last executing test programs: 7.469809751s ago: executing program 3 (id=3027): socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x2030, &(0x7f0000000340)=ANY=[@ANYRES32], 0x2, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_extract_tcp_res(&(0x7f00000001c0), 0x200, 0x40) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100)) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r7 = dup3(r6, r5, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000011c0)={0x44, 0x0, &(0x7f0000001040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x2000000, &(0x7f0000000f00)='\"'}) 6.442121235s ago: executing program 3 (id=3035): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x20, r6, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc}]}, 0x20}}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454da, &(0x7f00000000c0)={'batadv0\x00'}) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)={'batadv0\x00'}) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) r8 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r8, 0x0, &(0x7f0000000200)=0x4) 6.441081615s ago: executing program 1 (id=3047): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r4 = open(&(0x7f00009e1000)='./file0\x00', 0x48062, 0x0) fcntl$setlease(r4, 0x400, 0x0) 5.603464633s ago: executing program 2 (id=3040): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x4, 0x0, &(0x7f0000000280)) 5.550677158s ago: executing program 2 (id=3041): bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @empty}]}]}, 0x70}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x301}, 0x14}}, 0x0) 5.550292318s ago: executing program 2 (id=3042): creat(&(0x7f0000000180)='./file0\x00', 0x0) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20) close_range(r2, 0xffffffffffffffff, 0x2) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000480)={r2, 0x0, 0x0}, 0x20) 5.550017878s ago: executing program 2 (id=3043): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000001c0)=@ipv4_delrule={0x24, 0x21, 0xb12becd5a2b54ddf, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x4}]}, 0x24}}, 0x0) 5.018509431s ago: executing program 2 (id=3055): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x26e1, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4}, 0xe) connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0x0, @fixed, 0x9}, 0xe) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000480)="1f6c00c2231bc4cb50017d870800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000994bd740f60d5600b5a0000000010902120001000000000904"], 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f00000005c0)={0x34, &(0x7f0000000240)={0x20, 0x12, 0xbf, "7687c59daa0f15f8b0c6b5002f473d883621c24480c5de8a679b862ee9e92bbc9d7779f61ca3c26fbe3fc9619395216be699428eab1c17686c5d0b25d5abe91a72ad06520e8a4028b52e414c7a7803c0284c8fc555e9857a770d507689626ad9fe61d09318b120870b906931b02ee002699e34716bb15f925c858138f34ac6b2e5f58ca0895bf0d3da21adc3c8df113304f12256f10c109cda752e3f2ac1e4b6498a858dd1fbfbed5d011bc4ea719f881b250072808f2b008db40a6081ba04"}, &(0x7f00000003c0)={0x0, 0xa, 0x1}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000440)={0x20, 0x0, 0xcc, {0xca, "e16f7491621230ed4598432fe21ec31f89cb4fa6729f526aca4f774f260eb3d5330382ee02de00c0d864de031b473060d8ced87edf71b0303f810ece99f4e570fd9e7b1e5cb5a58635c7e9f6baa2f9bc510cbcc51f4ce8a0a54efdd1b4a6f570693f70bdd66c404f1d2913407e8ce0b8b9f01538d7f7580e0e6989f7cc9ed253e8e95bad97a3e683f3d480a022cb0c25945a7ad6d82ad2441dfa91df725aa8734c529d0bb7d1a8ef4c40bd72bcf98f105d18d32560003331ba9b9926fb681f7bb8826372308e8c4a50c6"}}, &(0x7f0000000540)={0x20, 0x1, 0x1}, &(0x7f0000000580)={0x20, 0x0, 0x1, 0xb}}) syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000340)={0x44, &(0x7f0000000140)=ANY=[@ANYBLOB="17000600000061e1248a9986"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r6, &(0x7f0000000180)={0x14, &(0x7f00000000c0)={0x40, 0x11, 0x5f, {0x5f, 0x21, "8ddece344d77188a13858adfd77c7980709457b9348930364566cad9220c3bc585f1617e832327b5d7b87c100e814630a038fe41503066a261bea7d30006d4b90056c2af092fa569e558418b6b9981f9299a2047706c4e44bab5ae4e43"}}, &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000440)={0x44, &(0x7f0000000640)={0x20, 0x7, 0x9b, "45ad79bb3943c5ff0727b7529a7fe2eefcf5ae29388515faccb5df3170f95ab2731606c13acc0cc15fd9e88a4fed2dd5175270d4f826e79aa2d6d4663fa73ce7da81d3a80dd96f08af0e7fa068fdc74c8a3bd4c3c3992b5f5942e9b36816163fc8df8411acc4f5b03bd3e3d916ed1861a84275bbe53622a5b1a22e03557dcc2d5da94333e9276e9ef84073336321501627c71a1f293ba7ceda7bd2"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0xf}, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x101, 0x9, 0x4000000, 0x8, 0x1, 0x40, 0x1, 0x8, 0xfffe, 0x15, 0x458a, 0xc0ea}}, &(0x7f0000000340)={0x20, 0x85, 0x4, 0x5}, &(0x7f0000000380)={0x20, 0x83, 0x2}, &(0x7f00000003c0)={0x20, 0x87, 0x2, 0x1}, &(0x7f0000000400)={0x20, 0x89, 0x2}}) syz_usb_control_io$uac1(r6, &(0x7f00000008c0)={0x14, &(0x7f0000000700)={0x0, 0x2a, 0x72, {0x72, 0x1, "e9d953476826dc0c5a49c688e02c1e93093a21be2c70401647e0acb7bfa581d34aa0be56bd66afb53de347347f861f499f9260b88bf5b8b91b4f1ce82562d9734c9ba41c5905eede836ef5e7315bb2277eb2692fb8ad7fe49266263ce52db7968bf961fd752af5b457f378ff1a6ee092"}}, &(0x7f0000000780)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x424}}}, &(0x7f0000000c40)={0x44, &(0x7f0000000a40)={0x0, 0x30, 0xbd, "c01b9870364f4619146b070791c7e2011d219d31eb062a579369a2302419793646e2984dcf38a191c88a0d3985450275a54c7f5ec03abe1057153b942d0708e7aa9e8f4a3f07e13c745784588970d18ca09dffb9f0851dfa43ec1a4445f49e01628b52d3178ca3b4d7af475d338a6b3300ad8dbd16a8d26f00fdb8f67348573d76b969a7fdb3dd0de4447ead970b86af04c8dcd12ec542aec2c9ddaee95f0c859c93962cbc0a7190dc59713629394b3b4dde243888e571acb758fc27e7"}, &(0x7f0000000900)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000980)={0x20, 0x81, 0x2, "9cfc"}, &(0x7f0000000b40)={0x20, 0x82, 0x3, "06c0eb"}, &(0x7f0000000b80)={0x20, 0x83, 0x2, "9ec2"}, &(0x7f0000000bc0)={0x20, 0x84, 0x1, '!'}, &(0x7f0000000c00)={0x20, 0x85, 0x3, "d54cef"}}) connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) dup3(r0, r4, 0x0) 5.018136371s ago: executing program 1 (id=3045): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000a50000002a00000095"], &(0x7f0000000b40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0xfdef, &(0x7f0000001b80)={@multicast, @dev, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x2, @multicast2}}}}}, 0x0) 5.017914801s ago: executing program 3 (id=3046): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x0, 0x0, 0xa}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.946663827s ago: executing program 1 (id=3048): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000040)) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000068000301000000ef0000000000000000000000000600030000000000080001000000000024000200020000000000000000000000000000000100000000000000fc"], 0x4c}}, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) lgetxattr(0x0, 0x0, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0xe6da) pipe2(0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0xd}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000007e40), 0x4000000000000aa, 0x810) 4.334387337s ago: executing program 0 (id=3050): mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$PPPIOCSCOMPRESS(r5, 0x4010744d) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) io_setup(0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000340)='./file1\x00', 0x0, &(0x7f00000006c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}], [{@euid_eq}, {@audit}, {@smackfshat={'smackfshat', 0x3d, '^-,^,'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'upperdir'}}]}}, 0x0, 0x0, &(0x7f0000000b00)="df3d2b9fc0dd4bc6d86be91c163b053fad4687beb5820a4bafa4b35b896ee79bc9a80a04c4b149bc294070f6abab43d490774295e640e15c4b2379e70d89d4906b43de7d9cf0ef3d90efcb71c42a234cbc0aef43e31c758f44da0c6e7053e5fe08a406e734e0b60126f64cc1eb51cd0cf9b4abbd65183e77e1d5f27395ff47b4f20bd14573244344cb6761e6ec303023e6333b33ac89f250a0c88b030506cc7e81cb0b1853043a235d1b772c07f815a11d1e874c31708df26f212ddf9fed8733432bdd44df359352f95b7e59903680896a43f0004ea000589675233478acc8c3841a87d647a15c748826caf723efc56f2557de767f53b19bed3098780ec72d8b1809c8773d348cf57bf482f16f16b72831b999afbcdbc48d8d9410612037738c4d8f850ca2693b368d29d5d7d3735fabef25c003f35dda3e65647f86ea6b0ad4ee15ba239fd166b5bdbf306271013303aa3dfbb46ed292ba175ff13d71da795db128eb18a5d9cd510089122d8534c5e56947582f967a22b7df0ff5e1f945a0fb5d3e6b58eae1915ee9ec26400150c338c6ec71a693dff5b0303a1e2f497c232f905c62d73f60a41a9446a37cff667328f37aeb20b34acdf67390fec43fe5688321e81a9738f7b8df8857ceace781ac43fd0819e141cbc7483674938c070fdb2cbe5edcc990e05f2c956add730ebcf3fa3bbe568422822378862d3be4c8aa6d8c7f5f6825341ddf3042c3ede42bc0dd13a579187a2caec58a5133f360926aa45a88fa7ce293816344e8b7a626e0c280c8430cc278e0ab3a6b53cce65d852b73ca6f29bb7dd92b5b9b80533b3ca6f74e7a8c0100a1b7d93afe21beb1bbe850f21341d6ddbc92ba986a25007b0878761926a338e6a19baf247df5b3e49c9c6ccf8f8e744c1ce0e0374cf75005a08d3d1a3172a0d35199cc3edd8263d434c9d6e02f7ca56a0d96821c85a0fbabe25a6dc8df39809f46f4b4f0e8f5a1b513cfe5647bcdfa611f01694bf4edbf51ea160df16238cda57fb0766f99b57acb63ac2e369f4fcf4e8c05840f92af985a7fbc3832c15ff9928853823000f5206ee379db3a75c647d7a9895ca68193fd5943dcde4c8baa07ac9996c1104e5170a38dd1b3f4203f83bef7afbf01bee6d08d849613f40f9d78faca8394dafab90ceb1ed3a88504e3cae20a193d1fc2911dc4094d4b9b99224d9f3ad08ac749cb18cc4903d383668355793ed643ceb6f3a3b021d2a07824ccda859998574726ff36629b40ec0366b62944890ad7e6b2a6ca8bb70ffc18bfb54f773f79ba1e9db077d7f00b971108472dc37323ff81fb9db2c64535fdd98b6d785ad9e0283c34e492381dbdd3cb79") io_pgetevents(0x0, 0x2, 0x1, &(0x7f00000001c0)=[{}], &(0x7f0000000280), 0x0) 4.067165729s ago: executing program 4 (id=3051): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000020000073011400000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 3.822594499s ago: executing program 4 (id=3052): openat$vcs(0xffffffffffffff9c, &(0x7f0000005640), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mprotect(&(0x7f00002d6000/0x2000)=nil, 0x2000, 0x0) mprotect(&(0x7f00002d7000/0x2000)=nil, 0x2000, 0x4) 3.821828999s ago: executing program 4 (id=3053): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000280)=@v1={0x1000000, [{0x0, 0xf}]}, 0xc, 0x0) ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000200)='bridge0\x00') ioctl$sock_SIOCBRDELBR(r3, 0x89a3, &(0x7f0000000200)='bridge0\x00') 3.821047969s ago: executing program 3 (id=3054): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={0xffffffffffffffff, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000540)=[0x0], &(0x7f00000007c0)=[0x0], 0x0, 0xc6, &(0x7f0000000800)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0x35, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x64, 0x0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x8015) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) r8 = openat$cgroup_procs(r6, &(0x7f00000000c0)='tasks\x00', 0x2, 0x0) sendfile(r8, r7, 0x0, 0x4) quotactl$Q_QUOTAOFF(0xffffffff80000300, &(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, r5, 0x0) pipe2(0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x2, 0x0, &(0x7f00000001c0)='GPL\x00', 0x2, 0x68, &(0x7f0000000200)=""/104, 0x41100, 0x31, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x5, 0x7, 0x7, 0x4f7}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000300)=[0xffffffffffffffff], &(0x7f0000000480)=[{0x5, 0x0, 0x7, 0xb}, {0x2, 0x5, 0x8}, {0x5, 0x3, 0x0, 0x8}, {0x5, 0x4, 0x4, 0x1}, {0x4, 0x4, 0xb, 0xc}, {0x3, 0x3, 0xa, 0x2}, {0x0, 0x1, 0x5, 0x5}, {0x1, 0x5, 0x0, 0x1}], 0x10, 0xa8}, 0x90) syz_open_dev$usbfs(&(0x7f0000000100), 0x73, 0x101201) r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, 0x0, 0x0) r10 = dup(r9) sendmsg$inet(r10, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)='\x00\x00', 0x2}], 0x1}, 0x0) 3.133977865s ago: executing program 0 (id=3056): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x20, r6, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc}]}, 0x20}}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454da, &(0x7f00000000c0)={'batadv0\x00'}) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)={'batadv0\x00'}) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) r8 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r8, 0x0, &(0x7f0000000200)=0x4) 3.133667185s ago: executing program 1 (id=3057): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0) sendmsg$key(r3, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 2.95445599s ago: executing program 4 (id=3058): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x3, 0x1004, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000e8000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000096002020207b1af8ff00000000bfa100000004000000000000f8ffffffb702000008000000b70300"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) r8 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsmount(r8, 0x0, 0x0) fchmod(0xffffffffffffffff, 0x0) setregid(0xffffffffffffffff, r7) 2.862289207s ago: executing program 3 (id=3059): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f1000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffded) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=") sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000016c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg$inet(r4, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000540)}], 0x1, &(0x7f0000000600)=[@ip_ttl={{0x14, 0x0, 0x2, 0x80000000}}, @ip_retopts={{0x60, 0x0, 0x7, {[@generic={0x83, 0x2}, @cipso={0x86, 0x23, 0x1, [{0x5, 0x5, "c082f8"}, {0x0, 0xd, "7e4fb281c358faa8a9519e"}, {0x2, 0x5, "b91be4"}, {0x1, 0x6, "29f22531"}]}, @ssrr={0x89, 0x23, 0x5e, [@broadcast, @broadcast, @empty, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x3e}, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @broadcast]}, @timestamp={0x44, 0x8, 0x3d, 0x0, 0x5, [0xf6]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7258}}], 0x90}}], 0x1, 0xc1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus/file0\x00', 0x0) setxattr(&(0x7f0000000340)='./bus/file0\x00', &(0x7f0000000400)=@known='security.apparmor\x00', &(0x7f00000003c0)='overlay\x00', 0xe407, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r5, 0x5412, &(0x7f0000000140)=0x13) ioctl$TCSETSW(r5, 0x5403, &(0x7f00000000c0)={0xfffffffa, 0x0, 0x0, 0x0, 0x0, "ff24e57a1c873d098b488659cdd21490da2ffa"}) 2.014878736s ago: executing program 4 (id=3060): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffd}, 0x48) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x204410, &(0x7f0000000740), 0xfe, 0x4a1, &(0x7f00000001c0)="$eJzs3M1vVFUbAPDn3mnLN+3Li6h8SBWNjR8tLags3Gh0p4mJLnBjUttCKgM1tCRCiFZjcGlI3BvdGKJ/gSvdGHVl4lb3hoQoMQFdmDF35t4yU2ZKW6YdcH6/5JZz5p7pOc+ce+499x6mAXStwexHErE1In6JiP5atrHAYO2f61fPT/x19fxEEpXKq78n1XLXrp6fKIoW79uSZ4bSiPTDJK+k0ezZcyfGy+Wp03l+ZO7k2yOzZ889OX1y/PjU8alTY0eOHD40+szTY0+1Jc4srmu7353Zm/S8fvHliaMX3/zhqzQidu2r7a+P47akWxaSg1ngf1SqFhd7pC2V3Tm21aWTng42hBUpRUTWXb3V8d8fpbjRef3x4gcdbRywprJr04bWu+crwH9YEp1uAdAZxYU+u/8ttnWaetwRrjxXuwHK4r6eb7U9PZHmZXrXsP77IuLo/N+fZlvk/fDP1jWsEADoet9k858nms3/0thVV257voYyEBH/i4gdEfH/iNgZEfdEVMvem89nVqK2NFRayN88/0wvrzq4Zcjmf8/ma1uN879i9hcDpTy3rRp/b3Jsujx1MP9MhqJ3Q5YfXaKOb1/4+eNW+wbr5n/ZltVfzAXzdlzuWfSAbnJ8brxdk9Ir70fs7mkWf7KwEpBExP0RsXtlv3p7kZh+7NLeVoVuHf8S2rDOVPks4tFa/8/HovgLydLrkyMbozx1cKQ4Km72408XXmle+8bbi78Nsv7f3Hj8LyrR/2dSv147u/I6Lvz6Uct7ytUe/33Ja9Ux2Ze/9s743Nzp0Yi+5KVqvuH1sRvvLfJF+Sz+oQPNx/+O/D1Z/HsiIjuI90XEAxGxP2/7gxHxUEQcWCL+759/+K0VxT+9vv0/2fT8t3D8DzT2/8oTpRPffd2q/jz+4mTbov8PV1ND+SvV898ttG5OlKciKpVVH80AAABw98luvLdGkg4vpNN0eLj2f/h3xua0PDM79/ixmTOnJmvfERiI3rR40tWfPw/N7rZHk/n8N9aej47lz4qL56WH8ufGn5Q2VfPDEzPlyQ7HDt1uS4vxn/mt1OnWAWvO97Wgey0e/2mH2gGsP9d/6F7GP3Qv4x+6V934//LMhT3VxHvVn/sXdjRdC1jiL4cAd4dF1/9Ln3eqIcC6M/+H7mX8Q/cy/qEr3c73+juT2JS3/FaF+zrf1NUlvuidLWXx1e1KeiI637DGRKRLlXkjmu8ajIg1aljcER9LuxPJMg715SaOHc+HznIKd/KsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0D7/BgAA//9ajd4t") mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64], 0x1, 0x375, &(0x7f0000000880)="$eJzs3c+LG2UYwPFndrPZZEs3OYiiIPugF70Mu6tnNUgL4oJl24itIEy7Ew0Zk2UmRCLixpNX8eY/IFh68FDwUFD/gb14qxcvntxLQdAi4sj8ys9Jsslu2Wz7/UCbN3nfJ/O+yWR5nsC8OXrvq49rFc+sWE1ZyqkYIiIPRYqyJAkjuslKio68fOHP+89fvX7j7dLOzqVd1cula69sq+r6xo+ffJaPh91blcPiB0cPtn8/fPrw2aP/rn1U9bTqab3RVEtvNn5rWjcdW/eqXs1UveLYlmdrte7ZbtTfiPorTmN/v61Wfe/i2r5re55a9bbW7LY2G9p022p9aFXrapqmXlxLm+5jLDdHTPn27q5VmvOAt+aMw2n7x/f9Cd2uW7KWRcz8SE/59iOdFwAAWEhD+f83SY5QlKVuQmnEtUA2bA+WAUH+n7TD/D8oFnr5/50Xfm5eePfuepz/38um5f+v/hrFD+T/wdFPPf//buj+aEZ07h3MMvhE+T8Ww8bgJ/KPXsUeC/L/4NPQrei/eP/OZtgg/wcAAAAAAAAAAAAAAAAAAAAA4Dx46PsF3/cLyW3yr3cJQXw/ZHQmXmiMc2fc+78a7yjQPR/wWLp6/Ybkwgv3Musizpetcqsc3cb9ycBNKci/4fkQizac6ISdGijKT85Bq7wSByyH/5eyouKILVtSkOJAfNi+/NbOpS2NRPHh8Q9aZSOzFsRXpBrGb0tBnkqP306Nz8pLL/bFm1KQX25JQxzZC8/rXvznW6pvvrMzFJ8Px6V5/dG+JQAAAAAAnDpTNReXz8XB+jeq301TNa0/qOWlvz4f/X6gW19vptbnmcJzmbNdOwAAAAAATwov+2nNchzb9dpjG3mZNmY1frbJz5PeyMwyOGjcDxsrk8Ys963wuM+cjX9BY4bJy2wrtRznr1VJfTGTLVwHunIneFUtJ1n/MQbnZn0LXG9p9rXbrrcRzEfnWk5fI/naKHpkeeSlkyvjwr83kqjZDprsnDtt8DNff/v3fOsy4l17+7teu5sbWOmYcGPokc6Uk/aB70+dz0r6X4sf5vmRGQAAAAALIkn6817yyBtnOyEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5AJ9uJ7XiNs14jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsCj+DwAA///sY/Oz") sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0) mount$9p_tcp(&(0x7f0000000680), &(0x7f00000006c0)='./file1\x00', &(0x7f0000000700), 0x1000000, &(0x7f0000000780)={'trans=tcp,', {}, 