last executing test programs: 4.804650853s ago: executing program 3: futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000), 0x0) 3.809399286s ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r3}, 0x10) write$cgroup_int(r0, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 3.092890106s ago: executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) setxattr$security_capability(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2, 0x14, 0x0) fchmodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0) 2.720824263s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000300)="038333a45d7a557db9552de00b02b94297bc23167fe85761da902d03f3a06f97c199e77de0488db352283bd2374ca1009be50bccf148b2d6b41db0769d45c33c33aaefa9c6e50553d6e043c6081068ce80aefd8d940233efb21758c5e27abaab7a689e97fed710c3ca87190cbb884c631687e6a87aeb115fe13d1da6c3a46ad784c6da6f59e297c001198405b5f8add83bb16adecad71845faa9020356cbe52d7767e76e5c497bd7bafc77b01d07ad4ed97ff2cda4ca36595c8d45d60516120f7774297fad961f82dc3ed68e137f003b", 0xd0}, {&(0x7f0000000500)="f4cca7dd697f038fc4bac5216a55797da11b4e1d243759c3dfe4a307411ac7b686469c0e535710e9", 0x28}], 0x2}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000600)="0f268911624ebd53d8e41f22429814991ed1174acac2c7630114ebaf3b4662143a833987ccea05e29d1bd97e07827b956dcd5c5a8d389e", 0x37}], 0x1}}], 0x2, 0x0) recvmmsg(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)=""/170, 0xaa}, {&(0x7f0000000a40)=""/133, 0x85}], 0x2}}], 0x1, 0x0, 0x0) 2.597847232s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='ext4_da_reserve_space\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='ext4_da_reserve_space\x00', r3}, 0x10) write$cgroup_pid(r1, &(0x7f0000000580), 0x12) 2.503905657s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x18, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x48) 2.488125849s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 2.420763739s ago: executing program 0: rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000000000)) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) 2.332058392s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x11f25000) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000140)={0x0, 0x7fff, 0x0, 0xfc}, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x568}, @qdisc_kind_options=@q_ingress={0xc}]}, 0x38}}, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f3, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @multicast1}}}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000025000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d56825c4bf261d1ec069e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3510ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00'}, 0x48) 2.274676622s ago: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x80000000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000048500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup3(r0, r3, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/4096, 0xfffffffffffffeea, 0x0, 0x0}, &(0x7f0000000280)=0x40) r5 = fcntl$dupfd(r3, 0x0, r4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000001380)={&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xa9, 0x0, 0x0, 0xc00c0000}, &(0x7f0000001400)=0x40) 2.207226852s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.850632467s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c"], 0x0}, 0x90) syz_usb_connect$cdc_ecm(0x0, 0x85, &(0x7f0000000a00)=ANY=[@ANYBLOB="12010000020000102505a1a4400000000101090273000101000000090400001802020000052412"], 0x0) 1.677457733s ago: executing program 1: bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='pids.current\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x32}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x80841, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000c00), 0x6e, 0x0, 0x0, &(0x7f0000000c80), 0x150}, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) close(0xffffffffffffffff) recvmsg$unix(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000003c0)=""/94, 0x5e}, {&(0x7f0000000740)=""/254, 0xfe}], 0x2, &(0x7f0000000340)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}, 0x40000161) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080005300000000faff0000940000000fad413e550000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) 1.622085682s ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='jbd2_update_log_tail\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x4004662b, 0x20001412) 1.477191434s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000300)="038333a45d7a557db9552de00b02b94297bc23167fe85761da902d03f3a06f97c199e77de0488db352283bd2374ca1009be50bccf148b2d6b41db0769d45c33c33aaefa9c6e50553d6e043c6081068ce80aefd8d940233efb21758c5e27abaab7a689e97fed710c3ca87190cbb884c631687e6a87aeb115fe13d1da6c3a46ad784c6da6f59e297c001198405b5f8add83bb16adecad71845faa9020356cbe52d7767e76e5c497bd7bafc77b01d07ad4ed97ff2cda4ca36595c8d45d60516120f7774297fad961f82dc3ed68e137f003b", 0xd0}, {&(0x7f0000000500)="f4cca7dd697f038fc4bac5216a55797da11b4e1d243759c3dfe4a307411ac7b686469c0e535710e9", 0x28}], 0x2}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000600)="0f268911624ebd53d8e41f22429814991ed1174acac2c7630114ebaf3b4662143a833987ccea05e29d1bd97e07827b956dcd5c5a8d389e", 0x37}], 0x1}}], 0x2, 0x0) recvmmsg(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)=""/170, 0xaa}, {&(0x7f0000000a40)=""/133, 0x85}], 0x2}}], 0x1, 0x0, 0x0) 1.457526117s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='ext4_da_reserve_space\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='ext4_da_reserve_space\x00', r3}, 0x10) write$cgroup_pid(r1, &(0x7f0000000580), 0x12) 1.359020622s ago: executing program 4: timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) nanosleep(&(0x7f0000000300)={0x77359400}, 0x0) 1.314053159s ago: executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x5, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x2}]}]}, {0x0, [0x0, 0x61, 0x3e]}}, 0x0, 0x31}, 0x20) 1.224894043s ago: executing program 1: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='jbd2_handle_stats\x00', r0}, 0x31) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180900002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000f60020850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='jbd2_handle_stats\x00', r1}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 1.145629524s ago: executing program 2: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x18, 0x16, 0xa01, 0x0, 0x0, {0x0, 0x0, 0x2}, [@nested={0x4}]}, 0x18}}, 0x0) 1.058057438s ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r4, &(0x7f0000000180), 0x40010) 1.005352546s ago: executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r4}, 0x10) ioctl$TUNSETOFFLOAD(r3, 0x40086607, 0x20001412) 879.642185ms ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x15, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x9, 0x6, 0x0, 0x0, r1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180093a99bcc2ba0a1b793a54801c9d3d70000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f0000000040)={0x4699}) r5 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x4e23, 0xfffffffd, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x8}}}, 0x108) r6 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r6, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x12e, 0x0) 829.728883ms ago: executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000000)={@my=0x1}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x0}) 729.721468ms ago: executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b323675149783ec057ec6d6e8e600b9eced07ddcc56b77d8ea08223"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) sendto$inet(r0, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06) recvfrom(r0, &(0x7f0000000140)=""/153, 0x99, 0x40000160, &(0x7f00000002c0)=@xdp, 0x80) 325.14305ms ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='jbd2_update_log_tail\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x4004662b, 0x20001412) 219.463907ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 218.990757ms ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x80000000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000048500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup3(r0, r3, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/4096, 0xfffffffffffffeea, 0x0, 0x0}, &(0x7f0000000280)=0x40) r5 = fcntl$dupfd(r3, 0x0, r4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000001380)={&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xa9, 0x0, 0x0, 0xc00c0000}, &(0x7f0000001400)=0x40) 108.652254ms ago: executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000000540)='./file0\x00') ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes128, 0x0, @desc1}) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_mount_image$fuse(0x0, &(0x7f0000000e80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000001380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xab59, 0x0, "6682c2284dc9fe1a2de832609b4fcd1c897a36"}) r2 = dup(r0) write$UHID_INPUT(r2, 0x0, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040)) ioctl$PPPIOCSACTIVE(r3, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) read(r3, 0x0, 0x2) pwrite64(r3, &(0x7f0000000340)="5da1", 0x2, 0x0) 0s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) kernel console output (not intermixed with test programs): 49][ T6239] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor.0: couldn't read orphan inode 16 (err -117) [ 213.345763][ T6239] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 213.356704][ T6239] ext4 filesystem being mounted at /root/syzkaller-testdir1201144265/syzkaller.sobqUa/29/file1 supports timestamps until 2038 (0x7fffffff) [ 213.538426][ T990] usb 4-1: Using ep0 maxpacket: 8 [ 213.605651][ T6257] loop4: detected capacity change from 0 to 8192 [ 213.668615][ T990] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.679672][ T990] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.689284][ T990] usb 4-1: New USB device found, idVendor=18d1, idProduct=5028, bcdDevice= 0.00 [ 213.698065][ T990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.706534][ T990] usb 4-1: config 0 descriptor?? [ 213.797025][ T6267] loop0: detected capacity change from 0 to 512 [ 213.807054][ T6266] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 213.859962][ T6267] EXT4-fs (loop0): 1 truncate cleaned up [ 213.865435][ T6267] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=continue,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback. [ 214.560432][ T990] hid-multitouch 0003:18D1:5028.0034: hidraw0: USB HID v0.00 Device [HID 18d1:5028] on usb-dummy_hcd.3-1/input0 [ 214.776335][ T990] usb 4-1: USB disconnect, device number 19 [ 215.422162][ T6297] input: syz0 as /devices/virtual/input/input31 [ 215.448446][ T26] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 215.476812][ T6298] loop1: detected capacity change from 0 to 8192 [ 215.600108][ T6302] EXT4-fs warning (device sda1): verify_group_input:147: Cannot add at group 4095 (only 8 groups) [ 215.688456][ T26] usb 3-1: Using ep0 maxpacket: 8 [ 215.808568][ T26] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 215.819766][ T26] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 215.829492][ T26] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 215.845747][ T6306] device veth0_to_bridge entered promiscuous mode [ 215.852107][ T6306] device macsec1 entered promiscuous mode [ 215.859507][ T6306] device veth0_to_bridge left promiscuous mode [ 215.918581][ T26] usb 3-1: New USB device found, idVendor=0001, idProduct=8000, bcdDevice= 0.00 [ 215.927552][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 215.935364][ T26] usb 3-1: SerialNumber: syz [ 215.958539][ T6283] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 215.979197][ T26] hub 3-1:1.0: bad descriptor, ignoring hub [ 215.984965][ T26] hub: probe of 3-1:1.0 failed with error -5 [ 216.018844][ T6310] loop4: detected capacity change from 0 to 512 [ 216.062488][ T6310] EXT4-fs (loop4): 1 orphan inode deleted [ 216.068046][ T6310] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 216.089023][ T6310] ext4 filesystem being mounted at /root/syzkaller-testdir2392295023/syzkaller.PNRiLw/144/file1 supports timestamps until 2038 (0x7fffffff) [ 216.106131][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 216.106144][ T30] audit: type=1400 audit(1718590787.505:9430): avc: denied { mounton } for pid=6309 comm="syz-executor.4" path="/root/syzkaller-testdir2392295023/syzkaller.PNRiLw/144/file1/bus" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 216.144149][ T6310] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #16: block 41: comm syz-executor.4: lblock 0 mapped to illegal pblock 41 (length 1) [ 216.159250][ T6310] EXT4-fs (loop4): Remounting filesystem read-only [ 216.165642][ T6310] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 216.179163][ T6310] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 216.188679][ T6310] EXT4-fs error (device loop4): ext4_alloc_file_blocks:4509: inode #16: comm syz-executor.4: mark_inode_dirty error [ 216.247510][ T6283] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 216.321405][ T4717] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 216.563297][ T6328] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.570213][ T6328] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.577459][ T6328] device bridge_slave_0 entered promiscuous mode [ 216.584060][ T3578] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 216.584589][ T6328] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.598294][ T6328] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.605466][ T6328] device bridge_slave_1 entered promiscuous mode [ 216.647144][ T6328] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.654020][ T6328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.661126][ T6328] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.667870][ T6328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.686863][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.694594][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.701784][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.711414][ T26] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 216.723704][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.732006][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.738877][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.746137][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.754430][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.761277][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.768499][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 