last executing test programs: 6.439360164s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_SUBMITURB(r7, 0x802c550a, &(0x7f0000000540)=@urb_type_iso={0x0, {0x1, 0x1}, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x11, 0x0, 0x14000, 0x0, [{0x0, 0x3ff}, {0x3, 0x6}, {0x72e8798d, 0x9, 0x6}, {0x2, 0x401}, {0xffffffff, 0xfffffff8, 0x3}, {0x0, 0x3, 0x2}, {0x0, 0x4, 0x65f0}, {0x0, 0x9, 0x2}, {0x88ea, 0x5, 0x1000}, {0xf9, 0x9}, {0x0, 0x0, 0x8}, {0x8000, 0xe44f7000}, {0x696c, 0x0, 0xc42e}, {0x1000, 0x9, 0x7fff}, {0x0, 0x6, 0xed}, {0x10001, 0x3, 0x40}, {0xfe}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000001ec0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018010000646c6c2500000000002007007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$inet(r5, &(0x7f0000000480)={0x0, 0x75, 0x0}, 0x0) 5.508729856s ago: executing program 2: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x15) r3 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000440)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}}) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000640)=ANY=[], 0x168) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) mount$incfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r4, 0xfffffffffffffffe, 0x29) write$FUSE_BMAP(r3, &(0x7f00000000c0)={0x18}, 0x18) mmap(&(0x7f00003c9000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x7528c000) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000580)={0x50}, 0x50) 3.946720585s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000001800)=ANY=[@ANYBLOB='\b'], 0x168) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) statfs(&(0x7f00000001c0)='./file0\x00', 0x0) 3.908638471s ago: executing program 2: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10) r2 = dup(r0) fcntl$setpipe(r2, 0x407, 0x100000) 3.877708686s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x5, 0x2, 0x9}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001380)={{r1}, &(0x7f0000000000), &(0x7f0000001340)='%ps \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r3}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 3.866500267s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x0, 0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]}) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x93, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4]}}, 0x0}, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0) r2 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0) ioctl$HIDIOCGRDESC(r2, 0x4030582b, &(0x7f0000000040)) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000001080)={0xbfa, "3b3b7cf2c24141574be1beedb0ed0eeb4066f1d24039ff4aaf7d952d154bde218eef01d17efe8e2aaf22ddeb0310f6b4916f5c49ab2007ff17d4b737d0b58a4a05ea3bd8db167948578f6ff02b7a6bf4eb1ccd6082698e88e660ff513c49a8b69e4972b7a03bc0fabf2b2e6791bed741477b627b91e2df6a8fb17e918df6012bd786223e3584413574ede66d391e6168eae14c28b9023f50ea80f85ce4b16665dda8ea858c170faea83577a121c5d5db095b2198201595789657b898489dcd80cb99ff3e5db93f5d8fba024f1687809322da6ad44475ed8f18e5d7a0a63c3ae91bc340116ccb967d14144fa3faa7aa5edea9bc86e9102bff15241f1f102afa7d021c7b910d919474dcd1f41518116d1114d3870d3368fa067a9e30531abce30ceb20be2a8c3c826982f80348cda89ae2bab8c73cf05a3055dc9743136797bf85824c53dfdf4cbd178f48117e2467782def7c8e1eb272ee1caecad248afcefd1bdecd79589008c694519b8ccd874b985c7499a679a8ecd241c6c9ff8a6a0382c50ecec89aad3a98d20ccc8d7810f7aa61a35f0f335685257dd6ca55265d88b0bbf2233c0ce8dead67d0f5589833eda6d8957217b23500001cbc1a0330f6a138c7951a74a2fd48a89695b025fc96bdc1996f05d346ae40aae2065ac6c03d304429f94cb2fd3e835ec8fd4fa9186e2e1cf9865354e640032d1a0833d0b5c8e3156f07d3d9befcd7ed1043f69e5426c5028a882a91d760870e2ee353ca39d2a38628ffb461a129b41efed3ba2d6f4db043ae1134a1826b66ed227676b41444247dd008c69ff649fb73ab801a9789e89bd8fa3418228bde2679d91c19246d4408eab4696c6f5160f4ca39fe6cb78335beb93e82d0a0b9918f527512e6c9a118666c274b756b247836178264a4b5029b61b713356b1773bbb439afa7c4035d2d9a42b04cdf38ea49cfce7d0c45bb80a1c87d9bd8bf84be76776793c7cf4695e2dba34422072ab8eef6fbbf47ea8195eecde37f43f7950685ddb238471441b3f398e89820924409cbef761ecfecc8ffdf9e982f0a46756cff7ed34949f6ac8ec9d593f9a171d8e1fd50b2d65080d5f27b9dbf1fcb296bfad491508367fb8ee7f1f345ce238769ef919fe59ee8e6a2e0c05337a8036988a616164337e4aa5ad3ab88995f7151450d4d02e40136c61aafbbef835c79c44d880775fa88d0a03aa8b4e319db16afaa2f1d729a55aa112e3c7fb21aff88f07aa2b95afb45d82ebfd13f19caa45f41fa2cf613f9d56e152e9649b34927df12b15c7fa98bf419a7b81c9a5be73a60884bf7c078ccc9f8b84227c4a6c8312ddafeeb5d38eb7c47de8e6a4f9ee35b69511814c73c0bb82f539ccee17b3717dec881d3a4c137c1884775ec997193f14e0b9242401dafbf04d48c52ab9df98cf82fc59a8ff16c4ce8241225888f598b5247535d4bade5a43ea28fdf7b70ae296bb8230de1fe6d6ef154b0cc93b36554393fcb69427c27e5348df725a4b28db5d4f7cd17303b82ebf9afa7df10057c31f5b666c62975df40878ec3c901c78120b3c63886117b1dec35077be292d05e8b2f53834960f5853d7e6ff4606eb76da105a8870ab72ca07ea8744b01e006da19b3e992a356d859ceff069d0d8283c8dcd900c36693e4366f4c232a73bbc78451ee7e09fb57f2540c0eb131a0b773551b528214291d3951e8e21d268730af5a319e9c2c5edf2872e9e8ff61c32808dd652b090ba9a419b21d9ff8f5b5344ea2828d4aedfa09bc439c663d4a104d5084c85d667f4df77acd56830732b9eded4d456b301a0e6a5d6e7992a3a5b3ed052b324bd706c9d4b240ad73853771bb1eb5d03196701104dcbdb45872e99e9a7633a84ccf455146f5b46ff97641eabd8d4bad4718009806a65951d7c1ae867ea93487776a226645fdbe2837341c8d9e95c123918ba836d7c4526d6c0bf9f68051f029b49b4e58dab079ed390d56e654b48690286e9818aa9dca89654b550c5417aede823b8fa9ba990f3d795ad948961ce2392d1f0e106977e56d4f66d2e5633f24fe163b061070527b25ac495ae583d14e6ccbfcb2319bb88efcfa1059a5394aaee222183ee6b8da6d4a18a8d1a1ddf3ad3ca7263601bd9dee2033ce8e3f687d7582943ea66ca395b15d431e59e46b348be551a85d3fc6c343c60fc62ff75fb51e7b20691b774656dab658200ef452d161948363eccd06e06b7001105318edf2369498b36915d23b9e46fccd5f82102e6781b3de118ccdb5dc9211866ff6b4b94485c8ec88b61943dc0cb38f8a73f34275eae73716d73487cfcbc86d132aa1fdcbc61397fd4cbf2ddbb4998934443243c11dd78caae5a52a69800591d40195ad7b3032fb98e1695a88f686c8542c88c3380c2b6611d148a494e902b91e9ada97cb3c23db10173c950066a5208c86641b75b24964b6c2ca54529a856706f68ffa94a0a9c89df072531552066a5d3c373771451239ab146461ccb4bc95bf11a96d50b5b65424a5cf873d6a8ccae5f40d3a435d424a06eccf64009e39fe5ff8a2bf0e75bf1157c150de6865d27b7918ac26e3354d5fa6bae7bd174dc7fba0b840c3b6bae437fd30378c9e8f0d91e6b8fe0a68f6c588668f75c3df85ad73d216d8058346deacd395f6c5e8322c08013c4d37c0763fb6d9d6fb8573f61b1dedf8ec86e51b9ed43c4109805ed5959d2054d815830238cfb6b31df1c34cc69d66f1f98ab5abbc7203de8df1f9afd14c8689718f23bc1bef88e38eb073888f8c6fae7d6085e792a90f4659c00fb65047b6ddc311cbe5c9c270d13acd21a89c7de4def4d1276fa9c9b6a6ec7eefa0f25f177fe3c807ea86fd7c23819bc2ad6bb10727c59c83c65166515af2e69d5c5d762fcf4e23c72afe4c7007dffda64b7bf542cb6143a11543a5892bebe5a007aeaa50db1d4e08685b42e2a52e1bda1a966e340814a6373ddb87aa549c09d5563380d60d03586b875bc12aab6cdeb3d590ca2fd5d931d9f7362e06dc110a0285f2510983731b24dd2a4ae15e7a486d4572f3cc44035cfdef6d9f6cf8511cef8f6e6174c7ae44a7f40ff1a69dd68de34aa39b7d8bc4d925d71a25c1ed48b5a42d6298d90537f558142dcca06a6040d00b3541433a42b515eca8a3a5a2276bbc261819ff62f0f34a6c1ea98144cd288cd724637258db8ed7df7fc70f30ff1682bb32d0c11621b6eefefb53af5cd055fef531c761ac2d5ef93ae51fdfe57e09924975c0dd90ebfea8ae2d633799fe86d09f157b1009661a60ea050e63ac9de0634c6c077ca7e7d6f6ea7af967543f3d80256eb5a0dfd5b1efb231f83355f9436ee185f4aa6b3f85ec4976869b0eb669be91ebf291807b540d22dc7f67f932a9483f9f76be3c0f1c8f1b413d1bd54012a83c845149ab438191e3ef820c323ce2ad40c1eb0b786ae7924b4f135953b56869b78b0e1ab48b64fe8b2b0d21dd2a751cf1dc8a547b962dd0eb5f81b537b1273b52a034aeb10abb3b37c1016196304873fd13367e9072032b54a38279a1289a62d7440612ece9d60ee9415beb8bc42cfe217444b84a6d5e9010ae357b2c21c263485899c2baa1d761ab71fe323c4dca04d042b850d23b511b14296d036e96f19221d5e56e5af070e63b583ca9905a0e3d20e6cc59d41b310229ac76e09e7abe88ffc950e670780e459fb431a053d26fdd7284853484a8dd9b75b0ad1cb5f1bcf1d9928c1b7008c24c3eafc7e18ef553c51b081ac2e0a3427f0c6e4c8646f7d9f5c435e2422080b132d2c0cb6806bbe01a57e6d42c66f94ceaec26d2273a4d17fd44aef5f31f1fa1246dd3f968f65d8bbf9d37611c1e0cf6ec594d55b88ebcdd4aadbb0b5f2dad70240719655dc741b3ad2da3a9b821cd2f996582a35fdbdf9e8ee5f0df7b81ed70f399f40f7acabe172ad039b8cec13090cb1edae7f8c218a877a2bdf1d07d249336ab3570c5e0329ef9affaec8f771169927d1ed53a1185f39388503ec4b7cf102ad95317aa3bd5485f4d3bdc04e5d98177b9e6e5618458243462f31081f1bca7dfb5fc79bbd08b670826670d41f2638d71a9d1650f39e63262e2a11780958f939abf83056799701c076fb17179a1e761e014c5f2db97192428fb032d841ad2f923265a2661ccb18929f7769cadcc2820e8433b06890c87b40218e9fe1be45927217dbbf98238586132a50beb9bf46e071e601c1caa90c9e297731a19c8d9b54feb38041dea237a486f4a3c8b6644353b9edaeaef317eec55fba35e1289e78ed59cbe8cde4fd0fb58e6687fbc42ad4d63303327ceb6df546c59262f1cf62b85d384eabba950f89247819b2ddb"}) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000040)) ioctl$EVIOCGRAB(r3, 0x40044590, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(0x0, 0x0, 0x0) ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_ep_write(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0) ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000000080)) syz_usb_connect$uac1(0x0, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x5, &(0x7f0000000140)={0x5, 0xf, 0x5}}) syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(0x0, 0x0, 0x125602) 3.815662705s ago: executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmstat\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000200000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) sendfile(r2, r0, 0x0, 0x100000000000000) 3.793944449s ago: executing program 0: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_pidfd_open(0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014001100b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000440)=ANY=[], 0x81, 0x1505, &(0x7f0000002180)="$eJzs3Au4jtW2OPAx5pwvi6QvyX2OOV6+5DJJklwSEkmSJEluCUmSJCGxyC0JScg9yT0kt1jJ/X7LPUm2JElCQpL5f7Q7x9mnfU77/Pc+23n2Gr/nmc+aY73fmN+Ya6zn+973Xc/6vu04uGr9apXrMjP8XfDPX1IBIAUA+gHANQAQAUCpbKWyAS6fnklj6t/3JOIf66FpV7oCcSVJ/9M36X/6Jv1P36T/6Zv0P32T/qdv0v/0TfovRHq2dXrua2Wk3/HPu/8PIPf//6+R9/9/IYeLjflyfbHrO/0PUqT/6Zv0P32T/qdv0v/0Tfqfvkn//8VFAJX+m8PS/39Nf+ttFum/EOnZlb7//E8YKQBwpWv4Pzuu9O+fEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQoj04Vy4zADAv82vdF1CCCGEEEIIIYT4xwkZr3QFQgghhBBCCCGE+N+HoECDgQgyQEZIgUyQGa6CLHA1ZIVrIAHXQja4DrLD9ZADckIuyA15IC/kAwsEDhhiyA8FIAk3QEG4EQpBYSgCRcFDMSgON0EJuBlKwi1QCm6F0nAblIGyUA7Kw+1QAe6AilAJKsOdUAXugqpQDe6G6nAP1IB7oSbcB7XgfqgND0AdeBDqwkNQDx6G+vAINIBHoSE0gsbQBJr+f+W/CF3hJegG3SEVekBPeBl6QW/oA32hH7wC/eFVGACvwUAYBIPhdRgCb8BQeBOGwXAYAW/BSBgFo2EMjIVxMB7ehgnwDkyEd2ESTIYpMBWmwXSYAe/BTJgFs+F9mAMfwFyYB/NhASyED2ERLIY0+AiWwMewFJbBclgBK2EVrIY1sBbWwXrYABthE2yGLbAVPoFtsB12wE7YBbthD3wKe+Ez2Aefw3744n+Yf/Y/5XdCQECFCg0azIAZMAVTMDNmxiyYBbNiVkxgArNhNsyO2TEH5sBcmAvzYB7Mh/mQkJCRMT/mxyQmsSAWxEJYCItgEfTosTgWxxJ4M5bEklgKS2FpLI1lsCyWxfJYHitgBayIFbEyVsYqWAWrYlW8G+/Ge7AG1sCaWBNrYS2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBtjY2yKTbEZNsPm2BxbYktsha2wNbbGNtgG22JbbIftsD22xw7YATtiR+yEnbEzvogv4kv4EnbHKqoH9sSe2At7YR/si33xFeyPr+Kr+BoOxEE4GF/H1/ENHIpncBgOxxE4AiuoUTgaxyCrcTgex+MEnIATcSJOwsk4GafiNJyOM3AGzsRZOAvfxzn4AX6A83AeLsCFuBAX4WJMwzRcgmdxKS7D5bgCV+IqXIlrcC2uwfW4AdfjJtyEW3ALfoKf4HbcjjtxJ+7G3fgpfoqf4Wc4EPfjfjyAB/AgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8RSexNN4Gs/gWTyH5/A8nscL+Hyer+vtLrxuIKhLjDIqg8qgUlSKyqwyqywqi8qqsqqESqhsKpvKrrKrHCqHyqVyqTwqj8qn8ilSpFjFKr/Kr5IqqQqqgqqQKqSKqCLKK6+Kq+KqhCqhSqqSqpS6VZVWt6kyqqxq4cur8qqCaukrqkqqsqqsqqi7VFVVTVVT1VV1VUPVUDVVTVVL1VK11QOqjuqBffAhdakz9dUgbKAGY0PVSDVWTdQb+JhqpoZic9VCtVRPqOE4DFurZr6Nelq1VaOxnXpWjcHnVAc1DjuqF1Qn1Vl1US+qrqq575bht5dANRV7qd6qj+qrZuJd6lLHqqrX1EA1SA1Wr6sF+IYaqt5Uw9RwNUK9pUaqUWq0GqPGqnFqvHpbTVDvqInqXTVJTVZT1FQ1TU1XM9R7aqaapWar99Uc9YGaq+ap+WqBWqg+VIvUYpWmPlJL1MdqqVqmlqsVaqVapVarNWqtWqfWqw1qo9qkNqstaqv6RG1T29UOtVPtUrvVHvWp2qs+U/vU52q/+kIdUH9SB9WX6pD6Sh1WX6sj6ht1VH2rjqnv1HH1vTqhTqpT6gd1Wv2ozqiz6pz6SZ1XP6sL6hd1UQUFGrXSWhsd6Qw6o07RmXRmfZXOoq/WWfU1OqGv1dn0dTq7vl7n0Dl1Lp1b59F5dT5tNWmnWcc6vy6gk/oGXVDfqAvpwrqILqq9LqaL65t0CX2zLqlv0aX0rbq0vk2X0WV1OV1e364r6Dt0RV1JV9Z36ir6Ll1VV9N36+r6Hl1D36tr6vt0LX2/rq0f0HX0g7qufkjX0w/r+voR3UA/qhvqRrqxbqKb6sd0M/24bq5b6Jb6Cd1KP6lb66d0G/20bquf0e30s7q9fk530M/rjvoF3Ul31l30L/qiDrqb7q5TdQ/dU7+se+neuo/uq/vpV3R//aoeoF/TA/UgPVi/rofoN/RQ/aYepofrEfotPVKP0qP1GD1Wj9Pj9dt6gn5HT9Tv6kl6sp6ip+pperru89tKs/+G/Hf+Sv6AX599i96qP9Hb9Ha9Q+/Uu/RuvUfv0Xv1Xr1P79P79X59QB/QB/VBfUgf0of1YX1EH9FH9VF9TB/Tx/VxfUKf1D/pH/Rp/aM+o8/qs/onfV6f1xd++xmAQaOMNsZEJoPJaFJMJpPZXGWymKtNVnONSZhrTTZznclurjc5TE6Ty+Q2eUxek89YQ8YZNrHJbwqYpLnBFDQ3mkKmsCliihpvipni5qa/O/+P6mtqmppmpplpbpqblqalaWVamdamtWlj2pi2pq1pZ9qZ9qa96WA6mI6mo+lkOpkupovparqabqabSTWppqd52fQyvU0f09f0M6+Y/qa/GWAGmIFmoBlsBpshZogZaoaaYWaYGWFGmJFmpBltRpuxZqwZb8abCWaCmWgmmklmkplipphpZpqZYWaYmWammW1mmzlmjplr5pr5Zr5ZaBaaRWaRSTNpZolZYpaaZWaZWWFWmFVmlVlj1ph1Zp3ZYDaYTWaTWWq2mq1mm9lmdpgdZpfZZfaYPWav2Wv2mX1mv9lvDpgD5qA5aA6ZQ+awOWyOmCPmqDlqjplj5rg5bk6YE+aUOWVOm9PmjDljzplz5rw5by6YC+aiuXjptC9SkYpMZKIMUYYoJUqJMkeZoyxRlihrlDVKRIkoW5Qtyh5dH+WIcka5otxRnihvlC+yEUUu4iiO8kcFomR0Q1QwujEqFBWOikRFIx8Vi4pHN0UlopujktEtUano1qh0dFtUJioblYvKR7dHFaI7oopRpahydGdUJborqhpVi+6Oqkf3RDWie6Oa0X1Rrej+qHb0QFQnejCqGz0U1YsejupHj0QNokejhlGjqHHUJGr6D10/hDM5H/fdbHebanvYnvZl28v2tn1sX9vPvmL721ftAPuaHWgH2cH2dTvEvmGH2jftMDvcjrBv2ZF2lB1tx9ixdpwdb9+2E+w7dqJ9106yk+0UO9VOs9PtDPuenWln2dn2fTvHfmDn2nl2vl1gF9oP7SK72KbZj+wS+7FdapfZ5XaFXWlX2dV2jV1r19n1doPdaDfZzXaL3Wo/sdvsdrvD7rS77G67x35q99rP7D77ud1vv7AH7J/sQfulPWS/soft1/aI/cYetd/aY/Y7e9x+b0/Yk/aU/cGetj/aM/asPWd/suftz/aC/cVetOHSyf2lt3cyZCgDZaAUSqHMlJmyUBbKSlkpQQnKRtkoO2WnHJSDclEuykN5KB/lo0uYmPJTfkpSkgpSQSpEhagIFSFPnopTcSpBJagklaRSVIpKU2kqQ2WoHJWj2+l2uoPuoEpUie6kO+kuuouqUTWqTtWpBtWgmlSTalEtqk21qQ7VobpUl+pRPapP9akBNaCG1JAaU2NqSk2pGTWj5tScWlJLakWtqDW1pjbUhtpSW2pH7ag9tacO1IE6UkfqRJ2oC3WhrtSVulE3SqVU6kk9qRf1oj7Uh/pRP+pP/WkADaCBNJAG02AaQkNoKA2lYTScRtBbNJJG0WgaQ2NpHI2n8TSBJtBEmkiTaBJNoSk0jabRDJpBM2kmzabZNIfm0FyaS/NpPi2khbSIFlEapdESWkJLaSktp+W0klbSalpNa2ktraf1tJE20mbaTFtpK22jbbSDdtAu2kV7aA/tpb20j/bRftpPB+gAHaSDdIgO0WE6TEfoCB2lo3SMjtFxOk4n6ASdolN0mk7TGTpD5+gcnaef6QL9QhcpUIpTkNld5bK4q11Wd41LcZncpTgCgEtxLpfb5XF5XT5nXQ6X8y9ics4VcoVdEVfUeVfMFXc3/S4u48q6cq68u91VcHe4ir+Lq7t7XA13r6vp7nPV3N1/Eddy97va7hFXxz3q6rpGrp5r4uq7R1wD96hr6Bq5xq6Ja+WedK3dU66Ne9q1dc/8Ll7kFru1bp1b7za4ve4zd8795I66b91597Pr5rq7fu4V19+96ga419xAN+h38Qj3lhvpRrnRbowb68b9Lp7iprppbrqb4d5zM92s38UL3Ydujktzc908N98t+DW+VFOa+8gtcR+7pW6ZW+5WuJVulVvt1vx7rSvcJrfZbXF73Kdum9vudridbpfb/Wt8aR/73Oduv/vCHXHfuIPuS3fIHXOH3de/xpf2d8x95467790Jd9Kdcj+40+5Hd8ad/XX/l/b+g/vFXXTBASMr1mw44gyckVM4E2fmqzgLX81Z+RpO8LWcja/j7Hw95+CcnItzcx7Oy/nYMrFj5pjzcwFO8g1ckG/kQlyYi3BR9lyMi/NNXIJv5pJ8C5fiW7k038ZluCyX4/J8O1fgO7giV+LKfCdXCYGrcjW+m6vzPVyD7+WafB/X4vu5Nj/AdfhBrssPcT1+mOvzI9yAH+WG3IgbcxNuyo9xM36cm3MLbslPcCt+klvzU9yGn+a2/Ay342e5PT/HHfh57sgvcCfuzF34Re7KL3E37s6p3IN78svci3tzH+7L/fgV7s+v8gB+jQfyIB7Mr/MQfoOH8ps8jIfzCH6LR/IoHs1jeCyP4/H8Nk/gd3giv8uTeDJP4ak8jafzDH6PZ/Isns3v8xz+gOfyPJ7PC3ghf8iLeDGn8Ue8hD/mpbyMl/MKXsmreDWv4bW8jtfzBt7Im3gzb+Gt/Alv4+28g3fyLt7Ne/hT3suf8T7+nPfzF3yA/8QH+Us+xF/xYf6aj/A3fJS/5WP8HR/n7/kEn+RT/AOf5h/5DJ/lc/wTn+ef+QL/whc5MMQYq1jHJo7iDHHGOCXOFGeOr4qzxFfHWeNr4kR8bZwtvi7OHl8f54hzxrni3HGeOG+cL7YxxS7mOI7zxwXiZHxDXDC+MS4UF46LxEVjHxeLi8c3xSXim+OS8S1xqfjWuHR8W1wmLhs/cl/5+Pa4QnxHXDGuFFeO74yrxHfFVeNq8d1x9fieuEZ8b1wzvi8uGd8f144fiOvED8Z144fievHDcf34kbhB/GjcMG4UN46bxE3jx+Jm8eNx87hF3DJ+Im4VPxm3jp+K28RPx23jZ/7weGrcI+4Zvxy/HIdwr56fXJBcmPwwuSi5OJmW/Ci5JPlxcmlyWXJ5ckVyZXJVcnVyTXJtcl1yfXJDcmNyU3JzcksyhGoZwaNXXnvjI5/BZ/QpPpPP7K/yWfzVPqu/xif8tT6bv85n99f7HD6nz+Vz+zw+r8/nrSfvPPvY5/cFfNLf4Av6G30hX9gX8UW998V8cd/EN/VNfTP/uG/uW/iW/gn/hH/SP+mf8k/5p31b/4xv55/17f1zvoN/3j/vX/CdfGffxb/ou/qXfDff3af6VN/T9/S9fC/fx/fx/Xw/39/39wP8AD/QD/SD/WA/xA/xQ/1QP8wP8yP8CD/Sj/Sj/Wg/1o/14/14P8FP8BP9RD/JT/JT/BQ/zU/zM/wMP9PP9LP9bD+n0Bw/18/18/18v9Av9Iv8Ip/m0/wSv8Qv9Uv9cr/cr/Qr/Wq/2q/1a/16v95v9Bv9Zr/Zb/Vb/Ta/ze/wO/wuv8vv8Xv8Xr/X7/P7/H6/3x/wB/xBf9Af8l/5w/5rf8R/44/6b/0x/50/7r/3J/xJf8r/4E/7H/0Zf9af8z/58/5nf8H/4i/64Mcn3k5MSLyTmJh4NzEpMTkxJTE1MS0xPTEj8V5iZmJWYnbi/cScxAeJuYl5ifmJBYmFiQ8TixKLE2mJjxJLEh8nliaWJZYnViRWJlYlQsi7LQ75Q4GQDDeEguHGUCgUDkVC0eBDsVA83BRKhJtDyXBLKBVuDaXDbaFMKBvKhUdDw9AoNA5NQtPwWGgWHg/NQ4vQMjwRWoUnQ+vwVGgTng5twzOhXXg2tA/PhQ7h+dAxvBA6hc6hS3gxdA0vhW6he0gNPULP8HLoFXqHPqFv6BdeCf3Dq2FAeC0MDIPC4PB6GBLeCEPDm2FYGB5GhLfCyDAqjA5jwtgwLowPb4cJ4Z0wMbwbJoXJYUqYGqaF6WFGeC/MDLPC7PB+mBM+CHPDvDA/LAgLw4dhUVgc0sJHYUn4OCwNy8LysCKsDKvC6rAmrA3rwvqwIWwMm8LmsCVsDZ+EbWF72BF2hl1hd9gTPg17w2dhX/g87A9fhAPhT+Fg+DIcCl+Fw+HrcCR8E46Gb8Ox8F04Hr4PJ8LJcCr8EE6HH8OZcDacCz+F8+HncCH8Ei7K/6wJIYQQQvxN9B8c7/FXvqd+G5f0BICrt+c+/J/X3Jjjz/PeKk+rBAA83b3jQ/82qlRJTU397bFLNUQF5gFA4nL+r3+W+y1eBi3hSWgDLaDEX62vt+p8nv9g/eStAJn/Q04KXI4vr3/zf7H+Y0+MWFQ6Ppftv1l/HkChApdzMsHl+PL6Jf+L9XM2+4P6M305HqD5f8jJApfjy+sXh8fhGWjzF48UQgghhBBCCCH+rLcq1/6Prp8vXZ/nMZdzMsLl+I+uz4UQQgghhBBCCHHlPde5y1OPtWnTor1MZCITmfz75Eq/MgkhhBBCCCH+0S6f9F/pSoQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiPTrn/FxYld6j0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcSV9v8CAAD//4H6O6c=") r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x123042, 0x0) write$binfmt_script(r5, &(0x7f0000000080), 0xffffff3e) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x820004ee) ioctl$FS_IOC_SETFLAGS(r6, 0xc0189436, &(0x7f0000000140)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) 3.754696574s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x5, 0x2, 0x9}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001380)={{r1}, &(0x7f0000000000), &(0x7f0000001340)='%ps \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r3}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 3.057698841s ago: executing program 1: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000200020"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000280)='tlb_flush\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xc}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) 3.045696113s ago: executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) open_tree(0xffffffffffffff9c, 0x0, 0x9000) 3.025347276s ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) mkdir(0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000077c0)={0x2020}, 0x2020) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETFILTEREBPF(r5, 