last executing test programs: 3.903237681s ago: executing program 3 (id=1606): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000440)="66baf80cb89a3bc284ef66bafc0c66edf30fc7b156000000b805000000b9170000000f01d99966baf80cb8c659ac86ef66bafc0cb0f8eef028747a230f205bc4e27d1e410066bad10466ed82ae5b1a0000c5", 0x52}], 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x1000000, @private0}, 0x1c) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.805976696s ago: executing program 3 (id=1607): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) vmsplice(r2, &(0x7f0000000900)=[{&(0x7f00000005c0)="cb", 0x1}], 0x1, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) close_range(r2, 0xffffffffffffffff, 0x0) 3.658359799s ago: executing program 3 (id=1608): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000380)='\n', 0x1}], 0x1, 0x5, 0x0) 3.6493325s ago: executing program 3 (id=1609): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000008c0)={0x2c, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x2, @string={0x2}}, &(0x7f0000000040), 0x0}, 0x0) 3.541537146s ago: executing program 1 (id=1610): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x28bd, 0x75, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x7, {0x7, 0x0, "9330ad2ae4"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.248126105s ago: executing program 0 (id=1617): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000440)="66baf80cb89a3bc284ef66bafc0c66edf30fc7b156000000b805000000b9170000000f01d99966baf80cb8c659ac86ef66bafc0cb0f8eef028747a230f205bc4e27d1e410066bad10466ed82ae5b1a0000c5", 0x52}], 0x1, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x1000000, @private0}, 0x1c) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.105962277s ago: executing program 0 (id=1619): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000380)='\n', 0x1}], 0x1, 0x5, 0x0) 1.998875193s ago: executing program 4 (id=1622): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001580)={{r0}, &(0x7f0000001500), &(0x7f0000001540)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='ext4_es_remove_extent\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='ext4_es_remove_extent\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 1.957050759s ago: executing program 4 (id=1623): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000280)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) write$uinput_user_dev(r6, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x9}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f0000000040), &(0x7f0000000140)=r7}, 0x20) 1.416913382s ago: executing program 2 (id=1629): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='ext4_es_find_extent_range_enter\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='ext4_es_find_extent_range_enter\x00', r2}, 0x10) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) 1.406607584s ago: executing program 1 (id=1630): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x1, 0x0) vmsplice(r2, &(0x7f0000000900)=[{&(0x7f00000005c0)="cb", 0x1}], 0x1, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) close_range(r2, 0xffffffffffffffff, 0x0) 1.391443146s ago: executing program 2 (id=1631): syz_open_pts(0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x5450, 0x0) dup(0xffffffffffffffff) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r0, 0x3) r1 = accept4$inet(r0, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f00000001c0)={0x2, 0x2, @remote}, 0x10) write$binfmt_elf32(r1, 0x0, 0x0) 1.305578199s ago: executing program 2 (id=1632): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x3, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r4, &(0x7f0000000980), 0x12) 1.290556922s ago: executing program 3 (id=1633): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0xa0179e1d}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_DROP_PRIVILEGES(r5, 0x4004551e, &(0x7f00000000c0)) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f000001a080)={0x0, 0x9, 0x92, 0x0, 0x1000, 0xffffffff, &(0x7f0000019080)="193ef711cfee07aac687ccbd4c017a4c38d058f8668af43162ff8921b939d6ce666225493526cfbe8b7881dbe8867bb72a4d43a2f7cb6e8464366693b33524ac808040d7e385e70e7c61e9e64fc23c6b69e8e9071410e5183d3e3bc0d5119a38421370311fd1e576bbdeb285464d3140aa4b0c528fb6b9bc869a6e2d0671f713d678f120b6c3bfb144ccc956e19d681612ce67cad126db9d927c53814a2f4153635567ca6b34c5d0a7f3ef352e7142797fde6526117bdb9baf0ce07d88f2af32853a76083b4904992f7a499fd23e5a778b3bafa128815f6e647ceb9b16ca6b649a18a34beee87e2124f978a74cfb392dc1e2dcd4eafe7c5e35a6a5bbad6b33e5be165927e31e52d6281dc8835cfb7531f8fe73dc387b5be3ef6a5241e299c9907d2ffdcecc83b3fd2868b723265d7649f1b0b1d9ff162590e501be2d97b47e6de8524a7b2c1c822792d03d8fb6f744db6bb66bbc1d25f22d359cb164e3e7a58a3120bb9df039023ef78c3c5ab0698224c7d65aa65268da9d5bd9ee780658eb5370e11cbe134ef919930141fa23fa10349b5cfa1d4268fc69175edfa09e594de66c7185191824f686cd3de7ddf4c727868971d7a4e1c6905b894c2ba13f86e35378c06d330b9dc2516dd8e60cbc2dcbeb176bcc0b5fcf28d0b66e0b384c97e7732a0ae0c85c6ca919c4a9daea074b73b08b287761a720b571a8a56703acbf1d6e1543085f4bd46f5ad750a7c63cd6b4714b277e747c5cf7ffec1139b669ed4be7179de658135f0a2607d3cc995790a961a3b597986b9768ee08752d6dd362af111d6ea7e3f4a07b0a2400a66113339af28e1a9e0b2ee3602fe6af253eccd22c5d1963c73bab24d0b8b4015afd665d33de5b89192128e46a643e81aef6948637e887ed2090cc22276516ddb5d7fe821015a0b484148a82d25e4ff995f52f48a791b5dc34dda3297678cb01452e63dac4b6ce55789929fd3d33c508fdbdee8fff6999f9a2f776c73c4c3a3cd271ef71c78e9f8412fce9c55949ebdc06ec7eb341a263098b82cf1f806d9c80c5edd5b5adf94291d5b2ef38093c95172b251a489fd706f2f2e3966df15d6497db9675ef389c4c7b691adb266f1f66b8cd30b8eb083aacc22fbabd81f6277a36b00bf5c464d723c73f0fda73cd6fa3f36fe264c2f5447a46008580eab98ce7811d79690c8f71f3f94391e170feb1b0cabc54cd46185808e742812980b9884cae3281394203245c8d3f00b70708bf2206423c9730eeb10d5858e5a5dbe292ccf6a4d4530bd0299939c61fa7f1b20c67d50b4c8b7df0f867eb30b0300daa652e8d884bed74241247219852039557ac157c6629160864f5d789f269d32b3c34c00162ae2671b4c740f49ff55f5064982628b4d9cadbc4386fbb43264be3deec4b2dd62ae78ee7dcfe5d26cdebcb8998cb7b216347239b196ac7abedd6e5bed6797df520ec41cf2849dd97d4a927c87baa8f391a1d5943b05dbaae75b79e78ddf74cc4895e84d720a578ce8f89e651ac95866efca2dc378fe103909b7b838c92197edd762ed872806cf1a8a7a6365b62314f84c939867ba5b4fc598f6651cbd6015890f92a82b8647f875bbfde2080a69985659b6e85291bc142e6525fc22d1093efa09acd41919166a4f0c37d0dcaea08f9637737021ced98411cbbbf23fcd70d0d371e7f266f7e1306f65e94903c901453cb551d19d23e750f5d4476d44e0bad6f7acc8649e6bf7ef0ab1a4e3e907bb66ef7f7345e5a3cb460856c1787b57b76db00b35cdaf065edf4d0cda91e412ee6e02306738e209db9333bcaf76144549a11aa843e0bd96a6fe360d5eb141883df773ae4b0ecaa6922ebd40d9be57303b77c01298be5e7e23570b7983b11e764b9fe39423d9f263a2930fb9dae0953ee2d5b7444b150d67921b7b67fd485bf22a945a3f7bfceaf78735fd43e149793bff90ce6f9b97123c8211d1735b6d670318ecf8848e433bc6426af411940d547fbdc4a915b5fd35d4de20152c0c62d31d10303d2055dc2860bd7672a71ad369ab16b2573cc84c67410e7dbd2fe2bbed4ada1ca620465977e786555881fdf4e19883e46d50597213e2ecbb50f144b7f947112f0ac11fd75faf418d7d650f630d15c715b424b030587f3757a802c5eca931c5181278c304cd358511da400da538370bb6f2b107b97a168be52853f5f4e0d5ad1003ac08ca301b0f4624d34012748d9854225615664b3eb5ec1e1345e007e9a2c6c56cb04501d579e7896027b1afd3292902821d1257c259850fee66938a21f694ebebb674d6a4140cca48c64935c399f9f6590388ef6f8560b337d65dd123d4f33270353fc228082cf93cfd32eb3687e5359e6cdbc5461dcf53fcaff9281dd814a46343797623f51729dcd4353bf4a50e17901ddd043f2fc7f0fd0a70999cc01f0efad53ff6c280d416b394ff795d60531c38d871efcfeffc11566405ff4b30ea4e1438bc13c0071b1076fd679902760b38a7a528e066198099a535ec01ad956d4d2794e1ff220349235404f5aa1a12a88a0a6b2a0cae65e477b389116e397c386c4492a4dd617771b96fc13ad5abbca4bcdc10a736280a19f7c9b7291a2ff477d395abfb0a1674be32ef9bb137bf4752c1fb2a6f4b50a4b6e464020bd48e312b5969cb0f2c23558d31af548ad8c3d3014d2fcc740b7d924a1a18fa17d173bb1da84167ce3f719e42b18ce63d9e0c9ba505cb2e83ade57f03a68cee0bb936c66b7959786f3f67d92d892eed45380af38f68ff8850d1183f607f171530375698ff3d838cf8d49b652d1be24673ac892d9e7e9a81f76c78d462576210fbf2823a68e7aa8c0438222ae40da563c885bd0fda0ff4116e80e1e01c371ce9d084a932a33b8e83dd89adec8c27b488af97286fecaa15740c230dafb079061fe2408426c8c8d053e3018303ce6675b87ab9f22dd988c5c6b687ba1cc8730e17ba71e6cac765ccb3604687b5777f073cb43ee135a8ac83d5f47a416e2cb108cc34f30cd759db94ffe794d0728f06e2093a42d03523ec61134525a8087dd137a4456085d3d6bd55f9fc8f1ab3b71d6a2b7e9569c7ed63cda7b30ce55dbc66076cfe1730d35101c610306917cd0873ce3e9dded25fc8fd967bc02198fcd91befb267673eafdf7b1f645ef4f51509a945504b03d1509f58411c7c686a0c1854f2302797817c600ea3ca541f64a5dd9f44a4fc227a677ff75476414a55f17ed0bdae8be66dd1b44d537d879275f909e91b5215c539a74a43496b880cb975ed793225123c57376ed77f456adea3d1b6640df5893fa0d742f1914233a2f18f1514da8ba7b5eaec7bfdc171da768ec53d4f6075a0bcf7f1f36f1af5a3d650185f2ca4e34e61c44e82d04165c5267d8a8180b60e764f15b5515446befc960ab4fa4290036773bf08a1788f05f0a69d29c1dd926279e11d2a90b2cdfd30248924ab80c48335ae99e19b731fb8b1c981a3909bf1b8a4bd6e93954c2c256b910ddea16c75da031c100db932b89597f377163e88706a9b3b3a4ffd0f47837fcc973f3f12a35d31cebeef08d0b01f4bfdf6acbda54b2fde342326823b3d2778499e784c5a8d405e32f8e5e0d97fb3b5b923837aadbdf2e696d9ed3aa3c5a45e9fd1d668210e5b996c6e38e4ddd032302371e681dfcfa5d1ab69f5a6096966a1e3a30629288509f81b7a09ceed8da58a65ddd59cca88931164c5c4ec601f3ff2bc569b0c5a2930fa59ffab2d81f2e88f41c2ec4003a5448a66c1b0f898445d98d2c63e0397a0a84efa75de8e31b839c08f99d92b6ffb0abd69a19891673f358daab3559ccff55cd460bbd4905d662e43b7e9f093a2cd88c216e4329e2f591432f327ae54996826bbb184b86f2a4c13ca3c039cd59375b02cd35143fa1a560dbb400bf4f7662cb5cb111f10fd430934128a805e5c994e11f29b869c52c678631c214ba302b51239470f078428484b7d809006a6ec0a991b2f3082b1e387453fd54ea60c9f6a50256a1546b9685a1824a943b4db8fad71495f6accfd8135ea4c9aaa2f9a4b740fe73d5317ca0449d3bd86168980a57dcd712c6282ea011363deffd0675ca64a7904797f368a024feda6d268a5607417bc3f06240149ee66ed7af548b7a0657238c780e19e308867edbf2c4cb48ca2118d39e7ffd1c8d02f83fbdcb20ebefe05fb92b0a8461d9662d909ac0c7ff094fd359619dc62bf43ab5309f4a3d0392d48960bea96657702df951e3aa08db93f1aa7ee75c176d61ca5e948a9c4f0fddf65a6ed23dbec02bc791046a45869cdd289c8a6a6e83bafd3bb4039689bbf2bdf212c83c08c8d221f627f3a2cadd4ec3f047dc6e6a5a29cd0547da70e9e6eb80361e49c374f3e4bf4ac1ced235c64e4850fc4fb50a45533b8afdd87f13082f3fe230aa3181e49c5de4145264a8156dd3f9693ee1b6089a9f541714bf7248ec5db32be1bb4155873b370d729982363d20a643d6fab536c612dd7e43c46a44f1d91727345ab646ce627ce992dae772f398025181a62ead74439e1de9f92df42dda5271b75455209a0a65dc50e61ba879b8976a91d07866d328db5a2dbc602a78c4ace3e3fe0197780313683e25bc780103cc29d1062bc475e0f472d2df100ee8140dfc2f6e8fb9ff517d4dfa9c843ae1c6dca705446c5748d79ebbeadf157adf69dc7e6ad1752cccc0d49e983f1429c52deacb9ee9aa4bf1b417876b22d544c3985a72b39887b6e01c71c6847d3023b445b7912017f888328564aa9d82d3f515c4aa1c5900c6fc55286b1e3e012718eef8d3c44fd4e9eaaac8c56b461578624699251dfeafd12e4a1f240bf01ec0dcb7ad0644ded4c46d73bfb08b0bc783e2ff33c6a99a774f20cc4bb45fc8d7ffb7fcecb12cbc2b06861fe2c021b33c7ce017abd901c456d8ab4eb9e0daf64a61c5ff85b72a837e7d84c0ac41a3cc4eec9173de6028b229c3e006f726b5c75346b732ba3f6fd3463e15365f72eb1892b0377f582759a1e0200ecdfc5fd06596aa58d8092de09aae6bab470149bd0bc5bd6f29c22696d310c9cd31af052f56aba714842e3d35df0797a0210775053ee37c18bb99b74a89485001bc1ead696b152ab1d7b442d85a0faff518ab7a055020cc4000ab9f25635ed6b9b4fa176914e3086fd23e613486c88480f990dd6fb4c8bc1ad6e00a9b00579cbc0ca0f0b80e10f2c72636e1018b6809fbfb4f66fe7cda05ac5dedcc500852c8a82dbe817e5e418dd12a5030155ea4bda35b56498cdfdce02ff7de1c5c5e3d0fa3e303f613855b51eab4101517e27a5f724ba2d0f59969934e23b2b099e5c5d404bff8b9b43c4e842ab11a223622675f8af3e4766979319838904ae173ca8a8c0d78b24904c6ff05a4cf81a9a8ffd08d95516c1a48c9938bd8332a7be535f0ce06b6acde9aa3276e3728c02cb7664b769cf50c0932ebb7d51fd930122034e19f10a33570b32afa5b7e1b88c28951b50dc6e2b19180487b2313c6e5b17246eac9af4695f975a2d55bae06dc53a56ad0b61f9053b602482a5de7d9aebccc06fbf45141ce2f76afc9f28147c0aba985aba38d7023285bdae455b55f80a9949a131ee9186c15ea7cacfdbaf1157fec6801dbfb2e91681f003136a396d56c8a1625a112cbc774888d06f4ce27caa36b304728ba6ca86e3d29febe9783d92d13c6b4a9a9916faec1135a454afb2af78f6da93347c47083c57bbf30835e78c3bcad71872cd5a7433f4179e9942441769d9ed010abef38d3fd4142df1c4fa8826effd77bdc4e324611922b588a5d"}) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaa88aaaaaaaaaaaaaabb86dd"], 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r6, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000740), 0xffffffffffffffff) ioctl$USBDEVFS_CONNECTINFO(r5, 0x8108551b, &(0x7f0000002a40)) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000140)=ANY=[@ANYRES8=0x0, @ANYRESDEC=0x0, @ANYRES64, @ANYRESOCT], 0x3, 0x2c8, &(0x7f00000005c0)="$eJzs3c9KG10YB+DX+Cf53ET4uipdDHTTVVDvIBQLpYGCJQu7MlSFYkSINNBSqrveS2+lu15Gr8BC6RQzU02sttoYJybPA8O8OPPDMzMh5wTOSTYf7O1u7R/sbJQiYu3z+zcRR/EtIqIUszFoprctDPztKACAu2Z9vVUvug2MVqdTb81HRPm3I81PhTQIAAAAAAAAAACAoZ3O////a1QqScxFHMVxxFLf/P+ZfF8y/x8AJoL5/5Ov06m3FvPx2yDz/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDiHKdpNf3DdlmufLvNBABu0JX6f509AEyUf/38DwDcXcfpbET86utnQv8PAJPvxcbLZ/VGY209SSoRex+7zW4z22fH6zvxOtqxHctRje9xMj7IZfWTp4215aRnKTb3DvP8Ybc3rujLr0Q1li7Or2T5ZCDfnI/F/vxqVOPexfnVC/ML8ehhlk/T9DBqUY0vr2I/2rF1MuLpy39YSZLHzxvn8uXeeT2lwh4PAAAAAAAAAAAAAAAAAAAAU6KWnBpcv9/M1u/Xapcdz/LX+H6Ac+vr5+L+XLHXDgAAAAAAAAAAAAAAAAAAAOPi4O273Va7vd258WIh/n5ODPEvKiNo87DFfxExm9/ZcWjPOBc/0uulSiN8rV5WlPNnOR537HaLAt+UAAAAAAAAAAAAAAAAAABgSp0t+r3K2d3RNwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnD2+/+jK4q+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA6/AwAAP//Mn7jLQ==") socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 1.187079427s ago: executing program 0 (id=1620): r0 = creat(&(0x7f0000000500)='./file1\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000811, &(0x7f0000000680)=ANY=[@ANYRES32=r4, @ANYRES16, @ANYRESDEC, @ANYRESDEC=r3, @ANYRES64, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES64=r3, @ANYRESHEX=r4, @ANYBLOB="7c7d95e676a8292ec4b3c08049ee9037b826a9bde5403e72fea52710f6703d28f521423e0b72337c0ad6be85be9ec0feff0618d145b5ac21ebb130039db796978dc49dfdf628dc743d6ec021daa5816ff66f8c18b384d11c68c520feb650f9d06d16db0a86b071b7eec0a719922604e3abe0b54462a7d7546f1c092a3e2cd8b4f73b227a954bc5874162c4f5cc2985a9ff65e1807633c41dec778bf68f0fe74f9a19ff8d23b0259acc035743b9b5dc312cadbc9c1ad0a0729989cb73938a19f2b5d7787c004a12cfc3d5e51326c0c2a1de6d8475", @ANYRES64], 0x2, 0x1d4, &(0x7f00000008c0)="$eJzsmb/vEjEYxp/27gtIjImLg4smkogRjrtDDQsDJu4m4K9NIidBDzBwJkDiQFxcHB1MXP0HHByYHNzcXHVQExMHGZ3PtJS7yq9ADJHE95PQe9q+7du+wDMACIL4b/n29deX51dLtRyA48ggqcZ/GHEM1+I/v3x88UX52qs3n16/75x4MlncjwEIw+3zizTvKgYC1Q/DP1dn1LMGHukb4Lig9C0wWErfBcdNpT0w3FH6gaa7x5TwPete12/cb/meLRpHNK5oinp+E8B0zNAAkFLnY9p8fzh6WPd9r7cojsJ5nqWpXcWm+pmAOa1wlLX6iffr9rOnY9Gf18bW6ueAw1G6CIaq0iUkYVlWXBLt/qfNeH9jm/sfgjiZ3xSTO4ATkvgHgi2OiC90NHJqOvmwvOr7Pg92dr9XlsYFYGnqY/rvdk4oE1gZE/unsNzzmj+ZMCP/KATtR4X+cJRvtetNr+l1XLd4xb5k25fdgjSiWbvB/1LSn9La/kdrYhMsgUE9CHrOAAh6TtR3Z63muNW33Z9yDZf+x5E9N9tDfFTktZOrczD14vIpVNZYe3iCIAiCIAiCIAiCIAiCIIidOAMmfwVVf1SFa3Cvy+jfAQAA//+0A2jN") 1.177651699s ago: executing program 1 (id=1634): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x63f8, 0x4) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000001840)={0x1, &(0x7f0000001880)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000002c0)="6321a1780e3fe8d9098f1f28f3c1f1895857b6b4afebba414b5998fa7c73702eb715d85b6a7709a53bf91325a9fbf7387371592c3533a8a34a28e9364405bb05cdeedb9ddfbe45a6933c33e5019991d691e8e8817a584f5392630d34c12a00aac5c546266df9fbb755447a0ff32acb32fc4b9c54b7fa15f82a9848478df5354f7158ece711c634aead9f427b8a3e580b3bd0920814473069f285753c945e0baa9072f76c542acf2986649075a243126f6d736b8bfa9a88672388eaa7902fc6c9a3c1b2781d", 0xc5}], 0x1}}], 0x1, 0x20000001) read$FUSE(r1, &(0x7f0000003000)={0x2020}, 0x2020) sendmmsg$inet(r1, &(0x7f0000002f80)=[{{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000001240)="668546927ae520a8f3049a2f50ca1553a5e62dc469b5b2348ffe35a76a94a3ad96f8e87e3bd8a5c3c8ce4da39c468ccfb81bc03e88c8a813e9ce7cb1410024b82b58364f6dc5fbf35e04c17ccb4c793d5578c99cf2e1fe30481bb07c86c6806ad25840494578c1516bc6d6e1942cc9f6d3b5491d949c4b93d7a403ca75cb7bc8fea7d325645cbe4c87da88e362c3ae3206fe2d3d88d62500c4f5ccbc1af04079cc5d49c05f487f40ed97703cf5f46cc9d074e5a8811d3e43b5b4f6456c508e0695433ea9f6", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001800)="db", 0x1}], 0x1}}], 0x2, 0x0) recvmsg(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/140, 0x8c}], 0x1}, 0x0) 1.158445872s ago: executing program 2 (id=1635): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000080)='mm_page_alloc\x00', r1}, 0x10) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r2, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0, 0x0) 1.156877332s ago: executing program 1 (id=1636): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r2, 0x0) bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="38000300010000", 0x7) 1.134942636s ago: executing program 1 (id=1637): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000006c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@nombcache}, {@noload}]}, 0x3, 