216.785159][ T6328] device veth0_vlan entered promiscuous mode [ 216.791714][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 216.799973][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 216.807808][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 216.815070][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 216.823019][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.830584][ T3578] usb 2-1: Using ep0 maxpacket: 8 [ 216.843619][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.854115][ T6328] device veth1_macvtap entered promiscuous mode [ 216.866315][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.878108][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.886279][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.948500][ T3578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.959681][ T3578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.969482][ T3578] usb 2-1: New USB device found, idVendor=18d1, idProduct=5028, bcdDevice= 0.00 [ 216.978487][ T3578] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.986956][ T3578] usb 2-1: config 0 descriptor?? [ 217.220207][ T6345] loop4: detected capacity change from 0 to 512 [ 217.280858][ T6345] EXT4-fs (loop4): 1 orphan inode deleted [ 217.286469][ T6345] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 217.307572][ T6345] ext4 filesystem being mounted at /root/syzkaller-testdir3858624847/syzkaller.ojB6XR/1/file1 supports timestamps until 2038 (0x7fffffff) [ 217.331044][ T6345] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #16: block 41: comm syz-executor.4: lblock 0 mapped to illegal pblock 41 (length 1) [ 217.345941][ T6345] EXT4-fs (loop4): Remounting filesystem read-only [ 217.352538][ T6345] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 217.365747][ T6345] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 217.375357][ T6345] EXT4-fs error (device loop4): ext4_alloc_file_blocks:4509: inode #16: comm syz-executor.4: mark_inode_dirty error [ 217.457763][ T6328] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 217.474016][ T3578] hid-multitouch 0003:18D1:5028.0035: hidraw0: USB HID v0.00 Device [HID 18d1:5028] on usb-dummy_hcd.1-1/input0 [ 217.676243][ T3578] usb 2-1: USB disconnect, device number 16 [ 217.785555][ T6364] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.793193][ T6364] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.801227][ T6364] device bridge_slave_0 entered promiscuous mode [ 217.808606][ T6364] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.815531][ T6364] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.823188][ T6364] device bridge_slave_1 entered promiscuous mode [ 217.879181][ T6372] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 217.924927][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.933621][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.946170][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.954956][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.963064][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.969934][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.978320][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.985866][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.994688][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.003232][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.010102][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.028340][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 218.036374][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 218.044782][ T6374] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 218.058953][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.067956][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.088696][ T6374] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 218.101625][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 218.116524][ T6364] device veth0_vlan entered promiscuous mode [ 218.123738][ T45] device bridge_slave_1 left promiscuous mode [ 218.130460][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.138306][ T45] device bridge_slave_0 left promiscuous mode [ 218.145227][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.154199][ T45] device veth1_macvtap left promiscuous mode [ 218.160344][ T45] device veth0_vlan left promiscuous mode [ 218.272357][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 218.286858][ T6364] device veth1_macvtap entered promiscuous mode [ 218.299062][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 218.307923][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 218.315791][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 218.333881][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 218.342435][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 218.354132][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 218.362484][ T3578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 218.761580][ T6392] cgroup: Bad value for 'name' [ 218.928825][ T6391] loop4: detected capacity change from 0 to 512 [ 218.960217][ T6391] EXT4-fs (loop4): orphan cleanup on readonly fs [ 218.967432][ T6391] EXT4-fs (loop4): 1 orphan inode deleted [ 218.973319][ T6391] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 219.738131][ T6410] input: syz0 as /devices/virtual/input/input32 [ 220.028512][ T990] usb 3-1: USB disconnect, device number 27 [ 220.034645][ T990] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 220.150764][ T6422] loop3: detected capacity change from 0 to 256 [ 220.650844][ T6438] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 221.499367][ T6465] device pim6reg1 entered promiscuous mode [ 221.548280][ T6467] syz-executor.3[6467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 221.548341][ T6467] syz-executor.3[6467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 221.711682][ T6471] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 222.110898][ T6482] loop3: detected capacity change from 0 to 256 [ 222.657524][ T6496] device pim6reg1 entered promiscuous mode [ 222.703888][ T6499] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 222.786203][ T30] audit: type=1326 audit(1718590794.185:9431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.810731][ T30] audit: type=1326 audit(1718590794.195:9432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.834842][ T30] audit: type=1326 audit(1718590794.195:9433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.869265][ T30] audit: type=1326 audit(1718590794.245:9434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.893260][ T30] audit: type=1326 audit(1718590794.255:9435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.917257][ T30] audit: type=1326 audit(1718590794.255:9436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.941246][ T30] audit: type=1326 audit(1718590794.265:9437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 222.965206][ T30] audit: type=1326 audit(1718590794.305:9438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f123b1a8627 code=0x7ffc0000 [ 222.989215][ T30] audit: type=1326 audit(1718590794.305:9439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f123b16e309 code=0x7ffc0000 [ 223.012794][ T30] audit: type=1326 audit(1718590794.305:9440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6498 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123b1aaea9 code=0x7ffc0000 [ 224.116294][ T6529] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 224.225302][ T6532] device pim6reg1 entered promiscuous mode [ 224.288450][ T333] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 224.518444][ T990] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 224.567007][ T6543] loop0: detected capacity change from 0 to 256 [ 224.617136][ T6543] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 224.648497][ T333] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.659358][ T333] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 224.672056][ T333] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 224.681032][ T333] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.689361][ T333] usb 4-1: config 0 descriptor?? [ 224.768446][ T990] usb 5-1: Using ep0 maxpacket: 32 [ 224.888940][ T990] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.899739][ T990] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.909352][ T990] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 224.918172][ T990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.958915][ T990] hub 5-1:4.0: USB hub found [ 225.117996][ T6556] syz-executor.1[6556] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.118051][ T6556] syz-executor.1[6556] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.130358][ T6556] syz-executor.1[6556] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.142065][ T6556] syz-executor.1[6556] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.179131][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.198221][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.205526][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.212785][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.219999][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.227238][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.234470][ T990] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 225.242275][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.251060][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.258320][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.259112][ T6559] device pim6reg1 entered promiscuous mode [ 225.265933][ T333] plantronics 0003:047F:FFFF.0036: unknown main item tag 0x0 [ 225.279551][ T990] usb 5-1: USB disconnect, device number 21 [ 225.286392][ T333] plantronics 0003:047F:FFFF.0036: unbalanced collection at end of report description [ 225.295937][ T333] plantronics 0003:047F:FFFF.0036: parse failed [ 225.302058][ T333] plantronics: probe of 0003:047F:FFFF.0036 failed with error -22 [ 225.386607][ T333] usb 4-1: USB disconnect, device number 20 [ 225.641953][ T6568] loop1: detected capacity change from 0 to 1024 [ 225.676821][ T6568] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsdgroups,resuid=0x0000000000000000,noblock_validity,minixdf,dioread_lock,journal_ioprio=0x0000000000000006,data_err=abort,,errors=continue. Quota mode: writeback. [ 225.706548][ T6568] input: syz1 as /devices/virtual/input/input33 [ 226.815878][ T6591] device pim6reg1 entered promiscuous mode [ 227.138007][ T6596] loop4: detected capacity change from 0 to 40427 [ 227.194238][ T6596] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 227.202112][ T6596] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 227.211081][ T6596] F2FS-fs (loop4): invalid crc value [ 227.217404][ T6596] F2FS-fs (loop4): Found nat_bits in checkpoint [ 227.240202][ T6596] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 227.247140][ T6596] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 227.328459][ T3578] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 227.514055][ T6606] attempt to access beyond end of device [ 227.514055][ T6606] loop4: rw=2049, want=78368, limit=40427 [ 227.826293][ T3578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 227.837425][ T3578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 227.848243][ T3578] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 227.873366][ T3578] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.882518][ T3578] usb 1-1: config 0 descriptor?? [ 227.939812][ T45] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 227.948643][ T45] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 228.065666][ T6617] loop1: detected capacity change from 0 to 1024 [ 228.121068][ T6617] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsdgroups,resuid=0x0000000000000000,noblock_validity,minixdf,dioread_lock,journal_ioprio=0x0000000000000006,data_err=abort,,errors=continue. Quota mode: writeback. [ 228.152679][ T6617] input: syz1 as /devices/virtual/input/input34 [ 228.358669][ T3578] hid (null): bogus close delimiter [ 228.541203][ T30] kauditd_printk_skb: 3984 callbacks suppressed [ 228.541219][ T30] audit: type=1326 audit(1718590799.945:13425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.571688][ T30] audit: type=1326 audit(1718590799.945:13426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.595649][ T30] audit: type=1326 audit(1718590799.945:13427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.595846][ T3578] usb 1-1: language id specifier not provided by device, defaulting to English [ 228.619638][ T30] audit: type=1326 audit(1718590799.945:13428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.652085][ T30] audit: type=1326 audit(1718590799.945:13429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.676031][ T30] audit: type=1326 audit(1718590799.975:13430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.700059][ T30] audit: type=1326 audit(1718590799.975:13431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa7320c5627 code=0x7ffc0000 [ 228.723874][ T30] audit: type=1326 audit(1718590799.975:13432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa73208b309 code=0x7ffc0000 [ 228.747746][ T30] audit: type=1326 audit(1718590799.975:13433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7320c7ea9 code=0x7ffc0000 [ 228.771911][ T30] audit: type=1326 audit(1718590799.975:13434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6623 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa7320c5627 code=0x7ffc0000 [ 229.029494][ T3578] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0037/input/input35 [ 229.046724][ T3578] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0037/input/input36 [ 229.065838][ T3578] uclogic 0003:256C:006D.0037: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 229.287798][ T990] usb 1-1: USB disconnect, device number 8 [ 229.901906][ T6643] bridge: RTM_NEWNEIGH with invalid ether address [ 229.961384][ T6646] loop3: detected capacity change from 0 to 256 [ 230.082046][ T6646] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 230.488555][ T373] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 230.848584][ T373] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.859567][ T373] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 230.872757][ T373] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 230.881759][ T373] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.890277][ T373] usb 2-1: config 0 descriptor?? [ 230.968434][ T333] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 231.312193][ T6681] 9pnet: Insufficient