last executing test programs: 6.568929275s ago: executing program 2 (id=1163): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r0}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r4}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @local}]}}}]}, 0x40}, 0x1, 0x4c00000000000000}, 0x0) 6.485166153s ago: executing program 2 (id=1164): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @remote}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@inlinecrypt}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@max_batch_time}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) fallocate(r2, 0x0, 0x0, 0x1000f4) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 6.463057015s ago: executing program 1 (id=1165): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x1]}, 0x8, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mount(0x0, 0x0, 0x0, 0x2010c15, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000f40)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) signalfd4(r1, &(0x7f0000000180), 0x8, 0x0) 6.376356403s ago: executing program 2 (id=1166): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file1/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') chdir(&(0x7f0000000040)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.current\x00', 0x275a, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000300)=""/104, 0x68) 6.312114279s ago: executing program 2 (id=1169): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000401904000600000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r1}, &(0x7f00000004c0), &(0x7f0000000500)='%-010d \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0xffffffffffffff37, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x22, 0xb}, 0x0}, 0x0) 6.095475259s ago: executing program 0 (id=1173): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0xc8, 0x8, 0x128, 0x5803, 0x268, 0x2e8, 0x2e8, 0x268, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0xa8, 0xd8, 0x0, {0x0, 0x2000000000000}}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x60}}, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000440)=0x2, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0xc6}]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) 6.089831109s ago: executing program 2 (id=1174): syz_mount_image$vfat(&(0x7f0000001200), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="002918d910d46be7099c66b02010b1f0b7c3dc1dabe625969fb0adc922385af53d57a1d35dd71c90d9dd649b53142dd3d4108b4c7db82e8475d5bb6fa2fa626cd92c7326ce1ba2f33b0aef2b2164e01d910058b51684696959ea7f5a607a6572d2640cf9312a07000000260e3651a0cbfd2c080990fb4c76e9e613a759863734a70d0600ec77e8ba76aacbb21e4b903aa4873a9951f269a9c0f87805a1a0cbdf6b8644a1de05a8d9dd9687d67c8af7f68cb59e60d1fbefb49b93d6b72cce4162edc4468a13987d94d428df36915621aeff6dc1358a7331fa69e05c417c2e1e6b8dc29c496c76d02dfc2d7b48616fb3f01b221f4f8f484a00090964922de8909a1f9f7ef655a12a68a56cb341a8fba4cd81cedec9cb518d13d2a2564427b63b037494748a24daa21fe1256df68d000b2778bf0437cc642cd83c5a1b34eeffdf93ecbd85bb340eeef68dd60101769c74f94d217264c171feea0305bfc87c36247d90b129a9973f00000001d99b195d2f75653a0193672783c6dbca5d1445110621d8095064f0a034f492cf5aa4767a772d6f4967722546bfd83d3202f76c20a9d7f40f9e7818d77129df7fd072804e0227ecaa03dddd303a318d6f7763ce011543587e6a306780ca2f37db7e8a5b64a5059ac91ff2110e40ea13d70e1504653ba9eebcf61b427797fb3fd79d2bb9aaa13c9729fe323c4ac222991981381e004684fb200b17d2f6ede181067662ad8a31f45b613869ca8fc5b1dbe62407a1f6dcb86a4c430210e9bcfca9b83283b87316c4d17f388e0bab0500000092a82e12f8e5348f11e7739033e9081bfc598746cf032fa55d9581470000000019ac65f89ca7d96da3ca2db52f8ec80462fddf42dbbca24b7200"/643], 0x1, 0x120b, &(0x7f00000036c0)="$eJzs3M9rXFUUB/CTNv1hajJRa7UF6UE3unk2WbhyEyQF6YDSNoVWEF7NRIeZzIS8ITBFbHdu/TvEpTtB/AeyceNacJeNyy7EJ84LtglxEcFOWz6fzRzm3i9zH28YeJd7Zu/9bzZ7G1WxUY7ixMxMzG5F5MOMjBNxMhoP4p1bv/z6xo3bd66ttNur1zOvrtxcei8zFy7/+MmX37350+jcre8XfjgTu4uf7v2+/Nvuhd2Le3/e/KJbZbfKwXCUZd4dDkfl3X4n17tVr8j8uN8pq052B1Vn+8D4Rn+4tTXOcrA+P7e13amqLAfj7HXGORrmaHuc5edld5BFUeT8XPDfnY61bx/WdR1R16fidNR1Xb8Qc3EuXoz5WIhWLMZL8XK8Eufj1bgQr8XrcXEya9orBwAAAAAAAAAAAAAAAAAAgOeL/n8AAAAAAAAAAAAAAAAAAACYPv3/AAAAAAAAAAAAAAAAAAAAMH36/wEAAAAAAAAAAAAAAAAAAGD6bty+c22l3V69nnk2YvPrnbWdtea1GV/ZiG70oxNXohV/xKT7v9HUVz9sr17JicV4d/P+fv7+ztrJg/mlyd8JHJlfavJ5MH8m5h7PL0crzh+dXz4yfzbefuuxfBGt+PmzGEY/1uPv7KP8V0uZH3zUPpS/NJkHAAAAz4Mi/3Hk83tR5MxMM/XQePPmv+8P1K1D+wOHnq9n49LsFC+ciWp8r1f2+53tZ6vY/0rGvV55+WlYj+IYxf69e/C0rOcZLU5FxP/4EVP8UeKJeXTTp70SAAAAAAAAAAAAjuMYBwNnm/O2xz9OOO1rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5iB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcFAAD//78558w=") open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x4c00) dup3(r1, r0, 0x0) io_setup(0x6, &(0x7f0000000240)=0x0) io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x8, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a07, 0x220a06}]) 6.067534471s ago: executing program 0 (id=1176): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) setresuid(0x0, 0x0, 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 5.903314927s ago: executing program 0 (id=1177): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000107d1e502d0000ecff000109022400010000300009040000010300020009210700b90122070009058103"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000004c0)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="0000070000000700cb030f47"], 0x0, 0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 5.575900567s ago: executing program 1 (id=1183): connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) syz_usb_connect$hid(0x2, 0x54, &(0x7f0000000380)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc539, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x43, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0xffff, 0x0, 0x1, {0x22, 0xfd6}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x9d, 0x0, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x9, 0x3, 0x72}}]}}}]}}]}}, 0x0) futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) mlockall(0x3) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000bda000/0x4000)=nil, 0x4000, 0x0) 5.492864024s ago: executing program 2 (id=1175): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000200)}, 0x20) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f0000000200)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141842, 0x0) 5.007559719s ago: executing program 4 (id=1184): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000680)={[{@abort}, {@debug}]}, 0x1, 0x774, &(0x7f00000007c0)="$eJzs3d1rW+UfAPDvSdt17fb7tYKg86ogaGEstbNuCl5MvBDBwUCv3UKaldm0GU061lJwQwRvBBUvBL3ZtS/zzltfbvW/8EI2pnbDiRdSOWmyZWvSpWuTDPL5wNM+zzkneZ5vnnOe8yTnkATQtybSP5mIQxHxURIxVlueRMRQNTcYcWJzu9vra/k0JbGx8eYfSXWbW+tr+Wh4TOpArfBkRPz4fsThzNZ6yyur87lisbBUK09VFs5PlVdWj5xbyM0V5gqLx6ZnZo4ef+H4sb2L9a9fVg9e//i1Z7858c97T1z98KckTsTB2rrGOPbKREzUXpOh9CW8x6t7XVmPJb1uAA8lPTQHNo/yOBRjMVDNtTDSzZYBAJ3ybkRsAAB9JnH+B4A+U/8c4Nb6Wr6eevuJRHfdeCUi9m/GX7++ublmsHbNbn/1OujoreSeKyNJRIzvQf0TEfHFd29/labo0HVIgGYuXY6IM+MTW8f/ZMs9Czv1XBvbTNxXNv5B93yfzn9ebDb/y9yZ/0ST+c9wk2P3YTz4+M9c24NqWkrnfy833Nt2uyH+mvGBWul/1TnfUHL2XLGQjm3/j4jJGBpOy9Pb1DF589+brdY1zv/+/OSdL9P60/93t8hcGxy+9zGzuUpuNzE3unE54qnBZvEnd/o/aTH/PdVmHa+/9MHnrdal8afx1tPW+Dtr40rEM037/+4dbcm29ydOVXeHqfpO0cS3v3422qr+xv5PU1p//b1AN6T9P7p9/ONJ4/2a5Z3X8fOVsR9arXtw/M33/33JW9X8vtqyi7lKZWk6Yl/yxtblR+8+tl6ub5/GP/l08+N/u/0/fU94ps34B6///vXDx99ZafyzO+r/nWeu3p4faFV/e/0/U81N1pa0M/6128DdvHYAAAAAAAAAAAAAAAAAAAAAAAAA0K5MRByMJJO9k89kstnN3/B+PEYzxVK5cvhsaXlxNqq/lT0eQ5n6V12ONXwf6nTt+/Dr5aP3lZ+PiMci4tPhkWo5my8VZ3sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHGjx+/+p34Z73ToAoGP297oBAEDXOf8DQP/Z2fl/pGPtAAC6x/t/AOg/zv8A0H+c/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiwUydPpmnj7/W1fFqevbCyPF+6cGS2UJ7PLizns/nS0vnsXKk0Vyxk86WFlk90afNfsVQ6PxOLyxenKoVyZaq8snp6obS8WDl9biE3VzhdGOpaZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQvvLK6nyuWCws7SaTPtFePI+MjMwjkmkcJUZ6Nj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOr+CwAA///vXCkU") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r1}, 0x10) r2 = socket$unix(0x1, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r3}, 0x10) bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 4.532562353s ago: executing program 4 (id=1185): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r2}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r4}, 0x10) close(r3) 3.922750669s ago: executing program 4 (id=1186): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="120100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b240201064dbd81"], 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000280)={0x14, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(r2, 0x0, 0x1a1840, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001680)={0x14, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00038d0000008d03"]}, 0x0) 3.211447815s ago: executing program 0 (id=1187): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000280)={[{@quota}, {@resuid={'resuid', 0x3d, 0xee01}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") creat(&(0x7f00000001c0)='./bus\x00', 0x0) truncate(&(0x7f0000000340)='./file2\x00', 0x0) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='./file1\x00') open(&(0x7f0000001780)='./bus\x00', 0x64842, 0x0) 3.210245665s ago: executing program 1 (id=1188): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x15, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair(0x1e, 0x801, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000840)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f00000006c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000080007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_connect(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="130100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b24"], 0x0) 2.405447908s ago: executing program 0 (id=1190): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) write$selinux_user(0xffffffffffffffff, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4b4, 0x7b1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000015c0)={0x2c, &(0x7f0000000600)=ANY=[@ANYBLOB="0000050000000500612bd9759ac9"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.499284172s ago: executing program 3 (id=1192): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r1}, 0x10) r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x1, 0x0) ioctl$MON_IOCT_RING_SIZE(r2, 0x9204, 0xdd218) 1.497839622s ago: executing program 4 (id=1193): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x28000600) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 489.957745ms ago: executing program 0 (id=1194): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10) syz_clone(0x2202351f, 0x0, 0x0, 0x0, 0x0, 0x0) 488.349345ms ago: executing program 1 (id=1195): futex(0x0, 0x0, 0x4, 0x0, 0x0, 0x0) mlockall(0x3) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 487.874945ms ago: executing program 3 (id=1196): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3}, 0x10) sendmsg$inet(r0, 0x0, 0x0) 487.361245ms ago: executing program 4 (id=1197): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x802, &(0x7f0000000300)={[{@noblock_validity}, {@dioread_nolock}, {@nobh}, {@minixdf}, {@nobh}, {@usrjquota, 0x2e}, {@grpquota}, {@nodiscard}, {@jqfmt_vfsv0}, {@noload}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r2, 0x0, 0x0) lseek(r2, 0x400, 0x1) getdents64(r2, 0x0, 0x2000) 186.824123ms ago: executing program 1 (id=1198): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r4, r3, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x4, r2, r2, 0x0, 0x0) 186.452273ms ago: executing program 3 (id=1199): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001540)=0x14) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newtaction={0x98, 0x30, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x1, r5}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0) 185.662243ms ago: executing program 4 (id=1200): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @broadcast}, 0x10) 167.270614ms ago: executing program 3 (id=1201): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x128000, 0x800}, 0x20) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000180)=0x8, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000240)=0x20, 0x4) bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x0, r2}, 0x10) recvmmsg(r0, &(0x7f0000001400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12140, 0x0) 87.578282ms ago: executing program 1 (id=1202): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') write$binfmt_script(r0, &(0x7f0000001800)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1) r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 83.396242ms ago: executing program 3 (id=1204): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000002c0)=ANY=[@ANYBLOB="757466383d302c726f6469722c757466383d312c757466383d302c756e695f786c6174653d302c726f6469722c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c756e695f786c6174653d312c73686f72746e616d653d6d697865642c726f6469722c646f733178666c6f7070792c73686f72746e616d653d77696e6e742cac76546f786c6174653d302c009433256ee8caea7486efc9a665283f4b92208d22beed3a5363ffb92e6cc904e7ae7712cc4af5afd80317a037d9daaa3a94ffa28fd3e48a19"], 