0x2c, {[], [{@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@dont_measure}, {@appraise}, {@seclabel}]}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000002000000000000000080008500000041000000850000002a0000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$binfmt_elf64(r1, &(0x7f0000000480)=ANY=[], 0xfd14) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) r8 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) 1.613358619s ago: executing program 1 (id=3061): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_clone(0xa000680, &(0x7f00000006c0)="650b4c486d8d4dfeda5c3e7c944d5e04f483498ee75b2045bafc17b5bffe8047ce8ed63ec128aa195b3444e0c75fc1466e812b068cf434b8f858c5016cc8ed20185e84097234172a22201b344f84307193f38eab2a4ad86373d6185fdc578bad0b3601429bb504c78cc2ba8c38d6113e022de880af6ccac8d830e3d3d5a6c9df105e45a2697c33579c3810604f8a380315137158814ae436fd9ebb882824b0c90a7b26bf277e11f5c419b8fd42623ba01f7d06860c819fe7511ac2f48df6490e7fed735fdc8d3138ad1e43fb2d4d6d4dc4aae226c2d09369698199c39f8c939c098a9b2a871f0f9dedc8c618376d325dd49930f74b8dc6ee47696c31c1944a", 0xff, &(0x7f00000001c0), 0x0, &(0x7f0000000840)="63b47a5bf0fef7e4074aabf3461c916b1ca2e8a895b5b8d1e53caf0f6f2a983fbfbd352600cafdea363c36f3ac2847a55d40c9035be5be5d1d2a682a50eead00bb06d58447ac99e98368726b6624010f27fb7dccab4e") sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000080)=ANY=[], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f00000003c0)={'bridge0\x00'}) ioctl$sock_SIOCBRDELBR(r7, 0x89a1, &(0x7f0000000080)='bridge0\x00') syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYBLOB="430ca31940c37c97cd194c546835018df7b7bbc7f154602c6e30cf66e05f73fd448219f5144f41b44169551b89025511a71dd9931836f5", @ANYRESDEC, @ANYRES16=r6, @ANYBLOB="13c72a83dda673e459d9b3"], 0x14}, 0x1, 0x0, 0x0, 0xc4}, 0x0) 1.612299869s ago: executing program 0 (id=3071): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000040), &(0x7f0000000180)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0x30}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) 1.609380689s ago: executing program 3 (id=3062): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@delalloc}, {@user_xattr}, {@quota}]}, 0x1, 0x562, &(0x7f0000001080)="$eJzs3U1rXFUfAPD/nSR9f56mUIqKSKALK7WTJvGlgou6FC0WdF+H5DaUTDolMylNLLRd2I0bKYKIBXGve5fFL+CnKGihSAm6cDNyJ3fSaTKTt06b2Pv7wW3Puedm/vfMuefMuXNmmAAKayT7pxTxckR8nUQc7igbjLxwZPm4pUfXJ7MtiWbz0z+TSPJ97eOT/P+DeealiPj1y4iTpbVx6wuLM5VqNZ3L86ON2Suj9YXFU5dmK9PpdHp5fGLizNsT4++9+07f6vrG+b+/++Teh2e+Or707c8PjtxJ4mwcyss669Eh2WKIm52ZkRjJH2Aozq46cGyLD7zbbfWJYncYyPv5UGRjwOEYyHs98OK7ERFNoKAS/R8Kqj0PaN/b97gPfmE9/GD5Bmht/QeX3xuJfa17owNLyRN3Rtn97nAf4mcxfvnj7p1si97vQ8SToW/2ITJQdDdvRcTpwcG141+Sj3/bd3oTx6yOUbTXH9hJ97L5z5vd5j+llflPdJn/HOzSd7dj4/5fetCHMD1l87/3u85/Vxathgfy3P9ac76h5OKlapqNbf+PiBMxtDfLr7eec2bpfrNXWef8L9uy+O25YH4eDwb3Pvk3U5VG5Wnq3OnhrYhXus5/k5X2T7q0f/Z8nN9kjGPp3dd6lW1c/2er+WPE613b//GKVrL++uRo63oYbV8Va/11+9hvveLvdP2z9j+wfv2Hk8712vrWY/yw7580mje6lm33+t+TfNZK78n3Xas0GnNjEXuSj9fuH3/8t+18+/is/ieOrz/+dbv+90fE55us/+2jP73aq6xL/UvPu/2nttT+W0/c/+iL73vF31z7v9VKncj3bGb82+wJPs1zBwAAAAAAALtNKSIORVIqr6RLpXJ5+fMdR+NAqVqrN05erM1fnorWd2WHY6jUXuk+3PF5iLH887Dt/Piq/EREHImIbwb2t/LlyVp1aqcrDwAAAAAAAAAAAAAAAAAAALvEwR7f/8/8PrDTZwc8c37yG4prw/7fj196AnYlr/9QXPo/FJf+D8Wl/0Nx6f9QXHn/t9wPBeT1H4pL/wcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+On/uXLY1lx5dn8zyU1cX5mdqV09NpfWZ8uz8ZHmyNnelPF2rTVfT8mRtdqPHq9ZqV8bGY/7aaCOtN0brC4sXZmvzlxsXLs1WptML6dBzqRUAAAAAAAAAAAAAAAAAAAD8t9QXFmcq1Wo6JyGxrcTg7jgNiT4ndnpkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH/g0AAP//8UY6Ow==") fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002021702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() syz_usb_connect(0x0, 0x3f, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109022d00020000000009049c00020103510009050a00000000000009050f0000000000000904000000ffffff0002e9ebab886eb45c2d87aea7e3711ed7950488c72941ba6209126c64c006a5325bdb7ee04212eefa21ba1df84045ec7a821b49b92f73f8d9f71b3e25e8a65db02e1a4f579c425bee"], 0x0) prlimit64(r1, 0xe, &(0x7f0000000480)={0x9, 0x8}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=r1, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0) socket$nl_generic(0x10, 0x3, 0x10) statx(0xffffffffffffff9c, &(0x7f00000004c0)='./bus/file0\x00', 0x0, 0x0, 0x0) quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000200, 0x0, &(0x7f0000000600)='./bus\x00') syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r4, 0x1, &(0x7f0000001d00)=[0x0]) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) 1.554626364s ago: executing program 0 (id=3063): pipe2(&(0x7f0000000000), 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r6) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000580)={0x28, r7, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x7400, 0x0) r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80840, 0x0) splice(r0, 0x0, r9, 0x0, 0x4, 0x0) 113.334841ms ago: executing program 0 (id=3064): prlimit64(0x0, 0x8, &(0x7f0000000140), 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = syz_io_uring_setup(0x18a, &(0x7f0000000580), &(0x7f00006d5000), &(0x7f0000216000)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)=""/131, 0x83}], 0x1) 42.603407ms ago: executing program 4 (id=3065): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket$pptp(0x18, 0x1, 0x2) ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) 42.051577ms ago: executing program 0 (id=3066): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x8, 0x7fffffff, 0x2010, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5}, 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x7d, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x11}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) dup3(r1, r0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) sendto$inet(r2, 0x0, 0x0, 0x24024054, &(0x7f0000000540)={0x2, 0x0, @empty}, 0x10) r3 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) 41.897487ms ago: executing program 2 (id=3067): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000004180)=[{&(0x7f0000000240)={0x14, 0x69, 0x1, 0x0, 0x0, "", [@generic="c5"]}, 0x14}], 0x1}, 0x0) 0s ago: executing program 1 (id=3068): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f00000004c0), &(0x7f00000003c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) kernel console output (not intermixed with test programs): T30] audit: type=1400 audit(1723263465.666:3469): avc: denied { open } for pid=9381 comm="syz.3.2677" path="/dev/fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 498.172780][ T9392] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.220217][ T9392] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.227694][ T9392] device bridge_slave_0 entered promiscuous mode [ 498.235042][ T9392] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.242072][ T9392] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.249246][ T9392] device bridge_slave_1 entered promiscuous mode [ 498.753068][ T9404] fuse: Bad value for 'fd' [ 498.761605][ T9404] loop0: detected capacity change from 0 to 512 [ 498.814346][ T9404] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 498.927255][ T9404] EXT4-fs (loop0): 1 orphan inode deleted [ 498.933057][ T9404] EXT4-fs (loop0): 1 truncate cleaned up [ 498.939272][ T9404] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 499.037293][ T9406] netlink: 'syz.2.2684': attribute type 4 has an invalid length. [ 499.051218][ T9406] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2684'. [ 499.078295][ T9412] loop2: detected capacity change from 0 to 256 [ 499.217858][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 499.225317][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 499.333491][ T9424] tmpfs: Unknown parameter ';γ' [ 499.483139][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 499.503256][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 499.512121][ T6918] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.518963][ T6918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 499.547037][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 499.559394][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 499.571154][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 499.579206][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.586356][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 499.594679][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 499.602714][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 499.621658][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 499.643084][ T9392] device veth0_vlan entered promiscuous mode [ 499.652950][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 499.661918][ T1424] device bridge_slave_1 left promiscuous mode [ 499.667989][ T1424] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.675512][ T1424] device bridge_slave_0 left promiscuous mode [ 499.680705][ T6918] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 499.682067][ T1424] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.698403][ T1424] device veth1_macvtap left promiscuous mode [ 499.704312][ T1424] device veth0_vlan left promiscuous mode [ 499.706179][ T9426] loop0: detected capacity change from 0 to 40427 [ 499.781730][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 499.789269][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 499.796771][ T9426] F2FS-fs (loop0): invalid crc value [ 499.797379][ T9430] device pim6reg1 entered promiscuous mode [ 499.819763][ T9426] F2FS-fs (loop0): Found nat_bits in checkpoint [ 499.840069][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 499.850422][ T9392] device veth1_macvtap entered promiscuous mode [ 499.855599][ T9426] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1 [ 499.861440][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 499.872341][ T9426] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 499.890517][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 499.899565][ T334] attempt to access beyond end of device [ 499.899565][ T334] loop0: rw=2049, want=45104, limit=40427 [ 499.911255][ T9426] VFS:Filesystem freeze failed [ 500.069420][ T6918] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 500.080250][ T9443] loop0: detected capacity change from 0 to 16 [ 500.192456][ T6918] usb 4-1: config 0 has an invalid interface association descriptor of length 5, skipping [ 500.202852][ T6918] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 500.213883][ T6918] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 500.250890][ T9443] erofs: (device loop0): mounted with root inode @ nid 36. [ 500.389310][ T6918] usb 4-1: New USB device found, idVendor=468c, idProduct=90ea, bcdDevice=99.6d [ 500.398708][ T6918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.411192][ T6918] usb 4-1: Product: syz [ 500.415215][ T6918] usb 4-1: Manufacturer: syz [ 500.454441][ T9446] attempt to access beyond end of device [ 500.454441][ T9446] loop0: rw=0, want=14552337264, limit=16 [ 500.470226][ T9446] attempt to access beyond end of device [ 500.470226][ T9446] loop0: rw=0, want=14546590688, limit=16 [ 500.492661][ T6918] usb 4-1: SerialNumber: syz [ 500.537221][ T6918] usb 4-1: config 0 descriptor?? [ 500.837129][ T9449] netlink: 'syz.2.2697': attribute type 27 has an invalid length. [ 500.850393][ T1424] device bridge_slave_1 left promiscuous mode [ 500.856530][ T1424] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.864739][ T1424] device bridge_slave_0 left promiscuous mode [ 500.871004][ T1424] bridge0: port 1(bridge_slave_0) entered disabled state [ 500.880687][ T1424] device veth1_macvtap left promiscuous mode [ 500.887010][ T1424] device veth0_vlan left promiscuous mode [ 500.972245][ T9450] netlink: 'syz.1.2707': attribute type 4 has an invalid length. [ 500.988260][ T9450] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2707'. [ 501.249085][ T9465] fuse: Bad value for 'fd' [ 501.292946][ T9465] loop1: detected capacity change from 0 to 512 [ 501.343404][ T9465] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 501.369812][ T9465] EXT4-fs (loop1): 1 orphan inode deleted [ 501.374581][ T9463] loop0: detected capacity change from 0 to 40427 [ 501.375839][ T9465] EXT4-fs (loop1): 1 truncate cleaned up [ 501.387745][ T9465] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 501.490644][ T9463] F2FS-fs (loop0): invalid crc value [ 501.498515][ T1074] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 501.507877][ T9463] F2FS-fs (loop0): Found nat_bits in checkpoint [ 501.531783][ T9463] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 501.552810][ T9463] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 501.858406][ T1074] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 501.869358][ T1074] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.879443][ T1074] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 501.888393][ T1074] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.898023][ T1074] usb 3-1: config 0 descriptor?? [ 501.940932][ T30] kauditd_printk_skb: 107 callbacks suppressed [ 501.940960][ T30] audit: type=1400 audit(1723263469.648:3577): avc: denied { unmount } for pid=9392 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 501.969856][ T30] audit: type=1400 audit(1723263469.648:3578): avc: denied { create } for pid=9474 comm="syz.1.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 501.990272][ T30] audit: type=1400 audit(1723263469.648:3579): avc: denied { setopt } for pid=9474 comm="syz.1.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 502.010393][ T30] audit: type=1400 audit(1723263469.648:3580): avc: denied { write } for pid=9474 comm="syz.1.2703" name="001" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 502.033462][ T30] audit: type=1400 audit(1723263469.698:3581): avc: denied { create } for pid=9474 comm="syz.1.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 502.056241][ T30] audit: type=1400 audit(1723263469.698:3582): avc: denied { write } for pid=9474 comm="syz.1.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 502.077394][ T30] audit: type=1400 audit(1723263469.698:3583): avc: denied { read } for pid=9474 comm="syz.1.2703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 502.099644][ T30] audit: type=1400 audit(1723263469.698:3584): avc: denied { ioctl } for pid=9474 comm="syz.1.2703" path="socket:[67147]" dev="sockfs" ino=67147 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 502.126225][ T30] audit: type=1400 audit(1723263469.808:3585): avc: denied { read } for pid=9479 comm="syz.1.2704" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 502.159817][ T26] usb 4-1: USB disconnect, device number 56 [ 502.166373][ T30] audit: type=1400 audit(1723263469.808:3586): avc: denied { open } for pid=9479 comm="syz.1.2704" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 502.253229][ T9486] loop4: detected capacity change from 0 to 256 [ 502.296674][ T9486] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2709'. [ 502.308247][ T9486] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2709'. [ 502.326533][ T9492] loop0: detected capacity change from 0 to 512 [ 502.333357][ T9486] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 202) [ 502.342096][ T9486] FAT-fs (loop4): Filesystem has been set read-only [ 502.348867][ T9486] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 202) [ 502.356895][ T9486] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 202) [ 502.369786][ T9492] EXT4-fs (loop0): Test dummy encryption mode enabled [ 502.369809][ T9486] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9486 comm=syz.4.2709 [ 502.385188][ T9492] EXT4-fs error (device loop0): ext4_fill_super:4831: inode #2: comm syz.0.2719: casefold flag without casefold feature [ 502.390306][ T1074] lg-g15 0003:046D:C222.0053: unknown main item tag 0x7 [ 502.438753][ T9492] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 502.654527][ T1074] lg-g15 0003:046D:C222.0053: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.2-1/input0 [ 502.675254][ T1074] usb 3-1: USB disconnect, device number 49 [ 502.689121][ T9492] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,test_dummy_encryption,,errors=continue. Quota mode: none. [ 502.873402][ T9498] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.880528][ T9498] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.887712][ T9498] device bridge_slave_0 entered promiscuous mode [ 502.894805][ T9498] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.901854][ T9498] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.909292][ T9498] device bridge_slave_1 entered promiscuous mode [ 503.234442][ T1424] device bridge_slave_1 left promiscuous mode [ 503.244507][ T1424] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.258759][ T1424] device bridge_slave_0 left promiscuous mode [ 503.259706][ T9506] loop1: detected capacity change from 0 to 16 [ 503.264787][ T1424] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.278821][ T9506] erofs: (device loop1): mounted with root inode @ nid 36. [ 503.286904][ T1424] device veth1_macvtap left promiscuous mode [ 503.297338][ T1424] device veth0_vlan left promiscuous mode [ 503.500955][ T9514] attempt to access beyond end of device [ 503.500955][ T9514] loop1: rw=0, want=14552337264, limit=16 [ 503.512503][ T9514] attempt to access beyond end of device [ 503.512503][ T9514] loop1: rw=0, want=14546590688, limit=16 [ 503.566590][ T9513] netlink: 'syz.0.2712': attribute type 4 has an invalid length. [ 503.674982][ T9513] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2712'. [ 503.723834][ T9517] loop0: detected capacity change from 0 to 512 [ 503.770999][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 503.778906][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 503.806833][ T9517] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.2717: casefold flag without casefold feature [ 503.826732][ T9517] EXT4-fs error (device loop0): __ext4_iget:4892: inode #12: block 2: comm syz.0.2717: invalid block [ 503.837865][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 503.847516][ T9517] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.2717: error while reading EA inode 12 err=-117 [ 503.854810][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 503.859894][ T9517] EXT4-fs (loop0): 1 orphan inode deleted [ 503.873360][ T9517] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000008,,errors=continue. Quota mode: none. [ 503.906730][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.913649][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 503.993135][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 504.002384][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 504.011068][ T9074] EXT4-fs warning (device loop0): ext4_dirblock_csum_set:426: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 504.011563][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.032957][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 504.041006][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 504.044145][ T9074] EXT4-fs warning (device loop0): ext4_dirblock_csum_set:426: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 504.049316][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 504.166099][ T9528] tmpfs: Unknown parameter ';γ' [ 504.355654][ T9498] device veth0_vlan entered promiscuous mode [ 504.365835][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 504.385933][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 504.393720][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 504.401371][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 504.409478][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 504.424550][ T9498] device veth1_macvtap entered promiscuous mode [ 504.433004][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 504.448243][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 504.456793][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 504.465505][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 504.474844][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 505.332563][ T9541] device veth1_macvtap left promiscuous mode [ 505.343258][ T9543] device veth1_macvtap entered promiscuous mode [ 506.915126][ T9555] loop3: detected capacity change from 0 to 256 [ 506.966673][ T9558] loop2: detected capacity change from 0 to 128 [ 507.014014][ T30] kauditd_printk_skb: 75 callbacks suppressed [ 507.022024][ T30] audit: type=1400 audit(1723263474.700:3662): avc: denied { execute } for pid=9548 comm="syz.1.2725" path="/8/hugetlb.2MB.usage_in_bytes" dev="tmpfs" ino=61 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 508.028041][ T9555] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2735'. [ 508.038168][ T30] audit: type=1400 audit(1723263474.700:3663): avc: denied { create } for pid=9548 comm="syz.1.2725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 508.038427][ T9555] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2735'. [ 508.047144][ T9568] loop0: detected capacity change from 0 to 128 [ 508.077474][ T30] audit: type=1400 audit(1723263474.760:3664): avc: denied { mount } for pid=9557 comm="syz.2.2727" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 508.087758][ T9555] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 202) [ 508.110865][ T30] audit: type=1400 audit(1723263475.401:3665): avc: denied { setopt } for pid=9557 comm="syz.2.2727" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 508.141852][ T30] audit: type=1400 audit(1723263475.401:3666): avc: denied { write } for pid=9557 comm="syz.2.2727" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 508.162459][ T30] audit: type=1400 audit(1723263475.401:3667): avc: denied { read } for pid=9557 comm="syz.2.2727" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 508.182638][ T9555] FAT-fs (loop3): Filesystem has been set read-only [ 508.182964][ T9555] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 202) [ 508.196938][ T30] audit: type=1400 audit(1723263475.711:3668): avc: denied { read write } for pid=9074 comm="syz-executor" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 508.196968][ T30] audit: type=1400 audit(1723263475.711:3669): avc: denied { open } for pid=9074 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 508.196990][ T30] audit: type=1400 audit(1723263475.711:3670): avc: denied { ioctl } for pid=9074 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 508.280657][ T30] audit: type=1400 audit(1723263475.731:3671): avc: denied { read } for pid=82 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 508.290570][ T9555] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 202) [ 508.741436][ T9579] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.748627][ T9579] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.756593][ T9579] device bridge_slave_0 entered promiscuous mode [ 508.764078][ T9579] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.772752][ T9579] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.780900][ T9579] device bridge_slave_1 entered promiscuous mode [ 508.793575][ T9586] netlink: 'syz.3.2730': attribute type 4 has an invalid length. [ 508.802136][ T9586] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2730'. [ 508.850268][ T9590] loop3: detected capacity change from 0 to 16 [ 508.918230][ T9588] netlink: 'syz.1.2746': attribute type 4 has an invalid length. [ 508.926272][ T9588] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2746'. [ 508.929952][ T9590] erofs: (device loop3): mounted with root inode @ nid 36. [ 508.967050][ T9579] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.973936][ T9579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 508.981132][ T9579] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.988008][ T9579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.072185][ T9594] loop0: detected capacity change from 0 to 16 [ 509.088469][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.115995][ T9594] erofs: Unknown parameter 'ÿÿÿÿ' [ 509.191774][ T9597] attempt to access beyond end of device [ 509.191774][ T9597] loop3: rw=0, want=14552337264, limit=16 [ 509.203389][ T9597] attempt to access beyond end of device [ 509.203389][ T9597] loop3: rw=0, want=14546590688, limit=16 [ 509.334057][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.446922][ T1424] device bridge_slave_1 left promiscuous mode [ 509.452973][ T1424] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.462987][ T1424] device bridge_slave_0 left promiscuous mode [ 509.470895][ T1424] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.479392][ T1424] device veth1_macvtap left promiscuous mode [ 509.485408][ T1424] device veth0_vlan left promiscuous mode [ 509.577282][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 509.584786][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 509.593663][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 509.601944][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 509.610503][ T6918] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.617454][ T6918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.627894][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 509.636087][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 509.644061][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.650911][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.663354][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 509.671356][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 509.681043][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 509.773145][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 509.904385][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 509.915067][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 509.923422][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 510.164335][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 510.172697][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 510.180184][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 510.188656][ T9579] device veth0_vlan entered promiscuous mode [ 510.214924][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 510.226151][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 510.236972][ T9579] device veth1_macvtap entered promiscuous mode [ 510.249031][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 510.257066][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 510.265425][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 510.278402][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 510.286908][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 510.314168][ T20] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 511.658166][ T9627] tmpfs: Unknown parameter ';γ' [ 511.898777][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.944678][ T20] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 511.954400][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.963617][ T20] usb 3-1: config 0 descriptor?? [ 512.642961][ T640] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 512.772920][ T20] usbhid 3-1:0.0: can't add hid device: -71 [ 512.783435][ T20] usbhid: probe of 3-1:0.0 failed with error -71 [ 512.785686][ T9649] loop3: detected capacity change from 0 to 1024 [ 512.793421][ T20] usb 3-1: USB disconnect, device number 50 [ 512.818760][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 512.818775][ T30] audit: type=1400 audit(1723263480.523:3730): avc: denied { unmount } for pid=9579 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 512.830220][ T9651] loop4: detected capacity change from 0 to 1024 [ 512.881003][ T9649] EXT4-fs (loop3): Ignoring removed orlov option [ 512.888056][ T9649] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 512.895769][ T9649] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 512.908235][ T9651] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 512.914938][ T9649] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84fc018, mo2=0002] [ 512.932088][ T9649] System zones: 0-1, 3-36 [ 512.935004][ T30] audit: type=1400 audit(1723263480.643:3731): avc: denied { write } for pid=9650 comm="syz.4.2750" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 512.937864][ T9649] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,orlov,nomblk_io_submit,noauto_da_alloc,debug_want_extra_isize=0x0000000000000006,dioread_nolock,usrquota,usrquota,,errors=continue. Quota mode: writeback. [ 512.957878][ T30] audit: type=1400 audit(1723263480.643:3732): avc: denied { add_name } for pid=9650 comm="syz.4.2750" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 513.001705][ T30] audit: type=1400 audit(1723263480.643:3733): avc: denied { create } for pid=9650 comm="syz.4.2750" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 513.023594][ T30] audit: type=1400 audit(1723263480.643:3734): avc: denied { append open } for pid=9650 comm="syz.4.2750" path="/3/file1/cgroup.controllers" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 513.056979][ T30] audit: type=1400 audit(1723263480.763:3735): avc: denied { read write } for pid=9648 comm="syz.3.2749" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 513.080186][ T30] audit: type=1400 audit(1723263480.773:3736): avc: denied { open } for pid=9648 comm="syz.3.2749" path="/8/file0/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 513.108420][ T640] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 513.114100][ T30] audit: type=1400 audit(1723263480.793:3737): avc: denied { write } for pid=9648 comm="syz.3.2749" path="/8/file0/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 513.117027][ T640] usb 1-1: config 0 has an invalid interface association descriptor of length 5, skipping [ 513.139689][ T30] audit: type=1400 audit(1723263480.793:3738): avc: denied { read } for pid=9648 comm="syz.3.2749" name="bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 513.149432][ T640] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 513.429958][ T640] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 513.447150][ T9662] loop2: detected capacity change from 0 to 16 [ 513.507719][ T30] audit: type=1400 audit(1723263481.174:3739): avc: denied { create } for pid=9663 comm="syz.3.2753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 513.532786][ T9662] erofs: (device loop2): mounted with root inode @ nid 36. [ 513.593537][ T9668] device pim6reg1 entered promiscuous mode [ 514.258137][ T640] usb 1-1: New USB device found, idVendor=468c, idProduct=90ea, bcdDevice=99.6d [ 514.267146][ T640] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.275296][ T640] usb 1-1: Product: syz [ 514.279323][ T640] usb 1-1: Manufacturer: syz [ 514.285947][ T640] usb 1-1: SerialNumber: syz [ 514.544357][ T9673] attempt to access beyond end of device [ 514.544357][ T9673] loop2: rw=0, want=14552337264, limit=16 [ 514.556330][ T9673] attempt to access beyond end of device [ 514.556330][ T9673] loop2: rw=0, want=14546590688, limit=16 [ 514.601730][ T640] usb 1-1: config 0 descriptor?? [ 514.623354][ T640] usb 1-1: can't set config #0, error -71 [ 514.646844][ T9675] loop1: detected capacity change from 0 to 4096 [ 514.663075][ T640] usb 1-1: USB disconnect, device number 48 [ 514.674285][ T9675] EXT4-fs (loop1): Test dummy encryption mode enabled [ 514.688065][ T9675] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 514.757881][ T9675] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,grpquota,nombcache,user_xattr,nomblk_io_submit,,errors=continue. Quota mode: writeback. [ 515.108690][ T9687] device syzkaller0 entered promiscuous mode [ 515.165802][ T9683] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.173583][ T9683] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.181027][ T9683] device bridge_slave_0 entered promiscuous mode [ 515.191425][ T9683] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.200174][ T9683] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.207864][ T9683] device bridge_slave_1 entered promiscuous mode [ 515.254565][ T9692] loop2: detected capacity change from 0 to 1024 [ 515.311428][ T9692] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback. [ 515.396838][ T9683] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.403780][ T9683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.410847][ T9683] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.417927][ T9683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.467988][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 515.476256][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.484729][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.540055][ T8] device bridge_slave_1 left promiscuous mode [ 515.549797][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.557871][ T8] device bridge_slave_0 left promiscuous mode [ 515.564099][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.572591][ T8] device veth1_macvtap left promiscuous mode [ 515.578748][ T8] device veth0_vlan left promiscuous mode [ 515.691407][ T20] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 515.721427][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 515.729612][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 515.737800][ T4704] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.744754][ T4704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.752096][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 515.760253][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 515.769227][ T4704] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.776109][ T4704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.783597][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 515.792781][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 515.800653][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 515.808887][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 515.855012][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 515.866369][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 515.880020][ T9683] device veth0_vlan entered promiscuous mode [ 515.888105][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 515.896086][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 515.927958][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 515.937989][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 515.959060][ T9683] device veth1_macvtap entered promiscuous mode [ 515.968348][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 515.978804][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 515.987791][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 516.005456][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 516.014921][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 516.023305][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 516.032406][ T6918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 