options for proto=fd [ 231.429089][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.436403][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.443564][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.450751][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.457942][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.465339][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.472621][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.479832][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.486972][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.494248][ T373] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 231.501392][ T373] plantronics 0003:047F:FFFF.0038: unbalanced collection at end of report description [ 231.508487][ T333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.510966][ T373] plantronics 0003:047F:FFFF.0038: parse failed [ 231.521586][ T333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.527539][ T373] plantronics: probe of 0003:047F:FFFF.0038 failed with error -22 [ 231.541261][ T333] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 231.553738][ T333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.562053][ T333] usb 1-1: config 0 descriptor?? [ 231.645238][ T373] usb 2-1: USB disconnect, device number 17 [ 231.660222][ T6689] loop3: detected capacity change from 0 to 256 [ 231.708270][ T6689] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 232.028666][ T333] hid (null): bogus close delimiter [ 232.238520][ T333] usb 1-1: language id specifier not provided by device, defaulting to English [ 232.669445][ T333] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0039/input/input37 [ 232.682018][ T333] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0039/input/input38 [ 232.694695][ T333] uclogic 0003:256C:006D.0039: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 232.767673][ T6716] loop1: detected capacity change from 0 to 1024 [ 232.819428][ T6716] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsdgroups,resuid=0x0000000000000000,noblock_validity,minixdf,dioread_lock,journal_ioprio=0x0000000000000006,data_err=abort,,errors=continue. Quota mode: writeback. [ 232.849312][ T6716] input: syz1 as /devices/virtual/input/input39 [ 232.876579][ T3578] usb 1-1: USB disconnect, device number 9 [ 233.619244][ T6731] bridge: RTM_NEWNEIGH with invalid ether address [ 233.863354][ T6738] SELinux: Context system_u:object_r:var_lib_t:s0 is not valid (left unmapped). [ 233.872671][ T30] kauditd_printk_skb: 3684 callbacks suppressed [ 233.872685][ T30] audit: type=1400 audit(1718590805.275:17119): avc: denied { relabelto } for pid=6736 comm="syz-executor.4" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:var_lib_t:s0" [ 233.908774][ T30] audit: type=1400 audit(1718590805.275:17120): avc: denied { associate } for pid=6736 comm="syz-executor.4" name="/" dev="tmpfs" ino=1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:var_lib_t:s0" [ 233.968463][ T3578] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 234.066336][ T6741] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 234.208477][ T313] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 234.328528][ T3578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 234.339475][ T3578] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 234.352308][ T3578] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 234.361291][ T3578] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.369981][ T3578] usb 1-1: config 0 descriptor?? [ 234.485935][ T313] usb 2-1: Using ep0 maxpacket: 32 [ 234.617582][ T313] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 234.646630][ T313] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.656714][ T313] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 234.665673][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.740713][ T313] hub 2-1:4.0: USB hub found [ 234.860192][ T6758] loop3: detected capacity change from 0 to 512 [ 234.905408][ T6758] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 234.918771][ T6758] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 234.926890][ T6758] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1) [ 234.941833][ T6758] EXT4-fs (loop3): Remounting filesystem read-only [ 234.948547][ T6758] EXT4-fs (loop3): 1 truncate cleaned up [ 234.954095][ T6758] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 234.989474][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 234.996785][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.004070][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.011448][ T313] hub 2-1:4.0: config failed, can't read hub descriptor (err -22) [ 235.019255][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.027649][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.034926][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.042167][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.049610][ T313] usb 2-1: USB disconnect, device number 18 [ 235.056191][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.064072][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.071363][ T3578] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0 [ 235.079849][ T3578] plantronics 0003:047F:FFFF.003A: unbalanced collection at end of report description [ 235.089711][ T3578] plantronics 0003:047F:FFFF.003A: parse failed [ 235.096080][ T3578] plantronics: probe of 0003:047F:FFFF.003A failed with error -22 [ 235.192293][ T3578] usb 1-1: USB disconnect, device number 10 [ 235.699346][ T6768] loop1: detected capacity change from 0 to 40427 [ 235.736581][ T6768] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 235.744563][ T6768] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 235.753606][ T6768] F2FS-fs (loop1): invalid crc value [ 235.761564][ T6768] F2FS-fs (loop1): Found nat_bits in checkpoint [ 235.785786][ T6768] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 235.792839][ T6768] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 236.269954][ T6778] attempt to access beyond end of device [ 236.269954][ T6778] loop1: rw=2049, want=78368, limit=40427 [ 236.516708][ T354] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 236.525423][ T354] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 236.815162][ T6795] loop4: detected capacity change from 0 to 1024 [ 236.849778][ T6795] EXT4-fs (loop4): mounted filesystem without journal. Opts: discard,bsdgroups,resuid=0x0000000000000000,noblock_validity,minixdf,dioread_lock,journal_ioprio=0x0000000000000006,data_err=abort,,errors=continue. Quota mode: writeback. [ 236.882550][ T6795] input: syz1 as /devices/virtual/input/input40 [ 236.933601][ T6802] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 237.092141][ T6808] loop1: detected capacity change from 0 to 256 [ 237.140545][ T6808] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 238.452159][ T6831] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 238.461480][ T6831] fuse: Bad value for 'fd' [ 238.603005][ T6834] loop4: detected capacity change from 0 to 8192 [ 239.630428][ T354] device bridge_slave_1 left promiscuous mode [ 239.636400][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.643573][ T354] device bridge_slave_0 left promiscuous mode [ 239.649628][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.657607][ T354] device veth1_macvtap left promiscuous mode [ 239.663473][ T354] device veth0_vlan left promiscuous mode [ 239.798633][ T6858] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.805499][ T6858] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.813090][ T6858] device bridge_slave_0 entered promiscuous mode [ 239.820043][ T6858] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.826881][ T6858] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.834224][ T6858] device bridge_slave_1 entered promiscuous mode [ 239.875126][ T6858] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.881999][ T6858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.889179][ T6858] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.895940][ T6858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.915759][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.923348][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.931128][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.949483][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.957616][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.958110][ T6865] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 239.964482][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.964768][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.990834][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.997688][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.004934][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.018966][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 240.034634][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.043665][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 240.051904][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.060037][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.068239][ T6858] device veth0_vlan entered promiscuous mode [ 240.080060][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.088041][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.097666][ T6858] device veth1_macvtap entered promiscuous mode [ 240.109060][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.116570][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.124809][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.133670][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 240.141755][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 240.316713][ T6871] loop1: detected capacity change from 0 to 40427 [ 240.365693][ T6871] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 240.373608][ T6871] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 240.383186][ T6871] F2FS-fs (loop1): invalid crc value [ 240.389941][ T6871] F2FS-fs (loop1): Found nat_bits in checkpoint [ 240.415206][ T6871] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 240.422356][ T6871] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 241.392879][ T6886] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 241.402501][ T6886] fuse: Bad value for 'fd' [ 241.404164][ T6892] usb usb8: usbfs: process 6892 (syz-executor.0) did not claim interface 0 before use [ 241.426524][ T354] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 241.435256][ T354] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 241.492578][ T30] audit: type=1400 audit(1718590812.895:17121): avc: denied { map } for pid=6891 comm="syz-executor.3" path="socket:[44568]" dev="sockfs" ino=44568 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 241.790732][ T6904] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 243.538474][ T6890] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 243.798448][ T6890] usb 3-1: Using ep0 maxpacket: 16 [ 243.958542][ T6890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.969339][ T6890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.979296][ T6890] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 243.991982][ T6890] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 244.000896][ T6890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.009289][ T6890] usb 3-1: config 0 descriptor?? [ 244.519448][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.526576][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.533759][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.540962][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.548061][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.555102][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.562084][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.569132][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.576129][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.583270][ T6890] microsoft 0003:045E:07DA.003B: unknown main item tag 0x0 [ 244.594654][ T6890] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.003B/input/input41 [ 244.606703][ T6890] microsoft 0003:045E:07DA.003B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 244.727579][ T333] usb 3-1: USB disconnect, device number 28 [ 245.136034][ T6978] loop1: detected capacity change from 0 to 512 [ 245.180529][ T6978] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz-executor.1: bad orphan inode 15 [ 245.191364][ T6978] ext4_test_bit(bit=14, block=5) = 0 [ 245.196571][ T6978] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 245.315735][ T6984] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 246.216980][ T7023] loop4: detected capacity change from 0 to 512 [ 246.223155][ T60] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 248.018368][ C0] sched: RT throttling activated [ 248.080016][ T7023] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz-executor.4: bad orphan inode 15 [ 248.090890][ T7023] ext4_test_bit(bit=14, block=5) = 0 [ 248.096401][ T7023] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 248.138416][ T60] usb 1-1: Using ep0 maxpacket: 16 [ 248.278499][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.289425][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.298911][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 248.311599][ T60] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 248.320929][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.329485][ T60] usb 1-1: config 0 descriptor?? [ 249.627371][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.634456][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.642011][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.649254][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.656316][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.663336][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.670402][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.677383][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.685019][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.692100][ T60] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 249.702776][ T60] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.003C/input/input42 [ 249.715012][ T60] microsoft 0003:045E:07DA.003C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 249.727807][ T60] usb 1-1: USB disconnect, device number 11 [ 249.934677][ T7053] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 249.945198][ T7053] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 250.226593][ T7058] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 250.236005][ T7058] fuse: Bad value for 'fd' [ 250.443124][ T7050] loop1: detected capacity change from 0 to 131072 [ 250.479459][ T7050] F2FS-fs (loop1): Found nat_bits in checkpoint [ 250.504805][ T7050] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 251.903224][ T7114] loop0: detected capacity change from 0 to 512 [ 251.970727][ T7114] EXT4-fs (loop0): 1 orphan inode deleted [ 251.976417][ T7114] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 251.997488][ T7114] ext4 filesystem being mounted at /root/syzkaller-testdir1201144265/syzkaller.sobqUa/117/file1 supports timestamps until 2038 (0x7fffffff) [ 253.717606][ T7170] syz-executor.1[7170] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 253.717676][ T7170] syz-executor.1[7170] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 254.598434][ T6] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 254.988475][ T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 254.998545][ T6] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 255.007598][ T6] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 255.016606][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.025742][ T6] usb 3-1: config 0 descriptor?? [ 255.125429][ T7221] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.132392][ T7221] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.139765][ T7221] device bridge_slave_0 entered promiscuous mode [ 255.146943][ T7221] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.154068][ T7221] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.162134][ T7221] device bridge_slave_1 entered promiscuous mode [ 255.198437][ T990] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 255.223487][ T7221] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.230360][ T7221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.237453][ T7221] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.244234][ T7221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.269922][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 255.277831][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.287020][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.296420][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 255.304528][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.311405][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.332282][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.340426][ T6890] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.347379][ T6890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.357548][ T7229] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 255.372010][ T7229] loop4: detected capacity change from 0 to 128 [ 255.378597][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.386555][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 255.407041][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 255.434206][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 255.442549][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 255.452788][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 255.460273][ T333] usb 3-1: USB disconnect, device number 29 [ 255.461830][ T7221] device veth0_vlan entered promiscuous mode [ 255.471832][ T990] usb 4-1: Using ep0 maxpacket: 16 [ 255.484078][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 255.493987][ T7221] device veth1_macvtap entered promiscuous mode [ 255.506372][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 255.516430][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 255.551471][ T354] device bridge_slave_1 left promiscuous mode [ 255.557496][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.565120][ T354] device bridge_slave_0 left promiscuous mode [ 255.571211][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.571296][ T45] FAT-fs (loop4): Invalid FSINFO signature: 0x69662f2e, 0x00000207 (sector = 1) [ 255.587803][ T354] device veth1_macvtap left promiscuous mode [ 255.594072][ T354] device veth0_vlan left promiscuous mode [ 255.618488][ T990] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.629701][ T990] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.639421][ T990] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 255.660057][ T990] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 255.672974][ T990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.686159][ T990] usb 4-1: config 0 descriptor?? [ 255.968829][ T7240] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.975693][ T7240] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.983178][ T7240] device bridge_slave_0 entered promiscuous mode [ 255.990619][ T7240] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.997845][ T7240] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.005065][ T7240] device bridge_slave_1 entered promiscuous mode [ 256.066735][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 256.074092][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 256.097205][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 256.105375][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.113379][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.120226][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.127413][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 256.135624][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 256.143805][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.150670][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.157882][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 256.165877][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 256.173873][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 256.181878][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 256.191012][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 256.207684][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.216048][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 256.224285][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.231606][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.238753][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.245835][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.252889][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.259925][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.268596][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 256.271208][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.277470][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 256.283154][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.283181][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.283202][ T990] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 256.287307][ T990] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.003D/input/input43 [ 256.293288][ T7240] device veth0_vlan entered promiscuous mode [ 256.318858][ T990] microsoft 0003:045E:07DA.003D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 256.325059][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 256.348621][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 256.363175][ T7240] device veth1_macvtap entered promiscuous mode [ 256.369833][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 256.382645][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 256.390946][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 256.408966][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 256.417194][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 256.437519][ T333] usb 4-1: USB disconnect, device number 21 [ 256.540693][ T7256] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 256.640094][ T354] device bridge_slave_1 left promiscuous mode [ 256.646082][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.653627][ T354] device bridge_slave_0 left promiscuous mode [ 256.659760][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.668150][ T354] device veth1_macvtap left promiscuous mode [ 256.674008][ T354] device veth0_vlan left promiscuous mode [ 257.102934][ T7278] x_tables: unsorted underflow at hook 1 [ 257.454942][ T7290] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 257.898512][ T39] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 258.158477][ T39] usb 2-1: Using ep0 maxpacket: 16 [ 258.378800][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.389662][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.399369][ T39] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 258.412217][ T39] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 258.421170][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.428514][ T333] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 258.432821][ T39] usb 2-1: config 0 descriptor?? [ 258.698433][ T333] usb 4-1: Using ep0 maxpacket: 8 [ 258.828473][ T333] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.839269][ T333] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.848834][ T333] usb 4-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00 [ 258.857645][ T333] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.866311][ T333] usb 4-1: config 0 descriptor?? [ 258.919228][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.926481][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.933972][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.941094][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.948195][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.955274][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.962519][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.969658][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.976746][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.983850][ T39] microsoft 0003:045E:07DA.003E: unknown main item tag 0x0 [ 258.995274][ T39] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.003E/input/input44 [ 259.007376][ T39] microsoft 0003:045E:07DA.003E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 259.137560][ T39] usb 2-1: USB disconnect, device number 19 [ 259.178483][ T333] usb 4-1: string descriptor 0 read error: -71 [ 259.187005][ T333] usbhid 4-1:0.0: can't add hid device: -22 [ 259.192859][ T333] usbhid: probe of 4-1:0.0 failed with error -22 [ 259.199766][ T333] usb 4-1: USB disconnect, device number 22 [ 259.527380][ T7355] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 259.536122][ T7355] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 259.743647][ T7363] x_tables: unsorted underflow at hook 1 [ 260.181713][ T7378] syz-executor.4[7378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 260.181955][ T7378] syz-executor.4[7378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 260.508644][ T30] audit: type=1400 audit(1718590831.915:17122): avc: denied { execheap } for pid=7381 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 260.513104][ T7382] loop1: detected capacity change from 0 to 1024 [ 260.580919][ T7382] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 260.590569][ T7382] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42840!=20869) [ 260.600799][ T7382] EXT4-fs error (device loop1): ext4_get_journal_inode:5150: inode #5: comm syz-executor.1: casefold flag without casefold feature [ 260.614616][ T7378] overlayfs: failed to resolve './file0': -2 [ 260.614814][ T7382] EXT4-fs error (device loop1): ext4_get_journal_inode:5150: inode #5: comm syz-executor.1: unexpected EA_INODE flag [ 260.622208][ T7385] syz-executor.2[7385] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 260.632908][ T7382] EXT4-fs (loop1): no journal found [ 260.633227][ T7385] syz-executor.2[7385] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 260.657506][ T30] audit: type=1326 audit(1718590832.055:17123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7381 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c172b6ea9 code=0x0 [ 260.759515][ T30] audit: type=1326 audit(1718590832.165:17124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7381 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c172b6ea9 code=0x0 [ 261.725976][ T7417] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 261.734764][ T7417] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 262.207687][ T7423] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 262.216950][ T7423] SELinux: security_context_str_to_sid(root) failed for (dev bpf, type bpf) errno=-22 [ 262.608687][ T7426] syz-executor.1[7426] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 262.608778][ T7426] syz-executor.1[7426] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 262.970399][ T7425] overlayfs: failed to resolve './file0': -2 [ 263.139851][ T7435] loop3: detected capacity change from 0 to 512 [ 263.409849][ T7435] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz-executor.3: bad orphan inode 15 [ 263.440945][ T7435] ext4_test_bit(bit=14, block=5) = 0 [ 263.446154][ T7435] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 264.010767][ T7460] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 264.020132][ T7460] SELinux: security_context_str_to_sid(root) failed for (dev bpf, type bpf) errno=-22 [ 264.114825][ T7468] syz-executor.3[7468] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.114885][ T7468] syz-executor.3[7468] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 264.608422][ T60] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 264.928460][ T333] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 264.987641][ T7496] loop3: detected capacity change from 0 to 512 [ 265.033056][ T7496] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz-executor.3: bad orphan inode 15 [ 265.043988][ T7496] ext4_test_bit(bit=14, block=5) = 0 [ 265.049465][ T7496] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 265.088473][ T60] usb 5-1: Using ep0 maxpacket: 32 [ 265.168663][ T333] usb 1-1: Using ep0 maxpacket: 8 [ 265.208983][ T60] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.222222][ T60] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.232453][ T60] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 265.241503][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.288677][ T333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.303902][ T60] hub 5-1:4.0: USB hub found [ 265.308641][ T333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.318556][ T333] usb 1-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00 [ 265.327553][ T333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.346758][ T333] usb 1-1: config 0 descriptor?? [ 265.784256][ T60] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 265.798461][ T333] usb 1-1: string descriptor 0 read error: -71 [ 265.805136][ T333] usbhid 1-1:0.0: can't add hid device: -22 [ 265.810990][ T333] usbhid: probe of 1-1:0.0 failed with error -22 [ 265.817895][ T333] usb 