0x7, 0x2cd, &(0x7f0000000500)="$eJzs3T9rJGUYAPBnNpPdVYtNYSWCA1pYHZdrbTbIHYipPFKohQYvB5JdhAQC/sH1KlsbCws/gSD4QWz8BoKtYOcJB6/M7MzO7N2SZI/biJffr8mTd97nned9d0MmRZ79+NXp8b0i7j/46vcYRha9cYzjYRY70YvGN7Fk/F0AAP9nD1OKv9LcOnlZRAw3VxYAsEGX+/2ft+EvV1IWALBBd9//4N29/f3b7xXFMO5Mvz07KP+yL7/Or+/dj09jEkdxM0bxKKJ6UNiO6mmhDO+klGZ5UdqJN6azs4Myc/rRr/X6e39GVPm7MYqdamjxtFHlv7N/e7eY6+TPyjperO8/LvNvxSheXiQv5d9akR8H/Xjz9U79N2IUv30Sn8Uk7lVFtPlf7xbF2+n7v7/8sCyvzM9mZweDal4rbV3xSwMAAAAAAAAAAAAAAAAAAAAAwHPsRt07ZxBV/55yqO6/s/Wo/GY7isbOcn+eeX7WLNTtD5RSmqX4semvc7MoilRPbPPzeCXvNhYEAAAAAAAAAAAAAAAAAACA6+v08y+ODyeTo5NnEjTdAPKI+OduxNOuM+6MvBZ10IuVkwf1PQ8nk14dLs/JuyOx1czJIto5zXF0Vi438bSnkcdae3/hiZrr4Kef17378OI526vv9SyD5jiPD7PVZziIZmRYH9QP/Yh2Tj8uea/+4yNpNF8nrfUS9FdeGl2Y3mx0sc5LVTA7Jyuy8wp764+lBbPHd9GvTnVxzsNoD2q7Drr1LL83LvV+LtesflKekOnWAQAAAAAAAAAAAAAAAAAAG9X+9++Kiw/OTe2lwcbKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAr1X7+/xrBrE4+OjnNL5jcj5PT/3iLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAP/BgAA///vmVBI") open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 3 (id=1205): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): sb 4-1: Product: syz [ 91.079951][ T649] usb 4-1: Manufacturer: syz [ 91.084320][ T649] usb 4-1: SerialNumber: syz [ 91.178263][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 91.298348][ T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.438323][ T649] usb 4-1: Found UVC 0.00 device syz (19ab:1000) [ 91.444700][ T649] usb 4-1: No valid video chain found. [ 91.457499][ T649] usb 4-1: USB disconnect, device number 22 [ 91.478374][ T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 91.487440][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.495586][ T39] usb 1-1: Product: syz [ 91.499697][ T39] usb 1-1: Manufacturer: syz [ 91.504650][ T39] usb 1-1: SerialNumber: syz [ 91.528262][ T314] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 91.889351][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.903238][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.914187][ T314] usb 3-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 91.927245][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.935855][ T314] usb 3-1: config 0 descriptor?? [ 91.992214][ T2592] syz.1.801[2592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.992281][ T2592] syz.1.801[2592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.993473][ T2594] loop3: detected capacity change from 0 to 512 [ 92.023905][ T2594] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 92.037264][ T2594] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.790: invalid indirect mapped block 4294967295 (level 1) [ 92.051203][ T2594] EXT4-fs (loop3): Remounting filesystem read-only [ 92.057835][ T2594] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.790: invalid indirect mapped block 4294967295 (level 1) [ 92.072075][ T2594] EXT4-fs (loop3): 2 truncates cleaned up [ 92.077673][ T2594] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 92.146408][ T2594] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.790: bg 0: block 5: invalid block bitmap [ 92.159012][ T2594] EXT4-fs (loop3): Remounting filesystem read-only [ 92.171548][ T2525] EXT4-fs (loop3): unmounting filesystem. [ 92.201366][ T2605] netlink: 'syz.1.793': attribute type 4 has an invalid length. [ 92.211453][ T28] audit: type=1400 audit(1727924263.326:392): avc: denied { ioctl } for pid=2604 comm="syz.1.793" path="socket:[28744]" dev="sockfs" ino=28744 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 92.244978][ T2607] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 92.408953][ T314] elo 0003:04E7:0030.0028: item fetching failed at offset 2/5 [ 92.416398][ T314] elo 0003:04E7:0030.0028: parse failed [ 92.421920][ T314] elo: probe of 0003:04E7:0030.0028 failed with error -22 [ 92.468380][ T393] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 92.612169][ T314] usb 3-1: USB disconnect, device number 18 [ 92.658328][ T39] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 92.664655][ T39] cdc_ncm 1-1:1.0: setting tx_max = 184 [ 92.828344][ T393] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.839250][ T393] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.848881][ T393] usb 4-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00 [ 92.857904][ T393] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.866444][ T393] usb 4-1: config 0 descriptor?? [ 93.089562][ T39] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 93.105408][ T39] usb 1-1: USB disconnect, device number 13 [ 93.111466][ T39] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 93.140701][ T2614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.807'. [ 93.156497][ T2619] loop2: detected capacity change from 0 to 256 [ 93.163152][ T2614] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'. [ 93.240245][ T2619] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1768846636 (3537693272 ns) > initial count (1927074542 ns). Using initial count to start timer. [ 93.260854][ T2619] Disabled LAPIC found during irq injection [ 93.349526][ T393] sony 0003:12BA:0100.0029: hidraw0: USB HID vff.ff Device [HID 12ba:0100] on usb-dummy_hcd.3-1/input0 [ 93.360473][ T393] sony 0003:12BA:0100.0029: failed to claim input [ 93.551583][ T24] usb 4-1: USB disconnect, device number 23 [ 93.594874][ T2651] loop2: detected capacity change from 0 to 512 [ 93.609584][ T2651] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 93.624340][ T2651] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.804: invalid indirect mapped block 4294967295 (level 1) [ 93.638770][ T2651] EXT4-fs (loop2): Remounting filesystem read-only [ 93.645117][ T2651] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.804: invalid indirect mapped block 4294967295 (level 1) [ 93.659572][ T2651] EXT4-fs (loop2): 2 truncates cleaned up [ 93.665531][ T2651] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 93.737427][ T2651] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.804: bg 0: block 5: invalid block bitmap [ 93.751636][ T2651] EXT4-fs (loop2): Remounting filesystem read-only [ 93.772662][ T2486] EXT4-fs (loop2): unmounting filesystem. [ 93.895255][ T2677] loop1: detected capacity change from 0 to 512 [ 93.913936][ T28] audit: type=1400 audit(1727924265.026:393): avc: denied { read } for pid=2678 comm="syz.2.815" name="usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 93.938791][ T28] audit: type=1400 audit(1727924265.026:394): avc: denied { open } for pid=2678 comm="syz.2.815" path="/dev/usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 93.975609][ T2677] EXT4-fs (loop1): orphan cleanup on readonly fs [ 93.982599][ T2677] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.814: bg 0: block 248: padding at end of block bitmap is not set [ 93.997232][ T2677] Quota error (device loop1): write_blk: dquota write failed [ 94.004722][ T2677] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 94.015143][ T2677] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.814: Failed to acquire dquot type 1 [ 94.026811][ T2677] EXT4-fs (loop1): 1 truncate cleaned up [ 94.032611][ T2677] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 94.057365][ T2677] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 94.104491][ T2677] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 94.124319][ T2677] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 94.148658][ T2677] syz.1.814 (2677) used greatest stack depth: 19360 bytes left [ 94.173077][ T1495] EXT4-fs (loop1): unmounting filesystem. [ 94.195229][ T28] audit: type=1400 audit(1727924265.306:395): avc: denied { create } for pid=2690 comm="syz.1.819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 94.255443][ T2697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.822'. [ 94.368314][ T314] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 94.449034][ T2708] syz.0.827[2708] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.449083][ T2708] syz.0.827[2708] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.537215][ T2716] ------------[ cut here ]------------ [ 94.554971][ T2716] WARNING: CPU: 0 PID: 2716 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0 [ 94.566726][ T2716] Modules linked in: [ 94.570760][ T2716] CPU: 0 PID: 2716 Comm: syz.0.831 Not tainted 6.1.99-syzkaller-00098-g1cdc168f1ef0 #0 [ 94.581792][ T2716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 94.594000][ T2716] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 94.601871][ T2716] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 d2 32 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b f3 55 ff <0f> 0b e9 06 ff ff ff e8 1f f3 55 ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 94.631568][ T2716] RSP: 0018:ffffc90006be7ae0 EFLAGS: 00010283 [ 94.638618][ T2716] RAX: ffffffff821fb025 RBX: 0000000000000000 RCX: 0000000000040000 [ 94.648189][ T2716] RDX: ffffc90004352000 RSI: 0000000000001bf3 RDI: 0000000000001bf4 [ 94.660273][ T2716] RBP: ffffc90006be7b10 R08: ffffffff821faf24 R09: ffffed10221cff69 [ 94.668886][ T2716] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888137462330 [ 94.677269][ T2716] R13: ffff888137462360 R14: 1ffff11026e8c46c R15: ffff888110e7faa0 [ 94.685784][ T2716] FS: 00007f7e356e96c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 94.694753][ T2716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.701350][ T2716] CR2: 0000000020001000 CR3: 0000000123957000 CR4: 00000000003506b0 [ 94.709770][ T2716] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000400 [ 94.718040][ T2716] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 94.726327][ T2716] Call Trace: [ 94.729714][ T2716] [ 94.732449][ T2716] ? show_regs+0x58/0x60 [ 94.736739][ T2716] ? __warn+0x160/0x3d0 [ 94.740760][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 94.745589][ T2716] ? report_bug+0x4d5/0x7d0 [ 94.750212][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 94.755044][ T2716] ? handle_bug+0x41/0x70 [ 94.759231][ T2716] ? exc_invalid_op+0x1b/0x50 [ 94.763729][ T2716] ? asm_exc_invalid_op+0x1b/0x20 [ 94.768610][ T2716] ? ovl_dir_modified+0xa4/0x1e0 [ 94.773447][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 94.778332][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 94.783169][ T2716] ovl_do_remove+0x7fc/0xbf0 [ 94.787597][ T2716] ? ovl_set_redirect+0x670/0x670 [ 94.792560][ T2716] ? selinux_inode_rmdir+0x22/0x30 [ 94.797410][ T2716] ovl_rmdir+0x1a/0x20 [ 94.801375][ T2716] vfs_rmdir+0x398/0x500 [ 94.805393][ T2716] incfs_kill_sb+0x113/0x230 [ 94.809827][ T2716] deactivate_locked_super+0xad/0x110 [ 94.815020][ T2716] deactivate_super+0xbe/0xf0 [ 94.819553][ T2716] cleanup_mnt+0x485/0x510 [ 94.823784][ T2716] __cleanup_mnt+0x19/0x20 [ 94.828035][ T2716] task_work_run+0x24d/0x2e0 [ 94.832492][ T2716] ? task_work_cancel+0x2b0/0x2b0 [ 94.837320][ T2716] ? __x64_sys_mount+0xd0/0xd0 [ 94.841940][ T2716] exit_to_user_mode_loop+0x94/0xa0 [ 94.846956][ T2716] exit_to_user_mode_prepare+0x5a/0xa0 [ 94.852269][ T2716] syscall_exit_to_user_mode+0x26/0x130 [ 94.857678][ T2716] do_syscall_64+0x47/0xb0 [ 94.861901][ T2716] ? clear_bhb_loop+0x55/0xb0 [ 94.866509][ T2716] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 94.872273][ T2716] RIP: 0033:0x7f7e3497dff9 [ 94.876489][ T2716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.895967][ T2716] RSP: 002b:00007f7e356e9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 94.904190][ T2716] RAX: ffffffffffffffea RBX: 00007f7e34b35f80 RCX: 00007f7e3497dff9 [ 94.912316][ T2716] RDX: 0000000020000340 RSI: 0000000020000100 RDI: 0000000020000040 [ 94.921551][ T2716] RBP: 00007f7e349f0296 R08: 0000000000000000 R09: 0000000000000000 [ 94.929489][ T2716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.937671][ T2716] R13: 0000000000000000 R14: 00007f7e34b35f80 R15: 00007ffc3264cf08 [ 94.945598][ T2716] [ 94.948524][ T2716] ---[ end trace 0000000000000000 ]--- [ 94.953963][ T2716] ------------[ cut here ]------------ [ 94.954821][ T6] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 94.959375][ T2716] WARNING: CPU: 1 PID: 2716 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0 [ 94.975940][ T2716] Modules linked in: [ 94.979714][ T2716] CPU: 1 PID: 2716 Comm: syz.0.831 Tainted: G W 6.1.99-syzkaller-00098-g1cdc168f1ef0 #0 [ 94.990610][ T2716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 95.000503][ T2716] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 95.006081][ T2716] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 d2 32 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b f3 55 ff <0f> 0b e9 06 ff ff ff e8 1f f3 55 ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 95.008238][ T314] usb 3-1: Using ep0 maxpacket: 16 [ 95.025710][ T2716] RSP: 