516.091290][ T20] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 516.099499][ T20] usb 3-1: config 0 has no interface number 1 [ 516.105746][ T20] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 516.117675][ T20] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 516.127780][ T20] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 516.137003][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.146244][ T20] usb 3-1: config 0 descriptor?? [ 516.156270][ T9710] loop0: detected capacity change from 0 to 256 [ 516.192268][ T20] usb 3-1: MIDIStreaming interface descriptor not found [ 516.247373][ T9710] FAT-fs (loop0): Directory bread(block 64) failed [ 516.253898][ T9710] FAT-fs (loop0): Directory bread(block 65) failed [ 516.260435][ T9710] FAT-fs (loop0): Directory bread(block 66) failed [ 516.268742][ T9710] FAT-fs (loop0): Directory bread(block 67) failed [ 516.275182][ T9710] FAT-fs (loop0): Directory bread(block 68) failed [ 516.281578][ T9710] FAT-fs (loop0): Directory bread(block 69) failed [ 516.287854][ T9710] FAT-fs (loop0): Directory bread(block 70) failed [ 516.294481][ T9710] FAT-fs (loop0): Directory bread(block 71) failed [ 516.300840][ T9710] FAT-fs (loop0): Directory bread(block 72) failed [ 516.307406][ T9710] FAT-fs (loop0): Directory bread(block 73) failed [ 516.477635][ T9723] input: syz1 as /devices/virtual/input/input50 [ 516.565268][ T9726] EXT4-fs error (device loop2): ext4_lookup:1855: inode #15: comm syz.2.2762: iget: bad extended attribute block 8388352 [ 517.405131][ T9732] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 517.490514][ T26] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 517.743154][ T26] usb 2-1: Using ep0 maxpacket: 32 [ 517.796716][ T9734] loop3: detected capacity change from 0 to 128 [ 517.860392][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 517.871907][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 517.881888][ T26] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 517.894744][ T26] usb 2-1: New USB device found, idVendor=056a, idProduct=0116, bcdDevice= 0.00 [ 517.904535][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.912501][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 517.912516][ T30] audit: type=1400 audit(1723263485.626:3800): avc: denied { ioctl } for pid=9731 comm="syz.3.2776" path="socket:[69010]" dev="sockfs" ino=69010 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 517.944907][ T26] usb 2-1: config 0 descriptor?? [ 518.152049][ T9740] syz.3.2778[9740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 518.152154][ T9740] syz.3.2778[9740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 518.166440][ T30] audit: type=1400 audit(1723263485.876:3801): avc: denied { create } for pid=9739 comm="syz.3.2778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 518.171314][ T9740] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9740 comm=syz.3.2778 [ 518.178681][ T30] audit: type=1400 audit(1723263485.876:3802): avc: denied { write } for pid=9739 comm="syz.3.2778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 518.249053][ T30] audit: type=1400 audit(1723263485.916:3803): avc: denied { read } for pid=9739 comm="syz.3.2778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 518.384948][ T30] audit: type=1400 audit(1723263486.096:3804): avc: denied { unmount } for pid=9498 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 518.412330][ T30] audit: type=1400 audit(1723263486.126:3805): avc: denied { bind } for pid=9751 comm="syz.3.2784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 518.431940][ T30] audit: type=1400 audit(1723263486.126:3806): avc: denied { setopt } for pid=9751 comm="syz.3.2784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 518.452501][ T30] audit: type=1400 audit(1723263486.126:3807): avc: denied { write } for pid=9751 comm="syz.3.2784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 518.572355][ T6918] usb 3-1: USB disconnect, device number 51 [ 518.638459][ T26] wacom 0003:056A:0116.0054: hidraw0: USB HID v0.00 Device [HID 056a:0116] on usb-dummy_hcd.1-1/input0 [ 518.652473][ T30] audit: type=1400 audit(1723263486.256:3808): avc: denied { create } for pid=9747 comm="syz.0.2782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 518.676606][ T30] audit: type=1400 audit(1723263486.266:3809): avc: denied { ioctl } for pid=9747 comm="syz.0.2782" path="socket:[68077]" dev="sockfs" ino=68077 ioctlcmd=0x5879 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 518.732541][ T9758] loop2: detected capacity change from 0 to 512 [ 518.781733][ T9758] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 518.793025][ T9758] ext4 filesystem being mounted at /88/bus supports timestamps until 2038 (0x7fffffff) [ 518.857549][ T9768] loop3: detected capacity change from 0 to 256 [ 518.905233][ T9768] FAT-fs (loop3): Directory bread(block 64) failed [ 518.911650][ T9768] FAT-fs (loop3): Directory bread(block 65) failed [ 518.918010][ T9768] FAT-fs (loop3): Directory bread(block 66) failed [ 518.924399][ T9768] FAT-fs (loop3): Directory bread(block 67) failed [ 518.931164][ T9768] FAT-fs (loop3): Directory bread(block 68) failed [ 518.938023][ T9768] FAT-fs (loop3): Directory bread(block 69) failed [ 518.946023][ T9768] FAT-fs (loop3): Directory bread(block 70) failed [ 518.953299][ T9768] FAT-fs (loop3): Directory bread(block 71) failed [ 518.961215][ T9768] FAT-fs (loop3): Directory bread(block 72) failed [ 518.967648][ T9768] FAT-fs (loop3): Directory bread(block 73) failed [ 519.598573][ T9774] syz.3.2792[9774] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 519.598653][ T9774] syz.3.2792[9774] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 519.600733][ T9776] loop0: detected capacity change from 0 to 256 [ 520.739201][ T6918] usb 2-1: USB disconnect, device number 47 [ 521.065114][ T9789] loop1: detected capacity change from 0 to 512 [ 521.083830][ T9792] loop4: detected capacity change from 0 to 256 [ 521.120786][ T9792] FAT-fs (loop4): Unrecognized mount option "smackfsfloor=uni_xšýte=1" or missing value [ 521.174043][ T9789] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 521.194273][ T9789] ext4 filesystem being mounted at /17/bus supports timestamps until 2038 (0x7fffffff) [ 522.797877][ T6918] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 522.981353][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 522.981434][ T30] audit: type=1400 audit(1723263490.668:3838): avc: denied { create } for pid=9788 comm="syz.1.2794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 523.105714][ T30] audit: type=1400 audit(1723263490.678:3839): avc: denied { setopt } for pid=9788 comm="syz.1.2794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 523.125836][ T30] audit: type=1400 audit(1723263490.688:3840): avc: denied { bind } for pid=9788 comm="syz.1.2794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 523.131012][ T9811] loop3: detected capacity change from 0 to 40427 [ 523.151780][ T30] audit: type=1400 audit(1723263490.758:3841): avc: denied { setattr } for pid=9788 comm="syz.1.2794" name="blkio.throttle.io_serviced_recursive" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 523.186805][ T6918] usb 1-1: Using ep0 maxpacket: 8 [ 523.462747][ T30] audit: type=1400 audit(1723263490.918:3842): avc: denied { create } for pid=9818 comm="syz.2.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 523.483065][ T9811] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 523.492147][ T9811] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 523.502908][ T9811] F2FS-fs (loop3): Found nat_bits in checkpoint [ 523.555859][ T9811] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 523.562908][ T6918] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 523.572135][ T6918] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 523.582743][ T9811] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 523.590110][ T6918] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 523.726620][ T9833] loop1: detected capacity change from 0 to 512 [ 523.759585][ T9833] EXT4-fs (loop1): Ignoring removed bh option [ 523.765903][ T9833] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 523.860931][ T9833] EXT4-fs (loop1): 1 truncate cleaned up [ 523.866456][ T9833] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 523.961005][ T30] audit: type=1400 audit(1723263491.679:3843): avc: denied { mounton } for pid=9810 comm="syz.3.2803" path="/28/bus/bus" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 523.983041][ T9811] overlayfs: invalid origin (0000007900f90000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000) [ 523.995631][ T30] audit: type=1400 audit(1723263491.699:3844): avc: denied { rename } for pid=9810 comm="syz.3.2803" name="#72" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 523.999955][ T9828] loop4: detected capacity change from 0 to 40427 [ 524.029619][ T30] audit: type=1400 audit(1723263491.699:3845): avc: denied { unlink } for pid=9810 comm="syz.3.2803" name="#72" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 524.052549][ T30] audit: type=1400 audit(1723263491.699:3846): avc: denied { unlink } for pid=9810 comm="syz.3.2803" name="#73" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 524.052708][ T9828] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 524.082047][ T6918] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 524.091424][ T6918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.096178][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.099784][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.100353][ T6918] usb 1-1: Product: syz [ 524.107692][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.115853][ T6918] usb 1-1: Manufacturer: syz [ 524.119109][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.126978][ T6918] usb 1-1: SerialNumber: syz [ 524.135219][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.140749][ T9828] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 524.159379][ T9838] loop2: detected capacity change from 0 to 128 [ 524.162258][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.165750][ T9498] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 524.169460][ T9840] loop0: detected capacity change from 0 to 512 [ 524.177219][ T6918] usb 1-1: can't set config #1, error -71 [ 524.181073][ T9828] F2FS-fs (loop4): invalid crc value [ 524.192295][ T6918] usb 1-1: USB disconnect, device number 49 [ 524.199784][ T9828] F2FS-fs (loop4): Found nat_bits in checkpoint [ 524.227833][ T9840] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 524.294754][ T9828] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 524.302350][ T9828] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 524.307779][ T9840] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 524.331983][ T9840] EXT4-fs (loop0): 1 truncate cleaned up [ 524.578520][ T9840] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback. [ 524.733045][ T30] audit: type=1400 audit(1723263492.449:3847): avc: denied { ioctl } for pid=9827 comm="syz.4.2807" path="/8/bus/file0" dev="loop4" ino=11 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 524.764907][ T9849] devpts: called with bogus options [ 525.336194][ T9860] loop3: detected capacity change from 0 to 16 [ 525.637704][ T9860] erofs: Unknown parameter 'ÿÿÿÿ' [ 525.912000][ T9870] loop4: detected capacity change from 0 to 256 [ 526.406086][ T6918] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 526.775729][ T6918] usb 2-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 526.788425][ T6918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.806253][ T6918] usb 2-1: config 0 descriptor?? [ 527.255073][ T9897] loop2: detected capacity change from 0 to 512 [ 527.336654][ T9897] EXT4-fs (loop2): Test dummy encryption mode enabled [ 527.345611][ T9897] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 527.383691][ T9897] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz.2.2822: iget: bogus i_mode (0) [ 527.401951][ T9897] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2822: couldn't read orphan inode 17 (err -117) [ 527.429741][ T9897] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,abort,barrier,barrier,test_dummy_encryption,nomblk_io_submit,,errors=continue. Quota mode: none. [ 527.753253][ T9903] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.2822: bg 0: block 7: invalid block bitmap [ 527.907526][ T9905] loop4: detected capacity change from 0 to 512 [ 527.972148][ T9903] incfs: Can't find or create .index dir in ./file0 [ 527.978139][ T9907] loop0: detected capacity change from 0 to 256 [ 527.979062][ T9903] incfs: mount failed -28 [ 528.006390][ T9905] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 528.027375][ T9905] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 528.042019][ T9905] EXT4-fs (loop4): 1 truncate cleaned up [ 528.047576][ T9905] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback. [ 528.185285][ T321] Bluetooth: hci0: command 0x1003 tx timeout [ 528.199258][ T6918] asix 2-1:0.0 eth1: register 'asix' at usb-dummy_hcd.1-1, ASIX AX88178 USB 2.0 Ethernet, 76:87:c5:9d:aa:0f [ 528.214814][ T9877] Bluetooth: hci0: sending frame failed (-49) [ 528.236155][ T6918] usb 2-1: USB disconnect, device number 48 [ 528.243011][ T6918] asix 2-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.1-1, ASIX AX88178 USB 2.0 Ethernet [ 528.408358][ T9914] loop2: detected capacity change from 0 to 2048 [ 528.412511][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 528.412525][ T30] audit: type=1400 audit(1723263496.131:3859): avc: denied { read } for pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 528.584460][ T7345] loop2: p3 < > p4 < > [ 528.593413][ T7345] loop2: partition table partially beyond EOD, truncated [ 528.604427][ T7345] loop2: p3 start 4284289 is beyond EOD, truncated [ 528.673620][ T9914] loop2: p3 < > p4 < > [ 528.677859][ T9914] loop2: partition table partially beyond EOD, truncated [ 528.685727][ T9914] loop2: p3 start 4284289 is beyond EOD, truncated [ 528.745844][ T100] loop2: p3 < > p4 < > [ 528.749910][ T100] loop2: partition table partially beyond EOD, truncated [ 528.756891][ T100] loop2: p3 start 4284289 is beyond EOD, truncated [ 528.775391][ T9920] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9920 comm=syz.4.2827 [ 528.870783][ T7345] udevd[7345]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 528.898254][ T9927] loop2: detected capacity change from 0 to 256 [ 528.912461][ T7345] udevd[7345]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 528.942415][ T9929] loop0: detected capacity change from 0 to 512 [ 528.979330][ T9929] EXT4-fs (loop0): Test dummy encryption mode enabled [ 528.987743][ T9929] EXT4-fs error (device loop0): __ext4_iget:4892: inode #11: block 1: comm syz.0.2832: invalid block [ 528.998668][ T9929] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.2832: couldn't read orphan inode 11 (err -117) [ 529.010506][ T9929] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000002000,jqfmt=vfsv0,delalloc,usrjquota=,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 529.324606][ T20] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 529.398043][ T30] audit: type=1326 audit(1723263497.122:3860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.422972][ T30] audit: type=1326 audit(1723263497.122:3861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.447073][ T30] audit: type=1326 audit(1723263497.122:3862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.470804][ T30] audit: type=1326 audit(1723263497.122:3863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.494249][ T30] audit: type=1326 audit(1723263497.142:3864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.518220][ T30] audit: type=1326 audit(1723263497.172:3865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.554019][ T30] audit: type=1326 audit(1723263497.172:3866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.580202][ T30] audit: type=1326 audit(1723263497.192:3867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.603831][ T30] audit: type=1326 audit(1723263497.192:3868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.4.