0x800454e1, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000002140)="4627563e95d073e9c44031e486c6c3c887234dab29bb5d4444d206b6ed7b2b3001b6ed59a692ab0f0251ebf104d3747ab90777b96df4449e5275f86a62902df16f5fba75e202cbdf6fe7cc018a76b412f6485398037d6cb464f1dcf7fda3c76e43cdf64a53f6182a0b7e6476035e8bce74d0582b1ccf32dc8b0cc3b610b143afb4d3c163308a66f2dedd0d45f392d7899f5c4d2ded35c1602f7338dea29e0dff356a32c9e921eeebf8b9845ec2a40b68a8bdcb88009c910e110de23a02648667d740186ee2a3f4a59672477230c4a3a62a1417659b1978cf2b671f836d49fd361ad0af9157916d29cb4fcc1e873a336660b639383485a5322faca6694c74f58fa428582950bd136778dff61da52778dade8b2c3331b31a89259469b0900ab4173202f6256b2d23d3feb8517556292de52662192eca03da5744515c4a92cd3f0f296209bacb28a0267776c9797a784cfd95a52f9de496a5ed70459d55041b663a70d7d471da4f86cd187fd53e667422a0fdfe5eb34e2f2b8c133f2271fe5b1e71533b698169ac8107187533e37765fbd69c327ec608249c44018e3496b2f66fb8bb942f4bd26ed687ee1f7d2a53d7233fbde91cd03f4b4db0c23ed56ff9a61e0d5a1bf6ed50c308e8af0c32b2e0b15df009046ed88d60b772e0cdbfb3d765251aae01b01660df364dce51971ea2034b316a0b0071cb1d28bb86279de377ccb5a18ce981241b5d566e248866f280d71c6775e14fad44342945663bd56ad056f79e49f8071153391f8de78b05496a5f174e812ee0b102e0421c632e4a9f8ffd87ea68df1d7e85af4b30024b2a3cf0e1106871b3427eedfe857f3bc2a021d42fc09224ece3c56e57806a2da229231cc8e3ed5dbd82fd2d3894cba01e36c2ba91a42456eb570446fa3e2eddfe30264572d5d778cbf5d676ad4bd37d11e09573a5566b3656a760c9d3030b2bcd90be0d670866010e2d33c93f223a79ca167bce1a46670db33470c75776582f26b5d9ce847493ddb34612bc829f93f473c24263246011c4ca689f62f4539550ee13b246aeeec477fb2e9e4b223f66c006303abdb003809b9cd4e993b90821750b86608882355e5f587182c1ac6c677b07c26956073ff3a78d4f325139d9c0b8aead052e73fd21b3615ea22acc084bf5060f72936796311e31c038426f0a0e6c304cd2d9c363e7a1a21752032be17adca8b476b0e571b591c9dd923b0066fd5e32e045494c0a9e1e511f147988e0a5fe9652b92ed0e015ef54e3ed2a510b9383f1938dece777ca866f1a21082052827f3a48c2f38482fe3a8286c0ff17d4c24a468a5a0ec0a2eb1165f48cf76fc07450c82294d973a1793dd58008834f0d3aba4e097ceff0ba44656c67839ff3e489975297b334ecf6c7ce4634afbe3d8ab70827563aa75ffafc43429170c3fe3854238485c5a9b567a959a746010c22a92e863e318312e0efc06ab86d1435e06aca5f4b7b7f06a78f90795545c145c9941b74adb9a31ab4f749f81665dd9308acba8d7861856b548eab226377be82611ad79c8d25b176de98003c1ea28b556a2b90360913c39f8f64f0d122c732af5a990603429b354ecd4de797e17722c66546cc38349cb09c40ea54972562734e9816c83103e0bd19451e6144d005e6ce6d6d6fc1ce90238b73d1e0aaa4ee9fd0545054cea97639a404edf3b27c0073be84961084ea685e8ace53c7d7f52b62e378d9ee167aec3e5cbd60ff36c0d3ad40181bad59f111c30e9414112fbc71ad7ede21c288c878dd2509c36f93c31dab5d091107c8e8bdcadffdcb3053eba35b44c70a6421b343922cb11c69b886db0f412e5c23f89dbaff9e5847fd749e28356cab3999f1142449047a3a6c43bf670244e55d888f36ef1dc87bc5bb1460b6c8d1e69efca9a02ba834591906a65102c3e1c1c7dbdeccc7e261795f349d110836445d8ba19cbc699c46d4edc34942a488de1cc1140dc6acf23c8ec1f475e613c85ba025ff7ae639cb2499629eb5f5c88c4057e30bcf41767424af763c9204084856d87cd99f0da06ae6ee5b7382c1f6f2cbb2cf2dfd8320271f16ba7ebd8f0e3c742482f5426530b1ab946c7118f70aa4eac41dd78569341a0f3dd250531aaefdff4cab9e9eed7efdaa865f9b804ade79ced061a1fcd18a6c61a708fdf119841dc232cc5c4e5343cb8a82e9dd9647779bca053b5a2c43481c06ce2a593e388f5f5f4e681771021aaaf0589dac69db22c7285035d1eb89c75935fa4208b3786f2640ce9d65b0e671967dc27808fea5d17ac70a3ac2802f65d45d9c0372aeed530ee58bf04e190f50dac25139caec0b253d17af28eaed173c7043d66567188f04ea51733835c1c66ac7a634d7b90bdac4a6d1075bb277dc6ca420b24485012db44aed5a2e8099f4f3ed53bdb0b35b35905db28169b3e3b3d13ff94bdf2c9549f4a54c64b8d27098b86ff46cfd515f35b1d5a1bbf1bb29df16cdf296e804977a6b583d018c4fdb66264d5f2d9e162059017d6b6cbc6d6c2f1009717c67093f6feaafce1f242f4b730a2e714e9bba79f18c42a158425147b7b2cd9add4ac1d2c1a95b13a4f352d51982a5d967cd611911e6d0777afbc10883c6293f056acc69da89a0a64913be996466ed63f969d5ccd124cd3052d6654e6db0519449f3cbf3a2011541d26e5b76c3c192857905bcf989fd943d42aee9ebd40fee33094eae69154092e9514819ff126040ea7d43a927809149cfaffcc76cb1e332426bf0eb1ac1a3968c70030453a284a0fe39b9ebd704f0950cb5350d4c60d65566b3f24ec4636cd5bb3e23066f4d4f1814e60f286f3ad2d3c10e79c5991c8bf5fdb561723873fe0c75c7bb6ba262aa3a6655349df95f07abb0200d5b9152da4bfdd66a311b29a15755e8465b7b0d99f7f8ccefe9cb3561b5619d4c21b36c9b29442ccd5949882d0167244d84b677685d62074f63b8dc66941f317c78bb093491e2acb7207cc80fe51c22199aae878170af9fa1eb164854587007eb108f23d1c7946bf75aee50eee6fffdae24b992393bd37d268a136b3dcb1b7d2c9b9fbfe0c860b0d344f488e85de2a65a20eb057f0047d0b6b8898bdd68e21f2234a2c66b963a2d86f62297a7d1176c14acaddd4861f5bb74ee91eb3b6ba0c7328433b977e23c02ab67d82a12d620fc034f1c9c3a99a6a07ddf59eaa18384e429101dacbd93ee794e27b774242446fa433a8c03e4312ad56f6c4dfd1ad014d07932480e07caedabda36caaeaaf405dfa1a650843f2e09ae89c666ab8754d9bf9b290f4c4c9242d8f98533bfdbae191a6fbcba6bdb9096427d2d8efb5dcfbd58df7763cc445bf44a0be6de2335a395ab8157dee25794be81c3d87a7d457b52d88f86cabf91f2ec16a8e05a00f72277943737839a5242163025704c7b938f3f424ef5db6b60d3181e3ef94cbdc6516f0ecf01b52164b92f2e12ed55db595fd8de6862a3b12ebe06b19d1f93132b83b2f5ddbc9808b3ce8fa40352c84664d824edd2631a5e2fddaae887689092007d3d0f22a948f54bfd5c42bea5f0d6bf5018cee5ef232c8b6ea3f54ee6f4997c8ad5ccfd28227eeca811312375a849bdf4d343c1b0ec7035279d1bc0892ef193a74018d5ccd5ccaf0503a697b23abb44b7aa3beced0626daa5e1fbfc4d29d2804292fcc60b775f656179510168bf05929dbc92e009d94561d946f7b4b5a18c08d29678c482d90e07abb029e80546e5cee6c4a30712a9b92d556a29b2de021bd49b6398340a9363b689bedc007416bcb659c0c4b6eaa31ec4976ee4896ff87a7dfab48dc7046d44c9c2db6881f7d6b252e582eb878b0be9b24666e74e8eb565c07582f17817ea2422de5da79cb367e76b9b8a9d056de06ad0483986fef2a3b62d64d5d2128cf55499025ad0739ad3ce5e1bfa6aaac16828bdacad2f86b32ed933a2f672efd1f4a32dd23e59aed872d1015eaaf701a0ef8e1427d59728450c4f1bd561e7ef6f8e34d12ae2120a51746a5c346e739c09854caeec07af0d70dd4d9164b3ae8a098a41c081465fdb5537cb560426bc0de4b735f253dbc779b9dce429d99700cd6c0cbd778caeb56401b2bb5c1ca310ab0c91e1d9f4578b5fb3b4f0dad4c565495797e8e83603f3ef188a896fad5bfec24457e0f6f962b8613434f16acf74308171567eae5ad9ec11186a56493a5394042bd1b29fbe0ce64e5f1b0b56e8910343666d627d71c729c0c90bfae0134e117842d67b160ff50688f7b45f0ae330c2d4890732ace7795ff74b6e36466da623c8eef75528b22199c9bf589a1fcd2aca6c5fe3cce2eddabf1ddc8e87380b815ed5928222613383db7941eb9d55b45487b399a9a35ca4cbd9eaf08c71273fc3334b0acdbd117b13697a9ae475e79a44911ce4fed1490a2ec654fe469c9ea933999dae3616b063769446cfefb4562bd124e42f62a3dd0385fe3d21029ad8fd1c58b0badd42e415a76e3e92f246629d3579dd80d940e6dd9bee3d9a6ef8a7840fb253507e718eca32ff4119eb0bcc02aa210939a3bc41704a63202139c68e276254395ab6b858f4528ea2b3a57328e0b31816de3ad85e50e7f4ec9445eaf21a8b9916ed209bb7e79a7a08c2e4e09644ab831c0ba68d05d5ebf57a9eb36bb9caa8e7ac78a8ccca1bcb03cef0c5eb31fafa6e283632c117031aa3919f72aa80a2b9b2557749951348d5294ed2414ffcbafdf976bfb7a401bedb208fe1285738df515af493047aec962bcacb8ea7bad5fc12d5bf415e66c06c4c87044e694291e104ef53850cbc7ef73ab57982d77a3f941c226a915163e8eebd256cb8a1f0130023d2c5d3be77cab39bae4449711d6f39e50cc83eefaf6cc727b1c0b3fc4f7bd110d18262cd872cee8ca95f1be8005d5b339abbde923ef2d4290d5579e4420ff2beb705c16e96101c38c31cfd05639f252730c145182e4406aab68f556e0290ccf05e25a7bf13cdb5db47a8a0841fbeb880d4f0add608d1badb8992924b548ef1426ec774ec9d86678d4c2aae8f1e3b2dfb295802f75727a308dd1b39460f26858eff99fae8d27f24ea6902adabc89311a5fd18c3d9c606db7295f25acd22624bcc753c4c3acdb3f6c563174441333b69a126e4fcc6b06165f6221539c5ed277c20dac4b7978619e10616475de88810bbac714f3651efaa59b75791080a1086c0f3f1b5edb4b3976cc936665855f6a56788d76c6e771b1c968c859fd1ba995d336d301695fc012b8031a14ca529e3e9bf622db6813417925bb4e1a7a5b786aa90f4d048f1f442a2696970dd442d3a6ee117a3e768644c99951b75e51e98de61bc7ed8eb9e87fd43ec75e948829bd19fc545cddefee7a6f068a419e216982ca4ce6ad3256f1e64d203ba1da27e9e175738124ca86a312d0dd0caae6d64751d459d8134830ebb4f4c7931aa90c1ad6fefd99ea4ded3d246236719d6fd48979ee31eaabbea385e91aea0557a58d73a63660ecee981e3da40a39fec3f01caaffafee3504e9f8dc990cc2d69c513db25f6e722ea4811f778af8a338498b6b908682aca6e02e898cb65377f820529d35707cb83ba69b16c92b571728c58188fb08ed6f6c27d6b70e963b147605714468b90966f082d7175fcbc6e770835efb6e7bac5eeaeb5b2c23eb30ecc102e647f1ff71bc6b35f629a55dd305f8ed5287e35403a91b4dc77a6df2fff354460bf563c071846c84617da4df4c46a9e359c45d217a2b096c830ac8614947d110334ca17f587d86825b2b7ae1039fc11109687c1ad0a16f0180d1700414a4694e7ab73c715436dce437a9b3dff55f62fc1ffffc33d3be037c34c9ee7a0fcfeaec1778268565663f39b69c141304c892ae80da42cc854a87c955e6d8060a731eb16ee91e8ea27f90da85196e4f034d40b85ff59eb4b7c76218342f9c9f8d3749c874562829b7ad0c786c5c25ed240aa14755ff7f5ba5298f9f6b6ec3a46ac36d6a39c59c2ecf7781da77931214ac9a8697691d933b20cb64acde409fc159d748e4f92d83ff7767260fdec04b2e80cc524a2366e8fa5b70eb8684d164dec49fa95f42e7e75daa8c268204beec1fbc58cbbe3317af0993a8676dfdb13db7875f50cebdbc629bcd605dd4c4a65c31870495fb9a9ec51c1867ca8b117a6f9507aa26cee54c4c12f8f22b9d88072639ad765bb7906435128d1c146b9e2029880eccbdf78449bd0630381ad16c13444d709a11890d80fae0d24c037180a8726143306a7cd67abbc830167f524008f9a8e3172df597a63af2e87a92e90b70ce53069657f9b46acc9da241a1b00571540ec5fed4a9acfdd0066ba248cb2bf24540d7296256d4c9a5a5bc821817ada912cdde59876d86d4c53c1d047c6bc3442c2ee78326d7c51b6d01bd4f7ff5bc45db88649220d44099b406ac2e4744996b869ea688ecb4e758e755b29717869d5dfccbf5fd553ad83de0c4cd16b3fd4913451734226e4cf29bc0a860943b3e854d8cf49f07d2bfba1c280efaa85bb8f0f8818d1e58178c338c9e46c873adc0a4b6c832aaf0878956d8a04fcc043ff307f60a263cf1bc57ad0434b6a6f99075d932ff75deb8b017cbd16b272139a4addc24749d9551ba44d5bef0536e58de5e9d0b8985f1044163d542859c699f27f033b01d1e5d4c5598bcc4279f29c56eca82cf40c3b2799277e9b0aea04ba5cdd679e3eb63ceb0eafc21c373356caadc0f5730054a0979d7e32117962af0444b7e0e75bf1d30fd1af656956367bbbddf018531833f6c383b76cd63d014c91f67b41548e558cfae6a953a78c36ba3a896b3a0bf48aaa947d042a456a48c8f323682f560f2679f53578f00746cb04c4ef12b905b37f1b1bac9c75a85d6f173d531198f150ee6dbe7fcdbed4e0baf7610b82a793c17124970924ae32c86f9b7b40a229219958cd2445fca613e264adbf29644b1f405c68ef8afff7f4c1dc86f0e578e3716fa86c53f776dc42e7d28978f1e694428560b923b5d44e3aacb18cb38d3efd90ca0812027d336b011557e9e953cbff769e9ba84b903f5fcf1e6b4ab3e210ceaac574f80607116b196b6ded8668729f9be216bfdd049e88d1cb45581701c6ca7c991488a73e6ae5decdfc6416fa69b76f82e92246ee2b29c91885be24e96ea72438499c5c421ffd199f172667adf7d257947bb47945817930a7f2f0dfc73c2a5f6002fd40b9ea51c4a0c610e9759d43c082ed0c126c0de63c5a079b4c8bac46fcc8a1f74d8929ee2b7878430e3caed5f5aad7378fcbc4d659144a7cdbd654185ffdabd9b36257993ca823990df4aa7809ee58b7a278f38085202f3618fefef67f71b39f8ed35a28b3ff47e6caa3cecdbb41b899ea7ef3179ec3d67d0e3380f61d5a57453b9b790d171e1838c68f988a6914f4b81a7a12a0f50612182de8844a5f18026bc4110a10a31a88dae4bb40a3fea22360830784cf82ccde8187d04635e7e5bc6cda8252fa77d7022ae5fdeb978315f925cdbe7cbe0e3894965795fda4b94068bee89f79f86c420b211411929b9b3074703583c0ba0703a4d282441495110dd167c228079db163febc9ea0bcb02ab400999abfecfbca274fca55a055859eb256fcddc1d1773d72d5c3793ca3ff5f2fbe647b04f5ff2b2dc50a3a897e03634a36d21e391e6b6290cf85064711600de9a74057b78d9c04857017bc762300872f674eed1b68fac65025f3252bb803a9ff8ccf4b2b49028622168439db3bc01ea9ae7618b73dc7f858ba388891da14b88f7fee4f5f49abd687ba947969b8b923c2e119fe172126835ab4d1429133a38bbb80f1f6c308ffd180a179c05d9fb112a70e7658f9e3c7b6545556726e6589ba479edf21afd08da62963b5b724fa7b618c27fba201297dd465217de92395734355e9b34e27ff4916d78dbe0424df3d6110297a7847efda2675f12a3bf5e4b07827cdae6c61b0d969f6bb15be656b394a3f3ca8d705a4cac9c78c66c4be58c40888d49ceb08eb9a90c230faace7e4c837a8cb1aa69b020f9f43532cb7315cd698dfffb0179fb24e135480af4c437170c010e6e8f94108523dca95598c59b9e483753b79bafb02a455ceec727fd271b4cb4af7d958751a747afe6625c1e8b0316af5e13e42dc8d97dc42d5960edcaa391164693250a6f98653fa20c78823e1c1a77b798491f197a647b291cdd04087b3143e5b0fc550ecbbff19666b1c8e2a5bf2cb40f9f54c11828a8dd16489f36583e3128cda7a9abde8abbf61294450af638f56444176b5a11f84e67e4e666d6df58c45c0adc45938a2639fb1717a44c8dedf8471ac82fc1771a704f778fb812acb953493a831be5b28b16b20a112aafcee4e44640a6653c4b3035d5de4fcc16312057046bc3c650057dd9be4450b3e837ff8ac19019e67550a124416d671ccc76de36946c2d91f3d63b212111f4f09f39c24c1a981a7e63dd37a8d94ebfae1df5796d971193a8c723f172a9266af23d1d0e48aae73de4e7545a13f09a1ae3feb147ba1c700776148f027abc7dbdd1f3cb823b9a4c0e9dd43fd0bc411dc3eac2369f10fc9669ffaec5ef76da6b7f8884430b3a00da63a0e5272de159ea047584f4804a14159b1321309db45c55af563081d126300dc3ac446936f6653db92fc09d225716f425997dc247939b8c1e09a11f8b10c36b671cc590922051871ce19f6db85eefac9a666c3cec6fd5a69e7610ae5123413b458024b02521420d8c50c265d7b763f070b8fd1981824da47079135a667ee2395e43cae172e6a5ae96aeb7ce490212792498e427b80036f52cc557d3f94b118b2248af9a75a6d27d084ba423edc616981864cb0069a06f359a953a6e7df6b765d222626030248253e4e93eb0979b0a5550ee15d1489f56cc1d30b1584f37b51dfa029af5b45a85b141f4f8ffdc809a19e01f22f80c8a11e9d35f790a6de2d898462a19f412de4df26896a3d107baa7a661b5482cd71453b5f88f889b93ee6df84363ecaf04cb0dcd4369f9d1a827b955182334a998e8f2edbfe74beb14e9ff50134f03d24d70b068801684e25370c1cfc065d88582389713500f974e8a6c6e7f015b8e84e5b9861e45d4ce4eef79f0e8d4f15eaf7c1b33e64287470b5b3c0b8b6bdadae567f977341b57486c1eb279be8ee1cdf11b6e0dbd42d32c95b6801cea98e6000ea80777c6ad3f62012732859497080b3aa127a0f3a7b80a99182406ccfd54affb463f8eaf01b0c65ab582628b3c2237d039ee68d307dd113e4b593b243bd64eb6f58a0ccdd8e9a78f9ed393e2affde8d616d57c7aa1d12ebb4be718b49843ec6a90d5d8c197f154f27805046c410d4e1b66cbf4a8e495a3a229a2a1d58b4909a240d7ae6ea9e740c055b06e756e57e2ff19c148cbaf37357c0d3273b7f2ec631565e9f6c6c8722ddb0c1180695fb204f35917dc2fe11469801c545b2560a59d0666ec129b88e4f427989e820982329c2c39321f25648666af651f87b495195a95a5d158fd161324796272303114d99d22890385853dbc66d37ce22de0db447260217cf51aaed240e4f4963ca7510522fc6e7dbe164ccdedc334787ddb24bbc8205bf3353d447a1de2407c248775fa7e318d83e3ff18150b3cd9a7cbb0df0703aab6ef8d0f71bf9b5a305dc25fbd200e06b73c7f298320bd90dab05ec62b5f885e7cf95274c656051c71628f31196354460b001b6366c26fd2e92f6ad68ea37d7e3fe91fe98223563b4d23f802b3911a5241a793cb9f5b4f80081ace5877f95da7499f728ab09837120ca75c63d725e46f9f77c3da16318c9bcdd4a9d68379b627c1a71a34b684e5614ab3fabceab8d2741aca921b1b018098060686c56d7ed190e7470f529f6e680ed72e749fe7c9c2f37ea8cf08d4520e496361d2437018bbda93396c05abb2aeba443ea1ee56a3da04a8b880452a3610cb4163154e02df8a08a5e48c03fb0b0cdd4d355142cc736b344b9fd987b49b85791e5bf7805250dfe63b04c7ff56608129ef43664aa2acf82f18b49cdfd2ae5551ea4d486b35cd2ea60e3f032c58f531d4d36054f5ce268a29862ded0a3cc0ff1d30882f7c85b95e9a8599bf1d143d2d25555bbaa6f8b673b76ca8cc17b693519194784833d902581fec4e656ca546eade53abfd7e4650df648cb61a146bef5382f9255bf4a7c380854568495bdb7b33f490d240ead3d1851ce3b6400eda5a370f13ec998605f46b234bc9293c026bd1d648647bf52d506deb522012ae89c4ea75414ae6677c4aef28dd756f877af23d1a5ae3cb2205850c14f27f595d1a1542bb1eaf641293e3ba40e0bb54193a1e5db969d37c97709efbc34ab509f08a51ba71ecc4f9f66c27190115948cffaae914e7eb4e8d0c59ef7368e9b08a05bbbd340e1c1d34319f150d299c0ddf3bb2138359e826f4997068b99d13cc454fea46b8664d413b79b19656d62cbb5b31744aa33f99651fa56703eaec2e6998c7321f69f6cd110c89ae0c612a96f9a84dd751fd81ff66c80563e7091f5c5b67f89d52e7c58eb26218cddeaf5c6def3ad07a610bd4e5785675580c199b8550cbb02e3b4e1d240bb8df8e514fb505f39fd222209584331bef5d271056accaef84c88741ebd9f116cce3fe7b07b78ac4bad346c0d6e71c9daecd8d60aa8ea0914f85c9078dfaff04ba5e9bbbacddbc0cb40fe20f869d7f196c5edb6657c50b82c67f1abab663bff0a8da16422fe31a4a17995ee25081a06154d1c03f1a87a9d4ad5141a9227849bd920d2515ca16a245b635c85a77884cce0b8ae56929b5e22c52f971c2eed4ccfd64f7790a616f719fc0305af71405abae9407ed1cdaa26606331fdcf9b3c19b90e561f646ea15e0e668ef37b349594a335baf26962b89ef33c98aec3ca3e7df47c20dc2928d074e5f87c0edcf37cb25d3b8304f57f8257a5ae96791697e3c6d04f4ec2eb6a69f25346defed5b509368dea2b1960218bc6dd21b567583c229fc7b5fc85f7f2032eb304c3a1f72204f75ee950344cdef846d94e916b29a43d00c789256810de5fff6f9fd1af0fcfc2edd3fff9e2010d88083fc0b9e6a291e9a7a08af62433689a39e34bed8dafc90fec82be5c63a843d82132ce8916e395791dc86c8d11caf57f7fd096c28537ec38d6c14df9782312abc85fba2d04b0b159637b0e09f7e9faa1a6136359d17cf7c58b83994d58674ddbc248b804a82156900ca95a5002ef62de046e2f5ddf8e1e19f00189d4f5169bfc3c67afc149c6bc155767e64eac433cfb787be7f7bae7f869c0ec3d142668c2f90d383af7207a635850c515d69c6a62e24e0d58c5da244a917a17caa6be01992c4f8be0b9fff57522db4756840bdf72cafa6061ff2b86305c180c470b3af589e7c9e5328d98cf737bf01d80762e1e41a4d63a8655387be7f295862fdea629aa97b40c2ba1b563f1a103a860f7dff7fd5ee8423ce3dbf0fad41b66965c67299e35483130d461ac6c68215850fd441323bb856cdf03f624520743f7b445641c72e08994c8f252fe179b29226637b533f0ed6c94a0b84efc1a884af940fbc05c654b59d37a54047de233c496103bb27b657e7f63c24ef3ce29709622f67653f398dc7c4e44", 0x2000, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 2.156598399s ago: executing program 0: syz_emit_ethernet(0xe, &(0x7f0000001500)={@local, @link_local, @void}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x3e, 0x0, 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)="a1", 0x1}], 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d2, &(0x7f0000000100)) 1.964837739s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0xfff, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)='%pi6 \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800085}, 0x10}, 0x90) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r2, 0x40047451, 0x2000000c) 1.934813963s ago: executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) r3 = dup2(r0, r0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000040), 0x8) setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, 0x0, 0x0) 1.914956766s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000008bd28750000000000000109022400010400000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3f}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="00010700000007009330ad2a"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.780763287s ago: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000080)=0x6, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net/sockstat\x00') lseek(r1, 0xd7, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, 0x0, &(0x7f0000000400)) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x5207, 0xfffffffffffffffe) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000180)={'erspan0\x00', 0x0, 0x8000, 0x5bbeeac0a793783b, 0x9, 0x1, {{0x14, 0x4, 0x0, 0x13, 0x50, 0x68, 0x0, 0x6, 0x2b, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, {[@lsrr={0x83, 0xb, 0x2a, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x18, 0x28, 0x0, 0x6, [0x20, 0x0, 0x3, 0x401, 0x8001]}, @cipso={0x86, 0xe, 0x1, [{0x5, 0x8, "c58ae44bdcff"}]}, @lsrr={0x83, 0x7, 0xcc, [@loopback]}]}}}}}) r3 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_int(r3, 0x0, 0x13, &(0x7f0000000040)=0x7, 0x4) bind$inet(r3, &(0x7f0000000500)={0x2, 0x0, @private=0xa010101}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='veth1_to_batadv\x00', 0x10) 1.744599042s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000079b4d3948859f0b6d011fe4b2"], 0x0}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x5, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0xfffffffffffffe69, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffa000/0x4000)=nil) r1 = socket$netlink(0x10, 0x3, 0x0) connect$netlink(r1, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x1, "03"}, 0x0}) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x4, [@enum={0x3, 0x1, 0x0, 0xf, 0x4, [{}]}, @array]}, {0x0, [0x0, 0x61]}}, &(0x7f0000001fc0)=""/4128, 0x48, 0x1020, 0x1}, 0x20) r3 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r3, 0x4018480c, 0x0) 716.28309ms ago: executing program 3: syz_emit_ethernet(0xe, &(0x7f0000001500)={@local, @link_local, @void}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x3e, 0x0, 0x7) socket$nl_netfilter(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)="a1", 0x1}], 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d2, &(0x7f0000000100)) 704.838161ms ago: executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000180)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x3f}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x8f, &(0x7f0000000000)=""/143}, 0x80) 694.931353ms ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x95) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c0000001000370400"/20, @ANYRES32=r4, @ANYBLOB="0b120500000000001c0012800b00010069703667726500000c00028008000100", @ANYRES32], 0x3c}}, 0x0) sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) 657.684229ms ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000001c0)=@framed={{}, [@printk={@i}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000000)=@filename='\x00', 0xee00, &(0x7f0000000140)='./bus\x00') 643.099101ms ago: executing program 3: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000380)={0x64, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x4d, 0x11, 0x0, 0x1, [@generic="dc31854abc", @typed={0x8, 0x0, 0x0, 0x0, @str='wg1\x00'}, @typed={0x4}, @generic="c7093623433b9da639f2cd163d97741668116f0b99ebccde0b1b6433961e157e84c95add8f5a9cabb47808ea2d04a0ff2a72a6ff905e517a"]}]}, 0x64}}, 0x0) 633.997802ms ago: executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{0x801, 0x0, 0x1, 0x1}, {0xfffffffe}]}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000040)="cb858517088d5aa9e6ee13b2fef2eb9cad0e0a208067740a2bd97da5c1e5", &(0x7f0000000300)=@udp6=r1, 0x2}, 0x20) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f00000003c0), 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000280)=0x27fe, 0x4) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x3654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='htcp\x00', 0x5) r2 = syz_open_dev$mouse(&(0x7f0000000100), 0x1, 0x121040) setsockopt$inet_int(r0, 0x0, 0x1, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000001740)=@security={'security\x00', 0xe, 0x4, 0x2c0, 0xffffffff, 0xf0, 0xf0, 0xf0, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'ip6tnl0\x00', 'erspan0\x00'}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "f717acc931ef6907f0dc019040dd0ca0a80ee77e65a9d3bde15428801338"}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'syzkaller1\x00', 'geneve1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28}}, {{@ip={@dev, @empty, 0x0, 0x0, 'veth1_to_bridge\x00', 'veth0_vlan\x00'}, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "52d2612894d840638d4c4b323b93afe3b239a7f5c893a97e6505696389982135ba1f1e989a75a09243b218d3552cd43c93b1baa9eb89ca50aad7b6bbb6669486"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x320) ftruncate(0xffffffffffffffff, 0x0) syz_open_dev$vcsu(0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0xc89f, 0x700}, 0x1700) 145.129807ms ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000100), 0x1001) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r5}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 128.20427ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='ext4_ext_handle_unwritten_extents\x00', r1}, 0x9) ioctl$SIOCSIFHWADDR(r0, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x5}}) 109.102573ms ago: executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000100)=@ethtool_link_settings={0x2}}) 103.572114ms ago: executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000004fc0)={0x38, r0, 0x10ada85e65c25349, 0x0, 0x0, {{0x67}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0x4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) 96.812535ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 0s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000000)="38000300010003", 0x7) kernel console output (not intermixed with test programs): 1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1398.109982][ T7688] usb 5-1: config 0 descriptor?? [ 1398.266572][ T8771] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1398.522935][ T8771] usb 1-1: Using ep0 maxpacket: 16 [ 1398.568348][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 1398.568363][ T30] audit: type=1326 audit(2000000198.807:61718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.600503][ T30] audit: type=1326 audit(2000000198.807:61719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.624782][ T30] audit: type=1326 audit(2000000198.807:61720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.626960][ T7688] hid-generic 0003:1B1C:1B3E.00F4: unknown main item tag 0x0 [ 1398.656523][ T30] audit: type=1326 audit(2000000198.835:61721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.658280][ T7688] hid-generic 0003:1B1C:1B3E.00F4: unknown main item tag 0x0 [ 1398.688453][ T30] audit: type=1326 audit(2000000198.835:61722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.689204][ T8771] usb 1-1: config 0 has no interfaces? [ 1398.712994][ T30] audit: type=1326 audit(2000000198.835:61723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.718416][ T7688] hid-generic 0003:1B1C:1B3E.00F4: item fetching failed at offset 2/5 [ 1398.741687][ T30] audit: type=1326 audit(2000000198.835:61724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2ab45256a7 code=0x7ffc0000 [ 1398.773681][ T7688] hid-generic: probe of 0003:1B1C:1B3E.00F4 failed with error -22 [ 1398.782612][ T30] audit: type=1326 audit(2000000198.835:61725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2ab44eb379 code=0x7ffc0000 [ 1398.816112][ T30] audit: type=1326 audit(2000000198.835:61726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f2ab4527f29 code=0x7ffc0000 [ 1398.851750][ T7688] usb 5-1: USB disconnect, device number 20 [ 1398.872615][ T30] audit: type=1326 audit(2000000198.835:61727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12346 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2ab45256a7 code=0x7ffc0000 [ 1398.951046][ T8771] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1398.959914][ T8771] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1399.208420][ T8771] usb 1-1: Product: syz [ 1399.212496][ T8771] usb 1-1: Manufacturer: syz [ 1399.216921][ T8771] usb 1-1: SerialNumber: syz [ 1399.222185][ T8771] r8152-cfgselector 1-1: config 0 descriptor?? [ 1399.250584][T12364] netlink: 'syz-executor.2': attribute type 29 has an invalid length. [ 1399.265834][T12366] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1399.506059][ T8771] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1399.678042][T12391] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1399.706862][T12393] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1399.736009][ T8771] r8152-cfgselector 1-1: USB disconnect, device number 8 [ 1399.775909][T12399] loop3: detected capacity change from 0 to 1024 [ 1399.797615][T12399] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,,errors=continue. Quota mode: writeback. [ 1400.249538][T12417] tc_dump_action: action bad kind [ 1400.315651][T12416] bridge0: port 1(bridge_slave_0) entered blocking state [ 1400.325351][T12416] bridge0: port 1(bridge_slave_0) entered disabled state [ 1400.334284][T12416] device bridge_slave_0 entered promiscuous mode [ 1400.341380][T12416] bridge0: port 2(bridge_slave_1) entered blocking state [ 1400.348286][T12416] bridge0: port 2(bridge_slave_1) entered disabled state [ 1400.364684][T12416] device bridge_slave_1 entered promiscuous mode [ 1400.364947][T12436] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1400.426007][T12444] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1400.491306][T12455] syz-executor.0[12455] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1400.491391][T12455] syz-executor.0[12455] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1400.504753][T12455] syz-executor.0[12455] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1400.518949][T12455] syz-executor.0[12455] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1400.524601][T12416] bridge0: port 2(bridge_slave_1) entered blocking state [ 1400.548911][T12416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1400.556063][T12416] bridge0: port 1(bridge_slave_0) entered blocking state [ 1400.562911][T12416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1400.601614][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1400.610121][ T7689] bridge0: port 1(bridge_slave_0) entered disabled state [ 1400.627195][ T7689] bridge0: port 2(bridge_slave_1) entered disabled state [ 1400.650271][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1400.664530][ T7689] bridge0: port 1(bridge_slave_0) entered blocking state [ 1400.671487][ T7689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1400.702179][T12471] loop4: detected capacity change from 0 to 1024 [ 1400.722789][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1400.731363][ T7689] bridge0: port 2(bridge_slave_1) entered blocking state [ 1400.738211][ T7689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1400.745462][ T7689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1400.768871][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1400.778870][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1400.797215][T12416] device veth0_vlan entered promiscuous mode [ 1400.808755][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1400.830068][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1400.839034][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1400.855796][ T8] device bridge_slave_1 left promiscuous mode [ 1400.864022][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 1400.873322][ T8] device bridge_slave_0 left promiscuous mode [ 1400.880053][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 1400.892895][ T8] device veth1_macvtap left promiscuous mode [ 1400.899457][ T8] device veth0_vlan left promiscuous mode [ 1400.952746][T12471] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,,errors=continue. Quota mode: writeback. [ 1401.077173][T12489] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 1401.089357][T12416] device veth1_macvtap entered promiscuous mode [ 1401.098542][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1401.119388][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1401.140897][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1401.222544][T12506] loop1: detected capacity change from 0 to 8192 [ 1401.251329][T12506] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1401.322664][T12512] device pim6reg1 entered promiscuous mode [ 1401.738425][T12527] device ip6tnl0 entered promiscuous mode [ 1401.744056][T12527] device vlan2 entered promiscuous mode [ 1401.750562][T12527] device ip6tnl0 left promiscuous mode [ 1401.793703][T12530] fscrypt: key with description 'fscrypt:0000111122223333' is too short (got 57 bytes, need 64+ bytes) [ 1402.250529][T12557] fscrypt: key with description 'fscrypt:0000111122223333' is too short (got 57 bytes, need 64+ bytes) [ 1402.413151][T12580] loop3: detected capacity change from 0 to 256 [ 1402.466781][T12580] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1402.477463][T12580] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 1402.489066][T12580] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1402.534053][T28778] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 1402.571308][T12588] device pim6reg1 entered promiscuous mode [ 1402.854808][T12605] syz-executor.0[12605] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1402.854902][T12605] syz-executor.0[12605] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1403.288898][T28778] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1403.323259][T12641] syz-executor.3[12641] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1403.323345][T12641] syz-executor.3[12641] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1403.335420][T28778] usb 3-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 1403.365137][T28778] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1403.374254][T28778] usb 3-1: config 0 descriptor?? [ 1403.417208][T28778] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1403.631779][ T3537] usb 3-1: USB disconnect, device number 116 [ 1403.702357][ T400] hid-generic 0000:0000:0000.00F5: unknown main item tag 0x0 [ 1403.710442][ T400] hid-generic 0000:0000:0000.00F5: unknown main item tag 0x0 [ 1403.718570][ T400] hid-generic 0000:0000:0000.00F5: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1403.826594][T12678] device pim6reg1 entered promiscuous mode [ 1404.317355][T12694] loop2: detected capacity change from 0 to 256 [ 1404.342477][T12694] FAT-fs (loop2): Directory bread(block 64) failed [ 1404.349891][T12694] FAT-fs (loop2): Directory bread(block 65) failed [ 1404.356685][T12694] FAT-fs (loop2): Directory bread(block 66) failed [ 1404.372988][T12694] FAT-fs (loop2): Directory bread(block 67) failed [ 1404.383850][T12694] FAT-fs (loop2): Directory bread(block 68) failed [ 1404.390422][T12694] FAT-fs (loop2): Directory bread(block 69) failed [ 1404.396847][T12694] FAT-fs (loop2): Directory bread(block 70) failed [ 1404.403551][T12694] FAT-fs (loop2): Directory bread(block 71) failed [ 1404.411747][T12694] FAT-fs (loop2): Directory bread(block 72) failed [ 1404.424758][T12694] FAT-fs (loop2): Directory bread(block 73) failed [ 1404.555622][T12712] device ip6tnl0 entered promiscuous mode [ 1404.561269][T12712] device vlan0 entered promiscuous mode [ 1404.567595][T12712] device ip6tnl0 left promiscuous mode [ 1404.880437][ T3537] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 1404.915796][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 1404.915812][ T30] audit: type=1326 audit(2000000204.750:61752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1404.946454][ T30] audit: type=1326 audit(2000000204.750:61753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1404.970463][ T30] audit: type=1326 audit(2000000204.778:61754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1405.009199][ T30] audit: type=1326 audit(2000000204.815:61755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1405.035894][ T30] audit: type=1326 audit(2000000204.825:61756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1405.069746][T12748] device ip6tnl0 entered promiscuous mode [ 1405.071203][ T30] audit: type=1326 audit(2000000204.825:61757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1405.100205][ T30] audit: type=1326 audit(2000000204.825:61758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7febcea346a7 code=0x7ffc0000 [ 1405.106934][T12748] device vlan2 entered promiscuous mode [ 1405.126080][ T30] audit: type=1326 audit(2000000204.825:61759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7febce9fa379 code=0x7ffc0000 [ 1405.154634][T12748] device ip6tnl0 left promiscuous mode [ 1405.161227][ T30] audit: type=1326 audit(2000000204.825:61760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1405.185649][ T30] audit: type=1326 audit(2000000204.825:61761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12736 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7febcea346a7 code=0x7ffc0000 [ 1405.289304][T12764] loop3: detected capacity change from 0 to 256 [ 1405.326755][T12764] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1405.340034][ T3537] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1405.342745][T12764] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 1405.375311][ T3537] usb 3-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 1405.384190][ T3537] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1405.400979][T12764] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1405.418166][ T3537] usb 3-1: config 0 descriptor?? [ 1405.426838][T16378] hid-generic 0000:0000:0000.00F6: unknown main item tag 0x0 [ 1405.434055][T16378] hid-generic 0000:0000:0000.00F6: unknown main item tag 0x0 [ 1405.455916][T16378] hid-generic 0000:0000:0000.00F6: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1405.465963][ T3537] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1405.600373][T12802] syz-executor.4[12802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1405.600440][T12802] syz-executor.4[12802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1405.625990][T16378] hid-generic 0000:0000:0000.00F7: unknown main item tag 0x0 [ 1405.652241][T16378] hid-generic 0000:0000:0000.00F7: unknown main item tag 0x0 [ 1405.668514][T16378] hid-generic 0000:0000:0000.00F7: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1405.685110][ T400] usb 3-1: USB disconnect, device number 117 [ 1405.749975][T12824] loop3: detected capacity change from 0 to 256 [ 1405.838647][ T2125] tipc: Disabling bearer [ 1405.843979][ T2125] tipc: Left network mode [ 1405.871450][T12827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1405.878553][T12827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1405.886186][T12827] device bridge_slave_0 entered promiscuous mode [ 1405.893440][T12827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1405.900844][T12827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1405.916556][T12827] device bridge_slave_1 entered promiscuous mode [ 1406.219552][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1406.227147][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1406.245764][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1406.255302][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1406.263481][ T7688] bridge0: port 1(bridge_slave_0) entered blocking state [ 1406.270355][ T7688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1406.292195][T12850] loop3: detected capacity change from 0 to 256 [ 1406.302608][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1406.310034][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1406.318549][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1406.326716][ T400] bridge0: port 2(bridge_slave_1) entered blocking state [ 1406.333591][ T400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1406.350773][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1406.359390][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1406.376056][T12850] FAT-fs (loop3): Directory bread(block 64) failed [ 1406.384380][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1406.387026][T12850] FAT-fs (loop3): Directory bread(block 65) failed [ 1406.399734][T12850] FAT-fs (loop3): Directory bread(block 66) failed [ 1406.408446][T12850] FAT-fs (loop3): Directory bread(block 67) failed [ 1406.412129][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1406.414814][T12850] FAT-fs (loop3): Directory bread(block 68) failed [ 