0018:ffffc90006be7ae0 EFLAGS: 00010283 [ 95.030967][ T393] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 95.036502][ T2716] RAX: ffffffff821fb025 RBX: 0000000000000000 RCX: 0000000000040000 [ 95.051652][ T2716] RDX: ffffc90004352000 RSI: 0000000000014e0f RDI: 0000000000014e10 [ 95.059464][ T2716] RBP: ffffc90006be7b10 R08: ffffffff821faf24 R09: ffffed10221cff69 [ 95.067263][ T2716] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888137462330 [ 95.075176][ T2716] R13: ffff888137462360 R14: 1ffff11026e8c46c R15: ffff888110e7faa0 [ 95.082988][ T2716] FS: 00007f7e356e96c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 95.091747][ T2716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.098156][ T2716] CR2: 0000001b2e517ff8 CR3: 0000000123957000 CR4: 00000000003506a0 [ 95.105991][ T2716] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.113899][ T2716] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.121742][ T2716] Call Trace: [ 95.124825][ T2716] [ 95.127629][ T2716] ? show_regs+0x58/0x60 [ 95.131908][ T2716] ? __warn+0x160/0x3d0 [ 95.135874][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 95.140722][ T2716] ? report_bug+0x4d5/0x7d0 [ 95.145047][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 95.149926][ T2716] ? handle_bug+0x41/0x70 [ 95.154082][ T2716] ? exc_invalid_op+0x1b/0x50 [ 95.158605][ T2716] ? asm_exc_invalid_op+0x1b/0x20 [ 95.163569][ T2716] ? ovl_dir_modified+0xa4/0x1e0 [ 95.168259][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 95.173089][ T2716] ? ovl_dir_modified+0x1a5/0x1e0 [ 95.177941][ T2716] ovl_do_remove+0x7fc/0xbf0 [ 95.182555][ T2716] ? ovl_set_redirect+0x670/0x670 [ 95.187438][ T2716] ? selinux_inode_rmdir+0x22/0x30 [ 95.192693][ T2716] ovl_rmdir+0x1a/0x20 [ 95.196575][ T2716] vfs_rmdir+0x398/0x500 [ 95.200752][ T2716] incfs_kill_sb+0x1b4/0x230 [ 95.205086][ T2716] deactivate_locked_super+0xad/0x110 [ 95.210307][ T2716] deactivate_super+0xbe/0xf0 [ 95.214799][ T2716] cleanup_mnt+0x485/0x510 [ 95.219070][ T2716] __cleanup_mnt+0x19/0x20 [ 95.223478][ T2716] task_work_run+0x24d/0x2e0 [ 95.228001][ T2716] ? task_work_cancel+0x2b0/0x2b0 [ 95.232870][ T2716] ? __x64_sys_mount+0xd0/0xd0 [ 95.237543][ T2716] exit_to_user_mode_loop+0x94/0xa0 [ 95.242590][ T2716] exit_to_user_mode_prepare+0x5a/0xa0 [ 95.247869][ T2716] syscall_exit_to_user_mode+0x26/0x130 [ 95.253275][ T2716] do_syscall_64+0x47/0xb0 [ 95.257498][ T2716] ? clear_bhb_loop+0x55/0xb0 [ 95.262029][ T2716] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 95.267828][ T2716] RIP: 0033:0x7f7e3497dff9 [ 95.272344][ T2716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.292209][ T2716] RSP: 002b:00007f7e356e9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 95.300818][ T2716] RAX: ffffffffffffffea RBX: 00007f7e34b35f80 RCX: 00007f7e3497dff9 [ 95.308863][ T2716] RDX: 0000000020000340 RSI: 0000000020000100 RDI: 0000000020000040 [ 95.316934][ T2716] RBP: 00007f7e349f0296 R08: 0000000000000000 R09: 0000000000000000 [ 95.318377][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.324779][ T2716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.335648][ T314] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 95.343343][ T2716] R13: 0000000000000000 R14: 00007f7e34b35f80 R15: 00007ffc3264cf08 [ 95.352616][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.360314][ T2716] [ 95.372481][ T2716] ---[ end trace 0000000000000000 ]--- [ 95.386133][ T314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.398256][ T314] usb 3-1: Product: syz [ 95.402250][ T314] usb 3-1: Manufacturer: syz [ 95.407297][ T6] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 95.408077][ T2721] loop4: detected capacity change from 0 to 256 [ 95.426492][ T314] usb 3-1: SerialNumber: syz [ 95.431266][ T393] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 95.433178][ T2721] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 95.445129][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.463530][ T314] r8152-cfgselector 3-1: config 0 descriptor?? [ 95.469565][ T393] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 95.481969][ T393] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 95.495688][ T6] usb 4-1: config 0 descriptor?? [ 95.505094][ T393] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 95.516106][ T393] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 95.584983][ T2734] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2734 comm=syz.0.839 [ 95.597590][ T2734] netlink: 24 bytes leftover after parsing attributes in process `syz.0.839'. [ 95.638337][ T393] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 95.647197][ T393] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 95.655240][ T393] usb 2-1: Product: syz [ 95.659229][ T393] usb 2-1: Manufacturer: syz [ 95.708677][ T393] cdc_wdm 2-1:1.0: skipping garbage [ 95.713712][ T393] cdc_wdm 2-1:1.0: skipping garbage [ 95.720409][ T393] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 95.919457][ T24] usb 2-1: USB disconnect, device number 15 [ 95.958315][ T314] r8152-cfgselector 3-1: Unknown version 0x0000 [ 95.964725][ T314] r8152-cfgselector 3-1: bad CDC descriptors [ 95.988481][ T314] r8152-cfgselector 3-1: Unknown version 0x0000 [ 95.994842][ T6] hid (null): bogus close delimiter [ 96.005504][ T314] r8152-cfgselector 3-1: USB disconnect, device number 19 [ 96.507930][ T28] audit: type=1400 audit(1727924267.616:396): avc: denied { connect } for pid=2748 comm="syz.2.844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 96.604905][ T2758] bridge0: port 3(syz_tun) entered blocking state [ 96.611377][ T314] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 96.614912][ T2758] bridge0: port 3(syz_tun) entered disabled state [ 96.630284][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002A/input/input30 [ 96.630622][ T2758] device syz_tun entered promiscuous mode [ 96.643988][ T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002A/input/input31 [ 96.647661][ T2758] bridge0: port 3(syz_tun) entered blocking state [ 96.660985][ T6] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002A/input/input32 [ 96.665167][ T2758] bridge0: port 3(syz_tun) entered forwarding state [ 96.688396][ T6] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002A/input/input33 [ 96.701608][ T6] uclogic 0003:256C:006D.002A: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 96.854046][ T2773] device pim6reg1 entered promiscuous mode [ 96.874501][ T39] usb 4-1: USB disconnect, device number 24 [ 96.898310][ T19] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 96.911578][ T2775] loop4: detected capacity change from 0 to 256 [ 97.028333][ T314] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 97.037475][ T314] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 97.047808][ T314] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 97.056656][ T314] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 97.067443][ T314] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 97.158307][ T19] usb 3-1: Using ep0 maxpacket: 32 [ 97.218333][ T314] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 97.227250][ T314] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 97.235021][ T314] usb 2-1: Product: syz [ 97.239112][ T314] usb 2-1: Manufacturer: syz [ 97.288337][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 97.300146][ T314] cdc_wdm 2-1:1.0: skipping garbage [ 97.305163][ T314] cdc_wdm 2-1:1.0: skipping garbage [ 97.310293][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 97.321639][ T19] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 97.322053][ T314] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 97.336752][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.345853][ T19] usb 3-1: config 0 descriptor?? [ 97.364360][ T314] usb 2-1: USB disconnect, device number 16 [ 97.370742][ T2760] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 97.408780][ T19] hub 3-1:0.0: USB hub found [ 97.499637][ T28] audit: type=1400 audit(1727924268.616:397): avc: denied { read } for pid=2791 comm="syz.4.862" laddr=fe80::a8aa:aaff:feaa:aa16 lport=255 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 97.538727][ T2794] device pim6reg1 entered promiscuous mode [ 97.576411][ T2798] kvm: pic: non byte read [ 97.628299][ T19] hub 3-1:0.0: 2 ports detected [ 97.718236][ T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 97.758245][ T314] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 97.887845][ T2801] loop4: detected capacity change from 0 to 131072 [ 97.895022][ T2801] F2FS-fs (loop4): Segment count (31) mismatch with total segments from devices (0) [ 97.904318][ T2801] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 97.913398][ T2801] F2FS-fs (loop4): invalid crc value [ 97.920291][ T2801] F2FS-fs (loop4): Found nat_bits in checkpoint [ 97.943303][ T2801] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 97.950243][ T2801] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 98.108310][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.118433][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.119459][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.129941][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.139455][ T24] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 98.149011][ T314] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 98.157832][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.166890][ T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.175180][ T24] usb 4-1: config 0 descriptor?? [ 98.187549][ T314] usb 2-1: config 0 descriptor?? [ 98.421039][ T19] usb 3-1: USB disconnect, device number 20 [ 98.878325][ T24] usb 4-1: string descriptor 0 read error: -22 [ 98.888352][ T314] usb 2-1: language id specifier not provided by device, defaulting to English [ 98.922409][ T2814] loop4: detected capacity change from 0 to 512 [ 98.935912][ T2814] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz.4.870: bad orphan inode 17 [ 98.946230][ T2814] ext4_test_bit(bit=16, block=4) = 1 [ 98.951502][ T2814] is_bad_inode(inode)=0 [ 98.955486][ T2814] NEXT_ORPHAN(inode)=0 [ 98.959468][ T2814] max_ino=32 [ 98.962437][ T2814] i_nlink=1 [ 98.965407][ T2814] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 98.982888][ T2814] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.870: bg 0: block 7: invalid block bitmap [ 99.001304][ T1604] EXT4-fs (loop4): unmounting filesystem. [ 99.099603][ T24] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002B/input/input34 [ 99.112068][ T24] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002B/input/input35 [ 99.124514][ T24] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002B/input/input36 [ 99.137612][ T24] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.002B/input/input37 [ 99.150880][ T24] uclogic 0003:256C:006D.002B: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 99.168269][ T19] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 99.298403][ T393] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 99.313091][ T60] usb 4-1: USB disconnect, device number 25 [ 99.329639][ T314] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.002C/input/input38 [ 99.342457][ T314] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.002C/input/input39 [ 99.354798][ T314] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.002C/input/input40 [ 99.367956][ T314] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.002C/input/input41 [ 99.380747][ T314] uclogic 0003:256C:006D.002C: input,hiddev97,hidraw1: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 99.538269][ T393] usb 5-1: Using ep0 maxpacket: 16 [ 99.548303][ T19] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 99.556362][ T19] usb 1-1: config 0 has no interface number 0 [ 99.562466][ T19] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 99.566774][ T24] usb 2-1: USB disconnect, device number 17 [ 99.658344][ T393] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 99.666245][ T393] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 99.676332][ T393] usb 5-1: config 0 has no interface number 0 [ 99.682279][ T393] usb 5-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 99.728334][ T19] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 99.737360][ T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.745112][ T19] usb 1-1: Product: syz [ 99.749173][ T19] usb 1-1: Manufacturer: syz [ 99.753500][ T19] usb 1-1: SerialNumber: syz [ 99.758829][ T19] usb 1-1: config 0 descriptor?? [ 99.778311][ T2811] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 99.798612][ T19] usb-storage 1-1:0.20: USB Mass Storage device detected [ 99.806052][ T19] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 99.813545][ T393] usb 5-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 99.822734][ T393] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 99.831773][ T393] usb 5-1: Product: syz [ 99.835862][ T393] usb 5-1: SerialNumber: syz [ 99.854458][ T393] usb 