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40fc7de9f9 code=0x7ffc0000 [ 529.627533][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 530.477730][ T9951] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2836'. [ 530.560905][ T1752] Bluetooth: hci0: command 0x1001 tx timeout [ 530.572923][ T9877] Bluetooth: hci0: sending frame failed (-49) [ 530.773970][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.784686][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.794302][ T20] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 531.063252][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.072229][ T20] usb 2-1: config 0 descriptor?? [ 531.084650][ T9959] loop0: detected capacity change from 0 to 40427 [ 531.175054][ T9959] F2FS-fs (loop0): invalid crc value [ 531.183050][ T9959] F2FS-fs (loop0): Found nat_bits in checkpoint [ 531.204777][ T9959] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 531.211739][ T9959] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 531.402619][ T9966] attempt to access beyond end of device [ 531.402619][ T9966] loop0: rw=2049, want=53256, limit=40427 [ 531.607527][ T20] kone 0003:1E7D:2CED.0055: collection stack underflow [ 531.614293][ T20] kone 0003:1E7D:2CED.0055: item 0 1 0 12 parsing failed [ 531.621170][ T20] kone 0003:1E7D:2CED.0055: parse failed [ 531.627043][ T20] kone: probe of 0003:1E7D:2CED.0055 failed with error -22 [ 531.870287][ T20] usb 2-1: USB disconnect, device number 49 [ 532.127232][ T9683] attempt to access beyond end of device [ 532.127232][ T9683] loop0: rw=2049, want=45104, limit=40427 [ 532.412013][ T9971] loop1: detected capacity change from 0 to 512 [ 532.412521][ T9970] xt_hashlimit: max too large, truncated to 1048576 [ 532.418437][ T9975] loop0: detected capacity change from 0 to 512 [ 532.425634][ T9970] xt_hashlimit: overflow, try lower: 0/0 [ 532.458897][ T9975] EXT4-fs (loop0): Test dummy encryption mode enabled [ 532.469826][ T9971] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 532.484743][ T9975] EXT4-fs error (device loop0): __ext4_iget:4892: inode #11: block 1: comm syz.0.2851: invalid block [ 532.488084][ T9971] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 532.510274][ T9971] EXT4-fs (loop1): 1 truncate cleaned up [ 532.514124][ T9975] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.2851: couldn't read orphan inode 11 (err -117) [ 532.515996][ T9971] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback. [ 532.528134][ T9975] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 532.611913][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 533.463399][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 533.463420][ T30] audit: type=1400 audit(1723263501.184:3881): avc: denied { unmount } for pid=9579 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 533.676185][ T9991] loop0: detected capacity change from 0 to 1024 [ 533.747090][ T4998] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 533.796353][ T9991] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 533.797122][ T9994] loop1: detected capacity change from 0 to 512 [ 533.872224][ T9997] loop4: detected capacity change from 0 to 16 [ 534.124292][ T9997] erofs: Unknown parameter 'ÿÿÿÿ' [ 534.225779][ T9994] EXT4-fs (loop1): Test dummy encryption mode enabled [ 534.244685][ T9994] EXT4-fs error (device loop1): __ext4_iget:4892: inode #11: block 1: comm syz.1.2845: invalid block [ 534.255659][ T9994] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.2845: couldn't read orphan inode 11 (err -117) [ 534.268130][ T9994] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000002000,jqfmt=vfsv0,delalloc,usrjquota=,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 534.352080][ T4998] usb 3-1: Using ep0 maxpacket: 8 [ 534.400921][T10002] loop1: detected capacity change from 0 to 512 [ 534.494457][T10002] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 534.529581][ T4998] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.540269][ T4998] usb 3-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6 [ 534.549635][T10002] ext4 filesystem being mounted at /24/bus supports timestamps until 2038 (0x7fffffff) [ 534.566578][ T4998] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.586435][ T4998] usb 3-1: config 0 descriptor?? [ 534.588385][T10008] loop4: detected capacity change from 0 to 2048 [ 534.603955][T10010] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 534.622645][ T4998] cdc_acm 3-1:0.0: skipping garbage [ 534.627864][ T4998] cdc_acm 3-1:0.0: invalid descriptor buffer length [ 534.645246][T10008] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 534.750352][T10008] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 16: comm syz.4.2849: lblock 0 mapped to illegal pblock 16 (length 1) [ 534.779947][ T9579] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 534.797307][T10013] loop0: detected capacity change from 0 to 128 [ 534.816322][ T402] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 534.825409][ T30] audit: type=1400 audit(1723263502.534:3882): avc: denied { write } for pid=9968 comm="syz.2.2842" name="hwrng" dev="devtmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 534.861832][ T6918] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 535.154573][T10018] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.170431][T10018] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.186481][T10018] device bridge_slave_0 entered promiscuous mode [ 535.204567][T10018] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.211506][T10018] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.235427][T10018] device bridge_slave_1 entered promiscuous mode [ 535.241750][ T6918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 535.241780][ T6918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 535.241810][ T6918] usb 2-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 535.271611][ T6918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.285370][ T6918] usb 2-1: config 0 descriptor?? [ 535.391079][T10018] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.398080][T10018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.405217][T10018] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.412095][T10018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.450445][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 535.458888][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.468705][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.487119][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 535.495453][ T1752] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.503509][ T1752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.512083][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 535.520477][ T1752] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.527546][ T1752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.535876][ T402] device bridge_slave_1 left promiscuous mode [ 535.542049][ T402] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.549986][ T402] device bridge_slave_0 left promiscuous mode [ 535.556233][ T402] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.579740][ T402] device veth1_macvtap left promiscuous mode [ 535.586334][ T402] device veth0_vlan left promiscuous mode [ 535.972647][ T321] usb 3-1: USB disconnect, device number 52 [ 535.983108][ T6918] wacom 0003:056A:032B.0056: unknown main item tag 0x0 [ 535.991891][ T6918] wacom 0003:056A:032B.0056: unknown main item tag 0x0 [ 536.000747][ T6918] wacom 0003:056A:032B.0056: hidraw0: USB HID v0.00 Device [HID 056a:032b] on usb-dummy_hcd.1-1/input0 [ 536.052189][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 536.060081][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 536.070191][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 536.079530][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 536.088161][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 536.096535][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 536.110668][T10018] device veth0_vlan entered promiscuous mode [ 536.117182][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 536.125386][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 536.140526][T10018] device veth1_macvtap entered promiscuous mode [ 536.147466][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 536.155734][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 536.163387][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 536.178567][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 536.195113][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 536.221570][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 536.223563][T10033] loop2: detected capacity change from 0 to 40427 [ 536.230008][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 536.244061][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 536.252321][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 536.265856][ T4998] usb 2-1: USB disconnect, device number 50 [ 536.283269][T10033] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 536.306623][T10033] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 536.351283][T10033] F2FS-fs (loop2): Found nat_bits in checkpoint [ 536.385498][T10033] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 536.395227][T10033] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 536.461994][T10037] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.468852][T10037] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.476906][T10037] device bridge_slave_0 entered promiscuous mode [ 536.489254][T10037] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.496293][T10037] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.505284][T10037] device bridge_slave_1 entered promiscuous mode [ 536.554536][T10037] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.561674][T10037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 536.568828][T10037] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.575860][T10037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 536.708789][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 536.717036][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.724578][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.744478][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 536.754095][ T1752] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.760980][ T1752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 536.768582][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 536.776663][ T1752] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.783536][ T1752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 536.802140][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 536.810361][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 536.826302][T10037] device veth0_vlan entered promiscuous mode [ 536.833980][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 536.861023][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 536.876952][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 536.884943][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 536.912733][T10037] device veth1_macvtap entered promiscuous mode [ 536.923792][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 536.984848][T10061] loop1: detected capacity change from 0 to 1024 [ 537.001233][ T1752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 537.019318][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 537.037760][T10061] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 537.121871][T10066] loop2: detected capacity change from 0 to 16 [ 537.182209][T10066] erofs: Unknown parameter 'ÿÿÿÿ' [ 537.293917][ T402] device bridge_slave_1 left promiscuous mode [ 537.316990][ T30] audit: type=1400 audit(1723263505.036:3883): avc: denied { write } for pid=10067 comm="syz.3.2859" name="001" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 537.348649][ T402] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.360177][T10068] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 537.368379][ T30] audit: type=1326 audit(1723263505.096:3884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10067 comm="syz.3.2859" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48d95169f9 code=0x0 [ 537.392298][ T402] device bridge_slave_0 left promiscuous mode [ 537.402390][ T402] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.411490][ T402] device veth1_macvtap left promiscuous mode [ 537.417510][ T402] device veth0_vlan left promiscuous mode [ 537.969471][T10082] xt_hashlimit: max too large, truncated to 1048576 [ 537.976159][T10082] xt_hashlimit: overflow, try lower: 0/0 [ 538.579528][T10085] loop0: detected capacity change from 0 to 256 [ 538.595220][ T30] audit: type=1400 audit(1723263506.276:3885): avc: denied { write } for pid=10078 comm="syz.2.2868" path="socket:[69938]" dev="sockfs" ino=69938 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 538.656215][T10085] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 538.837690][T10088] loop2: detected capacity change from 0 to 512 [ 538.940448][T10088] EXT4-fs (loop2): Test dummy encryption mode enabled [ 538.949780][ T4998] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 538.976329][T10070] loop4: detected capacity change from 0 to 131072 [ 538.984857][T10088] EXT4-fs error (device loop2): __ext4_iget:4892: inode #11: block 1: comm syz.2.2869: invalid block [ 538.996665][T10088] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2869: couldn't read orphan inode 11 (err -117) [ 539.008837][T10088] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000002000,jqfmt=vfsv0,delalloc,usrjquota=,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 539.070403][T10070] F2FS-fs (loop4): Found nat_bits in checkpoint [ 539.078563][T10092] loop0: detected capacity change from 0 to 40427 [ 539.128320][T10070] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 539.161979][T10092] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 539.169745][T10092] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 539.178841][T10092] F2FS-fs (loop0): invalid crc value [ 539.199858][ T4998] usb 2-1: Using ep0 maxpacket: 8 [ 539.206920][T10092] F2FS-fs (loop0): Found nat_bits in checkpoint [ 539.261975][T10092] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 539.269346][T10092] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 539.329718][ T4998] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 539.345214][ T4998] usb 2-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6 [ 539.899693][ T30] audit: type=1400 audit(1723263507.357:3886): avc: denied { ioctl } for pid=10103 comm="syz.3.2884" path="socket:[69957]" dev="sockfs" ino=69957 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 539.925527][ T4998] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.937452][ T4998] usb 2-1: config 0 descriptor?? [ 540.252740][ T4998] cdc_acm 2-1:0.0: skipping garbage [ 540.257781][ T4998] cdc_acm 2-1:0.0: invalid descriptor buffer length [ 540.308789][ T334] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 540.329635][ T334] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 540.569159][T10123] loop3: detected capacity change from 0 to 16 [ 540.610624][T10123] erofs: Unknown parameter 'ÿÿÿÿ' [ 540.822985][T10125] loop4: detected capacity change from 0 to 512 [ 540.878113][T10125] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 540.908880][T10125] ext4 filesystem being mounted at /5/bus supports timestamps until 2038 (0x7fffffff) [ 541.266065][ T30] audit: type=1400 audit(1723263508.987:3887): avc: denied { map } for pid=10135 comm="syz.2.2881" path="socket:[70744]" dev="sockfs" ino=70744 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 541.293670][T10138] loop3: detected capacity change from 0 to 1024 [ 541.340645][ T30] audit: type=1326 audit(1723263509.028:3888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.398774][T10138] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 541.435783][ T30] audit: type=1326 audit(1723263509.028:3889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.460172][ T30] audit: type=1326 audit(1723263509.028:3890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.483722][ T30] audit: type=1326 audit(1723263509.028:3891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.507341][ T30] audit: type=1326 audit(1723263509.028:3892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.550427][ T30] audit: type=1326 audit(1723263509.048:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.574834][ T30] audit: type=1326 audit(1723263509.048:3894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10133 comm="syz.0.2891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656598a9f9 code=0x7ffc0000 [ 541.607117][ T26] usb 2-1: USB disconnect, device number 51 [ 542.138557][T10150] loop0: detected capacity change from 0 to 40427 [ 542.182589][T10150] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 542.188835][T10150] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 542.199328][T10150] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 542.220393][T10150] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 542.227317][T10150] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 542.228145][ T26] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 542.561903][ T9683] attempt to access beyond end of device [ 542.561903][ T9683] loop0: rw=2049, want=45112, limit=40427 [ 542.638007][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 542.649050][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 542.660307][ T26] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 542.669446][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.678614][ T26] usb 2-1: config 0 descriptor?? [ 543.158578][ T26] sony 0003:054C:0268.0057: unknown main item tag 0x0 [ 543.165255][ T26] sony 0003:054C:0268.0057: unknown main item tag 0x5 [ 543.171874][ T26] sony 0003:054C:0268.0057: item fetching failed at offset 4/5 [ 543.179264][ T26] sony 0003:054C:0268.0057: parse failed [ 543.184617][ T26] sony: probe of 0003:054C:0268.0057 failed with error -22 [ 543.368420][ T26] usb 2-1: USB disconnect, device number 52 [ 543.830389][T10175] loop3: detected capacity change from 0 to 128 [ 543.844806][T10175] FAT-fs (loop3): bogus logical sector size 65535 [ 543.851240][T10175] FAT-fs (loop3): Can't find a valid FAT filesystem [ 543.883935][T10179] loop1: detected capacity change from 0 to 256 [ 543.919653][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 543.919669][ T30] audit: type=1400 audit(1723263511.649:3906): avc: denied { execute } for pid=10174 comm="syz.3.2894" path="/7/net_prio.prioidx" dev="tmpfs" ino=56 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 544.007160][T10188] loop2: detected capacity change from 0 to 16 [ 544.059083][T10188] erofs: Unknown parameter 'ÿÿÿÿ' [ 544.385710][T10194] loop0: detected capacity change from 0 to 128 [ 545.714945][ T30] audit: type=1400 audit(1723263512.929:3907): avc: denied { read } for pid=10193 comm="syz.0.2900" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 545.757071][T10204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2902'. [ 545.780970][ T30] audit: type=1400 audit(1723263513.500:3908): avc: denied { read } for pid=10207 comm="syz.3.2905" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 545.885318][T10214] loop2: detected capacity change from 0 to 512 [ 545.898744][ T30] audit: type=1400 audit(1723263513.500:3909): avc: denied { open } for pid=10207 comm="syz.3.2905" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 545.923099][ T30] audit: type=1400 audit(1723263513.620:3910): avc: denied { audit_write } for pid=10212 comm="syz.0.2917" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 545.949285][ T30] audit: type=1107 audit(1723263513.620:3911): pid=10212 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 545.974248][T10216] loop4: detected capacity change from 0 to 512 [ 545.990419][ T30] audit: type=1400 audit(1723263513.710:3912): avc: denied { bind } for pid=10217 comm="syz.0.