last executing test programs: 3.74407056s ago: executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="10030600e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0xfffffffffffffeae, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='ext4_allocate_inode\x00', r3}, 0x74) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000003000)=ANY=[@ANYBLOB="620af8ff0c030021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000800007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656ffff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c577eb59e3937f804fb758e662a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b201768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec5700000000000004016df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95bbef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a630bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea137fec0a294752d018702a40da8daccf080942a486721737390cbf3774cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa370246c167b096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6f5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29b2bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64480b0a3fc22dd7040000000012d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c638e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f967565f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db39a582814a6e9e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b0000000046829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12db10588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca4f8bc2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a07000000000000006adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b1afd865b60d8e8fbcbb3801bf4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db1183b043ef2f79d5ad5527d149d076e1a87e2df27c0cb8a67ad726bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec6fead19edd83524a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c0144623443592999d4b35ed1e4848f198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958f9148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb0e11d70fe495906f2d5d7cb1240491778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4ce40c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f8c25072e20586b19127d75fa71577f265c510000000000009ba23d0658a3ebe3918a64d1fea6ad235bcda35590c62400d6aa3e46d5643bea6291ebf64de06f452972d2e68033356ef0b4043c0aa07c3a3b811ea60250c64b344be6e1e591a8c33e869e5d95688e39231ed27bc491985def22255121b2b4fd03d4aa0eaf5c22828aadda2e1d89078073e5a8084a53f00ba42ff174a241f95d29720493d6a1d1974b7846e989022e7eb02b7fbc06b55733cbe2f47f7b930a759435e1c49469647f24b133692a9e69bc4000484651bf1fef3cf6146f37c770744a6af6bd9b100172f27dc36943b37b59f34b8f77c853f5610ab11bf2b60aefc8c9f1946f3c5a9cc2bfe48d0426f966341eec417300f453a6f361e4185c66e4084065911023033af17c5830c5e9c66979929b55a3f0af1b24ac84352df6d93ea324291ad8f1f3e4867886cd05288ec50eeee88d21addcf3d1596046fdda5742f0c83447071116a7cb951628a3cf1aa291f36563ed692a8370185a9606e9712ef179f2a12f33239785d5c48a2b858d5cab500bd908345349fd031f05e49788091d7fa16a0ed422434a5948823f6d9773184155e0cb6bdb3f866d40138d2d56cce748b586c9c49d4b88c8d1a702ba6a11044a2031aa4b744c61cdb19a1e203812c0727246d162525bfb47f18bd11fe580bd38d34723bff83a0c699aacc8418de16bc2579b8d979da1d36f011a4b36e83e6bd013f4fcc76bb48f5e8fd71d19e46806023489600d2be31f90c31b4ed546fe3f8ca2b4a15600191d8ab010627cb57d3f3036dfd0d2fe34ab534a29562816c434b3a1b7578f5438bda5b249099b6fcb8fb2ac2df5c464099b8c8651136deb5d2be947d82fa6c7056a1d852870cb126a9bcab7cf7e368b0d3ea344fe013f2aa561d2c48b3c2576d76fd67309958e93682053291cdc7fdb7e280143cdc0915fe509f1e8654538d7ac1b78e62a16a711e0e02cfd0496b15431bdac45c3b98da52e1c3656b4a8efb7b9454943b3c83b774fb3074b1c0b97d9139b232171e9c2eb00000000000000000000000000587ce7e623c06946e40454182ba7db5d4016aa85c724bd6279bbe92011fb9c1b587b5d36ad6faf49b329a42d2adfc3624d4194970ef5132ce1b199be3cb90bd7fdb6ab50adb71cac8b847aa28f974f8a006aebcf87942c097cc0d08c047203c544fd854587d77598459f9eb7d0089bb2f76cd703f962b0bfc151940b4a503b436e1ff150465228f66248d565f6f1367002bf3f302985bfb2cfa2c9412dfb5794e3e0b99cbea50c22871d032b67b3a0f97907c776f11d76ae54a532abcd446e2841d0c2675d4ca5eb2f496ce2882b252c5401ceb4c2f20db36c4bb14fde1b2c4194c12e022d02b2dc7b4d8a9bce4602aef6335d102fdd68f94a38dfd6cb534e5355e17aff9b621a8bdd7daa196a71e9572ec0b3e6dea9c35da6022ae72c6571a69676bc80af52287c3e592483887fccb37ec90b0b61640e56219ff24203f80ad5107dd54bec2487656a699165905b5f3c00000000000000000000000000465f4866a3556380e636b30000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) unshare(0x2040400) r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r5, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2, 0x2, 0x4}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r8}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) 3.673862771s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1008002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0xfffffffffffffffd, 0x3f}) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) 3.501904077s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) setgroups(0x0, 0x0) 3.48388475s ago: executing program 2: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000020000202505a1a4400000000101090244000101000000090400001902020000052406000005240000000d240f0100000000000000000009058103ff030000030905820208000000000905030210"], 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 1.823826967s ago: executing program 2: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4) sendmmsg$inet(r3, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000000)="b8", 0x1}], 0x1}}], 0x1, 0x4008440) sendmsg$inet(r3, &(0x7f0000001080)={0xfffffffffffffffd, 0x0, &(0x7f0000000940)=[{&(0x7f0000003a00)="04", 0x1}], 0x1}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 1.388114625s ago: executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace$ARCH_SET_GS(0x8, r1, 0x0, 0x1001) 1.346883972s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='task_rename\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r3}, &(0x7f00000008c0), &(0x7f0000000900)=r2}, 0x20) 1.316182486s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) r2 = getpgrp(0x0) sched_getattr(r2, &(0x7f0000000300)={0x38}, 0x38, 0x0) 1.297079379s ago: executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='ext4_sync_file_enter\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='ext4_sync_file_enter\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r4, &(0x7f0000000680), 0x12) 1.236399698s ago: executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000009e8685000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000cbd520850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000500)=0x1200000000, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@cgroup=r3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 1.185344206s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x22, {[@main=@item_4={0x3, 0x0, 0xc, "a99bb0b8"}, @global=@item_4={0x3, 0x1, 0x0, "a5191f65"}, @global=@item_012={0x2, 0x1, 0x0, "8446"}, @main=@item_012={0x2, 0x0, 0x0, "ccaf"}, @global=@item_012={0x1, 0x1, 0x0, '9'}, @main=@item_4={0x3, 0x0, 0x0, "0400"}, @local, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "b4fb69d7"}]}}, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 981.190468ms ago: executing program 2: r0 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e50009040000000101"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_usb_control_io$uac1(r0, &(0x7f0000000680)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00032a0000002a03"]}, 0x0) 895.593591ms ago: executing program 1: pipe(&(0x7f0000000180)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000000f800b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='ext4_forget\x00', r0}, 0x10) mkdir(&(0x7f0000000140)='./control\x00', 0x0) rmdir(&(0x7f0000000100)='./control\x00') 882.451003ms ago: executing program 1: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x2}}) 863.764986ms ago: executing program 1: open(&(0x7f0000000040)='./file0\x00', 0x147042, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000ffff000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000002007b0af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 844.073599ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x7, 0x1004}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 792.305257ms ago: executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000ecb2850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f0000001040)='ext4_mballoc_prealloc\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_mballoc_prealloc\x00', r1}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x2000) 766.266072ms ago: executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) socket$packet(0x11, 0x3, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) pselect6(0x40, &(0x7f0000000300), 0x0, &(0x7f0000000000)={0x1fe}, 0x0, 0x0) 243.695012ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x42, 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000180)='./file1\x00', 0x4) renameat2(r0, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000002c0)='./file0\x00', 0x2) 184.002521ms ago: executing program 0: r0 = socket$inet(0x2, 0x3, 0x5) capset(0x0, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @multicast1}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000380), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0x78) 181.097342ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_page_alloc\x00', r1}, 0x10) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) 174.830563ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x20, &(0x7f0000000b00)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}]}}) 148.072627ms ago: executing program 4: r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4) bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x0, r2}, 0x10) 143.876998ms ago: executing program 0: keyctl$set_timeout(0xa, 0x0, 0x20ffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) 140.901088ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='ext4_es_lookup_extent_exit\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='ext4_es_lookup_extent_exit\x00', r2}, 0x10) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) 132.355199ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000e27b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000002000000008000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 106.866283ms ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYBLOB="01"]) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"]) 76.176958ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) r1 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 46.951633ms ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000000c0)={0x28, 0x4}, 0x28) write$FUSE_OPEN(r0, &(0x7f00000002c0)={0x20, 0x0, r1}, 0x20) 0s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='ext4_mark_inode_dirty\x00', r1}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') kernel console output (not intermixed with test programs): .987829][T10664] EXT4-fs (loop4): mount failed [ 274.997257][T10668] erofs: (device loop2): mounted with root inode @ nid 36. [ 275.052349][T10673] loop4: detected capacity change from 0 to 16 [ 275.059280][T10673] erofs: (device loop4): mounted with root inode @ nid 36. [ 275.310369][T10694] loop2: detected capacity change from 0 to 256 [ 275.341804][ T28] audit: type=1326 audit(1717249570.829:37538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10695 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f867727cee9 code=0x0 [ 275.393536][ T28] audit: type=1400 audit(1717249570.869:37539): avc: denied { rename } for pid=10693 comm="syz-executor.2" name="bus" dev="incremental-fs" ino=1048881 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 275.453942][ T6333] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 275.461788][ T6333] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 275.545310][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 275.712330][T10707] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.719838][T10707] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.727302][T10707] device bridge_slave_0 entered promiscuous mode [ 275.735875][ T335] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 275.743554][T10707] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.750476][T10707] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.757771][T10707] device bridge_slave_1 entered promiscuous mode [ 275.822305][T10707] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.829177][T10707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.836271][T10707] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.843048][T10707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.871236][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.879240][ T992] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.887453][ T992] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.909516][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.917735][ T947] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.924587][ T947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.931819][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.940733][ T947] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.947697][ T947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.954948][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.962823][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.984060][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 275.994788][T10707] device veth0_vlan entered promiscuous mode [ 276.000181][T10703] loop0: detected capacity change from 0 to 131072 [ 276.000775][ T335] usb 2-1: Using ep0 maxpacket: 16 [ 276.008652][T10703] F2FS-fs (loop0): invalid crc value [ 276.013108][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 276.018492][T10703] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 276.025333][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 276.043316][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 276.055322][T10703] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 276.072802][T10707] device veth1_macvtap entered promiscuous mode [ 276.079939][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 276.096915][ T606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 276.105109][ T606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 276.142469][T10720] input: syz0 as /devices/virtual/input/input39 [ 276.157530][ T8] device bridge_slave_1 left promiscuous mode [ 276.164668][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.210486][ T8] device bridge_slave_0 left promiscuous mode [ 276.215605][T10726] loop2: detected capacity change from 0 to 