last executing test programs: 1m3.960955315s ago: executing program 2 (id=3): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1f, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200005245855db7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m3.914121545s ago: executing program 2 (id=6): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@RTM_NEWMDB={0x18, 0x55, 0x1e5, 0x70bd28, 0x0, {0x7, r2}}, 0x18}}, 0x0) 1m3.867047136s ago: executing program 2 (id=7): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) rename(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000800)='./file0\x00') 1m3.832707486s ago: executing program 2 (id=8): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 1m3.682436038s ago: executing program 2 (id=9): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x34, 0x18, 0x15, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='\x02\x02\x00\x00\x00\x00'}, @nested={0x18, 0x9, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@loopback={0x8000500}}]}]}, 0x34}], 0x1}, 0x0) 1m3.641478139s ago: executing program 32 (id=9): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x34, 0x18, 0x15, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='\x02\x02\x00\x00\x00\x00'}, @nested={0x18, 0x9, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@loopback={0x8000500}}]}]}, 0x34}], 0x1}, 0x0) 4.787382949s ago: executing program 3 (id=1845): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x9, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0x6, "00008000"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x0, 0x80000002, 0x0, 0xfffffefc}) 3.074383591s ago: executing program 3 (id=1849): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x40000000004) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448e1, &(0x7f0000000580)) 1.287023063s ago: executing program 0 (id=1914): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000640), 0x1003, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, &(0x7f0000000080), &(0x7f00000002c0)=""/244}, 0x20) 1.240386354s ago: executing program 0 (id=1915): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x3}, 0xfffffffd, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, 0x1, 0x0, 0x1}}, 0xb8}}, 0x0) 1.207248415s ago: executing program 0 (id=1916): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd0000001000010006080800418e00000004fcff", 0x58}], 0x1) 1.206678284s ago: executing program 0 (id=1917): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) syz_read_part_table(0x5be, &(0x7f00000005c0)="$eJzs2z9o02kYB/AnahAUzsXJ4bAOTi6KoxmsJFFRCNEu4qCgiJgpghAhINihzdDSDKVjl1LI0j9T0wwdjpYWOpfSoUehQ6ejXQpdmuOu7+3t9Q8Inw/8ePK+7zd58gy/8Q1+aZfir263m4mI7tWTf7uvlS88u116XH4dkYm3EdHzx28z/5xkUuK/X72T1ptpPTF+rTO49zTb2ni1f/fdYuNSOv+RnuuT7b5TD8e5m8ot3fjZXy0O1XKf14v17YG11ZfTu/ly+0WjOfM8++RDyi2neiXVr1GL7/El3kclKvExqmfUf6y1df/wVrE19+nRQaEzvPAg5UqnnPO4/b/1jLxp1nvvzd4cfVibXynvXD7KVf7H2wUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMWbyi3d+NlfLQ7Vcp/Xi/XtgbXVl9O7+XL7RaM58zz75EPKLad6JdWvUYvv8SXeRyUq8TGqZ9R/rLV1//BWsTX36dFBoTO88CDlSqec87j9v/WMvGnWe+/N3hx9WJtfKe9cPspVrp7THwAAAAAAAAAAAAAAAAAAAICIyBee3S49Lr+OyMTbiGj/3vvvVf9uuu+eSbk76cNm2p8Yv9YZ3HuabW282r/7brHxZ9r/kZ7rk+2+i5+Gk/o7AAD//5Yblcc=") 1.094526446s ago: executing program 0 (id=1921): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) r1 = gettid() rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8) tkill(r1, 0x8) 1.025915857s ago: executing program 0 (id=1924): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x28bd, 0x78, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0) 929.246528ms ago: executing program 3 (id=1928): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) mkdir(&(0x7f0000000200)='./file0\x00', 0x60) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, 0x0, 0x15) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 602.792842ms ago: executing program 5 (id=1941): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x3a) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, 0x0, 0x0) 583.391782ms ago: executing program 5 (id=1942): r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x2) connect$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x2) ppoll(&(0x7f00000003c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 570.377022ms ago: executing program 5 (id=1943): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=@framed={{}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 460.391314ms ago: executing program 5 (id=1948): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x8031, 0xffffffffffffffff, 0xc6ed4000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) 397.180565ms ago: executing program 4 (id=1949): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='kfree\x00', r1}, 0x18) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f00000012c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r2}, 0x10) 386.850795ms ago: executing program 1 (id=1950): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 367.892885ms ago: executing program 1 (id=1951): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) 302.269476ms ago: executing program 1 (id=1952): r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_tables_matches\x00') syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ") r1 = open(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000003c0)={0x80d8}) close_range(r0, 0xffffffffffffffff, 0x0) 301.712166ms ago: executing program 4 (id=1953): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000000000f00bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000deffffff6a0a00ff000000008500000018000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c5c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f772c06b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583f76e412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19002cc93c1c13ca67fdc6c238342033070000004a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000140eb2e9c15b6c8f6198282df27badac8500bc7d202e099009ca515007e5f009735200040000001896d46cdac0abb841d9f96e2e6a19b7bf661c01800000d77d6165f253683cd8dc926518c699a2b14fb2bb40425dee631368340711a8c47318d5d13085938c3ec5c39b540b34157b0330aa16bd0998607f0ecea84919712d36930abab426f58317cb"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xffff0000, 0xf0, 0xe200, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48) 289.141376ms ago: executing program 4 (id=1954): creat(&(0x7f00000002c0)='./file0\x00', 0x6) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000003c0)='kfree\x00', r1}, 0x18) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x808410, 0x0) 266.509986ms ago: executing program 4 (id=1955): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x57) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x702, 0xe, 0xff0f, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 252.057306ms ago: executing program 1 (id=1956): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) futex(0x0, 0x5, 0x0, 0x0, 0x0, 0x82020000) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) 199.491987ms ago: executing program 1 (id=1957): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) 175.201287ms ago: executing program 5 (id=1958): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x1}}) read(r0, &(0x7f00000002c0)=""/200, 0x39) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 169.373598ms ago: executing program 4 (id=1959): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x19) bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000400)={@map=r1, 0x4, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 157.435388ms ago: executing program 4 (id=1960): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x1, 0xffffffff, 0x0, 0x2, 0x4000, 0x42}) 72.920789ms ago: executing program 5 (id=1961): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4f2, 0x418, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000480)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x4, {[@main=@item_012={0x0, 0x0, 0xa}, @global=@item_012={0x2, 0x1, 0x0, '\x00\x00'}]}}, 0x0}, 0x0) openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 72.521939ms ago: executing program 3 (id=1962): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)=0x2) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) unshare(0x400) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000000c0)=0x20000) 20.79794ms ago: executing program 1 (id=1963): r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x204, 0x2581) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x10007, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f0000000040)) 14.73324ms ago: executing program 3 (id=1964): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 0s ago: executing program 3 (id=1965): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000fc850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='timer_start\x00', r0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000280)='timer_start\x00', r1}, 0x18) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000680)) kernel console output (not intermixed with test programs): =1400 audit(1749189679.490:322): avc: denied { mounton } for pid=1628 comm="syz.0.546" path="/20/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 45.235345][ T1645] loop3: detected capacity change from 0 to 256 [ 45.260659][ T1645] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 45.309760][ T28] audit: type=1400 audit(1749189679.690:323): avc: denied { write } for pid=1651 comm="syz.1.557" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 45.334227][ T414] kernel write not supported for file /259/attr/exec (pid: 414 comm: kworker/0:3) [ 45.384616][ T28] audit: type=1400 audit(1749189679.760:324): avc: denied { read } for pid=1659 comm="syz.3.559" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 45.424996][ T1657] loop5: detected capacity change from 0 to 4096 [ 45.465610][ T1657] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 45.505935][ T1657] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #15: comm syz.5.561: corrupted inode contents [ 45.509626][ T1595] loop4: detected capacity change from 0 to 131072 [ 45.525415][ T1595] F2FS-fs (loop4): Test dummy encryption mode enabled [ 45.532857][ T1657] EXT4-fs error (device loop5): ext4_dirty_inode:6120: inode #15: comm syz.5.561: mark_inode_dirty error [ 45.533750][ T1595] F2FS-fs (loop4): invalid crc value [ 45.550295][ T1657] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #15: comm syz.5.561: corrupted inode contents [ 45.554048][ T28] audit: type=1400 audit(1749189679.930:325): avc: denied { ioctl } for pid=1655 comm="syz.5.561" path="/109/file1/file1" dev="loop5" ino=15 ioctlcmd=0x6611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 45.562386][ T1657] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.561: mark_inode_dirty error [ 45.598295][ T1657] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #15: comm syz.5.561: corrupted inode contents [ 45.611340][ T1595] F2FS-fs (loop4): Found nat_bits in checkpoint [ 45.618183][ T1657] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.561: mark_inode_dirty error [ 45.653610][ T1595] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 45.657830][ T1657] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #15: comm syz.5.561: corrupted inode contents [ 45.687632][ T1657] EXT4-fs error (device loop5): ext4_truncate:4314: inode #15: comm syz.5.561: mark_inode_dirty error [ 45.695716][ T1670] netlink: 208 bytes leftover after parsing attributes in process `syz.1.562'. [ 45.705939][ T1657] EXT4-fs error (device loop5) in ext4_setattr:5659: Corrupt filesystem [ 45.716356][ T1665] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #15: comm syz.5.561: corrupted inode contents [ 45.742564][ T1672] netlink: 'syz.1.563': attribute type 34 has an invalid length. [ 45.753117][ T1665] EXT4-fs warning (device loop5): swap_inode_boot_loader:470: couldn't mark inode #15 dirty (err -117) [ 45.804207][ T339] EXT4-fs (loop5): unmounting filesystem. [ 45.829624][ T1678] netlink: 16 bytes leftover after parsing attributes in process `syz.1.568'. [ 46.031983][ T28] audit: type=1400 audit(1749189680.410:326): avc: denied { mounton } for pid=1693 comm="syz.4.565" path="/120/file0" dev="tmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 46.075501][ T28] audit: type=1400 audit(1749189680.420:327): avc: denied { mount } for pid=1693 comm="syz.4.565" name="/" dev="ramfs" ino=22181 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 46.116466][ T1701] loop0: detected capacity change from 0 to 128 [ 46.137679][ T39] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 46.153691][ T28] audit: type=1400 audit(1749189680.530:328): avc: denied { setopt } for pid=1704 comm="syz.5.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.222469][ T1701] syz.0.576: attempt to access beyond end of device [ 46.222469][ T1701] loop0: rw=2049, sector=131, nr_sectors = 1 limit=128 [ 46.235827][ T290] kernel write not supported for file /stat (pid: 290 comm: kworker/1:2) [ 46.252714][ T1701] Buffer I/O error on dev loop0, logical block 131, lost async page write [ 46.262476][ T1701] syz.0.576: attempt to access beyond end of device [ 46.262476][ T1701] loop0: rw=2049, sector=132, nr_sectors = 1 limit=128 [ 46.277567][ T1701] Buffer I/O error on dev loop0, logical block 132, lost async page write [ 46.297307][ T1701] syz.0.576: attempt to access beyond end of device [ 46.297307][ T1701] loop0: rw=2049, sector=133, nr_sectors = 1 limit=128 [ 46.315185][ T1701] Buffer I/O error on dev loop0, logical block 133, lost async page write [ 46.327847][ T1701] syz.0.576: attempt to access beyond end of device [ 46.327847][ T1701] loop0: rw=2049, sector=134, nr_sectors = 1 limit=128 [ 46.341655][ T1701] Buffer I/O error on dev loop0, logical block 134, lost async page write [ 46.353225][ T1701] syz.0.576: attempt to access beyond end of device [ 46.353225][ T1701] loop0: rw=2049, sector=135, nr_sectors = 1 limit=128 [ 46.369123][ T39] usb 2-1: Using ep0 maxpacket: 32 [ 46.372626][ T1701] Buffer I/O error on dev loop0, logical block 135, lost async page write [ 46.383181][ T1701] syz.0.576: attempt to access beyond end of device [ 46.383181][ T1701] loop0: rw=2049, sector=136, nr_sectors = 1 limit=128 [ 46.384102][ T39] usb 2-1: config 0 has an invalid interface number: 16 but max is 0 [ 46.397413][ T1701] Buffer I/O error on dev loop0, logical block 136, lost async page write [ 46.437505][ T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 46.452883][ T1701] syz.0.576: attempt to access beyond end of device [ 46.452883][ T1701] loop0: rw=2049, sector=137, nr_sectors = 81 limit=128 [ 46.470987][ T39] usb 2-1: config 0 has no interface number 0 [ 46.482898][ T39] usb 2-1: config 0 interface 16 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 46.507031][ T1725] loop5: detected capacity change from 0 to 256 [ 46.513710][ T39] usb 2-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 46.538648][ T1727] loop4: detected capacity change from 0 to 1024 [ 46.546633][ T39] usb 2-1: config 0 interface 16 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 46.575436][ T1727] EXT4-fs (loop4): Test dummy encryption mode enabled [ 46.608985][ T39] usb 2-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 46.609288][ T1727] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 46.623102][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.679196][ T289] EXT4-fs (loop4): unmounting filesystem. [ 46.684468][ T39] usb 2-1: Product: syz [ 46.691342][ T39] usb 2-1: Manufacturer: syz [ 46.695993][ T39] usb 2-1: SerialNumber: syz [ 46.712058][ T39] usb 2-1: config 0 descriptor?? [ 46.723390][ T39] snd-usb-audio: probe of 2-1:0.16 failed with error -12 [ 46.756820][ T1744] netlink: 'syz.4.594': attribute type 15 has an invalid length. [ 46.770241][ T644] udevd[644]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.16/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 46.787867][ T1748] loop3: detected capacity change from 0 to 16 [ 46.820818][ T1748] erofs: (device loop3): mounted with root inode @ nid 36. [ 46.895953][ T1765] raw_sendmsg: syz.4.601 forgot to set AF_INET. Fix it! [ 46.911442][ T1767] loop5: detected capacity change from 0 to 256 [ 46.956782][ T1774] netlink: 12 bytes leftover after parsing attributes in process `syz.0.609'. [ 46.962354][ T291] usb 2-1: USB disconnect, device number 4 [ 47.019933][ T1784] SELinux: Context is not valid (left unmapped). [ 47.119356][ T1795] mmap: syz.4.619 (1795) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 