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 546.010971][T10214] EXT4-fs warning (device loop2): ext4_multi_mount_protect:326: fsck is running on the filesystem [ 546.020940][ T30] audit: type=1400 audit(1723263513.710:3913): avc: denied { listen } for pid=10217 comm="syz.0.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 546.041825][ T30] audit: type=1400 audit(1723263513.720:3914): avc: denied { connect } for pid=10217 comm="syz.0.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 546.281638][T10220] serio: Serial port ptm0 [ 546.388991][ T30] audit: type=1400 audit(1723263513.750:3915): avc: denied { write } for pid=10217 comm="syz.0.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 546.416036][T10214] EXT4-fs warning (device loop2): ext4_multi_mount_protect:326: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 546.422030][T10223] loop0: detected capacity change from 0 to 256 [ 546.458664][T10223] exfat: Deprecated parameter 'utf8' [ 546.464516][T10223] exfat: Deprecated parameter 'namecase' [ 546.473939][T10223] exfat: Deprecated parameter 'utf8' [ 546.497059][T10216] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 546.586991][T10216] ext4 filesystem being mounted at /9/bus supports timestamps until 2038 (0x7fffffff) [ 546.743079][T10214] tmpfs: Unknown parameter 'huge-zlways' [ 546.766352][T10223] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 546.837431][T10234] loop3: detected capacity change from 0 to 16 [ 547.069830][T10234] erofs: (device loop3): mounted with root inode @ nid 36. [ 547.102745][T10234] attempt to access beyond end of device [ 547.102745][T10234] loop3: rw=0, want=32, limit=16 [ 547.161259][T10244] loop0: detected capacity change from 0 to 1024 [ 547.228843][T10244] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 548.360965][T10260] loop1: detected capacity change from 0 to 128 [ 549.151159][T10263] loop2: detected capacity change from 0 to 16 [ 549.296466][T10263] erofs: Unknown parameter 'ÿÿÿÿ' [ 549.730122][T10278] loop0: detected capacity change from 0 to 256 [ 549.875589][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 549.875604][ T30] audit: type=1400 audit(1723263517.612:3946): avc: denied { setopt } for pid=10267 comm="syz.0.2921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 550.077903][T10290] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2927'. [ 550.351738][ T30] audit: type=1400 audit(1723263518.082:3947): avc: denied { watch } for pid=10291 comm="syz.1.2929" path="/33/control" dev="tmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 550.809197][T10313] loop2: detected capacity change from 0 to 128 [ 550.876845][T10313] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 550.887255][T10313] ext4 filesystem being mounted at /127/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 550.953804][ T30] audit: type=1400 audit(1723263518.682:3948): avc: denied { create } for pid=10308 comm="syz.2.2933" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 550.976130][ T30] audit: type=1400 audit(1723263518.692:3949): avc: denied { mounton } for pid=10308 comm="syz.2.2933" path=2F3132372F66696C653061616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161612FE91F7189591E9233614B dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 551.045040][ T30] audit: type=1400 audit(1723263518.692:3950): avc: denied { write } for pid=10308 comm="syz.2.2933" name=E91F7189591E9233614B dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 551.559310][T10318] loop3: detected capacity change from 0 to 512 [ 551.582283][ T30] audit: type=1400 audit(1723263519.313:3951): avc: denied { name_bind } for pid=10323 comm="syz.0.2939" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 551.604003][ T30] audit: type=1400 audit(1723263519.313:3952): avc: denied { node_bind } for pid=10323 comm="syz.0.2939" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 551.604386][T10324] loop0: detected capacity change from 0 to 128 [ 551.626460][ T30] audit: type=1400 audit(1723263519.323:3953): avc: denied { write } for pid=10323 comm="syz.0.2939" name="fdinfo" dev="proc" ino=70959 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 551.656065][T10318] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 551.656138][ T30] audit: type=1400 audit(1723263519.323:3954): avc: denied { add_name } for pid=10323 comm="syz.0.2939" name="hugetlb.2MB.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 551.666580][T10318] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 551.687816][ T30] audit: type=1400 audit(1723263519.323:3955): avc: denied { create } for pid=10323 comm="syz.0.2939" name="hugetlb.2MB.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 551.723773][T10318] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 551.736174][T10318] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 551.744014][T10318] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 551.751676][T10318] EXT4-fs (loop3): too many log groups per flexible block group [ 551.759800][T10318] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 551.766988][T10318] EXT4-fs (loop3): mount failed [ 551.807663][T10330] loop0: detected capacity change from 0 to 512 [ 551.862240][T10333] xt_hashlimit: max too large, truncated to 1048576 [ 551.869208][T10333] xt_hashlimit: overflow, try lower: 0/0 [ 551.899127][T10330] EXT4-fs (loop0): orphan cleanup on readonly fs [ 551.907432][T10331] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.908893][T10341] loop1: detected capacity change from 0 to 512 [ 551.921054][T10330] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #4: comm syz.0.2940: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048) [ 551.924768][T10331] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.946627][T10331] device bridge_slave_0 entered promiscuous mode [ 551.949047][T10330] EXT4-fs error (device loop0): ext4_quota_enable:6369: comm syz.0.2940: Bad quota inode: 4, type: 1 [ 551.963797][T10330] EXT4-fs warning (device loop0): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 551.979541][T10331] bridge0: port 2(bridge_slave_1) entered blocking state [ 551.979604][T10330] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 551.988919][T10331] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.995128][T10330] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 552.029091][T10331] device bridge_slave_1 entered promiscuous mode [ 552.042199][T10341] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 552.053792][T10341] ext4 filesystem being mounted at /38/bus supports timestamps until 2038 (0x7fffffff) [ 552.136646][T10331] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.143525][T10331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 552.150789][T10331] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.157693][T10331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 552.163181][ T321] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 552.186019][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 552.193985][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.201313][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.412697][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 552.421330][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 552.429658][ T9062] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.436537][ T9062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 552.443715][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 552.451681][ T9062] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.458528][ T9062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 552.465749][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 552.473642][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 552.483783][ T321] usb 4-1: Using ep0 maxpacket: 8 [ 552.492460][T10331] device veth0_vlan entered promiscuous mode [ 552.499466][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 552.507650][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 552.514975][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 552.528692][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 552.538029][T10331] device veth1_macvtap entered promiscuous mode [ 552.548949][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 552.559277][ T4998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 552.574152][ T334] device bridge_slave_1 left promiscuous mode [ 552.582533][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.593535][ T334] device bridge_slave_0 left promiscuous mode [ 552.597629][T10350] loop0: detected capacity change from 0 to 512 [ 552.599642][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.605670][ T321] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 552.622952][ T321] usb 4-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6 [ 552.626975][T10350] EXT4-fs (loop0): error: journal path ./file0 is not a block device [ 552.632028][ T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.649133][ T321] usb 4-1: config 0 descriptor?? [ 552.693357][ T321] cdc_acm 4-1:0.0: skipping garbage [ 552.698746][ T321] cdc_acm 4-1:0.0: invalid descriptor buffer length [ 552.698889][T10350] loop0: detected capacity change from 0 to 512 [ 552.810561][T10358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2947'. [ 552.813294][T10350] EXT4-fs (loop0): Unrecognized mount option "sb=0x0000000000007fff." or missing value [ 552.841572][T10360] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2948'. [ 552.852082][T10360] tipc: Started in network mode [ 552.856966][T10360] tipc: Node identity 40050020000000006e, cluster identity 8 [ 552.932815][T10362] device veth1_macvtap left promiscuous mode [ 552.977932][T10362] device veth1_macvtap entered promiscuous mode [ 553.180078][T10369] loop1: detected capacity change from 0 to 128 [ 553.289334][T10369] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 553.311221][T10369] ext4 filesystem being mounted at /41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 553.485890][ T334] tipc: Left network mode [ 553.672440][ T8135] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 553.993419][ T334] device bridge_slave_1 left promiscuous mode [ 553.999490][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.007255][ T334] device bridge_slave_0 left promiscuous mode [ 554.013430][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.021570][ T334] device veth1_macvtap left promiscuous mode [ 554.027763][ T334] device veth0_vlan left promiscuous mode [ 554.033496][ T8135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 554.050433][ T8135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 554.070031][ T8135] usb 1-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 554.088140][ T8135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.097111][ T8135] usb 1-1: config 0 descriptor?? [ 554.553362][T10386] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.560312][T10386] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.578081][T10386] device bridge_slave_0 entered promiscuous mode [ 554.625589][T10386] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.640863][T10386] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.657342][T10386] device bridge_slave_1 entered promiscuous mode [ 554.692822][ T8135] belkin 0003:1020:0006.0058: item fetching failed at offset 3/5 [ 554.700770][ T8135] belkin 0003:1020:0006.0058: parse failed [ 554.716033][ T8135] belkin: probe of 0003:1020:0006.0058 failed with error -22 [ 555.146667][ T8135] usb 1-1: USB disconnect, device number 50 [ 555.163618][T10398] loop4: detected capacity change from 0 to 512 [ 555.172189][ T26] usb 4-1: USB disconnect, device number 57 [ 555.222541][T10398] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 555.234437][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 555.235360][T10398] ext4 filesystem being mounted at /15/bus supports timestamps until 2038 (0x7fffffff) [ 555.243955][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 555.273811][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 555.282891][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 555.291397][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.298329][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 555.305613][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 555.313938][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 555.322134][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.328996][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 555.337144][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 555.374791][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 555.382849][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 555.401829][T10386] device veth0_vlan entered promiscuous mode [ 555.626020][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 555.635309][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 555.643615][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 555.665345][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 555.665359][ T30] audit: type=1400 audit(1723263523.395:3965): avc: denied { read } for pid=10414 comm="syz.2.2962" name="ppp" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 555.696516][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 555.704754][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 555.705790][T10419] loop0: detected capacity change from 0 to 512 [ 555.720974][T10386] device veth1_macvtap entered promiscuous mode [ 555.740676][ T30] audit: type=1400 audit(1723263523.435:3966): avc: denied { open } for pid=10414 comm="syz.2.2962" path="/dev/ppp" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 555.762831][T10417] xt_hashlimit: overflow, try lower: 0/0 [ 555.764802][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 555.778339][ T6103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 555.795736][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 555.805043][T10419] EXT4-fs (loop0): Test dummy encryption mode enabled [ 555.806672][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 555.831962][ T30] audit: type=1400 audit(1723263523.435:3967): avc: denied { ioctl } for pid=10414 comm="syz.2.2962" path="/dev/ppp" dev="devtmpfs" ino=134 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 555.861937][T10419] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz.0.2963: inline data xattr refers to an external xattr inode [ 555.919647][T10419] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.2963: couldn't read orphan inode 12 (err -117) [ 555.944061][T10419] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000000409e,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 555.952714][T10416] loop3: detected capacity change from 0 to 40427 [ 555.981074][T10419] EXT4-fs error (device loop0): htree_dirblock_to_tree:1082: inode #2: comm syz.0.2963: Directory hole found for htree leaf block [ 556.775777][T10419] device vlan2 entered promiscuous mode [ 556.783851][T10419] device bond_slave_1 entered promiscuous mode [ 556.793510][T10419] device bond_slave_1 left promiscuous mode [ 556.809429][T10416] F2FS-fs (loop3): Found nat_bits in checkpoint [ 556.828134][T10431] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2965'. [ 556.837693][ T30] audit: type=1400 audit(1723263524.555:3968): avc: denied { nlmsg_read } for pid=10430 comm="syz.4.2965" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 556.883961][T10416] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 556.940289][T10439] syz.4.2968[10439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 556.940375][T10439] syz.4.2968[10439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 556.988838][T10443] loop1: detected capacity change from 0 to 512 [ 557.071752][T10443] EXT4-fs (loop1): error: journal path ./file0 is not a block device [ 557.119557][T10446] fuse: Unknown parameter 'ÿ0x000000000000000d' [ 557.259590][T10448] fuse: Bad value for 'fd' [ 557.311103][T10437] device veth0_vlan left promiscuous mode [ 557.321264][T10037] attempt to access beyond end of device [ 557.321264][T10037] loop3: rw=2049, want=45104, limit=40427 [ 557.372450][T10443] loop1: detected capacity change from 0 to 512 [ 557.438917][T10445] loop4: detected capacity change from 0 to 40427 [ 557.446253][T10443] EXT4-fs (loop1): Unrecognized mount option "sb=0x0000000000007fff." or missing value [ 557.471729][ T30] audit: type=1326 audit(1723263525.206:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10449 comm="syz.2.