512 [ 276.226394][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.233433][T10726] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 276.290651][T10726] EXT4-fs (loop2): 1 truncate cleaned up [ 276.304950][T10726] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 276.362262][T10707] EXT4-fs (loop2): unmounting filesystem. [ 276.384215][T10738] loop2: detected capacity change from 0 to 512 [ 276.392110][T10738] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 256 (level 2) [ 276.406436][T10738] EXT4-fs (loop2): 2 truncates cleaned up [ 276.412280][T10738] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 276.426023][ T335] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=ed.ec [ 276.434966][ T335] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.442832][ T335] usb 2-1: Product: syz [ 276.446914][ T335] usb 2-1: Manufacturer: syz [ 276.451313][ T335] usb 2-1: SerialNumber: syz [ 276.466053][T10707] EXT4-fs (loop2): unmounting filesystem. [ 276.467283][ T335] r8152-cfgselector 2-1: config 0 descriptor?? [ 276.522950][T10749] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 276.532802][T10749] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 276.542004][T10749] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 276.551006][T10749] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 276.585695][T10756] cgroup: Invalid name [ 276.608892][T10758] cgroup: Invalid name [ 276.641121][T10761] loop2: detected capacity change from 0 to 256 [ 276.713783][T10767] loop4: detected capacity change from 0 to 512 [ 276.736054][ T335] r8152-cfgselector 2-1: Unknown version 0x0000 [ 276.742528][T10767] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 256 (level 2) [ 276.757330][T10767] EXT4-fs (loop4): 2 truncates cleaned up [ 276.762913][T10767] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 276.775856][ T335] r8152-cfgselector 2-1: Unknown version 0x0000 [ 276.786092][ T335] r8152-cfgselector 2-1: USB disconnect, device number 37 [ 276.802686][T10339] EXT4-fs (loop4): unmounting filesystem. [ 276.866774][T10773] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 277.055830][ T992] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 277.250294][T10785] cgroup: Invalid name [ 277.286573][T10791] loop2: detected capacity change from 0 to 16 [ 277.293316][T10791] erofs: (device loop2): EXPERIMENTAL compressed inline data feature in use. Use at your own risk! [ 277.304361][T10791] erofs: (device loop2): mounted with root inode @ nid 36. [ 277.311544][T10791] SELinux: (dev loop2, type erofs) getxattr errno 117 [ 277.326003][ T992] usb 1-1: Using ep0 maxpacket: 16 [ 277.375446][T10795] netem: incorrect ge model size [ 277.380331][T10795] netem: change failed [ 277.395517][T10797] loop2: detected capacity change from 0 to 256 [ 277.475872][ T992] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 277.485955][ T992] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 277.521722][T10802] device wg2 entered promiscuous mode [ 277.646042][ T335] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 277.675869][ T992] usb 1-1: New USB device found, idVendor=506f, idProduct=be92, bcdDevice=b8.ea [ 277.684806][ T992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.692593][ T992] usb 1-1: Product: syz [ 277.696649][ T992] usb 1-1: Manufacturer: syz [ 277.700959][ T992] usb 1-1: SerialNumber: syz [ 277.705956][ T992] usb 1-1: config 0 descriptor?? [ 277.734728][T10804] loop4: detected capacity change from 0 to 128 [ 277.853548][T10808] loop4: detected capacity change from 0 to 128 [ 277.925877][ T335] usb 2-1: Using ep0 maxpacket: 16 [ 277.946675][T10812] overlayfs: missing 'lowerdir' [ 277.950013][ T6] usb 1-1: USB disconnect, device number 48 [ 277.965023][T10814] syz-executor.4[10814] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 277.965066][T10814] syz-executor.4[10814] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 277.977893][T10814] sch_fq: defrate 0 ignored. [ 278.017225][T10818] loop4: detected capacity change from 0 to 16 [ 278.023757][T10818] erofs: (device loop4): EXPERIMENTAL compressed inline data feature in use. Use at your own risk! [ 278.034360][T10818] erofs: (device loop4): mounted with root inode @ nid 36. [ 278.041391][T10818] SELinux: (dev loop4, type erofs) getxattr errno 117 [ 278.055879][ T335] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 278.107185][T10820] netem: incorrect ge model size [ 278.111952][T10820] netem: change failed [ 278.259183][ T335] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 278.273145][ T335] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.281025][ T335] usb 2-1: Product: syz [ 278.284927][ T335] usb 2-1: Manufacturer: ä½… [ 278.289371][ T335] usb 2-1: SerialNumber: syz [ 278.537533][ T1430] usb 2-1: USB disconnect, device number 38 [ 278.624403][T10840] syz-executor.2[10840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 278.624476][T10840] syz-executor.2[10840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 278.637081][T10840] sch_fq: defrate 0 ignored. [ 278.909329][T10847] loop2: detected capacity change from 0 to 40427 [ 278.917305][T10847] F2FS-fs (loop2): invalid crc value [ 278.923824][T10847] F2FS-fs (loop2): Found nat_bits in checkpoint [ 278.960593][T10847] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 279.052198][T10855] loop1: detected capacity change from 0 to 512 [ 279.062121][T10855] EXT4-fs (loop1): orphan cleanup on readonly fs [ 279.069110][T10855] EXT4-fs error (device loop1): ext4_quota_enable:6939: comm syz-executor.1: Bad quota inum: 11, type: 1 [ 279.083503][T10855] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 279.135892][T10855] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 279.142445][T10855] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 279.159143][ T8851] EXT4-fs (loop1): unmounting filesystem. [ 279.164897][ T28] audit: type=1400 audit(1717249574.649:37540): avc: denied { map } for pid=10868 comm="syz-executor.4" path="socket:[69173]" dev="sockfs" ino=69173 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 279.196403][T10874] syz-executor.1[10874] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 279.196464][T10874] syz-executor.1[10874] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 279.210196][T10874] sch_fq: defrate 0 ignored. [ 279.430064][T10875] loop4: detected capacity change from 0 to 40427 [ 279.437831][T10875] F2FS-fs (loop4): invalid crc value [ 279.444228][T10875] F2FS-fs (loop4): Found nat_bits in checkpoint [ 279.482961][T10875] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 279.565812][ T335] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 279.599055][T10880] loop2: detected capacity change from 0 to 40427 [ 279.613047][T10880] F2FS-fs (loop2): invalid crc value [ 279.623220][T10880] F2FS-fs (loop2): Found nat_bits in checkpoint [ 279.659201][T10900] loop4: detected capacity change from 0 to 512 [ 279.675684][T10900] EXT4-fs (loop4): orphan cleanup on readonly fs [ 279.684559][T10900] EXT4-fs error (device loop4): ext4_quota_enable:6939: comm syz-executor.4: Bad quota inum: 11, type: 1 [ 279.697011][T10900] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 279.711606][T10880] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 279.725373][T10900] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 279.732202][T10900] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 279.754921][T10339] EXT4-fs (loop4): unmounting filesystem. [ 279.778258][T10904] loop4: detected capacity change from 0 to 512 [ 279.792329][T10904] EXT4-fs (loop4): orphan cleanup on readonly fs [ 279.799553][T10904] EXT4-fs error (device loop4): ext4_quota_enable:6939: comm syz-executor.4: Bad quota inum: 11, type: 1 [ 279.813998][T10904] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 279.840438][T10904] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 279.848086][T10904] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 279.868133][T10339] EXT4-fs (loop4): unmounting filesystem. [ 279.884635][T10907] loop4: detected capacity change from 0 to 256 [ 279.895394][T10907] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 279.914117][ T28] audit: type=1400 audit(1717249575.399:37541): avc: denied { rmdir } for pid=10906 comm="syz-executor.4" name="file0" dev="loop4" ino=1048898 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 279.995865][ T335] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 280.004372][ T335] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 280.018199][ T335] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 280.196030][ T335] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 280.204899][ T335] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.213421][ T335] usb 2-1: Product: syz [ 280.217425][ T335] usb 2-1: Manufacturer: syz [ 280.221824][ T335] usb 2-1: SerialNumber: syz [ 280.375061][ T28] audit: type=1326 audit(1717249575.859:37542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10930 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f867727cee9 code=0x0 [ 280.437235][T10933] loop4: detected capacity change from 0 to 512 [ 280.445016][T10933] EXT4-fs (loop4): orphan cleanup on readonly fs [ 280.451392][T10933] EXT4-fs error (device loop4): ext4_quota_enable:6939: comm syz-executor.4: Bad quota inum: 11, type: 1 [ 280.462735][T10933] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 280.478064][T10933] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 280.484557][T10933] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 280.501267][T10339] EXT4-fs (loop4): unmounting filesystem. [ 280.519254][T10934] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.526305][T10934] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.533642][T10934] device bridge_slave_0 entered promiscuous mode [ 280.541415][T10934] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.548348][T10934] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.555672][T10934] device bridge_slave_1 entered promiscuous mode [ 280.857386][ T335] usb 2-1: 0:2 : does not exist [ 280.891801][ T335] usb 2-1: USB disconnect, device number 39 [ 280.898410][T10947] device wg2 entered promiscuous mode [ 280.940195][T10934] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.947067][T10934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.954145][T10934] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.960951][T10934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.985439][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 280.993055][ T65] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.000905][ T65] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.021512][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 281.029674][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.036520][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.043708][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 281.051708][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.058548][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.066362][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 281.088150][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 281.097222][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 281.107308][T10934] device veth0_vlan entered promiscuous mode [ 281.113846][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 281.130650][T10934] device veth1_macvtap entered promiscuous mode [ 281.138625][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 281.146498][ T1430] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 281.154526][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 281.161871][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 281.171784][ T41] device bridge_slave_1 left promiscuous mode [ 281.178048][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.185429][ T41] device bridge_slave_0 left promiscuous mode [ 281.191870][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.199868][ T41] device veth1_macvtap left promiscuous mode [ 281.205884][ T41] device veth0_vlan left promiscuous mode [ 281.314901][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 281.331618][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 281.340018][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 281.383064][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 281.385847][ T1430] usb 1-1: Using ep0 maxpacket: 32 [ 281.470373][T10957] loop3: detected capacity change from 0 to 2048 [ 281.505338][T10969] loop4: detected capacity change from 0 to 512 [ 281.512777][T10969] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 281.522533][ T1430] usb 1-1: config 0 has no interfaces? [ 281.535464][T10957] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 281.544306][T10969] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz-executor.4: casefold flag without casefold feature [ 281.558160][T10969] EXT4-fs (loop4): Remounting filesystem read-only [ 281.564513][T10969] EXT4-fs (loop4): 1 orphan inode deleted [ 281.573935][T10969] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 281.612105][T10934] EXT4-fs (loop3): unmounting filesystem. [ 281.620412][T10339] EXT4-fs (loop4): unmounting filesystem. [ 281.655195][ T28] audit: type=1400 audit(1717249577.139:37543): avc: denied { bind } for pid=10978 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 281.695967][ T1430] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 281.709412][ T1430] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.726889][T10990] binder: 10980:10990 ioctl c0306201 0 returned -14 [ 281.736572][T10988] loop3: detected capacity change from 0 to 512 [ 281.772951][T10975] loop1: detected capacity change from 0 to 40427 [ 281.779029][ T1430] usb 1-1: Product: syz [ 281.784108][T10975] F2FS-fs (loop1): invalid crc value [ 281.789626][ T1430] usb 1-1: Manufacturer: syz [ 281.794123][ T1430] usb 1-1: SerialNumber: syz [ 281.799266][T10988] EXT4-fs (loop3): orphan cleanup on readonly fs [ 281.806166][ T1430] usb 1-1: config 0 descriptor?? [ 281.806908][T10988] EXT4-fs error (device loop3): ext4_quota_enable:6939: comm syz-executor.3: Bad quota inum: 11, type: 1 [ 281.823011][T10988] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 281.823304][T10975] F2FS-fs (loop1): Found nat_bits in checkpoint [ 281.855863][T10988] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 281.862437][T10988] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 281.872436][T10975] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 281.909215][T10998] device syzkaller0 entered promiscuous mode [ 281.931503][T10934] EXT4-fs (loop3): unmounting filesystem. [ 281.983285][T11004] loop2: detected capacity change from 0 to 128 [ 282.030543][T11004] syz-executor.2: attempt