5-1: config 0 descriptor?? [ 99.865917][ T2833] loop3: detected capacity change from 0 to 512 [ 99.873208][ T2833] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 99.883714][ T2833] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.876: invalid indirect mapped block 4294967295 (level 1) [ 99.897730][ T2833] EXT4-fs (loop3): Remounting filesystem read-only [ 99.904306][ T2833] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.876: invalid indirect mapped block 4294967295 (level 1) [ 99.918372][ T2833] EXT4-fs (loop3): 2 truncates cleaned up [ 99.923942][ T2833] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 99.991027][ T2833] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.876: bg 0: block 5: invalid block bitmap [ 100.003405][ T19] scsi host1: usb-storage 1-1:0.20 [ 100.003508][ T2833] EXT4-fs (loop3): Remounting filesystem read-only [ 100.009855][ T19] usb 1-1: USB disconnect, device number 14 [ 100.029308][ T2525] EXT4-fs (loop3): unmounting filesystem. [ 100.140128][ T393] snd-usb-audio: probe of 5-1:0.2 failed with error -2 [ 100.149745][ T393] usb 5-1: USB disconnect, device number 23 [ 100.155286][ T318] udevd[318]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 100.528271][ T60] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 100.631416][ T1604] bridge0: port 3(syz_tun) entered disabled state [ 100.638618][ T1604] device syz_tun left promiscuous mode [ 100.643893][ T1604] bridge0: port 3(syz_tun) entered disabled state [ 100.773744][ T2866] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.778265][ T393] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 100.780779][ T2866] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.795185][ T2866] device bridge_slave_0 entered promiscuous mode [ 100.801877][ T2866] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.808836][ T2866] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.815959][ T2866] device bridge_slave_1 entered promiscuous mode [ 100.866322][ T2866] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.873179][ T2866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.880302][ T2866] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.887063][ T2866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.888328][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.909159][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.915685][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.918827][ T60] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 100.934722][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.934765][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.943462][ T60] usb 4-1: config 0 descriptor?? [ 100.954756][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.969005][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.976942][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.983787][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.991534][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.999495][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.006408][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.013937][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.021793][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.036157][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.047328][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.055114][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.062606][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.072699][ T2866] device veth0_vlan entered promiscuous mode [ 101.083447][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.097444][ T2866] device veth1_macvtap entered promiscuous mode [ 101.111570][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.119976][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.138284][ T393] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.149111][ T393] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.185031][ T393] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 101.195196][ T393] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.209185][ T393] usb 1-1: config 0 descriptor?? [ 101.292880][ T2876] loop1: detected capacity change from 0 to 40427 [ 101.300117][ T2876] F2FS-fs (loop1): Invalid segment/section count (24 != 24 * 3) [ 101.307957][ T2876] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 101.320531][ T2876] F2FS-fs (loop1): Image doesn't support compression [ 101.328152][ T2876] F2FS-fs (loop1): invalid crc value [ 101.339043][ T2876] F2FS-fs (loop1): Found nat_bits in checkpoint [ 101.370866][ T496] device bridge_slave_1 left promiscuous mode [ 101.376812][ T496] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.383864][ T2886] loop4: detected capacity change from 0 to 512 [ 101.387005][ T2876] F2FS-fs (loop1): Start checkpoint disabled! [ 101.396452][ T2886] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 101.399438][ T496] device bridge_slave_0 left promiscuous mode [ 101.407641][ T2876] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 101.412442][ T496] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.419724][ T2886] EXT4-fs (loop4): 1 truncate cleaned up [ 101.426108][ T2876] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 101.431376][ T2886] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 101.439919][ T60] lg-g15 0003:046D:C222.002D: item fetching failed at offset 7/11 [ 101.460253][ T28] audit: type=1400 audit(1727924272.576:398): avc: denied { mounton } for pid=2875 comm="syz.1.895" path="/94/bus/file0" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 101.465334][ T60] lg-g15: probe of 0003:046D:C222.002D failed with error -22 [ 101.489731][ T496] device veth1_macvtap left promiscuous mode [ 101.494224][ T1495] syz-executor: attempt to access beyond end of device [ 101.494224][ T1495] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 101.495561][ T496] device veth0_vlan left promiscuous mode [ 101.515144][ T1495] syz-executor: attempt to access beyond end of device [ 101.515144][ T1495] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 101.532953][ T2866] EXT4-fs (loop4): unmounting filesystem. [ 101.566156][ T551] kworker/u4:52: attempt to access beyond end of device [ 101.566156][ T551] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 101.655868][ T60] usb 4-1: USB disconnect, device number 26 [ 101.688555][ T2898] loop2: detected capacity change from 0 to 2048 [ 101.699861][ T2898] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 101.708273][ T2898] ext4 filesystem being mounted at /24/bus supports timestamps until 2038 (0x7fffffff) [ 101.730135][ T2486] EXT4-fs (loop2): unmounting filesystem. [ 101.868253][ T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 101.942488][ T496] tipc: Left network mode [ 101.951002][ T2909] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.958365][ T2909] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.965494][ T2909] device bridge_slave_0 entered promiscuous mode [ 101.972135][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.979228][ T2909] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.986344][ T2909] device bridge_slave_1 entered promiscuous mode [ 102.029001][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.035846][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.042991][ T2909] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.049750][ T2909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.069903][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.077368][ T649] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.084731][ T649] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.098653][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.106585][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.113436][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.120690][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.129177][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.136003][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.149814][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.157527][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.173060][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 102.181436][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.189340][ T60] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 102.202535][ T2909] device veth0_vlan entered promiscuous mode [ 102.208948][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 102.216743][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.226438][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.233995][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.238347][ T24] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 102.247230][ T2909] device veth1_macvtap entered promiscuous mode [ 102.251301][ T24] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 102.257824][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 102.274647][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 102.282952][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.296954][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.305083][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.313257][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.321351][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.338394][ T393] uclogic 0003:256C:006D.002E: interface is invalid, ignoring [ 102.428375][ T60] usb 3-1: Using ep0 maxpacket: 32 [ 102.438585][ T24] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 102.447578][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.455421][ T24] usb 5-1: Product: syz [ 102.459674][ T24] usb 5-1: Manufacturer: syz [ 102.463981][ T24] usb 5-1: SerialNumber: syz [ 102.468459][ T321] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 102.476448][ T24] usb 5-1: config 0 descriptor?? [ 102.498353][ T2896] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 102.505340][ T2896] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 102.519406][ T496] device bridge_slave_1 left promiscuous mode [ 102.525321][ T496] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.532514][ T496] device bridge_slave_0 left promiscuous mode [ 102.538511][ T496] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.546445][ T496] device veth1_macvtap left promiscuous mode [ 102.550623][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.552475][ T496] device veth0_vlan left promiscuous mode [ 102.569010][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.578705][ T60] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 102.591432][ T60] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 102.600354][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.609086][ T60] usb 3-1: config 0 descriptor?? [ 102.614336][ T393] usb 1-1: USB disconnect, device number 15 [ 102.628435][ T649] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 102.719456][ T2896] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 102.726443][ T2896] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 102.848373][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.859210][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.868951][ T321] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 102.879192][ T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.887815][ T321] usb 4-1: config 0 descriptor?? [ 103.068449][ T649] usb 2-1: unable to get BOS descriptor or descriptor too short [ 103.089092][ T60] ntrig 0003:1B96:000A.002F: unknown main item tag 0x0 [ 103.095896][ T60] ntrig 0003:1B96:000A.002F: unknown main item tag 0x0 [ 103.102536][ T60] ntrig 0003:1B96:000A.002F: unknown main item tag 0x0 [ 103.109327][ T60] ntrig 0003:1B96:000A.002F: unknown main item tag 0x0 [ 103.115928][ T60] ntrig 0003:1B96:000A.002F: unknown main item tag 0x0 [ 103.118486][ T649] usb 2-1: not running at top speed; connect to a high speed hub [ 103.124141][ T60] ntrig 0003:1B96:000A.002F: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.2-1/input0 [ 103.148156][ T28] audit: type=1400 audit(1727924274.256:399): avc: denied { write } for pid=2923 comm="syz.0.912" path="socket:[29684]" dev="sockfs" ino=29684 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 103.189067][ T24] dm9601: No valid MAC address in EEPROM, using b2:48:23:db:dc:32 [ 103.228344][ T649] usb 2-1: config 180 has an invalid interface number: 90 but max is 1 [ 103.236476][ T649] usb 2-1: config 180 has an invalid interface number: 3 but max is 1 [ 103.244714][ T649] usb 2-1: config 180 has no interface number 0 [ 103.250813][ T649] usb 2-1: config 180 has no interface number 1 [ 103.256921][ T649] usb 2-1: config 180 interface 90 altsetting 6 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 103.267863][ T649] usb 2-1: config 180 interface 90 has no altsetting 0 [ 103.274557][ T649] usb 2-1: config 180 interface 3 has no altsetting 0 [ 103.299822][ T60] usb 3-1: USB disconnect, device number 21 [ 103.389717][ T321] pyra 