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ba15e9f9 code=0x7ffc0000 [ 557.495835][T10445] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 557.508183][T10445] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 557.532078][ T30] audit: type=1326 audit(1723263525.226:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10449 comm="syz.2.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f82ba15e9f9 code=0x7ffc0000 [ 557.558422][T10445] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 557.589912][ T30] audit: type=1326 audit(1723263525.226:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10449 comm="syz.2.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ba15e9f9 code=0x7ffc0000 [ 557.641680][ T30] audit: type=1326 audit(1723263525.226:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10449 comm="syz.2.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f82ba15e9f9 code=0x7ffc0000 [ 557.668506][ T30] audit: type=1326 audit(1723263525.226:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10449 comm="syz.2.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ba15e9f9 code=0x7ffc0000 [ 557.689481][T10448] loop0: detected capacity change from 0 to 40427 [ 557.692305][T10445] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 557.708640][T10445] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 557.720237][ T30] audit: type=1326 audit(1723263525.236:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10449 comm="syz.2.2972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ba15e9f9 code=0x7ffc0000 [ 557.780393][T10448] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 557.788352][T10448] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 557.801092][T10448] F2FS-fs (loop0): Found nat_bits in checkpoint [ 557.859172][T10448] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 557.893925][T10448] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 558.370289][ T1752] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 558.393075][T10018] attempt to access beyond end of device [ 558.393075][T10018] loop4: rw=2049, want=45112, limit=40427 [ 558.887418][T10493] loop1: detected capacity change from 0 to 512 [ 558.911860][T10493] EXT4-fs (loop1): Test dummy encryption mode enabled [ 558.930495][T10493] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz.1.2981: inline data xattr refers to an external xattr inode [ 558.946136][T10493] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.2981: couldn't read orphan inode 12 (err -117) [ 558.958426][T10493] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000000409e,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 558.999654][T10493] EXT4-fs error (device loop1): htree_dirblock_to_tree:1082: inode #2: comm syz.1.2981: Directory hole found for htree leaf block [ 559.038735][T10493] device vlan2 entered promiscuous mode [ 559.044431][T10493] device bond_slave_1 entered promiscuous mode [ 559.056488][T10493] device bond_slave_1 left promiscuous mode [ 559.069810][ T1752] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 559.080705][ T1752] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 559.091304][ T1752] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 559.107113][ T1752] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.120537][ T1752] usb 4-1: config 0 descriptor?? [ 559.142371][T10501] loop4: detected capacity change from 0 to 1024 [ 559.150388][T10499] loop0: detected capacity change from 0 to 128 [ 559.213256][T10501] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 559.232010][T10501] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,resgid=0x0000000000000000,norecovery,commit=0x0000000000000005,nombcache,,errors=continue. Quota mode: writeback. [ 559.279195][T10499] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 559.293748][T10499] ext4 filesystem being mounted at /51/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 559.352036][T10513] loop4: detected capacity change from 0 to 512 [ 559.385395][T10513] EXT4-fs (loop4): Ignoring removed orlov option [ 559.391998][T10513] EXT4-fs (loop4): Test dummy encryption mode enabled [ 559.398713][T10513] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 559.411996][T10513] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 559.420122][T10513] System zones: 1-12 [ 559.450951][T10513] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.2986: casefold flag without casefold feature [ 559.480043][T10513] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.2986: missing EA_INODE flag [ 559.496662][T10513] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2986: error while reading EA inode 12 err=-117 [ 559.509697][T10513] EXT4-fs (loop4): 1 orphan inode deleted [ 559.515480][T10513] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,abort,max_dir_size_kb=0x0000000000009c7c,debug,orlov,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue. Quota mode: none. [ 559.731793][ T1752] hid (null): bogus close delimiter [ 559.825670][T10522] loop2: detected capacity change from 0 to 512 [ 559.848930][T10527] loop4: detected capacity change from 0 to 1024 [ 559.855480][T10522] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 559.873445][T10522] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 559.883280][T10522] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 559.893662][T10522] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 559.901699][T10522] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 559.910474][T10522] EXT4-fs (loop2): too many log groups per flexible block group [ 559.918075][T10522] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 559.924896][T10522] EXT4-fs (loop2): mount failed [ 559.944449][T10529] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.951410][T10529] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.951450][ T1752] usb 4-1: language id specifier not provided by device, defaulting to English [ 559.958815][T10529] device bridge_slave_0 entered promiscuous mode [ 559.974209][T10529] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.974205][T10527] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 559.992018][T10529] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.001178][T10529] device bridge_slave_1 entered promiscuous mode [ 560.029269][T10527] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 560.044243][T10527] EXT4-fs error (device loop4): ext4_dirty_inode:6024: inode #15: comm syz.4.2995: mark_inode_dirty error [ 560.070369][T10018] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 560.085299][T10018] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 560.095834][T10018] EXT4-fs error (device loop4): ext4_dirty_inode:6024: inode #2: comm syz-executor: mark_inode_dirty error [ 560.147894][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 560.155655][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 560.173244][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 560.181748][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 560.189934][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.196799][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.214152][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 560.224921][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 560.233171][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 560.241292][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.248437][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.263587][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 560.328235][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 560.352513][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 560.360956][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 560.379891][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 560.389591][ T334] device bridge_slave_1 left promiscuous mode [ 560.541651][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.556847][ T334] device bridge_slave_0 left promiscuous mode [ 560.566204][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.574123][ T334] device veth1_macvtap left promiscuous mode [ 560.579985][ T334] device veth0_vlan left promiscuous mode [ 560.670397][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 560.678303][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 560.685669][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 560.693866][T10529] device veth0_vlan entered promiscuous mode [ 560.720162][T10543] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.727180][T10543] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.734845][T10543] device bridge_slave_0 entered promiscuous mode [ 560.742260][T10543] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.749444][T10543] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.756643][T10543] device bridge_slave_1 entered promiscuous mode [ 560.777724][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 560.793002][T10529] device veth1_macvtap entered promiscuous mode [ 560.799487][ T1752] uclogic 0003:256C:006D.0059: v1 buttonpad probing failed: -71 [ 560.807192][ T1752] uclogic 0003:256C:006D.0059: failed probing parameters: -71 [ 560.814711][ T1752] uclogic: probe of 0003:256C:006D.0059 failed with error -71 [ 560.823843][ T1752] usb 4-1: USB disconnect, device number 58 [ 560.827932][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 560.837655][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 560.846123][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 560.854288][ T640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 560.929708][T10543] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.936845][T10543] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.944125][T10543] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.950974][T10543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.974754][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 560.982389][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.990157][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.001104][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 561.009164][ T9062] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.015997][ T9062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.025531][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 561.033920][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.040822][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.058554][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 561.068266][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 561.082948][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 561.097787][T10543] device veth0_vlan entered promiscuous mode [ 561.104219][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 561.112214][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 561.120297][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 561.147533][T10543] device veth1_macvtap entered promiscuous mode [ 561.154793][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 561.164771][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 561.176727][T10560] loop0: detected capacity change from 0 to 256 [ 561.184772][ T9062] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 561.187068][T10562] loop1: detected capacity change from 0 to 512 [ 561.206593][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 561.215248][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 561.224512][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 561.233072][T10562] EXT4-fs warning (device loop1): ext4_multi_mount_protect:326: fsck is running on the filesystem [ 561.233200][ T8135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 561.252885][T10562] EXT4-fs warning (device loop1): ext4_multi_mount_protect:326: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 561.275317][T10560] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3010'. [ 561.300929][T10560] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3010'. [ 561.337264][T10560] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 202) [ 561.358800][T10560] FAT-fs (loop0): Filesystem has been set read-only [ 561.389131][T10574] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10574 comm=syz.0.3010 [ 561.402382][T10562] tmpfs: Unknown parameter 'huge-zlways' [ 561.438943][T10560] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 202) [ 561.467197][T10560] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 202) [ 561.672161][ T334] device bridge_slave_1 left promiscuous mode [ 561.691958][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.713671][ T334] device bridge_slave_0 left promiscuous mode [ 561.716096][T10566] loop2: detected capacity change from 0 to 40427 [ 561.719738][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.737785][ T334] device veth1_macvtap left promiscuous mode [ 561.744717][ T334] device veth0_vlan left promiscuous mode [ 561.749892][T10566] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 561.759169][T10566] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 561.770007][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 561.770023][ T30] audit: type=1326 audit(1723263529.508:3994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 561.804611][T10566] F2FS-fs (loop2): invalid crc value [ 561.805246][ T30] audit: type=1326 audit(1723263529.508:3995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 561.855905][ T30] audit: type=1326 audit(1723263529.508:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 561.874962][T10586] loop1: detected capacity change from 0 to 1024 [ 561.879616][ T30] audit: type=1326 audit(1723263529.508:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 561.923656][T10566] F2FS-fs (loop2): Found nat_bits in checkpoint [ 561.939055][T10586] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 561.962659][ T30] audit: type=1326 audit(1723263529.508:3998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 561.973184][T10591] loop0: detected capacity change from 0 to 8192 [ 561.988388][T10586] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 561.999266][ T30] audit: type=1326 audit(1723263529.508:3999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 562.024868][T10586] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 562.033355][ T30] audit: type=1326 audit(1723263529.508:4000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 562.036960][T10591] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 562.063400][ T30] audit: type=1326 audit(1723263529.508:4001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 562.093412][T10586] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,errors=remount-ro,dioread_nolock,jqfmt=vfsold,nomblk_io_submit,noauto_da_alloc,. Quota mode: writeback. [ 562.097920][ T30] audit: type=1326 audit(1723263529.508:4002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 562.160370][ T30] audit: type=1326 audit(1723263529.508:4003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10561 comm="syz.1.3000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0361279f9 code=0x7ffc0000 [ 562.190844][T10566] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 562.238257][T10566] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 562.360812][ T4408] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 562.459810][ T4408] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 562.509081][T10597] syz.4.3013[10597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 562.509159][T10597] syz.4.3013[10597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 562.571577][T10605] loop4: detected capacity change from 0 to 2048 [ 562.621732][T10605] loop4: p1 < > p4 [ 562.628287][T10605] loop4: p4 size 8388608 extends beyond EOD, truncated [ 562.728698][ T6583] udevd[6583]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 562.740382][ T7345] udevd[7345]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 563.097828][ T26] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 563.246191][T10607] loop3: detected capacity change from 0 to 40427 [ 563.302139][T10607] F2FS-fs (loop3): Found nat_bits in checkpoint [ 563.325402][T10607] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 563.350375][T10037] attempt to access beyond end of device [ 563.350375][T10037] loop3: rw=2049, want=45104, limit=40427 [ 563.437524][ T26] usb 2-1: Using ep0 maxpacket: 16 [ 563.567560][ T26] usb 2-1: config 1 descriptor has 1 excess byte, ignoring [ 563.574636][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 563.586772][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 255, changing to 11 [ 563.598623][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 59391, setting to 1024 [ 563.610162][ T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 563.619861][ T26] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25 [ 563.646198][T10629] loop3: detected capacity change from 0 to 40427 [ 563.688472][T10629] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 