1-1: USB disconnect, device number 12 [ 265.823911][ T60] usb 5-1: USB disconnect, device number 22 [ 266.048479][ T7506] syz-executor.3[7506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.048703][ T7506] syz-executor.3[7506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.197673][ T7506] overlayfs: failed to resolve './file0': -2 [ 266.476550][ T7516] syz-executor.4[7516] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.476850][ T7516] syz-executor.4[7516] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.499341][ T30] audit: type=1326 audit(1718590837.905:17125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0f53abea9 code=0x0 [ 266.600712][ T30] audit: type=1326 audit(1718590838.005:17126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7508 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0f53abea9 code=0x0 [ 267.015828][ T7531] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 267.024756][ T7531] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 267.622564][ T7539] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 267.631983][ T7539] fuse: Bad value for 'fd' [ 267.908509][ T333] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 268.178334][ T7547] syz-executor.0[7547] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 268.179059][ T7547] syz-executor.0[7547] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 268.779072][ T333] usb 3-1: Using ep0 maxpacket: 32 [ 268.818442][ T60] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 268.916693][ T333] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.927622][ T333] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.937225][ T333] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 268.946294][ T333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.988915][ T333] hub 3-1:4.0: USB hub found [ 269.058417][ T60] usb 4-1: Using ep0 maxpacket: 8 [ 269.178521][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.189657][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.199273][ T60] usb 4-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00 [ 269.208108][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.216613][ T60] usb 4-1: config 0 descriptor?? [ 269.258515][ T333] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 269.288655][ T333] usb 3-1: USB disconnect, device number 30 [ 269.371346][ T7546] overlayfs: failed to resolve './file0': -2 [ 269.498477][ T60] usb 4-1: string descriptor 0 read error: -71 [ 269.505028][ T60] usbhid 4-1:0.0: can't add hid device: -22 [ 269.510936][ T60] usbhid: probe of 4-1:0.0 failed with error -22 [ 269.517587][ T60] usb 4-1: USB disconnect, device number 23 [ 269.783296][ T30] audit: type=1400 audit(1718590841.185:17127): avc: denied { write } for pid=7563 comm="syz-executor.0" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 269.801502][ T7562] loop1: detected capacity change from 0 to 40427 [ 269.847595][ T7562] F2FS-fs (loop1): Found nat_bits in checkpoint [ 269.872192][ T7562] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 269.887899][ T30] audit: type=1400 audit(1718590841.285:17128): avc: denied { ioctl } for pid=7561 comm="syz-executor.1" path="/root/syzkaller-testdir3181878737/syzkaller.E4MWLd/26/file0/file0" dev="loop1" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 269.960291][ T7221] attempt to access beyond end of device [ 269.960291][ T7221] loop1: rw=2049, want=45104, limit=40427 [ 270.120621][ T7581] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 270.130046][ T7581] SELinux: security_context_str_to_sid(root) failed for (dev bpf, type bpf) errno=-22 [ 270.236246][ T7585] loop0: detected capacity change from 0 to 512 [ 270.335681][ T7589] syz-executor.2[7589] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 270.336000][ T7589] syz-executor.2[7589] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 270.559158][ T7585] EXT4-fs error (device loop0): ext4_orphan_get:1423: comm syz-executor.0: bad orphan inode 15 [ 270.581146][ T7585] ext4_test_bit(bit=14, block=5) = 0 [ 270.586349][ T7585] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 270.662307][ T7589] overlayfs: failed to resolve './file0': -2 [ 270.774538][ T7596] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 270.783329][ T7596] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 271.468422][ T333] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 271.708426][ T333] usb 3-1: Using ep0 maxpacket: 8 [ 271.767615][ T7630] loop3: detected capacity change from 0 to 512 [ 271.788546][ T7040] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 271.801813][ T7630] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz-executor.3: bad orphan inode 15 [ 271.813056][ T7630] ext4_test_bit(bit=14, block=5) = 0 [ 271.819812][ T7630] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 271.840148][ T333] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.851019][ T333] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.860667][ T333] usb 3-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00 [ 271.869618][ T333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.877977][ T333] usb 3-1: config 0 descriptor?? [ 272.148550][ T7040] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.159567][ T7040] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.168503][ T333] usb 3-1: string descriptor 0 read error: -71 [ 272.169279][ T7040] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 272.175772][ T333] usbhid 3-1:0.0: can't add hid device: -22 [ 272.184078][ T7040] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.189865][ T333] usbhid: probe of 3-1:0.0 failed with error -22 [ 272.204769][ T7040] usb 1-1: config 0 descriptor?? [ 272.205644][ T333] usb 3-1: USB disconnect, device number 31 [ 273.029346][ T7653] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 273.038583][ T7653] fuse: Bad value for 'fd' [ 273.288451][ T7040] usb 1-1: string descriptor 0 read error: -71 [ 273.308777][ T7040] uclogic 0003:256C:006D.003F: failed retrieving string descriptor #200: -71 [ 273.317544][ T7040] uclogic 0003:256C:006D.003F: failed retrieving pen parameters: -71 [ 273.325503][ T7040] uclogic 0003:256C:006D.003F: failed probing pen v2 parameters: -71 [ 273.333712][ T7040] uclogic 0003:256C:006D.003F: failed probing parameters: -71 [ 273.341098][ T7040] uclogic: probe of 0003:256C:006D.003F failed with error -71 [ 273.351854][ T7040] usb 1-1: USB disconnect, device number 13 [ 273.747322][ T7676] loop3: detected capacity change from 0 to 512 [ 273.803939][ T7676] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz-executor.3: bad orphan inode 15 [ 273.814878][ T7676] ext4_test_bit(bit=14, block=5) = 0 [ 273.826931][ T7676] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noload,auto_da_alloc=0x000000000000007f,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 273.901589][ T7681] input: syz1 as /devices/virtual/input/input49 [ 273.973673][ T7683] fuse: Unknown parameter 'group_i00000000000000000000' [ 274.071447][ T30] audit: type=1400 audit(1718590845.475:17129): avc: denied { create } for pid=7686 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 274.092242][ T30] audit: type=1400 audit(1718590845.475:17130): avc: denied { write } for pid=7686 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 274.136654][ T30] audit: type=1400 audit(1718590845.475:17131): avc: denied { nlmsg_read } for pid=7686 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 274.498418][ T7040] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 274.541661][ T7704] loop1: detected capacity change from 0 to 128 [ 275.088430][ T7040] usb 1-1: Using ep0 maxpacket: 8 [ 275.208538][ T7040] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.219326][ T7040] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 275.229056][ T7040] usb 1-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00 [ 275.238016][ T7040] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.246625][ T7040] usb 1-1: config 0 descriptor?? [ 275.455248][ T7716] loop3: detected capacity change from 0 to 40427 [ 275.519411][ T7716] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 275.527353][ T7716] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 275.528469][ T7040] usb 1-1: string descriptor 0 read error: -71 [ 275.536608][ T7716] F2FS-fs (loop3): invalid crc value [ 275.543321][ T7040] usbhid 1-1:0.0: can't add hid device: -22 [ 275.549746][ T7716] F2FS-fs (loop3): Found nat_bits in checkpoint [ 275.552823][ T7040] usbhid: probe of 1-1:0.0 failed with error -22 [ 275.565833][ T7040] usb 1-1: USB disconnect, device number 14 [ 275.581320][ T7716] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 275.588251][ T7716] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 275.608049][ T7716] attempt to access beyond end of device [ 275.608049][ T7716] loop3: rw=2049, want=45112, limit=40427 [ 275.624035][ T7716] attempt to access beyond end of device [ 275.624035][ T7716] loop3: rw=2049, want=45224, limit=40427 [ 275.668960][ T7725] loop4: detected capacity change from 0 to 512 [ 275.676877][ T5426] attempt to access beyond end of device [ 275.676877][ T5426] loop3: rw=2051, want=45224, limit=40427 [ 275.688071][ T5426] F2FS-fs (loop3): Issue discard(5639, 5639, 14) failed, ret: -5 [ 275.710132][ T7725] EXT4-fs (loop4): mounted filesystem without journal. Opts: stripe=0x00000000000001ff,grpquota,,errors=continue. Quota mode: writeback. [ 275.732529][ T7725] ext4 filesystem being mounted at /root/syzkaller-testdir3433460908/syzkaller.a0Udwi/40/file0 supports timestamps until 2038 (0x7fffffff) [ 275.749448][ T30] audit: type=1400 audit(1718590847.155:17132): avc: denied { setattr } for pid=7723 comm="syz-executor.4" path="/root/syzkaller-testdir3433460908/syzkaller.a0Udwi/40/file0" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 275.777488][ T7725] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 256: padding at end of block bitmap is not set [ 275.792166][ T7725] Quota error (device loop4): write_blk: dquota write failed [ 275.802435][ T7725] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5 [ 275.812038][ T7725] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 275.968521][ T6890] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 276.208453][ T6890] usb 2-1: Using ep0 maxpacket: 16 [ 276.249692][ T7749] loop2: detected capacity change from 0 to 128 [ 276.348676][ T6890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.360050][ T6890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.370006][ T6890] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 276.848738][ T6890] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 276.857772][ T6890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.992154][ T6890] usb 2-1: config 0 descriptor?? [ 277.239640][ T7766] loop0: detected capacity change from 0 to 512 [ 277.262362][ T30] audit: type=1326 audit(1718590848.665:17133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7768 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0f53abea9 code=0x7ffc0000 [ 277.286429][ T30] audit: type=1326 audit(1718590848.665:17134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7768 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0f53abea9 code=0x7ffc0000 [ 277.311138][ T30] audit: type=1326 audit(1718590848.665:17135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7768 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7fc0f53abea9 code=0x7ffc0000 [ 277.349892][ T7766] EXT4-fs (loop0): mounted filesystem without journal. Opts: stripe=0x00000000000001ff,grpquota,,errors=continue. Quota mode: writeback. [ 277.364093][ T7766] ext4 filesystem being mounted at /root/syzkaller-testdir1201144265/syzkaller.sobqUa/161/file0 supports timestamps until 2038 (0x7fffffff) [ 277.383308][ T7766] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 256: padding at end of block bitmap is not set [ 277.469253][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.476391][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.483637][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.490770][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.497776][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.504849][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.511939][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.519046][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.526125][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.533242][ T6890] microsoft 0003:045E:07DA.0040: unknown main item tag 0x0 [ 277.543929][ T6890] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0040/input/input50 [ 277.555620][ T6890] microsoft 0003:045E:07DA.0040: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 277.685744][ T39] usb 2-1: USB disconnect, device number 20 [ 277.771973][ T7783] loop4: detected capacity change from 0 to 128 [ 277.803444][ T7785] fuse: Unknown parameter 'group_i00000000000000000000' [ 277.832906][ T7786] loop2: detected capacity change from 0 to 2048 [ 277.889049][ T7786] loop2: p3 < > p4 < > [ 277.893178][ T7786] loop2: partition table partially beyond EOD, truncated [ 277.900374][ T7786] loop2: p3 start 4284289 is beyond EOD, truncated [ 278.221438][ T7794] loop2: detected capacity change from 0 to 512 [ 279.635180][ T7823] loop3: detected capacity change from 0 to 40427 [ 279.684059][ T7823] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 279.691669][ T7823] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 279.700689][ T7823] F2FS-fs (loop3): invalid crc value [ 279.707173][ T7823] F2FS-fs (loop3): Found nat_bits in checkpoint [ 279.729902][ T7823] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 279.737036][ T7823] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 280.011802][ T7823] attempt to access beyond end of device [ 280.011802][ T7823] loop3: rw=2049, want=45112, limit=40427 [ 280.026162][ T7823] attempt to access beyond end of device [ 280.026162][ T7823] loop3: rw=2049, want=45224, limit=40427 [ 280.082048][ T5426] attempt to access beyond end of device [ 280.082048][ T5426] loop3: rw=2051, want=45224, limit=40427 [ 280.093232][ T5426] F2FS-fs (loop3): Issue discard(5639, 5639, 14) failed, ret: -5 [ 280.220650][ T7842] loop1: detected capacity change from 0 to 128 [ 280.983810][ T7852] loop4: detected capacity change from 0 to 256 [ 281.305065][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 281.305081][ T30] audit: type=1326 audit(1718590852.705:17141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1610d4ea9 code=0x7ffc0000 [ 281.332170][ T7867] loop2: detected capacity change from 0 to 512 [ 281.334734][ T30] audit: type=1326 