0x440, &(0x7f0000000280)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckG0LdG05ckYk9E/B4Rw9VsfYHR6j83V5am/15Zmk6iXH7zr6RS7sbK0nReNH/f7jwzEFH4NIlDTepduHT53FSpNHsxy48vnn9vfOHS5Wfnzk+dnT07e2Hy1KkTxyeePzn5XFfiTOO6cfDD+cMHXn376uvTp6++8/O3SR5/QxxdMtru4OPlcper6629NelkoIcNoSPFajeNwUr/H45irJ284Xjlk542DthS5XK5fF/rw8tl4C6WRK9bAPRG/kOfzn/zbZuGHneE6y9WJ0Bp3DezrXpkIApZmcGG+W03jUbE6eV/vkq32Jr7EAAAdb5Pxz/PNBv/FaL2vtD/szWUkYi4JyL2RcTJiNgfEfdGVMreHxEPdFh/4yLJ+vFP4dqmAtugdPz3Qra2VT/+y0d/MVLMcnsr8Q8mZ+ZKs8eyz+RoDO5I8xNt6vjh5d8+b3WsdvyXbmn9+Vgwa8e1gR3175mZWpy6nZhrXf844uBAs/iT1ZWAJCIORMTBTdYx99Q3h1sdu3X8bXRhnan8dcQT1fO/HA3x55L265Pj/4vS7LHx/KpY75dfr7zRqv7bir8L0vO/q+n1vxr/SFK7XrvQyf/+5ZPp65U/Pms5p9ns9T+UvFW374OpxcWLExFDyWvVRtfun2woN7lWPo3/6JHm/X9frH0ShyIivYgfjIiHIuLhrO2PRMSjEXGkzafw00uPvbv5+LdWGv9MR+d/LTEUjXuaJ4rnfvyurtKRTuJPz/+JSupotmcj338baVenVzMAAAD8VxUiYk8khbHVdKEwNlb9G/79satQml9YfPrM/PsXZqrPCIzEYCG/0zVccz90IpvW5/nJhvzx7L7xF8WdlfzY9HxpptfBQ5/b3aL/p/4s9rp1wJbzvBb0L/0f+pf+D/1L/4f+1aT/7+xFO4Dt1+z3/6MetAPYfg3937If9BHzf+hfm+n/vjPg7tC2Lw9tXzuAbbWwM279kLyExLpEFO6IZkhsUaLX30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8W8AAAD//58P56I=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000001c0), 0x4) unlink(&(0x7f0000000280)='./file1\x00') creat(&(0x7f0000000780)='./file2\x00', 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) 237.879673ms ago: executing program 4 (id=1638): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x541b, 0x0) 226.767245ms ago: executing program 2 (id=1639): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x30, 0x0, 0x0, 0xfffff018}, {0x6}]}) 137.809889ms ago: executing program 4 (id=1640): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f00000037c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdce09000125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffaf4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2b2f0ed86b00000000fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c7070800000000000000433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf8714d7bb2366fde41f94290c2a5fdecb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1f5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27832b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a540f0c10ec3a11667290b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad95971030000007d00000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c6055bb164ab413d5467ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d7ab3753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c8c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf06db539f97580e079175426c088a0208040982a000000000000000000000000001aad0b6d70c42c3131006d9996b4c651ceaaf0159fe6e7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a1914b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c056d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04de1d9f34335d8fcb9205da65b43831c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23d040000000000000033f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8adc67ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c259d3f28b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d74f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c51000000000000000000000000000000000000000000915c2cde78db002a20e370600f56b3803786ffff268fa1782c240a1d3b62bb5c9c5712bc58a0f276f5224b6efaceab36d1468b0800000000000000cbefec08ac7cb62a9f6abcc97daf83edafe4409ecba3050a321a180af12bc59b1b2f1a9cfdf4bf2d26449544d82fae6473443c68e11c33b531896b7b7ebd03ed5620880ac1a33d3a6fa59d77e98a17d594eaea287f095e0593ac101efc3ad591249a4b0f090c0be8866b80f686fb8049c942c93b240c1e13ffba1f5220b5d08456614329cb66f71cbaefaedabdd0e9754f821cf88cfe247b85fea737bb72e759168acbef4cea2e21bb3fb18b8612183b386d3285984b96e22bf82be189395475b18c27437b73a81ff72818cdd291e906a8e2933237473494d4ddea11f7972eeb0fbee7e8aa90818fa847b700b4225ebb3c662c06e33dc5b94df2b35bc1647d87002b6106f7d4866ce7d68194dd00"/4166], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10) timer_create(0x0, 0x0, &(0x7f00000004c0)) timer_getoverrun(0x0) 137.633728ms ago: executing program 2 (id=1641): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$key(0xf, 0x3, 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x3f53, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 133.610039ms ago: executing program 0 (id=1642): syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x4000, 0x0, 0x1, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000600000000005e00221a850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b8"], 0xb8) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) llistxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 105.560063ms ago: executing program 4 (id=1643): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x5a87, 0x4, 0x3, 0x0, r2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x27) 90.889846ms ago: executing program 0 (id=1644): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='track_foreign_dirty\x00', r1}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_freezer_state(r3, &(0x7f0000000240)='THAWED\x00', 0x7) 26.563236ms ago: executing program 4 (id=1645): ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x40305829, 0x0) r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'veth1_virt_wifi\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) sendmmsg$sock(r0, &(0x7f000000fd40)=[{{0x0, 0x0, &(0x7f000000c8c0)=[{&(0x7f0000001b80)="100c233be8cf83d5", 0x8}, {&(0x7f0000007480)="60ca1874ec34", 0x6}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 26.037326ms ago: executing program 0 (id=1646): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x3, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r4, &(0x7f0000000980), 0x12) 25.615826ms ago: executing program 1 (id=1647): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r2, 0x0) bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="38000300010000", 0x7) 0s ago: executing program 3 (id=1648): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000280)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) write$uinput_user_dev(r6, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x9}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f0000000040), &(0x7f0000000140)=r7}, 0x20) kernel console output (not intermixed with test programs): ve=1 [ 131.633532][ T28] audit: type=1400 audit(1719599413.584:529): avc: denied { accept } for pid=3584 comm="syz.1.1159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 131.966624][ T3591] syz.0.1162[3591] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.966700][ T3591] syz.0.1162[3591] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.989362][ T40] wacom 0003:056A:01D0.0012: Unknown device_type for 'HID 056a:01d0'. Ignoring. [ 131.992854][ T3594] loop0: detected capacity change from 0 to 256 [ 132.016963][ T3592] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'. [ 132.030939][ T3594] FAT-fs (loop0): Directory bread(block 64) failed [ 132.037409][ T3594] FAT-fs (loop0): Directory bread(block 65) failed [ 132.044150][ T3594] FAT-fs (loop0): Directory bread(block 66) failed [ 132.050680][ T3594] FAT-fs (loop0): Directory bread(block 67) failed [ 132.051496][ T3596] input: syz0 as /devices/virtual/input/input20 [ 132.057132][ T3594] FAT-fs (loop0): Directory bread(block 68) failed [ 132.081700][ T3594] FAT-fs (loop0): Directory bread(block 69) failed [ 132.089688][ T3594] FAT-fs (loop0): Directory bread(block 70) failed [ 132.096081][ T3594] FAT-fs (loop0): Directory bread(block 71) failed [ 132.096505][ T3598] loop1: detected capacity change from 0 to 256 [ 132.102754][ T3594] FAT-fs (loop0): Directory bread(block 72) failed [ 132.114824][ T3594] FAT-fs (loop0): Directory bread(block 73) failed [ 132.172957][ T3602] loop1: detected capacity change from 0 to 16 [ 132.179841][ T3602] erofs: (device loop1): mounted with root inode @ nid 36. [ 132.193873][ T40] usb 3-1: USB disconnect, device number 7 [ 132.214547][ T3606] syz.1.1169[3606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.214601][ T3606] syz.1.1169[3606] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.344441][ T3608] user requested TSC rate below hardware speed [ 132.373151][ T3615] syz.1.1173[3615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.373226][ T3615] syz.1.1173[3615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.467541][ T385] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 132.717471][ T385] usb 1-1: Using ep0 maxpacket: 8 [ 132.755968][ T3629] loop2: detected capacity change from 0 to 256 [ 132.771392][ T3629] FAT-fs (loop2): Directory bread(block 64) failed [ 132.778292][ T3629] FAT-fs (loop2): Directory bread(block 65) failed [ 132.784790][ T3629] FAT-fs (loop2): Directory bread(block 66) failed [ 132.791928][ T3629] FAT-fs (loop2): Directory bread(block 67) failed [ 132.799072][ T3629] FAT-fs (loop2): Directory bread(block 68) failed [ 132.805908][ T3629] FAT-fs (loop2): Directory bread(block 69) failed [ 132.812668][ T3629] FAT-fs (loop2): Directory bread(block 70) failed [ 132.819713][ T3629] FAT-fs (loop2): Directory bread(block 71) failed [ 132.826217][ T3629] FAT-fs (loop2): Directory bread(block 72) failed [ 132.833295][ T3629] FAT-fs (loop2): Directory bread(block 73) failed [ 132.876255][ T3619] loop1: detected capacity change from 0 to 131072 [ 132.903594][ T3619] F2FS-fs (loop1): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 132.913423][ T3619] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 132.922459][ T3619] F2FS-fs (loop1): invalid crc value [ 132.930582][ T3619] F2FS-fs (loop1): Found nat_bits in checkpoint [ 132.983918][ T3619] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 132.991409][ T3619] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 133.083439][ T385] usb 1-1: New USB device found, idVendor=b924, idProduct=da93, bcdDevice=d3.70 [ 133.093180][ T385] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.101285][ T385] usb 1-1: Product: syz [ 133.105393][ T385] usb 1-1: Manufacturer: syz [ 133.110716][ T385] usb 1-1: SerialNumber: syz [ 133.116789][ T385] usb 1-1: config 0 descriptor?? [ 133.255494][ T3643] incfs: ino conflict with backing FS 4 [ 133.487579][ T965] usb 1-1: USB disconnect, device number 13 [ 133.561062][ T3647] loop4: detected capacity change from 0 to 256 [ 133.573550][ T3647] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 134.214925][ T3652] loop2: detected capacity change from 0 to 40427 [ 134.233485][ T3652] F2FS-fs (loop2): Found nat_bits in checkpoint [ 134.294573][ T3652] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 134.331413][ T3652] syz.2.1184: attempt to access beyond end of device [ 134.331413][ T3652] loop2: rw=34817, sector=77824, nr_sectors = 8 limit=40427 [ 134.427524][ T385] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 134.449579][ T3200] syz-executor: attempt to access beyond end of device [ 134.449579][ T3200] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 134.457211][ T3664] loop4: detected capacity change from 0 to 256 [ 134.507550][ T28] audit: type=1400 audit(1719599416.514:530): avc: denied { read } for pid=3665 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 134.536970][ T3664] FAT-fs (loop4): Directory bread(block 64) failed [ 134.543871][ T3664] FAT-fs (loop4): Directory bread(block 65) failed [ 134.550543][ T28] audit: type=1400 audit(1719599416.514:531): avc: denied { open } for pid=3665 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 134.574705][ T3664] FAT-fs (loop4): Directory bread(block 66) failed [ 134.581639][ T3664] FAT-fs (loop4): Directory bread(block 67) failed [ 134.588118][ T3664] FAT-fs (loop4): Directory bread(block 68) failed [ 134.594489][ T3664] FAT-fs (loop4): Directory bread(block 69) failed [ 134.602390][ T3664] FAT-fs (loop4): Directory bread(block 70) failed [ 134.608851][ T3664] FAT-fs (loop4): Directory bread(block 71) failed [ 134.615272][ T3664] FAT-fs (loop4): Directory bread(block 72) failed [ 134.621661][ T3664] FAT-fs (loop4): Directory bread(block 73) failed [ 134.632622][ T3665] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.646987][ T3665] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.654650][ T3665] device bridge_slave_0 entered promiscuous mode [ 134.666904][ T3665] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.682817][ T3665] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.693648][ T3665] device bridge_slave_1 entered promiscuous mode [ 134.762083][ T385] usb 1-1: Using ep0 maxpacket: 16 [ 134.799414][ T3665] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.800589][ T3680] loop2: detected capacity change from 0 to 512 [ 134.806427][ T3665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.819706][ T3665] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.826474][ T3665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.834601][ T3680] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 134.852173][ T963] device bridge_slave_1 left promiscuous mode [ 134.860751][ T963] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.871485][ T963] device bridge_slave_0 left promiscuous mode [ 134.878665][ T963] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.891818][ T963] device veth1_macvtap left promiscuous mode [ 134.928032][ T385] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 134.941849][ T963] device veth0_vlan left promiscuous mode [ 134.947834][ T385] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 134.994203][ T385] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.040332][ T3680] EXT4-fs (loop2): 1 truncate cleaned up [ 135.046172][ T3680] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 135.054812][ T385] usb 1-1: config 0 descriptor?? [ 135.073795][ T28] audit: type=1400 audit(1719599417.084:532): avc: denied { read write } for pid=3679 comm="syz.2.1195" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 135.096318][ T28] audit: type=1400 audit(1719599417.084:533): avc: denied { open } for pid=3679 comm="syz.2.1195" path="/root/syzkaller.mYbQdm/32/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 135.157476][ T3680] loop2: detected capacity change from 512 to 64 [ 135.181876][ T3200] EXT4-fs error (device loop2): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 135.195158][ T3200] EXT4-fs error (device loop2): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 135.217745][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 135.225249][ T299] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.232459][ T299] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.242139][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 135.250769][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 135.258831][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.265659][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.277736][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 135.285810][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 135.293838][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.300686][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.309115][ T3200] EXT4-fs (loop2): unmounting filesystem. [ 135.315498][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 135.324202][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 135.346237][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 135.362648][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 135.385626][ T3665] device veth0_vlan entered promiscuous mode [ 135.404637][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 135.417142][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 135.433635][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 135.449925][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 135.465303][ T3665] device veth1_macvtap entered promiscuous mode [ 135.472541][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 135.480412][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 135.487963][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 135.495966][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 135.504343][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 135.525685][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 135.551324][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 135.561581][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 135.570278][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 135.608321][ T3693] loop1: detected capacity change from 0 to 1024 [ 135.608545][ T3691] input: syz0 as /devices/virtual/input/input21 [ 135.635543][ T3693] EXT4-fs (loop1): INFO: recovery required on readonly filesystem [ 135.647712][ T3693] EXT4-fs (loop1): write access will be enabled during recovery [ 135.665708][ T3693] EXT4-fs (loop1): barriers disabled [ 135.677797][ T3693] JBD2: no valid journal superblock found [ 135.683497][ T3693] EXT4-fs (loop1): error loading journal [ 135.706151][ T3697] loop4: detected capacity change from 0 to 256 [ 135.714966][ T3657] loop0: detected capacity change from 0 to 40427 [ 135.720622][ T3697] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 135.735629][ T3657] F2FS-fs (loop0): invalid crc value [ 135.743425][ T965] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 135.755076][ T3688] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.762006][ T3688] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.774929][ T3688] device bridge_slave_0 entered promiscuous mode [ 135.784438][ T3688] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.796518][ T3688] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.804389][ T3688] device bridge_slave_1 entered promiscuous mode [ 135.819042][ T3657] F2FS-fs (loop0): Found nat_bits in checkpoint [ 135.882363][ T3657] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 135.919412][ T3688] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.926282][ T3688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.933392][ T3688] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.940175][ T3688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.102233][ T28] audit: type=1326 audit(1719599418.114:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3705 comm="syz.1.