to access beyond end of device [ 282.030543][T11004] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 282.079452][ T28] audit: type=1326 audit(1717249577.569:37544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11017 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 282.097102][T11003] syz-executor.2: attempt to access beyond end of device [ 282.097102][T11003] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 282.138523][ T28] audit: type=1326 audit(1717249577.589:37545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11017 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 282.190694][T11022] syz-executor.1[11022] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 282.190764][T11022] syz-executor.1[11022] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 282.203983][ T28] audit: type=1326 audit(1717249577.589:37546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11017 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 282.275726][ T28] audit: type=1326 audit(1717249577.589:37547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11017 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 282.278293][T11016] loop4: detected capacity change from 0 to 40427 [ 282.308009][T11016] F2FS-fs (loop4): invalid crc value [ 282.313304][ T28] audit: type=1326 audit(1717249577.609:37548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11017 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 282.339425][ T28] audit: type=1326 audit(1717249577.609:37549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11017 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff02887a667 code=0x7ffc0000 [ 282.375300][T11016] F2FS-fs (loop4): Found nat_bits in checkpoint [ 282.474063][T11016] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 283.146937][T11045] loop1: detected capacity change from 0 to 128 [ 284.383219][ T992] usb 1-1: USB disconnect, device number 49 [ 284.397778][T11047] 9pnet_fd: Insufficient options for proto=fd [ 284.448365][T11059] loop0: detected capacity change from 0 to 128 [ 284.459216][T11063] loop3: detected capacity change from 0 to 2048 [ 284.497717][T11063] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 284.557308][T11059] syz-executor.0: attempt to access beyond end of device [ 284.557308][T11059] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 284.609976][T10934] EXT4-fs (loop3): unmounting filesystem. [ 284.727041][T11071] loop4: detected capacity change from 0 to 40427 [ 284.767331][T11056] syz-executor.0: attempt to access beyond end of device [ 284.767331][T11056] loop0: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 284.776614][T11071] F2FS-fs (loop4): Found nat_bits in checkpoint [ 285.037224][T11071] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 285.065951][T11071] syz-executor.4: attempt to access beyond end of device [ 285.065951][T11071] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 285.084571][T10339] syz-executor.4: attempt to access beyond end of device [ 285.084571][T10339] loop4: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 285.297965][T11105] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 285.312490][T11105] loop2: detected capacity change from 0 to 512 [ 285.320051][T11113] loop1: detected capacity change from 0 to 128 [ 285.321486][T11105] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 285.339143][T11105] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 285.350045][T11113] syz-executor.1: attempt to access beyond end of device [ 285.350045][T11113] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 285.351409][T11105] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 285.380345][T11105] EXT4-fs (loop2): 1 orphan inode deleted [ 285.384022][T11112] syz-executor.1: attempt to access beyond end of device [ 285.384022][T11112] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 285.385938][T11105] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 285.439959][T10707] EXT4-fs (loop2): unmounting filesystem. [ 285.445811][ T992] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 285.549959][T11123] loop3: detected capacity change from 0 to 512 [ 285.612693][T11116] loop4: detected capacity change from 0 to 40427 [ 285.622272][T11123] EXT4-fs (loop3): 1 orphan inode deleted [ 285.627927][T11123] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 285.636756][T11123] ext4 filesystem being mounted at /root/syzkaller-testdir2395388851/syzkaller.KvBqCa/7/file1 supports timestamps until 2038 (0x7fffffff) [ 285.655924][T11116] F2FS-fs (loop4): Found nat_bits in checkpoint [ 285.685480][T11120] loop2: detected capacity change from 0 to 40427 [ 285.691765][ T992] usb 1-1: Using ep0 maxpacket: 32 [ 285.696898][T11116] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 285.702237][T11120] F2FS-fs (loop2): Found nat_bits in checkpoint [ 285.712038][T10934] EXT4-fs error (device loop3): ext4_lookup:1859: inode #2: comm syz-executor.3: deleted inode referenced: 16 [ 285.718047][T11116] syz-executor.4: attempt to access beyond end of device [ 285.718047][T11116] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 285.736065][T10934] EXT4-fs error (device loop3): ext4_lookup:1859: inode #2: comm syz-executor.3: deleted inode referenced: 16 [ 285.753662][T10339] syz-executor.4: attempt to access beyond end of device [ 285.753662][T10339] loop4: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 285.767504][T11120] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 285.775957][ T947] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 285.828224][T10934] EXT4-fs (loop3): unmounting filesystem. [ 285.865969][ T992] usb 1-1: config 0 has no interfaces? [ 286.035951][ T992] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 286.045311][ T992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.053251][ T947] usb 2-1: Using ep0 maxpacket: 32 [ 286.063162][ T992] usb 1-1: Product: syz [ 286.068244][T11142] loop2: detected capacity change from 0 to 128 [ 286.076647][ T992] usb 1-1: Manufacturer: syz [ 286.081134][ T992] usb 1-1: SerialNumber: syz [ 286.087716][ T992] usb 1-1: config 0 descriptor?? [ 286.157556][T11147] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.164405][T11147] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.171695][T11147] device bridge_slave_0 entered promiscuous mode [ 286.180674][T11147] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.187546][T11147] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.194765][T11147] device bridge_slave_1 entered promiscuous mode [ 286.195910][ T947] usb 2-1: config 0 has no interfaces? [ 286.219361][T11149] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 286.242316][T11149] loop2: detected capacity change from 0 to 512 [ 286.250892][T11149] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 286.264102][T11149] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 286.276662][T11149] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 286.289319][T11149] EXT4-fs (loop2): 1 orphan inode deleted [ 286.294877][T11149] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 286.318977][T10707] EXT4-fs (loop2): unmounting filesystem. [ 286.322984][T11147] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.331393][T11147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.338487][T11147] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.345257][T11147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.408304][T11147] device veth0_vlan entered promiscuous mode [ 286.417716][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.425010][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.433297][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.442041][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 286.446266][ T947] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 286.449933][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 286.458573][ T947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.466673][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 286.473926][ T947] usb 2-1: Product: syz [ 286.485818][ T947] usb 2-1: Manufacturer: syz [ 286.490398][ T947] usb 2-1: SerialNumber: syz [ 286.499883][ T947] usb 2-1: config 0 descriptor?? [ 286.674073][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 286.682205][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 286.689411][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 286.705236][T11147] device veth1_macvtap entered promiscuous mode [ 286.711614][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 286.719516][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 286.727385][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 286.737313][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 286.745327][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 286.754340][ T8] device bridge_slave_1 left promiscuous mode [ 286.760398][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.767833][ T8] device bridge_slave_0 left promiscuous mode [ 286.773845][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.781645][ T8] device veth1_macvtap left promiscuous mode [ 286.787622][ T8] device veth0_vlan left promiscuous mode [ 286.858725][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 286.867201][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 288.090730][ T24] usb 1-1: USB disconnect, device number 50 [ 288.245804][ T65] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 288.409489][T11194] loop2: detected capacity change from 0 to 40427 [ 288.418365][T11194] F2FS-fs (loop2): Found nat_bits in checkpoint [ 288.442495][T11194] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 288.459903][T11194] bio_check_eod: 2 callbacks suppressed [ 288.459917][T11194] syz-executor.2: attempt to access beyond end of device [ 288.459917][T11194] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 288.460637][ T320] usb 2-1: USB disconnect, device number 40 [ 288.493611][T10707] syz-executor.2: attempt to access beyond end of device [ 288.493611][T10707] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 288.559625][T11203] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 288.577346][T11203] loop1: detected capacity change from 0 to 512 [ 288.584984][T11203] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 288.598293][T11203] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: missing EA_INODE flag [ 288.610152][ T65] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.621034][T11203] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117 [ 288.633642][T11203] EXT4-fs (loop1): 1 orphan inode deleted [ 288.639324][T11203] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 288.647651][ T65] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.657580][ T65] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 288.666532][ T65] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.676531][ T65] usb 4-1: config 0 descriptor?? [ 288.689983][ T8851] EXT4-fs (loop1): unmounting filesystem. [ 288.703468][ T24] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 288.719865][T11208] loop1: detected capacity change from 0 to 512 [ 288.726467][T11208] EXT4-fs: Ignoring removed oldalloc option [ 288.733686][T11208] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 11 (level 0) [ 288.747502][T11208] EXT4-fs (loop1): Remounting filesystem read-only [ 288.753922][T11208] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz-executor.1: attempt to clear invalid blocks 1024 len 1 [ 288.767503][T11208] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 288.977390][T11208] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 288.991887][T11208] EXT4-fs (loop1): 1 truncate cleaned up [ 288.997740][T11208] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 289.006667][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 289.013441][ T8851] EXT4-fs (loop1): unmounting filesystem. [ 289.126139][ T24] usb 1-1: config 0 has no interfaces? [ 289.136622][ T65] holtek 0003:1241:5015.003B: unbalanced collection at end of report description [ 289.146109][ T65] holtek 0003:1241:5015.003B: parse failed [ 289.151782][ T65] holtek: probe of 0003:1241:5015.003B failed with error -22 [ 289.284674][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 289.284689][ T28] audit: type=1326 audit(1717249584.769:37555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.314510][ T28] audit: type=1326 audit(1717249584.769:37556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.342076][ T28] audit: type=1326 audit(1717249584.769:37557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.344731][T11158] usb 4-1: USB disconnect, device number 42 [ 289.366032][ T28] audit: type=1326 audit(1717249584.769:37558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.371621][ T24] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 289.395625][ T28] audit: type=1326 audit(1717249584.769:37559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.428877][ T28] audit: type=1326 audit(1717249584.769:37560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.432010][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.458058][ T28] audit: type=1326 audit(1717249584.769:37561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.463621][ T24] usb 1-1: Product: syz [ 289.484741][ T28] audit: type=1326 audit(1717249584.769:37562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.502811][ T24] usb 1-1: Manufacturer: syz [ 289.512359][ T28] audit: type=1326 audit(1717249584.779:37563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.516712][ T24] usb 1-1: SerialNumber: syz [ 289.540791][ T28] audit: type=1326 audit(1717249584.779:37564): auid=4294967295 uid=3327 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff02887cee9 code=0x7ffc0000 [ 289.545578][ T24] usb 1-1: config 0 descriptor?? [ 289.957316][T11250] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 290.125882][T11158] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 290.236807][T11261] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 290.435831][T11158] usb 3-1: Using ep0 maxpacket: 32 [ 290.449838][T11273] SELinux: security_context_str_to_sid (…) failed with errno=-22 [ 290.576990][T11278] SELinux: security_context_str_to_sid (…) failed with errno=-22 [ 290.585926][ T947] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 290.606151][T11158] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 290.617389][T11158] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 290.628914][T11158] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 290.637992][T11158] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.702614][T11158] usb 3-1: config 0 descriptor?? [ 290.711093][T11282] SELinux: security_context_str_to_sid (…) failed with errno=-22 [ 