1406.423029][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1406.436179][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1406.436356][T12850] FAT-fs (loop3): Directory bread(block 69) failed [ 1406.445222][T12827] device veth0_vlan entered promiscuous mode [ 1406.455626][T12850] FAT-fs (loop3): Directory bread(block 70) failed [ 1406.471979][T12850] FAT-fs (loop3): Directory bread(block 71) failed [ 1406.485065][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1406.492942][T12850] FAT-fs (loop3): Directory bread(block 72) failed [ 1406.502184][T12827] device veth1_macvtap entered promiscuous mode [ 1406.508468][T12850] FAT-fs (loop3): Directory bread(block 73) failed [ 1406.526348][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 1406.539073][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1406.552234][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1406.580999][ T2125] device bridge_slave_1 left promiscuous mode [ 1406.602603][ T2125] bridge0: port 2(bridge_slave_1) entered disabled state [ 1406.634599][ T2125] device bridge_slave_0 left promiscuous mode [ 1406.640568][ T2125] bridge0: port 1(bridge_slave_0) entered disabled state [ 1406.650631][ T2125] device veth1_macvtap left promiscuous mode [ 1406.668414][T12874] loop3: detected capacity change from 0 to 128 [ 1406.703671][T12876] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 1406.783150][T12876] SELinux: security_context_str_to_sid(s) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 1406.899757][T12895] syz-executor.3[12895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1406.899874][T12895] syz-executor.3[12895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1406.961882][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 1407.023262][T12904] syz-executor.4[12904] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1407.023335][T12904] syz-executor.4[12904] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1407.135384][T12907] input: syz0 as /devices/virtual/input/input181 [ 1407.237787][T12909] xt_TCPMSS: Only works on TCP SYN packets [ 1407.474973][T12919] loop1: detected capacity change from 0 to 512 [ 1407.543984][T12919] EXT4-fs (loop1): 1 orphan inode deleted [ 1407.549791][T12919] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1407.572087][T12919] ext4 filesystem being mounted at /root/syzkaller-testdir3343584595/syzkaller.8IY03g/42/file1 supports timestamps until 2038 (0x7fffffff) [ 1407.772729][T12934] syz-executor.1[12934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1407.773243][T12934] syz-executor.1[12934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1408.649703][T12974] syz-executor.0[12974] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1408.744659][T12976] xt_TCPMSS: Only works on TCP SYN packets [ 1408.770852][T12974] syz-executor.0[12974] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1410.109210][T13018] syz-executor.0[13018] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1410.109286][T13018] syz-executor.0[13018] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1410.324403][T13039] device pim6reg1 entered promiscuous mode [ 1410.551308][T13049] input: syz0 as /devices/virtual/input/input185 [ 1410.573317][T13053] loop2: detected capacity change from 0 to 512 [ 1410.606671][T13032] loop4: detected capacity change from 0 to 40427 [ 1410.653440][T13053] EXT4-fs (loop2): 1 orphan inode deleted [ 1410.659083][T13053] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1410.682512][T13053] ext4 filesystem being mounted at /root/syzkaller-testdir749110914/syzkaller.3P7d4Z/191/file1 supports timestamps until 2038 (0x7fffffff) [ 1410.757844][T13032] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1410.796810][T13032] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1410.810155][T13032] attempt to access beyond end of device [ 1410.810155][T13032] loop4: rw=2049, want=45104, limit=40427 [ 1410.982366][T13032] attempt to access beyond end of device [ 1410.982366][T13032] loop4: rw=2049, want=45104, limit=40427 [ 1411.087292][ T30] kauditd_printk_skb: 76 callbacks suppressed [ 1411.087311][ T30] audit: type=1400 audit(2000000210.496:61838): avc: denied { ioctl } for pid=13030 comm="syz-executor.4" path="/root/syzkaller-testdir841199136/syzkaller.1VOoJh/73/file2/file0" dev="loop4" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1411.124199][T11956] attempt to access beyond end of device [ 1411.124199][T11956] loop4: rw=2049, want=45112, limit=40427 [ 1412.392881][T13117] loop4: detected capacity change from 0 to 512 [ 1412.519769][T13117] EXT4-fs (loop4): 1 orphan inode deleted [ 1412.525705][T13117] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1412.565273][T13117] ext4 filesystem being mounted at /root/syzkaller-testdir841199136/syzkaller.1VOoJh/80/file1 supports timestamps until 2038 (0x7fffffff) [ 1412.580385][T13124] bpf_get_probe_write_proto: 2 callbacks suppressed [ 1412.580403][T13124] syz-executor.2[13124] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1412.595040][T13124] syz-executor.2[13124] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1412.948045][T13133] syz-executor.4[13133] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1412.958730][T13131] device pim6reg1 entered promiscuous mode [ 1412.959751][T13133] syz-executor.4[13133] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1413.125663][T13089] loop3: detected capacity change from 0 to 131072 [ 1413.155056][T13143] device syzkaller0 entered promiscuous mode [ 1413.185140][T13089] F2FS-fs (loop3): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 1413.199704][T13089] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 1413.209880][T13089] F2FS-fs (loop3): invalid crc value [ 1413.217855][T13089] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1413.267373][T13089] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 1413.274922][T13089] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 1413.396362][ T7688] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1413.510414][T13179] syz-executor.1[13179] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1413.510499][T13179] syz-executor.1[13179] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1413.659407][T13183] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1413.679098][T13183] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1413.690446][T13183] overlayfs: missing 'lowerdir' [ 1413.824262][ T7688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1413.862862][ T7688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1413.891836][ T7688] usb 5-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1413.910855][T13189] syz-executor.1[13189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1413.910942][T13189] syz-executor.1[13189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1413.925352][ T7688] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1413.936225][T13191] loop3: detected capacity change from 0 to 512 [ 1413.938196][ T7688] usb 5-1: config 0 descriptor?? [ 1414.005925][ T30] audit: type=1400 audit(2000000213.257:61839): avc: denied { relabelfrom } for pid=13195 comm="syz-executor.0" name="NETLINK" dev="sockfs" ino=230953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 1414.039205][T13191] EXT4-fs (loop3): 1 orphan inode deleted [ 1414.044821][T13191] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1414.066946][T13191] ext4 filesystem being mounted at /root/syzkaller-testdir3523570599/syzkaller.csrGOh/195/file1 supports timestamps until 2038 (0x7fffffff) [ 1414.079230][ T30] audit: type=1400 audit(2000000213.257:61840): avc: denied { relabelto } for pid=13195 comm="syz-executor.0" name="NETLINK" dev="sockfs" ino=230953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_route_socket permissive=1 [ 1414.147799][T13211] device pim6reg1 entered promiscuous mode [ 1414.195801][T13219] syz-executor.1[13219] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1414.195862][T13219] syz-executor.1[13219] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1414.918621][ T7688] logitech-djreceiver 0003:046D:C534.00F8: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.4-1/input0 [ 1414.990138][ T30] audit: type=1326 audit(2000000214.174:61841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13233 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ab4527f29 code=0x0 [ 1415.019268][T13237] incfs: Error accessing: ./file0. [ 1415.024436][T13237] incfs: mount failed -20 [ 1415.106862][T13242] loop1: detected capacity change from 0 to 256 [ 1415.166731][ T30] audit: type=1326 audit(2000000214.333:61842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x7ffc0000 [ 1415.193977][T13242] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1415.219699][ T30] audit: type=1326 audit(2000000214.371:61843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x7ffc0000 [ 1415.259363][ T30] audit: type=1326 audit(2000000214.371:61844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7fbabfe6cf29 code=0x7ffc0000 [ 1415.284997][ T30] audit: type=1326 audit(2000000214.371:61845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x7ffc0000 [ 1415.324102][ T30] audit: type=1326 audit(2000000214.371:61846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x7ffc0000 [ 1415.525337][T13275] tipc: Started in network mode [ 1415.530200][T13275] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 1415.537269][T13275] tipc: Enabled bearer , priority 10 [ 1415.544026][T13275] tipc: Resetting bearer [ 1415.550889][T13275] tipc: Disabling bearer [ 1415.814268][T13284] input: syz0 as /devices/virtual/input/input186 [ 1416.053529][T13296] xt_TCPMSS: Only works on TCP SYN packets [ 1416.345335][ T8771] usb 5-1: reset high-speed USB device number 21 using dummy_hcd [ 1416.799929][ T30] audit: type=1326 audit(2000000215.868:61847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13320 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1416.834918][ T30] audit: type=1326 audit(2000000215.868:61848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13320 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1416.863160][ T30] audit: type=1326 audit(2000000215.868:61849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13320 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1416.887641][ T30] audit: type=1326 audit(2000000215.868:61850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13320 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1416.911907][ T30] audit: type=1326 audit(2000000215.868:61851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13320 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1417.407155][T13363] loop4: detected capacity change from 0 to 256 [ 1417.437398][T13363] FAT-fs (loop4): Directory bread(block 64) failed [ 1417.443741][T13363] FAT-fs (loop4): Directory bread(block 65) failed [ 1417.450512][T13363] FAT-fs (loop4): Directory bread(block 66) failed [ 1417.456998][T13363] FAT-fs (loop4): Directory bread(block 67) failed [ 1417.463581][T13363] FAT-fs (loop4): Directory bread(block 68) failed [ 1417.470016][T13363] FAT-fs (loop4): Directory bread(block 69) failed [ 1417.476512][T13363] FAT-fs (loop4): Directory bread(block 70) failed [ 1417.483492][T13363] FAT-fs (loop4): Directory bread(block 71) failed [ 1417.490929][T13363] FAT-fs (loop4): Directory bread(block 72) failed [ 1417.497706][T13363] FAT-fs (loop4): Directory bread(block 73) failed [ 1417.526979][T13364] loop2: detected capacity change from 0 to 256 [ 1417.537031][T13363] attempt to access beyond end of device [ 1417.537031][T13363] loop4: rw=0, want=1772, limit=256 [ 1417.559116][T13364] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1417.575323][ T7688] usb 5-1: USB disconnect, device number 21 [ 1418.034663][T13385] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1418.241210][T13405] loop2: detected capacity change from 0 to 512 [ 1418.318791][T13405] EXT4-fs (loop2): 1 orphan inode deleted [ 1418.324729][T13405] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1418.347078][T13405] ext4 filesystem being mounted at /root/syzkaller-testdir749110914/syzkaller.3P7d4Z/217/file1 supports timestamps until 2038 (0x7fffffff) [ 1418.414954][ T30] audit: type=1400 audit(2000000217.375:61852): avc: denied { watch } for pid=13418 comm="syz-executor.0" path="/root/syzkaller-testdir2005527512/syzkaller.gp0pdW/66/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 1420.007423][T13450] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1420.015511][T13450] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1420.019237][T13448] xt_TCPMSS: Only works on TCP SYN packets [ 1420.026894][T13450] overlayfs: missing 'lowerdir' [ 1420.090390][ T30] audit: type=1326 audit(2000000218.947:61853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13463 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x0 [ 1420.121603][ T30] audit: type=1326 audit(2000000218.975:61854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13465 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1420.146281][ T30] audit: type=1326 audit(2000000218.975:61855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13465 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1420.195477][ T30] audit: type=1326 audit(2000000218.975:61856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13465 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7febcea36f29 code=0x7ffc0000 [ 1420.399974][T13497] : renamed from pim6reg1 [ 1420.554440][T13499] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1420.562639][T13499] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1420.574030][T13499] overlayfs: missing 'lowerdir' [ 1420.779607][ T3537] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1421.050621][T13523] : renamed from pim6reg1 [ 1421.057372][ T3537] usb 4-1: Using ep0 maxpacket: 16 [ 1421.185668][ T3537] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1421.201837][ T3537] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1421.212767][ T3537] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1421.225412][ T3537] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1421.234244][ T3537] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1421.242743][ T3537] usb 4-1: config 0 descriptor?? [ 1421.300189][T13544] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1421.506903][T13556] loop1: detected capacity change from 0 to 256 [ 1421.544542][T13556] FAT-fs (loop1): Directory bread(block 64) failed [ 1421.550956][T13556] FAT-fs (loop1): Directory bread(block 65) failed [ 1421.557320][T13556] FAT-fs (loop1): Directory bread(block 66) failed [ 1421.559606][ T8771] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 1421.563684][T13556] FAT-fs (loop1): Directory bread(block 67) failed [ 1421.577483][T13556] FAT-fs (loop1): Directory bread(block 68) failed [ 1421.584601][T13556] FAT-fs (loop1): Directory bread(block 69) failed [ 1421.591092][T13556] FAT-fs (loop1): Directory bread(block 70) failed [ 1421.597371][T13556] FAT-fs (loop1): Directory bread(block 71) failed [ 1421.603756][T13556] FAT-fs (loop1): Directory bread(block 72) failed [ 1421.610018][T13556] FAT-fs (loop1): Directory bread(block 73) failed [ 1421.747592][T13569] bpf_get_probe_write_proto: 4 callbacks suppressed [ 1421.747619][T13569] syz-executor.1[13569] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1421.754208][T13569] syz-executor.1[13569] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1421.784450][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.803158][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.810384][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.817795][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.825584][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.826734][ T8771] usb 3-1: Using ep0 maxpacket: 16 [ 1421.832697][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.844851][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.860703][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.867990][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.875120][ T3537] microsoft 0003:045E:07DA.00F9: unknown main item tag 0x0 [ 1421.882466][ T3537] microsoft 0003:045E:07DA.00F9: No inputs registered, leaving [ 1421.890423][ T3537] microsoft 0003:045E:07DA.00F9: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1421.901787][ T3537] microsoft 0003:045E:07DA.00F9: no inputs found [ 1421.907956][ T3537] microsoft 0003:045E:07DA.00F9: could not initialize ff, continuing anyway [ 1421.965708][ T8771] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1421.976334][T13578] syz-executor.1[13578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1421.976544][T13578] syz-executor.1[13578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1421.976761][ T8771] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1422.009530][ T8771] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1422.022917][ T3537] usb 4-1: USB disconnect, device number 12 [ 1422.040984][T13578] syz-executor.1[13578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1422.041062][T13578] syz-executor.1[13578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1422.189138][T13609] syz-executor.1[13609] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1422.200947][ T8771] usb 3-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.40 [ 1422.202767][T13609] syz-executor.1[13609] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1422.214085][ T8771] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1422.250021][ T8771] usb 3-1: Product: syz [ 1422.254135][ T8771] usb 3-1: Manufacturer: syz [ 1422.258643][ T8771] usb 3-1: SerialNumber: syz [ 1422.262117][T13609] syz-executor.1[13609] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1422.263100][T13609] syz-executor.1[13609] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1422.492992][T13628] loop1: detected capacity change from 0 to 40427 [ 1422.525524][T13628] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1422.572542][ T30] kauditd_printk_skb: 230 callbacks suppressed [ 1422.572556][ T30] audit: type=1326 audit(2000000221.268:62087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13651 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x0 [ 1422.578693][T13628] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1422.602328][ T8771] usbhid 3-1:1.0: can't add hid device: -22 [ 1422.618389][ T8771] usbhid: probe of 3-1:1.0 failed with error -22 [ 1422.625873][ T8771] usb 3-1: USB disconnect, device number 118 [ 1422.677522][T12416] attempt to access beyond end of device [ 1422.677522][T12416] loop1: rw=2049, want=45104, limit=40427 [ 1423.949937][T13679] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 1423.958130][T13679] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1423.969540][T13679] overlayfs: missing 'lowerdir' [ 