47.303351][ T1812] loop5: detected capacity change from 0 to 8192 [ 47.329473][ T1812] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 47.342700][ T1823] loop3: detected capacity change from 0 to 256 [ 47.751956][ T1850] netlink: 12 bytes leftover after parsing attributes in process `syz.0.641'. [ 47.835242][ T1856] loop0: detected capacity change from 0 to 256 [ 47.893787][ T1861] tipc: Enabling not permitted [ 47.914341][ T1861] tipc: Enabling of bearer rejected, failed to enable media [ 48.016512][ T1865] loop5: detected capacity change from 0 to 8192 [ 48.028778][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 48.028794][ T28] audit: type=1400 audit(1749189682.410:336): avc: denied { create } for pid=1875 comm="syz.4.655" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=key permissive=1 [ 48.070757][ T1879] loop4: detected capacity change from 0 to 1024 [ 48.078624][ T1865] loop5: p1 < > p2 < p5 > p3 p4 [ 48.087705][ T1865] loop5: p3 start 83890176 is beyond EOD, truncated [ 48.108414][ T1865] loop5: p4 size 16776960 extends beyond EOD, truncated [ 48.127664][ T1865] loop5: p5 size 16776960 extends beyond EOD, truncated [ 48.187989][ T1879] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 48.212159][ T1879] EXT4-fs (loop4): shut down requested (1) [ 48.218084][ T1892] loop3: detected capacity change from 0 to 512 [ 48.225064][ T1892] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 48.262988][ T1892] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 48.280264][ T1879] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 48.280392][ T1892] Quota error (device loop3): write_blk: dquota write failed [ 48.297007][ T1892] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 48.297561][ T1879] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 48.307363][ T1892] EXT4-fs error (device loop3): ext4_acquire_dquot:6789: comm syz.3.661: Failed to acquire dquot type 0 [ 48.327316][ T1892] EXT4-fs (loop3): 1 truncate cleaned up [ 48.333557][ T28] audit: type=1400 audit(1749189682.710:337): avc: denied { rmdir } for pid=1878 comm="syz.4.657" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 48.337686][ T1892] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 48.370797][ T289] EXT4-fs (loop4): unmounting filesystem. [ 48.437495][ T291] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 48.448498][ T1892] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 48.468060][ T288] EXT4-fs (loop3): unmounting filesystem. [ 48.638012][ T291] usb 6-1: Using ep0 maxpacket: 32 [ 48.647809][ T291] usb 6-1: config index 0 descriptor too short (expected 7067, got 36) [ 48.656473][ T291] usb 6-1: config 153 has too many interfaces: 56, using maximum allowed: 32 [ 48.671571][ T291] usb 6-1: config 153 has an invalid descriptor of length 64, skipping remainder of the config [ 48.684366][ T291] usb 6-1: config 153 has 0 interfaces, different from the descriptor's value: 56 [ 48.699621][ T1927] loop4: detected capacity change from 0 to 256 [ 48.707405][ T291] usb 6-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.00 [ 48.717099][ T291] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.744705][ T1927] FAT-fs (loop4): Directory bread(block 64) failed [ 48.751377][ T1927] FAT-fs (loop4): Directory bread(block 65) failed [ 48.758042][ T1927] FAT-fs (loop4): Directory bread(block 66) failed [ 48.764612][ T1927] FAT-fs (loop4): Directory bread(block 67) failed [ 48.771427][ T1927] FAT-fs (loop4): Directory bread(block 68) failed [ 48.778200][ T1927] FAT-fs (loop4): Directory bread(block 69) failed [ 48.784794][ T1927] FAT-fs (loop4): Directory bread(block 70) failed [ 48.791532][ T1927] FAT-fs (loop4): Directory bread(block 71) failed [ 48.798143][ T1927] FAT-fs (loop4): Directory bread(block 72) failed [ 48.804826][ T1927] FAT-fs (loop4): Directory bread(block 73) failed [ 48.835702][ T1926] syz.4.683: attempt to access beyond end of device [ 48.835702][ T1926] loop4: rw=2049, sector=1224, nr_sectors = 12 limit=256 [ 48.942668][ T291] usb 6-1: string descriptor 0 read error: -71 [ 48.961233][ T291] usb 6-1: USB disconnect, device number 4 [ 49.087048][ T28] audit: type=1400 audit(1749189683.460:338): avc: denied { ioctl } for pid=1957 comm="syz.4.682" path="socket:[24600]" dev="sockfs" ino=24600 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 49.101652][ T1960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.685'. [ 49.157182][ T1964] loop3: detected capacity change from 0 to 256 [ 49.176546][ T1964] FAT-fs (loop3): Directory bread(block 64) failed [ 49.190363][ T1964] FAT-fs (loop3): Directory bread(block 65) failed [ 49.196997][ T1964] FAT-fs (loop3): Directory bread(block 66) failed [ 49.204341][ T1964] FAT-fs (loop3): Directory bread(block 67) failed [ 49.211432][ T1964] FAT-fs (loop3): Directory bread(block 68) failed [ 49.218214][ T1964] FAT-fs (loop3): Directory bread(block 69) failed [ 49.224766][ T1964] FAT-fs (loop3): Directory bread(block 70) failed [ 49.231540][ T1964] FAT-fs (loop3): Directory bread(block 71) failed [ 49.231605][ T1972] loop4: detected capacity change from 0 to 128 [ 49.238314][ T1964] FAT-fs (loop3): Directory bread(block 72) failed [ 49.252214][ T1964] FAT-fs (loop3): Directory bread(block 73) failed [ 49.266293][ T28] audit: type=1400 audit(1749189683.640:339): avc: denied { remount } for pid=1971 comm="syz.4.693" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 49.277131][ T359] FAT-fs (loop4): error, invalid FAT chain (i_pos 548, last_block 8) [ 49.294966][ T359] FAT-fs (loop4): Filesystem has been set read-only [ 49.302074][ T359] FAT-fs (loop4): error, corrupted file size (i_pos 548, 522) [ 49.313535][ T1963] syz.3.690: attempt to access beyond end of device [ 49.313535][ T1963] loop3: rw=2049, sector=1224, nr_sectors = 12 limit=256 [ 49.392399][ T1982] loop1: detected capacity change from 0 to 512 [ 49.408591][ T1982] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.698: casefold flag without casefold feature [ 49.427342][ T1982] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.698: couldn't read orphan inode 15 (err -117) [ 49.440440][ T1982] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 49.455804][ T6] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 49.521526][ T1974] loop4: detected capacity change from 0 to 40427 [ 49.534180][ T1974] F2FS-fs (loop4): Not support 9007199254740992, larger than 256 [ 49.554318][ T287] EXT4-fs (loop1): unmounting filesystem. [ 49.631663][ T1996] loop3: detected capacity change from 0 to 1024 [ 49.647646][ T6] usb 1-1: Using ep0 maxpacket: 8 [ 49.662812][ T6] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 49.681571][ T6] usb 1-1: config 179 has no interface number 0 [ 49.693539][ T2008] loop1: detected capacity change from 0 to 512 [ 49.699902][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 49.712106][ T1996] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 49.721519][ T2008] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 49.730960][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 49.747596][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 49.759022][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 49.759066][ T43] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 49.771311][ T6] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 49.786221][ T43] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 52 with error 28 [ 49.799381][ T2008] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 49.811782][ T43] EXT4-fs (loop3): This should not happen!! Data will be lost [ 49.811782][ T43] [ 49.825501][ T6] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 49.835772][ T43] EXT4-fs (loop3): Total free blocks count 0 [ 49.844236][ T2008] Quota error (device loop1): write_blk: dquota write failed [ 49.850029][ T43] EXT4-fs (loop3): Free/Dirty block details [ 49.857333][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.863315][ T43] EXT4-fs (loop3): free_blocks=68451041280 [ 49.871710][ T2008] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 49.877132][ T43] EXT4-fs (loop3): dirty_blocks=64 [ 49.899569][ T2008] EXT4-fs error (device loop1): ext4_acquire_dquot:6789: comm syz.1.709: Failed to acquire dquot type 0 [ 49.900035][ T43] EXT4-fs (loop3): Block reservation details [ 49.911042][ T1969] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 49.924108][ T43] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 49.928399][ T2008] EXT4-fs (loop1): 1 truncate cleaned up [ 49.936321][ T2008] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 49.938352][ T288] EXT4-fs (loop3): unmounting filesystem. [ 50.072020][ T2008] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 50.103378][ T287] EXT4-fs (loop1): unmounting filesystem. [ 50.108297][ T2033] netlink: 8 bytes leftover after parsing attributes in process `syz.5.719'. [ 50.153491][ T2037] syz.5.722[2037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.153570][ T2037] syz.5.722[2037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.175985][ T28] audit: type=1400 audit(1749189684.550:340): avc: denied { map } for pid=2039 comm="syz.1.721" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 50.220089][ T2042] loop3: detected capacity change from 0 to 256 [ 50.224933][ T2045] syz.5.725 uses obsolete (PF_INET,SOCK_PACKET) [ 50.237316][ T291] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input10 [ 50.325658][ T28] audit: type=1400 audit(1749189684.550:341): avc: denied { execute } for pid=2039 comm="syz.1.721" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 50.358915][ T2055] netlink: 44 bytes leftover after parsing attributes in process `syz.5.729'. [ 50.438473][ T290] usb 1-1: USB disconnect, device number 5 [ 50.438500][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 50.452870][ T290] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 50.453107][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 50.480134][ T2069] device bond_slave_1 entered promiscuous mode [ 50.486547][ T2069] netlink: 'syz.1.736': attribute type 2 has an invalid length. [ 50.494323][ T2069] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check. [ 50.617580][ T291] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 50.682351][ T2092] netlink: 20 bytes leftover after parsing attributes in process `syz.1.747'. [ 50.691411][ T39] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 50.697418][ T2092] netlink: 20 bytes leftover after parsing attributes in process `syz.1.747'. [ 50.731361][ T2096] loop1: detected capacity change from 0 to 128 [ 50.795112][ T2104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.753'. [ 50.804101][ T291] usb 4-1: Using ep0 maxpacket: 8 [ 50.815593][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.825554][ T2106] loop1: detected capacity change from 0 to 256 [ 50.826956][ T291] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 50.845783][ T291] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 50.855195][ T291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.855840][ T2106] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x0d2a05fc, utbl_chksum : 0xe619d30d) [ 50.864305][ T291] usb 4-1: config 0 descriptor?? [ 50.897515][ T39] usb 6-1: Using ep0 maxpacket: 16 [ 50.907156][ T39] usb 6-1: config 0 has an invalid interface number: 109 but max is 0 [ 50.919871][ T39] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 50.938245][ T39] usb 6-1: config 0 has no interface number 0 [ 50.949848][ T39] usb 6-1: New USB device found, idVendor=0421, idProduct=0094, bcdDevice=28.8e [ 50.969038][ T39] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.982107][ T2115] loop1: detected capacity change from 0 to 256 [ 50.988571][ T39] usb 6-1: Product: syz [ 50.992781][ T39] usb 6-1: Manufacturer: syz [ 50.997400][ T39] usb 6-1: SerialNumber: syz [ 51.010455][ T39] usb 6-1: config 0 descriptor?? [ 51.025983][ T2115] FAT-fs (loop1): Directory bread(block 64) failed [ 51.032660][ T2115] FAT-fs (loop1): Directory bread(block 65) failed [ 51.039699][ T2115] FAT-fs (loop1): Directory bread(block 66) failed [ 51.046687][ T2115] FAT-fs (loop1): Directory bread(block 67) failed [ 51.053789][ T2115] FAT-fs (loop1): Directory bread(block 68) failed [ 51.060742][ T2115] FAT-fs (loop1): Directory bread(block 69) failed [ 51.067374][ T2115] FAT-fs (loop1): Directory bread(block 70) failed [ 51.070339][ T6] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 51.074310][ T2115] FAT-fs (loop1): Directory bread(block 71) failed [ 51.082973][ T6] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 51.088649][ T2115] FAT-fs (loop1): Directory bread(block 72) failed [ 51.104385][ T2115] FAT-fs (loop1): Directory bread(block 73) failed [ 51.134013][ T2122] fido_id[2122]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 51.223318][ T2064] loop5: detected capacity change from 0 to 512 [ 51.238369][ T2064] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.268633][ T2064] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #2: comm syz.5.733: missing EA_INODE flag [ 51.291095][ T2064] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.733: error while reading EA inode 2 err=-117 [ 51.304035][ T2064] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #2: comm syz.5.733: missing EA_INODE flag [ 51.316172][ T2064] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.733: error while reading EA inode 2 err=-117 [ 51.317397][ T291] hid-rmi 0003:06CB:81A7.0008: unknown main item tag 0x4 [ 51.335971][ T2064] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.733: inode #65536: comm syz.5.733: iget: illegal inode # [ 51.357523][ T291] hid-rmi 0003:06CB:81A7.0008: unknown main item tag 0x0 [ 51.367688][ T2064] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.733: error while reading EA inode 65536 err=-117 [ 51.389615][ T291] hid-rmi 0003:06CB:81A7.0008: unknown main item tag 0x0 [ 51.393742][ T2064] EXT4-fs (loop5): 1 orphan inode deleted [ 51.402606][ T2064] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 51.426062][ T291] hid-rmi 0003:06CB:81A7.0008: unknown main item tag 0x0 [ 51.426085][ T39] usb 6-1: bad CDC descriptors [ 51.453755][ T291] hid-rmi 0003:06CB:81A7.0008: unbalanced collection at end of report description [ 51.454951][ T39] usb 6-1: USB disconnect, device number 5 [ 51.488539][ T291] hid-rmi 0003:06CB:81A7.0008: parse failed [ 51.501661][ T291] hid-rmi: probe of 0003:06CB:81A7.0008 failed with error -22 [ 51.531747][ T291] usb 4-1: USB disconnect, device number 4 [ 51.610305][ T2128] loop1: detected capacity change from 0 to 40427 [ 51.637779][ T2128] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 51.657667][ T2128] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 51.676146][ T2128] F2FS-fs (loop1): fault_injection options not supported [ 51.693638][ T2128] F2FS-fs (loop1): fault_type options not supported [ 51.704475][ T2128] F2FS-fs (loop1): invalid crc value [ 51.728871][ T2128] F2FS-fs (loop1): Found nat_bits in checkpoint [ 51.795823][ T2128] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 51.805063][ T2128] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 51.861351][ T2128] syz.1.764: attempt to access beyond end of device [ 51.861351][ T2128] loop1: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 51.878222][ T2128] syz.1.764: attempt to access beyond end of device [ 51.878222][ T2128] loop1: rw=2049, sector=53384, nr_sectors = 8 limit=40427 [ 51.906571][ T287] syz-executor: attempt to access beyond end of device [ 51.906571][ T287] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 51.986833][ T339] EXT4-fs (loop5): unmounting filesystem. [ 52.117193][ T2182] loop3: detected capacity change from 0 to 4096 [ 52.138360][ T2182] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 52.160932][ T288] EXT4-fs (loop3): unmounting filesystem. [ 52.338077][ T291] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 52.370287][ T2226] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 52.447346][ T2237] netlink: 'syz.4.811': attribute type 25 has an invalid length. [ 52.455441][ T2237] netlink: 'syz.4.811': attribute type 7 has an invalid length. [ 52.518918][ T291] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 52.530182][ T291] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 52.540748][ T291] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.574962][ T291] usb 1-1: config 0 descriptor?? [ 52.587574][ T1367] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 52.596792][ T2255] loop4: detected capacity