290.766574][T11241] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 290.806206][T11158] hub 3-1:0.0: USB hub found [ 290.965896][ T947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.976620][ T947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.986246][ T947] usb 2-1: New USB device found, idVendor=056a, idProduct=0327, bcdDevice= 0.00 [ 290.994999][ T947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.003194][ T947] usb 2-1: config 0 descriptor?? [ 291.008025][T11158] hub 3-1:0.0: 2 ports detected [ 291.055871][ T3552] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 291.266468][ T992] usb 1-1: USB disconnect, device number 51 [ 291.364953][T11296] loop4: detected capacity change from 0 to 256 [ 291.455881][ T3552] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.466923][ T3552] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.476772][ T3552] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 291.498354][ T3552] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.508290][ T3552] usb 4-1: config 0 descriptor?? [ 291.520214][ T947] wacom 0003:056A:0327.003C: collection stack underflow [ 291.527102][ T947] wacom 0003:056A:0327.003C: item 0 0 0 12 parsing failed [ 291.534657][ T947] wacom 0003:056A:0327.003C: parse failed [ 291.542455][ T947] wacom: probe of 0003:056A:0327.003C failed with error -22 [ 291.608958][T11302] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 291.661136][T11304] SELinux: security_context_str_to_sid (…) failed with errno=-22 [ 291.730853][ T65] usb 2-1: USB disconnect, device number 41 [ 292.264658][T11309] SELinux: security_context_str_to_sid (…) failed with errno=-22 [ 292.286843][T11311] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 292.316700][T11313] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 292.386869][T11326] input: syz0 as /devices/virtual/input/input41 [ 292.386931][T11327] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 292.437277][T11334] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 292.457562][T11339] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 292.483383][T11346] loop1: detected capacity change from 0 to 256 [ 292.545940][ T3552] usbhid 4-1:0.0: can't add hid device: -71 [ 292.551701][ T3552] usbhid: probe of 4-1:0.0 failed with error -71 [ 292.558519][ T3552] usb 4-1: USB disconnect, device number 43 [ 292.620196][T11355] input: syz0 as /devices/virtual/input/input42 [ 292.806903][T11369] x_tables: unsorted underflow at hook 3 [ 292.986232][T11158] usb 3-1: USB disconnect, device number 35 [ 293.075841][ T65] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 293.835856][ T65] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.846600][ T65] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.856116][ T65] usb 1-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 293.864913][ T65] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.873214][ T65] usb 1-1: config 0 descriptor?? [ 293.945451][T11391] VFS: Lookup of 'file0' in fuse fuse would have caused loop [ 293.972028][T11396] x_tables: unsorted underflow at hook 3 [ 294.191614][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 294.299031][T11158] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 294.575823][T11158] usb 2-1: Using ep0 maxpacket: 32 [ 294.716173][T11158] usb 2-1: config 0 has no interfaces? [ 294.852411][T11412] loop2: detected capacity change from 0 to 256 [ 294.895916][T11158] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 294.916481][T11158] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.924361][T11158] usb 2-1: Product: syz [ 294.929207][T11158] usb 2-1: Manufacturer: syz [ 294.933602][T11158] usb 2-1: SerialNumber: syz [ 294.938476][T11158] usb 2-1: config 0 descriptor?? [ 295.094931][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 295.094974][ T28] audit: type=1400 audit(1717249590.579:37572): avc: denied { watch watch_reads } for pid=11415 comm="syz-executor.0" path="/root/syzkaller-testdir868720044/syzkaller.wCrZBM/129/file0/file1" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 295.129259][ T28] audit: type=1400 audit(1717249590.579:37573): avc: denied { unlink } for pid=11415 comm="syz-executor.0" name="#d7" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 295.165910][ T65] usbhid 1-1:0.0: can't add hid device: -71 [ 295.171870][ T65] usbhid: probe of 1-1:0.0 failed with error -71 [ 295.180308][ T65] usb 1-1: USB disconnect, device number 52 [ 295.585960][ T65] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 295.845819][ T65] usb 1-1: Using ep0 maxpacket: 32 [ 295.965854][ T65] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 295.976952][ T65] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 295.987939][ T65] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 295.996780][ T65] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.004932][ T65] usb 1-1: config 0 descriptor?? [ 296.025891][T11418] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 296.045830][ T1430] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 296.053513][ T65] hub 1-1:0.0: USB hub found [ 296.155855][ T320] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 296.255840][ T65] hub 1-1:0.0: 2 ports detected [ 296.295823][ T1430] usb 4-1: Using ep0 maxpacket: 8 [ 296.515898][ T320] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.526644][ T320] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.536240][ T320] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 296.544974][ T320] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.553203][ T320] usb 3-1: config 0 descriptor?? [ 296.575923][ T1430] usb 4-1: New USB device found, idVendor=0421, idProduct=01d0, bcdDevice=98.e6 [ 296.584795][ T1430] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.592584][ T1430] usb 4-1: Product: syz [ 296.597038][ T1430] usb 4-1: Manufacturer: syz [ 296.601438][ T1430] usb 4-1: SerialNumber: syz [ 296.606283][ T1430] usb 4-1: config 0 descriptor?? [ 296.646076][ T1430] usb 4-1: bad CDC descriptors [ 296.650802][ T1430] cdc_acm 4-1:0.0: Zero length descriptor references [ 296.657318][ T1430] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 296.773761][ T1430] usb 2-1: USB disconnect, device number 42 [ 296.783889][T11438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=11438 comm=syz-executor.1 [ 296.807476][T11440] serio: Serial port pts0 [ 296.848874][T11158] usb 4-1: USB disconnect, device number 44 [ 297.245812][ T992] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 297.368252][ T28] audit: type=1326 audit(1717249592.859:37574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1fcc7cee9 code=0x7ffc0000 [ 297.392646][ T28] audit: type=1326 audit(1717249592.859:37575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1fcc7cee9 code=0x7ffc0000 [ 297.417438][ T28] audit: type=1326 audit(1717249592.859:37576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1fcc7cee9 code=0x7ffc0000 [ 297.441362][ T28] audit: type=1326 audit(1717249592.859:37577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1fcc7cee9 code=0x7ffc0000 [ 297.465258][ T28] audit: type=1326 audit(1717249592.859:37578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11448 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1fcc7cee9 code=0x7ffc0000 [ 297.525376][T11455] loop2: detected capacity change from 0 to 512 [ 297.532178][T11455] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 297.585866][ T320] usbhid 3-1:0.0: can't add hid device: -71 [ 297.591692][ T320] usbhid: probe of 3-1:0.0 failed with error -71 [ 297.598343][ T320] usb 3-1: USB disconnect, device number 36 [ 297.675850][ T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.687120][ T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 297.695822][ T1430] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 297.696702][ T992] usb 2-1: New USB device found, idVendor=056a, idProduct=0327, bcdDevice= 0.00 [ 297.712913][ T992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.721427][ T992] usb 2-1: config 0 descriptor?? [ 298.055827][ T1430] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.066549][ T1430] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.076195][ T1430] usb 4-1: New USB device found, idVendor=056a, idProduct=0327, bcdDevice= 0.00 [ 298.085014][ T1430] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.093273][ T1430] usb 4-1: config 0 descriptor?? [ 298.196918][ T992] wacom 0003:056A:0327.003D: collection stack underflow [ 298.203681][ T992] wacom 0003:056A:0327.003D: item 0 0 0 12 parsing failed [ 298.211005][ T992] wacom 0003:056A:0327.003D: parse failed [ 298.216561][ T992] wacom: probe of 0003:056A:0327.003D failed with error -22 [ 298.224470][ T992] usb 1-1: USB disconnect, device number 53 [ 298.402430][T11158] usb 2-1: USB disconnect, device number 43 [ 298.524286][ T28] audit: type=1400 audit(1717249594.009:37579): avc: denied { name_bind } for pid=11469 comm="syz-executor.4" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 298.577102][ T1430] wacom 0003:056A:0327.003E: collection stack underflow [ 298.583885][ T1430] wacom 0003:056A:0327.003E: item 0 0 0 12 parsing failed [ 298.590914][ T1430] wacom 0003:056A:0327.003E: parse failed [ 298.596399][ T1430] wacom: probe of 0003:056A:0327.003E failed with error -22 [ 298.752216][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.759502][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.766966][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.774145][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.781394][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.786739][ T19] usb 4-1: USB disconnect, device number 45 [ 298.788570][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.801637][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.808852][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.816046][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.823223][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.830439][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.837695][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.844838][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.852062][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.859251][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.866459][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.873652][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.880862][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.888072][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.895265][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.902487][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.909692][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.916932][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.924105][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.931326][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.938535][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.945696][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.952945][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.960274][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.967614][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.974855][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.982050][T11158] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 298.989562][T11158] hid-generic 0000:0000:0000.003F: hidraw0: HID v0.00 Device [syz0] on syz0 [ 299.015813][ T1430] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 299.306801][T11494] serio: Serial port pts0 [ 299.325817][ T28] audit: type=1326 audit(1717249594.809:37580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11465 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 299.367789][T11504] loop4: detected capacity change from 0 to 512 [ 299.374627][T11504] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 299.385858][ T1430] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 299.399624][ T1430] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 299.403219][T11505] loop3: detected capacity change from 0 to 8192 [ 299.418954][ T1430] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.420763][T11504] EXT4-fs (loop4): 1 truncate cleaned up [ 299.428559][ T1430] usb 1-1: config 0 descriptor?? [ 299.432438][T11504] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 299.480203][ T1430] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 299.519681][T10339] EXT4-fs (loop4): unmounting filesystem. [ 299.720568][T11533] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 299.802514][T11158] usb 1-1: USB disconnect, device number 54 [ 299.926661][T11540] loop1: detected capacity change from 0 to 512 [ 299.933406][T11540] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 299.944967][T11540] EXT4-fs (loop1): 1 truncate cleaned up [ 299.950637][T11540] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 299.976485][ T8851] EXT4-fs (loop1): unmounting filesystem. [ 299.991421][T11548] tipc: Failed to remove unknown binding: 66,1,1/0:3367241092/3367241094 [ 299.999730][T11548] tipc: Failed to remove unknown binding: 66,1,1/0:3367241092/3367241094 [ 300.217977][T11554] loop1: detected capacity change from 0 to 40427 [ 300.225794][T11554] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 300.233337][T11554] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 300.243698][T11554] F2FS-fs (loop1): Found nat_bits in checkpoint [ 300.269378][T11554] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 300.276345][T11554] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 300.289615][ T28] audit: type=1400 audit(1717249595.779:37581): avc: denied { unlink } for pid=11553 comm="syz-executor.1" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 300.469066][T11577] tipc: Failed to remove unknown binding: 66,1,1/0:2817019891/2817019893 [ 300.478433][ T28] audit: type=1326 audit(1717249595.969:37582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 300.479238][T11577] tipc: Failed to remove unknown binding: 66,1,1/0:2817019891/2817019893 [ 301.010414][T11589] loop4: detected capacity change from 0 to 40427 [ 301.018496][T11589] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 301.027116][T11589] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 301.032239][T11593] loop1: detected capacity change from 0 to 40427 [ 301.044247][T11593] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 301.053005][T11593] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 301.061998][T11589] F2FS-fs (loop4): Found nat_bits in checkpoint [ 301.103355][T11593] F2FS-fs (loop1): Found nat_bits in checkpoint [ 301.137636][T11589] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 301.144293][T11593] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 