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 136.175373][ T3657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.213339][ T3657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.228450][ T28] audit: type=1326 audit(1719599418.144:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3705 comm="syz.1.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 136.254416][ T28] audit: type=1326 audit(1719599418.144:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3705 comm="syz.1.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 136.277843][ T965] usb 4-1: Using ep0 maxpacket: 16 [ 136.283951][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.289559][ T385] hid (null): unknown global tag 0xa5 [ 136.296127][ T385] hid (null): unknown global tag 0xd [ 136.297659][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.302937][ T385] hid-generic 0003:0158:0100.0013: unknown main item tag 0x1 [ 136.315463][ T385] hid-generic 0003:0158:0100.0013: unexpected long global item [ 136.323666][ T385] hid-generic: probe of 0003:0158:0100.0013 failed with error -22 [ 136.331636][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 136.339505][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 136.346707][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 136.354903][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 136.362938][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.369821][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.377098][ T3708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1202'. [ 136.393225][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 136.398023][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.407623][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 136.416029][ T965] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.420221][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.430660][ T965] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 136.436122][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.449032][ T965] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 136.466905][ T965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.490202][ T965] usb 4-1: config 0 descriptor?? [ 136.498696][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 136.507059][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 136.516301][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 136.524855][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 136.568510][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 136.576970][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 136.587213][ T3688] device veth0_vlan entered promiscuous mode [ 136.605295][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 136.619315][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 136.634215][ T3688] device veth1_macvtap entered promiscuous mode [ 136.641704][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 136.649463][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 136.656859][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 136.665974][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 136.674284][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 136.702495][ T963] device bridge_slave_1 left promiscuous mode [ 136.708581][ T963] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.716012][ T963] device bridge_slave_0 left promiscuous mode [ 136.722324][ T963] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.730936][ T963] device veth1_macvtap left promiscuous mode [ 136.736918][ T963] device veth0_vlan left promiscuous mode [ 136.771834][ T3726] loop1: detected capacity change from 0 to 512 [ 136.978841][ T3726] EXT4-fs (loop1): 1 truncate cleaned up [ 136.994424][ T3726] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 137.099276][ T965] microsoft 0003:045E:07DA.0014: report_id 1885 is invalid [ 137.106315][ T965] microsoft 0003:045E:07DA.0014: item 0 4 1 8 parsing failed [ 137.113776][ T965] microsoft 0003:045E:07DA.0014: parse failed [ 137.121297][ T965] microsoft: probe of 0003:045E:07DA.0014 failed with error -22 [ 137.130756][ T28] audit: type=1400 audit(1719599419.144:537): avc: denied { shutdown } for pid=3725 comm="syz.1.1211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 137.150726][ T28] audit: type=1400 audit(1719599419.144:538): avc: denied { read } for pid=3725 comm="syz.1.1211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 137.173348][ T40] usb 4-1: USB disconnect, device number 9 [ 137.203947][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 137.212023][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 137.228867][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 137.236981][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 137.244848][ T310] usb 1-1: USB disconnect, device number 14 [ 137.270311][ T3212] syz-executor: attempt to access beyond end of device [ 137.270311][ T3212] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 137.609482][ T3665] EXT4-fs (loop1): unmounting filesystem. [ 137.657042][ T3746] loop1: detected capacity change from 0 to 256 [ 137.670622][ T3746] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 137.947589][ T310] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 138.287490][ T310] usb 5-1: Using ep0 maxpacket: 16 [ 138.382225][ T3734] loop0: detected capacity change from 0 to 131072 [ 138.402607][ T3734] F2FS-fs (loop0): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 138.414621][ T3734] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 138.423849][ T3734] F2FS-fs (loop0): invalid crc value [ 138.429263][ T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 138.440971][ T310] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 138.450573][ T310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.459583][ T3734] F2FS-fs (loop0): Found nat_bits in checkpoint [ 138.474834][ T310] usb 5-1: config 0 descriptor?? [ 138.561750][ T3734] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 138.569276][ T3734] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 138.635739][ T3761] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.642956][ T3761] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.650416][ T3761] device bridge_slave_0 entered promiscuous mode [ 138.657798][ T3761] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.664696][ T3761] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.672560][ T3761] device bridge_slave_1 entered promiscuous mode [ 138.785014][ T3761] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.792044][ T3761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.799111][ T3761] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.805868][ T3761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.919213][ T3761] device veth0_vlan entered promiscuous mode [ 138.941437][ T3734] incfs: ino conflict with backing FS 4 [ 138.949750][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.953684][ T28] audit: type=1326 audit(1719599420.964:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3742 comm="syz.4.1216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1181775b99 code=0x7ffc0000 [ 138.960163][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 138.985639][ T3776] syz.1.1226[3776] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.987771][ T3776] syz.1.1226[3776] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.988535][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.019458][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.028122][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.036140][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 139.045612][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 139.051068][ T3778] loop1: detected capacity change from 0 to 512 [ 139.054513][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 139.075673][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 139.076521][ T3778] EXT4-fs (loop1): 1 truncate cleaned up [ 139.088349][ T3778] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 139.109793][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 139.121585][ T3761] device veth1_macvtap entered promiscuous mode [ 139.133010][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 139.142600][ T331] device bridge_slave_1 left promiscuous mode [ 139.148648][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.156095][ T331] device bridge_slave_0 left promiscuous mode [ 139.162810][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.171285][ T331] device veth1_macvtap left promiscuous mode [ 139.177180][ T331] device veth0_vlan left promiscuous mode [ 139.242191][ T3743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.256403][ T3743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.287830][ T310] hid (null): report_id 0 is invalid [ 139.296071][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x1 [ 139.304168][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x0 [ 139.311440][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x0 [ 139.318664][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x2 [ 139.325817][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x0 [ 139.333049][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x0 [ 139.340248][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x0 [ 139.347484][ T310] hid-generic 0003:0158:0100.0015: unknown main item tag 0x0 [ 139.354613][ T310] hid-generic 0003:0158:0100.0015: report_id 0 is invalid [ 139.361582][ T310] hid-generic 0003:0158:0100.0015: item 0 1 1 8 parsing failed [ 139.369083][ T310] hid-generic: probe of 0003:0158:0100.0015 failed with error -22 [ 139.415748][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 139.489876][ T299] usb 5-1: USB disconnect, device number 11 [ 139.658661][ T331] tipc: Left network mode [ 139.697518][ T441] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 139.772974][ T3785] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.780086][ T3785] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.787252][ T3785] device bridge_slave_0 entered promiscuous mode [ 139.794508][ T3785] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.801610][ T3785] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.808959][ T3785] device bridge_slave_1 entered promiscuous mode [ 139.862731][ T3785] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.869779][ T3785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.876827][ T3785] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.883644][ T3785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.891648][ T3665] EXT4-fs (loop1): unmounting filesystem. [ 139.910982][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.918851][ T396] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.928523][ T396] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.937657][ T441] usb 3-1: Using ep0 maxpacket: 16 [ 139.948432][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.956458][ T965] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.963314][ T965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.970529][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.978822][ T965] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.985664][ T965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.001039][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.008985][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.031726][ T3785] device veth0_vlan entered promiscuous mode [ 140.043812][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 140.052426][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 140.060606][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 140.067883][ T441] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 140.079273][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 140.086677][ T441] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 140.098477][ T441] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.104402][ T3785] device veth1_macvtap entered promiscuous mode [ 140.107295][ T441] usb 3-1: config 0 descriptor?? [ 140.119614][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 140.137678][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 140.146083][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 140.209357][ T331] device bridge_slave_1 left promiscuous mode [ 140.215331][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.229585][ T331] device bridge_slave_0 left promiscuous mode [ 140.242822][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.260347][ T331] device veth1_macvtap left promiscuous mode [ 140.272758][ T331] device veth0_vlan left promiscuous mode [ 140.501579][ T3803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1236'. [ 140.540053][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 140.540071][ T28] audit: type=1400 audit(1719599422.554:561): avc: denied { append } for pid=3802 comm="syz.0.1236" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 140.618241][ T3801] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.632832][ T3801] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.647942][ T3801] device bridge_slave_0 entered promiscuous mode [ 140.663329][ T3801] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.671024][ T3782] loop2: detected capacity change from 0 to 40427 [ 140.677452][ T3801] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.687016][ T3782] F2FS-fs (loop2): invalid crc value [ 140.687776][ T3801] device bridge_slave_1 entered promiscuous mode [ 140.746901][ T3782] F2FS-fs (loop2): Found nat_bits in checkpoint [ 140.816280][ T3819] loop0: detected capacity change from 0 to 256 [ 140.841145][ T3819] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 140.866804][ T3782] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 140.954441][ T3801] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.961334][ T3801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.968422][ T3801] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.975191][ T3801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.000373][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 141.010635][ T396] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.020196][ T396] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.067689][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 141.076480][ T396] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.083354][ T396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.122792][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 141.131388][ T396] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.138287][ T396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.163922][ T3782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.178444][ T3782] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.203886][ T19] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 141.213154][ T441] hid (null): unknown global tag 0xa5 [ 141.218440][ T441] hid (null): unknown global tag 0xd [ 141.224622][ T441] hid-generic 0003:0158:0100.0016: unknown main item tag 0x1 [ 141.231925][ T441] hid-generic 0003:0158:0100.0016: unexpected long global item [ 141.239468][ T441] hid-generic: probe of 0003:0158:0100.0016 failed with error -22 [ 141.258901][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 141.266615][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 141.282147][ T3801] device veth0_vlan entered promiscuous mode [ 141.288574][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 141.296338][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 141.303805][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 141.310865][ T40] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 141.318757][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 141.333065][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 141.342109][ T3801] device veth1_macvtap entered promiscuous mode [ 141.351435][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 141.361659][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 141.577581][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.588363][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.598226][ T19] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 141.607718][ T40] usb 2-1: Using ep0 maxpacket: 16 [ 141.611297][ T19] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 141.625206][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.625513][ T331] device bridge_slave_1 left promiscuous mode [ 141.637268][ T19] usb 4-1: config 0 descriptor?? [ 141.640121][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.658418][ T331] device bridge_slave_0 left promiscuous mode [ 141.670872][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.681085][ T331] device veth1_macvtap left promiscuous mode [ 141.687284][ T331] device veth0_vlan left promiscuous mode [ 141.737622][ T40] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 141.748746][ T40] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 141.757834][ T40] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.769761][ T40] usb 2-1: config 0 descriptor?? [ 142.007907][ T965] usb 3-1: USB disconnect, device number 8 [ 142.014347][ T3761] syz-executor: attempt to access beyond end of device [ 142.014347][ T3761] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 142.053994][ T3832] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.063019][ T3832] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.070585][ T3832] device bridge_slave_0 entered promiscuous