change from 0 to 2048 [ 52.627760][ T2255] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 52.654463][ T289] EXT4-fs (loop4): unmounting filesystem. [ 52.692297][ T2261] loop4: detected capacity change from 0 to 512 [ 52.699757][ T304] kernel write not supported for file /341/attr/fscreate (pid: 304 comm: kworker/1:3) [ 52.700954][ T2261] EXT4-fs: Ignoring removed nobh option [ 52.747749][ T8] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 52.757082][ T2261] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.822: invalid indirect mapped block 256 (level 2) [ 52.771854][ T2261] EXT4-fs (loop4): 2 truncates cleaned up [ 52.777808][ T2261] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 52.791252][ T1367] usb 4-1: Using ep0 maxpacket: 8 [ 52.803570][ T2261] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.822: bg 0: block 5: invalid block bitmap [ 52.806751][ T1367] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 52.824210][ T1367] usb 4-1: config 179 has no interface number 0 [ 52.833464][ T1367] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 52.833845][ T2261] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 52.844644][ T1367] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 52.868874][ T1367] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 52.880243][ T1367] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 52.880573][ T2261] EXT4-fs (loop4): This should not happen!! Data will be lost [ 52.880573][ T2261] [ 52.892228][ T1367] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 52.892310][ T1367] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 52.892356][ T1367] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.931262][ T2261] EXT4-fs (loop4): Total free blocks count 0 [ 52.934497][ T2221] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 52.946138][ T2261] EXT4-fs (loop4): Free/Dirty block details [ 52.957647][ T2261] EXT4-fs (loop4): free_blocks=0 [ 52.962962][ T2261] EXT4-fs (loop4): dirty_blocks=5 [ 52.968362][ T2261] EXT4-fs (loop4): Block reservation details [ 52.976165][ T2261] EXT4-fs (loop4): i_reserved_data_blocks=5 [ 53.003108][ T291] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor [ 53.019529][ T291] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0009/input/input11 [ 53.035309][ T289] EXT4-fs (loop4): unmounting filesystem. [ 53.041413][ T28] kauditd_printk_skb: 51 callbacks suppressed [ 53.041428][ T28] audit: type=1400 audit(53.007:393): avc: denied { ioctl } for pid=2282 comm="syz.1.832" path="/dev/kvm" dev="devtmpfs" ino=83 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 53.100875][ T28] audit: type=1400 audit(53.077:394): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=904 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 53.101466][ T291] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 53.122927][ T28] audit: type=1400 audit(53.077:395): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=904 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 53.158726][ T28] audit: type=1400 audit(53.077:396): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=904 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 53.240114][ T28] audit: type=1400 audit(53.217:397): avc: denied { append } for pid=2291 comm="syz.1.835" name="001" dev="devtmpfs" ino=164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 53.264118][ T2290] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.272629][ T2292] usb usb1: usbfs: process 2292 (syz.1.835) did not claim interface 0 before use [ 53.284431][ T304] usb 4-1: USB disconnect, device number 5 [ 53.284447][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 53.291319][ T2290] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.298756][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 53.305736][ T2290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.354081][ T28] audit: type=1400 audit(53.317:398): avc: denied { create } for pid=2293 comm="syz.1.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.373457][ T28] audit: type=1400 audit(53.327:399): avc: denied { connect } for pid=2293 comm="syz.1.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.392920][ T28] audit: type=1400 audit(53.327:400): avc: denied { write } for pid=2293 comm="syz.1.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.412030][ T28] audit: type=1400 audit(53.327:401): avc: denied { read } for pid=2293 comm="syz.1.836" path="socket:[25193]" dev="sockfs" ino=25193 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.435074][ T28] audit: type=1400 audit(53.367:402): avc: denied { ioctl } for pid=2297 comm="syz.1.838" path="socket:[25202]" dev="sockfs" ino=25202 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.536637][ T291] usb 1-1: USB disconnect, device number 6 [ 53.729339][ T2336] netlink: 27 bytes leftover after parsing attributes in process `syz.1.855'. [ 53.814545][ T2348] loop1: detected capacity change from 0 to 128 [ 53.825158][ T2348] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 53.846944][ T287] EXT4-fs (loop1): unmounting filesystem. [ 53.904073][ T2353] SELinux: failed to load policy [ 53.987535][ T304] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 54.065840][ T2359] loop4: detected capacity change from 0 to 40427 [ 54.080226][ T2359] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 54.086958][ T2365] netlink: 32 bytes leftover after parsing attributes in process `syz.0.869'. [ 54.101242][ T2359] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 54.116675][ T2359] F2FS-fs (loop4): Found nat_bits in checkpoint [ 54.162155][ T2359] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 54.168764][ T304] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 54.175948][ T2359] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 54.179843][ T304] usb 4-1: config 179 has no interface number 0 [ 54.187221][ T2359] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 54.209368][ T304] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 54.228480][ T304] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 64 [ 54.239993][ T304] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 54.262390][ T304] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 64 [ 54.275403][ T304] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 54.289447][ T304] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 54.305401][ T304] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.324973][ T2221] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 54.333421][ T2221] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 54.410013][ T2388] incfs: iterate_incfs_dir / -22 [ 54.586329][ T39] usb 4-1: USB disconnect, device number 6 [ 54.586374][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 54.586413][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 54.668875][ T2401] syz.0.882[2401] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.668954][ T2401] syz.0.882[2401] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.716510][ T2404] loop0: detected capacity change from 0 to 512 [ 54.742115][ T2404] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 54.753180][ T2404] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 54.753848][ T2407] loop4: detected capacity change from 0 to 512 [ 54.763102][ T2404] System zones: 1-12 [ 54.777605][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 54.801610][ T2404] EXT4-fs (loop0): 1 truncate cleaned up [ 54.811212][ T2407] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 54.814633][ T2404] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.851985][ T2404] EXT4-fs (loop0): shut down requested (0) [ 54.863585][ T2407] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.885: bad orphan inode 16 [ 54.883639][ T2404] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 54.899757][ T2407] ext4_test_bit(bit=15, block=4) = 0 [ 54.909045][ T2407] EXT4-fs (loop4): 1 orphan inode deleted [ 54.919334][ T2404] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 54.928464][ T2407] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 54.928561][ T2404] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=15 [ 54.977394][ T289] EXT4-fs (loop4): unmounting filesystem. [ 54.986041][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 55.272381][ T2421] loop5: detected capacity change from 0 to 40427 [ 55.398348][ T2421] F2FS-fs (loop5): Found nat_bits in checkpoint [ 55.446155][ T2456] loop3: detected capacity change from 0 to 2048 [ 55.477692][ T2421] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 55.498672][ T2456] Alternate GPT is invalid, using primary GPT. [ 55.504940][ T2456] loop3: p1 p2 p3 [ 55.589004][ T339] syz-executor: attempt to access beyond end of device [ 55.589004][ T339] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 55.652621][ T650] udevd[650]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 55.652661][ T644] udevd[644]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.679197][ T307] udevd[307]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 55.709126][ T2481] netlink: 92 bytes leftover after parsing attributes in process `syz.4.917'. [ 55.822730][ T2488] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2488 comm=syz.0.920 [ 55.975849][ T2510] loop4: detected capacity change from 0 to 128 [ 56.012708][ T2517] loop3: detected capacity change from 0 to 512 [ 56.040578][ T2510] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 56.073473][ T289] EXT4-fs (loop4): unmounting filesystem. [ 56.080401][ T2517] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2195: inode #15: comm syz.3.934: corrupted in-inode xattr [ 56.094908][ T2517] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.934: couldn't read orphan inode 15 (err -117) [ 56.107243][ T2517] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 56.118905][ T2517] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #2: comm syz.3.934: Directory hole found for htree leaf block 0 [ 56.166980][ T2532] loop5: detected capacity change from 0 to 256 [ 56.198383][ T288] EXT4-fs (loop3): unmounting filesystem. [ 56.225954][ T2532] FAT-fs (loop5): Directory bread(block 64) failed [ 56.235670][ T2532] FAT-fs (loop5): Directory bread(block 65) failed [ 56.249036][ T2532] FAT-fs (loop5): Directory bread(block 66) failed [ 56.252264][ T2541] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.255737][ T2532] FAT-fs (loop5): Directory bread(block 67) failed [ 56.262678][ T2541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.281361][ T2532] FAT-fs (loop5): Directory bread(block 68) failed [ 56.292299][ T2532] FAT-fs (loop5): Directory bread(block 69) failed [ 56.303670][ T2532] FAT-fs (loop5): Directory bread(block 70) failed [ 56.311493][ T2532] FAT-fs (loop5): Directory bread(block 71) failed [ 56.318712][ T2532] FAT-fs (loop5): Directory bread(block 72) failed [ 56.351146][ T2532] FAT-fs (loop5): Directory bread(block 73) failed [ 56.365978][ T2547] IPv6: NLM_F_CREATE should be specified when creating new route [ 56.719172][ T2593] loop4: detected capacity change from 0 to 512 [ 56.753233][ T2593] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 56.798351][ T289] EXT4-fs (loop4): unmounting filesystem. [ 56.859139][ T304] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 56.904439][ T2604] loop4: detected capacity change from 0 to 256 [ 57.047504][ T304] usb 4-1: Using ep0 maxpacket: 16 [ 57.055622][ T304] usb 4-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=28.e0 [ 57.065035][ T304] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.077120][ T2621] loop4: detected capacity change from 0 to 2048 [ 57.086822][ T304] usb 4-1: Product: syz [ 57.091122][ T304] usb 4-1: Manufacturer: syz [ 57.096053][ T304] usb 4-1: SerialNumber: syz [ 57.105666][ T304] usb 4-1: config 0 descriptor?? [ 57.122017][ T304] ums-freecom 4-1:0.0: USB Mass Storage device detected [ 57.131583][ T2621] Alternate GPT is invalid, using primary GPT. [ 57.141008][ T2621] loop4: p1 p2 p3 [ 57.240569][ T2634] syz.4.991 (2634) used greatest stack depth: 20768 bytes left [ 57.250075][ T644] udevd[644]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 57.250119][ T651] udevd[651]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 57.261914][ T307] udevd[307]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 57.326130][ T1367] usb 4-1: USB disconnect, device number 7 [ 57.390518][ T2636] loop4: detected capacity change from 0 to 256 [ 57.417424][ T2636] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 57.444585][ T2636] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 57.460436][ T2636] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 57.574659][ T2661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.995'. [ 57.758601][ T2674] netlink: 'syz.5.1001': attribute type 12 has an invalid length. [ 57.869783][ T2665] loop0: detected capacity change from 0 to 40427 [ 57.881647][ T2665] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 57.891933][ T2665] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 57.916907][ T2665] F2FS-fs (loop0): invalid crc value [ 57.954038][ T2665] F2FS-fs (loop0): Found nat_bits in checkpoint [ 58.022416][ T6] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 58.031975][ T2697] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 58.055580][ T2665] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 58.064270][ T2665] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 58.100400][ T2702] loop3: detected capacity change from 0 to 1024 [ 58.114490][ T2702] ext4: Unknown parameter 'nouser_xattr' [ 58.227573][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 58.234652][ T6] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 58.256181][ T6] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 58.290023][ T6] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 58.334525][ T6] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 58.344142][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 58.352334][ T6] usb 5-1: SerialNumber: syz [ 58.358893][ T2658] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 58.454526][ T28] kauditd_printk_skb: 102 callbacks suppressed [ 58.454543][ T28] audit: type=1400 audit(58.427:505): avc: denied { read write } for pid=2727 comm="syz.1.1023" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 58.500057][ T2732] netlink: 888 bytes leftover after parsing attributes in process `syz.3.1025'. [ 58.509257][ T2732] netlink: 137 bytes leftover after parsing attributes in process `syz.3.1025'. [ 58.518612][ T28] audit: type=1400 audit(58.467:506): avc: denied { open } for pid=2727 comm="syz.1.1023" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 58.544997][ T2732] sch_tbf: burst 720 is lower than device lo mtu (65550) ! [ 58.545685][ T2734] loop1: detected capacity change from 0 to 128 [ 58.552579][ T28] audit: type=1400 audit(58.467:507): avc: denied { ioctl } for pid=2727 comm="syz.1.1023" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 58.597184][ T6] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 58.604133][ T2716] loop5: detected capacity change from 0 to 40427 [ 58.610632][ T6] usb 5-1: USB disconnect, device number 4 [ 58.623299][ T2734] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 58.626098][ T2716] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 58.633731][ T28] audit: type=1400 audit(58.607:508): avc: denied { setopt } for pid=2737 comm="syz.3.1027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.650002][ T2716] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 58.674137][ T28] audit: type=1400 audit(58.637:509): avc: denied { map } for pid=2733 comm="syz.1.1026" path="/236/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 58.682536][ T2716] F2FS-fs (loop5): Found nat_bits in checkpoint [ 58.725174][ T287] EXT4-fs (loop1): unmounting filesystem. [ 58.737516][ T39] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 58.746139][ T28] audit: type=1400 audit(58.717:510): avc: denied { sys_module } for pid=2742 comm="syz.1.1028" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 58.774055][ T2745] loop3: detected capacity change from 0 to 128 [ 58.775505][ T28] audit: type=1400 audit(58.717:511): avc: denied { module_request } for pid=2742 comm="syz.1.1028" kmod="tty-ldisc-13" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 58.824544][ T2716] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 58.832015][ T2716] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 58.884976][ T28] audit: type=1400 audit(58.857:512): avc: denied { create } for pid=2715 comm="syz.5.1020" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 58.885241][ T2716] syz.5.1020: attempt to access beyond end of device [ 58.885241][ T2716] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 58.977499][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 58.988011][ T39] usb 1-1: config 135 has an invalid interface number: 230 but max is 0 [ 58.996380][ T39] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 59.057319][ T39] usb 1-1: config 135 has no interface number 0 [ 59.063823][ T39] usb 1-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 59.085367][ T39] usb 1-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 59.097311][ T2752] loop1: detected capacity change from 0 to 40427 [ 59.105974][ T2752] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 59.113995][ T2752] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 59.120140][ T39] usb 1-1: config 135 interface 230 has no altsetting 0 [ 59.151335][ T28] audit: type=1400 audit(59.127:513): avc: denied { compute_member } for pid=2758 comm="syz.5.1034" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 59.179265][ T2752] F2FS-fs (loop1): Found nat_bits in checkpoint [ 59.188054][ T39] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 59.197129][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.233962][ T39] usb 1-1: Product: syz [ 59.247084][ T39] usb 1-1: Manufacturer: syz [ 59.254159][ T39] usb 1-1: SerialNumber: syz [ 59.265893][ T39] usb 1-1: Found UVC 0.00 device syz (18ec:3288) [ 59.284462][ T39] usb 1-1: No valid video chain found. [ 59.303202][ T2752] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 59.310615][ T2752] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 59.431525][ T2761] loop4: detected capacity change from 0 to 40427 [ 59.447507][ T2761] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 59.475234][ T39] usb 1-1: USB disconnect, device number 7 [ 59.481330][ T2761] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 59.523677][ T2777] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 59.527522][ T304] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 59.531625][ T2761] F2FS-fs (loop4): Found nat_bits in checkpoint [ 59.567285][ T2761] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 59.574484][ T2761] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 59.604138][ T28] audit: type=1400 audit(59.577:514): avc: denied { setattr } for pid=2760 comm="syz.4.1035" name="file1" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 59.864371][ T2788] loop5: detected capacity change from 0 to 512 [ 59.887630][ T304] usb 4-1: Using ep0 maxpacket: 8 [ 59.894961][ T304] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.906637][ T304] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.916633][ T304] usb 4-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 59.930233][ T304] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.931357][ T2788] EXT4-fs (loop5): 1 orphan inode deleted [ 59.939653][ T304] usb 4-1: config 0 descriptor?? [ 59.949234][ T2788] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 59.957610][ T416] EXT4-fs error (device loop5): ext4_release_dquot:6825: comm kworker/u4:5: Failed to release dquot type 1 [ 60.025066][ T2802] loop4: detected capacity change from 0 to 4096 [ 60.033329][ T339] EXT4-fs (loop5): unmounting filesystem. [ 60.046286][ T2802] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 60.075831][ T2802] fs-verity: sha256 using implementation "sha256-avx2" [ 60.088916][ T2802] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1051: bg 0: block 66: padding at end of block bitmap is not set [ 60.109082][ T2802] fs-verity (loop4, inode 15): ext4_end_enable_verity() failed with err -117 [ 60.127273][ T2802] syz.4.1051 (2802) used greatest stack depth: 20304 bytes left [ 60.138899][ T289] EXT4-fs (loop4): unmounting filesystem. [ 60.236162][ T2820] kvm [2819]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010005 data 0xaf [ 60.380570][ T304] waltop 0003:172F:0038.000A: unknown main item tag 0x0 [ 60.411420][ T304] waltop 0003:172F:0038.000A: unknown main item tag 0x0 [ 60.425271][ T304] waltop 0003:172F:0038.000A: unknown main item tag 0x0 [ 60.437552][ T304] waltop 0003:172F:0038.000A: unknown main item tag 0x0 [ 60.464670][ T304] waltop 0003:172F:0038.000A: unknown main item tag 0x0 [ 60.497398][ T304] waltop 0003:172F:0038.000A: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.3-1/input0 [ 60.528210][ T2844] netlink: 45 bytes leftover after parsing attributes in process `syz.5.1069'. [ 60.583724][ T2851] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1073'. [ 60.606183][ T304] usb 4-1: USB disconnect, device number 8 [ 60.725991][ T2868] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1078'. [ 60.787115][ T2876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.811624][ T2872] loop5: detected capacity change from 0 to 8192 [ 61.112513][ T2910] loop5: detected capacity change from 0 to 256 [ 61.415422][ T2903] loop1: detected capacity change from 0 to 40427 [ 61.444001][ T2903] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 61.466774][ T2914] loop0: detected capacity change from 0 to 40427 [ 61.471411][ T2903] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 61.499160][ T2903] F2FS-fs (loop1): fault_injection options not supported [ 61.506249][ T2903] F2FS-fs (loop1): fault_type options not supported [ 61.526952][ T2914] F2FS-fs (loop0): invalid crc value [ 61.532907][ T2937] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1112'. [ 61.552952][ T2903] F2FS-fs (loop1): fault_type options not supported [ 61.568002][ T2903] F2FS-fs (loop1): invalid crc value [ 61.573740][ T2914] F2FS-fs (loop0): Found nat_bits in checkpoint [ 61.625105][ T2903] F2FS-fs (loop1): Found nat_bits in checkpoint [ 61.702830][ T2914] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 61.788753][ T2903] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 61.795846][ T2903] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 61.821493][ T2914] syz.0.1102: attempt to access beyond end of device [ 61.821493][ T2914] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 61.858315][ T308] kworker/u4:3: attempt to access beyond end of device [ 61.858315][ T308] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 61.890165][ T2903] VFS:Filesystem freeze failed [ 62.005070][ T2975] loop5: detected capacity change from 0 to 512 [ 62.043689][ T2975] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 62.098569][ T2975] EXT4-fs (loop5): 1 truncate cleaned up [ 62.124143][ T2975] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 62.136893][ T2905] loop4: detected capacity change from 0 to 131072 [ 62.146329][ T2905] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 62.154780][ T2905] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 62.164231][ T2905] F2FS-fs (loop4): invalid crc value [ 62.198514][ T2905] F2FS-fs (loop4): Found nat_bits in checkpoint [ 62.226779][ T339] EXT4-fs (loop5): unmounting filesystem. [ 62.279680][ T2905] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 62.297867][ T3001] input: syz0 as /devices/virtual/input/input13 [ 62.309080][ T2905] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 62.424013][ T3018] loop5: detected capacity change from 0 to 256 [ 62.452887][ T3018] FAT-fs (loop5): Directory bread(block 64) failed [ 62.467346][ T3018] FAT-fs (loop5): Directory bread(block 65) failed [ 62.474090][ T3018] FAT-fs (loop5): Directory bread(block 66) failed [ 62.481865][ T3022] device lo entered promiscuous mode [ 62.487300][ T3018] FAT-fs (loop5): Directory bread(block 67) failed [ 62.498505][ T3018] FAT-fs (loop5): Directory bread(block 68) failed [ 62.509489][ T3018] FAT-fs (loop5): Directory bread(block 69) failed [ 62.560233][ T3018] FAT-fs (loop5): Directory bread(block 70) failed [ 62.593880][ T3018] FAT-fs (loop5): Directory bread(block 71) failed [ 62.604800][ T3018] FAT-fs (loop5): Directory bread(block 72) failed [ 62.611672][ T3018] FAT-fs (loop5): Directory bread(block 73) failed [ 62.657331][ T3018] FAT-fs (loop5): error, invalid access to FAT (entry 0x00006c61) [ 62.721819][ T3040] loop3: detected capacity change from 0 to 512 [ 62.745901][ T3040] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 62.779591][ T3040] EXT4-fs (loop3): 1 truncate cleaned up [ 62.785345][ T3040] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 62.860096][ T3049] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1157'. [ 62.949753][ T3053] loop4: detected capacity change from 0 to 512 [ 62.986316][ T3056] loop1: detected capacity change from 0 to 16 [ 62.995962][ T288] EXT4-fs (loop3): unmounting filesystem. [ 63.011885][ T3056] erofs: (device loop1): mounted with root inode @ nid 36. [ 63.024563][ T3053] EXT4-fs (loop4): 1 orphan inode deleted [ 63.030020][ T3056] erofs: (device loop1): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36 [ 63.048539][ T3056] erofs: (device loop1): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36 [ 63.058545][ T359] EXT4-fs error (device loop4): ext4_release_dquot:6825: comm kworker/u4:4: Failed to release dquot type 1 [ 63.075580][ T3053] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 63.094779][ T3056] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117] [ 63.108057][ T3056] erofs: (device loop1): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 63.207834][ T289] EXT4-fs (loop4): unmounting filesystem. [ 63.423163][ T3075] loop3: detected capacity change from 0 to 40427 [ 63.435823][ T3075] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 63.453823][ T3075] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 63.487306][ T3075] F2FS-fs (loop3): Found nat_bits in checkpoint [ 63.566708][ T3075] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 63.579077][ T3075] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 63.654197][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 63.654212][ T28] audit: type=1400 audit(63.627:540): avc: denied { read write } for pid=3128 comm="syz.0.1187" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 63.696686][ T304] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0 [ 63.709740][ T304] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0 [ 63.731191][ T304] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0 [ 63.732873][ T28] audit: type=1400 audit(63.657:541): avc: denied { open } for pid=3128 comm="syz.0.1187" path="/dev/uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 63.750380][ T304] hid-generic 0000:0004:0000.000B: hidraw0: HID v0.00 Device [syz0] on syz1 [ 63.773774][ T3135] loop4: detected capacity change from 0 to 128 [ 63.791963][ T3135] FAT-fs (loop4): Directory bread(block 162) failed [ 63.807506][ T3135] FAT-fs (loop4): Directory bread(block 163) failed [ 63.838195][ T3135] FAT-fs (loop4): Directory bread(block 164) failed [ 63.872889][ T3138] fido_id[3138]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 63.889933][ T3135] FAT-fs (loop4): Directory bread(block 165) failed [ 63.903909][ T3135] FAT-fs (loop4): Directory bread(block 166) failed [ 63.919870][ T3135] FAT-fs (loop4): Directory bread(block 167) failed [ 63.931235][ T3148] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1197'. [ 63.940227][ T3135] FAT-fs (loop4): Directory bread(block 168) failed [ 63.946882][ T3135] FAT-fs (loop4): Directory bread(block 169) failed [ 63.989668][ T3135] FAT-fs (loop4): Directory bread(block 162) failed [ 63.996434][ T3135] FAT-fs (loop4): Directory bread(block 163) failed [ 64.003600][ T3135] syz.4.1192: attempt to access beyond end of device [ 64.003600][ T3135] loop4: rw=3, sector=226, nr_sectors = 6 limit=128 [ 64.018755][ T3135] syz.4.1192: attempt to access beyond end of device [ 64.018755][ T3135] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 64.167390][ T3176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1211'. [ 64.167536][ T6] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 64.181908][ T3176] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1211'. [ 64.258415][ T28] audit: type=1400 audit(64.237:542): avc: denied { read write } for pid=3190 comm="syz.3.1218" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.268243][ T3193] binder: 3192:3193 ioctl c0306201 200000000640 returned -22 [ 64.290123][ T28] audit: type=1400 audit(64.237:543): avc: denied { open } for pid=3190 comm="syz.3.1218" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.316484][ T28] audit: type=1400 audit(64.237:544): avc: denied { ioctl } for pid=3190 comm="syz.3.1218" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.340817][ T28] audit: type=1400 audit(64.287:545): avc: denied { ioctl } for pid=3197 comm="syz.4.1222" path="socket:[29172]" dev="sockfs" ino=29172 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.408572][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.419498][ T28] audit: type=1400 audit(64.367:546): avc: denied { create } for pid=3206 comm="syz.3.1225" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 64.435869][ T6] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 64.447240][ T28] audit: type=1400 audit(64.377:547): avc: denied { write } for pid=3206 comm="syz.3.1225" name="file0" dev="tmpfs" ino=1030 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 64.472070][ T28] audit: type=1400 audit(64.377:548): avc: denied { open } for pid=3206 comm="syz.3.1225" path="/195/file0" dev="tmpfs" ino=1030 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 64.482032][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.494591][ T28] audit: type=1400 audit(64.377:549): avc: denied { ioctl } for pid=3206 comm="syz.3.1225" path="/195/file0" dev="tmpfs" ino=1030 ioctlcmd=0x70ca scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 64.508948][ T3216] loop3: detected capacity change from 0 to 256 [ 64.541556][ T6] usb 1-1: config 0 descriptor?? [ 64.778363][ T3248] loop4: detected capacity change from 0 to 512 [ 64.816343][ T3248] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 64.846112][ T3248] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 64.876830][ T3248] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 64.885934][ T3248] System zones: 0-2, 18-18, 34-34 [ 64.902366][ T3248] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 64.928036][ T3248] EXT4-fs (loop4): 1 truncate cleaned up [ 64.937975][ T3248] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 64.966162][ T6] keytouch 0003:0926:3333.000C: fixing up Keytouch IEC report descriptor [ 65.000025][ T6] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.000C/input/input14 [ 65.011655][ T3247] loop1: detected capacity change from 0 to 40427 [ 65.021402][ T3247] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 65.029264][ T3247] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 65.046982][ T289] EXT4-fs (loop4): unmounting filesystem. [ 65.063771][ T3247] F2FS-fs (loop1): Found nat_bits in checkpoint [ 65.094254][ T3252] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.124532][ T3252] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.134693][ T3247] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 65.145774][ T6] keytouch 0003:0926:3333.000C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 65.158576][ T3252] device bridge_slave_0 entered promiscuous mode [ 65.165169][ T3247] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 65.172135][ T3268] loop5: detected capacity change from 0 to 16 [ 65.176163][ T3252] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.186367][ T3252] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.197290][ T3268] erofs: (device loop5): mounted with root inode @ nid 36. [ 65.205720][ T3252] device bridge_slave_1 entered promiscuous mode [ 65.238718][ T3268] erofs: (device loop5): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36 [ 65.287687][ T3268] erofs: (device loop5): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36 [ 65.300080][ T3268] erofs: (device loop5): z_erofs_read_folio: failed to read, err [-117] [ 65.309420][ T3268] erofs: (device loop5): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 65.369880][ T8] device bridge_slave_1 left promiscuous mode [ 65.387693][ T6] usb 1-1: USB disconnect, device number 8 [ 65.401472][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.454428][ T8] device bridge_slave_0 left promiscuous mode [ 65.479778][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.495385][ T8] device veth1_macvtap left promiscuous