301.144535][T11589] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 301.151487][T11593] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 301.675798][T11158] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 301.925812][T11158] usb 2-1: Using ep0 maxpacket: 16 [ 302.055926][T11158] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 154 [ 302.065669][T11158] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 302.125798][T11158] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 302.195299][T11634] loop2: detected capacity change from 0 to 40427 [ 302.202398][T11634] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 302.211195][ T28] audit: type=1326 audit(1717249597.709:37583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f44a7cee9 code=0x7fc00000 [ 302.215909][T11158] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 302.236805][T11634] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 302.265792][T11158] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 302.281674][T11158] usb 2-1: SerialNumber: syz [ 302.305853][T11620] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 302.321564][T11634] F2FS-fs (loop2): Found nat_bits in checkpoint [ 302.336171][T11158] cdc_acm 2-1:1.0: skipping garbage [ 302.360764][T11634] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 302.367807][T11634] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 302.520274][ T28] audit: type=1400 audit(1717249598.009:37584): avc: denied { map } for pid=11647 comm="syz-executor.3" path="socket:[72581]" dev="sockfs" ino=72581 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 302.547619][T11158] usb 2-1: USB disconnect, device number 44 [ 302.647795][T11668] loop3: detected capacity change from 0 to 128 [ 302.661003][T11668] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 302.669525][T11668] ext4 filesystem being mounted at /root/syzkaller-testdir3859389302/syzkaller.9Jt5GH/55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 302.715828][T11147] EXT4-fs (loop3): unmounting filesystem. [ 302.776320][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.783533][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.790753][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.797960][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.805136][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.812522][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.819725][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.826909][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.834102][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.841373][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.848545][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.855738][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.862928][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.870180][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.877390][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.884548][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.891767][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.898994][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.906204][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.913354][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.920630][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.927808][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.928360][T11681] loop0: detected capacity change from 0 to 1024 [ 302.934970][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.934993][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.947245][T11681] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 302.948380][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.955702][T11681] ext4 filesystem being mounted at /root/syzkaller-testdir868720044/syzkaller.wCrZBM/146/file1 supports timestamps until 2038 (0x7fffffff) [ 302.963820][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.963844][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.963863][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.963881][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.963899][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 302.976327][T11681] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 302.985034][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 303.037355][T11158] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 303.044958][T11158] hid-generic 0000:0000:0000.0040: hidraw0: HID v0.00 Device [syz0] on syz0 [ 303.045828][ T65] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 303.064419][ T9608] EXT4-fs (loop0): unmounting filesystem. [ 303.092775][T11690] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 303.138879][T11694] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'. [ 303.375881][ T1430] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 303.415867][ T65] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 303.428651][ T65] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 303.437597][ T65] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.446009][ T65] usb 4-1: config 0 descriptor?? [ 303.486588][ T65] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 303.495222][ T28] audit: type=1326 audit(1717249598.979:37585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11672 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3bdba7a667 code=0x7fc00000 [ 303.557254][T11721] tipc: Failed to remove unknown binding: 66,1,1/0:905452969/905452971 [ 303.565391][T11721] tipc: Failed to remove unknown binding: 66,1,1/0:905452969/905452971 [ 303.596311][T11725] netem: change failed [ 303.696989][ T65] usb 4-1: USB disconnect, device number 46 [ 303.755833][ T1430] usb 1-1: config index 0 descriptor too short (expected 607, got 92) [ 303.763921][ T1430] usb 1-1: config 238 has too many interfaces: 186, using maximum allowed: 32 [ 303.772560][ T1430] usb 1-1: config 238 has an invalid descriptor of length 66, skipping remainder of the config [ 303.782700][ T1430] usb 1-1: config 238 has 0 interfaces, different from the descriptor's value: 186 [ 303.945859][ T1430] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 303.954772][ T1430] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.962704][ T1430] usb 1-1: Product: syz [ 303.966703][ T1430] usb 1-1: Manufacturer: syz [ 303.971088][ T1430] usb 1-1: SerialNumber: syz [ 304.276452][ T1430] usb 1-1: USB disconnect, device number 55 [ 304.286483][T11748] loop3: detected capacity change from 0 to 256 [ 304.436505][T11753] netem: change failed [ 304.497737][ T28] audit: type=1326 audit(1717249599.989:37586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11732 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 304.521880][ T28] audit: type=1326 audit(1717249599.989:37587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11732 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 304.549588][ T28] audit: type=1326 audit(1717249599.989:37588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11732 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 304.575339][ T28] audit: type=1326 audit(1717249599.989:37589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11732 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 304.601614][T11766] loop1: detected capacity change from 0 to 256 [ 304.629016][ T28] audit: type=1326 audit(1717249599.989:37590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11732 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bdba7cee9 code=0x7fc00000 [ 304.653893][T11773] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 304.664639][T11773] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 304.687796][T11778] netem: change failed [ 304.768242][T11790] loop0: detected capacity change from 0 to 512 [ 304.776536][T11790] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 304.784873][T11790] EXT4-fs (loop0): 1 truncate cleaned up [ 304.790394][T11790] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 304.925607][ T9608] EXT4-fs (loop0): unmounting filesystem. [ 305.099765][T11820] loop0: detected capacity change from 0 to 512 [ 305.107539][T11820] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 305.116479][T11820] EXT4-fs (loop0): 1 truncate cleaned up [ 305.121966][T11820] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 305.170409][ T9608] EXT4-fs (loop0): unmounting filesystem. [ 305.275890][ T1430] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 305.315792][T11830] loop0: detected capacity change from 0 to 256 [ 305.324868][T11830] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 305.515828][ T1430] usb 3-1: Using ep0 maxpacket: 16 [ 305.605925][ T320] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 305.628568][T11836] device pim6reg1 entered promiscuous mode [ 305.635881][ T1430] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.646766][ T1430] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.656520][ T1430] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 305.669147][ T1430] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 305.678213][ T1430] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.686744][ T1430] usb 3-1: config 0 descriptor?? [ 305.823254][T11852] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 305.833784][T11852] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 305.877722][ T28] kauditd_printk_skb: 62 callbacks suppressed [ 305.877753][ T28] audit: type=1400 audit(1717249601.369:37653): avc: denied { create } for pid=11856 comm="syz-executor.3" name="#dd" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 305.904526][ T320] usb 1-1: too many configurations: 65, using maximum allowed: 8 [ 305.904561][ T28] audit: type=1400 audit(1717249601.369:37654): avc: denied { link } for pid=11856 comm="syz-executor.3" name="#dd" dev="sda1" ino=1972 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 305.970381][T11860] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 305.982034][T11860] x_tables: duplicate underflow at hook 2 [ 306.169788][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.176983][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.184127][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.192028][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.199400][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.207001][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.214188][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.221296][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.228451][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.235567][ T1430] microsoft 0003:045E:07DA.0041: unknown main item tag 0x0 [ 306.242189][T11875] loop3: detected capacity change from 0 to 512 [ 306.247327][ T1430] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0041/input/input43 [ 306.251637][T11875] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 306.260992][ T1430] microsoft 0003:045E:07DA.0041: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 306.268175][T11875] EXT4-fs (loop3): 1 truncate cleaned up [ 306.284891][T11875] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 306.331091][T11882] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 306.348812][T11885] loop4: detected capacity change from 0 to 512 [ 306.369729][ T1430] usb 3-1: USB disconnect, device number 37 [ 306.376669][T11147] EXT4-fs (loop3): unmounting filesystem. [ 306.377250][T11885] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 306.391024][T11885] ext4 filesystem being mounted at /root/syzkaller-testdir2783422092/syzkaller.cE1ZVq/133/file0 supports timestamps until 2038 (0x7fffffff) [ 306.417284][T10339] EXT4-fs (loop4): unmounting filesystem. [ 306.463834][T11891] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 306.476826][T11891] x_tables: duplicate underflow at hook 2 [ 306.493881][ T28] audit: type=1400 audit(1717249601.979:37655): avc: denied { sqpoll } for pid=11893 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 306.555894][ T320] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 306.564833][ T320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.807301][ T992] usb 1-1: USB disconnect, device number 56 [ 306.993017][T11926] device pim6reg1 entered promiscuous mode [ 307.076491][T11934] syz-executor.1[11934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 307.076563][T11934] syz-executor.1[11934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 307.575629][ T992] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 307.925819][ T992] usb 3-1: Using ep0 maxpacket: 16 [ 307.989943][T11988] loop1: detected capacity change from 0 to 256 [ 307.999580][T11988] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 308.085866][ T992] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 308.094521][ T992] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 308.103456][ T992] usb 3-1: config 1 has no interface number 1 [ 308.109477][ T992] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 308.119851][ T992] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 308.132551][ T992] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 308.239250][T11996] loop0: detected capacity change from 0 to 512 [ 308.246247][T11996] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 308.256008][T11996] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 308.264799][T11996] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 308.273111][T11996] System zones: 0-2, 18-18, 34-34 [ 308.278767][T11996] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 308.292995][ T1430] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 308.293268][T11996] EXT4-fs (loop0): 1 truncate cleaned up [ 308.305803][T11996] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 308.315973][ T992] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 308.324824][ T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.332749][ T992] usb 3-1: Product: syz [ 308.336756][ T992] usb 3-1: Manufacturer: syz [ 308.339750][ T9608] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir868720044/syzkaller.wCrZBM/160/file0: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 308.341143][ T992] usb 3-1: SerialNumber: syz [ 308.417554][ T9608] EXT4-fs (loop0): unmounting filesystem. [ 308.551912][T12008] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.558941][T12008] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.566377][T12008] device bridge_slave_0 entered promiscuous mode [ 308.573241][T12008] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.580949][T12008] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.582676][ T1430] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 308.588360][T12008] device bridge_slave_1 entered promiscuous mode [ 