563.694639][T10629] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 563.705735][T10629] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 563.707482][ T26] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 563.725782][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 563.733692][ T26] usb 2-1: SerialNumber: syz [ 563.740493][T10629] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 563.747464][T10629] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 563.757451][T10601] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 563.777961][ T26] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 564.049560][ T26] usb 2-1: USB disconnect, device number 53 [ 564.169604][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3026'. [ 564.367959][T10037] attempt to access beyond end of device [ 564.367959][T10037] loop3: rw=2049, want=45112, limit=40427 [ 564.523438][T10653] loop3: detected capacity change from 0 to 256 [ 564.685373][T10657] loop1: detected capacity change from 0 to 1024 [ 564.714217][T10644] loop0: detected capacity change from 0 to 131072 [ 564.820689][T10659] binder: 10652:10659 ioctl c0306201 200011c0 returned -14 [ 564.961376][T10657] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 564.978075][T10666] loop2: detected capacity change from 0 to 512 [ 565.006089][T10644] F2FS-fs (loop0): Found nat_bits in checkpoint [ 565.038166][T10666] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 565.049536][T10666] ext4 filesystem being mounted at /26/bus supports timestamps until 2038 (0x7fffffff) [ 565.069231][T10644] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 565.173419][T10674] xt_hashlimit: overflow, try lower: 0/0 [ 566.611336][T10703] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.618395][T10703] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.759933][T10703] device bridge_slave_1 left promiscuous mode [ 566.767952][T10703] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.777799][T10703] device bridge_slave_0 left promiscuous mode [ 566.783924][T10703] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.840538][T10709] loop4: detected capacity change from 0 to 128 [ 567.492414][T10721] kvm [10720]: vcpu0, guest rIP: 0xfff0 unimplemented HWCR wrmsr: 0xa7 [ 567.597165][ T321] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 567.762038][T10726] fuse: Bad value for 'fd' [ 567.805706][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 567.805719][ T30] audit: type=1400 audit(1723263535.501:4036): avc: denied { unlink } for pid=10723 comm="syz.0.3050" name="#7b" dev="tmpfs" ino=77 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 568.015358][ T321] usb 3-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 568.036509][ T321] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.085092][ T321] usb 3-1: config 0 descriptor?? [ 568.157749][T10738] bridge0: port 3(gretap0) entered blocking state [ 568.164569][T10738] bridge0: port 3(gretap0) entered disabled state [ 568.176121][T10738] device gretap0 entered promiscuous mode [ 568.182869][T10738] bridge0: port 3(gretap0) entered blocking state [ 568.189303][T10738] bridge0: port 3(gretap0) entered forwarding state [ 568.211366][T10738] device gretap0 left promiscuous mode [ 568.218109][T10738] bridge0: port 3(gretap0) entered disabled state [ 568.950613][T10748] loop3: detected capacity change from 0 to 512 [ 569.695542][T10748] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 569.732976][T10748] ext4 filesystem being mounted at /31/bus supports timestamps until 2038 (0x7fffffff) [ 569.845253][T10757] loop4: detected capacity change from 0 to 512 [ 569.858363][T10757] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.3060: casefold flag without casefold feature [ 569.871761][T10757] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #2: comm syz.4.3060: missing EA_INODE flag [ 570.093450][T10757] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.3060: error while reading EA inode 2 err=-117 [ 570.117890][T10757] EXT4-fs (loop4): 1 orphan inode deleted [ 570.123991][T10757] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 571.567557][ T30] audit: type=1400 audit(1723263538.122:4037): avc: denied { read } for pid=10767 comm="syz.0.3063" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 571.710051][ T30] audit: type=1400 audit(1723263538.122:4038): avc: denied { open } for pid=10767 comm="syz.0.3063" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 571.738189][T10770] loop3: detected capacity change from 0 to 1024 [ 571.787364][T10775] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.794488][T10775] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.821704][ T30] audit: type=1400 audit(1723263539.563:4039): avc: denied { search } for pid=138 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 571.836051][ T321] asix 3-1:0.0 eth1: register 'asix' at usb-dummy_hcd.2-1, ASIX AX88178 USB 2.0 Ethernet, 76:87:c5:9d:aa:0f [ 571.868591][ T321] usb 3-1: USB disconnect, device number 53 [ 571.875046][ T321] asix 3-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.2-1, ASIX AX88178 USB 2.0 Ethernet [ 571.886285][T10770] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback. [ 571.957772][ T30] audit: type=1400 audit(1723263539.613:4040): avc: denied { read } for pid=138 comm="dhcpcd" name="n25" dev="tmpfs" ino=26668 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 572.150533][ T60] ================================================================== [ 572.158422][ T60] BUG: KASAN: use-after-free in worker_thread+0xaaa/0x12a0 [ 572.165454][ T60] Read of size 8 at addr ffff888120dbec60 by task kworker/1:2/60 [ 572.173000][ T60] [ 572.175173][ T60] CPU: 1 PID: 60 Comm: kworker/1:2 Not tainted 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 572.184806][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 572.194699][ T60] Workqueue: 0x0 (events) [ 572.198964][ T60] Call Trace: [ 572.202074][ T60] [ 572.204866][ T60] dump_stack_lvl+0x151/0x1b7 [ 572.209451][ T60] ? io_uring_drop_tctx_refs+0x190/0x190 [ 572.214919][ T60] ? panic+0x751/0x751 [ 572.218826][ T60] print_address_description+0x87/0x3b0 [ 572.224208][ T60] kasan_report+0x179/0x1c0 [ 572.228547][ T60] ? worker_thread+0xaaa/0x12a0 [ 572.233232][ T60] ? worker_thread+0xaaa/0x12a0 [ 572.237922][ T60] __asan_report_load8_noabort+0x14/0x20 [ 572.243388][ T60] worker_thread+0xaaa/0x12a0 [ 572.247908][ T60] kthread+0x421/0x510 [ 572.251815][ T60] ? worker_clr_flags+0x180/0x180 [ 572.256667][ T60] ? kthread_blkcg+0xd0/0xd0 [ 572.261096][ T60] ret_from_fork+0x1f/0x30 [ 572.265351][ T60] [ 572.268384][ T60] [ 572.270552][ T60] Allocated by task 321: [ 572.274634][ T60] ____kasan_kmalloc+0xdb/0x110 [ 572.279320][ T60] __kasan_kmalloc+0x9/0x10 [ 572.283659][ T60] __kmalloc+0x13a/0x270 [ 572.287739][ T60] kvmalloc_node+0x1f0/0x4d0 [ 572.292164][ T60] alloc_netdev_mqs+0x8c/0xc90 [ 572.296768][ T60] alloc_etherdev_mqs+0x33/0x40 [ 572.301488][ T60] usbnet_probe+0x1ff/0x2830 [ 572.305879][ T60] usb_probe_interface+0x5b6/0xa90 [ 572.310837][ T60] really_probe+0x28d/0x970 [ 572.315274][ T60] __driver_probe_device+0x1a0/0x310 [ 572.320378][ T60] driver_probe_device+0x54/0x3d0 [ 572.325234][ T60] __device_attach_driver+0x2c5/0x470 [ 572.330443][ T60] bus_for_each_drv+0x183/0x200 [ 572.335133][ T60] __device_attach+0x312/0x510 [ 572.339815][ T60] device_initial_probe+0x1a/0x20 [ 572.344674][ T60] bus_probe_device+0xbe/0x1e0 [ 572.349285][ T60] device_add+0xb60/0xf10 [ 572.353524][ T60] usb_set_configuration+0x190f/0x1e80 [ 572.358825][ T60] usb_generic_driver_probe+0x8b/0x150 [ 572.364119][ T60] usb_probe_device+0x144/0x260 [ 572.368802][ T60] really_probe+0x28d/0x970 [ 572.373151][ T60] __driver_probe_device+0x1a0/0x310 [ 572.378350][ T60] driver_probe_device+0x54/0x3d0 [ 572.383210][ T60] __device_attach_driver+0x2c5/0x470 [ 572.388419][ T60] bus_for_each_drv+0x183/0x200 [ 572.393103][ T60] __device_attach+0x312/0x510 [ 572.397706][ T60] device_initial_probe+0x1a/0x20 [ 572.402566][ T60] bus_probe_device+0xbe/0x1e0 [ 572.407168][ T60] device_add+0xb60/0xf10 [ 572.411330][ T60] usb_new_device+0x1038/0x1c00 [ 572.416030][ T60] hub_event+0x2def/0x4770 [ 572.420269][ T60] process_one_work+0x6bb/0xc10 [ 572.425155][ T60] worker_thread+0xad5/0x12a0 [ 572.429730][ T60] kthread+0x421/0x510 [ 572.433637][ T60] ret_from_fork+0x1f/0x30 [ 572.437890][ T60] [ 572.440061][ T60] Freed by task 321: [ 572.443799][ T60] kasan_set_track+0x4b/0x70 [ 572.448224][ T60] kasan_set_free_info+0x23/0x40 [ 572.452998][ T60] ____kasan_slab_free+0x126/0x160 [ 572.457941][ T60] __kasan_slab_free+0x11/0x20 [ 572.462541][ T60] slab_free_freelist_hook+0xbd/0x190 [ 572.467759][ T60] kfree+0xc8/0x220 [ 572.471393][ T60] kvfree+0x35/0x40 [ 572.475036][ T60] netdev_freemem+0x3f/0x60 [ 572.479377][ T60] netdev_release+0x7f/0xb0 [ 572.483722][ T60] device_release+0x95/0x1c0 [ 572.488246][ T60] kobject_put+0x178/0x260 [ 572.492482][ T60] put_device+0x1f/0x30 [ 572.496484][ T60] free_netdev+0x34f/0x440 [ 572.500727][ T60] usbnet_disconnect+0x245/0x390 [ 572.505501][ T60] usb_unbind_interface+0x1fa/0x8c0 [ 572.510538][ T60] device_release_driver_internal+0x50b/0x7d0 [ 572.516445][ T60] device_release_driver+0x19/0x20 [ 572.521386][ T60] bus_remove_device+0x2f8/0x360 [ 572.526157][ T60] device_del+0x663/0xe90 [ 572.530324][ T60] usb_disable_device+0x380/0x720 [ 572.535191][ T60] usb_disconnect+0x32a/0x890 [ 572.539786][ T60] hub_event+0x1d42/0x4770 [ 572.544053][ T60] process_one_work+0x6bb/0xc10 [ 572.548732][ T60] worker_thread+0xe02/0x12a0 [ 572.553787][ T60] kthread+0x421/0x510 [ 572.557672][ T60] ret_from_fork+0x1f/0x30 [ 572.561923][ T60] [ 572.564094][ T60] Last potentially related work creation: [ 572.569654][ T60] kasan_save_stack+0x3b/0x60 [ 572.574250][ T60] __kasan_record_aux_stack+0xd3/0xf0 [ 572.579456][ T60] kasan_record_aux_stack_noalloc+0xb/0x10 [ 572.586247][ T60] insert_work+0x56/0x320 [ 572.591225][ T60] __queue_work+0x92a/0xcd0 [ 572.597149][ T60] queue_work_on+0x105/0x170 [ 572.601580][ T60] usbnet_link_change+0xeb/0x100 [ 572.606531][ T60] usbnet_probe+0x1dd3/0x2830 [ 572.611206][ T60] usb_probe_interface+0x5b6/0xa90 [ 572.616160][ T60] really_probe+0x28d/0x970 [ 572.620494][ T60] __driver_probe_device+0x1a0/0x310 [ 572.625617][ T60] driver_probe_device+0x54/0x3d0 [ 572.630563][ T60] __device_attach_driver+0x2c5/0x470 [ 572.635860][ T60] bus_for_each_drv+0x183/0x200 [ 572.640547][ T60] __device_attach+0x312/0x510 [ 572.645146][ T60] device_initial_probe+0x1a/0x20 [ 572.650007][ T60] bus_probe_device+0xbe/0x1e0 [ 572.654617][ T60] device_add+0xb60/0xf10 [ 572.658778][ T60] usb_set_configuration+0x190f/0x1e80 [ 572.664076][ T60] usb_generic_driver_probe+0x8b/0x150 [ 572.669368][ T60] usb_probe_device+0x144/0x260 [ 572.674049][ T60] really_probe+0x28d/0x970 [ 572.678386][ T60] __driver_probe_device+0x1a0/0x310 [ 572.683606][ T60] driver_probe_device+0x54/0x3d0 [ 572.688468][ T60] __device_attach_driver+0x2c5/0x470 [ 572.693719][ T60] bus_for_each_drv+0x183/0x200 [ 572.698372][ T60] __device_attach+0x312/0x510 [ 572.703151][ T60] device_initial_probe+0x1a/0x20 [ 572.708093][ T60] bus_probe_device+0xbe/0x1e0 [ 572.712769][ T60] device_add+0xb60/0xf10 [ 572.716946][ T60] usb_new_device+0x1038/0x1c00 [ 572.721629][ T60] hub_event+0x2def/0x4770 [ 572.725873][ T60] process_one_work+0x6bb/0xc10 [ 572.730703][ T60] worker_thread+0xad5/0x12a0 [ 572.735206][ T60] kthread+0x421/0x510 [ 572.739108][ T60] ret_from_fork+0x1f/0x30 [ 572.743362][ T60] [ 572.745545][ T60] The buggy address belongs to the object at ffff888120dbe000 [ 572.745545][ T60] which belongs to the cache kmalloc-4k of size 4096 [ 572.759678][ T60] The buggy address is located 3168 bytes inside of [ 572.759678][ T60] 4096-byte region [ffff888120dbe000, ffff888120dbf000) [ 572.772965][ T60] The buggy address belongs to the page: [ 572.778438][ T60] page:ffffea0004836e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120db8 [ 572.788505][ T60] head:ffffea0004836e00 order:3 compound_mapcount:0 compound_pincount:0 [ 572.796651][ T60] flags: 0x4000000000010200(slab|head|zone=1) [ 572.802560][ T60] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 572.811064][ T60] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 572.819671][ T60] page dumped because: kasan: bad access detected [ 572.825924][ T60] page_owner tracks the page as allocated [ 572.831476][ T60] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5739, ts 311072701522, free_ts 311071218518 [ 572.851522][ T60] post_alloc_hook+0x1a3/0x1b0 [ 572.856112][ T60] prep_new_page+0x1b/0x110 [ 572.860453][ T60] get_page_from_freelist+0x3550/0x35d0 [ 572.865835][ T60] __alloc_pages+0x27e/0x8f0 [ 572.870519][ T60] new_slab+0x9a/0x4e0 [ 572.874425][ T60] ___slab_alloc+0x39e/0x830 [ 572.878855][ T60] __slab_alloc+0x4a/0x90 [ 572.883022][ T60] __kmalloc_track_caller+0x16c/0x260 [ 572.888227][ T60] pskb_expand_head+0x113/0x1240 [ 572.893002][ T60] ipgre_xmit+0x4c7/0xc30 [ 572.897169][ T60] dev_hard_start_xmit+0x228/0x620 [ 572.902114][ T60] __dev_queue_xmit+0x18b4/0x2e70 [ 572.906981][ T60] dev_queue_xmit+0x17/0x20 [ 572.911314][ T60] __bpf_redirect+0x690/0xe60 [ 572.915829][ T60] bpf_clone_redirect+0x24d/0x390 [ 572.920710][ T60] bpf_prog_67a7f92a6a5e5f13+0x682/0xe6c [ 572.926158][ T60] page last free stack trace: [ 572.930668][ T60] free_unref_page_prepare+0x7c8/0x7d0 [ 572.935963][ T60] free_unref_page+0xe8/0x750 [ 572.940477][ T60] __free_pages+0x61/0xf0 [ 572.944731][ T60] __free_slab+0xec/0x1d0 [ 572.948917][ T60] __unfreeze_partials+0x165/0x1a0 [ 572.953846][ T60] put_cpu_partial+0xc4/0x120 [ 572.958357][ T60] __slab_free+0x1c8/0x290 [ 572.962613][ T60] ___cache_free+0x109/0x120 [ 572.967034][ T60] qlink_free+0x4d/0x90 [ 572.971029][ T60] qlist_free_all+0x44/0xb0 [ 572.975368][ T60] kasan_quarantine_reduce+0x15a/0x180 [ 572.980836][ T60] __kasan_slab_alloc+0x2f/0xe0 [ 572.985522][ T60] slab_post_alloc_hook+0x53/0x2c0 [ 572.990468][ T60] __kmalloc+0x11e/0x270 [ 572.994548][ T60] kernfs_fop_read_iter+0x15b/0x470 [ 572.999589][ T60] vfs_read+0xa7e/0xd40 [ 573.003583][ T60] [ 573.005746][ T60] Memory state around the buggy address: [ 573.011389][ T60] ffff888120dbeb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.019290][ T60] ffff888120dbeb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.027189][ T60] >ffff888120dbec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.035092][ T60] ^ [ 573.042114][ T60] ffff888120dbec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.050015][ T60] ffff888120dbed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 573.057906][ T60] ================================================================== [ 573.065809][ T60] Disabling lock debugging due to kernel taint [ 573.100173][ T30] audit: type=1400 audit(1723263539.613:4041): avc: denied { open } for pid=138 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=26668 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 573.127035][ T30] audit: type=1400 audit(1723263539.613:4042): avc: denied { getattr } for pid=138 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=26668 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 573.153427][ T30] audit: type=1400 audit(1723263539.613:4043): avc: denied { mounton } for pid=10788 comm="syz.0.3066" path="/15/file0" dev="tmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 573.178818][ T30] audit: type=1400 audit(1723263540.843:4044): avc: denied { read } for pid=10796 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 573.202171][ T30] audit: type=1400 audit(1723263540.843:4045): avc: denied { open } for pid=10796 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 573.227302][ T30] audit: type=1400 audit(1723263540.843:4046): avc: denied { getattr } for pid=10796 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 573.252703][ T30] audit: type=1400 audit(1723263540.893:4047): avc: denied { write } for pid=10793 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=295 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 573.275985][ T30] audit: type=1400 audit(1723263540.893:4048): avc: denied { add_name } for pid=10793 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 573.298381][ T30] audit: type=1400 audit(1723263540.893:4049): avc: denied { create } for pid=10793 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 573.320879][ T30] audit: type=1400 audit(1723263540.893:4050): avc: denied { write } for pid=10793 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=26708 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 573.422563][ T6103] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 573.782435][ T6103] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 573.790562][ T6103] usb 4-1: config 0 has no interface number 1 [ 573.796584][ T6103] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 573.806286][ T6103] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 573.815932][ T6103] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 573.824864][ T6103] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.833618][ T6103] usb 4-1: config 0 descriptor?? [ 573.873075][ T6103] usb 4-1: MIDIStreaming interface descriptor not found [ 574.252369][T10823] EXT4-fs error (device loop3): ext4_lookup:1855: inode #15: comm syz.3.3062: iget: bad extended attribute block 8388352 [ 575.381978][ T9062] usb 4-1: USB disconnect, device number 59