mode [ 65.516698][ T8] device veth0_vlan left promiscuous mode [ 65.632242][ T3298] loop1: detected capacity change from 0 to 256 [ 65.656702][ T3298] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 65.676713][ T3298] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008) [ 65.685995][ T3298] exFAT-fs (loop1): Filesystem has been set read-only [ 65.782136][ T3312] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 65.794222][ T3312] bridge_slave_0: default FDB implementation only supports local addresses [ 65.823814][ T3318] syz.5.1271[3318] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.823893][ T3318] syz.5.1271[3318] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.875848][ T3324] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 65.894140][ T3322] tun0: tun_chr_ioctl cmd 1074025681 [ 65.927984][ T3252] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.935107][ T3252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.942464][ T3252] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.949793][ T3252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.953063][ T3333] loop0: detected capacity change from 0 to 128 [ 66.021679][ T3337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1280'. [ 66.034865][ T3340] netlink: 'syz.4.1282': attribute type 3 has an invalid length. [ 66.047586][ T3344] tc_dump_action: action bad kind [ 66.057808][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.077962][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.142151][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.155095][ T3358] xt_NFQUEUE: number of total queues is 0 [ 66.161032][ T3356] loop1: detected capacity change from 0 to 512 [ 66.168137][ T3356] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 66.178435][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.197258][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.208891][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.222873][ T3356] EXT4-fs (loop1): 1 truncate cleaned up [ 66.238301][ T3363] loop0: detected capacity change from 0 to 256 [ 66.243706][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.245074][ T3363] FAT-fs (loop0): Unrecognized mount option "check=relaxdd" or missing value [ 66.251643][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.263571][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.272597][ T3356] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 66.286141][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.294648][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.301753][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.309264][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.317404][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.325781][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.334013][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.353454][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.362422][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.378192][ T3252] device veth0_vlan entered promiscuous mode [ 66.384651][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.396633][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.412788][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.413175][ T287] EXT4-fs (loop1): unmounting filesystem. [ 66.420556][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.433552][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.442853][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.454460][ T3375] loop5: detected capacity change from 0 to 128 [ 66.470645][ T3252] device veth1_macvtap entered promiscuous mode [ 66.484932][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.488592][ T3375] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 66.494009][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.512887][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.515664][ T3375] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 66.531490][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.541833][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.657799][ T3392] loop3: detected capacity change from 0 to 512 [ 66.668030][ T3392] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 66.691483][ T3392] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 66.730902][ T3252] EXT4-fs (loop3): unmounting filesystem. [ 66.747564][ T290] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 66.797069][ T3412] tipc: Started in network mode [ 66.804253][ T3412] tipc: Node identity ac14140f, cluster identity 4711 [ 66.811483][ T3412] tipc: New replicast peer: 255.255.255.255 [ 66.817876][ T3412] tipc: Enabled bearer , priority 10 [ 66.933855][ T290] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.950735][ T290] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 66.960744][ T290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.969736][ T3426] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1330'. [ 66.973253][ T290] usb 5-1: config 0 descriptor?? [ 67.003726][ T3429] loop5: detected capacity change from 0 to 128 [ 67.014582][ T3429] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 67.036648][ T339] EXT4-fs (loop5): unmounting filesystem. [ 67.131322][ T3442] loop5: detected capacity change from 0 to 512 [ 67.147072][ T3442] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 67.158791][ T3442] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1327: bad orphan inode 131083 [ 67.169522][ T3442] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 67.203991][ T339] EXT4-fs (loop5): unmounting filesystem. [ 67.245734][ T3448] loop5: detected capacity change from 0 to 1024 [ 67.280446][ T3448] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 67.307028][ T339] EXT4-fs (loop5): unmounting filesystem. [ 67.358987][ T3463] loop3: detected capacity change from 0 to 512 [ 67.368406][ T3463] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 67.378794][ T3461] loop5: detected capacity change from 0 to 2048 [ 67.389196][ T290] keytouch 0003:0926:3333.000D: fixing up Keytouch IEC report descriptor [ 67.415079][ T290] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.000D/input/input15 [ 67.431802][ T3463] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.1337: iget: bad i_size value: -67835469387268086 [ 67.448314][ T3463] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1337: couldn't read orphan inode 15 (err -117) [ 67.465168][ T3461] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 67.501557][ T3463] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 67.509055][ T3461] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 67.520707][ T290] keytouch 0003:0926:3333.000D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 67.544882][ T3252] EXT4-fs (loop3): unmounting filesystem. [ 67.593915][ T3461] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 67.632857][ T3479] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 67.659504][ T3461] EXT4-fs (loop5): This should not happen!! Data will be lost [ 67.659504][ T3461] [ 67.688786][ T3479] EXT4-fs (loop5): This should not happen!! Data will be lost [ 67.688786][ T3479] [ 67.708675][ T3461] EXT4-fs (loop5): Total free blocks count 0 [ 67.724884][ T3479] EXT4-fs (loop5): Total free blocks count 0 [ 67.731208][ T3461] EXT4-fs (loop5): Free/Dirty block details [ 67.731229][ T3461] EXT4-fs (loop5): free_blocks=2415919504 [ 67.731245][ T3461] EXT4-fs (loop5): dirty_blocks=48 [ 67.850686][ T291] usb 5-1: USB disconnect, device number 5 [ 67.937530][ T39] tipc: Node number set to 2886997007 [ 67.972483][ T1367] kernel write not supported for file /uinput (pid: 1367 comm: kworker/0:5) [ 67.978236][ T290] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 67.998249][ T3517] loop3: detected capacity change from 0 to 256 [ 68.018801][ T3517] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 68.187487][ T290] usb 2-1: Using ep0 maxpacket: 32 [ 68.193690][ T290] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 68.203785][ T290] usb 2-1: config 0 has no interface number 0 [ 68.210121][ T290] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 68.221604][ T290] usb 2-1: config 0 interface 85 has no altsetting 0 [ 68.239445][ T290] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 68.250121][ T290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.267469][ T290] usb 2-1: Product: syz [ 68.271967][ T290] usb 2-1: Manufacturer: syz [ 68.280325][ T290] usb 2-1: SerialNumber: syz [ 68.286573][ T290] usb 2-1: config 0 descriptor?? [ 68.381619][ T3545] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1372'. [ 68.534134][ T3563] tipc: Started in network mode [ 68.539562][ T3563] tipc: Node identity ac14140f, cluster identity 4711 [ 68.546517][ T3563] tipc: New replicast peer: 255.255.255.255 [ 68.554090][ T3563] tipc: Enabled bearer , priority 10 [ 68.630818][ T3574] device bridge1 entered promiscuous mode [ 68.649616][ T3577] loop5: detected capacity change from 0 to 1024 [ 68.690242][ T3577] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 68.702613][ T3577] EXT4-fs (loop5): can't mount with commit=3, fs mounted w/o journal [ 68.714227][ T28] kauditd_printk_skb: 878 callbacks suppressed [ 68.714243][ T28] audit: type=1400 audit(324.717:1428): avc: denied { sqpoll } for pid=3583 comm="syz.0.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 68.728359][ T290] usb 2-1: USB disconnect, device number 5 [ 68.768686][ T28] audit: type=1400 audit(324.757:1429): avc: denied { write } for pid=3583 comm="syz.0.1390" name="usbmon7" dev="devtmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 68.799144][ T28] audit: type=1400 audit(324.767:1430): avc: denied { write } for pid=3588 comm="syz.4.1392" name="001" dev="devtmpfs" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 68.847737][ T28] audit: type=1326 audit(324.777:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3588 comm="syz.4.1392" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7b5b8e929 code=0x0 [ 68.891851][ T28] audit: type=1400 audit(324.807:1432): avc: denied { bind } for pid=3575 comm="syz.5.1386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 68.905160][ T3604] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 68.917020][ T28] audit: type=1400 audit(324.807:1433): avc: denied { name_bind } for pid=3575 comm="syz.5.1386" src=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 68.953565][ T3602] device erspan0 entered promiscuous mode [ 68.961401][ T3606] loop3: detected capacity change from 0 to 256 [ 68.971329][ T3602] device erspan0 left promiscuous mode [ 68.974275][ T28] audit: type=1400 audit(324.817:1434): avc: denied { node_bind } for pid=3575 comm="syz.5.1386" saddr=1b00:f0e7:de7e:d2be:af2d:c4a8:b890:26c6 src=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 69.108250][ T3615] loop3: detected capacity change from 0 to 512 [ 69.129074][ T3615] EXT4-fs: Ignoring removed orlov option [ 69.154315][ T3615] EXT4-fs (loop3): orphan cleanup on readonly fs [ 69.161951][ T3615] EXT4-fs error (device loop3): ext4_find_extent:900: inode #4: comm syz.3.1402: inode has invalid extent depth: 7 [ 69.174807][ T3615] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=-117 [ 69.184678][ T3615] EXT4-fs warning (device loop3): ext4_enable_quotas:7041: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 69.207612][ T3615] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 69.217640][ T3615] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 69.238309][ T3615] EXT4-fs (loop3): unmounting filesystem. [ 69.283279][ T3627] loop1: detected capacity change from 0 to 256 [ 69.304322][ T3627] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 69.347793][ T28] audit: type=1400 audit(325.357:1435): avc: denied { append } for pid=3626 comm="syz.1.1408" path="/296/file0/cpu.stat" dev="loop1" ino=1048690 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 69.392616][ T3633] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 69.399910][ T3633] IPv6: NLM_F_CREATE should be set when creating new route [ 69.407229][ T3633] IPv6: NLM_F_CREATE should be set when creating new route [ 70.170515][ T1367] tipc: Node number set to 2886997007 [ 70.278826][ T3650] loop1: detected capacity change from 0 to 512 [ 70.303869][ T3613] loop0: detected capacity change from 0 to 131072 [ 70.317696][ T3613] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0) [ 70.335909][ T3650] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 70.340113][ T3613] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 70.364932][ T3613] F2FS-fs (loop0): invalid crc value [ 70.371191][ T28] audit: type=1400 audit(326.377:1436): avc: denied { setattr } for pid=3649 comm="syz.1.1419" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 70.406150][ T3639] loop4: detected capacity change from 0 to 40427 [ 70.418416][ T287] EXT4-fs (loop1): unmounting filesystem. [ 70.429727][ T3639] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 70.438088][ T3639] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 70.441013][ T3613] F2FS-fs (loop0): Found nat_bits in checkpoint [ 70.470280][ T3662] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1421'. [ 70.499340][ T3639] F2FS-fs (loop4): invalid crc value [ 70.524809][ T3639] F2FS-fs (loop4): Found nat_bits in checkpoint [ 70.549204][ T3669] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1424'. [ 70.559139][ T3669] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1424'. [ 70.582107][ T3613] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 70.594685][ T3613] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 70.617750][ T3639] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 70.639359][ T3639] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 70.743803][ T3685] SELinux: failed to load policy [ 70.769269][ T3689] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 70.793431][ T3691] loop1: detected capacity change from 0 to 512 [ 70.817035][ T3691] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 70.868610][ T3691] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1436: casefold flag without casefold feature [ 70.912556][ T3691] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1436: couldn't read orphan inode 15 (err -117) [ 70.944777][ T3691] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 70.998467][ T3691] EXT4-fs warning (device loop1): ext4_empty_dir:3147: inode #2: comm syz.1.1436: directory missing '.' [ 71.039147][ T3708] kvm [3707]: vcpu0, guest rIP: 0xfff0 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x1, nop [ 71.075340][ T287] EXT4-fs (loop1): unmounting filesystem. [ 71.113455][ T3714] loop3: detected capacity change from 0 to 1024 [ 71.140428][ T3714] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 71.157339][ T3724] syz_tun: refused to change device tx_queue_len [ 71.167785][ T3714] EXT4-fs (loop3): can't mount with commit=3, fs mounted w/o journal [ 71.176480][ T3727] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1450'. [ 71.236009][ T3735] loop5: detected capacity change from 0 to 1024 [ 71.305401][ T3735] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 71.345851][ T3735] EXT4-fs error (device loop5): ext4_check_all_de:666: inode #12: block 7: comm syz.5.1453: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 71.490268][ T339] EXT4-fs (loop5): unmounting filesystem. [ 71.657686][ T3783] tap0: tun_chr_ioctl cmd 1074025677 [ 71.679646][ T3783] tap0: linktype set to 270 [ 71.704444][ T3756] loop4: detected capacity change from 0 to 40427 [ 71.742896][ T3756] F2FS-fs (loop4): fault_injection options not supported [ 71.772968][ T3756] F2FS-fs (loop4): Image doesn't support compression [ 71.791778][ T3756] F2FS-fs (loop4): Image doesn't support compression [ 71.803613][ T3799] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.805363][ T3756] F2FS-fs (loop4): invalid crc value [ 71.810910][ T3799] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.817668][ T3756] F2FS-fs (loop4): Found nat_bits in checkpoint [ 71.866074][ T3805] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1486'. [ 71.880457][ T3756] F2FS-fs (loop4): Start checkpoint disabled! [ 71.893566][ T3756] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 71.936536][ T3808] loop1: detected capacity change from 0 to 256 [ 71.952001][ T3811] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=112 sclass=netlink_audit_socket pid=3811 comm=syz.3.1488 [ 72.017867][ T308] kworker/u4:3: attempt to access beyond end of device [ 72.017867][ T308] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 72.035734][ T3815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1492'. [ 72.206476][ T3838] loop4: detected capacity change from 0 to 512 [ 72.220513][ T3838] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.228753][ T3838] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 72.236687][ T3838] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e128, mo2=0002] [ 72.245335][ T3838] EXT4-fs (loop4): orphan cleanup on readonly fs [ 72.253114][ T3838] EXT4-fs warning (device loop4): ext4_enable_quotas:7041: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 72.267945][ T3838] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 72.279611][ T3843] I/O error, dev loop11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 72.289324][ T3843] FAT-fs (loop11): unable to read boot sector [ 72.293073][ T3838] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1490: bg 0: block 40: padding at end of block bitmap is not set [ 72.318159][ T3838] EXT4-fs (loop4): Remounting filesystem read-only [ 72.335159][ T3838] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 72.348216][ T3838] EXT4-fs (loop4): Remounting filesystem read-only [ 72.355137][ T3838] EXT4-fs (loop4): 1 truncate cleaned up [ 72.361172][ T3838] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 72.392146][ T3838] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1490: bad symlink. [ 72.405461][ T3838] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1490: bad symlink. [ 72.417978][ T3838] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.1490: bad symlink. [ 72.436321][ T289] EXT4-fs (loop4): unmounting filesystem. [ 72.457625][ T3381] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 72.496302][ T3862] loop4: detected capacity change from 0 to 128 [ 72.522650][ T3862] FAT-fs (loop4): Directory bread(block 32) failed [ 72.539903][ T3862] FAT-fs (loop4): Directory bread(block 33) failed [ 72.547145][ T3862] FAT-fs (loop4): Directory bread(block 34) failed [ 72.556732][ T3862] FAT-fs (loop4): Directory bread(block 35) failed [ 72.564671][ T3862] FAT-fs (loop4): Directory bread(block 36) failed [ 72.587692][ T3862] FAT-fs (loop4): Directory bread(block 37) failed [ 72.594925][ T3862] FAT-fs (loop4): Directory bread(block 38) failed [ 72.601718][ T3862] FAT-fs (loop4): Directory bread(block 39) failed [ 72.608415][ T3862] FAT-fs (loop4): Directory bread(block 40) failed [ 72.615044][ T3862] FAT-fs (loop4): Directory bread(block 41) failed [ 72.647859][ T3381] usb 1-1: Using ep0 maxpacket: 16 [ 72.654112][ T3381] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 72.674331][ T3381] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 72.697521][ T3381] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.707677][ T3381] usb 1-1: Product: syz [ 72.715882][ T3381] usb 1-1: Manufacturer: syz [ 72.724403][ T3381] usb 1-1: SerialNumber: syz [ 72.730558][ T3381] usb 1-1: config 0 descriptor?? [ 72.746095][ T3381] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 72.769323][ T3381] usb 1-1: Detected FT232R [ 72.940998][ T3381] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 72.964105][ T3898] loop3: detected capacity change from 0 to 512 [ 73.013924][ T3898] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 73.023518][ T3905] syz.4.1531[3905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.023594][ T3905] syz.4.1531[3905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.040022][ T3898] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #4: comm syz.3.1528: corrupted inode contents [ 73.072998][ T3898] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #4: comm syz.3.1528: mark_inode_dirty error [ 73.085899][ T3898] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #4: comm syz.3.1528: corrupted inode contents [ 73.098342][ T3898] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #4: comm syz.3.1528: mark_inode_dirty error [ 73.110720][ T3905] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 73.127730][ T3905] SELinux: failed to load policy [ 73.133016][ T3898] EXT4-fs error (device loop3): ext4_acquire_dquot:6789: comm syz.3.1528: Failed to acquire dquot type 1 [ 73.156236][ T3252] EXT4-fs (loop3): unmounting filesystem. [ 73.168157][ T3381] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 73.254654][ T3926] devpts: called with bogus options [ 73.298169][ T3930] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1538'. [ 73.374865][ T3381] usb 1-1: USB disconnect, device number 9 [ 73.397095][ T3381] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 73.412319][ T3381] ftdi_sio 1-1:0.0: device disconnected [ 73.470937][ T3948] loop1: detected capacity change from 0 to 2048 [ 73.600301][ T290] kernel write not supported for file /input/event2 (pid: 290 comm: kworker/1:2) [ 73.702160][ T3972] loop5: detected capacity change from 0 to 128 [ 73.767527][ T39] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 73.818020][ T3980] loop1: detected capacity change from 0 to 128 [ 73.844294][ T3980] EXT4-fs: Ignoring removed nobh option [ 73.853126][ T3980] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 73.854756][ T3983] loop5: detected capacity change from 0 to 512 [ 73.885973][ T3983] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 73.896193][ T3970] loop3: detected capacity change from 0 to 40427 [ 73.903087][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 73.903104][ T28] audit: type=1400 audit(329.907:1465): avc: denied { lock } for pid=3977 comm="syz.1.1559" path="/335/mnt/file1" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 73.932494][ T3970] F2FS-fs (loop3): fault_injection options not supported [ 73.940648][ T287] EXT4-fs (loop1): unmounting filesystem. [ 73.956029][ T339] EXT4-fs (loop5): unmounting filesystem. [ 73.962032][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 73.967701][ T28] audit: type=1400 audit(329.907:1466): avc: denied { unlink } for pid=3977 comm="syz.1.1559" name="file1" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 73.991169][ T28] audit: type=1400 audit(329.957:1467): avc: denied { write } for pid=3985 comm="syz.0.1563" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 74.019680][ T39] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 74.020369][ T3970] F2FS-fs (loop3): invalid crc value [ 74.041819][ T39] usb 5-1: config 0 has no interface number 0 [ 74.057171][ T39] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.064384][ T3970] F2FS-fs (loop3): Found nat_bits in checkpoint [ 74.077077][ T39] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.096902][ T39] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 74.115990][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.128421][ T3970] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 74.134061][ T39] usb 5-1: config 0 descriptor?? [ 74.237987][ T3252] syz-executor: attempt to access beyond end of device [ 74.237987][ T3252] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 74.364879][ T3988] loop1: detected capacity change from 0 to 40427 [ 74.377212][ T28] audit: type=1400 audit(330.377:1468): avc: denied { getattr } for pid=4000 comm="syz.5.1568" name="/" dev="dax" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 74.418770][ T3988] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 74.428797][ T3988] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 74.455922][ T3988] F2FS-fs (loop1): invalid crc value [ 74.481826][ T3988] F2FS-fs (loop1): Found nat_bits in checkpoint [ 74.548522][ T3988] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 74.566632][ T3988] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 74.667747][ T287] syz-executor: attempt to access beyond end of device [ 74.667747][ T287] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 74.756665][ T39] uclogic 0003:28BD:0071.000E: failed retrieving string descriptor #100: -71 [ 74.771163][ T39] uclogic 0003:28BD:0071.000E: failed retrieving pen parameters: -71 [ 74.784015][ T39] uclogic 0003:28BD:0071.000E: pen probing failed: -71 [ 74.797529][ T39] uclogic 0003:28BD:0071.000E: failed probing parameters: -71 [ 74.815320][ T39] uclogic: probe of 0003:28BD:0071.000E failed with error -71 [ 74.826330][ T39] usb 5-1: USB disconnect, device number 6 [ 74.835255][ T4024] loop5: detected capacity change from 0 to 512 [ 74.895151][ T4024] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 75.016976][ T28] audit: type=1400 audit(331.017:1469): avc: denied { read } for pid=4036 comm="syz.1.1581" name="file0" dev="tmpfs" ino=1777 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 75.131187][ T4043] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1584'. [ 75.156427][ T4043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1584'. [ 75.320345][ T4063] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1594'. [ 75.333738][ T4063] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1594'. [ 75.349137][ T4063] netlink: 'syz.1.1594': attribute type 5 has an invalid length. [ 75.357812][ T4063] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1594'. [ 75.446029][ T4075] loop0: detected capacity change from 0 to 512 [ 75.458522][ T4071] loop4: detected capacity change from 0 to 4096 [ 75.476824][ T4079] netlink: 'syz.3.1601': attribute type 11 has an invalid length. [ 75.495687][ T4075] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1600: invalid indirect mapped block 10 (level 1) [ 75.511329][ T4071] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 75.531037][ T4075] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.1600: invalid indirect mapped block 8 (level 1) [ 75.541959][ T4071] EXT4-fs (loop4): Online defrag not supported with bigalloc [ 75.547924][ T4075] EXT4-fs (loop0): 1 truncate cleaned up [ 75.559115][ T4075] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 75.576798][ T289] EXT4-fs (loop4): unmounting filesystem. [ 75.580964][ T4075] syz.0.1600 (pid 4075) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 75.593677][ T4075] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 213 vs 220 free clusters [ 75.624534][ T339] EXT4-fs (loop5): unmounting filesystem. [ 75.637248][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 75.662973][ T4089] loop3: detected capacity change from 0 to 512 [ 75.689139][ T4096] loop0: detected capacity change from 0 to 512 [ 75.726099][ T4089] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 75.818408][ T4100] loop8: detected capacity change from 0 to 7 [ 75.846175][ T28] audit: type=1400 audit(331.847:1470): avc: denied { write } for pid=4106 comm="syz.0.1613" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 75.891716][ T3252] EXT4-fs (loop3): unmounting filesystem. [ 75.895204][ T4092] loop4: detected capacity change from 0 to 40427 [ 75.906823][ T4092] F2FS-fs (loop4): heap/no_heap options were deprecated [ 75.919655][ T4092] F2FS-fs (loop4): invalid crc value [ 75.926862][ T4092] F2FS-fs (loop4): Found nat_bits in checkpoint [ 75.971602][ T4113] loop5: detected capacity change from 0 to 1024 [ 75.990494][ T4115] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1614'. [ 75.990821][ T4092] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 76.002271][ T4113] EXT4-fs: Ignoring removed nobh option [ 76.030234][ T4113] EXT4-fs: Ignoring removed bh option [ 76.042485][ T4113] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.079285][ T289] syz-executor: attempt to access beyond end of device [ 76.079285][ T289] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 76.094054][ T4113] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 76.113583][ T4128] loop3: detected capacity change from 0 to 128 [ 76.174669][ T4128] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 76.184805][ T339] EXT4-fs (loop5): unmounting filesystem. [ 76.207628][ T4128] FAT-fs (loop3): Filesystem has been set read-only [ 76.214266][ T4128] syz.3.1622: attempt to access beyond end of device [ 76.214266][ T4128] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 76.217158][ T4134] sch_fq: defrate 2048 ignored. [ 76.261594][ T4137] input: syz1 as /devices/virtual/input/input17 [ 76.272400][ T4139] tap0: tun_chr_ioctl cmd 1074025677 [ 76.277753][ T4128] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 76.277780][ T4128] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 76.294443][ T4128] syz.3.1622: attempt to access beyond end of device [ 76.294443][ T4128] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 76.294782][ T4139] tap0: linktype set to 773 [ 76.327568][ T4128] syz.3.1622: attempt to access beyond end of device [ 76.327568][ T4128] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 76.552152][ T4165] loop1: detected capacity change from 0 to 512 [ 76.559253][ T4165] ext4: Unknown parameter 'permit_directio' [ 76.576565][ T291] hid-generic 0000:0004:0000.000F: hidraw0: HID v0.00 Device [syz0] on syz1 [ 76.654328][ T4169] fido_id[4169]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 76.687601][ T39] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 76.788871][ T28] audit: type=1400 audit(332.797:1471): avc: denied { listen } for pid=4188 comm="syz.4.1647" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 76.877806][ T39] usb 6-1: Using ep0 maxpacket: 16 [ 76.887657][ T4195] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1652'. [ 76.895985][ T39] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 76.910369][ T39] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 76.921910][ T39] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 76.927302][ T4163] loop0: detected capacity change from 0 to 40427 [ 76.935013][ T39] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 76.946811][ T39] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.955337][ T39] usb 6-1: Product: syz [ 76.959942][ T39] usb 6-1: Manufacturer: syz [ 76.964825][ T39] usb 6-1: SerialNumber: syz [ 76.965129][ T4163] F2FS-fs (loop0): fault_injection options not supported [ 76.980669][ T4163] F2FS-fs (loop0): heap/no_heap options were deprecated [ 77.019036][ T4163] F2FS-fs (loop0): Image doesn't support compression [ 77.031474][ T4163] F2FS-fs (loop0): invalid crc value [ 77.039019][ T4163] F2FS-fs (loop0): Found nat_bits in checkpoint [ 77.159095][ T4163] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 77.181814][ T4227] loop4: detected capacity change from 0 to 16 [ 77.186939][ T102] udevd[102]: worker [307] terminated by signal 33 (Unknown signal 33) [ 77.198366][ T102] udevd[102]: worker [307] failed while handling '/devices/virtual/block/loop0' [ 77.208242][ T4227] erofs: (device loop4): mounted with root inode @ nid 36. [ 77.224316][ T102] udevd[102]: worker [644] terminated by signal 33 (Unknown signal 33) [ 77.240260][ T102] udevd[102]: worker [644] failed while handling '/devices/virtual/block/loop4' [ 77.249906][ T1476] syz-executor: attempt to access beyond end of device [ 77.249906][ T1476] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 77.274981][ T28] audit: type=1400 audit(333.277:1472): avc: denied { connect } for pid=4228 comm="syz.1.1666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 77.380588][ T3381] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 77.389259][ T39] usb 6-1: 0:2 : does not exist [ 77.577667][ T3381] usb 4-1: Using ep0 maxpacket: 16 [ 77.583899][ T3381] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 77.593420][ T3381] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.602188][ T3381] usb 4-1: config 0 descriptor?? [ 78.007589][ T39] usb 6-1: USB disconnect, device number 6 [ 78.016119][ T3381] lenovo 0003:17EF:6047.0010: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.3-1/input0 [ 78.516664][ T4251] netlink: 'syz.4.1676': attribute type 4 has an invalid length. [ 78.570004][ T4260] loop4: detected capacity change from 0 to 256 [ 78.619324][ T3381] lenovo 0003:17EF:6047.0010: Fn-lock setting failed: -71 [ 78.631532][ T4266] loop0: detected capacity change from 0 to 256 [ 78.640393][ T28] audit: type=1400 audit(334.647:1473): avc: denied { mount } for pid=4267 comm="syz.1.1681" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 78.647758][ T3381] lenovo 0003:17EF:6047.0010: Sensitivity setting failed: -71 [ 78.674140][ T4266] FAT-fs (loop0): Unrecognized mount option "" or missing value [ 78.692899][ T3381] usb 4-1: USB disconnect, device number 9 [ 78.711954][ T4273] tipc: Started in network mode [ 78.744896][ T4273] tipc: Node identity ac141425, cluster identity 4711 [ 78.756654][ T4273] tipc: New replicast peer: 0.0.0.0 [ 78.763227][ T4273] tipc: Enabled bearer , priority 10 [ 78.764391][ T4277] binder: 4275:4277 ioctl c0306201 200000000480 returned -14 [ 78.769472][ T28] audit: type=1400 audit(334.767:1474): avc: denied { set_context_mgr } for pid=4275 comm="syz.4.