audit(1718590852.705:17142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7fe1610d4ea9 code=0x7ffc0000 [ 281.364788][ T30] audit: type=1326 audit(1718590852.705:17143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1610d4ea9 code=0x7ffc0000 [ 281.406009][ T7867] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 281.416167][ T7867] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 281.434829][ T7867] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 281.447122][ T7867] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 281.457572][ T7867] ext2 filesystem being mounted at /root/syzkaller-testdir198655249/syzkaller.2Buy7O/75/file0 supports timestamps until 2038 (0x7fffffff) [ 281.524152][ T7877] loop0: detected capacity change from 0 to 512 [ 281.600418][ T7877] EXT4-fs (loop0): 1 orphan inode deleted [ 281.605984][ T7877] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 281.626742][ T7877] ext4 filesystem being mounted at /root/syzkaller-testdir1201144265/syzkaller.sobqUa/169/file1 supports timestamps until 2038 (0x7fffffff) [ 281.648053][ T7877] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir1201144265/syzkaller.sobqUa/169/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 281.672162][ T7877] EXT4-fs (loop0): Remounting filesystem read-only [ 281.680680][ T7888] loop4: detected capacity change from 0 to 256 [ 281.764709][ T5836] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir1201144265/syzkaller.sobqUa/169/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 281.907417][ T30] audit: type=1326 audit(1718590853.305:17144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7895 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c172b6ea9 code=0x7ffc0000 [ 281.942524][ T30] audit: type=1326 audit(1718590853.305:17145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7895 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c172b6ea9 code=0x7ffc0000 [ 281.966674][ T30] audit: type=1326 audit(1718590853.335:17146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7895 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f7c172b6ea9 code=0x7ffc0000 [ 281.992317][ T30] audit: type=1326 audit(1718590853.335:17147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7895 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c172b6ea9 code=0x7ffc0000 [ 282.019110][ T30] audit: type=1326 audit(1718590853.335:17148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7895 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c172b6ea9 code=0x7ffc0000 [ 282.200680][ T7905] loop3: detected capacity change from 0 to 512 [ 282.250293][ T7904] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.257627][ T7904] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.265145][ T7904] device bridge_slave_0 entered promiscuous mode [ 282.271947][ T7905] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 282.281702][ T7904] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.290040][ T7905] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 282.308530][ T7904] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.316044][ T7904] device bridge_slave_1 entered promiscuous mode [ 282.324847][ T7905] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 282.337564][ T7905] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 282.358958][ T7905] ext2 filesystem being mounted at /root/syzkaller-testdir2219471166/syzkaller.25489M/188/file0 supports timestamps until 2038 (0x7fffffff) [ 282.439708][ T7904] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.446676][ T7904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.453788][ T7904] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.460552][ T7904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.469480][ T6528] device bridge_slave_1 left promiscuous mode [ 282.475434][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.483590][ T6528] device bridge_slave_0 left promiscuous mode [ 282.492669][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.501538][ T6528] device veth1_macvtap left promiscuous mode [ 282.507506][ T6528] device veth0_vlan left promiscuous mode [ 282.880351][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.887673][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.904477][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 282.912163][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 282.920070][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 282.928622][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 282.936553][ T407] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.943676][ T407] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.950877][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 282.959237][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.967484][ T407] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.974343][ T407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.984360][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 282.992973][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 283.000895][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 283.008881][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 283.025541][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 283.034354][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 283.045821][ T7920] loop3: detected capacity change from 0 to 512 [ 283.059212][ T7904] device veth0_vlan entered promiscuous mode [ 283.065965][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 283.074422][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 283.086674][ T7904] device veth1_macvtap entered promiscuous mode [ 283.093644][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 283.100981][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 283.108262][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 283.117043][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 283.125416][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 283.144236][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 283.152519][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 283.160469][ T7920] EXT4-fs (loop3): 1 orphan inode deleted [ 283.160491][ T7920] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 283.160621][ T7920] ext4 filesystem being mounted at /root/syzkaller-testdir2219471166/syzkaller.25489M/189/file1 supports timestamps until 2038 (0x7fffffff) [ 283.166531][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 283.199059][ T7920] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz-executor.3: path /root/syzkaller-testdir2219471166/syzkaller.25489M/189/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 283.201191][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 283.232444][ T7920] EXT4-fs (loop3): Remounting filesystem read-only [ 283.278332][ T7926] loop1: detected capacity change from 0 to 256 [ 283.406807][ T5426] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz-executor.3: path /root/syzkaller-testdir2219471166/syzkaller.25489M/189/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 283.692775][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.699694][ T7942] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.706746][ T7942] device bridge_slave_0 entered promiscuous mode [ 283.713799][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.720827][ T7942] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.728171][ T7942] device bridge_slave_1 entered promiscuous mode [ 283.773553][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.780440][ T7942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.787484][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.794294][ T7942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.814813][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 283.822439][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.829649][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.844436][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 283.852543][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.859402][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.869939][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 283.878191][ T6890] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.885041][ T6890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.899475][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 283.907655][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 283.916528][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 283.924935][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 283.945715][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 283.954235][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 283.963360][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 283.974655][ T7955] loop0: detected capacity change from 0 to 512 [ 283.974972][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 283.988868][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 283.996204][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 284.007356][ T7942] device veth0_vlan entered promiscuous mode [ 284.021727][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 284.030543][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 284.039691][ T6528] device bridge_slave_1 left promiscuous mode [ 284.045707][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.050944][ T7955] EXT4-fs (loop0): 1 orphan inode deleted [ 284.058151][ T7955] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 284.058309][ T6528] device bridge_slave_0 left promiscuous mode [ 284.085139][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.092268][ T7955] ext4 filesystem being mounted at /root/syzkaller-testdir1931772594/syzkaller.0rERsc/3/file1 supports timestamps until 2038 (0x7fffffff) [ 284.107467][ T6528] device veth1_macvtap left promiscuous mode [ 284.112473][ T7955] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir1931772594/syzkaller.0rERsc/3/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 284.113712][ T6528] device veth0_vlan left promiscuous mode [ 284.137366][ T7955] EXT4-fs (loop0): Remounting filesystem read-only [ 284.221429][ T7942] device veth1_macvtap entered promiscuous mode [ 284.232995][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 284.240989][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 284.249010][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 284.259250][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 284.267470][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 284.281152][ T7904] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir1931772594/syzkaller.0rERsc/3/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 284.365968][ T7965] loop3: detected capacity change from 0 to 512 [ 284.410828][ T7965] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 284.420628][ T7965] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 284.439208][ T7965] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 284.451744][ T7965] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 284.462197][ T7965] ext2 filesystem being mounted at /root/syzkaller-testdir2285958888/syzkaller.GyiOUQ/0/file0 supports timestamps until 2038 (0x7fffffff) [ 284.671514][ T7976] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.678493][ T7976] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.686909][ T7976] device bridge_slave_0 entered promiscuous mode [ 284.694296][ T7976] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.701311][ T7976] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.709092][ T7976] device bridge_slave_1 entered promiscuous mode [ 284.772271][ T7976] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.779173][ T7976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.786279][ T7976] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.793138][ T7976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.817700][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 284.825663][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.834307][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.858139][ T7040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 284.867022][ T7040] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.873896][ T7040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.881582][ T7040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 284.889747][ T7040] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.896592][ T7040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.921596][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 284.929897][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 284.937715][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 284.945725][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 284.967123][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 284.976527][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 284.985904][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 284.993694][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 285.001568][ T7976] device veth0_vlan entered promiscuous mode [ 285.007978][ T7994] loop1: detected capacity change from 0 to 512 [ 285.017081][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 285.026129][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 285.044177][ T7976] device veth1_macvtap entered promiscuous mode [ 285.051030][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 285.059087][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 285.067117][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 285.072063][ T7994] EXT4-fs (loop1): 1 orphan inode deleted [ 285.080221][ T6528] device bridge_slave_1 left promiscuous mode [ 285.080246][ T7994] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 285.086166][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.113760][ T6528] device bridge_slave_0 left promiscuous mode [ 285.113881][ T7994] ext4 filesystem being mounted at /root/syzkaller-testdir3181878737/syzkaller.E4MWLd/59/file1 supports timestamps until 2038 (0x7fffffff) [ 285.120346][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.156792][ T6528] device veth1_macvtap left promiscuous mode [ 285.163202][ T6528] device veth0_vlan left promiscuous mode [ 285.163807][ T7994] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor.1: path /root/syzkaller-testdir3181878737/syzkaller.E4MWLd/59/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 285.192774][ T7994] EXT4-fs (loop1): Remounting filesystem read-only [ 285.287914][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 285.296345][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 285.304867][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 