mode [ 142.078132][ T3832] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.085445][ T3832] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.093430][ T3832] device bridge_slave_1 entered promiscuous mode [ 142.108505][ T19] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 142.126903][ T19] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 142.132931][ T28] audit: type=1326 audit(1719599424.134:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.158645][ T28] audit: type=1326 audit(1719599424.174:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.160730][ T19] plantronics 0003:047F:FFFF.0017: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 142.184392][ T28] audit: type=1326 audit(1719599424.204:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.218249][ T28] audit: type=1326 audit(1719599424.204:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.242311][ T28] audit: type=1326 audit(1719599424.204:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.265885][ T28] audit: type=1326 audit(1719599424.204:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.289161][ T28] audit: type=1326 audit(1719599424.204:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.316694][ T28] audit: type=1326 audit(1719599424.204:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.341955][ T28] audit: type=1326 audit(1719599424.204:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3821 comm="syz.1.1242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd60d775b99 code=0x7ffc0000 [ 142.373533][ T3817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.381940][ T3817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.418392][ T3822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.435810][ T3822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.458301][ T40] hid (null): report_id 0 is invalid [ 142.469715][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x1 [ 142.477371][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x0 [ 142.484984][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x0 [ 142.488278][ T3848] syz.4.1252[3848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.492426][ T3848] syz.4.1252[3848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.494598][ T3832] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.521499][ T3832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.528616][ T3832] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.535381][ T3832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.548123][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x2 [ 142.555355][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x0 [ 142.575324][ T3850] loop4: detected capacity change from 0 to 256 [ 142.581586][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x0 [ 142.594475][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x0 [ 142.596649][ T3852] loop2: detected capacity change from 0 to 512 [ 142.604386][ T3850] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 142.613139][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.619855][ T40] hid-generic 0003:0158:0100.0018: unknown main item tag 0x0 [ 142.634070][ T965] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.634710][ T40] hid-generic 0003:0158:0100.0018: report_id 0 is invalid [ 142.650589][ T965] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.667959][ T40] hid-generic 0003:0158:0100.0018: item 0 1 1 8 parsing failed [ 142.668450][ T3852] EXT4-fs (loop2): 1 truncate cleaned up [ 142.675624][ T40] hid-generic: probe of 0003:0158:0100.0018 failed with error -22 [ 142.688716][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.697181][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.706498][ T3852] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 142.715895][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.722779][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.743092][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 142.767608][ T40] usb 2-1: USB disconnect, device number 11 [ 142.786473][ T3761] EXT4-fs error (device loop2): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 142.807770][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.815810][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.822714][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.931063][ T3761] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 143.044436][ T3761] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 143.161934][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 143.170210][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 143.178091][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 143.186056][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 143.198906][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 143.207157][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 143.215418][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 143.223128][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 143.231463][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 143.238745][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 143.245980][ T3832] device veth0_vlan entered promiscuous mode [ 143.264542][ T3832] device veth1_macvtap entered promiscuous mode [ 143.271117][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 143.279235][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 143.287152][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 143.299226][ T3761] EXT4-fs (loop2): unmounting filesystem. [ 143.299676][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 143.323661][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 143.341481][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 143.349685][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 143.787783][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 143.870046][ T331] device bridge_slave_1 left promiscuous mode [ 143.880770][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.889023][ T331] device bridge_slave_0 left promiscuous mode [ 143.895037][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.909106][ T331] device veth1_macvtap left promiscuous mode [ 143.916971][ T331] device veth0_vlan left promiscuous mode [ 143.956493][ T3868] loop1: detected capacity change from 0 to 512 [ 143.972643][ T3868] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz.1.1259: bad orphan inode 15 [ 143.983020][ T3868] ext4_test_bit(bit=14, block=5) = 0 [ 143.988326][ T3868] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 143.998161][ T3868] EXT4-fs (loop1): unmounting filesystem. [ 144.100475][ T3866] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.108266][ T3866] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.115577][ T3866] device bridge_slave_0 entered promiscuous mode [ 144.122569][ T3866] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.129472][ T3866] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.136652][ T3866] device bridge_slave_1 entered promiscuous mode [ 144.177506][ T396] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 144.218566][ T3866] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.225456][ T3866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.232584][ T3866] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.239459][ T3866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.268254][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.276032][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.283371][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.299698][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.307927][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.314812][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.322019][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.330004][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.336825][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.356988][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.364845][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.402494][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 144.421793][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 144.429750][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 144.436917][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 144.444149][ T396] usb 5-1: Using ep0 maxpacket: 32 [ 144.449413][ T3875] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.456432][ T3875] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.464146][ T3875] device bridge_slave_0 entered promiscuous mode [ 144.471631][ T3875] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.478645][ T3875] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.485783][ T3875] device bridge_slave_1 entered promiscuous mode [ 144.495180][ T3866] device veth0_vlan entered promiscuous mode [ 144.538294][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 144.560177][ T3866] device veth1_macvtap entered promiscuous mode [ 144.587581][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 144.603306][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 144.632951][ T3882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1257'. [ 144.671742][ T3885] loop3: detected capacity change from 0 to 512 [ 144.675289][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.687723][ T396] usb 5-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 144.699998][ T396] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 144.702999][ T3885] EXT4-fs (loop3): 1 truncate cleaned up [ 144.710592][ T396] usb 5-1: Product: syz [ 144.715753][ T3885] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 144.728515][ T518] usb 4-1: USB disconnect, device number 10 [ 144.746814][ T396] usb 5-1: config 0 descriptor?? [ 144.755593][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 144.756183][ T3118] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 144.765605][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.792622][ T3118] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 144.809885][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.810080][ T3118] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 144.816742][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.857918][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.865981][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.872848][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.880800][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.889300][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.907687][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.926968][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 144.935692][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 144.943426][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 144.952970][ T3118] EXT4-fs (loop3): unmounting filesystem. [ 144.961730][ T3875] device veth0_vlan entered promiscuous mode [ 144.976018][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 144.984991][ T3875] device veth1_macvtap entered promiscuous mode [ 144.996137][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 145.038453][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 145.082495][ T3897] __vm_enough_memory: pid: 3897, comm: syz.1.1262, no enough memory for the allocation [ 145.117687][ T396] usb 5-1: Found UVC 0.00 device syz (046d:08f6) [ 145.123979][ T396] usb 5-1: No valid video chain found. [ 145.136861][ T396] usb 5-1: USB disconnect, device number 12 [ 145.144201][ T3901] binder: 3900:3901 ioctl 4018620d 0 returned -22 [ 145.151556][ T3901] binder: 3900:3901 ioctl c0306201 20000380 returned -11 [ 145.231318][ T3906] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.238310][ T3906] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.245649][ T3906] device bridge_slave_0 entered promiscuous mode [ 145.252845][ T3906] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.259922][ T3906] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.267263][ T3906] device bridge_slave_1 entered promiscuous mode [ 145.299913][ T331] device bridge_slave_1 left promiscuous mode [ 145.305867][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.313298][ T331] device bridge_slave_0 left promiscuous mode [ 145.319305][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.327318][ T331] device bridge_slave_1 left promiscuous mode [ 145.333505][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.340876][ T331] device bridge_slave_0 left promiscuous mode [ 145.346825][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.355488][ T331] device veth1_macvtap left promiscuous mode [ 145.361564][ T331] device veth0_vlan left promiscuous mode [ 145.368361][ T331] device veth1_macvtap left promiscuous mode [ 145.374225][ T331] device veth0_vlan left promiscuous mode [ 145.437674][ T372] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 145.578344][ T3925] __vm_enough_memory: pid: 3925, comm: syz.4.1281, no enough memory for the allocation [ 145.668009][ T3906] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.675006][ T3906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.682104][ T3906] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.688871][ T3906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.718276][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 145.725834][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.733156][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.764076][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.777660][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.784631][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.793663][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 145.801745][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.808620][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.827534][ T372] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.838556][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 145.838593][ T2960] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 145.850484][ T372] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.860087][ T372] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 145.873774][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.882761][ T372] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 145.891806][ T372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.904465][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 145.918045][ T372] usb 3-1: config 0 descriptor?? [ 145.925938][ T518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.966079][ T3906] device veth0_vlan entered promiscuous mode [ 145.991567][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 146.000635][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 146.008091][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 146.022835][ T3906] device veth1_macvtap entered promiscuous mode [ 146.033793][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 146.047518][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 146.076963][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 146.087228][ T3941] loop0: detected capacity change from 0 to 256 [ 146.120865][ T3941] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 146.498711][ T372] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 146.575709][ T372] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 146.655695][ T372] plantronics 0003:047F:FFFF.0019: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 146.678548][ T3903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.701483][ T3903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.956854][ T3961] __vm_enough_memory: pid: 3961, comm: syz.4.1292, no enough memory for the allocation [ 147.002816][ T3965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1294'. [ 147.047619][ T372] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 147.138296][ T331] device bridge_slave_1 left promiscuous mode [ 147.144228][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.152081][ T331] device bridge_slave_0 left promiscuous mode [ 147.158107][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.168861][ T331] device veth1_macvtap left promiscuous mode [ 147.174852][ T331] device veth0_vlan left promiscuous mode [ 147.315002][ T963] Bluetooth: hci0: Frame reassembly failed (-84) [ 147.338017][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 147.338041][ T28] audit: type=1326 audit(1719599429.344:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 147.377527][ T372] usb 2-1: Using ep0 maxpacket: 32 [ 147.414858][ T963] Bluetooth: hci0: Frame reassembly failed (-84) [ 147.431812][ T28] audit: type=1400 audit(1719599429.404:596): avc: denied { read write } for pid=3970 comm="syz.0.1298" path="socket:[39705]" dev="sockfs" ino=39705 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 147.455564][ T28] audit: type=1326 audit(1719599429.404:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 147.634036][ T3983] device syzkaller0 entered promiscuous mode [ 147.648152][ T372] usb 2-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 147.657315][ T372] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 147.665470][ T372] usb 2-1: Product: syz [ 147.671131][ T372] usb 2-1: config 0 descriptor?? [ 147.858369][ T3993] loop4: detected capacity change from 0 to 256 [ 147.868428][ T3993] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 147.931231][ T28] audit: type=1326 audit(1719599429.944:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 147.973107][ T28] audit: type=1326 audit(1719599429.944:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 147.996693][ T28] audit: type=1326 audit(1719599429.944:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 148.011703][ T965] usb 3-1: USB disconnect, device number 9 [ 148.022128][ T372] usb 2-1: Found UVC 0.00 device syz (046d:08f6) [ 148.032482][ T372] usb 2-1: No valid video chain found. [ 148.041367][ T372] usb 2-1: USB disconnect, device number 12 [ 148.047380][ T28] audit: type=1326 audit(1719599429.944:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 148.142045][ T28] audit: type=1326 audit(1719599429.944:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 148.278631][ T28] audit: type=1326 audit(1719599429.944:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 148.307270][ T28] audit: type=1326 audit(1719599429.944:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3970 comm="syz.0.