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 78.770013][ T4278] tipc: New replicast peer: 172.20.20.170 [ 78.781970][ T4271] fido_id[4271]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 78.859030][ T4282] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1691'. [ 78.954869][ T4299] loop0: detected capacity change from 0 to 1024 [ 78.986772][ T4299] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.016096][ T4299] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 79.039406][ T4299] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.1699: missing EA_INODE flag [ 79.052092][ T4299] EXT4-fs (loop0): Remounting filesystem read-only [ 79.059337][ T4299] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1699: error while reading EA inode 11 err=-117 [ 79.087647][ T4299] EXT4-fs (loop0): Remounting filesystem read-only [ 79.104496][ T4299] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.1699: missing EA_INODE flag [ 79.104636][ T4299] EXT4-fs (loop0): Remounting filesystem read-only [ 79.104672][ T4299] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1699: error while reading EA inode 11 err=-117 [ 79.104764][ T4299] EXT4-fs (loop0): Remounting filesystem read-only [ 79.119175][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 79.247881][ T4333] tipc: Enabling of bearer rejected, failed to enable media [ 79.350537][ T28] audit: type=1400 audit(335.357:1475): avc: denied { map } for pid=4342 comm="syz.5.1717" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 79.577839][ T4360] loop0: detected capacity change from 0 to 256 [ 79.596139][ T4360] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d) [ 79.623291][ T28] audit: type=1400 audit(335.627:1476): avc: denied { watch } for pid=4359 comm="syz.0.1722" path="/202/file2/file0" dev="loop0" ino=1048698 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 79.696113][ T4367] loop0: detected capacity change from 0 to 512 [ 79.747517][ T4367] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 79.753379][ T4367] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #2: comm syz.0.1723: corrupted inode contents [ 79.769017][ T4367] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #2: comm syz.0.1723: mark_inode_dirty error [ 79.769263][ T4367] EXT4-fs error (device loop0): ext4_do_update_inode:5255: inode #2: comm syz.0.1723: corrupted inode contents [ 79.769406][ T4367] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.1723: mark_inode_dirty error [ 79.779670][ T28] audit: type=1400 audit(335.777:1477): avc: denied { rename } for pid=4363 comm="syz.0.1723" name="file0" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 79.781286][ T3381] tipc: Node number set to 2886997029 [ 79.833018][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 79.873179][ T4373] tipc: Enabling of bearer rejected, media not registered [ 80.051512][ T4389] loop0: detected capacity change from 0 to 16 [ 80.078938][ T4391] loop3: detected capacity change from 0 to 512 [ 80.088150][ T4389] erofs: (device loop0): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 125300) [ 80.105949][ T4391] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.123437][ T4391] EXT4-fs (loop3): orphan cleanup on readonly fs [ 80.170517][ T4391] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 80.181149][ T4391] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 80.191537][ T4391] EXT4-fs error (device loop3): ext4_acquire_dquot:6789: comm syz.3.1735: Failed to acquire dquot type 1 [ 80.213902][ T4391] EXT4-fs (loop3): 1 truncate cleaned up [ 80.223709][ T4391] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 80.253154][ T28] audit: type=1400 audit(336.257:1478): avc: denied { remount } for pid=4390 comm="syz.3.1735" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 80.275440][ T4391] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 80.323796][ T4391] EXT4-fs warning (device loop3): ext4_multi_mount_protect:338: MMP startup interrupted, failing mount [ 80.323796][ T4391] [ 80.375638][ T3252] EXT4-fs (loop3): unmounting filesystem. [ 80.410283][ T28] audit: type=1400 audit(336.417:1479): avc: denied { create } for pid=4413 comm="syz.3.1742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 80.459063][ T28] audit: type=1400 audit(336.437:1480): avc: denied { read } for pid=4413 comm="syz.3.1742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 80.493808][ T4420] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000004 [ 80.563488][ T4426] loop5: detected capacity change from 0 to 512 [ 80.632403][ T4426] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2195: inode #15: comm syz.5.1747: corrupted in-inode xattr [ 80.716697][ T4426] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1747: couldn't read orphan inode 15 (err -117) [ 80.737511][ T4426] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 80.783803][ T339] EXT4-fs (loop5): unmounting filesystem. [ 80.792843][ T4447] netlink: 'syz.4.1757': attribute type 4 has an invalid length. [ 80.907923][ T28] audit: type=1400 audit(336.917:1481): avc: denied { mount } for pid=4456 comm="syz.1.1771" name="/" dev="ramfs" ino=36440 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 80.933562][ T4453] syz.5.1758 (4453) used greatest stack depth: 19872 bytes left [ 81.202870][ T4479] 9p: Unknown uid 00000000004294967295 [ 81.215458][ T4485] syz.5.1773[4485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.215540][ T4485] syz.5.1773[4485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.445191][ T4509] loop5: detected capacity change from 0 to 256 [ 81.478841][ T4509] FAT-fs (loop5): Unrecognized mount option "" or missing value [ 81.707501][ T39] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 81.801334][ T4532] loop0: detected capacity change from 0 to 1024 [ 81.825200][ T4532] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 81.843094][ T4532] EXT4-fs (loop0): group descriptors corrupted! [ 81.871250][ T4536] bridge0: port 3(syz_tun) entered blocking state [ 81.888209][ T4536] bridge0: port 3(syz_tun) entered disabled state [ 81.895783][ T4536] device syz_tun entered promiscuous mode [ 81.907609][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 81.918389][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 81.940818][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 81.961600][ T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 81.981899][ T4542] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000004 [ 81.994086][ T39] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 82.003924][ T4540] netlink: 'syz.0.1795': attribute type 12 has an invalid length. [ 82.018717][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.038871][ T39] usb 5-1: config 0 descriptor?? [ 82.060283][ T4545] loop0: detected capacity change from 0 to 1024 [ 82.068725][ T4545] EXT4-fs: Ignoring removed oldalloc option [ 82.074799][ T4545] EXT4-fs: Ignoring removed orlov option [ 82.106042][ T4545] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 82.182454][ T28] audit: type=1400 audit(338.187:1482): avc: denied { map } for pid=4544 comm="syz.0.1800" path="/219/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 82.230696][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 82.258443][ T4552] loop5: detected capacity change from 0 to 2048 [ 82.320938][ T4552] Alternate GPT is invalid, using primary GPT. [ 82.327247][ T4552] loop5: p2 p3 p7 [ 82.371333][ T4564] loop1: detected capacity change from 0 to 256 [ 82.414071][ T4564] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 82.449871][ T39] uclogic 0003:28BD:0071.0011: interface is invalid, ignoring [ 82.464503][ T420] udevd[420]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 82.476031][ T1988] udevd[1988]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory [ 82.485831][ T4564] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 82.497729][ T651] udevd[651]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory [ 82.639464][ T4588] loop0: detected capacity change from 0 to 512 [ 82.650500][ T3381] usb 5-1: USB disconnect, device number 7 [ 82.664880][ T4586] SELinux: failed to load policy [ 82.674077][ T4588] ext3: Unknown parameter 'fowner>00000000000000000000' [ 83.039215][ T4612] loop3: detected capacity change from 0 to 128 [ 83.079099][ T650] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 83.281384][ T4643] loop5: detected capacity change from 0 to 1024 [ 83.288546][ T4643] EXT4-fs: Ignoring removed bh option [ 83.294353][ T4643] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 83.327349][ T4643] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 83.344985][ T4643] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 83.400612][ T339] EXT4-fs (loop5): unmounting filesystem. [ 83.537507][ T3381] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 83.657613][ T291] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 83.717568][ T3381] usb 5-1: Using ep0 maxpacket: 16 [ 83.724022][ T3381] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 83.733228][ T3381] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.741812][ T3381] usb 5-1: config 0 descriptor?? [ 83.838663][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.849625][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.859443][ T291] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 83.872375][ T291] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 83.881672][ T291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.890969][ T291] usb 4-1: config 0 descriptor?? [ 84.151311][ T3381] lenovo 0003:17EF:6047.0012: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 84.299349][ T291] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x6 [ 84.306971][ T291] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 84.316491][ T291] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 84.550567][ T3381] lenovo 0003:17EF:6047.0012: Failed to switch middle button: -71 [ 84.558786][ T3381] lenovo 0003:17EF:6047.0012: Fn-lock setting failed: -71 [ 84.566200][ T3381] lenovo 0003:17EF:6047.0012: Sensitivity setting failed: -71 [ 84.568509][ T291] usb 4-1: USB disconnect, device number 10 [ 84.575235][ T3381] usb 5-1: USB disconnect, device number 8 [ 84.606387][ T4655] fido_id[4655]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 85.074175][ T4657] loop0: detected capacity change from 0 to 512 [ 85.089398][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 85.089414][ T28] audit: type=1400 audit(341.097:1487): avc: denied { name_bind } for pid=4660 comm="syz.5.1848" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 85.133472][ T4657] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #15: comm syz.0.1857: pblk 0 bad header/extent: invalid magic - magic 7973, entries 1402, max 27648(0), depth 25964(25964) [ 85.173167][ T4657] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1857: couldn't read orphan inode 15 (err -117) [ 85.186556][ T4657] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 85.228350][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 85.232849][ T28] audit: type=1400 audit(341.237:1488): avc: denied { setattr } for pid=4678 comm="syz.4.1854" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 85.276835][ T4683] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 85.294340][ T28] audit: type=1400 audit(341.297:1489): avc: denied { relabelto } for pid=4682 comm="syz.0.1855" name="226" dev="tmpfs" ino=1193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 85.353030][ T28] audit: type=1400 audit(341.297:1490): avc: denied { associate } for pid=4682 comm="syz.0.1855" name="226" dev="tmpfs" ino=1193 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0" [ 85.385789][ T28] audit: type=1400 audit(341.337:1491): avc: denied { write } for pid=1476 comm="syz-executor" name="226" dev="tmpfs" ino=1193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 85.398734][ T4697] loop0: detected capacity change from 0 to 128 [ 85.412854][ T28] audit: type=1400 audit(341.337:1492): avc: denied { remove_name } for pid=1476 comm="syz-executor" name="binderfs" dev="tmpfs" ino=1197 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 85.450705][ T28] audit: type=1400 audit(341.337:1493): avc: denied { rmdir } for pid=1476 comm="syz-executor" name="226" dev="tmpfs" ino=1193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 85.474600][ T4697] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002] [ 85.484402][ T4697] System zones: 1-3, 19-19, 35-36 [ 85.490636][ T4697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 85.512022][ T4697] EXT4-fs warning (device loop0): verify_group_input:151: Cannot add at group 469864759 (only 1 groups) [ 85.545014][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 85.557571][ T39] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 85.616622][ T4719] loop4: detected capacity change from 0 to 256 [ 85.673991][ T4723] loop0: detected capacity change from 0 to 256 [ 85.747568][ T39] usb 2-1: Using ep0 maxpacket: 8 [ 85.760111][ T39] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 85.782677][ T39] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 85.807624][ T39] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 85.829924][ T39] usb 2-1: config 250 has no interface number 0 [ 85.842781][ T39] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 85.858877][ T4736] device ip6gre2 entered promiscuous mode [ 85.864477][ T39] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 85.875675][ T39] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 256 [ 85.886356][ T39] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 85.900440][ T39] usb 2-1: config 250 interface 228 has no altsetting 0 [ 85.920203][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 85.931505][ T4740] loop0: detected capacity change from 0 to 1024 [ 85.936640][ T39] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 85.949758][ T4740] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 85.960095][ T39] usb 2-1: Product: syz [ 85.962260][ T4740] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 85.975577][ T4740] JBD2: no valid journal superblock found [ 85.981481][ T4740] EXT4-fs (loop0): error loading journal [ 85.981677][ T39] usb 2-1: SerialNumber: syz [ 86.025947][ T28] audit: type=1400 audit(342.027:1494): avc: denied { validate_trans } for pid=4739 comm="syz.0.1884" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 86.054365][ T39] hub 2-1:250.228: bad descriptor, ignoring hub [ 86.071849][ T39] hub: probe of 2-1:250.228 failed with error -5 [ 86.100243][ T4750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1889'. [ 86.172540][ T28] audit: type=1400 audit(342.177:1495): avc: denied { ioctl } for pid=4755 comm="syz.5.1892" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 86.201594][ T4762] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 86.210867][ T4762] FAT-fs (loop1): unable to read boot sector [ 86.266944][ T39] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 6 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 86.279675][ T28] audit: type=1400 audit(342.287:1496): avc: denied { nlmsg_read } for pid=4763 comm="syz.5.1896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 86.373946][ T4779] loop5: detected capacity change from 0 to 512 [ 86.394475][ T4779] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 86.416472][ T339] EXT4-fs (loop5): unmounting filesystem. [ 86.486787][ T4785] loop0: detected capacity change from 0 to 1024 [ 86.501622][ T4785] EXT4-fs: Ignoring removed bh option [ 86.511459][ T4785] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.529158][ T4785] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 86.542860][ T4785] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 86.567882][ C1] usblp0: nonzero read bulk status received: -71 [ 86.586803][ T1476] EXT4-fs (loop0): unmounting filesystem. [ 86.597829][ T1367] usb 2-1: USB disconnect, device number 6 [ 86.605119][ T1367] usblp0: removed [ 86.966356][ T4820] loop0: detected capacity change from 0 to 2048 [ 86.995186][ T4820] GPT:first_usable_lbas don't match. [ 87.003168][ T4820] GPT:34 != 290 [ 87.011316][ T4820] GPT: Use GNU Parted to correct GPT errors. [ 87.018134][ T4820] loop0: p1 p2 p3 [ 87.081927][ T420] udevd[420]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 