 98.334285][ T3278] loop2: detected capacity change from 0 to 40427 [ 98.340588][ T6] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 98.342142][ T3278] F2FS-fs (loop2): invalid crc value [ 98.354324][ T3278] F2FS-fs (loop2): Found nat_bits in checkpoint [ 98.379290][ T3278] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 98.398779][ T2351] syz-executor.2: attempt to access beyond end of device [ 98.398779][ T2351] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 98.517598][ T539] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 98.587591][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 98.747645][ T6] usb 5-1: unable to get BOS descriptor or descriptor too short [ 98.757573][ T539] usb 4-1: Using ep0 maxpacket: 32 [ 98.827639][ T6] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 98.836391][ T6] usb 5-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config [ 98.846688][ T6] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 98.855760][ T6] usb 5-1: config 1 has no interface number 1 [ 98.861999][ T6] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 98.874966][ T6] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7 [ 98.886019][ T539] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 98.897270][ T539] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 98.908523][ T6] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024 [ 98.919653][ T539] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 98.939515][ T539] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.952094][ T539] usb 4-1: config 0 descriptor?? [ 98.967671][ T3280] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 98.988211][ T539] hub 4-1:0.0: USB hub found [ 99.087692][ T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 99.096755][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.104803][ T6] usb 5-1: Product: syz [ 99.109009][ T6] usb 5-1: Manufacturer: syz [ 99.113645][ T6] usb 5-1: SerialNumber: syz [ 99.208170][ T539] hub 4-1:0.0: 2 ports detected [ 99.227592][ T3105] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 99.457739][ T6] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 99.465509][ T6] usb 5-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 99.474177][ T6] usb 5-1: found format II with max.bitrate = 0, frame size=39301 [ 99.484719][ T6] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 99.493443][ T6] usb 5-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 99.502416][ T6] usb 5-1: found format II with max.bitrate = 0, frame size=39301 [ 99.579840][ T6] usb 5-1: USB disconnect, device number 13 [ 99.625761][ T3295] loop2: detected capacity change from 0 to 40427 [ 99.632750][ T3295] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 99.640327][ T3295] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 99.648373][ T3105] usb 2-1: unable to get BOS descriptor or descriptor too short [ 99.649795][ T3295] F2FS-fs (loop2): invalid crc value [ 99.663224][ T3295] F2FS-fs (loop2): Found nat_bits in checkpoint [ 99.686255][ T3306] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 99.701102][ T3295] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 99.708127][ T3295] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 99.820589][ T3320] loop0: detected capacity change from 0 to 16 [ 99.827321][ T3320] erofs: (device loop0): mounted with root inode @ nid 36. [ 99.849331][ T3322] loop2: detected capacity change from 0 to 512 [ 99.856424][ T3322] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 99.869247][ T3322] EXT4-fs (loop2): 1 truncate cleaned up [ 99.874805][ T3322] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 99.901270][ T2351] EXT4-fs (loop2): unmounting filesystem. [ 99.917678][ T3105] usb 2-1: New USB device found, idVendor=0499, idProduct=1003, bcdDevice=a0.fc [ 99.918373][ T3331] loop2: detected capacity change from 0 to 512 [ 99.926575][ T3105] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.935205][ T3331] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 99.954020][ T3331] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 99.967663][ T3331] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 99.983127][ T3331] EXT4-fs (loop2): 1 orphan inode deleted [ 99.988788][ T3331] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 99.989457][ T3105] usb 2-1: Product: syz [ 100.005314][ T3105] usb 2-1: Manufacturer: syz [ 100.028340][ T3105] usb 2-1: SerialNumber: syz [ 100.038964][ T2351] EXT4-fs (loop2): unmounting filesystem. [ 100.045163][ T3105] usb 2-1: config 0 descriptor?? [ 100.067806][ T3342] device pim6reg1 entered promiscuous mode [ 100.100571][ T3105] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 100.160065][ T3348] loop2: detected capacity change from 0 to 16 [ 100.167078][ T3348] erofs: (device loop2): mounted with root inode @ nid 36. [ 100.257662][ C0] softirq: huh, entered softirq 9 RCU ffffffff8160d190 with preempt_count 00000103, exited with 00000102? [ 100.451912][ T3344] BUG: scheduling while atomic: syz-executor.0/3344/0x00000002 [ 100.459304][ T3344] Modules linked in: [ 100.463019][ T3344] Preemption disabled at: [ 100.463025][ T3344] [] __skb_try_recv_datagram+0x198/0x6a0 [ 100.474256][ T3344] CPU: 0 PID: 3344 Comm: syz-executor.0 Not tainted 6.1.78-syzkaller-00145-ge4622d460ed8 #0 [ 100.484108][ T3344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 100.494005][ T3344] Call Trace: [ 100.497135][ T3344] [ 100.499906][ T3344] dump_stack_lvl+0x151/0x1b7 [ 100.504415][ T3344] ? __skb_try_recv_datagram+0x198/0x6a0 [ 100.509885][ T3344] ? __skb_try_recv_datagram+0x198/0x6a0 [ 100.515352][ T3344] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 100.520650][ T3344] ? __skb_try_recv_datagram+0x198/0x6a0 [ 100.526124][ T3344] dump_stack+0x15/0x1b [ 100.530108][ T3344] __schedule_bug+0x195/0x260 [ 100.534621][ T3344] ? alloc_file_pseudo+0x280/0x2f0 [ 100.539569][ T3344] ? cpu_util_update_eff+0x10e0/0x10e0 [ 100.544874][ T3344] ? do_futex+0x55a/0x9a0 [ 100.549138][ T3344] __schedule+0xcf7/0x1550 [ 100.553368][ T3344] ? xfd_validate_state+0x6f/0x170 [ 100.558317][ T3344] ? __sched_text_start+0x8/0x8 [ 100.563002][ T3344] schedule+0xc3/0x180 [ 100.566912][ T3344] exit_to_user_mode_loop+0x4e/0xa0 [ 100.571960][ T3344] exit_to_user_mode_prepare+0x5a/0xa0 [ 100.577237][ T3344] syscall_exit_to_user_mode+0x26/0x140 [ 100.582633][ T3344] do_syscall_64+0x49/0xb0 [ 100.586868][ T3344] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 100.592597][ T3344] RIP: 0033:0x7f1047c7cf69 [ 100.596850][ T3344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 100.616813][ T3344] RSP: 002b:00007f1048a740c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 100.625059][ T3344] RAX: 0000000000010106 RBX: 00007f1047db4050 RCX: 00007f1047c7cf69 [ 100.632875][ T3344] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003 [ 100.640683][ T3344] RBP: 00007f1047cda6fe R08: 0000000000000000 R09: 0000000000000000 2033/05/18 03:33:41 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 100.648494][ T3344] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 100.656305][ T3344] R13: 000000000000006e R14: 00007f1047db4050 R15: 00007ffff5a42998 [ 100.664121][ T3344] [ 100.690893][ T3200] usb 2-1: USB disconnect, device number 12