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e89b75b99 code=0x7fc00000 [ 148.675620][ T3996] loop0: detected capacity change from 0 to 131072 [ 148.682987][ T3996] F2FS-fs (loop0): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 148.697610][ T3996] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 148.708764][ T3996] F2FS-fs (loop0): invalid crc value [ 148.715716][ T3996] F2FS-fs (loop0): Found nat_bits in checkpoint [ 148.862686][ T3996] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 148.869671][ T3996] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 148.957953][ T4016] device syzkaller0 entered promiscuous mode [ 149.432778][ T4026] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 149.542969][ T2960] Bluetooth: hci0: command 0x1003 tx timeout [ 150.283369][ T2492] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 150.322280][ T4024] incfs: ino conflict with backing FS 4 [ 150.489235][ T4041] loop4: detected capacity change from 0 to 256 [ 150.524970][ T4041] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 151.025842][ T4053] loop2: detected capacity change from 0 to 256 [ 151.561684][ T4060] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 151.769353][ T335] Bluetooth: hci0: Frame reassembly failed (-84) [ 151.783889][ T335] Bluetooth: hci0: Frame reassembly failed (-84) [ 152.137482][ T19] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 152.262505][ T331] device bridge_slave_1 left promiscuous mode [ 152.275707][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.284225][ T331] device bridge_slave_0 left promiscuous mode [ 152.290366][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.298624][ T331] device veth1_macvtap left promiscuous mode [ 152.304447][ T331] device veth0_vlan left promiscuous mode [ 152.387491][ T19] usb 5-1: Using ep0 maxpacket: 16 [ 152.426529][ T4071] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.433573][ T4071] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.440786][ T4071] device bridge_slave_0 entered promiscuous mode [ 152.448542][ T4071] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.455448][ T4071] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.463006][ T4071] device bridge_slave_1 entered promiscuous mode [ 152.494993][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 152.495011][ T28] audit: type=1400 audit(1719599434.504:613): avc: denied { rename } for pid=4083 comm="syz.3.1334" name="file1" dev="sda1" ino=2140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 152.523135][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 152.534203][ T19] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 152.543388][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.561582][ T19] usb 5-1: config 0 descriptor?? [ 152.588570][ T4075] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.595517][ T4075] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.603134][ T4075] device bridge_slave_0 entered promiscuous mode [ 152.610148][ T4075] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.617086][ T4075] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.624378][ T4075] device bridge_slave_1 entered promiscuous mode [ 152.684133][ T4071] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.691009][ T4071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.698112][ T4071] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.704874][ T4071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.742831][ T4091] loop3: detected capacity change from 0 to 256 [ 152.752781][ T4075] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.759699][ T4075] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.766760][ T4075] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.773587][ T4075] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.793923][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.801679][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.810579][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.820943][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.832828][ T4094] loop3: detected capacity change from 0 to 16 [ 152.837535][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.859883][ T4094] erofs: (device loop3): mounted with root inode @ nid 36. [ 152.873558][ T4094] incfs: Can't find or create .index dir in ./file0 [ 152.880208][ T4094] incfs: mount failed -30 [ 152.894376][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.908972][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.916854][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 152.925192][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.957920][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.965256][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.973267][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.002695][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.011202][ T222] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.018074][ T222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.025540][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.033744][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.042051][ T222] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.048919][ T222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.059328][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 153.068401][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.096972][ T4071] device veth0_vlan entered promiscuous mode [ 153.106933][ T4098] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 153.127320][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 153.139561][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.149855][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.157767][ T4065] loop4: detected capacity change from 0 to 40427 [ 153.158285][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.173895][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.183315][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.196122][ T4065] F2FS-fs (loop4): invalid crc value [ 153.208519][ T4065] F2FS-fs (loop4): Found nat_bits in checkpoint [ 153.215930][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.223936][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.257398][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 153.266264][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.275174][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 153.284642][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.289674][ T4065] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 153.302234][ T4071] device veth1_macvtap entered promiscuous mode [ 153.345218][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 153.353798][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 153.362148][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.374279][ T4075] device veth0_vlan entered promiscuous mode [ 153.387455][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.395546][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.412278][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 153.421813][ T965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 153.444402][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 153.453923][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 153.478149][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 153.487177][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.515351][ T4075] device veth1_macvtap entered promiscuous mode [ 153.569315][ T4065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.599110][ T4065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.612831][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 153.628671][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 153.630219][ T19] hid (null): unknown global tag 0xa5 [ 153.643093][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 153.651031][ T19] hid (null): unknown global tag 0xd [ 153.652270][ T19] hid-generic 0003:0158:0100.001A: unknown main item tag 0x1 [ 153.665963][ T19] hid-generic 0003:0158:0100.001A: unexpected long global item [ 153.668398][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 153.689258][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 153.698076][ T19] hid-generic: probe of 0003:0158:0100.001A failed with error -22 [ 153.779115][ T2960] Bluetooth: hci0: command 0x1003 tx timeout [ 153.787858][ T2492] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 153.820249][ T4107] device syzkaller0 entered promiscuous mode [ 153.827144][ T331] device bridge_slave_1 left promiscuous mode [ 153.861708][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.869449][ T331] device bridge_slave_0 left promiscuous mode [ 153.875477][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.884123][ T331] device veth1_macvtap left promiscuous mode [ 153.890051][ T331] device veth0_vlan left promiscuous mode [ 153.906270][ T4105] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (52285443328 ns). Using initial count to start timer. [ 153.924350][ T4105] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3702941173 (3702941173 ns) > initial count (2209245800 ns). Using initial count to start timer. [ 154.015690][ T28] audit: type=1326 audit(1719599436.024:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.2.1342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f23adf75b99 code=0x0 [ 154.251531][ T4130] loop3: detected capacity change from 0 to 256 [ 154.286887][ T28] audit: type=1326 audit(1719599436.294:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86d1775b99 code=0x7ffc0000 [ 154.310224][ T28] audit: type=1326 audit(1719599436.304:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86d1775b99 code=0x7ffc0000 [ 154.333650][ T28] audit: type=1326 audit(1719599436.304:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86d1775b99 code=0x7ffc0000 [ 154.359865][ T28] audit: type=1326 audit(1719599436.304:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86d1775b99 code=0x7ffc0000 [ 154.387565][ T28] audit: type=1326 audit(1719599436.364:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86d1775b99 code=0x7ffc0000 [ 154.412307][ T28] audit: type=1326 audit(1719599436.404:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86d1775b99 code=0x7ffc0000 [ 154.435673][ T28] audit: type=1326 audit(1719599436.404:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f86d176cbe7 code=0x7ffc0000 [ 154.458863][ T28] audit: type=1326 audit(1719599436.404:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86d17115b9 code=0x7ffc0000 [ 154.523562][ T19] usb 5-1: USB disconnect, device number 13 [ 154.544193][ T3801] syz-executor: attempt to access beyond end of device [ 154.544193][ T3801] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 154.567550][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 154.770191][ T4140] loop3: detected capacity change from 0 to 512 [ 154.780343][ T4140] FAT-fs (loop3): bogus logical sector size 0 [ 154.786278][ T4140] FAT-fs (loop3): Can't find a valid FAT filesystem [ 154.937467][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 155.067551][ T4146] loop4: detected capacity change from 0 to 40427 [ 155.075701][ T4146] F2FS-fs (loop4): invalid crc value [ 155.086881][ T4146] F2FS-fs (loop4): Found nat_bits in checkpoint [ 155.117614][ T4154] device syzkaller0 entered promiscuous mode [ 155.131812][ T4146] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 155.157559][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 155.166429][ T24] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 155.174526][ T24] usb 2-1: Product: syz [ 155.174665][ T3801] syz-executor: attempt to access beyond end of device [ 155.174665][ T3801] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 155.180446][ T24] usb 2-1: config 0 descriptor?? [ 155.217552][ T372] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 155.264429][ T4159] loop2: detected capacity change from 0 to 256 [ 155.537925][ T24] usb 2-1: Found UVC 0.00 device syz (046d:08f6) [ 155.545898][ T24] usb 2-1: No valid video chain found. [ 155.556149][ T24] usb 2-1: USB disconnect, device number 13 [ 155.562169][ T372] usb 1-1: Using ep0 maxpacket: 8 [ 155.697757][ T4103] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 155.717582][ T372] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.728424][ T396] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 155.735872][ T372] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.745469][ T372] usb 1-1: New USB device found, idVendor=0738, idProduct=1705, bcdDevice= 0.00 [ 155.754425][ T372] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.763091][ T372] usb 1-1: config 0 descriptor?? [ 155.937661][ T4103] usb 4-1: Using ep0 maxpacket: 8 [ 156.097544][ T396] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.108400][ T4103] usb 4-1: unable to get BOS descriptor or descriptor too short [ 156.115827][ T396] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.125362][ T396] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 156.134233][ T396] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.142776][ T396] usb 3-1: config 0 descriptor?? [ 156.193495][ T4103] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.204986][ T4103] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 156.213913][ T4103] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 36, using maximum allowed: 30 [ 156.227401][ T4180] loop4: detected capacity change from 0 to 512 [ 156.233986][ T4103] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 36 [ 156.247751][ T372] saitek 0003:0738:1705.001B: unknown main item tag 0x0 [ 156.256030][ T372] saitek 0003:0738:1705.001B: hidraw0: USB HID v0.00 Device [HID 0738:1705] on usb-dummy_hcd.0-1/input0 [ 156.279192][ T4180] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 156.288499][ T4180] ext4 filesystem being mounted at /root/syzkaller.BEJsTh/31/file0 supports timestamps until 2038 (0x7fffffff) [ 156.330535][ T3801] EXT4-fs (loop4): unmounting filesystem. [ 156.398792][ T4182] loop1: detected capacity change from 0 to 40427 [ 156.406752][ T4182] F2FS-fs (loop1): invalid crc value [ 156.413779][ T4182] F2FS-fs (loop1): Found nat_bits in checkpoint [ 156.427596][ T4103] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 156.436496][ T4103] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.448884][ T19] usb 1-1: USB disconnect, device number 15 [ 156.461581][ T4103] usb 4-1: Product: syz [ 156.469071][ T4192] loop4: detected capacity change from 0 to 256 [ 156.475577][ T4103] usb 4-1: Manufacturer: syz [ 156.484044][ T4103] usb 4-1: SerialNumber: syz [ 156.492407][ T4182] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 156.523202][ T4071] syz-executor: attempt to access beyond end of device [ 156.523202][ T4071] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 156.538338][ T4103] usb-storage 4-1:1.0: USB Mass Storage device detected [ 156.741763][ T19] usb 4-1: USB disconnect, device number 11 [ 156.837556][ T396] usb 3-1: language id specifier not provided by device, defaulting to English [ 157.007540][ T4103] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 157.257590][ T4103] usb 5-1: Using ep0 maxpacket: 32 [ 157.317540][ T396] uclogic 0003:256C:006D.001C: failed retrieving string descriptor #100: -71 [ 157.326721][ T396] uclogic 0003:256C:006D.001C: failed retrieving pen parameters: -71 [ 157.334831][ T396] uclogic 0003:256C:006D.001C: failed probing pen v1 parameters: -71 [ 157.342869][ T396] uclogic 0003:256C:006D.001C: failed probing parameters: -71 [ 157.350258][ T396] uclogic: probe of 0003:256C:006D.001C failed with error -71 [ 157.358510][ T396] usb 3-1: USB disconnect, device number 10 [ 157.508919][ T4103] usb 5-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 157.562638][ T4103] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 157.661194][ T4103] usb 5-1: Product: syz [ 157.666603][ T4103] usb 5-1: config 0 descriptor?? [ 157.698677][ T4220] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3702941173 (3702941173 ns) > initial count (2209245800 ns). Using initial count to start timer. [ 157.731522][ T28] kauditd_printk_skb: 138 callbacks suppressed [ 157.731541][ T28] audit: type=1400 audit(1719599439.744:761): avc: denied { setopt } for pid=4227 comm="syz.1.1381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 157.987712][ T4103] usb 5-1: Found UVC 0.00 device syz (046d:08f6) [ 157.994510][ T4103] usb 5-1: No valid video chain found. [ 158.014040][ T4103] usb 5-1: USB disconnect, device number 14 [ 158.059905][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 158.233486][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 158.429870][ T28] audit: type=1400 audit(1719599440.444:762): avc: denied { connect } for pid=4247 comm="syz.0.1389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 158.634267][ T4246] loop3: detected capacity change from 0 to 40427 [ 158.653425][ T4246] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 158.682363][ T4246] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 158.794913][ T4246] F2FS-fs (loop3): Found nat_bits in checkpoint [ 158.840926][ T4246] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 158.997624][ T4103] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 159.018135][ T4246] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 159.040318][ T4246] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 159.096385][ T4273] device syzkaller0 entered promiscuous mode [ 159.277607][ T4103] usb 5-1: Using ep0 maxpacket: 16 [ 159.397534][ T4103] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 159.408731][ T4103] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 159.417996][ T4103] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.426520][ T4103] usb 5-1: config 0 descriptor?? [ 159.474648][ T4300] loop3: detected capacity change from 0 to 512 [ 159.488870][ T4300] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 159.497808][ T4300] ext4 filesystem being mounted at /root/syzkaller.i3x7Xp/29/file0 supports timestamps until 2038 (0x7fffffff) [ 159.512649][ T4300] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.1409: corrupted inode contents [ 159.524590][ T4300] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz.3.1409: mark_inode_dirty error [ 159.535922][ T4300] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.1409: corrupted inode contents [ 159.555067][ T4300] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.1409: mark_inode_dirty error [ 159.576028][ T3906] EXT4-fs (loop3): unmounting filesystem. [ 159.589486][ T28] audit: type=1400 audit(1719599441.584:763): avc: denied { create } for pid=4299 comm="syz.3.1409" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 159.610446][ T28] audit: type=1400 audit(1719599441.584:764): avc: denied { rename } for pid=4299 comm="syz.3.1409" name="file0" dev="loop3" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 159.633618][ T28] audit: type=1400 audit(1719599441.584:765): avc: denied { unlink } for pid=4299 comm="syz.3.1409" name="file0" dev="loop3" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 159.693630][ T4305] device syzkaller0 entered promiscuous mode [ 159.747484][ T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 159.887024][ T4265] loop4: detected capacity change from 0 to 40427 [ 159.903694][ T4265] F2FS-fs (loop4): invalid crc value [ 159.910529][ T4265] F2FS-fs (loop4): Found nat_bits in checkpoint [ 160.241496][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 160.246589][ T2960] Bluetooth: hci0: command 0x1003 tx timeout [ 160.252562][ T2492] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 160.292401][ T4265] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 160.438511][ T4332] loop3: detected capacity change from 0 to 512 [ 160.454058][ T4332] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 160.463331][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 160.467647][ T4332] ext4 filesystem being mounted at /root/syzkaller.i3x7Xp/36/file0 supports timestamps until 2038 (0x7fffffff) [ 160.472831][ T24] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 160.491863][ T24] usb 1-1: Product: syz [ 160.496786][ T24] usb 1-1: config 0 descriptor?? [ 160.503614][ T4339] mmap: syz.2.1421 (4339) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 160.508934][ T4332] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.1420: corrupted inode contents [ 160.527245][ T4332] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz.3.1420: mark_inode_dirty error [ 160.539305][ T4332] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.1420: corrupted inode contents [ 160.551247][ T4332] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.1420: mark_inode_dirty error [ 160.551830][ T4265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.571558][ T4265] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.589450][ T4103] hid (null): unknown global tag 0xa5 [ 160.594752][ T4103] hid (null): unknown global tag 0xd [ 160.600898][ T4103] hid-generic 0003:0158:0100.001D: unknown main item tag 0x1 [ 160.608221][ T4103] hid-generic 0003:0158:0100.001D: unexpected long global item [ 160.615806][ T4103] hid-generic: probe of 0003:0158:0100.001D failed with error -22 [ 160.651197][ T3906] EXT4-fs (loop3): unmounting filesystem. [ 160.729167][ T4353] loop3: detected capacity change from 0 to 256 [ 160.827804][ T24] usb 1-1: Found UVC 0.00 device syz (046d:08f6) [ 160.835067][ T24] usb 1-1: No valid video chain found. [ 160.870612][ T24] usb 1-1: USB disconnect, device number 16 [ 160.967703][ T4362] loop1: detected capacity change from 0 to 512 [ 160.977898][ T4362] FAT-fs (loop1): bogus logical sector size 0 [ 160.983815][ T4362] FAT-fs (loop1): Can't find a valid FAT filesystem [ 161.250927][ T4367] device syzkaller0 entered promiscuous mode [ 161.431240][ T4385] loop3: detected capacity change from 0 to 256 [ 161.501833][ T28] audit: type=1400 audit(1719599443.514:766): avc: denied { setopt } for pid=4395 comm="syz.3.1444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 161.504879][ T4396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1444'. [ 161.555579][ T222] usb 5-1: USB disconnect, device number 15 [ 161.578483][ T3801] syz-executor: attempt to access beyond end of device [ 161.578483][ T3801] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 162.075207][ T4419] loop3: detected capacity change from 0 to 256 [ 162.118321][ T4429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1455'. [ 162.453413][ T4439] loop3: detected capacity change from 0 to 512 [ 162.587545][ T4439] FAT-fs (loop3): bogus logical sector size 0 [ 162.593720][ T4439] FAT-fs (loop3): Can't find a valid FAT filesystem [ 162.636515][ T4431] loop2: detected capacity change from 0 to 40427 [ 162.652867][ T4431] F2FS-fs (loop2): Invalid segment count (0) [ 162.658941][ T4431] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 162.669699][ T4431] F2FS-fs (loop2): invalid crc value [ 162.675878][ T4431] F2FS-fs (loop2): invalid journal entries nats 0 sits 9 [ 162.682906][ T4431] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-22) [ 162.690677][ T441] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 162.767467][ T6] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 162.781893][ T4450] usb usb2: usbfs: process 4450 (syz.1.1463) did not claim interface 0 before use [ 162.937448][ T441] usb 5-1: Using ep0 maxpacket: 32 [ 163.038603][ T4466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'. [ 163.054132][ T4468] geneve1: tun_chr_ioctl cmd 1074025698 [ 163.157559][ T441] usb 5-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 163.166658][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.177818][ T441] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 163.227460][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 163.526148][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.535861][ T441] usb 5-1: Product: syz [ 163.540200][ T6] usb 1-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 163.547467][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 163.549350][ T441] usb 5-1: config 0 descriptor?? [ 163.558800][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.567294][ T6] usb 1-1: config 0 descriptor?? [ 163.697551][ T24] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 163.705893][ T24] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 163.714288][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 163.727617][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 163.737102][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 163.746692][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 163.760681][ T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 163.770677][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.781884][ T24] usb 3-1: config 0 descriptor?? [ 163.877533][ T441] usb 5-1: Found UVC 0.00 device syz (046d:08f6) [ 163.883971][ T441] usb 5-1: No valid video chain found. [ 163.889996][ T441] usb 5-1: USB disconnect, device number 16 [ 163.993968][ T4490] usb usb2: usbfs: process 4490 (syz.3.1478) did not claim interface 0 before use [ 164.038168][ T24] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 164.047189][ T4484] loop1: detected capacity change from 0 to 40427 [ 164.049852][ T24] usb 3-1: USB disconnect, device number 11 [ 164.062783][ T6] wacom 0003:056A:0084.001E: hidraw0: USB HID v0.00 Device [HID 056a:0084] on usb-dummy_hcd.0-1/input0 [ 164.063664][ T24] usblp0: removed [ 164.078692][ T4484] F2FS-fs (loop1): Invalid segment count (0) [ 164.084509][ T4484] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 164.093726][ T4484] F2FS-fs (loop1): invalid crc value [ 164.099929][ T4484] F2FS-fs (loop1): invalid journal entries nats 0 sits 9 [ 164.106814][ T4484] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-22) [ 164.229317][ T4506] SELinux: Context system_u:object_r:gpg_agent_exec_t:s0 is not valid (left unmapped). [ 164.242276][ T28] audit: type=1400 audit(1719599446.254:767): avc: denied { relabelto } for pid=4505 comm="syz.1.1483" name="file1" dev="sda1" ino=2139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:gpg_agent_exec_t:s0" [ 164.253729][ T222] usb 1-1: USB disconnect, device number 17 [ 164.299343][ T28] audit: type=1400 audit(1719599446.294:768): avc: denied { rmdir } for pid=4071 comm="syz-executor" name="file1" dev="sda1" ino=2139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:gpg_agent_exec_t:s0" [ 164.628323][ T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 164.797650][ T40] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 164.867501][ T6] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 164.877470][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 164.997550][ T24] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 165.006092][ T24] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 165.014633][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 165.023436][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 165.032866][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 165.047269][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 165.060370][ T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 165.069411][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.081055][ T24] usb 3-1: config 0 descriptor?? [ 165.107488][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 165.177496][ T40] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.188322][ T40] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.197860][ T40] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 165.206688][ T40] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.225366][ T40] usb 4-1: config 0 descriptor?? [ 165.232116][ T4530] loop0: detected capacity change from 0 to 40427 [ 165.239172][ T4530] F2FS-fs (loop0): Invalid segment count (0) [ 165.244988][ T4530] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 165.253897][ T4530] F2FS-fs (loop0): invalid crc value [ 165.265174][ T4530] F2FS-fs (loop0): invalid journal entries nats 0 sits 9 [ 165.272233][ T6] usb 5-1: unable to get BOS descriptor or descriptor too short [ 165.279812][ T4530] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-22) [ 165.357497][ T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 165.358950][ T24] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 165.371871][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 165.386705][ T6] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 36, using maximum allowed: 30 [ 165.397279][ T6] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 36 [ 165.567502][ T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 165.576520][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.584290][ T441] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 165.591678][ T6] usb 5-1: Product: syz [ 165.595704][ T6] usb 5-1: Manufacturer: syz [ 165.600186][ T6] usb 5-1: SerialNumber: syz [ 165.638251][ T6] usb-storage 5-1:1.0: USB Mass Storage device detected [ 165.687479][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 165.692966][ T28] audit: type=1400 audit(1719599447.704:769): avc: denied { read write } for pid=4462 comm="syz.2.1468" name="lp0" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 165.718783][ T28] audit: type=1400 audit(1719599447.704:770): avc: denied { open } for pid=4462 comm="syz.2.1468" path="/dev/usb/lp0" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 165.728128][ T40] hid (null): bogus close delimiter [ 165.847283][ T222] usb 5-1: USB disconnect, device number 17 [ 165.925170][ T4103] usb 3-1: USB disconnect, device number 12 [ 165.931646][ T4103] usblp0: removed [ 165.947545][ T40] usb 4-1: language id specifier not provided by device, defaulting to English [ 165.957532][ T441] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.968418][ T441] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.977986][ T441] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 165.986795][ T441] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.995473][ T441] usb 2-1: config 0 descriptor?? [ 166.127541][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.138681][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.148322][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 166.160910][ T24] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 166.169873][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.178373][ T24] usb 1-1: config 0 descriptor?? [ 166.403029][ T28] audit: type=1400 audit(1719599448.414:771): avc: denied { map } for pid=4544 comm="syz.4.1496" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=43894 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 166.427177][ T28] audit: type=1400 audit(1719599448.414:772): avc: denied { read write } for pid=4544 comm="syz.4.1496" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=43894 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 166.461553][ T4547] loop2: detected capacity change from 0 to 1024 [ 166.471036][ T4547] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 166.488543][ T3866] EXT4-fs (loop2): unmounting filesystem. [ 166.577515][ T40] uclogic 0003:256C:006D.001F: failed retrieving string descriptor #100: -71 [ 166.586295][ T40] uclogic 0003:256C:006D.001F: failed retrieving pen parameters: -71 [ 166.594446][ T40] uclogic 0003:256C:006D.001F: failed probing pen v1 parameters: -71 [ 166.602387][ T40] uclogic 0003:256C:006D.001F: failed probing parameters: -71 [ 166.609634][ T40] uclogic: probe of 0003:256C:006D.001F failed with error -71 [ 166.618590][ T40] usb 4-1: USB disconnect, device number 12 [ 166.659870][ T24] acrux 0003:1A34:0802.0021: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 166.671164][ T24] acrux 0003:1A34:0802.0021: no inputs found [ 166.677362][ T24] acrux 0003:1A34:0802.0021: Failed to enable force feedback support, error: -19 [ 166.697533][ T441] usb 2-1: language id specifier not provided by device, defaulting to English [ 167.196153][ T4577] loop3: detected capacity change from 0 to 1024 [ 167.205817][ T4577] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 167.223114][ T3906] EXT4-fs (loop3): unmounting filesystem. [ 167.267596][ T441] uclogic 0003:256C:006D.0020: interface is invalid, ignoring [ 167.285227][ T4586] loop4: detected capacity change from 0 to 16 [ 167.292801][ T4586] erofs: (device loop4): mounted with root inode @ nid 36. [ 167.350673][ T28] audit: type=1400 audit(1719599449.364:773): avc: denied { bind } for pid=4592 comm="syz.4.