87.085774][ T651] udevd[651]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 87.095723][ T650] udevd[650]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 87.165259][ T650] udevd[650]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 87.177507][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 87.177510][ T4670] Bluetooth: hci0: command 0x1003 tx timeout [ 87.193478][ T4663] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 87.205781][ T651] udevd[651]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 87.217399][ T420] udevd[420]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 87.270627][ T4848] loop5: detected capacity change from 0 to 4096 [ 87.301444][ T4848] EXT4-fs (loop5): Test dummy encryption mode enabled [ 87.315300][ T4848] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 87.400220][ T4858] kvm: apic: phys broadcast and lowest prio [ 87.408386][ T39] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 87.484017][ T339] EXT4-fs (loop5): unmounting filesystem. [ 87.598652][ T39] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 87.610642][ T39] usb 1-1: config 0 interface 0 has no altsetting 0 [ 87.634600][ T39] usb 1-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00 [ 87.653621][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.680637][ T4888] netlink: 'syz.1.1946': attribute type 12 has an invalid length. [ 87.691863][ T39] usb 1-1: config 0 descriptor?? [ 87.697561][ T4888] netlink: 'syz.1.1946': attribute type 29 has an invalid length. [ 87.697949][ T4836] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 87.719180][ T4888] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1946'. [ 87.732399][ T4892] netlink: 'syz.4.1947': attribute type 5 has an invalid length. [ 87.740367][ T4888] netlink: 'syz.1.1946': attribute type 1 has an invalid length. [ 87.837415][ T4903] loop1: detected capacity change from 0 to 512 [ 88.165811][ T39] uclogic 0003:28BD:0078.0014: interface is invalid, ignoring [ 88.187732][ T24] ================================================================== [ 88.195830][ T24] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480 [ 88.202883][ T24] Write of size 8 at addr ffff888123844a00 by task kworker/1:0/24 [ 88.210737][ T24] [ 88.213073][ T24] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 88.223139][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.233555][ T24] Workqueue: usb_hub_wq hub_event [ 88.238614][ T24] Call Trace: [ 88.241894][ T24] [ 88.244821][ T24] __dump_stack+0x21/0x24 [ 88.249170][ T24] dump_stack_lvl+0xee/0x150 [ 88.253797][ T24] ? __cfi_dump_stack_lvl+0x8/0x8 [ 88.258853][ T24] ? enqueue_timer+0xae/0x480 [ 88.263814][ T24] print_address_description+0x71/0x210 [ 88.269375][ T24] print_report+0x4a/0x60 [ 88.273714][ T24] kasan_report+0x122/0x150 [ 88.278222][ T24] ? enqueue_timer+0xae/0x480 [ 88.283014][ T24] __asan_report_store8_noabort+0x17/0x20 [ 88.288779][ T24] enqueue_timer+0xae/0x480 [ 88.293423][ T24] __mod_timer+0x79f/0xb30 [ 88.298050][ T24] schedule_timeout+0x127/0x2e0 [ 88.303102][ T24] ? __cfi_schedule_timeout+0x10/0x10 [ 88.308600][ T24] ? __cfi_process_timeout+0x10/0x10 [ 88.313994][ T24] ? __cfi__raw_spin_lock+0x10/0x10 [ 88.319204][ T24] ? _raw_spin_lock+0x8e/0xe0 [ 88.323973][ T24] wait_for_common+0x354/0x620 [ 88.328811][ T24] ? usb_hcd_giveback_urb+0x351/0x410 [ 88.334219][ T24] ? wait_for_completion+0x20/0x20 [ 88.339364][ T24] ? usb_submit_urb+0x122d/0x1900 [ 88.344398][ T24] wait_for_completion_timeout+0xe/0x10 [ 88.349952][ T24] usb_start_wait_urb+0x166/0x2f0 [ 88.354998][ T24] ? usb_api_blocking_completion+0xb0/0xb0 [ 88.360834][ T24] ? usb_alloc_urb+0x44/0x140 [ 88.365534][ T24] ? __kasan_check_write+0x14/0x20 [ 88.370671][ T24] usb_control_msg+0x241/0x3f0 [ 88.375460][ T24] hub_ext_port_status+0x100/0x6b0 [ 88.380616][ T24] hub_event+0x7e6/0x4680 [ 88.385059][ T24] ? __vunmap+0xab0/0xb70 [ 88.389414][ T24] ? __kmem_cache_free+0xb7/0x1b0 [ 88.394447][ T24] ? __cfi_hub_event+0x10/0x10 [ 88.399246][ T24] ? __kasan_check_write+0x14/0x20 [ 88.404374][ T24] ? _raw_spin_lock_irq+0x8f/0xe0 [ 88.409403][ T24] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 88.415475][ T24] ? bpf_prog_free_deferred+0x614/0x720 [ 88.421026][ T24] ? pwq_dec_nr_in_flight+0x18c/0x3c0 [ 88.426577][ T24] process_one_work+0x71f/0xc40 [ 88.431528][ T24] worker_thread+0xa29/0x11f0 [ 88.436226][ T24] kthread+0x281/0x320 [ 88.440382][ T24] ? __cfi_worker_thread+0x10/0x10 [ 88.445504][ T24] ? __cfi_kthread+0x10/0x10 [ 88.450110][ T24] ret_from_fork+0x1f/0x30 [ 88.454540][ T24] [ 88.457557][ T24] [ 88.459874][ T24] Allocated by task 4663: [ 88.464198][ T24] kasan_set_track+0x4b/0x70 [ 88.468895][ T24] kasan_save_alloc_info+0x25/0x30 [ 88.474020][ T24] __kasan_kmalloc+0x95/0xb0 [ 88.478643][ T24] __kmalloc+0xb1/0x1e0 [ 88.483363][ T24] hci_alloc_dev_priv+0x27/0x1bd0 [ 88.488761][ T24] hci_uart_tty_ioctl+0x3d6/0xa20 [ 88.493804][ T24] tty_ioctl+0x8ef/0xc60 [ 88.498071][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 88.502762][ T24] __x64_sys_ioctl+0x7b/0x90 [ 88.507559][ T24] x64_sys_call+0x58b/0x9a0 [ 88.512083][ T24] do_syscall_64+0x4c/0xa0 [ 88.516510][ T24] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 88.522456][ T24] [ 88.524863][ T24] Freed by task 4663: [ 88.528874][ T24] kasan_set_track+0x4b/0x70 [ 88.533476][ T24] kasan_save_free_info+0x31/0x50 [ 88.538507][ T24] ____kasan_slab_free+0x132/0x180 [ 88.543620][ T24] __kasan_slab_free+0x11/0x20 [ 88.548468][ T24] slab_free_freelist_hook+0xc2/0x190 [ 88.553855][ T24] __kmem_cache_free+0xb7/0x1b0 [ 88.558713][ T24] kfree+0x6f/0xf0 [ 88.562519][ T24] hci_release_dev+0x13ad/0x1500 [ 88.567457][ T24] bt_host_release+0x82/0x90 [ 88.572045][ T24] device_release+0xa4/0x1d0 [ 88.576714][ T24] kobject_put+0x19d/0x280 [ 88.581126][ T24] put_device+0x1f/0x30 [ 88.585364][ T24] hci_dev_cmd+0x265/0x720 [ 88.589784][ T24] hci_sock_ioctl+0x41e/0x7f0 [ 88.594460][ T24] sock_do_ioctl+0x101/0x310 [ 88.599053][ T24] sock_ioctl+0x4d8/0x6e0 [ 88.603399][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 88.608080][ T24] __x64_sys_ioctl+0x7b/0x90 [ 88.613285][ T24] x64_sys_call+0x58b/0x9a0 [ 88.617792][ T24] do_syscall_64+0x4c/0xa0 [ 88.622213][ T24] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 88.628109][ T24] [ 88.630462][ T24] Last potentially related work creation: [ 88.636179][ T24] kasan_save_stack+0x3a/0x60 [ 88.640851][ T24] __kasan_record_aux_stack+0xb6/0xc0 [ 88.646220][ T24] kasan_record_aux_stack_noalloc+0xb/0x10 [ 88.652024][ T24] insert_work+0x51/0x300 [ 88.656472][ T24] __queue_work+0x9b1/0xd30 [ 88.661028][ T24] queue_work_on+0xd2/0x140 [ 88.665542][ T24] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 88.670505][ T24] hci_cmd_sync_status+0x53/0x120 [ 88.675539][ T24] hci_dev_cmd+0x628/0x720 [ 88.680016][ T24] hci_sock_ioctl+0x41e/0x7f0 [ 88.684702][ T24] sock_do_ioctl+0x101/0x310 [ 88.689366][ T24] sock_ioctl+0x4d8/0x6e0 [ 88.693790][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 88.698489][ T24] __x64_sys_ioctl+0x7b/0x90 [ 88.703100][ T24] x64_sys_call+0x58b/0x9a0 [ 88.707607][ T24] do_syscall_64+0x4c/0xa0 [ 88.712044][ T24] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 88.717952][ T24] [ 88.720269][ T24] Second to last potentially related work creation: [ 88.726841][ T24] kasan_save_stack+0x3a/0x60 [ 88.731526][ T24] __kasan_record_aux_stack+0xb6/0xc0 [ 88.736904][ T24] kasan_record_aux_stack_noalloc+0xb/0x10 [ 88.742720][ T24] insert_work+0x51/0x300 [ 88.747056][ T24] __queue_work+0x9b1/0xd30 [ 88.751558][ T24] queue_work_on+0xd2/0x140 [ 88.756060][ T24] hci_cmd_timeout+0x191/0x200 [ 88.760825][ T24] process_one_work+0x71f/0xc40 [ 88.765671][ T24] worker_thread+0xa29/0x11f0 [ 88.770813][ T24] kthread+0x281/0x320 [ 88.774881][ T24] ret_from_fork+0x1f/0x30 [ 88.779383][ T24] [ 88.781698][ T24] The buggy address belongs to the object at ffff888123844000 [ 88.781698][ T24] which belongs to the cache kmalloc-8k of size 8192 [ 88.795752][ T24] The buggy address is located 2560 bytes inside of [ 88.795752][ T24] 8192-byte region [ffff888123844000, ffff888123846000) [ 88.809215][ T24] [ 88.811544][ T24] The buggy address belongs to the physical page: [ 88.817964][ T24] page:ffffea00048e1000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123840 [ 88.828209][ T24] head:ffffea00048e1000 order:3 compound_mapcount:0 compound_pincount:0 [ 88.836527][ T24] flags: 0x4000000000010200(slab|head|zone=1) [ 88.842617][ T24] raw: 4000000000010200 ffffea000448d000 dead000000000006 ffff888100043500 [ 88.851222][ T24] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 88.859802][ T24] page dumped because: kasan: bad access detected [ 88.866218][ T24] page_owner tracks the page as allocated [ 88.871924][ T24] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 608, tgid 607 (syz.0.118), ts 29121932336, free_ts 26015819771 [ 88.894518][ T24] post_alloc_hook+0x1f5/0x210 [ 88.899313][ T24] prep_new_page+0x1c/0x110 [ 88.903929][ T24] get_page_from_freelist+0x2c6e/0x2ce0 [ 88.909480][ T24] __alloc_pages+0x19e/0x3a0 [ 88.914069][ T24] alloc_slab_page+0x6e/0xf0 [ 88.918659][ T24] new_slab+0x98/0x3d0 [ 88.922727][ T24] ___slab_alloc+0x6f6/0xb50 [ 88.928227][ T24] __slab_alloc+0x5e/0xa0 [ 88.932576][ T24] __kmem_cache_alloc_node+0x203/0x2c0 [ 88.938041][ T24] __kmalloc+0xa1/0x1e0 [ 88.942244][ T24] vhost_dev_set_owner+0x41c/0xa20 [ 88.947372][ T24] vhost_dev_ioctl+0xbe/0xf70 [ 88.952066][ T24] vhost_vsock_dev_ioctl+0x21d/0xd90 [ 88.957356][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 88.962043][ T24] __x64_sys_ioctl+0x7b/0x90 [ 88.966640][ T24] x64_sys_call+0x58b/0x9a0 [ 88.971238][ T24] page last free stack trace: [ 88.975941][ T24] free_unref_page_prepare+0x742/0x750 [ 88.981411][ T24] free_unref_page+0x8f/0x530 [ 88.986104][ T24] __free_pages+0x67/0x100 [ 88.990519][ T24] free_pages+0x82/0x90 [ 88.994761][ T24] kasan_depopulate_vmalloc_pte+0x6b/0x90 [ 89.000572][ T24] __apply_to_page_range+0x8c1/0xc00 [ 89.005861][ T24] apply_to_existing_page_range+0x38/0x50 [ 89.011582][ T24] kasan_release_vmalloc+0x97/0xb0 [ 89.016698][ T24] __purge_vmap_area_lazy+0xd47/0x1850 [ 89.022149][ T24] drain_vmap_area_work+0x3e/0xd0 [ 89.027709][ T24] process_one_work+0x71f/0xc40 [ 89.032576][ T24] worker_thread+0xa29/0x11f0 [ 89.037258][ T24] kthread+0x281/0x320 [ 89.041328][ T24] ret_from_fork+0x1f/0x30 [ 89.045757][ T24] [ 89.048090][ T24] Memory state around the buggy address: [ 89.053720][ T24] ffff888123844900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.061885][ T24] ffff888123844980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.070046][ T24] >ffff888123844a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.078098][ T24] ^ [ 89.082882][ T24] ffff888123844a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.090948][ T24] ffff888123844b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.099094][ T24] ================================================================== [ 89.107148][ T24] Disabling lock debugging due to kernel taint [ 89.113850][ T291] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 89.138501][ T6] usb 1-1: USB disconnect, device number 10 [ 89.257567][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 89.269318][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 89.278071][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 89.289044][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.299104][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 89.304406][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 f8 d2 28 00 4c 89 ff e8 70 c6 a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 29 6d 00 49 8b 7d 00 e8 53 c2 [ 89.324367][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 89.330433][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b2880 [ 89.338507][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 89.346737][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 89.355490][ C1] R10: ffffed1024708939 R11: 1ffff11024708939 R12: dffffc0000000000 [ 89.363728][ C1] R13: 0000000000000000 R14: ffff8881238449c8 R15: 0000000000000008 [ 89.369043][ T291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.371709][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 89.382699][ T291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.391488][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.391509][ C1] CR2: 000000110c3014a3 CR3: 00000001215ea000 CR4: 00000000003506a0 [ 89.391526][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.391538][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.401869][ T291] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 89.407921][ C1] Call Trace: [ 89.407932][ C1] [ 89.407945][ C1] delayed_work_timer_fn+0x61/0x80 [ 89.416139][ T291] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 89.424268][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 89.424308][ C1] call_timer_fn+0x46/0x2a0 [ 89.424332][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 89.432522][ T291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.445323][ C1] __run_timers+0x667/0x9a0 [ 89.445365][ C1] ? calc_index+0x200/0x200 [ 89.445393][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 89.467564][ T1367] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 89.471379][ C1] run_timer_softirq+0x6a/0xf0 [ 89.471415][ C1] handle_softirqs+0x1d7/0x600 [ 89.520934][ C1] ? irqtime_account_irq+0xc4/0x240 [ 89.526137][ C1] __irq_exit_rcu+0x52/0xf0 [ 89.530630][ C1] irq_exit_rcu+0x9/0x10 [ 89.534863][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 89.540497][ C1] [ 89.543418][ C1] [ 89.546346][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 89.552335][ C1] RIP: 0010:default_idle+0xf/0x20 [ 89.557365][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 23 79 56 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 89.577154][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257 [ 89.583233][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b2880 RCX: 46543b18a4cf6f00 [ 89.591291][ C1] RDX: 0000000000000001 RSI: ffffffff85a9f680 RDI: ffffffff85a9f640 [ 89.599368][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917 [ 89.607342][ C1] R10: 0000000000000000 R11: ffffffff84efba50 R12: 0000000000000000 [ 89.615351][ C1] R13: 0000000000000000 R14: ffff8881003b2880 R15: dffffc0000000000 [ 89.623329][ C1] ? __cfi_default_idle+0x10/0x10 [ 89.628362][ C1] arch_cpu_idle+0x1c/0x20 [ 89.633286][ C1] default_idle_call+0x71/0x1d0 [ 89.638216][ C1] do_idle+0x1a7/0x520 [ 89.642274][ C1] ? __do_set_cpus_allowed+0x1a6/0x290 [ 89.647741][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 89.652952][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 89.658973][ C1] ? complete+0x167/0x1c0 [ 89.663344][ C1] cpu_startup_entry+0x43/0x60 [ 89.668105][ C1] start_secondary+0x119/0x120 [ 89.672956][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 89.678851][ C1] [ 89.681929][ C1] Modules linked in: [ 89.685830][ C1] ---[ end trace 0000000000000000 ]--- [ 89.691362][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 89.696658][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 f8 d2 28 00 4c 89 ff e8 70 c6 a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 29 6d 00 49 8b 7d 00 e8 53 c2 [ 89.716266][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 89.718726][ T1367] usb 4-1: config 0 has an invalid interface number: 156 but max is 0 [ 89.722362][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b2880 [ 89.722380][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 89.730682][ T1367] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 89.738569][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 89.738589][ C1] R10: ffffed1024708939 R11: 1ffff11024708939 R12: dffffc0000000000 [ 89.738606][ C1] R13: 0000000000000000 R14: ffff8881238449c8 R15: 0000000000000008 [ 89.747374][ T1367] usb 4-1: config 0 has no interface number 0 [ 89.757768][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 89.757794][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.757807][ C1] CR2: 000000110c3014a3 CR3: 00000001215ea000 CR4: 00000000003506a0 [ 89.757824][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.765863][ T1367] usb 4-1: config 0 interface 156 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 89.773843][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.773863][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 89.774112][ C1] Kernel Offset: disabled [ 89.851965][ C1] Rebooting in 86400 seconds..