0003:1E7D:2CF6.0030: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 103.408321][ T24] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 103.418138][ T24] usb 5-1: USB disconnect, device number 24 [ 103.448356][ T649] usb 2-1: New USB device found, idVendor=0403, idProduct=f3c0, bcdDevice= 1.3a [ 103.457340][ T649] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.465263][ T649] usb 2-1: Product: syz [ 103.469356][ T649] usb 2-1: Manufacturer: syz [ 103.473745][ T649] usb 2-1: SerialNumber: syz [ 103.608306][ T321] pyra 0003:1E7D:2CF6.0030: couldn't init struct pyra_device [ 103.615599][ T321] pyra 0003:1E7D:2CF6.0030: couldn't install mouse [ 103.622455][ T321] pyra: probe of 0003:1E7D:2CF6.0030 failed with error -71 [ 103.630603][ T321] usb 4-1: USB disconnect, device number 27 [ 103.768932][ T649] ftdi_sio 2-1:180.90: FTDI USB Serial Device converter detected [ 103.776717][ T649] usb 2-1: Detected SIO [ 103.781127][ T649] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 103.838698][ T649] ftdi_sio 2-1:180.3: FTDI USB Serial Device converter detected [ 103.839263][ T2933] loop2: detected capacity change from 0 to 1024 [ 103.846836][ T649] usb 2-1: Detected SIO [ 103.852755][ T2933] EXT4-fs: Ignoring removed nobh option [ 103.860710][ T649] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 103.873599][ T649] usb 2-1: USB disconnect, device number 18 [ 103.879927][ T2933] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 103.889006][ T649] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 103.904015][ T649] ftdi_sio 2-1:180.90: device disconnected [ 103.911853][ T2933] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 103.911972][ T649] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 103.926700][ T2933] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #15: comm syz.2.915: mark_inode_dirty error [ 103.933283][ T649] ftdi_sio 2-1:180.3: device disconnected [ 103.975454][ T2486] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 103.990376][ T2486] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 104.000291][ T2486] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor: mark_inode_dirty error [ 104.023928][ T2486] EXT4-fs (loop2): unmounting filesystem. [ 104.264444][ T2954] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.272222][ T2954] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.279289][ T2967] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 104.295750][ T2954] device bridge_slave_0 entered promiscuous mode [ 104.306678][ T2954] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.321556][ T2954] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.329183][ T2954] device bridge_slave_1 entered promiscuous mode [ 104.379655][ T2981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2981 comm=syz.4.937 [ 104.451666][ T2997] syz.0.942[2997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.451737][ T2997] syz.0.942[2997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.484730][ T2954] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.502621][ T2954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.509698][ T2954] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.516493][ T2954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.553140][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 104.565308][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.574900][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.599964][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 104.607816][ T28] audit: type=1400 audit(1727924275.716:400): avc: denied { bind } for pid=3008 comm="syz.1.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 104.627916][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.634801][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.641955][ T321] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 104.648096][ T3013] syz.1.950[3013] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.649505][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.649711][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.649725][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.682814][ T3013] syz.1.950[3013] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.683557][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.705147][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.732103][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.750640][ T2954] device veth0_vlan entered promiscuous mode [ 104.757698][ T28] audit: type=1400 audit(1727924275.866:401): avc: denied { watch } for pid=3019 comm="syz.0.953" path="/166" dev="tmpfs" ino=924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 104.759104][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.794795][ T2954] device veth1_macvtap entered promiscuous mode [ 104.808803][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 104.818153][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 104.826594][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.836664][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.852854][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.879655][ T28] audit: type=1400 audit(1727924275.996:402): avc: denied { mounton } for pid=2954 comm="syz-executor" path="/root/syzkaller.CXOWPS/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 104.989476][ T8] device bridge_slave_1 left promiscuous mode [ 104.996210][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.003898][ T8] device bridge_slave_0 left promiscuous mode [ 105.010162][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.018444][ T8] device veth1_macvtap left promiscuous mode [ 105.018499][ T8] device veth0_vlan left promiscuous mode [ 105.058300][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 105.073091][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 105.258454][ T321] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 105.267389][ T321] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.275475][ T321] usb 4-1: Product: syz [ 105.279655][ T321] usb 4-1: Manufacturer: syz [ 105.284060][ T321] usb 4-1: SerialNumber: syz [ 105.289363][ T321] usb 4-1: config 0 descriptor?? [ 105.308459][ T2977] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 105.328307][ T60] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 105.388318][ T19] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 105.540490][ T321] usb 4-1: USB disconnect, device number 28 [ 105.688359][ T60] usb 2-1: config 8 has an invalid interface number: 5 but max is 0 [ 105.696248][ T60] usb 2-1: config 8 has no interface number 0 [ 105.702115][ T60] usb 2-1: config 8 interface 5 has no altsetting 0 [ 105.748554][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.749869][ T858] udevd[858]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 105.759808][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.784659][ T19] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 105.793647][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.804704][ T19] usb 3-1: config 0 descriptor?? [ 105.878350][ T60] usb 2-1: New USB device found, idVendor=05c6, idProduct=900d, bcdDevice=a3.0d [ 105.887282][ T60] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.895064][ T60] usb 2-1: Product: syz [ 105.899264][ T60] usb 2-1: Manufacturer: syz [ 105.903660][ T60] usb 2-1: SerialNumber: syz [ 106.018311][ T24] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 106.128303][ T393] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 106.152162][ T3050] loop1: detected capacity change from 0 to 1024 [ 106.159291][ T3050] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 106.167864][ T3050] EXT4-fs (loop1): invalid inodes per group: 0 [ 106.167864][ T3050] [ 106.223827][ T3050] 9pnet: p9_errstr2errno: server reported unknown error 184467440 [ 106.309545][ T60] usb 2-1: USB disconnect, device number 19 [ 106.348308][ T649] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 106.408377][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c539, bcdDevice= 0.00 [ 106.417373][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.425681][ T24] usb 1-1: config 0 descriptor?? [ 106.488352][ T393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.499138][ T393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.508769][ T19] usb 3-1: language id specifier not provided by device, defaulting to English [ 106.517619][ T393] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 106.530416][ T393] usb 5-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 106.539363][ T393] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.547807][ T393] usb 5-1: config 0 descriptor?? [ 106.718372][ T649] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.729509][ T649] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.746439][ T649] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 106.759515][ T649] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.768746][ T3070] loop1: detected capacity change from 0 to 16 [ 106.778427][ T649] usb 4-1: config 0 descriptor?? [ 106.784796][ T3070] erofs: (device loop1): mounted with root inode @ nid 36. [ 106.801892][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 205 @ nid 36 [ 106.811355][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 197 @ nid 36 [ 106.820391][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 192 @ nid 36 [ 106.830180][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 180 @ nid 36 [ 106.839445][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 172 @ nid 36 [ 106.848539][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 168 @ nid 36 [ 106.857671][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 160 @ nid 36 [ 106.867053][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 149 @ nid 36 [ 106.876277][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 144 @ nid 36 [ 106.885366][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 140 @ nid 36 [ 106.894562][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 92 @ nid 36 [ 106.903569][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 106.912565][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 69 @ nid 36 [ 106.921540][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 64 @ nid 36 [ 106.930698][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 60 @ nid 36 [ 106.939852][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 106.950714][ T19] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0031/input/input42 [ 106.962296][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 36 @ nid 36 [ 106.972361][ T19] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0031/input/input43 [ 106.982485][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 32 @ nid 36 [ 106.985037][ T19] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0031/input/input44 [ 106.993493][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 107.006328][ T19] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0031/input/input45 [ 107.014606][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 19 @ nid 36 [ 107.036264][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 18 @ nid 36 [ 107.044518][ T19] uclogic 0003:256C:006D.0031: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 107.046191][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 17 @ nid 36 [ 107.058414][ T393] betop 0003:11C2:2208.0032: item fetching failed at offset 4/5 [ 107.066708][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 107.074071][ T393] betop 0003:11C2:2208.0032: parse failed [ 107.082948][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 107.090945][ T393] betop: probe of 0003:11C2:2208.0032 failed with error -22 [ 107.125732][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 12 @ nid 36 [ 107.125801][ T24] usbhid: probe of 1-1:0.0 failed with error -71 [ 107.135252][ T3070] erofs: (device loop1): z_erofs_readahead: readahead error at page 8 @ nid 36 [ 107.144532][ T24] usb 1-1: USB disconnect, device number 16 [ 107.162176][ T3070] syz.1.973: attempt to access beyond end of device [ 107.162176][ T3070] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 107.176131][ T3070] syz.1.973: attempt to access beyond end of device [ 107.176131][ T3070] loop1: rw=524288, sector=1049272, nr_sectors = 16 limit=16 [ 107.192773][ T393] usb 3-1: USB disconnect, device number 22 [ 107.201387][ T3070] syz.1.973: attempt to access beyond end of device [ 107.201387][ T3070] loop1: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 107.215331][ T3070] syz.1.973: attempt to access beyond end of device [ 107.215331][ T3070] loop1: rw=524288, sector=384, nr_sectors = 16 limit=16 [ 107.228773][ T3070] syz.1.973: attempt to access beyond end of device [ 107.228773][ T3070] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 107.242341][ T3070] syz.1.973: attempt to access beyond end of device [ 107.242341][ T3070] loop1: rw=524288, sector=728, nr_sectors = 16 limit=16 [ 107.255757][ T3070] syz.1.973: attempt to