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 167.375856][ T28] audit: type=1400 audit(1719599449.384:774): avc: denied { node_bind } for pid=4592 comm="syz.4.1514" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 167.472803][ T24] usb 2-1: USB disconnect, device number 14 [ 167.765487][ T4602] loop4: detected capacity change from 0 to 512 [ 167.820120][ T4602] FAT-fs (loop4): bogus logical sector size 0 [ 167.826087][ T4602] FAT-fs (loop4): Can't find a valid FAT filesystem [ 167.889210][ T341] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 167.913152][ T4609] loop2: detected capacity change from 0 to 16 [ 167.920865][ T4609] erofs: (device loop2): mounted with root inode @ nid 36. [ 167.953057][ T4614] loop2: detected capacity change from 0 to 16 [ 167.960183][ T4614] erofs: (device loop2): mounted with root inode @ nid 36. [ 167.977518][ T441] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 168.017538][ T40] usb 1-1: reset high-speed USB device number 18 using dummy_hcd [ 168.298182][ T4627] loop4: detected capacity change from 0 to 256 [ 168.367578][ T441] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.383993][ T441] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.393826][ T441] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 168.402759][ T441] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.430877][ T4641] loop1: detected capacity change from 0 to 16 [ 168.437909][ T4641] erofs: (device loop1): mounted with root inode @ nid 36. [ 168.440495][ T441] usb 4-1: config 0 descriptor?? [ 168.747595][ T4103] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 168.947728][ T222] usb 1-1: USB disconnect, device number 18 [ 169.007675][ T441] hid (null): bogus close delimiter [ 169.017499][ T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 169.127486][ T4103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.138245][ T4103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.147865][ T4103] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 169.156714][ T4103] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.165187][ T4103] usb 2-1: config 0 descriptor?? [ 169.227569][ T441] usb 4-1: language id specifier not provided by device, defaulting to English [ 169.250084][ T4655] loop4: detected capacity change from 0 to 256 [ 169.446830][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.531821][ T4659] loop4: detected capacity change from 0 to 512 [ 169.542507][ T4659] FAT-fs (loop4): bogus logical sector size 0 [ 169.548460][ T4659] FAT-fs (loop4): Can't find a valid FAT filesystem [ 169.556564][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.566265][ T24] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 169.576934][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.598133][ T24] usb 3-1: config 0 descriptor?? [ 169.809937][ T4103] wacom 0003:056A:0331.0023: hidraw0: USB HID v0.00 Device [HID 056a:0331] on usb-dummy_hcd.1-1/input0 [ 169.822967][ T4671] loop0: detected capacity change from 0 to 16 [ 169.829988][ T4671] erofs: (device loop0): mounted with root inode @ nid 36. [ 170.007541][ T441] uclogic 0003:256C:006D.0022: failed retrieving string descriptor #100: -71 [ 170.010077][ T4103] usb 2-1: USB disconnect, device number 15 [ 170.017878][ T441] uclogic 0003:256C:006D.0022: failed retrieving pen parameters: -71 [ 170.029976][ T441] uclogic 0003:256C:006D.0022: failed probing pen v1 parameters: -71 [ 170.038082][ T441] uclogic 0003:256C:006D.0022: failed probing parameters: -71 [ 170.045466][ T441] uclogic: probe of 0003:256C:006D.0022 failed with error -71 [ 170.054085][ T441] usb 4-1: USB disconnect, device number 13 [ 170.207502][ T6] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 170.307552][ T24] usb 3-1: language id specifier not provided by device, defaulting to English [ 170.352690][ T4688] loop4: detected capacity change from 0 to 512 [ 170.359723][ T4688] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 170.370759][ T4688] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.1552: invalid indirect mapped block 512 (level 0) [ 170.384218][ T4688] EXT4-fs (loop4): Remounting filesystem read-only [ 170.390717][ T4688] EXT4-fs (loop4): 1 orphan inode deleted [ 170.396288][ T4688] EXT4-fs (loop4): 1 truncate cleaned up [ 170.405089][ T4688] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 170.420824][ T4688] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 170.435302][ T4688] EXT4-fs (loop4): Remounting filesystem read-only [ 170.445992][ T3801] EXT4-fs (loop4): unmounting filesystem. [ 170.495510][ T4698] loop4: detected capacity change from 0 to 2048 [ 170.502526][ T4698] EXT4-fs: Ignoring removed orlov option [ 170.519439][ T4698] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 170.538089][ T28] audit: type=1400 audit(1719599452.554:775): avc: denied { setattr } for pid=4697 comm="syz.4.1556" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 170.562381][ T28] audit: type=1400 audit(1719599452.574:776): avc: denied { bind } for pid=4702 comm="syz.1.1557" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 170.581989][ T6] usb 1-1: config index 0 descriptor too short (expected 51437, got 29) [ 170.582336][ T4698] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 170.593143][ T6] usb 1-1: config 229 has too many interfaces: 108, using maximum allowed: 32 [ 170.611972][ T4698] EXT4-fs (loop4): Remounting filesystem read-only [ 170.620085][ T4698] EXT4-fs error (device loop4) in ext4_evict_inode:254: Readonly filesystem [ 170.621325][ T6] usb 1-1: config 229 has an invalid descriptor of length 0, skipping remainder of the config [ 170.639380][ T6] usb 1-1: config 229 has 1 interface, different from the descriptor's value: 108 [ 170.648798][ T6] usb 1-1: config 229 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 170.663062][ T3801] EXT4-fs (loop4): unmounting filesystem. [ 170.777567][ T24] uclogic 0003:256C:006D.0024: interface is invalid, ignoring [ 170.943478][ T4719] loop4: detected capacity change from 0 to 512 [ 170.987905][ T4719] FAT-fs (loop4): bogus logical sector size 0 [ 170.993848][ T4719] FAT-fs (loop4): Can't find a valid FAT filesystem [ 171.078269][ T6] usb 1-1: New USB device found, idVendor=1e2d, idProduct=0069, bcdDevice=f7.47 [ 171.087344][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.095257][ T6] usb 1-1: Product: syz [ 171.099216][ T6] usb 1-1: Manufacturer: syz [ 171.103594][ T6] usb 1-1: SerialNumber: syz [ 171.114764][ T4103] usb 3-1: USB disconnect, device number 13 [ 171.238750][ T4724] loop3: detected capacity change from 0 to 512 [ 171.245734][ T4724] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 171.263065][ T4724] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.1565: invalid indirect mapped block 512 (level 0) [ 171.276967][ T4724] EXT4-fs (loop3): Remounting filesystem read-only [ 171.288939][ T4724] EXT4-fs (loop3): 1 orphan inode deleted [ 171.294814][ T4724] EXT4-fs (loop3): 1 truncate cleaned up [ 171.300417][ T4724] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 171.316063][ T4724] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 171.330800][ T4724] EXT4-fs (loop3): Remounting filesystem read-only [ 171.342051][ T3906] EXT4-fs (loop3): unmounting filesystem. [ 171.387954][ T6] cdc_ether 1-1:229.0: skipping garbage [ 171.393508][ T6] usb 1-1: bad CDC descriptors [ 171.404768][ T6] usb 1-1: USB disconnect, device number 19 [ 171.621550][ T4737] device wg2 entered promiscuous mode [ 171.649359][ T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 171.785908][ T4739] IPv6: addrconf: prefix option has invalid lifetime [ 171.905449][ T4747] input: syz1 as /devices/virtual/input/input31 [ 171.943326][ T4751] loop2: detected capacity change from 0 to 2048 [ 171.950094][ T4751] EXT4-fs: Ignoring removed orlov option [ 171.959009][ T4751] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 171.970384][ T4751] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 171.985239][ T4751] EXT4-fs (loop2): Remounting filesystem read-only [ 171.991850][ T4751] EXT4-fs error (device loop2) in ext4_evict_inode:254: Readonly filesystem [ 172.004866][ T3866] EXT4-fs (loop2): unmounting filesystem. [ 172.088332][ T4763] loop0: detected capacity change from 0 to 256 [ 172.101120][ T28] audit: type=1400 audit(1719599454.114:777): avc: denied { mounton } for pid=4762 comm="syz.0.1581" path="/root/syzkaller.mxzIlk/30/file0/bus" dev="loop0" ino=1048978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 172.147509][ T4763] loop0: detected capacity change from 256 to 0 [ 172.154351][ C0] I/O error, dev loop0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 172.163461][ T4765] FAT-fs (loop0): FAT read failed (blocknr 1) [ 172.169966][ C0] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 172.170058][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.179308][ T4765] FAT-fs (loop0): unable to read inode block for updating (i_pos 203) [ 172.190145][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.223010][ T4103] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 172.230470][ T24] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 172.267739][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.283595][ T24] usb 2-1: config 0 descriptor?? [ 172.389779][ T4767] loop3: detected capacity change from 0 to 40427 [ 172.397020][ T4767] F2FS-fs (loop3): Unrecognized mount option "ifline_xattr" or missing value [ 172.459214][ C0] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 172.468560][ T4075] FAT-fs (loop0): Directory bread(block 3) failed [ 172.470972][ T396] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 172.484040][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 172.493056][ T4075] FAT-fs (loop0): unable to read boot sector to mark fs as dirty [ 172.527677][ T4103] usb 5-1: Using ep0 maxpacket: 16 [ 172.757438][ T396] usb 3-1: Using ep0 maxpacket: 16 [ 172.841561][ T24] wacom 0003:056A:0331.0025: hidraw0: USB HID v0.00 Device [HID 056a:0331] on usb-dummy_hcd.1-1/input0 [ 172.887590][ T4103] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 172.896622][ T4103] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.904487][ T4103] usb 5-1: Product: syz [ 172.910947][ T4103] usb 5-1: Manufacturer: syz [ 172.915373][ T4103] usb 5-1: SerialNumber: syz [ 172.924133][ T28] audit: type=1400 audit(1719599454.934:778): avc: denied { mounton } for pid=4771 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 172.952313][ T4103] r8152-cfgselector 5-1: config 0 descriptor?? [ 172.972050][ T4771] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.979086][ T4771] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.986334][ T4771] device bridge_slave_0 entered promiscuous mode [ 172.994383][ T4771] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.001326][ T4771] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.009909][ T4771] device bridge_slave_1 entered promiscuous mode [ 173.022970][ T24] usb 2-1: USB disconnect, device number 16 [ 173.067606][ T396] usb 3-1: New USB device found, idVendor=23a7, idProduct=fedc, bcdDevice=e0.0b [ 173.076888][ T396] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.084926][ T396] usb 3-1: Product: syz [ 173.089056][ T396] usb 3-1: Manufacturer: syz [ 173.093488][ T396] usb 3-1: SerialNumber: syz [ 173.098662][ T396] usb 3-1: config 0 descriptor?? [ 173.162365][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.173405][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.181072][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.189486][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.198511][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.205360][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.212629][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.220920][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.229089][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.235934][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.243185][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.251204][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.267791][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.275877][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 173.294656][ T4771] device veth0_vlan entered promiscuous mode [ 173.301190][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.309141][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.317264][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.325397][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.333083][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.341066][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.348345][ T441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.362515][ T4771] device veth1_macvtap entered promiscuous mode [ 173.369575][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.377726][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.393267][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 173.402697][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 173.413237][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 173.421463][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 173.438574][ T335] device bridge_slave_1 left promiscuous mode [ 173.444713][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.452984][ T335] device bridge_slave_0 left promiscuous mode [ 173.459428][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.467502][ T335] device veth1_macvtap left promiscuous mode [ 173.473346][ T335] device veth0_vlan left promiscuous mode [ 173.479102][ T4103] r8152-cfgselector 5-1: Unknown version 0x0000 [ 173.497540][ T4103] r8152-cfgselector 5-1: bad CDC descriptors [ 173.517512][ T4103] r8152-cfgselector 5-1: Unknown version 0x0000 [ 173.524184][ T4103] r8152-cfgselector 5-1: USB disconnect, device number 18 [ 173.627618][ T396] usb 3-1: MIDIStreaming interface descriptor not found [ 173.646954][ T396] usb 3-1: USB disconnect, device number 14 [ 173.657526][ T1357] udevd[1357]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 173.679172][ T4787] loop1: detected capacity change from 0 to 2048 [ 173.686320][ T4787] EXT4-fs: Ignoring removed orlov option [ 173.709975][ T4787] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 173.721726][ T4787] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 173.746504][ T4787] EXT4-fs (loop1): Remounting filesystem read-only [ 173.762001][ T4787] EXT4-fs error (device loop1) in ext4_evict_inode:254: Readonly filesystem [ 173.787953][ T4071] EXT4-fs (loop1): unmounting filesystem. [ 173.843671][ T4799] loop1: detected capacity change from 0 to 512 [ 173.881370][ T4799] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 173.908700][ T4799] EXT4-fs (loop1): 1 truncate cleaned up [ 173.914285][ T4799] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 173.950932][ T28] audit: type=1400 audit(1719599455.964:779): avc: denied { unlink } for pid=4798 comm="syz.1.1594" name="#43" dev="loop1" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 173.985122][ T4799] EXT4-fs (loop1): unmounting filesystem. [ 174.004656][ T4805] loop4: detected capacity change from 0 to 512 [ 174.012063][ T4805] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 174.047557][ T4805] EXT4-fs (loop4): 1 truncate cleaned up [ 174.053440][ T4805] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 174.076570][ T28] audit: type=1400 audit(1719599456.084:780): avc: denied { unlink } for pid=4804 comm="syz.4.1596" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 174.113961][ T4805] EXT4-fs error (device loop4): mb_free_blocks:1813: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 174.152340][ T3801] EXT4-fs (loop4): unmounting filesystem. [ 174.197990][ T4782] loop3: detected capacity change from 0 to 131072 [ 174.206909][ T4813] input: syz0 as /devices/virtual/input/input35 [ 174.217464][ T396] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 174.244758][ T4782] F2FS-fs (loop3): Found nat_bits in checkpoint [ 174.292847][ T4782] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 174.467563][ T40] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 174.470618][ T4829] loop3: detected capacity change from 0 to 2048 [ 174.481946][ T4829] EXT4-fs: Ignoring removed orlov option [ 174.497486][ T396] usb 1-1: Using ep0 maxpacket: 32 [ 174.499216][ T4829] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 174.515754][ T4829] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 174.530705][ T4829] EXT4-fs (loop3): Remounting filesystem read-only [ 174.537571][ T4829] EXT4-fs error (device loop3) in ext4_evict_inode:254: Readonly filesystem [ 174.550593][ T3906] EXT4-fs (loop3): unmounting filesystem. [ 174.587543][ T6] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 174.637539][ T396] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 174.677199][ T4838] syz.3.1607[4838] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.677251][ T4838] syz.3.1607[4838] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.817601][ T396] usb 1-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=20.43 [ 174.827487][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 174.828863][ T396] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.850493][ T396] usb 1-1: Product: syz [ 174.854478][ T396] usb 1-1: Manufacturer: syz [ 174.863730][ T396] usb 1-1: SerialNumber: syz [ 174.874928][ T396] usb 1-1: config 0 descriptor?? [ 174.887560][ T40] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.898552][ T40] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.908114][ T40] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 174.916930][ T40] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.925499][ T396] ftdi_sio 1-1:0.0: Ignoring interface reserved for JTAG [ 174.932847][ T40] usb 3-1: config 0 descriptor?? [ 174.957609][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.968566][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.982929][ T6] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 174.991892][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.000786][ T6] usb 5-1: config 0 descriptor?? [ 175.131464][ T24] usb 1-1: USB disconnect, device number 20 [ 175.147482][ T299] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 175.257495][ T396] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 175.478892][ T6] cp2112 0003:10C4:EA90.0027: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 175.507554][ T396] usb 2-1: Using ep0 maxpacket: 8 [ 175.507557][ T299] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 175.507579][ T299] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 175.531100][ T299] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 175.539966][ T299] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.637596][ T40] usb 3-1: language id specifier not provided by device, defaulting to English [ 175.646446][ T396] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.657118][ T396] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.666625][ T396] usb 2-1: New USB device found, idVendor=28bd, idProduct=0075, bcdDevice= 0.00 [ 175.675961][ T396] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.687864][ T396] usb 2-1: config 0 descriptor?? [ 175.696160][ T4850] loop0: detected capacity change from 0 to 1024 [ 175.697564][ T6] cp2112 0003:10C4:EA90.0027: error requesting version [ 175.703024][ T4850] EXT4-fs: Ignoring removed nobh option [ 175.714405][ T4850] EXT4-fs: Ignoring removed oldalloc option [ 175.720830][ T4850] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 175.721499][ T6] cp2112: probe of 0003:10C4:EA90.0027 failed with error -71 [ 175.741074][ T6] usb 5-1: USB disconnect, device number 19 [ 175.751316][ T4850] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 175.797705][ T4771] EXT4-fs (loop0): unmounting filesystem. [ 175.867954][ T4860] loop0: detected capacity change from 0 to 128 [ 175.876454][ T4860] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 175.884986][ T4860] ext4 filesystem being mounted at /root/syzkaller.lpTT5H/8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 175.933298][ T4771] EXT4-fs (loop0): unmounting filesystem. [ 175.964824][ T4863] loop0: detected capacity change from 0 to 256 [ 175.998062][ T4863] loop0: detected capacity change from 256 to 0 [ 176.005199][ C0] I/O error, dev loop0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 176.014206][ T4863] FAT-fs (loop0): FAT read failed (blocknr 1) [ 176.020205][ C1] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 176.029262][ T4863] FAT-fs (loop0): unable to read inode block for updating (i_pos 203) [ 176.117577][ T40] uclogic 0003:256C:006D.0026: interface is invalid, ignoring [ 176.198408][ T396] uclogic 0003:28BD:0075.0028: interface is invalid, ignoring [ 176.257500][ T299] usb 4-1: language id specifier not provided by device, defaulting to English [ 176.269684][ C1] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 176.278790][ T4771] FAT-fs (loop0): Directory bread(block 3) failed [ 176.288680][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 176.297983][ T4771] FAT-fs (loop0): unable to read boot sector to mark fs as dirty [ 176.304866][ T4868] syz.4.1618[4868] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 176.305607][ T4868] syz.4.1618[4868] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 176.321826][ T396] usb 3-1: USB disconnect, device number 15 [ 176.405605][ T24] usb 2-1: USB disconnect, device number 17 [ 176.488160][ T299] usb 4-1: USB disconnect, device number 14 [ 176.529057][ T4872] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.535975][ T4872] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.543881][ T4872] device bridge_slave_0 entered promiscuous mode [ 176.553361][ T4872] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.560805][ T4872] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.568232][ T4872] device bridge_slave_1 entered promiscuous mode [ 176.649500][ T4872] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.656378][ T4872] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.663455][ T4872] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.670251][ T4872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.912530][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.923104][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.931689][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.944547][ T963] device bridge_slave_1 left promiscuous mode [ 176.952530][ T963] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.962028][ T963] device bridge_slave_0 left promiscuous mode [ 176.968259][ T963] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.976328][ T963] device veth1_macvtap left promiscuous mode [ 176.994077][ T963] device veth0_vlan left promiscuous mode [ 177.050792][ T4892] incfs: iterate_incfs_dir / -22 [ 177.126644][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.131641][ T4898] syz.1.1630[4898] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 177.134546][ T4898] syz.1.1630[4898] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 177.142815][ T4103] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.163639][ T4103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.170897][ T4103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.179870][ T4103] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.186743][ T4103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.196979][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 177.207758][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 177.238492][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 177.258516][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 177.266745][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 177.274180][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 177.282915][ T4872] device veth0_vlan entered promiscuous mode [ 177.296495][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 177.308443][ T4872] device veth1_macvtap entered promiscuous mode [ 177.335789][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 177.344581][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 177.881928][ T4920] loop3: detected capacity change from 0 to 512 [ 178.277756][ T4920] FAT-fs (loop3): bogus logical sector size 0 [ 178.283690][ T4920] FAT-fs (loop3): Can't find a valid FAT filesystem [ 178.295951][ T4916] loop0: detected capacity change from 0 to 16 [ 178.309462][ T4927] loop1: detected capacity change from 0 to 512 [ 178.321096][ T4927] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 178.323139][ T4916] erofs: (device loop0): mounted with root inode @ nid 36. [ 178.341523][ T1357] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 178.369691][ T341] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 178.393696][ T4927] EXT4-fs (loop1): 1 truncate cleaned up [ 178.402998][ T4927] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 178.428258][ T4932] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 178.445687][ T4927] EXT4-fs error (device loop1): mb_free_blocks:1813: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 178.450552][ T4932] kvm: pic: non byte read [ 178.493804][ T4071] EXT4-fs (loop1): unmounting filesystem. [ 178.501652][ T4932] kvm: pic: level sensitive irq not supported [ 178.501720][ T4932] kvm: pic: non byte read [ 178.514738][ T299] ================================================================== [ 178.522656][ T299] BUG: KASAN: use-after-free in kernfs_get+0x8a/0x90 [ 178.529153][ T299] Read of size 4 at addr ffff888122823640 by task kworker/0:2/299 [ 178.536786][ T299] [ 178.538958][ T299] CPU: 0 PID: 299 Comm: kworker/0:2 Tainted: G W 6.1.78-syzkaller-00046-g6aaa06c15d9b #0 [ 178.549475][ T4932] kvm: pic: level sensitive irq not supported [ 178.549974][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 178.549993][ T299] Workqueue: events flush_stashed_error_work [ 178.571589][ T299] Call Trace: [ 178.574713][ T299] [ 178.577664][ T299] dump_stack_lvl+0x151/0x1b7 [ 178.582177][ T299] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 178.587471][ T299] ? _printk+0xd1/0x111 [ 178.591461][ T299] ? __virt_addr_valid+0x242/0x2f0 [ 178.596408][ T299] print_report+0x158/0x4e0 [ 178.600748][ T299] ? __virt_addr_valid+0x242/0x2f0 [ 178.605696][ T299] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 178.611783][ T299] ? kernfs_get+0x8a/0x90 [ 178.615938][ T299] kasan_report+0x13c/0x170 [ 178.620274][ T299] ? kernfs_get+0x8a/0x90 [ 178.624445][ T299] __asan_report_load4_noabort+0x14/0x20 [ 178.629910][ T299] kernfs_get+0x8a/0x90 [ 178.633904][ T299] sysfs_notify+0x9a/0xd0 [ 178.638155][ T299] ext4_notify_error_sysfs+0x25/0x30 [ 178.643275][ T299] flush_stashed_error_work+0x2fe/0x320 [ 178.648657][ T299] ? pwq_dec_nr_in_flight+0x191/0x3d0 [ 178.653866][ T299] process_one_work+0x73d/0xcb0 [ 178.658558][ T299] worker_thread+0xa60/0x1260 [ 178.663097][ T299] kthread+0x26d/0x300 [ 178.666968][ T299] ? worker_clr_flags+0x1a0/0x1a0 [ 178.671830][ T299] ? kthread_blkcg+0xd0/0xd0 [ 178.676257][ T299] ret_from_fork+0x1f/0x30 [ 178.680513][ T299] [ 178.683373][ T299] [ 178.685545][ T299] Allocated by task 4927: [ 178.689710][ T299] kasan_set_track+0x4b/0x70 [ 178.694138][ T299] kasan_save_alloc_info+0x1f/0x30 [ 178.699082][ T299] __kasan_slab_alloc+0x6c/0x80 [ 178.703771][ T299] slab_post_alloc_hook+0x53/0x2c0 [ 178.708718][ T299] kmem_cache_alloc+0x175/0x2c0 [ 178.713405][ T299] __kernfs_new_node+0xdb/0x700 [ 178.718089][ T299] kernfs_new_node+0x130/0x230 [ 178.722691][ T299] kernfs_create_dir_ns+0x44/0x130 [ 178.727640][ T299] sysfs_create_dir_ns+0x185/0x390 [ 178.732585][ T299] kobject_add_internal+0x635/0xbf0 [ 178.737618][ T299] kobject_init_and_add+0x120/0x190 [ 178.742653][ T299] ext4_register_sysfs+0xbf/0x2c0 [ 178.747514][ T299] ext4_fill_super+0x7930/0x8460 [ 178.752288][ T299] get_tree_bdev+0x440/0x680 [ 178.756714][ T299] ext4_get_tree+0x1c/0x20 [ 178.760966][ T299] vfs_get_tree+0x88/0x290 [ 178.765220][ T299] do_new_mount+0x2ba/0xb30 [ 178.769558][ T299] path_mount+0x671/0x1070 [ 178.773815][ T299] __se_sys_mount+0x2c4/0x3b0 [ 178.778338][ T299] __x64_sys_mount+0xbf/0xd0 [ 178.782758][ T299] do_syscall_64+0x3d/0xb0 [ 178.787007][ T299] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 178.792733][ T299] [ 178.794903][ T299] Freed by task 4071: [ 178.798725][ T299] kasan_set_track+0x4b/0x70 [ 178.803151][ T299] kasan_save_free_info+0x2b/0x40 [ 178.808009][ T299] ____kasan_slab_free+0x131/0x180 [ 178.812956][ T299] __kasan_slab_free+0x11/0x20 [ 178.817557][ T299] kmem_cache_free+0x291/0x510 [ 178.822157][ T299] kernfs_put+0x392/0x520 [ 178.826322][ T299] __kobject_del+0x10f/0x300 [ 178.830749][ T299] kobject_del+0x45/0x60 [ 178.834828][ T299] ext4_unregister_sysfs+0x91/0xa0 [ 178.839776][ T299] ext4_put_super+0x7d/0xd60 [ 178.844205][ T299] generic_shutdown_super+0x14f/0x370 [ 178.849495][ T299] kill_block_super+0x7e/0xe0 [ 178.854010][ T299] deactivate_locked_super+0xad/0x110 [ 178.859222][ T299] deactivate_super+0xbe/0xf0 [ 178.863734][ T299] cleanup_mnt+0x485/0x510 [ 178.867981][ T299] __cleanup_mnt+0x19/0x20 [ 178.872236][ T299] task_work_run+0x24d/0x2e0 [ 178.876664][ T299] exit_to_user_mode_loop+0x94/0xa0 [ 178.881699][ T299] exit_to_user_mode_prepare+0x5a/0xa0 [ 178.886990][ T299] syscall_exit_to_user_mode+0x26/0x140 [ 178.892372][ T299] do_syscall_64+0x49/0xb0 [ 178.896633][ T299] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 178.902353][ T299] [ 178.904527][ T299] The buggy address belongs to the object at ffff888122823640 [ 178.904527][ T299] which belongs to the cache kernfs_node_cache of size 136 [ 178.918932][ T299] The buggy address is located 0 bytes inside of [ 178.918932][ T299] 136-byte region [ffff888122823640, ffff8881228236c8) [ 178.931881][ T299] [ 178.934033][ T299] The buggy address belongs to the physical page: [ 178.940285][ T299] page:ffffea00048a08c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122823 [ 178.950352][ T299] flags: 0x4000000000000200(slab|zone=1) [ 178.955828][ T299] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881002a0900 [ 178.964244][ T299] raw: 0000000000000000 0000000000140014 00000001ffffffff 0000000000000000 [ 178.972655][ T299] page dumped because: kasan: bad access detected [ 178.978912][ T299] page_owner tracks the page as allocated [ 178.984459][ T299] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4927, tgid 4926 (syz.1.1637), ts 178309437558, free_ts 178309326420 [ 179.002516][ T299] post_alloc_hook+0x213/0x220 [ 179.007114][ T299] prep_new_page+0x1b/0x110 [ 179.011451][ T299] get_page_from_freelist+0x27ea/0x2870 [ 179.016832][ T299] __alloc_pages+0x3a1/0x780 [ 179.021262][ T299] alloc_slab_page+0x6c/0xf0 [ 179.025688][ T299] new_slab+0x90/0x3e0 [ 179.029592][ T299] ___slab_alloc+0x6f9/0xb80 [ 179.034026][ T299] __slab_alloc+0x5d/0xa0 [ 179.038183][ T299] kmem_cache_alloc+0x1b9/0x2c0 [ 179.042871][ T299] __kernfs_new_node+0xdb/0x700 [ 179.047557][ T299] kernfs_new_node+0x130/0x230 [ 179.052158][ T299] __kernfs_create_file+0x4a/0x270 [ 179.057106][ T299] sysfs_add_file_mode_ns+0x1c8/0x270 [ 179.062315][ T299] internal_create_group+0x545/0xed0 [ 179.067436][ T299] sysfs_create_group+0x1f/0x30 [ 179.072123][ T299] loop_configure+0xe8e/0x1550 [ 179.076728][ T299] page last free stack trace: [ 179.081235][ T299] free_unref_page_prepare+0x83d/0x850 [ 179.086531][ T299] free_unref_page+0xb2/0x5c0 [ 179.091042][ T299] __free_pages+0x61/0xf0 [ 179.095206][ T299] free_pages+0x7c/0x90 [ 179.099203][ T299] tlb_finish_mmu+0x311/0x3f0 [ 179.103718][ T299] unmap_region+0x2c1/0x310 [ 179.108061][ T299] do_mas_align_munmap+0xd05/0x1400 [ 179.113088][ T299] do_mas_munmap+0x23e/0x2b0 [ 179.117514][ T299] __vm_munmap+0x263/0x3a0 [ 179.121767][ T299] __x64_sys_munmap+0x6b/0x80 [ 179.126278][ T299] do_syscall_64+0x3d/0xb0 [ 179.130532][ T299] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 179.136262][ T299] [ 179.138431][ T299] Memory state around the buggy address: [ 179.143905][ T299] ffff888122823500: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fa [ 179.151804][ T299] ffff888122823580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.159701][ T299] >ffff888122823600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 179.167594][ T299] ^ [ 179.173586][ T299] ffff888122823680: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 179.181484][ T299] ffff888122823700: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.189381][ T299] ================================================================== [ 179.198768][ T4932] kvm: pic: non byte read [ 179.203300][ T4932] kvm: pic: level sensitive irq not supported [ 179.203388][ T4932] kvm: pic: non byte read [ 179.218585][ T299] Disabling lock debugging due to kernel taint [ 179.224916][ T299] general protection fault, probably for non-canonical address 0xe0d43c2a60000206: 0000 [#1] PREEMPT SMP KASAN [ 179.236451][ T299] KASAN: maybe wild-memory-access in range [0x06a2015300001030-0x06a2015300001037] [ 179.245569][ T299] CPU: 0 PID: 299 Comm: kworker/0:2 Tainted: G B W 6.1.78-syzkaller-00046-g6aaa06c15d9b #0 [ 179.256586][ T299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 179.266487][ T299] Workqueue: events flush_stashed_error_work [ 179.272299][ T299] RIP: 0010:kernfs_find_and_get_ns+0x52/0x110 [ 179.278195][ T299] Code: 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 b4 01 d4 ff 49 8b 5d 08 48 85 db 49 0f 44 dd 48 83 c3 50 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 8f 01 d4 ff 4c 8b 33 49 83 c6 60 [ 179.297637][ T299] RSP: 0018:ffffc9000939fc68 EFLAGS: 00010207 [ 179.303541][ T299] RAX: 00d4402a60000206 RBX: 06a2015300001037 RCX: ffffffff81e87ddc [ 179.311353][ T299] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888122823648 [ 179.319162][ T299] RBP: ffffc9000939fc90 R08: dffffc0000000000 R09: 0000000000000003 [ 179.326974][ T299] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffffffff85b490a0 [ 179.334828][ T299] R13: ffff888122823640 R14: dffffc0000000000 R15: 0000000000000000 [ 179.342595][ T299] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 179.351363][ T299] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.357784][ T299] CR2: 0000000000000000 CR3: 0000000128ac0000 CR4: 00000000003526b0 [ 179.365598][ T299] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 179.373407][ T299] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 179.381229][ T299] Call Trace: [ 179.384381][ T299] [ 179.387127][ T299] ? __die_body+0x62/0xb0 [ 179.391286][ T299] ? die_addr+0x9f/0xd0 [ 179.395282][ T299] ? exc_general_protection+0x317/0x4c0 [ 179.400667][ T299] ? asm_exc_general_protection+0x27/0x30 [ 179.406217][ T299] ? kernfs_find_and_get_ns+0x3c/0x110 [ 179.411510][ T299] ? kernfs_find_and_get_ns+0x52/0x110 [ 179.416804][ T299] ? kernfs_find_and_get_ns+0x3c/0x110 [ 179.422102][ T299] sysfs_notify+0x73/0xd0 [ 179.426264][ T299] ext4_notify_error_sysfs+0x25/0x30 [ 179.431385][ T299] flush_stashed_error_work+0x2fe/0x320 [ 179.436767][ T299] ? pwq_dec_nr_in_flight+0x191/0x3d0 [ 179.441985][ T299] process_one_work+0x73d/0xcb0 [ 179.446667][ T299] worker_thread+0xa60/0x1260 [ 179.451181][ T299] kthread+0x26d/0x300 [ 179.455079][ T299] ? worker_clr_flags+0x1a0/0x1a0 [ 179.459953][ T299] ? kthread_blkcg+0xd0/0xd0 [ 179.464381][ T299] ret_from_fork+0x1f/0x30 [ 179.468627][ T299] [ 179.471487][ T299] Modules linked in: [ 179.496756][ T299] ---[ end trace 0000000000000000 ]--- [ 179.502796][ T299] RIP: 0010:kernfs_find_and_get_ns+0x52/0x110 [ 179.508862][ T299] Code: 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 b4 01 d4 ff 49 8b 5d 08 48 85 db 49 0f 44 dd 48 83 c3 50 48 89 d8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 df e8 8f 01 d4 ff 4c 8b 33 49 83 c6 60 [ 179.528380][ T299] RSP: 0018:ffffc9000939fc68 EFLAGS: 00010207 [ 179.534353][ T299] RAX: 00d4402a60000206 RBX: 06a2015300001037 RCX: ffffffff81e87ddc [ 179.542140][ T299] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888122823648 [ 179.550358][ T299] RBP: ffffc9000939fc90 R08: dffffc0000000000 R09: 0000000000000003 [ 179.829998][ T299] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffffffff85b490a0 [ 179.837996][ T299] R13: ffff888122823640 R14: dffffc0000000000 R15: 0000000000000000 [ 179.845757][ T299] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 179.854962][ T299] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.890419][ T299] CR2: 00007f86d2525d58 CR3: 0000000118feb000 CR4: 00000000003526b0 [ 179.898379][ T299] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 179.906142][ T299] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 179.914008][ T299] Kernel panic - not syncing: Fatal exception [ 179.920145][ T299] Kernel Offset: disabled [ 179.924275][ T299] Rebooting in 86400 seconds..