285.313072][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 285.323683][ T7221] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor.1: path /root/syzkaller-testdir3181878737/syzkaller.E4MWLd/59/file1: bad entry in directory: inode out of bounds - offset=0, inode=2, rec_len=12, size=4096 fake=1 [ 285.434946][ T8004] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.443885][ T8004] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.451452][ T8004] device bridge_slave_0 entered promiscuous mode [ 285.459155][ T8004] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.466005][ T8004] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.473301][ T8004] device bridge_slave_1 entered promiscuous mode [ 285.532855][ T8004] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.539738][ T8004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.546803][ T8004] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.553600][ T8004] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.577421][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 285.579258][ T8012] loop2: detected capacity change from 0 to 512 [ 285.590871][ T990] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.604335][ T990] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.620654][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 285.628831][ T990] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.635686][ T990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.655561][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 285.680743][ T8012] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 285.685351][ T990] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.695694][ T990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.697762][ T8012] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 285.721386][ T8012] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 285.734841][ T8012] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 285.745838][ T8012] ext2 filesystem being mounted at /root/syzkaller-testdir198655249/syzkaller.2Buy7O/90/file0 supports timestamps until 2038 (0x7fffffff) [ 285.962363][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 285.970405][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 286.014703][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 286.023357][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 286.039479][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 286.047187][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 286.055170][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 286.062621][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 286.072153][ T8004] device veth0_vlan entered promiscuous mode [ 286.103797][ T8019] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.110934][ T8019] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.118053][ T8019] device bridge_slave_0 entered promiscuous mode [ 286.129724][ T8019] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.136821][ T8019] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.144420][ T8019] device bridge_slave_1 entered promiscuous mode [ 286.177176][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 286.185318][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 286.202938][ T8004] device veth1_macvtap entered promiscuous mode [ 286.227340][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 286.235073][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 286.243168][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 286.260822][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 286.269218][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 286.308804][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.790945][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.807778][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.814669][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.848604][ T6528] device bridge_slave_1 left promiscuous mode [ 286.855447][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.876736][ T6528] device bridge_slave_0 left promiscuous mode [ 286.902503][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.101705][ T6528] device bridge_slave_1 left promiscuous mode [ 287.299804][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.315526][ T6528] device bridge_slave_0 left promiscuous mode [ 287.322905][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.397086][ T30] audit: type=1400 audit(1718590858.915:17149): avc: denied { read append } for pid=8040 comm="syz-executor.0" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 288.432809][ T6528] device bridge_slave_1 left promiscuous mode [ 288.439355][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.446795][ T6528] device bridge_slave_0 left promiscuous mode [ 288.452898][ T30] audit: type=1400 audit(1718590858.925:17150): avc: denied { ioctl } for pid=8040 comm="syz-executor.0" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 288.476801][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.486299][ T6528] device veth1_macvtap left promiscuous mode [ 288.490855][ T8046] loop0: detected capacity change from 0 to 40427 [ 288.492235][ T6528] device veth0_vlan left promiscuous mode [ 288.504428][ T6528] device veth1_macvtap left promiscuous mode [ 288.510349][ T6528] device veth0_vlan left promiscuous mode [ 288.516248][ T6528] device veth1_macvtap left promiscuous mode [ 288.522463][ T6528] device veth0_vlan left promiscuous mode [ 288.560354][ T8046] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 288.567985][ T8046] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 288.577578][ T8046] F2FS-fs (loop0): invalid crc value [ 288.601559][ T8046] F2FS-fs (loop0): Found nat_bits in checkpoint [ 288.627547][ T8046] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 288.634453][ T8046] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 288.808565][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 288.836789][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 288.845670][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 288.853980][ T990] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.860855][ T990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.874240][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 288.883556][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 288.899431][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 288.907468][ T990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 288.924024][ T8019] device veth0_vlan entered promiscuous mode [ 288.931136][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 288.944376][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 288.952526][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 288.960713][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 288.975536][ T8019] device veth1_macvtap entered promiscuous mode [ 288.982519][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 288.989810][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 288.997170][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 289.005184][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 289.014805][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 289.033537][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 289.034043][ T8057] loop4: detected capacity change from 0 to 2048 [ 289.050185][ T6890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 289.066027][ T7040] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 289.074326][ T7040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 289.074512][ T8057] loop4: p3 < > p4 < > [ 289.086421][ T8057] loop4: partition table partially beyond EOD, truncated [ 289.094364][ T8057] loop4: p3 start 4284289 is beyond EOD, truncated [ 289.139162][ T8062] loop2: detected capacity change from 0 to 512 [ 289.179463][ T8062] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 289.196517][ T8062] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 289.215027][ T8062] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 289.227469][ T8062] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 289.237975][ T8062] ext2 filesystem being mounted at /root/syzkaller-testdir198655249/syzkaller.2Buy7O/94/file0 supports timestamps until 2038 (0x7fffffff) [ 289.258203][ T8067] loop4: detected capacity change from 0 to 512 [ 289.516336][ T8078] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 289.545060][ T8078] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 291.592336][ T8095] loop4: detected capacity change from 0 to 256 [ 291.638616][ T8095] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 291.830774][ T8107] loop1: detected capacity change from 0 to 2048 [ 291.869091][ T8107] loop1: p3 < > p4 < > [ 291.873119][ T8107] loop1: partition table partially beyond EOD, truncated [ 291.880691][ T8107] loop1: p3 start 4284289 is beyond EOD, truncated [ 292.081894][ T8117] loop1: detected capacity change from 0 to 512 [ 292.307618][ T8121] loop4: detected capacity change from 0 to 512 [ 292.373538][ T8121] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 292.383503][ T8121] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #15: comm syz-executor.4: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 292.401867][ T8121] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 292.414088][ T8121] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 292.424586][ T8121] ext2 filesystem being mounted at /root/syzkaller-testdir3433460908/syzkaller.a0Udwi/75/file0 supports timestamps until 2038 (0x7fffffff) [ 293.925506][ T30] audit: type=1326 audit(1718590865.325:17151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8136 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc86339ea9 code=0x0 [ 294.027037][ T8139] 9pnet: Insufficient options for proto=fd [ 294.035797][ T8139] syz-executor.0 (8139): attempted to duplicate a private mapping with mremap. This is not supported. [ 294.047173][ T8139] tmpfs: Unsupported parameter 'mpol' [ 294.303660][ T8154] loop2: detected capacity change from 0 to 2048 [ 294.348725][ T8154] loop2: p3 < > p4 < > [ 294.352817][ T8154] loop2: partition table partially beyond EOD, truncated [ 294.359777][ T8154] loop2: p3 start 4284289 is beyond EOD, truncated [ 294.442763][ T8154] loop2: detected capacity change from 0 to 512 [ 295.151406][ T8169] loop3: detected capacity change from 0 to 256 [ 296.179265][ T8177] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check. [ 296.327439][ T30] audit: type=1400 audit(1718590867.725:17152): avc: denied { read } for pid=8182 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 296.794263][ T8195] loop3: detected capacity change from 0 to 40427 [ 296.868017][ T8195] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 296.875688][ T8195] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 296.884554][ T8195] F2FS-fs (loop3): invalid crc value [ 296.891324][ T8195] F2FS-fs (loop3): Found nat_bits in checkpoint [ 296.917092][ T8195] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 296.924006][ T8195] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 297.052661][ T8205] loop2: detected capacity change from 0 to 256 [ 297.103178][ T8205] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 297.343085][ T8213] loop1: detected capacity change from 0 to 256 [ 297.572641][ T30] audit: type=1326 audit(1718590868.975:17153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f88338dfea9 code=0x0 [ 297.673804][ T8230] 9pnet: Insufficient options for proto=fd [ 297.682682][ T8230] tmpfs: Unsupported parameter 'mpol' [ 297.735689][ T8233] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check. [ 297.969791][ T8244] syz-executor.2[8244] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 297.969848][ T8244] syz-executor.2[8244] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 298.210324][ T8248] loop0: detected capacity change from 0 to 256 [ 298.285498][ T8247] loop3: detected capacity change from 0 to 40427 [ 298.343797][ T8247] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 298.351504][ T8247] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 298.360431][ T8247] F2FS-fs (loop3): invalid crc value [ 298.367183][ T8247] F2FS-fs (loop3): Found nat_bits in checkpoint [ 298.389720][ T8247] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 298.396675][ T8247] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 298.894878][ T8273] user requested TSC rate below hardware speed [ 298.959746][ T8279] loop3: detected capacity change from 0 to 16 [ 298.977113][ T8280] syz-executor.1[8280] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 298.977203][ T8280] syz-executor.1[8280] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 299.002392][ T8279] erofs: (device loop3): mounted with root inode @ nid 36. [ 299.021818][ T30] audit: type=1400 audit(1718590870.425:17154): avc: denied { watch } for pid=8276 comm="syz-executor.3" path="/root/syzkaller-testdir3144670713/syzkaller.krOwVB/18/file0" dev="loop3" ino=36 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 299.067173][ T8282] loop2: detected capacity change from 0 to 256 [ 299.745293][ T8302] loop0: detected capacity change from 0 to 40427 [ 299.816936][ T8302] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 299.824538][ T8302] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 299.833452][ T8302] F2FS-fs (loop0): invalid crc value [ 299.839988][ T8302] F2FS-fs (loop0): Found nat_bits in checkpoint [ 299.862519][ T8302] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 299.869410][ T8302] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 299.993492][ T8312] user requested TSC rate below hardware speed [ 300.059916][ T8317] syz-executor.4[8317] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 300.059971][ T8317] syz-executor.4[8317] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 300.150191][ T8322] loop1: detected capacity change from 0 to 256 [ 300.325266][ T8329] input: syz1 as /devices/virtual/input/input51 [ 300.460568][ T8340] incfs: Options parsing error. -22 [ 300.465729][ T8340] incfs: mount failed -22 [ 300.575856][ T8346] user requested TSC rate below hardware speed [ 301.127108][ T8362] loop4: detected capacity change from 0 to 40427 [ 301.183264][ T8364] tipc: Started in network mode [ 301.187981][ T8364] tipc: Node identity 7f000001, cluster identity 4711 [ 301.194911][ T8364] tipc: Enabled bearer , priority 10 [ 301.205239][ T8362] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 301.212867][ T8362] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 301.222198][ T8362] F2FS-fs (loop4): invalid crc value [ 301.228853][ T8362] F2FS-fs (loop4): Found