access beyond end of device [ 107.255757][ T3070] loop1: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 107.269847][ T3070] syz.1.973: attempt to access beyond end of device [ 107.269847][ T3070] loop1: rw=524288, sector=525152, nr_sectors = 16 limit=16 [ 107.284005][ T3070] syz.1.973: attempt to access beyond end of device [ 107.284005][ T3070] loop1: rw=524288, sector=13478624032, nr_sectors = 16 limit=16 [ 107.299164][ T19] usb 5-1: USB disconnect, device number 25 [ 107.299374][ T3070] syz.1.973: attempt to access beyond end of device [ 107.299374][ T3070] loop1: rw=524288, sector=13478624040, nr_sectors = 16 limit=16 [ 107.339183][ T3072] netlink: 4 bytes leftover after parsing attributes in process `syz.1.974'. [ 107.349324][ T3072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.974'. [ 107.358306][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 107.366203][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 107.384471][ T3074] incfs_lookup_dentry err:-13 [ 107.384473][ T28] audit: type=1400 audit(1727924278.496:403): avc: denied { ioctl } for pid=3073 comm="syz.1.975" path="/15/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 107.414730][ T3074] Error opening source file [ 107.434368][ T3077] loop1: detected capacity change from 0 to 512 [ 107.442966][ T3077] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz.1.976: inline data xattr refers to an external xattr inode [ 107.457760][ T3077] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.976: couldn't read orphan inode 12 (err -117) [ 107.469628][ T3077] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 107.486812][ T2909] EXT4-fs (loop1): unmounting filesystem. [ 107.665117][ T3100] loop1: detected capacity change from 0 to 256 [ 107.783266][ T3119] netlink: 'syz.1.993': attribute type 1 has an invalid length. [ 107.791168][ T28] audit: type=1400 audit(1727924278.906:404): avc: denied { setopt } for pid=3118 comm="syz.1.993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 107.838323][ T649] usb 4-1: string descriptor 0 read error: -71 [ 107.855051][ T3127] loop2: detected capacity change from 0 to 256 [ 107.867213][ T3125] loop4: detected capacity change from 0 to 1024 [ 107.873631][ T649] uclogic 0003:256C:006D.0033: failed retrieving string descriptor #200: -71 [ 107.882795][ T649] uclogic 0003:256C:006D.0033: failed retrieving pen parameters: -71 [ 107.890217][ T3127] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 107.891355][ T649] uclogic 0003:256C:006D.0033: failed probing pen v2 parameters: -71 [ 107.910728][ T649] uclogic 0003:256C:006D.0033: failed probing parameters: -71 [ 107.918353][ T649] uclogic: probe of 0003:256C:006D.0033 failed with error -71 [ 107.921313][ T3125] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 107.927650][ T649] usb 4-1: USB disconnect, device number 29 [ 107.959615][ T8] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 107.960559][ T3134] loop2: detected capacity change from 0 to 128 [ 107.975883][ T8] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 107.997069][ T8] EXT4-fs (loop4): This should not happen!! Data will be lost [ 107.997069][ T8] [ 108.007225][ T8] EXT4-fs (loop4): Total free blocks count 0 [ 108.013174][ T8] EXT4-fs (loop4): Free/Dirty block details [ 108.019352][ T8] EXT4-fs (loop4): free_blocks=68451041280 [ 108.025233][ T8] EXT4-fs (loop4): dirty_blocks=64 [ 108.030308][ T8] EXT4-fs (loop4): Block reservation details [ 108.036109][ T8] EXT4-fs (loop4): i_reserved_data_blocks=4 [ 108.042734][ T2866] EXT4-fs (loop4): unmounting filesystem. [ 108.124767][ T3142] syz.2.1003[3142] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.124812][ T3142] syz.2.1003[3142] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.186981][ T3147] device pim6reg1 entered promiscuous mode [ 108.724588][ T3166] loop1: detected capacity change from 0 to 512 [ 108.736426][ T3166] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 108.747477][ T3166] EXT4-fs (loop1): 1 truncate cleaned up [ 108.753284][ T3166] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 108.772601][ T3166] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 108.786841][ T3166] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #2: block 13: comm syz.1.1011: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 108.809580][ T2909] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 108.834189][ T2909] EXT4-fs (loop1): unmounting filesystem. [ 108.868864][ T3173] device syzkaller0 entered promiscuous mode [ 108.990057][ T3179] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.996898][ T3179] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.004663][ T3179] device bridge_slave_0 entered promiscuous mode [ 109.015265][ T3179] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.024169][ T3179] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.024446][ T3186] SELinux: Context Ü is not valid (left unmapped). [ 109.031811][ T3179] device bridge_slave_1 entered promiscuous mode [ 109.115595][ T3179] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.122474][ T3179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.129575][ T3179] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.136358][ T3179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.161219][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 109.170228][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.188612][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.210983][ T3192] loop3: detected capacity change from 0 to 512 [ 109.219126][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 109.230595][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.231117][ T3192] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 109.237439][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.237606][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 109.262012][ T312] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 109.270139][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.270872][ T3192] EXT4-fs (loop3): 1 truncate cleaned up [ 109.276976][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.277147][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 109.289863][ T3190] loop4: detected capacity change from 0 to 40427 [ 109.298115][ T3192] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 109.308353][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 109.324827][ T3190] F2FS-fs (loop4): Invalid segment/section count (24 != 24 * 3) [ 109.333632][ T3190] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 109.340461][ T3192] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 109.341880][ T3190] F2FS-fs (loop4): Image doesn't support compression [ 109.356119][ T3192] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #2: block 13: comm syz.3.1024: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 109.363460][ T3190] F2FS-fs (loop4): invalid crc value [ 109.396156][ T3179] device veth0_vlan entered promiscuous mode [ 109.403392][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 109.411834][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 109.419883][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 109.423150][ T3190] F2FS-fs (loop4): Found nat_bits in checkpoint [ 109.427159][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 109.446133][ T3179] device veth1_macvtap entered promiscuous mode [ 109.454215][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 109.463289][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 109.471493][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 109.473066][ T2525] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 109.504159][ T2525] EXT4-fs (loop3): unmounting filesystem. [ 109.512806][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 109.520786][ T3190] F2FS-fs (loop4): Start checkpoint disabled! [ 109.521180][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 109.539268][ T3190] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 109.546449][ T3190] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 109.561100][ T3201] loop2: detected capacity change from 0 to 512 [ 109.567758][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 109.578033][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 109.598535][ T3201] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #3: comm syz.2.1027: corrupted inode contents [ 109.624848][ T3201] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #3: comm syz.2.1027: mark_inode_dirty error [ 109.639727][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.649069][ T3201] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #3: comm syz.2.1027: corrupted inode contents [ 109.650597][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.671924][ T312] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 109.673958][ T3201] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.1027: mark_inode_dirty error [ 109.680971][ T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.701004][ T312] usb 1-1: config 0 descriptor?? [ 109.707059][ T3201] Quota error (device loop2): write_blk: dquota write failed [ 109.714613][ T3201] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 109.736869][ T3201] EXT4-fs error (device loop2): ext4_acquire_dquot:6764: comm syz.2.1027: Failed to acquire dquot type 0 [ 109.763153][ T3201] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz.2.1027: corrupted inode contents [ 109.805468][ T3201] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #16: comm syz.2.1027: mark_inode_dirty error [ 109.817378][ T3201] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz.2.1027: corrupted inode contents [ 109.829445][ T3201] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.1027: mark_inode_dirty error [ 109.841780][ T3201] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz.2.1027: corrupted inode contents [ 109.854097][ T8] device bridge_slave_1 left promiscuous mode [ 109.860225][ T3201] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 109.860282][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.876078][ T3201] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz.2.1027: corrupted inode contents [ 109.888088][ T8] device bridge_slave_0 left promiscuous mode [ 109.898043][ T3201] EXT4-fs error (device loop2): ext4_truncate:4302: inode #16: comm syz.2.1027: mark_inode_dirty error [ 109.898470][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.918273][ T3201] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 109.928821][ T3201] EXT4-fs (loop2): 1 truncate cleaned up [ 109.934529][ T8] device veth1_macvtap left promiscuous mode [ 109.940389][ T3201] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 109.946683][ T8] device veth0_vlan left promiscuous mode [ 109.949183][ T3201] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038 (0x7fffffff) [ 109.976773][ T2954] EXT4-fs (loop2): unmounting filesystem. [ 110.049586][ T3209] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.056432][ T3209] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.064578][ T3209] device bridge_slave_0 entered promiscuous mode [ 110.081701][ T3209] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.088813][ T3209] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.096114][ T3209] device bridge_slave_1 entered promiscuous mode [ 110.153084][ T3216] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.160341][ T3216] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.167518][ T3216] device bridge_slave_0 entered promiscuous mode [ 110.185815][ T3216] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.188285][ T314] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 110.193435][ T312] keytouch 0003:0926:3333.0034: fixing up Keytouch IEC report descriptor [ 110.209223][ T3216] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.216514][ T3216] device bridge_slave_1 entered promiscuous mode [ 110.224315][ T312] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0034/input/input46 [ 110.293159][ T3209] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.300044][ T3209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.307149][ T3209] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.310711][ T312] keytouch 0003:0926:3333.0034: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 110.313926][ T3209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.399598][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.407137][ T649] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.414412][ T649] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.432727][ T393] usb 1-1: USB disconnect, device number 17 [ 110.449841][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.457772][ T28] audit: type=1400 audit(1727924281.566:405): avc: denied { remove_name } for pid=85 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 110.480601][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.483047][ T28] audit: type=1400 audit(1727924281.566:406): avc: denied { rename } for pid=85 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 110.488666][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.510398][ T28] audit: type=1400 audit(1727924281.566:407): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 110.517029][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.517276][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.553983][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.562036][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.568869][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.576027][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.583882][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.588329][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.591676][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.602357][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.610076][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.619439][ T314] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 110.638593][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 110.646721][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 110.652378][ T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.671948][ T3209] device veth0_vlan entered promiscuous mode [ 110.685643][ T314] usb 2-1: config 0 descriptor?? [ 110.695618][ T3209] device veth1_macvtap entered promiscuous mode [ 110.705299][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 110.713189][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 110.721266][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 110.728631][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.735841][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.744725][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.752703][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.759641][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.766792][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.775077][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.783028][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.789858][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.797000][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.804755][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.812536][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.820435][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.828126][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 110.836098][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 110.844019][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 110.852526][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 110.859890][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 110.867165][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 110.883643][ T3216] device veth0_vlan entered promiscuous mode [ 110.892097][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 110.900491][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 110.908731][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 110.916353][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 110.930125][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 110.937342][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 110.945357][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 110.953639][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 110.967451][ T3216] device veth1_macvtap entered promiscuous mode [ 110.976541][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 110.985084][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 110.993389][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.002089][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.021076][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.029410][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.044837][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.053796][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.063550][ T3245] loop3: detected capacity change from 0 to 512 [ 111.071603][ T3245] EXT4-fs (loop3): Test dummy encryption mode enabled [ 111.079579][ T3245] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz.3.1030: inline data xattr refers to an external xattr inode [ 111.095047][ T3245] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.1030: couldn't read orphan inode 12 (err -117) [ 111.116957][ T3245] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 111.181528][ T314] pyra 0003:1E7D:2CF6.0035: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0 [ 113.048484][ T314] pyra 0003:1E7D:2CF6.0035: couldn't init struct pyra_device [ 113.055725][ T314] pyra 0003:1E7D:2CF6.0035: couldn't install mouse [ 113.072067][ T314] pyra: probe of 0003:1E7D:2CF6.0035 failed with error -71 [ 113.077804][ T3261] loop1: detected capacity change from 0 to 256 [ 114.031225][ T314] usb 2-1: USB disconnect, device number 20 [ 114.045913][ T3261] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 114.091050][ T3209] EXT4-fs (loop3): unmounting filesystem. [ 114.128610][ T3272] netlink: 'syz.3.1049': attribute type 1 has an invalid length. [ 114.259034][ T8] device bridge_slave_1 left promiscuous mode [ 114.265006][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.303139][ T8] device bridge_slave_0 left promiscuous mode [ 114.327305][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.335502][ T8] device bridge_slave_1 left promiscuous mode [ 114.354756][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.368767][ T8] device bridge_slave_0 left promiscuous mode [ 114.380142][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.388751][ T8] device veth1_macvtap left promiscuous mode [ 114.394590][ T8] device veth0_vlan left promiscuous mode [ 114.402205][ T8] device veth1_macvtap left promiscuous mode [ 114.418604][ T8] device veth0_vlan left promiscuous mode [ 114.425136][ T28] audit: type=1400 audit(1727924285.536:408): avc: denied { mounton } for pid=3300 comm="syz.0.1060" path="/192/file0" dev="tmpfs" ino=1067 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 114.548423][ T314] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 114.557402][ T3313] loop2: detected capacity change from 0 to 1024 [ 114.577700][ T3313] EXT4-fs: Ignoring removed nobh option [ 114.593057][ T3313] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 114.630993][ T3313] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 114.661132][ T3313] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 40 with max blocks 4 with error 28 [ 114.686469][ T3313] EXT4-fs (loop2): This should not happen!! Data will be lost [ 114.686469][ T3313] [ 114.699755][ T3313] EXT4-fs (loop2): Total free blocks count 0 [ 114.705774][ T3313] EXT4-fs (loop2): Free/Dirty block details [ 114.714000][ T3313] EXT4-fs (loop2): free_blocks=0 [ 114.718855][ T3313] EXT4-fs (loop2): dirty_blocks=0 [ 114.723683][ T3313] EXT4-fs (loop2): Block reservation details [ 114.732320][ T3313] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 114.747805][ T2954] EXT4-fs (loop2): unmounting filesystem. [ 114.780662][ T28] audit: type=1400 audit(1727924285.886:409): avc: denied { wake_alarm } for pid=3322 comm="syz.2.1068" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 114.908338][ T19] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 114.948377][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 114.959383][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 115.048280][ T312] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 115.128402][ T314] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 115.137243][ T314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.145243][ T314] usb 2-1: Product: syz [ 115.149281][ T314] usb 2-1: Manufacturer: syz [ 115.153640][ T314] usb 2-1: SerialNumber: syz [ 115.158351][ T19] usb 4-1: Using ep0 maxpacket: 32 [ 115.163986][ T314] usb 2-1: config 0 descriptor?? [ 115.188326][ T3275] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 115.430909][ T314] usb 2-1: USB disconnect, device number 21 [ 115.438316][ T19] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 115.438326][ T312] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.438345][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.465534][ T19] usb 4-1: Product: syz [ 115.469735][ T19] usb 4-1: Manufacturer: syz [ 115.475135][ T19] usb 4-1: SerialNumber: syz [ 115.480828][ T19] usb 4-1: config 0 descriptor?? [ 115.638368][ T312] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 115.647262][ T312] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.655058][ T312] usb 3-1: Product: syz [ 115.659035][ T312] usb 3-1: Manufacturer: syz [ 115.663448][ T312] usb 3-1: SerialNumber: syz [ 115.668386][ T312] usb 3-1: config 0 descriptor?? [ 115.928266][ T312] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 115.939511][ T28] audit: type=1400 audit(1727924287.056:410): avc: denied { ioctl } for pid=3333 comm="syz.4.1082" path="/dev/usbmon0" dev="devtmpfs" ino=139 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 115.966478][ T312] usb 3-1: USB disconnect, device number 23 [ 116.019204][ T3341] loop1: detected capacity change from 0 to 128 [ 116.027508][ T3341] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 116.036060][ T3341] ext4 filesystem being mounted at /6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 116.176649][ T28] audit: type=1326 audit(1727924287.286:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3340 comm="syz.1.1074" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc49177dff9 code=0x0 [ 116.178365][ T19] (unnamed net_device) (uninitialized): Assigned a random MAC address: 12:2d:2b:be:c6:b4 [ 116.200120][ T318] udevd[318]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 116.211200][ T19] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 116.235180][ T19] usb 4-1: USB disconnect, device number 30 [ 116.237142][ T3179] EXT4-fs (loop1): unmounting filesystem. [ 116.268269][ T311] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 116.528289][ T311] usb 5-1: Using ep0 maxpacket: 32 [ 116.688293][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.699166][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.708633][ T311] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 116.717491][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.726156][ T311] usb 5-1: config 0 descriptor?? [ 116.781239][ T311] hub 5-1:0.0: USB hub found [ 116.949301][ T3364] loop3: detected capacity change from 0 to 512 [ 116.960008][ T3364] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 116.969087][ T3364] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff) [ 116.988344][ T311] hub 5-1:0.0: 1 port detected [ 117.010649][ T3209] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1) [ 117.027659][ T3209] EXT4-fs (loop3): unmounting filesystem. [ 117.176902][ T3369] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.183791][ T3369] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.192853][ T3369] device bridge_slave_0 entered promiscuous mode [ 117.199830][ T3369] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.206671][ T3369] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.214089][ T3369] device bridge_slave_1 entered promiscuous mode [ 117.253617][ T3369] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.260477][ T3369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.267560][ T3369] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.274375][ T3369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.312945][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.323961][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.331343][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.343648][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 117.364160][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.371046][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.383351][ T28] audit: type=1400 audit(1727924288.496:412): avc: denied { write } for pid=3383 comm="syz.2.1092" name="fd" dev="proc" ino=33195 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 117.404776][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.413287][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.420156][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.427466][ T28] audit: type=1400 audit(1727924288.496:413): avc: denied { add_name } for pid=3383 comm="syz.2.1092" name="3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 117.447031][ T28] audit: type=1400 audit(1727924288.496:414): avc: denied { create } for pid=3383 comm="syz.2.1092" name="3" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 117.470209][ T28] audit: type=1400 audit(1727924288.496:415): avc: denied { associate } for pid=3383 comm="syz.2.1092" name="3" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 117.494990][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.505778][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.529562][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 