308.638877][T12008] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.645740][T12008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.652779][T12008] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.659609][T12008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.665906][ T992] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 308.673990][ T992] usb 3-1: 2:1 : sample bitwidth 127 in over sample bytes 0 [ 308.681547][ T992] usb 3-1: 2:1 : unsupported sample bitwidth 127 in 0 bytes [ 308.824372][ T992] usb 3-1: USB disconnect, device number 38 [ 308.887452][ T320] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.894589][ T320] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.915235][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.922786][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 308.938736][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.947912][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 308.957400][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.964246][ T320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.971495][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.980248][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.988237][ T320] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.995062][ T320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.002270][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 309.010155][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 309.033198][T12008] device veth0_vlan entered promiscuous mode [ 309.039878][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 309.047684][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 309.055334][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 309.063416][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 309.071489][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 309.079427][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 309.089490][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 309.331488][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 309.344212][T12021] loop2: detected capacity change from 0 to 512 [ 309.355517][T12008] device veth1_macvtap entered promiscuous mode [ 309.387643][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 309.395601][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 309.426166][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 309.433613][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 309.444436][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 309.452873][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 309.466952][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 309.490269][T12037] syz-executor.2[12037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 309.490330][T12037] syz-executor.2[12037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 309.567410][ T41] device bridge_slave_1 left promiscuous mode [ 309.590399][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.597831][ T41] device bridge_slave_0 left promiscuous mode [ 309.603992][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.612094][ T41] device veth1_macvtap left promiscuous mode [ 309.621991][ T41] device veth0_vlan left promiscuous mode [ 309.676633][ T28] audit: type=1400 audit(1717249605.169:37656): avc: denied { create } for pid=12048 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 309.745867][ T1430] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 309.758220][ T1430] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.085699][ T320] usb 1-1: new full-speed USB device number 57 using dummy_hcd [ 310.143122][ T24] usb 2-1: USB disconnect, device number 45 [ 310.148714][T12057] device syz_tun entered promiscuous mode [ 310.154446][T12057] device macsec1 entered promiscuous mode [ 310.160103][ T65] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 310.169577][T12057] device syz_tun left promiscuous mode [ 310.389044][ T28] audit: type=1326 audit(1717249605.879:37657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f867727cee9 code=0x0 [ 310.415928][ T65] usb 3-1: Using ep0 maxpacket: 16 [ 310.445840][ T320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 310.456826][ T320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.466885][ T320] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 310.476177][ T320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.484598][ T320] usb 1-1: config 0 descriptor?? [ 310.511223][T12082] xt_CT: You must specify a L4 protocol and not use inversions on it [ 310.535863][ T65] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 310.544774][ T65] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 310.553621][ T65] usb 3-1: config 1 has no interface number 1 [ 310.559466][ T65] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 310.569927][ T65] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 310.582596][ T65] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 310.755880][ T65] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 310.764766][ T65] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.773112][ T65] usb 3-1: Product: syz [ 310.777353][ T65] usb 3-1: Manufacturer: syz [ 310.790106][ T65] usb 3-1: SerialNumber: syz [ 310.967106][ T320] hid-led 0003:0FC5:B080.0042: unknown main item tag 0x0 [ 310.973981][ T320] hid-led 0003:0FC5:B080.0042: unknown main item tag 0x0 [ 311.015804][ T320] hid-led 0003:0FC5:B080.0042: unknown main item tag 0x0 [ 311.115947][ T65] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 311.123140][ T65] usb 3-1: 2:1 : sample bitwidth 127 in over sample bytes 0 [ 311.138427][ T65] usb 3-1: 2:1 : unsupported sample bitwidth 127 in 0 bytes [ 311.159073][ T65] usb 3-1: USB disconnect, device number 39 [ 311.307955][T12110] xt_CT: You must specify a L4 protocol and not use inversions on it [ 311.616755][ T992] usb 1-1: USB disconnect, device number 57 [ 311.656828][T12137] xt_CT: You must specify a L4 protocol and not use inversions on it [ 312.233471][T12167] loop4: detected capacity change from 0 to 512 [ 312.249933][T12167] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: casefold flag without casefold feature [ 312.265120][T12167] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 312.277231][T12167] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 312.298335][T10339] EXT4-fs (loop4): unmounting filesystem. [ 312.347620][T12179] xt_CT: You must specify a L4 protocol and not use inversions on it [ 312.632328][T12199] loop2: detected capacity change from 0 to 512 [ 312.639912][T12199] EXT4-fs error (device loop2): __ext4_fill_super:5386: inode #2: comm syz-executor.2: casefold flag without casefold feature [ 312.653037][T12199] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 312.663175][T12199] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 312.683546][T10707] EXT4-fs (loop2): unmounting filesystem. [ 312.865845][ T24] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 312.964247][T12218] loop2: detected capacity change from 0 to 512 [ 312.971740][T12218] EXT4-fs error (device loop2): __ext4_fill_super:5386: inode #2: comm syz-executor.2: casefold flag without casefold feature [ 312.984838][T12218] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 312.994671][T12218] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 313.009761][T10707] EXT4-fs (loop2): unmounting filesystem. [ 313.015799][ T947] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 313.245836][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 313.262190][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.278937][ T24] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 313.294371][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.310382][ T24] usb 2-1: config 0 descriptor?? [ 313.405858][ T947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.416880][ T947] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 313.429601][ T947] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 313.438433][ T947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.446626][ T947] usb 1-1: config 0 descriptor?? [ 313.511924][T12250] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 313.526943][T12252] loop2: detected capacity change from 0 to 256 [ 313.535907][T12252] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 313.793019][T12269] loop3: detected capacity change from 0 to 256 [ 313.801204][T12269] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 313.814452][ T24] hid-led 0003:0FC5:B080.0043: unknown main item tag 0x0 [ 313.821376][ T24] hid-led 0003:0FC5:B080.0043: unknown main item tag 0x0 [ 313.828300][ T992] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 313.835802][ T24] hid-led 0003:0FC5:B080.0043: unknown main item tag 0x0 [ 313.848875][T12274] device veth0_vlan left promiscuous mode [ 313.854691][T12274] device veth0_vlan entered promiscuous mode [ 313.861151][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 313.869145][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 313.869371][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 313.926368][ T947] plantronics 0003:047F:FFFF.0044: unknown main item tag 0x0 [ 313.933661][ T947] plantronics 0003:047F:FFFF.0044: No inputs registered, leaving [ 313.942124][ T947] plantronics 0003:047F:FFFF.0044: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 314.125832][ T992] usb 3-1: too many configurations: 65, using maximum allowed: 8 [ 314.196920][ T947] usb 1-1: USB disconnect, device number 58 [ 314.456472][ T947] usb 2-1: USB disconnect, device number 46 [ 314.894504][T12297] loop0: detected capacity change from 0 to 40427 [ 314.895834][ T992] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 314.901431][T12297] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 314.909723][ T992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.917665][T12297] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 314.935043][T12297] F2FS-fs (loop0): Found nat_bits in checkpoint [ 314.959448][T12297] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 314.966397][T12297] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 314.986902][T12297] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 315.104117][T12316] loop0: detected capacity change from 0 to 256 [ 315.135806][ T947] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 315.186948][ T1430] usb 3-1: USB disconnect, device number 40 [ 315.395799][ T947] usb 4-1: Using ep0 maxpacket: 16 [ 315.525833][ T947] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 315.534394][ T947] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 315.543153][ T947] usb 4-1: config 1 has no interface number 1 [ 315.549011][ T947] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 315.559271][ T947] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 315.571848][ T947] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 315.765871][ T947] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 315.774783][ T947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.782586][ T947] usb 4-1: Product: syz [ 315.786549][ T947] usb 4-1: Manufacturer: syz [ 315.791048][ T947] usb 4-1: SerialNumber: syz [ 315.911328][T12337] loop2: detected capacity change from 0 to 40427 [ 315.920237][T12337] F2FS-fs (loop2): Found nat_bits in checkpoint [ 315.959083][T12337] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 315.968941][T12350] tmpfs: Unknown parameter '' [ 315.977467][T10707] syz-executor.2: attempt to access beyond end of device [ 315.977467][T10707] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 316.003841][T12354] loop1: detected capacity change from 0 to 256 [ 316.012732][T12354] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 316.102242][T12360] loop2: detected capacity change from 0 to 2048 [ 316.146530][T12360] Alternate GPT is invalid, using primary GPT. [ 316.152568][T12360] loop2: p1 p2 p3 [ 316.155894][ T947] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 316.163481][ T947] usb 4-1: 2:1 : sample bitwidth 127 in over sample bytes 0 [ 316.170810][ T947] usb 4-1: 2:1 : unsupported sample bitwidth 127 in 0 bytes [ 316.197305][ T947] usb 4-1: USB disconnect, device number 47 [ 316.305821][ T1430] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 316.325849][T11158] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 316.453726][T12376] loop2: detected capacity change from 0 to 40427 [ 316.460597][T12376] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 316.468214][T12376] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 316.478181][T12376] F2FS-fs (loop2): Found nat_bits in checkpoint [ 316.501833][T12376] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 316.508720][T12376] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 316.524244][T12376] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 316.602453][T12389] loop2: detected capacity change from 0 to 256 [ 316.615453][T12389] FAT-fs (loop2): Directory bread(block 64) failed [ 316.625211][T12389] FAT-fs (loop2): Directory bread(block 65) failed [ 316.631741][T12389] FAT-fs (loop2): Directory bread(block 66) failed [ 316.638130][T11158] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 316.638151][T12389] FAT-fs (loop2): Directory bread(block 67) failed [ 316.652359][T12389] FAT-fs (loop2): Directory bread(block 68) failed [ 316.658842][T12389] FAT-fs (loop2): Directory bread(block 69) failed [ 316.665232][T12389] FAT-fs (loop2): Directory bread(block 70) failed [ 316.671668][ T1430] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.672985][T12393] syz-executor.3[12393] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.682632][T12393] syz-executor.3[12393] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.682665][T12389] FAT-fs (loop2): Directory bread(block 71) failed [ 316.712077][ T1430] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 316.724796][ T1430] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 316.733805][ T1430] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.736701][T12389] FAT-fs (loop2): Directory bread(block 72) failed [ 316.741843][T12393] syz-executor.3[12393] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.748008][T12389] FAT-fs (loop2): Directory bread(block 73) failed [ 316.748072][T12393] syz-executor.3[12393] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.767155][ T1430] usb 1-1: config 0 descriptor?? [ 316.789758][ T28] audit: type=1400 audit(1717249612.279:37658): avc: denied { watch } for pid=12388 comm="syz-executor.2" path="/root/syzkaller-testdir3807210737/syzkaller.bHJocB/164/file1" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 316.799657][T12389] syz-executor.2: attempt to access beyond end of device [ 316.799657][T12389] loop2: rw=2049, sector=1800, nr_sectors = 404 limit=256 [ 