1423.978692][T13681] xt_TCPMSS: Only works on TCP SYN packets [ 1424.670837][T13688] kvm: pic: non byte write [ 1424.939226][T13710] netem: change failed [ 1424.957428][ T9338] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1424.964785][ T3537] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1424.973415][T13714] loop2: detected capacity change from 0 to 128 [ 1425.032848][ T2125] attempt to access beyond end of device [ 1425.032848][ T2125] loop2: rw=1, want=130, limit=128 [ 1425.043433][ T2125] Buffer I/O error on dev loop2, logical block 129, lost async page write [ 1425.235201][ T3537] usb 4-1: Using ep0 maxpacket: 8 [ 1425.240134][ T9338] usb 1-1: Using ep0 maxpacket: 16 [ 1425.305483][T13732] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13732 comm=syz-executor.2 [ 1425.384878][ T9338] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1425.395715][ T3537] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 1425.403863][ T3537] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 1425.414164][ T9338] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1425.423778][ T3537] usb 4-1: config 135 has no interface number 0 [ 1425.425522][T13736] loop2: detected capacity change from 0 to 40427 [ 1425.429945][ T9338] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1425.448763][ T3537] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1425.492553][T13736] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1425.500182][T13736] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1425.509738][T13736] F2FS-fs (loop2): invalid crc value [ 1425.516627][T13736] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1425.542910][T13736] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1425.549827][T13736] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1425.651992][ T3537] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 1425.661519][ T9338] usb 1-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.40 [ 1425.670437][ T9338] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1425.670521][ T3537] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1425.687871][ T9338] usb 1-1: Product: syz [ 1425.691880][ T9338] usb 1-1: Manufacturer: syz [ 1425.696315][ T9338] usb 1-1: SerialNumber: syz [ 1425.826824][ T30] audit: type=1400 audit(2000000224.263:62088): avc: denied { rename } for pid=13735 comm="syz-executor.2" name="#261" dev="loop2" ino=460 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1425.827764][ T3537] usb 4-1: Product: syz [ 1425.853401][ T3537] usb 4-1: Manufacturer: syz [ 1425.853643][ T30] audit: type=1400 audit(2000000224.282:62089): avc: denied { unlink } for pid=13735 comm="syz-executor.2" name="#262" dev="loop2" ino=460 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1425.857815][ T3537] usb 4-1: SerialNumber: syz [ 1425.887194][T13745] loop1: detected capacity change from 0 to 128 [ 1425.927898][T13750] loop4: detected capacity change from 0 to 512 [ 1425.952317][ T3537] usb 4-1: Found UVC 0.00 device syz (18ec:3288) [ 1425.958612][ T3537] usb 4-1: No valid video chain found. [ 1425.965225][T13750] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 1425.974879][T13750] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 1425.977046][T13745] attempt to access beyond end of device [ 1425.977046][T13745] loop1: rw=0, want=241, limit=128 [ 1425.984458][T13750] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 1425.985288][T13750] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 1426.012158][T13750] [EXT4 FS bs=4096, gc=2, bpg=35, ipg=32, mo=e000e118, mo2=0000] [ 1426.019816][T13750] EXT4-fs (loop4): failed to initialize system zone (-117) [ 1426.020453][ T2125] attempt to access beyond end of device [ 1426.020453][ T2125] loop1: rw=1, want=1041, limit=128 [ 1426.026994][T13750] EXT4-fs (loop4): mount failed [ 1426.113396][T13750] loop4: detected capacity change from 0 to 256 [ 1426.143560][ T9338] usbhid 1-1:1.0: can't add hid device: -22 [ 1426.149371][ T9338] usbhid: probe of 1-1:1.0 failed with error -22 [ 1426.158329][T13750] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 1426.171256][ T9338] usb 1-1: USB disconnect, device number 9 [ 1426.179909][ T8771] usb 4-1: USB disconnect, device number 13 [ 1426.193694][T13757] loop1: detected capacity change from 0 to 40427 [ 1426.246582][T13757] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1426.254359][ T2125] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1426.254429][T13757] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1426.263170][ T2125] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1426.281005][T13757] F2FS-fs (loop1): invalid crc value [ 1426.287729][T13757] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1426.322176][T13757] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1426.329076][T13757] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1426.342324][T13757] SELinux: Context @ is not valid (left unmapped). [ 1426.349000][ T30] audit: type=1400 audit(2000000224.806:62090): avc: denied { relabelto } for pid=13756 comm="syz-executor.1" name="memory.swap.events" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="@" [ 1426.394218][ T30] audit: type=1400 audit(2000000224.834:62091): avc: denied { ioctl } for pid=13756 comm="syz-executor.1" path="/root/syzkaller-testdir3343584595/syzkaller.8IY03g/111/bus/memory.swap.events" dev="loop1" ino=10 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="@" [ 1426.505893][T13772] loop1: detected capacity change from 0 to 512 [ 1426.520130][T13772] EXT4-fs (loop1): 1 orphan inode deleted [ 1426.525755][T13772] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1426.546664][T13772] ext4 filesystem being mounted at /root/syzkaller-testdir3343584595/syzkaller.8IY03g/112/file1 supports timestamps until 2038 (0x7fffffff) [ 1426.594304][ T3537] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1426.767018][T13776] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1426.955531][ T3537] usb 5-1: device descriptor read/64, error -71 [ 1427.193795][ T30] audit: type=1326 audit(2000000225.602:62092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13815 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x0 [ 1427.425602][ T3537] usb 5-1: device descriptor read/64, error -71 [ 1427.714094][ T3537] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1427.756873][T16378] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1428.034699][ T3537] usb 5-1: device descriptor read/64, error -71 [ 1428.062253][T13827] 9pnet: Insufficient options for proto=fd [ 1428.162961][T16378] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1428.173812][T16378] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1428.183371][T16378] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 1428.192249][T16378] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1428.201002][T16378] usb 2-1: config 0 descriptor?? [ 1428.275354][T13849] device syzkaller0 entered promiscuous mode [ 1428.515573][ T3537] usb 5-1: device descriptor read/64, error -71 [ 1428.603969][T13860] 9pnet: Insufficient options for proto=fd [ 1428.641396][ T30] audit: type=1326 audit(2000000226.949:62093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13854 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febcea36f29 code=0x0 [ 1428.666195][ T3537] usb usb5-port1: attempt power cycle [ 1428.720110][T16378] logitech-djreceiver 0003:046D:C534.00FA: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.1-1/input0 [ 1429.113803][ T3537] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1429.316888][ T3537] usb 5-1: device descriptor read/8, error -71 [ 1429.605403][ T3537] usb 5-1: device descriptor read/8, error -71 [ 1429.618375][T13903] loop3: detected capacity change from 0 to 40427 [ 1429.681166][T13903] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1429.756853][T13903] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1429.790259][T10873] attempt to access beyond end of device [ 1429.790259][T10873] loop3: rw=2049, want=45104, limit=40427 [ 1429.850722][T13921] loop2: detected capacity change from 0 to 256 [ 1429.893796][ T3537] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1429.903521][T13921] FAT-fs (loop2): Directory bread(block 64) failed [ 1429.914539][T13921] FAT-fs (loop2): Directory bread(block 65) failed [ 1429.921141][T13921] FAT-fs (loop2): Directory bread(block 66) failed [ 1429.927859][T13921] FAT-fs (loop2): Directory bread(block 67) failed [ 1429.934253][T13921] FAT-fs (loop2): Directory bread(block 68) failed [ 1429.940684][T13921] FAT-fs (loop2): Directory bread(block 69) failed [ 1429.947066][T13921] FAT-fs (loop2): Directory bread(block 70) failed [ 1429.953494][T13921] FAT-fs (loop2): Directory bread(block 71) failed [ 1429.959964][T13921] FAT-fs (loop2): Directory bread(block 72) failed [ 1429.966381][T13921] FAT-fs (loop2): Directory bread(block 73) failed [ 1430.075461][ T9338] usb 2-1: reset high-speed USB device number 14 using dummy_hcd [ 1430.086180][ T3537] usb 5-1: device descriptor read/8, error -71 [ 1430.278448][T16378] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1430.318441][T13943] loop3: detected capacity change from 0 to 40427 [ 1430.365469][T13943] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1430.373124][T13943] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1430.382413][T13943] F2FS-fs (loop3): invalid crc value [ 1430.389363][T13943] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1430.406855][ T3537] usb 5-1: device descriptor read/8, error -71 [ 1430.419459][T13943] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1430.426356][T13943] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1430.535352][T16378] usb 3-1: Using ep0 maxpacket: 16 [ 1430.540415][ T3537] usb usb5-port1: unable to enumerate USB device [ 1430.780683][ T2125] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1430.789519][ T2125] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1430.855534][T16378] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1431.047869][T16378] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1431.056826][T16378] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1431.064646][T16378] usb 3-1: Product: syz [ 1431.079801][T16378] usb 3-1: Manufacturer: syz [ 1431.084300][T16378] usb 3-1: SerialNumber: syz [ 1431.095414][T16378] usb 3-1: config 0 descriptor?? [ 1431.134442][T16378] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1431.142524][T16378] usb 3-1: Detected FT232RL [ 1431.368447][T16378] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1431.389848][T16378] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1431.411525][T16378] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 1431.418699][T16378] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1431.428071][T16378] usb 3-1: USB disconnect, device number 119 [ 1431.435265][T16378] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1431.444901][T16378] ftdi_sio 3-1:0.0: device disconnected [ 1431.699953][ T1518] usb 2-1: USB disconnect, device number 14 [ 1432.339173][ T30] audit: type=1400 audit(2000000230.188:62094): avc: denied { mount } for pid=14011 comm="syz-executor.2" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 1432.470196][T14028] loop3: detected capacity change from 0 to 128 [ 1432.899740][ T30] audit: type=1400 audit(2000000230.936:62095): avc: denied { unmount } for pid=10950 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 1433.594162][T14069] bpf_get_probe_write_proto: 10 callbacks suppressed [ 1433.594176][T14069] syz-executor.0[14069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1433.600758][T14069] syz-executor.0[14069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1433.621952][T14071] syz-executor.0[14071] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1433.634043][T14071] syz-executor.0[14071] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1434.238407][T14119] syz-executor.3[14119] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1434.254514][T14102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1434.271641][T14119] syz-executor.3[14119] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1434.289239][T14102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1434.308974][ T30] audit: type=1326 audit(2000000232.256:62096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.351094][T14102] device bridge_slave_0 entered promiscuous mode [ 1434.358797][ T30] audit: type=1326 audit(2000000232.256:62097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.393034][T14102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1434.399897][T14102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1434.407385][T14102] device bridge_slave_1 entered promiscuous mode [ 1434.414242][ T30] audit: type=1326 audit(2000000232.284:62098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.447833][ T30] audit: type=1326 audit(2000000232.284:62099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.472061][ T30] audit: type=1326 audit(2000000232.284:62100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.497197][ T30] audit: type=1326 audit(2000000232.284:62101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.521818][ T30] audit: type=1326 audit(2000000232.284:62102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9bc1af29 code=0x7ffc0000 [ 1434.545837][ T30] audit: type=1326 audit(2000000232.284:62103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5d9bc186a7 code=0x7ffc0000 [ 1434.569840][ T30] audit: type=1326 audit(2000000232.284:62104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5d9bbde379 code=0x7ffc0000 [ 1434.596914][ T30] audit: type=1326 audit(2000000232.284:62105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5d9bc186a7 code=0x7ffc0000 [ 1434.671349][T14139] loop3: detected capacity change from 0 to 256 [ 1434.690569][T14141] syz-executor.1[14141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1434.690650][T14141] syz-executor.1[14141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1434.726772][T14143] futex_wake_op: syz-executor.1 tries to shift op by -1; fix this program [ 1434.748155][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1434.756967][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1434.770337][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1434.778809][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1434.786746][T28530] bridge0: port 1(bridge_slave_0) entered blocking state [ 1434.793609][T28530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1434.801406][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1434.821539][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1434.830643][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1434.838769][ T7688] bridge0: port 2(bridge_slave_1) entered blocking state [ 1434.845660][ T7688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1434.869724][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1434.890142][T14102] device veth0_vlan entered promiscuous mode [ 1434.896552][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1434.905692][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1434.919676][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1434.969588][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1434.977071][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1435.006355][T14102] device veth1_macvtap entered promiscuous mode [ 1435.013397][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1435.031001][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1435.040667][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1435.120931][ T2125] device bridge_slave_1 left promiscuous mode [ 1435.127248][ T2125] bridge0: port 2(bridge_slave_1) entered disabled state [ 1435.143718][ T2125] device bridge_slave_0 left promiscuous mode [ 1435.152597][ T2125] bridge0: port 1(bridge_slave_0) entered disabled state [ 1435.168066][ T2125] device veth1_macvtap left promiscuous mode [ 1435.174275][ T2125] device veth0_vlan left promiscuous mode [ 1435.636322][T14192] bridge0: port 1(bridge_slave_0) entered blocking state [ 1435.643529][T14192] bridge0: port 1(bridge_slave_0) entered disabled state [ 1435.651353][T14192] device bridge_slave_0 entered promiscuous mode [ 1435.658725][T14192] bridge0: port 2(bridge_slave_1) entered blocking state [ 1435.665833][T14192] bridge0: port 2(bridge_slave_1) entered disabled state [ 1435.673257][T14192] device bridge_slave_1 entered promiscuous mode [ 1435.757019][T14192] bridge0: port 2(bridge_slave_1) entered blocking state [ 1435.763917][T14192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1435.771041][T14192] bridge0: port 1(bridge_slave_0) entered blocking state [ 1435.777881][T14192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1435.807459][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1435.815440][ T8771] bridge0: port 1(bridge_slave_0) entered disabled state [ 1435.824140][ T8771] bridge0: port 2(bridge_slave_1) entered disabled state [ 1435.840508][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1435.848801][ T7688] bridge0: port 1(bridge_slave_0) entered blocking state [ 1435.855651][ T7688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1435.863091][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1435.871242][ T7688] bridge0: port 2(bridge_slave_1) entered blocking state [ 1435.878122][ T7688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1435.903577][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1435.913094][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1435.937944][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1435.954760][T14192] device veth0_vlan entered promiscuous mode [ 1435.961456][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1435.968088][T14204] loop3: detected capacity change from 0 to 1024 [ 1435.969916][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1435.982386][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1436.007423][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1436.018745][T14192] device veth1_macvtap entered promiscuous mode [ 1436.032091][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1436.049287][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1436.057852][T14204] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 1436.084380][T14211] loop2: detected capacity change from 0 to 1024 [ 1436.104067][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.115705][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.126781][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.138678][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.140679][T14211] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1436.149561][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.170960][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.181869][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.184733][T14211] EXT4-fs