nat_bits in checkpoint [ 301.251808][ T8362] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 301.258829][ T8362] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 301.658434][ T60] usb 4-1: new low-speed USB device number 24 using dummy_hcd [ 301.807393][ T8386] user requested TSC rate below hardware speed [ 302.018502][ T60] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 302.026789][ T60] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 302.034738][ T60] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 302.043475][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 302.053606][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 302.167766][ T8405] incfs: Options parsing error. -22 [ 302.173055][ T8405] incfs: mount failed -22 [ 302.318432][ T6890] tipc: Node number set to 2130706433 [ 302.442217][ T8417] tipc: Started in network mode [ 302.446926][ T8417] tipc: Node identity 7f000001, cluster identity 4711 [ 302.453890][ T8417] tipc: Enabled bearer , priority 10 [ 302.512484][ T8420] user requested TSC rate below hardware speed [ 302.618506][ T60] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 302.627448][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.635205][ T60] usb 4-1: Product: Д [ 302.639642][ T60] usb 4-1: config 0 descriptor?? [ 302.678652][ T60] hub 4-1:0.0: bad descriptor, ignoring hub [ 302.684382][ T60] hub: probe of 4-1:0.0 failed with error -5 [ 302.690970][ T60] input: Д as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input52 [ 302.787552][ T8434] incfs: Options parsing error. -22 [ 302.792703][ T8434] incfs: mount failed -22 [ 302.879628][ T990] usb 4-1: USB disconnect, device number 24 [ 303.184426][ T8447] tipc: Started in network mode [ 303.189246][ T8447] tipc: Node identity 7f000001, cluster identity 4711 [ 303.196193][ T8447] tipc: Enabled bearer , priority 10 [ 303.458428][ T3578] tipc: Node number set to 2130706433 [ 304.198451][ T3578] tipc: Node number set to 2130706433 [ 304.673448][ T8501] loop1: detected capacity change from 0 to 2048 [ 305.960396][ T8537] loop2: detected capacity change from 0 to 2048 [ 306.327803][ T8544] loop0: detected capacity change from 0 to 40427 [ 306.692901][ T8545] loop1: detected capacity change from 0 to 40427 [ 306.704398][ T8544] F2FS-fs (loop0): Fix alignment : done, start(4096) end(16896) block(12288) [ 306.767465][ T8545] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 306.775120][ T8545] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 306.784221][ T8545] F2FS-fs (loop1): invalid crc value [ 306.790795][ T8545] F2FS-fs (loop1): Found nat_bits in checkpoint [ 306.826259][ T8545] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 306.833197][ T8545] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 307.172495][ T8563] loop3: detected capacity change from 0 to 128 [ 307.788778][ T8589] loop1: detected capacity change from 0 to 2048 [ 307.951440][ T8597] loop2: detected capacity change from 0 to 512 [ 308.226621][ T8602] loop1: detected capacity change from 0 to 40427 [ 308.253128][ T8608] loop2: detected capacity change from 0 to 128 [ 308.264382][ T8602] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288) [ 308.531232][ T8624] loop4: detected capacity change from 0 to 2048 [ 309.803065][ T8652] loop0: detected capacity change from 0 to 40427 [ 309.859143][ T8652] F2FS-fs (loop0): Fix alignment : done, start(4096) end(16896) block(12288) [ 310.137099][ T8674] ªªªªªª: renamed from vlan0 [ 310.279023][ T8679] tipc: Started in network mode [ 310.283752][ T8679] tipc: Node identity 6, cluster identity 4711 [ 310.289825][ T8679] tipc: Node number set to 6 [ 310.538437][ T8695] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 310.648506][ T6890] usb 2-1: new low-speed USB device number 21 using dummy_hcd [ 310.666580][ T8703] ªªªªªª: renamed from vlan0 [ 311.008490][ T6890] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 311.016648][ T6890] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 311.024701][ T6890] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 311.033518][ T6890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 311.043484][ T6890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 311.064600][ T8723] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 311.307763][ T8733] ªªªªªª: renamed from vlan0 [ 311.608561][ T6890] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 311.618892][ T6890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.627341][ T6890] usb 2-1: Product: Д [ 311.634442][ T6890] usb 2-1: config 0 descriptor?? [ 311.686610][ T6890] hub 2-1:0.0: bad descriptor, ignoring hub [ 311.693161][ T6890] hub: probe of 2-1:0.0 failed with error -5 [ 311.780489][ T6890] input: Д as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input58 [ 311.887558][ T6890] usb 2-1: USB disconnect, device number 21 [ 313.317086][ T8803] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 313.611579][ T8809] loop0: detected capacity change from 0 to 40427 [ 313.620166][ T8812] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 313.641803][ T8809] F2FS-fs (loop0): Found nat_bits in checkpoint [ 313.666193][ T8809] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 313.724018][ T7976] attempt to access beyond end of device [ 313.724018][ T7976] loop0: rw=2049, want=45104, limit=40427 [ 314.547722][ T8836] loop4: detected capacity change from 0 to 256 [ 314.592622][ T8836] exfat: Deprecated parameter 'utf8' [ 314.597889][ T8836] exfat: Deprecated parameter 'utf8' [ 314.605718][ T8836] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 314.780650][ T8846] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 314.978328][ T8850] loop2: detected capacity change from 0 to 40427 [ 315.028742][ T8850] F2FS-fs (loop2): Found nat_bits in checkpoint [ 315.054423][ T8850] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 315.126558][ T6858] attempt to access beyond end of device [ 315.126558][ T6858] loop2: rw=2049, want=45104, limit=40427 [ 316.218156][ T8878] loop4: detected capacity change from 0 to 1024 [ 316.277951][ T8878] EXT4-fs (loop4): Ignoring removed orlov option [ 316.284548][ T8878] EXT4-fs (loop4): Test dummy encryption mode enabled [ 316.293417][ T8878] EXT4-fs warning (device loop4): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 316.319225][ T8878] EXT4-fs (loop4): mount failed [ 316.620803][ T8895] loop4: detected capacity change from 0 to 256 [ 316.669598][ T8895] exfat: Deprecated parameter 'utf8' [ 316.674990][ T8895] exfat: Deprecated parameter 'utf8' [ 316.683197][ T8895] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 316.896759][ T8908] loop3: detected capacity change from 0 to 1024 [ 316.935999][ T8908] EXT4-fs (loop3): Ignoring removed orlov option [ 316.942266][ T8908] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 316.960051][ T8908] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 316.988396][ T30] audit: type=1400 audit(1718590888.385:17155): avc: denied { map } for pid=8906 comm="syz-executor.3" path="/root/syzkaller-testdir3144670713/syzkaller.krOwVB/64/file1/file0/bus" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 316.995607][ T8908] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 317.031587][ T8908] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 317.393651][ T8920] loop1: detected capacity change from 0 to 1024 [ 317.466750][ T8920] EXT4-fs (loop1): Ignoring removed orlov option [ 317.473334][ T8920] EXT4-fs (loop1): Test dummy encryption mode enabled [ 317.481789][ T8920] EXT4-fs warning (device loop1): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 317.503685][ T8920] EXT4-fs (loop1): mount failed [ 317.535689][ T354] Bluetooth: hci0: Frame reassembly failed (-84) [ 317.818687][ T26] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 318.058453][ T26] usb 1-1: Using ep0 maxpacket: 16 [ 318.178517][ T26] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 24 [ 318.278522][ T26] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 318.287421][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 318.295767][ T26] usb 1-1: SerialNumber: syz [ 318.339305][ T26] cdc_acm 1-1:1.0: skipping garbage [ 318.539524][ T60] usb 1-1: USB disconnect, device number 15 [ 319.145888][ T8964] loop0: detected capacity change from 0 to 1024 [ 319.176873][ T8964] EXT4-fs (loop0): Ignoring removed orlov option [ 319.183143][ T8964] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 319.200056][ T8964] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 319.232878][ T8964] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 319.246371][ T8964] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 319.282783][ T7976] ================================================================== [ 319.290656][ T7976] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.298474][ T7976] Read of size 4 at addr ffff888134c2d000 by task syz-executor.0/7976 [ 319.306451][ T7976] [ 319.308621][ T7976] CPU: 1 PID: 7976 Comm: syz-executor.0 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 319.320085][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 319.329983][ T7976] Call Trace: [ 319.333099][ T7976] [ 319.335879][ T7976] dump_stack_lvl+0x151/0x1b7 [ 319.340395][ T7976] ? io_uring_drop_tctx_refs+0x190/0x190 [ 319.345858][ T7976] ? panic+0x751/0x751 [ 319.349767][ T7976] print_address_description+0x87/0x3b0 [ 319.355147][ T7976] kasan_report+0x179/0x1c0 [ 319.359484][ T7976] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.364952][ T7976] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.370425][ T7976] __asan_report_load4_noabort+0x14/0x20 [ 319.375888][ T7976] ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.381188][ T7976] ? sb_end_intwrite+0x120/0x120 [ 319.385964][ T7976] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 319.391856][ T7976] ? ext4_journal_check_start+0x16c/0x230 [ 319.397415][ T7976] ? __kasan_check_read+0x11/0x20 [ 319.402272][ T7976] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 319.407999][ T7976] ? ext4_evict_inode+0xb8d/0x14e0 [ 319.412945][ T7976] ext4_evict_inode+0xea1/0x14e0 [ 319.417724][ T7976] ? _raw_spin_unlock+0x4d/0x70 [ 319.422418][ T7976] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 319.428135][ T7976] ? _raw_spin_unlock+0x4d/0x70 [ 319.432822][ T7976] ? inode_io_list_del+0x18b/0x1a0 [ 319.437768][ T7976] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 319.443506][ T7976] evict+0x2a3/0x630 [ 319.447229][ T7976] iput+0x63b/0x7e0 [ 319.450875][ T7976] vfs_rmdir+0x359/0x470 [ 319.454954][ T7976] do_rmdir+0x3ab/0x630 [ 319.458947][ T7976] ? d_delete_notify+0x160/0x160 [ 319.463722][ T7976] __x64_sys_unlinkat+0xdf/0xf0 [ 319.468412][ T7976] do_syscall_64+0x3d/0xb0 [ 319.472666][ T7976] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 319.478412][ T7976] RIP: 0033:0x7fbc86339687 [ 319.482642][ T7976] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 319.502089][ T7976] RSP: 002b:00007ffe9d600688 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 319.510343][ T7976] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fbc86339687 [ 319.518140][ T7976] RDX: 0000000000000200 RSI: 00007ffe9d601830 RDI: 00000000ffffff9c [ 319.525951][ T7976] RBP: 00007fbc86396636 R08: 0000000000000000 R09: 0000000000000000 [ 319.533763][ T7976] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe9d601830 [ 319.541573][ T7976] R13: 00007fbc86396636 R14: 000000000004de76 R15: 0000000000000007 [ 319.549399][ T7976] [ 319.552370][ T7976] [ 319.554528][ T7976] The buggy address belongs to the page: [ 319.559985][ T7976] page:ffffea0004d30b40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x134c2d [ 319.570046][ T7976] flags: 0x4000000000000000(zone=1) [ 319.575083][ T7976] raw: 4000000000000000 ffffea0004d30b88 ffffea0004d51a88 0000000000000000 [ 319.583503][ T7976] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 319.591914][ T7976] page dumped because: kasan: bad access detected [ 319.598312][ T7976] page_owner tracks the page as freed [ 319.603509][ T7976] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 8850, ts 314975938703, free_ts 315268893951 [ 319.618006][ T7976] post_alloc_hook+0x1a3/0x1b0 [ 319.622598][ T7976] prep_new_page+0x1b/0x110 [ 319.626955][ T7976] get_page_from_freelist+0x3550/0x35d0 [ 319.632315][ T7976] __alloc_pages+0x27e/0x8f0 [ 319.636741][ T7976] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 319.642237][ T7976] shmem_getpage_gfp+0x1388/0x23c0 [ 319.647155][ T7976] shmem_write_begin+0xca/0x1b0 [ 319.651844][ T7976] generic_perform_write+0x2bc/0x5a0 [ 319.656965][ T7976] __generic_file_write_iter+0x25b/0x4b0 [ 319.662431][ T7976] generic_file_write_iter+0xaf/0x1c0 [ 319.667638][ T7976] vfs_write+0xd5d/0x1110 [ 319.671803][ T7976] ksys_write+0x199/0x2c0 [ 319.675971][ T7976] __x64_sys_write+0x7b/0x90 [ 319.680402][ T7976] do_syscall_64+0x3d/0xb0 [ 319.684657][ T7976] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 319.690388][ T7976] page last free stack trace: [ 319.694891][ T7976] free_unref_page_prepare+0x7c8/0x7d0 [ 319.700185][ T7976] free_unref_page_list+0x14b/0xa60 [ 319.705221][ T7976] release_pages+0x1310/0x1370 [ 319.709821][ T7976] __pagevec_release+0x84/0x100 [ 319.714600][ T7976] shmem_undo_range+0x604/0x1560 [ 319.719368][ T7976] shmem_evict_inode+0x215/0x9d0 [ 319.724147][ T7976] evict+0x2a3/0x630 [ 319.727873][ T7976] iput+0x63b/0x7e0 [ 319.731518][ T7976] dentry_unlink_inode+0x34f/0x440 [ 319.736466][ T7976] __dentry_kill+0x447/0x660 [ 319.740892][ T7976] dentry_kill+0xc0/0x2a0 [ 319.745056][ T7976] dput+0x45/0x80 [ 319.748529][ T7976] __fput+0x662/0x910 [ 319.752348][ T7976] ____fput+0x15/0x20 [ 319.756169][ T7976] task_work_run+0x129/0x190 [ 319.760597][ T7976] exit_to_user_mode_loop+0xc4/0xe0 [ 319.765629][ T7976] [ 319.767798][ T7976] Memory state around the buggy address: [ 319.773270][ T7976] ffff888134c2cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 319.781173][ T7976] ffff888134c2cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 319.789067][ T7976] >ffff888134c2d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 319.796962][ T7976] ^ 2024/06/17 02:21:31 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 319.800868][ T7976] ffff888134c2d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 319.808769][ T7976] ffff888134c2d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 319.816664][ T7976] ================================================================== [ 319.824560][ T7976] Disabling lock debugging due to kernel taint [ 319.831424][ T407] Bluetooth: hci0: command 0x1003 tx timeout [ 319.837509][ T1447] Bluetooth: hci0: sending frame failed (-49)