316.867013][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 317.276421][ T1430] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 317.283736][ T1430] plantronics 0003:047F:FFFF.0045: No inputs registered, leaving [ 317.292085][ T1430] plantronics 0003:047F:FFFF.0045: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 317.395933][T11158] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 317.404852][T11158] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.546390][ T1430] usb 1-1: USB disconnect, device number 59 [ 317.658426][T11158] usb 2-1: USB disconnect, device number 47 [ 317.744504][ T28] audit: type=1400 audit(1717249613.229:37659): avc: denied { create } for pid=12406 comm="syz-executor.3" name="work" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC [ 317.766564][ T28] audit: type=1400 audit(1717249613.229:37660): avc: denied { setattr } for pid=12406 comm="syz-executor.3" name="work" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC [ 317.790275][ T28] audit: type=1400 audit(1717249613.229:37661): avc: denied { write } for pid=12406 comm="syz-executor.3" name="work" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC [ 317.815203][ T28] audit: type=1400 audit(1717249613.229:37662): avc: denied { write open } for pid=12406 comm="syz-executor.3" path=2F202864656C6574656429 dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=DC [ 317.840560][ T28] audit: type=1400 audit(1717249613.229:37663): avc: denied { add_name } for pid=12406 comm="syz-executor.3" name="#e3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC [ 317.862343][ T28] audit: type=1400 audit(1717249613.229:37664): avc: denied { create } for pid=12406 comm="syz-executor.3" name="#e3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=DC [ 317.884908][ T28] audit: type=1400 audit(1717249613.229:37665): avc: denied { remove_name } for pid=12406 comm="syz-executor.3" name="#e3" dev="sda1" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=DC [ 317.908739][ T28] audit: type=1400 audit(1717249613.229:37666): avc: denied { rename } for pid=12406 comm="syz-executor.3" name="#e3" dev="sda1" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=DC [ 317.932196][ T28] audit: type=1400 audit(1717249613.229:37667): avc: denied { unlink } for pid=12406 comm="syz-executor.3" name="#e3" dev="sda1" ino=1971 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon=DC [ 318.193857][T12418] loop1: detected capacity change from 0 to 128 [ 318.201752][T12418] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 318.212422][T12418] ext4 filesystem being mounted at /root/syzkaller-testdir4128230816/syzkaller.fiX4R1/329/mnt supports timestamps until 2038 (0x7fffffff) [ 318.244912][T12418] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.1'. [ 318.246843][T12422] loop0: detected capacity change from 0 to 256 [ 318.254178][T12418] tipc: Started in network mode [ 318.265027][T12418] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 318.272177][T12418] tipc: Enabled bearer , priority 0 [ 318.276021][T12422] FAT-fs (loop0): Directory bread(block 64) failed [ 318.284757][T12422] FAT-fs (loop0): Directory bread(block 65) failed [ 318.292154][ T8851] EXT4-fs (loop1): unmounting filesystem. [ 318.295876][T12422] FAT-fs (loop0): Directory bread(block 66) failed [ 318.304044][T12422] FAT-fs (loop0): Directory bread(block 67) failed [ 318.310414][T12422] FAT-fs (loop0): Directory bread(block 68) failed [ 318.311979][T12424] loop1: detected capacity change from 0 to 256 [ 318.316703][T12422] FAT-fs (loop0): Directory bread(block 69) failed [ 318.316762][T12422] FAT-fs (loop0): Directory bread(block 70) failed [ 318.327439][T12424] FAT-fs (loop1): Directory bread(block 64) failed [ 318.329341][T12422] FAT-fs (loop0): Directory bread(block 71) failed [ 318.348157][T12424] FAT-fs (loop1): Directory bread(block 65) failed [ 318.348222][T12422] FAT-fs (loop0): Directory bread(block 72) failed [ 318.354497][T12424] FAT-fs (loop1): Directory bread(block 66) failed [ 318.360847][T12422] FAT-fs (loop0): Directory bread(block 73) failed [ 318.373721][T12424] FAT-fs (loop1): Directory bread(block 67) failed [ 318.380154][T12424] FAT-fs (loop1): Directory bread(block 68) failed [ 318.386418][T12424] FAT-fs (loop1): Directory bread(block 69) failed [ 318.392759][T12424] FAT-fs (loop1): Directory bread(block 70) failed [ 318.399084][T12424] FAT-fs (loop1): Directory bread(block 71) failed [ 318.405438][T12424] FAT-fs (loop1): Directory bread(block 72) failed [ 318.411767][T12424] FAT-fs (loop1): Directory bread(block 73) failed [ 318.445957][T12428] syz-executor.4[12428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 318.446018][T12428] syz-executor.4[12428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 318.463841][T12424] syz-executor.1: attempt to access beyond end of device [ 318.463841][T12424] loop1: rw=2049, sector=1800, nr_sectors = 404 limit=256 [ 318.464053][T12422] syz-executor.0: attempt to access beyond end of device [ 318.464053][T12422] loop0: rw=2049, sector=1800, nr_sectors = 404 limit=256 [ 318.507590][T12428] overlayfs: statfs failed on './file0' [ 318.915878][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 318.921810][ T7456] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 319.381196][T12462] loop4: detected capacity change from 0 to 128 [ 319.395808][ T65] tipc: Node number set to 10922666 [ 319.401844][T12462] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 319.412969][T12462] ext4 filesystem being mounted at /root/syzkaller-testdir2783422092/syzkaller.cE1ZVq/182/mnt supports timestamps until 2038 (0x7fffffff) [ 319.448293][T12462] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.4'. [ 319.457589][T12462] tipc: Started in network mode [ 319.462245][T12462] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 319.469482][T12462] tipc: Enabled bearer , priority 0 [ 319.490820][T10339] EXT4-fs (loop4): unmounting filesystem. [ 319.581235][T12470] syz-executor.1[12470] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 319.581320][T12470] syz-executor.1[12470] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 319.599209][T12470] overlayfs: statfs failed on './file0' [ 319.786781][T12443] loop0: detected capacity change from 0 to 65536 [ 320.005493][T12493] loop1: detected capacity change from 0 to 128 [ 320.064301][T12490] loop0: detected capacity change from 0 to 2048 [ 320.126496][T12490] Alternate GPT is invalid, using primary GPT. [ 320.133736][T12490] loop0: p1 p2 p3 [ 320.141275][T12500] 9pnet_fd: Insufficient options for proto=fd [ 320.465882][ T1430] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 320.518225][T12486] loop3: detected capacity change from 0 to 40427 [ 320.533879][T12486] F2FS-fs (loop3): Found nat_bits in checkpoint [ 320.585807][ T947] tipc: Node number set to 10922666 [ 320.589073][T12486] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 320.725921][T11158] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 320.735807][ T1430] usb 2-1: Using ep0 maxpacket: 32 [ 320.965888][ T1430] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.966949][T11158] usb 1-1: Using ep0 maxpacket: 16 [ 320.976625][ T1430] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.994302][ T1430] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 321.005086][T12518] syz-executor.2[12518] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 321.005164][T12518] syz-executor.2[12518] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 321.016857][ T1430] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.043706][ T1430] usb 2-1: config 0 descriptor?? [ 321.048565][T12518] overlayfs: statfs failed on './file0' [ 321.086304][ T1430] hub 2-1:0.0: USB hub found [ 321.105875][T11158] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 321.125335][T11158] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 321.144762][T11158] usb 1-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 321.157726][T11158] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.176047][T11158] usb 1-1: config 0 descriptor?? [ 321.295879][ T1430] hub 2-1:0.0: config failed, hub has too many ports! (err -19) [ 321.500670][T12524] loop2: detected capacity change from 0 to 65536 [ 321.605836][ T1430] usbhid 2-1:0.0: can't add hid device: -71 [ 321.611723][ T1430] usbhid: probe of 2-1:0.0 failed with error -71 [ 321.646428][ T1430] usb 2-1: USB disconnect, device number 48 [ 321.716319][T11158] usb 1-1: string descriptor 0 read error: -71 [ 321.936886][ T320] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 321.985823][T11158] usbhid 1-1:0.0: can't add hid device: -71 [ 321.991631][T11158] usbhid: probe of 1-1:0.0 failed with error -71 [ 321.998524][T11158] usb 1-1: USB disconnect, device number 60 [ 322.164450][T12536] loop1: detected capacity change from 0 to 2048 [ 322.206568][T12536] Alternate GPT is invalid, using primary GPT. [ 322.212591][T12536] loop1: p1 p2 p3 [ 322.305837][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.316648][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.326211][ T320] usb 4-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 322.335334][ T320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.343742][ T320] usb 4-1: config 0 descriptor?? [ 322.685821][ T320] usbhid 4-1:0.0: can't add hid device: -71 [ 322.691644][ T320] usbhid: probe of 4-1:0.0 failed with error -71 [ 322.715033][T12543] loop0: detected capacity change from 0 to 40427 [ 322.738472][T12543] F2FS-fs (loop0): Found nat_bits in checkpoint [ 322.751802][ T320] usb 4-1: USB disconnect, device number 48 [ 322.791614][T12551] loop4: detected capacity change from 0 to 40427 [ 322.806023][T12551] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 322.814447][T12551] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 322.838469][T12543] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 322.849908][T12551] F2FS-fs (loop4): Found nat_bits in checkpoint [ 322.904327][T12551] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 322.914591][T12551] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 323.267433][T12597] syz-executor.4[12597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.267534][T12597] syz-executor.4[12597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.605852][T12610] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 323.629899][T12610] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 323.636932][T12610] IPv6: NLM_F_CREATE should be set when creating new route [ 323.644478][T12612] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 323.655340][T12610] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 323.748047][T12632] syz-executor.0[12632] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.748101][T12632] syz-executor.0[12632] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.761519][T12628] Bluetooth: hci0: Frame reassembly failed (-84) [ 323.780641][ T387] Bluetooth: hci0: Frame reassembly failed (-84) [ 323.875384][T12640] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 323.888470][T12640] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 323.895481][T12640] IPv6: NLM_F_CREATE should be set when creating new route [ 323.902933][T12640] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 323.920471][T12642] syz-executor.0[12642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.920574][T12642] syz-executor.0[12642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 324.061730][T12639] loop1: detected capacity change from 0 to 40427 [ 324.100508][T12639] F2FS-fs (loop1): Found nat_bits in checkpoint [ 324.134380][T12639] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 324.191579][T12666] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 324.205248][T12666] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 324.212304][T12666] IPv6: NLM_F_CREATE should be set when creating new route [ 324.220794][T12666] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 324.263093][T12670] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 324.285039][T12674] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. [ 324.376791][T12684] overlayfs: invalid redirect ((null)) [ 324.405833][ T1430] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 324.413263][ T320] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 324.675926][ T320] usb 1-1: Using ep0 maxpacket: 32 [ 324.680989][ T1430] usb 3-1: Using ep0 maxpacket: 32 [ 324.805876][ T320] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.816616][ T1430] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.827242][ T320] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 324.836791][ T1430] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 324.846320][ T320] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 16 [ 324.855882][ T1430] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 16 [ 324.865399][ T1430] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25 [ 324.878180][ T320] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25 [ 324.975897][ T320] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 324.984794][ T1430] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 324.993631][ T320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 325.001432][ T1430] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 325.009217][ T1430] usb 3-1: SerialNumber: syz [ 325.013867][ T320] usb 1-1: SerialNumber: syz [ 325.045888][T12661] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 325.045888][T12663] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 325.045917][T12663] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 325.052933][T12661] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 325.076218][ T320] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 325.084315][ T1430] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 325.306972][ T1430] cdc_acm 3-1:1.0: ttyACM1: USB ACM device [ 325.312874][ T320] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 325.319719][ T1430] usb 3-1: USB disconnect, device number 41 [ 325.322847][T12695] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 325.326967][ T320] usb 1-1: USB disconnect, device number 61 [ 325.518775][T12705] loop1: detected capacity change from 0 to 32768 [ 325.645394][T12707] loop1: detected capacity change from 0 to 40427 [ 325.652242][T12707] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 325.659839][T12707] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 325.669914][T12707] F2FS-fs (loop1): Found nat_bits in checkpoint [ 325.693936][T12707] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 325.700849][T12707] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 325.805828][ T2826] Bluetooth: hci0: command 0x1003 tx timeout [ 325.805836][ T7456] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 