warning (device loop2): ext4_empty_dir:3110: inode #2: comm syz-executor.2: directory missing '..' [ 1436.192904][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.214781][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.225703][T10873] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor.3: invalid size [ 1436.427859][T14235] loop2: detected capacity change from 0 to 128 [ 1436.451267][T14228] bridge0: port 1(bridge_slave_0) entered blocking state [ 1436.458223][T14228] bridge0: port 1(bridge_slave_0) entered disabled state [ 1436.466597][T14228] device bridge_slave_0 entered promiscuous mode [ 1436.473715][T14228] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.482200][T14235] FAT-fs (loop2): bogus number of reserved sectors [ 1436.488610][T14228] bridge0: port 2(bridge_slave_1) entered disabled state [ 1436.495909][T14228] device bridge_slave_1 entered promiscuous mode [ 1436.502973][T14235] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 1436.520056][T14235] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1436.572082][T14228] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.578930][T14228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1436.586096][T14228] bridge0: port 1(bridge_slave_0) entered blocking state [ 1436.592927][T14228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1436.626923][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1436.634762][ T3537] bridge0: port 1(bridge_slave_0) entered disabled state [ 1436.642739][ T3537] bridge0: port 2(bridge_slave_1) entered disabled state [ 1436.662336][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1436.670412][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state [ 1436.677273][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1436.687333][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1436.697264][ T3537] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.704125][ T3537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1436.717420][ T2125] device bridge_slave_1 left promiscuous mode [ 1436.723985][ T2125] bridge0: port 2(bridge_slave_1) entered disabled state [ 1436.732023][ T2125] device bridge_slave_0 left promiscuous mode [ 1436.738464][ T2125] bridge0: port 1(bridge_slave_0) entered disabled state [ 1436.748070][T14257] loop1: detected capacity change from 0 to 512 [ 1436.755738][ T2125] device veth1_macvtap left promiscuous mode [ 1436.761840][ T2125] device veth0_vlan left promiscuous mode [ 1436.779084][T14257] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 1436.788859][T14257] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1436.796071][T14257] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 40: padding at end of block bitmap is not set [ 1436.811248][T14257] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 1436.820279][T14257] EXT4-fs (loop1): 1 truncate cleaned up [ 1436.828399][T14257] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1436.843415][T14257] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz-executor.1: corrupted xattr block 31 [ 1436.855681][T14257] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=16 [ 1436.864611][T14257] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz-executor.1: corrupted xattr block 31 [ 1436.876838][T14257] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=16 [ 1436.886157][T14257] fuse: Bad value for 'fd' [ 1436.993252][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1437.002213][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1437.010203][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1437.024504][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1437.033454][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1437.042029][T28778] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1437.054420][T28778] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1437.063243][T14228] device veth0_vlan entered promiscuous mode [ 1437.071230][T14267] loop1: detected capacity change from 0 to 256 [ 1437.087499][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1437.096009][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1437.106655][T14228] device veth1_macvtap entered promiscuous mode [ 1437.123884][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1437.131631][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1437.131963][T14267] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1437.139839][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1437.169654][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1437.177809][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1437.220835][T14275] loop1: detected capacity change from 0 to 128 [ 1437.257754][T14275] FAT-fs (loop1): bogus number of reserved sectors [ 1437.264514][T14275] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 1437.273672][T14275] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1437.398106][T14289] input: syz0 as /devices/virtual/input/input188 [ 1438.046017][T14319] loop2: detected capacity change from 0 to 128 [ 1438.069138][T14319] FAT-fs (loop2): bogus number of reserved sectors [ 1438.075529][T14319] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 1438.085659][T14319] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1438.112198][ T2125] device bridge_slave_1 left promiscuous mode [ 1438.118259][ T2125] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.125867][ T2125] device bridge_slave_0 left promiscuous mode [ 1438.132389][ T2125] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.140678][ T2125] device veth1_macvtap left promiscuous mode [ 1438.146734][ T2125] device veth0_vlan left promiscuous mode [ 1438.190038][T14328] loop3: detected capacity change from 0 to 512 [ 1438.239033][T14328] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1438.247429][T14328] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1438.257398][T14328] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 40: padding at end of block bitmap is not set [ 1438.274955][T14328] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 1438.302638][T14328] EXT4-fs (loop3): 1 truncate cleaned up [ 1438.322107][T14328] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1438.336556][T14328] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz-executor.3: corrupted xattr block 31 [ 1438.348783][T14328] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=16 [ 1438.359723][T14328] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz-executor.3: corrupted xattr block 31 [ 1438.372575][T14328] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=16 [ 1438.381527][T14328] fuse: Bad value for 'fd' [ 1438.752644][T14342] input: syz0 as /devices/virtual/input/input189 [ 1439.153260][T14366] loop1: detected capacity change from 0 to 256 [ 1440.437617][T14398] input: syz0 as /devices/virtual/input/input190 [ 1440.753330][T14413] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1441.048593][T14422] loop1: detected capacity change from 0 to 512 [ 1441.057977][T14421] loop2: detected capacity change from 0 to 256 [ 1441.067398][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 1441.067413][ T30] audit: type=1326 audit(2000000238.583:62159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14423 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbabfe6cf29 code=0x0 [ 1441.104838][T14422] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 1441.120881][T14422] ext4 filesystem being mounted at /root/syzkaller-testdir2553843591/syzkaller.1H5XMj/12/bus supports timestamps until 2038 (0x7fffffff) [ 1441.141678][T14422] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #12: block 32: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 1441.163841][T14422] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #12: block 32: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 1441.518989][ T7688] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1441.903767][ T7688] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1441.914513][ T7688] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1441.924164][ T7688] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 1441.933236][ T7688] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1441.941855][ T7688] usb 2-1: config 0 descriptor?? [ 1442.481460][ T7688] sony 0003:054C:0268.00FB: unknown main item tag 0x0 [ 1442.499489][ T7688] sony 0003:054C:0268.00FB: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.1-1/input0 [ 1442.511213][ T7688] sony 0003:054C:0268.00FB: failed to claim input [ 1442.803294][ T9338] usb 2-1: USB disconnect, device number 15 [ 1443.102978][T14462] input: syz0 as /devices/virtual/input/input191 [ 1443.242203][T14466] syz-executor.0[14466] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1443.242491][T14466] syz-executor.0[14466] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1443.539074][T14487] loop1: detected capacity change from 0 to 1024 [ 1443.694746][T14491] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 1443.704136][T14491] fuse: Bad value for 'fd' [ 1443.746891][T14487] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 1443.769453][T14487] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,jqfmt=vfsv0,minixdf,errors=remount-ro,abort,grpjquota=,. Quota mode: writeback. [ 1443.837355][T14494] syz-executor.2[14494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1443.837408][T14494] syz-executor.2[14494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1443.881659][T14498] loop2: detected capacity change from 0 to 128 [ 1443.923159][T28530] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1444.194850][T28530] usb 4-1: Using ep0 maxpacket: 8 [ 1444.393320][T28530] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1444.404900][T28530] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1444.414659][T28530] usb 4-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 1444.423636][T28530] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1444.432425][T28530] usb 4-1: config 0 descriptor?? [ 1444.962212][T14528] syz-executor.1[14528] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1444.962283][T14528] syz-executor.1[14528] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1445.078062][T28530] elo 0003:04E7:0009.00FC: unknown main item tag 0x0 [ 1445.098576][T28530] elo 0003:04E7:0009.00FC: unknown main item tag 0x0 [ 1445.119008][T28530] elo 0003:04E7:0009.00FC: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.3-1/input0 [ 1445.291990][ T3537] usb 4-1: USB disconnect, device number 14 [ 1446.009671][T14565] loop3: detected capacity change from 0 to 2048 [ 1446.030934][T14565] loop3: p3 < > p4 < > [ 1446.034953][T14565] loop3: partition table partially beyond EOD, truncated [ 1446.042261][T14565] loop3: p3 start 4284289 is beyond EOD, truncated [ 1446.078731][T14572] loop1: detected capacity change from 0 to 4096 [ 1446.117814][T14572] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1446.140307][T14572] fs-verity (loop1, inode 13): Error -27 writing Merkle tree block 2160165643 [ 1446.149271][T14572] fs-verity (loop1, inode 13): Error -27 building Merkle tree [ 1446.415113][T14591] tipc: Started in network mode [ 1446.419833][T14591] tipc: Node identity 7f000001, cluster identity 4711 [ 1446.427406][T14591] tipc: Enabled bearer , priority 10 [ 1447.123091][T14614] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 1447.132013][T14614] SELinux: security_context_str_to_sid(s) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 1447.170606][T14620] tipc: Enabled bearer , priority 10 [ 1447.405726][T14640] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 1447.414625][T14640] SELinux: security_context_str_to_sid(s) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 1447.504319][T14651] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 1447.624367][T14655] loop2: detected capacity change from 0 to 2048 [ 1447.630764][ T1518] tipc: Node number set to 2130706433 [ 1447.639862][T14658] loop1: detected capacity change from 0 to 512 [ 1447.663522][T14655] loop2: p3 < > p4 < > [ 1447.667658][T14655] loop2: partition table partially beyond EOD, truncated [ 1447.674948][T14655] loop2: p3 start 4284289 is beyond EOD, truncated [ 1447.681390][T14658] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 1447.692111][T14658] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1447.698306][T14658] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #3: comm syz-executor.1: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 1447.716814][T14658] EXT4-fs error (device loop1): ext4_quota_enable:6369: comm syz-executor.1: Bad quota inode: 3, type: 0 [ 1447.732511][T14658] EXT4-fs warning (device loop1): ext4_enable_quotas:6410: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 1447.747730][T14658] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 1447.754967][T14658] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1447.899630][ T30] audit: type=1326 audit(2000000244.975:62160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x7ffc0000 [ 1447.926239][ T30] audit: type=1326 audit(2000000244.975:62161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x7ffc0000 [ 1447.950715][ T30] audit: type=1326 audit(2000000244.975:62162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f7d7e154f29 code=0x7ffc0000 [ 1447.976609][ T30] audit: type=1326 audit(2000000244.975:62163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x7ffc0000 [ 1448.001249][ T30] audit: type=1326 audit(2000000244.975:62164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x7ffc0000 [ 1448.025422][ T30] audit: type=1326 audit(2000000245.050:62165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14670 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x0 [ 1448.359258][T14676] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 1448.368016][T28530] tipc: Node number set to 10005162 [ 1448.373109][T14676] SELinux: security_context_str_to_sid(s) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 1448.774041][ T1518] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1448.814392][T14689] loop2: detected capacity change from 0 to 512 [ 1448.852316][ T30] audit: type=1326 audit(2000000245.864:62166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14670 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x7fc00000 [ 1448.877444][T14689] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 1448.888232][T14689] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1448.894532][T14689] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #3: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 1448.912054][T14689] EXT4-fs error (device loop2): ext4_quota_enable:6369: comm syz-executor.2: Bad quota inode: 3, type: 0 [ 1448.923362][T14689] EXT4-fs warning (device loop2): ext4_enable_quotas:6410: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 1448.938449][T14689] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 1448.945585][T14689] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1449.028010][T14695] loop2: detected capacity change from 0 to 2048 [ 1449.041175][ T1518] usb 4-1: Using ep0 maxpacket: 16 [ 1449.052649][T14695] loop2: p3 < > p4 < > [ 1449.056622][T14695] loop2: partition table partially beyond EOD, truncated [ 1449.063619][T14695] loop2: p3 start 4284289 is beyond EOD, truncated [ 1449.096413][ T30] audit: type=1326 audit(2000000246.098:62167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14699 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7d7e1526a7 code=0x7ffc0000 [ 1449.120602][ T30] audit: type=1326 audit(2000000246.098:62168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14699 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7d7e118379 code=0x7ffc0000 [ 1449.144584][ T30] audit: type=1326 audit(2000000246.098:62169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14699 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x7ffc0000 [ 1449.190868][ T1518] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1449.200790][ T1518] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 1449.213497][ T1518] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1449.222291][ T1518] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1449.244544][ T1518] usb 4-1: config 0 descriptor?? [ 1449.287489][ T1518] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1449.991896][T14687] 9pnet: Insufficient options for proto=fd [ 1449.998692][ T9338] usb 4-1: USB disconnect, device number 15 [ 1451.185324][T14734] device bridge_slave_1 left promiscuous mode [ 1451.191380][T14734] bridge0: port 2(bridge_slave_1) entered disabled state [ 1451.573503][ T8771] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1451.622748][T14787] syz-executor.2[14787] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1451.622807][T14787] syz-executor.2[14787] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1451.676531][T14792] loop2: detected capacity change from 0 to 512 [ 1451.734604][T14792] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 1451.746588][T14792] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,journal_dev=0x0000000000000005,,errors=continue. Quota mode: writeback. [ 1451.766451][T14792] ext4 filesystem being mounted at /root/syzkaller-testdir1097639504/syzkaller.EjztGu/72/file0 supports timestamps until 2038 (0x7fffffff) [ 1451.766587][T28530] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1451.786936][T14792] EXT4-fs error (device loop2): __ext4_new_inode:1282: comm syz-executor.2: failed to insert inode 16: doubly allocated? [ 1451.840575][ T8771] usb 2-1: Using ep0 maxpacket: 16 [ 1451.937750][T14799] loop2: detected capacity change from 0 to 40427 [ 1451.968877][ T8771] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1451.970934][T14799] F2FS-fs (loop2): invalid crc value [ 1451.978843][ T8771] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 1451.985572][T14799] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1451.996700][ T8771] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1452.011606][ T8771] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1452.020117][ T8771] usb 2-1: config 0 descriptor?? [ 1452.028687][T14799] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 1452.035553][T14799] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1452.043665][T28530] usb 4-1: Using ep0 maxpacket: 8 [ 1452.062860][T14102] attempt to access beyond end of device [ 1452.062860][T14102] loop2: rw=524288, want=45072, limit=40427 [ 1452.074466][T14102] attempt to access beyond end of device [ 1452.074466][T14102] loop2: rw=0, want=45072, limit=40427 [ 1452.074807][ T8771] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1452.100745][ T10] attempt to access beyond end of device [ 1452.100745][ T10] loop2: rw=2049, want=45120, limit=40427 [ 1452.157916][ T10] tipc: Disabling bearer [ 1452.163201][ T10] tipc: Left network mode [ 1452.171855][T28530] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1452.183326][T28530] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1452.192926][T28530] usb 4-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 1452.202021][T28530] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1452.210549][T28530] usb 4-1: config 0 descriptor?? [ 1452.318723][T14805] bridge0: port 1(bridge_slave_0) entered blocking state [ 1452.325709][T14805] bridge0: port 1(bridge_slave_0) entered disabled state [ 1452.333375][T14805] device bridge_slave_0 entered promiscuous mode [ 1452.340233][T14805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1452.347198][T14805] bridge0: port 2(bridge_slave_1) entered disabled state [ 1452.354578][T14805] device bridge_slave_1 entered promiscuous mode [ 1452.403241][T14805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1452.410134][T14805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1452.439030][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1452.447836][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1452.455297][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1452.462599][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1452.470646][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1452.479314][ T7688] bridge0: port 1(bridge_slave_0) entered blocking state [ 1452.486159][ T7688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1452.503863][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1452.511724][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1452.530058][T14805] device veth0_vlan entered promiscuous mode [ 1452.536940][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1452.545928][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1452.557293][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1452.564668][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1452.582217][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1452.592009][T14805] device veth1_macvtap entered promiscuous mode [ 1452.603425][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1452.618187][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1452.658089][T14831] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 1452.666409][T14831] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 1452.728379][T28530] elo 0003:04E7:0009.00FD: unknown main item tag 0x0 [ 1452.771836][T28530] elo 0003:04E7:0009.00FD: unknown main item tag 0x0 [ 1452.788210][T14844] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1452.806395][T28530] elo 0003:04E7:0009.00FD: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.3-1/input0 [ 1452.807137][T14834] 9pnet: Insufficient options for proto=fd [ 1452.823059][ T10] device bridge_slave_1 left promiscuous mode [ 1452.839913][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1452.851707][ T10] device bridge_slave_0 left promiscuous mode [ 1452.878664][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1452.886799][ T10] device veth1_macvtap left promiscuous mode [ 1452.893714][ T10] device veth0_vlan left promiscuous mode [ 1452.947881][ T39] usb 4-1: USB disconnect, device number 16 [ 1453.064104][T14863] device wg2 entered promiscuous mode [ 1453.085252][T14865] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 1453.095496][T14865] SELinux: security_context_str_to_sid(user_u) failed for (dev bpf, type bpf) errno=-22 [ 1453.138834][T14867] bridge0: port 1(bridge_slave_0) entered blocking state [ 1453.145793][T14867] bridge0: port 1(bridge_slave_0) entered disabled state [ 1453.153865][T14867] device bridge_slave_0 entered promiscuous mode [ 1453.161418][T14867] bridge0: port 2(bridge_slave_1) entered blocking state [ 1453.168524][T14867] bridge0: port 2(bridge_slave_1) entered disabled state [ 1453.175967][T14867] device bridge_slave_1 entered promiscuous mode [ 1453.231834][T14867] bridge0: port 2(bridge_slave_1) entered blocking state [ 1453.238665][T14867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1453.245791][T14867] bridge0: port 1(bridge_slave_0) entered blocking state [ 1453.252567][T14867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1453.264120][ T10] tipc: Disabling bearer [ 1453.269633][ T10] tipc: Left network mode [ 1453.302180][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1453.310076][ T7688] bridge0: port 1(bridge_slave_0) entered disabled state [ 1453.317626][ T7688] bridge0: port 2(bridge_slave_1) entered disabled state [ 1453.325055][T14879] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1453.343854][ T9338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1453.355590][ T9338] bridge0: port 1(bridge_slave_0) entered blocking state [ 1453.362458][ T9338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1453.396851][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1453.404960][ T3537] bridge0: port 2(bridge_slave_1) entered blocking state [ 1453.411811][ T3537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1453.419535][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1453.427396][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1453.457049][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1453.467210][ T3537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1453.483353][T14867] device veth0_vlan entered promiscuous mode [ 1453.490358][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1453.503481][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1453.514447][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1453.525824][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1453.548628][T14867] device veth1_macvtap entered promiscuous mode [ 1453.559529][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1453.567706][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1453.575694][T28530] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1453.583217][T14903] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1453.611435][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1453.619679][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1453.637065][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1453.645324][ T7688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1453.693222][T14913] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 1453.702152][T14913] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 1453.838220][T14929] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1453.859820][ T30] kauditd_printk_skb: 10061 callbacks suppressed [ 1453.859836][ T30] audit: type=1326 audit(2000000250.543:72231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x0 [ 1453.990999][T14960] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1454.003703][ T10] device bridge_slave_1 left promiscuous mode [ 1454.012199][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1454.020197][ T10] device bridge_slave_0 left promiscuous mode [ 1454.026295][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1454.034696][ T10] device veth1_macvtap left promiscuous mode [ 1454.040646][ T10] device veth0_vlan left promiscuous mode [ 1454.191279][T28530] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1454.502846][T16378] usb 2-1: USB disconnect, device number 16 [ 1454.524124][ T30] audit: type=1326 audit(2000000251.180:72232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14977 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d7e154f29 code=0x0 [ 1454.725599][T28530] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1454.736390][T28530] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1454.746172][T28530] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 1454.749310][ T30] audit: type=1326 audit(2000000251.376:72233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.755217][T28530] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1454.782682][ T30] audit: type=1326 audit(2000000251.376:72234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.787545][T28530] usb 3-1: config 0 descriptor?? [ 1454.810625][ T30] audit: type=1326 audit(2000000251.376:72235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.840672][ T30] audit: type=1326 audit(2000000251.376:72236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.864626][ T30] audit: type=1326 audit(2000000251.376:72237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.888726][ T30] audit: type=1326 audit(2000000251.376:72238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.912669][ T30] audit: type=1326 audit(2000000251.376:72239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1454.937080][ T30] audit: type=1326 audit(2000000251.376:72240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14934 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7fc00000 [ 1455.302965][T14943] UDC core: couldn't find an available UDC or it's busy: -16 [ 1455.310217][T14943] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1455.333807][T28530] hid-thrustmaster 0003:044F:B65D.00FE: unknown main item tag 0x0 [ 1455.342358][T28530] hid-thrustmaster 0003:044F:B65D.00FE: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0 [ 1455.354438][T28530] hid-thrustmaster 0003:044F:B65D.00FE: Wrong number of endpoints? [ 1455.678335][ T7688] usb 3-1: USB disconnect, device number 120 [ 1455.697822][ C0] hid-thrustmaster 0003:044F:B65D.00FE: URB to get model id failed with error -2 [ 1455.955156][T16378] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1456.250514][T15048] loop2: detected capacity change from 0 to 512 [ 1456.318366][T15048] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1456.329530][T15048] ext4 filesystem being mounted at /root/syzkaller-testdir4069964288/syzkaller.uBMvry/23/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 1456.350034][T16378] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1456.371472][T16378] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1456.375745][T15048] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #2: comm syz-executor.2: corrupted inode contents [ 1456.384412][T16378] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1456.396627][T15048] EXT4-fs error (device loop2): ext4_dirty_inode:6024: inode #2: comm syz-executor.2: mark_inode_dirty error [ 1456.416723][T15048] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #2: comm syz-executor.2: corrupted inode contents [ 1456.429554][T15048] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz-executor.2: mark_inode_dirty error [ 1456.455794][T16378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1456.464635][T16378] usb 5-1: config 0 descriptor?? [ 1456.509867][T15048] loop_set_status: loop2 () has still dirty pages (nrpages=2) [ 1456.770925][T14805] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 22: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 1456.795009][T14805] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 1456.816825][T14805] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 1456.838293][T14805] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 1456.859947][T14805] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 1456.880560][T14805] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 1456.996337][T15062] loop1: detected capacity change from 0 to 40427 [ 1457.034375][T16378] plantronics 0003:047F:FFFF.00FF: No inputs registered, leaving [ 1457.043133][T16378] plantronics 0003:047F:FFFF.00FF: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1457.066523][T15062] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 1457.074059][T15062] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1457.083062][T15062] F2FS-fs (loop1): invalid crc value [ 1457.099204][T15062] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1457.258429][T15062] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1457.275225][T15062] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 1457.345911][T14192] attempt to access beyond end of device [ 1457.345911][T14192] loop1: rw=2049, want=40976, limit=40427 [ 1457.503685][ T7688] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1457.593343][T15080] device pim6reg1 entered promiscuous mode [ 1457.888316][ T7688] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1457.899045][ T7688] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1457.908545][ T7688] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 1457.917408][ T7688] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1457.926109][ T7688] usb 4-1: config 0 descriptor?? [ 1457.963645][ T8771] usb 5-1: USB disconnect, device number 26 [ 1458.005791][ T9338] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1458.044799][T15089] bridge0: port 1(bridge_slave_0) entered blocking state [ 1458.051850][T15089] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.059010][T15089] device bridge_slave_0 entered promiscuous mode [ 1458.065938][T15089] bridge0: port 2(bridge_slave_1) entered blocking state [ 1458.072944][T15089] bridge0: port 2(bridge_slave_1) entered disabled state [ 1458.080261][T15089] device bridge_slave_1 entered promiscuous mode [ 1458.143117][T15089] bridge0: port 2(bridge_slave_1) entered blocking state [ 1458.149990][T15089] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1458.157060][T15089] bridge0: port 1(bridge_slave_0) entered blocking state [ 1458.163840][T15089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1458.186537][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1458.194054][T16378] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.201819][T16378] bridge0: port 2(bridge_slave_1) entered disabled state [ 1458.213010][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1458.221130][ T8771] bridge0: port 1(bridge_slave_0) entered blocking state [ 1458.227949][ T8771] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1458.241903][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1458.249943][T16378] bridge0: port 2(bridge_slave_1) entered blocking state [ 1458.256774][T16378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1458.264210][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1458.272870][ T9338] usb 2-1: Using ep0 maxpacket: 8 [ 1458.279892][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1458.293727][T15089] device veth0_vlan entered promiscuous mode [ 1458.300361][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1458.309363][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1458.317281][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1458.324423][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1458.339307][T15089] device veth1_macvtap entered promiscuous mode [ 1458.348460][T16378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1458.357615][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1458.369253][ T8771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1458.411908][T28530] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1458.422753][ T9338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1458.422982][T15071] UDC core: couldn't find an available UDC or it's busy: -16 [ 1458.433626][ T9338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1458.441072][T15071] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1458.450652][ T9338] usb 2-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 1458.466412][ T9338] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1458.475559][ T9338] usb 2-1: config 0 descriptor?? [ 1458.476884][ T7688] hid-thrustmaster 0003:044F:B65D.0100: unknown main item tag 0x0 [ 1458.488638][ T7688] hid-thrustmaster 0003:044F:B65D.0100: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.3-1/input0 [ 1458.500550][ T7688] hid-thrustmaster 0003:044F:B65D.0100: Wrong number of endpoints? [ 1458.551952][ T10] device bridge_slave_1 left promiscuous mode [ 1458.557953][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1458.565552][ T10] device bridge_slave_0 left promiscuous mode [ 1458.571564][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.579620][ T10] device veth1_macvtap left promiscuous mode [ 1458.585560][ T10] device veth0_vlan left promiscuous mode [ 1458.664815][T15111] device pim6reg1 entered promiscuous mode [ 1458.670556][T28530] usb 1-1: Using ep0 maxpacket: 8 [ 1458.787910][ T7688] usb 4-1: USB disconnect, device number 17 [ 1458.796504][T28530] usb 1-1: config 135 has an invalid interface number: 230 but max is 0 [ 1458.804768][T28530] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 1458.814797][ C0] hid-thrustmaster 0003:044F:B65D.0100: URB to get model id failed with error -2 [ 1458.826197][T28530] usb 1-1: config 135 has no interface number 0 [ 1458.832386][T28530] usb 1-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1459.000145][ T9338] elo 0003:04E7:0009.0101: unknown main item tag 0x0 [ 1459.006791][ T9338] elo 0003:04E7:0009.0101: unknown main item tag 0x0 [ 1459.010263][T28530] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 1459.014071][ T9338] elo 0003:04E7:0009.0101: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.1-1/input0 [ 1459.022407][T28530] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1459.041005][T28530] usb 1-1: Product: syz [ 1459.044993][T28530] usb 1-1: Manufacturer: syz [ 1459.049398][T28530] usb 1-1: SerialNumber: syz [ 1459.213152][ T7688] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1459.226618][ T9338] usb 2-1: USB disconnect, device number 17 [ 1459.352172][T28530] usb 1-1: Found UVC 0.00 device syz (18ec:3288) [ 1459.358698][T28530] usb 1-1: No valid video chain found. [ 1459.365764][T28530] usb 1-1: USB disconnect, device number 10 [ 1459.402019][T15136] device vlan2 entered promiscuous mode [ 1459.449177][ T30] kauditd_printk_skb: 75 callbacks suppressed [ 1459.449193][ T30] audit: type=1326 audit(2000000255.784:72316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.479046][ T30] audit: type=1326 audit(2000000255.784:72317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.503288][ T30] audit: type=1326 audit(2000000255.784:72318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.527511][ T30] audit: type=1326 audit(2000000255.784:72319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.553568][ T30] audit: type=1326 audit(2000000255.784:72320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.595105][T15144] device bridge_slave_1 left promiscuous mode [ 1459.601496][T15144] bridge0: port 2(bridge_slave_1) entered disabled state [ 1459.693355][ T30] audit: type=1326 audit(2000000255.784:72321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.717570][ T30] audit: type=1326 audit(2000000255.784:72322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.741708][ T30] audit: type=1326 audit(2000000255.784:72323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.766373][ T30] audit: type=1326 audit(2000000255.784:72324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.779578][ T7688] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1459.791141][ T30] audit: type=1326 audit(2000000255.784:72325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15141 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa805364f29 code=0x7ffc0000 [ 1459.802027][ T7688] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1459.837604][ T7688] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1459.846448][ T7688] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1459.857947][ T7688] usb 5-1: config 0 descriptor?? [ 1459.975304][T15147] loop3: detected capacity change from 0 to 40427 [ 1460.029513][T15147] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1460.037314][T15147] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1460.047439][T15147] F2FS-fs (loop3): invalid crc value [ 1460.054090][T15147] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1460.077952][T15147] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1460.084979][T15147] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1460.134334][T15158] attempt to access beyond end of device [ 1460.134334][T15158] loop3: rw=2049, want=45112, limit=40427 [ 1460.429319][T15178] EXT4-fs warning (device sda1): verify_group_input:147: Cannot add at group 125 (only 8 groups) [ 1460.484691][T28530] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1460.485699][T15179] loop2: detected capacity change from 0 to 16 [ 1460.549598][T15179] erofs: (device loop2): mounted with root inode @ nid 36. [ 1460.583887][ T7688] plantronics 0003:047F:FFFF.0102: No inputs registered, leaving [ 1460.593590][ T7688] plantronics 0003:047F:FFFF.0102: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1460.616968][T15179] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1460.626978][T15179] attempt to access beyond end of device [ 1460.626978][T15179] loop2: rw=0, want=24, limit=16 [ 1460.638246][T15179] attempt to access beyond end of device [ 1460.638246][T15179] loop2: rw=0, want=24, limit=16 [ 1460.869686][T28530] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1460.883297][T28530] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1460.894002][T28530] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 1460.902950][T28530] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1460.913022][T28530] usb 1-1: config 0 descriptor?? [ 1460.975012][T15206] device pim6reg1 entered promiscuous mode [ 1461.270663][T15213] EXT4-fs warning (device sda1): verify_group_input:147: Cannot add at group 125 (only 8 groups) [ 1461.326280][T15214] loop1: detected capacity change from 0 to 16 [ 1461.383207][T15214] erofs: (device loop1): mounted with root inode @ nid 36. [ 1461.449844][T15214] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1461.459912][T15214] attempt to access beyond end of device [ 1461.459912][T15214] loop1: rw=0, want=24, limit=16 [ 1461.472129][T15214] attempt to access beyond end of device [ 1461.472129][T15214] loop1: rw=0, want=24, limit=16 [ 1461.489759][T15157] UDC core: couldn't find an available UDC or it's busy: -16 [ 1461.497041][T15157] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1461.511927][T28530] hid-thrustmaster 0003:044F:B65D.0103: unknown main item tag 0x0 [ 1461.526651][T28530] hid-thrustmaster 0003:044F:B65D.0103: hidraw1: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.0-1/input0 [ 1461.538633][T28530] hid-thrustmaster 0003:044F:B65D.0103: Wrong number of endpoints? [ 1461.607448][T16378] usb 5-1: USB disconnect, device number 27 [ 1461.704524][T15232] ------------[ cut here ]------------ [ 1461.709826][T15232] WARNING: CPU: 0 PID: 15232 at mm/page_alloc.c:5751 __alloc_pages+0x770/0x8f0 [ 1461.718746][T15232] Modules linked in: [ 1461.722471][T15232] CPU: 0 PID: 15232 Comm: syz-executor.3 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 1461.734104][T15232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 1461.744001][T15232] RIP: 0010:__alloc_pages+0x770/0x8f0 [ 1461.749469][ T9338] usb 1-1: USB disconnect, device number 11 [ 1461.755446][T15232] Code: df e9 aa fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ba fb ff ff e8 5f 11 05 00 48 ba 00 00 00 00 00 fc ff df e9 a6 fb ff ff <0f> 0b 45 31 e4 e9 73 fc ff ff 48 8d 4c 24 40 80 e1 07 80 c1 03 38 [ 1461.775031][ C0] hid-thrustmaster 0003:044F:B65D.0103: URB to get model id failed with error -2 [ 1461.784525][T15232] RSP: 0018:ffffc90001467a20 EFLAGS: 00010246 [ 1461.790471][T15232] RAX: 0000000000000004 RBX: 0000000000040dc0 RCX: ffffc90001467a03 [ 1461.805683][T15232] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffc90001467ab8 [ 1461.814621][T15232] RBP: ffffc90001467b30 R08: dffffc0000000000 R09: ffffc90001467a90 [ 1461.822502][T15232] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 1461.830458][T15232] R13: 1ffff9200028cf4c R14: 1ffff9200028cf4e R15: 1ffff9200028cf48 [ 1461.838478][T15232] FS: 00007fa8046df6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 1461.847434][T15232] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1461.853922][T15232] CR2: 0000001b2ca2d000 CR3: 0000000123b17000 CR4: 00000000003506b0 [ 1461.861705][T15232] Call Trace: [ 1461.865242][T15232] [ 1461.889233][T15232] ? show_regs+0x58/0x60 [ 1461.894887][T15232] ? __warn+0x160/0x2f0 [ 1461.899020][T15232] ? __alloc_pages+0x770/0x8f0 [ 1461.910540][T15232] ? report_bug+0x3d9/0x5b0 [ 1461.919447][T15232] ? __alloc_pages+0x770/0x8f0 [ 1461.928618][T15232] ? handle_bug+0x41/0x70 [ 1461.932822][T15232] ? exc_invalid_op+0x1b/0x50 [ 1461.937373][T15232] ? asm_exc_invalid_op+0x1b/0x20 [ 1461.942232][T15232] ? __alloc_pages+0x770/0x8f0 [ 1461.949729][T15232] ? prep_new_page+0x110/0x110 [ 1461.954321][T15232] ? do_vfs_ioctl+0xbc1/0x2a80 [ 1461.959027][T15232] ? __x64_compat_sys_ioctl+0x90/0x90 [ 1461.964518][T15232] kmalloc_order+0x4a/0x160 [ 1461.968895][T15232] kmalloc_order_trace+0x1a/0xb0 [ 1461.973967][T15232] __kmalloc+0x19c/0x270 [ 1461.978029][T15232] ? sysvec_call_function_single+0x52/0xb0 [ 1461.983745][T15232] input_mt_init_slots+0xcf/0xa50 [ 1461.988675][T15232] ? uinput_create_device+0x1a1/0x630 [ 1461.995563][T15232] uinput_create_device+0x522/0x630 [ 1462.000904][T15232] uinput_ioctl_handler+0xa63/0x16a0 [ 1462.006122][T15232] ? uinput_release+0x50/0x50 [ 1462.010556][T15232] ? selinux_file_ioctl+0x3cc/0x540 [ 1462.015743][T15232] ? __fget_files+0x31e/0x380 [ 1462.020232][T15232] uinput_ioctl+0x28/0x30 [ 1462.024474][T15232] ? uinput_poll+0x120/0x120 [ 1462.028994][T15232] __se_sys_ioctl+0x114/0x190 [ 1462.033769][T15232] __x64_sys_ioctl+0x7b/0x90 [ 1462.063873][T15232] do_syscall_64+0x3d/0xb0 [ 1462.068385][T15232] ? sysvec_call_function_single+0x52/0xb0 [ 1462.074110][T15232] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1462.092809][T15239] 9pnet: Insufficient options for proto=fd [ 1462.108515][T15239] incfs: Backing dir is not set, filesystem can't be mounted. [ 1462.116078][T15239] incfs: mount failed -2 [ 1462.179008][T15232] RIP: 0033:0x7fa805364f29 [ 1462.183337][T15232] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1462.203445][T15232] RSP: 002b:00007fa8046df0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1462.211857][T15232] RAX: ffffffffffffffda RBX: 00007fa80549bf80 RCX: 00007fa805364f29 [ 1462.222321][T15232] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 1462.230174][T15232] RBP: 00007fa8053d4074 R08: 0000000000000000 R09: 0000000000000000 [ 1462.238945][T15232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1462.247218][T15232] R13: 000000000000000b R14: 00007fa80549bf80 R15: 00007ffff32d3788 [ 1462.255242][T15232] [ 1462.258195][T15232] ---[ end trace 1ba4d5ab90abb120 ]--- [ 1462.409279][T15256] serio: Serial port pts0 [ 1463.567144][T15293] serio: Serial port pts0 [ 1465.220837][T28530] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1465.465498][T15340] serio: Serial port pts0 [ 1465.478619][ T30] kauditd_printk_skb: 186 callbacks suppressed [ 1465.478634][ T30] audit: type=1326 audit(2000000261.428:72512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15341 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.508597][ T30] audit: type=1326 audit(2000000261.428:72513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15341 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.532561][ T30] audit: type=1326 audit(2000000261.428:72514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15341 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.556993][ T30] audit: type=1326 audit(2000000261.437:72515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15341 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.581682][ T30] audit: type=1326 audit(2000000261.437:72516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15341 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.613597][ T30] audit: type=1400 audit(2000000261.550:72517): avc: denied { read write } for pid=12827 comm="syz-executor.0" name="loop0" dev="devtmpfs" ino=2046 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1465.639385][ T30] audit: type=1400 audit(2000000261.550:72518): avc: denied { open } for pid=12827 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=2046 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1465.663246][ T30] audit: type=1400 audit(2000000261.550:72519): avc: denied { ioctl } for pid=12827 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=2046 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1465.705607][ T30] audit: type=1326 audit(2000000261.634:72520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15362 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.740734][ T30] audit: type=1326 audit(2000000261.671:72521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15362 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f1d6dff29 code=0x7ffc0000 [ 1465.764613][ T400] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1465.953697][ T39] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1466.032701][T28530] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1466.043635][T28530] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1466.053216][T28530] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 1466.062024][T28530] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.070822][T28530] usb 3-1: config 0 descriptor?? [ 1466.152113][T15386] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 1466.157650][T15386] pim6reg0: linktype set to 776 [ 1466.169147][ T400] usb 2-1: Using ep0 maxpacket: 8 [ 1466.297393][ T400] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1466.308277][ T400] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1466.317972][ T400] usb 2-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 1466.326992][ T400] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.361458][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1466.372317][ T39] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1466.385367][ T39] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1466.394291][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.404562][ T39] usb 1-1: config 0 descriptor?? [ 1466.564853][T15285] UDC core: couldn't find an available UDC or it's busy: -16 [ 1466.572123][T15285] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1466.625984][T28530] hid-thrustmaster 0003:044F:B65D.0104: unknown main item tag 0x0 [ 1466.639447][T28530] hid-thrustmaster 0003:044F:B65D.0104: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0 [ 1466.651554][T28530] hid-thrustmaster 0003:044F:B65D.0104: Wrong number of endpoints? [ 1466.865371][ T400] uclogic 0003:28BD:0075.0105: item fetching failed at offset 5/7 [ 1466.873428][ T400] uclogic 0003:28BD:0075.0105: parse failed [ 1466.879227][ T400] uclogic: probe of 0003:28BD:0075.0105 failed with error -22 [ 1466.908270][ T400] usb 3-1: USB disconnect, device number 121 [ 1466.927674][ C0] hid-thrustmaster 0003:044F:B65D.0104: URB to get model id failed with error -2 [ 1466.929007][ T39] plantronics 0003:047F:FFFF.0106: No inputs registered, leaving [ 1466.945537][ T39] plantronics 0003:047F:FFFF.0106: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1467.090934][ T8771] usb 2-1: USB disconnect, device number 18 [ 1467.301505][T15431] loop4: detected capacity change from 0 to 1024 [ 1467.314516][T15431] EXT4-fs (loop4): Ignoring removed orlov option [ 1467.320721][T15431] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1467.335683][T15431] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1467.363810][T15431] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 1467.377323][T15431] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 1467.394648][T14867] ================================================================== [ 1467.402518][T14867] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 1467.410322][T14867] Read of size 4 at addr ffff88813f133000 by task syz-executor.4/14867 [ 1467.418392][T14867] [ 1467.420567][T14867] CPU: 1 PID: 14867 Comm: syz-executor.4 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 1467.432200][T14867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 1467.442094][T14867] Call Trace: [ 1467.445214][T14867] [ 1467.447994][T14867] dump_stack_lvl+0x151/0x1b7 [ 1467.452515][T14867] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1467.457980][T14867] ? panic+0x751/0x751 [ 1467.461881][T14867] print_address_description+0x87/0x3b0 [ 1467.467261][T14867] kasan_report+0x179/0x1c0 [ 1467.471597][T14867] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 1467.477075][T14867] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 1467.482535][T14867] __asan_report_load4_noabort+0x14/0x20 [ 1467.488002][T14867] ext4_xattr_delete_inode+0xcd0/0xce0 [ 1467.493296][T14867] ? sb_end_intwrite+0x120/0x120 [ 1467.498244][T14867] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 1467.504144][T14867] ? ext4_journal_check_start+0x16c/0x230 [ 1467.509700][T14867] ? __kasan_check_read+0x11/0x20 [ 1467.514560][T14867] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 1467.520294][T14867] ? ext4_evict_inode+0xb8d/0x14e0 [ 1467.525236][T14867] ext4_evict_inode+0xea1/0x14e0 [ 1467.530011][T14867] ? _raw_spin_unlock+0x4d/0x70 [ 1467.534701][T14867] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 1467.540425][T14867] ? _raw_spin_unlock+0x4d/0x70 [ 1467.545111][T14867] ? inode_io_list_del+0x18b/0x1a0 [ 1467.550146][T14867] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 1467.555874][T14867] evict+0x2a3/0x630 [ 1467.559607][T14867] iput+0x63b/0x7e0 [ 1467.563253][T14867] vfs_rmdir+0x359/0x470 [ 1467.567330][T14867] do_rmdir+0x3ab/0x630 [ 1467.571324][T14867] ? d_delete_notify+0x160/0x160 [ 1467.576100][T14867] __x64_sys_unlinkat+0xdf/0xf0 [ 1467.580783][T14867] do_syscall_64+0x3d/0xb0 [ 1467.585036][T14867] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1467.590765][T14867] RIP: 0033:0x7f7f1d6df707 [ 1467.595017][T14867] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1467.614461][T14867] RSP: 002b:00007ffea8f352f8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 1467.622707][T14867] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f7f1d6df707 [ 1467.630647][T14867] RDX: 0000000000000200 RSI: 00007ffea8f364a0 RDI: 00000000ffffff9c [ 1467.638445][T14867] RBP: 00007f7f1d73c6c6 R08: 0000000000000000 R09: 0000000000000000 [ 1467.646270][T14867] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffea8f364a0 [ 1467.654075][T14867] R13: 00007f7f1d73c6c6 R14: 0000000000156ca2 R15: 0000000000000007 [ 1467.661896][T14867] [ 1467.664745][T14867] [ 1467.666914][T14867] The buggy address belongs to the page: [ 1467.672394][T14867] page:ffffea0004fc4cc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x13f133 [ 1467.682456][T14867] flags: 0x4000000000000000(zone=1) [ 1467.687494][T14867] raw: 4000000000000000 ffffea0004f8b048 ffffea0004d4b2c8 0000000000000000 [ 1467.695917][T14867] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 1467.704328][T14867] page dumped because: kasan: bad access detected [ 1467.710583][T14867] page_owner tracks the page as freed [ 1467.715779][T14867] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 15359, ts 1465700248039, free_ts 1466607477441 [ 1467.730550][T14867] post_alloc_hook+0x1a3/0x1b0 [ 1467.735133][T14867] prep_new_page+0x1b/0x110 [ 1467.739471][T14867] get_page_from_freelist+0x3550/0x35d0 [ 1467.744944][T14867] __alloc_pages+0x27e/0x8f0 [ 1467.749370][T14867] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 1467.754835][T14867] shmem_getpage_gfp+0x1388/0x23c0 [ 1467.759780][T14867] shmem_fault+0x1b8/0x6c0 [ 1467.764033][T14867] __do_fault+0x273/0x300 [ 1467.768201][T14867] handle_pte_fault+0x167b/0x24d0 [ 1467.773059][T14867] do_handle_mm_fault+0x1ea9/0x23a0 [ 1467.778093][T14867] __get_user_pages+0x379/0xee0 [ 1467.782781][T14867] __mm_populate+0x38d/0x560 [ 1467.787206][T14867] vm_mmap_pgoff+0x271/0x450 [ 1467.791635][T14867] ksys_mmap_pgoff+0xed/0x1e0 [ 1467.796149][T14867] __x64_sys_mmap+0x103/0x120 [ 1467.800662][T14867] do_syscall_64+0x3d/0xb0 [ 1467.804914][T14867] page last free stack trace: [ 1467.809427][T14867] free_unref_page_prepare+0x7c8/0x7d0 [ 1467.814721][T14867] free_unref_page_list+0x14b/0xa60 [ 1467.819755][T14867] release_pages+0x1310/0x1370 [ 1467.824358][T14867] __pagevec_release+0x84/0x100 [ 1467.829280][T14867] shmem_undo_range+0x604/0x1560 [ 1467.834050][T14867] shmem_evict_inode+0x215/0x9d0 [ 1467.838905][T14867] evict+0x2a3/0x630 [ 1467.842639][T14867] iput+0x63b/0x7e0 [ 1467.846288][T14867] dentry_unlink_inode+0x34f/0x440 [ 1467.851229][T14867] __dentry_kill+0x447/0x660 [ 1467.855657][T14867] dentry_kill+0xc0/0x2a0 [ 1467.859822][T14867] dput+0x45/0x80 [ 1467.863292][T14867] __fput+0x662/0x910 [ 1467.867115][T14867] ____fput+0x15/0x20 [ 1467.870930][T14867] task_work_run+0x129/0x190 [ 1467.875357][T14867] do_exit+0xc48/0x2ca0 [ 1467.879351][T14867] [ 1467.881519][T14867] Memory state around the buggy address: [ 1467.886992][T14867] ffff88813f132f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1467.894889][T14867] ffff88813f132f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2033/05/18 03:37:43 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 1467.902787][T14867] >ffff88813f133000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1467.910685][T14867] ^ [ 1467.914591][T14867] ffff88813f133080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1467.922488][T14867] ffff88813f133100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1467.930383][T14867] ================================================================== [ 1467.938284][T14867] Disabling lock debugging due to kernel taint