325.831695][T12725] loop4: detected capacity change from 0 to 512 [ 325.847481][T12725] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 325.856355][T12725] ext4 filesystem being mounted at /root/syzkaller-testdir2783422092/syzkaller.cE1ZVq/193/file1 supports timestamps until 2038 (0x7fffffff) [ 325.876142][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 325.876156][ T28] audit: type=1400 audit(1851467349.365:37671): avc: denied { setattr } for pid=12724 comm="syz-executor.4" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 325.891247][T12732] loop2: detected capacity change from 0 to 1024 [ 325.911470][T12732] EXT4-fs: Ignoring removed nomblk_io_submit option [ 325.911668][T10339] EXT4-fs (loop4): unmounting filesystem. [ 325.918567][T12732] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 325.934980][T12732] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 325.950023][T12736] syz-executor.4[12736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 325.950085][T12736] syz-executor.4[12736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 325.951922][T12732] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 325.970352][T12738] loop0: detected capacity change from 0 to 256 [ 325.973488][T12732] System zones: 0-1, 3-36 [ 325.999909][T12732] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 326.010910][ T28] audit: type=1400 audit(1851467349.505:37672): avc: denied { mounton } for pid=12737 comm="syz-executor.0" path="/root/syzkaller-testdir591107586/syzkaller.BVApNT/48/file0/bus" dev="loop0" ino=1048924 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 326.055408][T10707] EXT4-fs (loop2): unmounting filesystem. [ 326.086225][T12738] loop0: detected capacity change from 256 to 0 [ 326.092709][ C1] I/O error, dev loop0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 326.101699][T12749] FAT-fs (loop0): FAT read failed (blocknr 1) [ 326.107757][ C1] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 326.116802][T12749] FAT-fs (loop0): unable to read inode block for updating (i_pos 203) [ 326.197823][T12755] loop3: detected capacity change from 0 to 512 [ 326.217344][T12755] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 326.226169][T12755] ext4 filesystem being mounted at /root/syzkaller-testdir3859389302/syzkaller.9Jt5GH/153/file1 supports timestamps until 2038 (0x7fffffff) [ 326.246271][T11147] EXT4-fs (loop3): unmounting filesystem. [ 326.335844][T11158] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 326.344220][ C0] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 326.353286][T12008] FAT-fs (loop0): Directory bread(block 3) failed [ 326.362171][ C0] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 326.371130][T12008] FAT-fs (loop0): unable to read boot sector to mark fs as dirty [ 326.556563][T12779] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.563450][T12779] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.570857][T12779] device bridge_slave_0 entered promiscuous mode [ 326.578547][T12779] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.580160][T11158] usb 3-1: Using ep0 maxpacket: 32 [ 326.585432][T12779] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.597813][T12779] device bridge_slave_1 entered promiscuous mode [ 326.645113][T12794] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 326.666923][T12798] loop1: detected capacity change from 0 to 256 [ 326.672103][T12779] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.679878][T12779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.686974][T12779] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.693740][T12779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.714940][ T947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 326.722298][ T947] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.725813][T12798] loop1: detected capacity change from 256 to 0 [ 326.735268][ T947] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.739685][ C0] I/O error, dev loop1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 326.742259][T11158] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.751071][T12798] FAT-fs (loop1): FAT read failed (blocknr 1) [ 326.751192][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 326.762553][T11158] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 326.767701][T12798] FAT-fs (loop1): unable to read inode block for updating (i_pos 203) [ 326.776989][T11158] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 16 [ 326.804048][T11158] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25 [ 326.820025][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 326.827998][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.834835][ T320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.842990][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 326.851001][ T992] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.857839][ T992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.876756][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 326.884794][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 326.892490][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 326.900104][T11158] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 326.909073][T11158] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 326.912180][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 326.917679][T11158] usb 3-1: SerialNumber: syz [ 326.925103][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 326.936327][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 326.945884][T12748] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 326.946192][T12779] device veth0_vlan entered promiscuous mode [ 326.952950][T12748] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 326.965138][T12779] device veth1_macvtap entered promiscuous mode [ 326.972735][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 326.983210][ T992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 326.991380][T11158] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 327.002227][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 327.019994][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 327.029193][ T8851] FAT-fs (loop1): Directory bread(block 3) failed [ 327.037253][ T387] device bridge_slave_1 left promiscuous mode [ 327.043302][ T387] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.051338][ T387] device bridge_slave_0 left promiscuous mode [ 327.051577][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 327.057369][ T387] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.073159][ T8851] FAT-fs (loop1): unable to read boot sector to mark fs as dirty [ 327.081522][ T387] device veth1_macvtap left promiscuous mode [ 327.087471][ T387] device veth0_vlan left promiscuous mode [ 327.144106][T12804] loop0: detected capacity change from 0 to 128 [ 327.151811][T12804] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 327.160229][T12804] ext4 filesystem being mounted at /root/syzkaller-testdir22178954/syzkaller.p7nbUy/1/mnt supports timestamps until 2038 (0x7fffffff) [ 327.179390][T12779] EXT4-fs (loop0): unmounting filesystem. [ 327.216833][T11158] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 327.223427][T11158] usb 3-1: USB disconnect, device number 42 [ 327.235300][T12807] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 327.244901][T12807] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.267978][T12811] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.276264][T12811] device bridge_slave_1 left promiscuous mode [ 327.282181][T12811] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.289573][T12811] device bridge_slave_0 left promiscuous mode [ 327.295531][T12811] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.400374][T12814] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.407263][T12814] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.414322][T12814] device bridge_slave_0 entered promiscuous mode [ 327.421239][T12814] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.428495][T12814] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.435802][T12814] device bridge_slave_1 entered promiscuous mode [ 327.497081][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 327.510257][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 327.529388][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 327.538647][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 327.546694][T11158] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.553553][T11158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 327.560799][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 327.569195][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 327.577273][T11158] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.584123][T11158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.599000][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 327.607619][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 327.615430][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 327.627165][ T387] tipc: Disabling bearer [ 327.632577][ T387] tipc: Left network mode [ 327.645225][T12814] device veth0_vlan entered promiscuous mode [ 327.652295][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 327.661226][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 327.669083][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 327.676904][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 327.697333][T12814] device veth1_macvtap entered promiscuous mode [ 327.707098][T11158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 327.719618][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 327.752571][ T1430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 327.777501][T12832] loop3: detected capacity change from 0 to 1024 [ 327.784135][T12832] EXT4-fs: Ignoring removed orlov option [ 327.791305][T12832] EXT4-fs: Ignoring removed nomblk_io_submit option [ 327.812314][T12832] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 327.830035][T12832] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 327.844108][T12832] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 327.868891][T11147] EXT4-fs (loop3): unmounting filesystem. [ 327.888826][T12841] loop1: detected capacity change from 0 to 16 [ 327.895516][T12841] erofs: (device loop1): mounted with root inode @ nid 36. [ 328.072621][T12862] loop3: detected capacity change from 0 to 1024 [ 328.079222][T12862] EXT4-fs: Ignoring removed orlov option [ 328.084757][T12862] EXT4-fs: Ignoring removed nomblk_io_submit option [ 328.107160][T12862] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 328.127797][T12862] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 328.141331][T12862] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 328.154490][ T387] device bridge_slave_1 left promiscuous mode [ 328.160768][ T387] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.168274][ T387] device bridge_slave_0 left promiscuous mode [ 328.174290][ T387] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.182602][T11147] EXT4-fs (loop3): unmounting filesystem. [ 328.190670][ T387] device veth1_macvtap left promiscuous mode [ 328.196936][ T387] device veth0_vlan left promiscuous mode [ 328.300458][T12885] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 328.339054][ T28] audit: type=1400 audit(1851467351.835:37673): avc: denied { module_load } for pid=12886 comm="syz-executor.0" path=2F6D656D66643A237D04E4FC1EFFE0A59DC8CA332712785921A49C97F1FCB0E87E91D504697D03202864656C6574656429 dev="tmpfs" ino=1498 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 328.347011][T12887] Invalid ELF header magic: != ELF [ 328.523234][T12910] loop1: detected capacity change from 0 to 128 [ 328.585410][T12921] loop1: detected capacity change from 0 to 256 [ 328.645872][ T320] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 328.845838][T11158] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 328.915911][ T320] usb 4-1: Using ep0 maxpacket: 16 [ 329.035930][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.046663][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.056204][ T320] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 329.068781][ T320] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 329.077777][ T320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.086480][ T320] usb 4-1: config 0 descriptor?? [ 329.205930][T11158] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 329.218559][T11158] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 329.315876][T11158] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 329.324773][T11158] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 329.335827][T11158] usb 3-1: SerialNumber: syz [ 329.398946][T12957] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 329.485613][T12970] loop0: detected capacity change from 0 to 1024 [ 329.492146][T12970] EXT4-fs: Ignoring removed orlov option [ 329.497721][T12970] EXT4-fs: Ignoring removed nomblk_io_submit option [ 329.507559][T12970] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 329.523443][T12970] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 329.536864][T12970] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 329.549771][ T320] microsoft 0003:045E:07DA.0046: collection stack underflow [ 329.557255][ T320] microsoft 0003:045E:07DA.0046: item 0 4 0 12 parsing failed [ 329.557757][T12779] ================================================================== [ 329.565145][ T320] microsoft 0003:045E:07DA.0046: parse failed [ 329.572422][T12779] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 329.572454][T12779] Read of size 4 at addr ffff888135269000 by task syz-executor.0/12779 [ 329.572469][T12779] [ 329.572475][T12779] CPU: 1 PID: 12779 Comm: syz-executor.0 Tainted: G W 6.1.78-syzkaller-00133-g74c507aab139 #0 [ 329.572494][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 329.572515][T12779] Call Trace: [ 329.572522][T12779] [ 329.572530][T12779] dump_stack_lvl+0x151/0x1b7 [ 329.572548][T12779] ? nf_tcp_handle_invalid+0x3f1/0x3f1 2028/09/02 00:29:13 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 329.572566][T12779] ? _printk+0xd1/0x111 [ 329.572588][T12779] ? __virt_addr_valid+0x242/0x2f0 [ 329.572611][T12779] print_report+0x158/0x4e0 [ 329.572633][T12779] ? __virt_addr_valid+0x242/0x2f0 [ 329.572655][T12779] ? kasan_addr_to_slab+0xd/0x80 [ 329.572674][T12779] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 329.572697][T12779] kasan_report+0x13c/0x170 [ 329.572716][T12779] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 329.572741][T12779] __asan_report_load4_noabort+0x14/0x20 [ 329.572763][T12779] ext4_xattr_delete_inode+0xcd0/0xce0 [ 329.572788][T12779] ? sb_end_intwrite+0