117.529885][ T28] audit: type=1400 audit(1727924288.646:416): avc: denied { ioctl } for pid=3390 comm="syz.2.1095" path="/dev/fuse" dev="devtmpfs" ino=93 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 117.562843][ T28] audit: type=1400 audit(1727924288.656:417): avc: denied { mounton } for pid=3390 comm="syz.2.1095" path="/42/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 117.588752][ T3369] device veth0_vlan entered promiscuous mode [ 117.594633][ T311] usb 5-1: USB disconnect, device number 26 [ 117.612393][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 117.620825][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 117.628276][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 117.638637][ T3396] loop2: detected capacity change from 0 to 128 [ 117.643602][ T3369] device veth1_macvtap entered promiscuous mode [ 117.656851][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 117.672935][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 117.683631][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 117.709005][ T3396] loop2: detected capacity change from 128 to 105 [ 117.722429][ T3401] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 546) [ 117.731744][ T3401] FAT-fs (loop2): Filesystem has been set read-only [ 117.738575][ T3401] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 546) [ 117.753300][ T3400] loop3: detected capacity change from 0 to 8192 [ 117.771468][ T2954] FAT-fs (loop2): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 117.782928][ T3403] tipc: Enabled bearer , priority 10 [ 117.789271][ T3403] tipc: Disabling bearer [ 117.809581][ T8] device bridge_slave_1 left promiscuous mode [ 117.815666][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.823646][ T8] device bridge_slave_0 left promiscuous mode [ 117.830492][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.837948][ T3369] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 117.857507][ T3369] FAT-fs (loop3): Filesystem has been set read-only [ 117.860878][ T8] device veth1_macvtap left promiscuous mode [ 117.869930][ T3369] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 117.878589][ T8] device veth0_vlan left promiscuous mode [ 118.003664][ T3415] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.010951][ T3415] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.018290][ T3415] device bridge_slave_0 entered promiscuous mode [ 118.025213][ T3415] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.032115][ T3415] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.039531][ T3415] device bridge_slave_1 entered promiscuous mode [ 118.229057][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.236415][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.241192][ T28] audit: type=1400 audit(1727924289.356:418): avc: denied { connect } for pid=3430 comm="syz.0.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 118.244126][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.272426][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.280469][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.287313][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.310973][ T3429] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.317914][ T3429] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.325319][ T3429] device bridge_slave_0 entered promiscuous mode [ 118.332875][ T3429] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.339937][ T3429] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.347207][ T3429] device bridge_slave_1 entered promiscuous mode [ 118.354038][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 118.361643][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 118.369823][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.377955][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.384816][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.404607][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 118.412873][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 118.438974][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.455723][ T3415] device veth0_vlan entered promiscuous mode [ 118.467307][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.475906][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.483356][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.511653][ T3415] device veth1_macvtap entered promiscuous mode [ 118.518858][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 118.535085][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.562573][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.628006][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.661661][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.669721][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.676656][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.683894][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.692968][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.699821][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.720948][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 118.729217][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 118.737154][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 118.754990][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.765819][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.773775][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.781388][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.794597][ T3429] device veth0_vlan entered promiscuous mode [ 118.807214][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 118.817161][ T3429] device veth1_macvtap entered promiscuous mode [ 118.833078][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.843842][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.876205][ T3451] loop3: detected capacity change from 0 to 512 [ 118.904643][ T3451] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 118.916396][ T3451] EXT4-fs (loop3): 1 truncate cleaned up [ 118.922260][ T3451] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 118.938268][ T321] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 118.950129][ T8] device bridge_slave_1 left promiscuous mode [ 118.956116][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.964437][ T8] device bridge_slave_0 left promiscuous mode [ 118.970587][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.978803][ T8] device bridge_slave_1 left promiscuous mode [ 118.987877][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.995384][ T8] device bridge_slave_0 left promiscuous mode [ 119.002370][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.008851][ T3458] skb len=10605 headroom=168 headlen=10605 tailroom=5227 [ 119.008851][ T3458] mac=(192,-24) net=(168,20) trans=188 [ 119.008851][ T3458] shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0)) [ 119.008851][ T3458] csum(0x350e2a15 ip_summed=3 complete_sw=0 valid=0 level=0) [ 119.008851][ T3458] hash(0x0 sw=0 l4=0) proto=0x0800 pkttype=0 iif=0 [ 119.041888][ T3458] dev name=ip6gre0 feat=0x00000006401d7869 [ 119.047490][ T3458] skb linear: 00000000: 45 02 29 6d 17 59 00 00 0f 2f ca db ac 14 14 14 [ 119.055953][ T3458] skb linear: 00000010: e0 00 00 03 00 00 08 00 bd 0b 29 55 10 82 0c 52 [ 119.064269][ T3458] skb linear: 00000020: 0f 06 d4 e0 fd 00 00 00 00 a4 fe 94 2a 31 f4 85 [ 119.072772][ T3458] skb linear: 00000030: 97 e3 6e 03 9b 1c 59 9d b6 e4 66 74 9c 2d 05 f6 [ 119.081292][ T3458] skb linear: 00000040: 4c 83 03 a0 f7 fb da 34 fb 88 25 f8 02 00 e3 e4 [ 119.089596][ T3458] skb linear: 00000050: 63 04 f7 ff 00 ff ff ca 88 00 00 00 29 6c 00 00 [ 119.098095][ T3458] skb linear: 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.106439][ T3458] skb linear: 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.114777][ T3458] skb linear: 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.123119][ T3458] skb linear: 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.131436][ T3458] skb linear: 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.139764][ T3458] skb linear: 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.148124][ T3458] skb linear: 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.156704][ T3458] skb linear: 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.165024][ T3458] skb linear: 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.173668][ T3458] skb linear: 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.182069][ T3458] skb linear: 00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 119.190370][ T3458] ------------[ cut here ]------------ [ 119.195645][ T3458] offset (10605) >= skb_headlen() (10605) [ 119.201375][ T3458] WARNING: CPU: 1 PID: 3458 at net/core/dev.c:3313 skb_checksum_help+0x626/0x750 [ 119.210339][ T3458] Modules linked in: [ 119.214064][ T3458] CPU: 1 PID: 3458 Comm: syz.0.1121 Tainted: G W 6.1.99-syzkaller-00098-g1cdc168f1ef0 #0 [ 119.225092][ T3458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 119.234988][ T3458] RIP: 0010:skb_checksum_help+0x626/0x750 [ 119.240538][ T3458] Code: fc ff df 48 8b 4d b8 0f b6 04 01 84 c0 0f 85 d6 00 00 00 48 8b 45 d0 2b 18 48 c7 c7 c0 96 1b 86 44 89 fe 89 da e8 ea 9f 3a fd <0f> 0b bb ea ff ff ff e9 55 fd ff ff e8 c9 a7 6b fd c6 05 99 7b 85 [ 119.260003][ T3458] RSP: 0018:ffffc900009d6c80 EFLAGS: 00010246 [ 119.265871][ T3458] RAX: cc876d6b95cde600 RBX: 000000000000296d RCX: 0000000000040000 [ 119.273705][ T3458] RDX: ffffc90004352000 RSI: 0000000000008653 RDI: 0000000000008654 [ 119.281516][ T3458] RBP: ffffc900009d6cf0 R08: ffffffff81449dee R09: fffff5200013ace9 [ 119.289336][ T3458] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000002a15 [ 119.297113][ T3458] R13: ffff888126cd1000 R14: 000000000000296d R15: 000000000000296d [ 119.304971][ T3458] FS: 00007f7e356e96c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 119.313707][ T3458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.320146][ T3458] CR2: 000000002000e000 CR3: 0000000117a58000 CR4: 00000000003506a0 [ 119.327939][ T3458] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.335850][ T3458] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 119.343671][ T3458] Call Trace: [ 119.346774][ T3458] [ 119.349567][ T3458] ? show_regs+0x58/0x60 [ 119.353628][ T3458] ? __warn+0x160/0x3d0 [ 119.357625][ T3458] ? skb_checksum_help+0x626/0x750 [ 119.362586][ T3458] ? report_bug+0x4d5/0x7d0 [ 119.366916][ T3458] ? skb_checksum_help+0x626/0x750 [ 119.371876][ T3458] ? handle_bug+0x41/0x70 [ 119.376021][ T3458] ? exc_invalid_op+0x1b/0x50 [ 119.380550][ T3458] ? asm_exc_invalid_op+0x1b/0x20 [ 119.385409][ T3458] ? __warn_printk+0x28e/0x350 [ 119.390216][ T3458] ? skb_checksum_help+0x626/0x750 [ 119.395127][ T3458] ip_do_fragment+0x18d/0x1a90 [ 119.399734][ T3458] ? ip_fragment+0x210/0x210 [ 119.404267][ T3458] ? ip_frag_next+0xa40/0xa40 [ 119.408795][ T3458] ? ipt_do_table+0x2ff/0x17c0 [ 119.413379][ T3458] ? ipt_alloc_initial_table+0x5a0/0x5a0 [ 119.418866][ T3458] ? ipt_do_table+0x2ff/0x17c0 [ 119.423446][ T3458] ip_fragment+0x123/0x210 [ 119.427696][ T3458] __ip_finish_output+0x29c/0x370 [ 119.432574][ T3458] ip_finish_output+0x31/0x2a0 [ 119.437157][ T3458] ? ip_output+0x3e1/0x420 [ 119.441426][ T3458] ip_output+0x1d6/0x420 [ 119.445492][ T3458] ? ip_finish_output+0x2a0/0x2a0 [ 119.450364][ T3458] ? ip_mc_finish_output+0x4b0/0x4b0 [ 119.455473][ T3458] ip_local_out+0x92/0xb0 [ 119.459658][ T3458] iptunnel_xmit+0x53f/0x9c0 [ 119.464082][ T3458] ip_tunnel_xmit+0x2188/0x2ac0 [ 119.468773][ T3458] ? tnl_update_pmtu+0xba0/0xba0 [ 119.473532][ T3458] ? debug_smp_processor_id+0x17/0x20 [ 119.478753][ T3458] ? kasan_quarantine_put+0x34/0x1a0 [ 119.483863][ T3458] ? gre_build_header+0x260/0x8c0 [ 119.488726][ T3458] ipgre_xmit+0x8c1/0xc80 [ 119.492880][ T3458] dev_hard_start_xmit+0x1de/0x630 [ 119.497828][ T3458] __dev_queue_xmit+0x18a4/0x36e0 [ 119.502702][ T3458] ? __dev_queue_xmit+0x2a6/0x36e0 [ 119.507634][ T3458] ? netdev_core_pick_tx+0x350/0x350 [ 119.512773][ T3458] ? virtio_net_hdr_to_skb+0x6db/0x1220 [ 119.518145][ T3458] dev_queue_xmit+0x17/0x20 [ 119.522489][ T3458] packet_sendmsg+0x48dd/0x6510 [ 119.527162][ T3458] ? avc_denied+0x1b0/0x1b0 [ 119.531520][ T3458] ? avc_has_perm_noaudit+0x430/0x430 [ 119.536800][ T3458] ? force_compatible_cpus_allowed_ptr+0x2c0/0x530 [ 119.543160][ T3458] ? selinux_socket_accept+0x5b0/0x5b0 [ 119.548442][ T3458] ? packet_getsockopt+0xea0/0xea0 [ 119.553376][ T3458] ? security_socket_sendmsg+0x82/0xb0 [ 119.558681][ T3458] ? packet_getsockopt+0xea0/0xea0 [ 119.563734][ T3458] ____sys_sendmsg+0x5d3/0x9a0 [ 119.568349][ T3458] ? __sys_sendmsg_sock+0x40/0x40 [ 119.573198][ T3458] __sys_sendmsg+0x2a9/0x390 [ 119.577619][ T3458] ? ____sys_sendmsg+0x9a0/0x9a0 [ 119.582419][ T3458] ? fpregs_restore_userregs+0x130/0x290 [ 119.587862][ T3458] __x64_sys_sendmsg+0x7f/0x90 [ 119.592490][ T3458] x64_sys_call+0x16a/0x9a0 [ 119.596802][ T3458] do_syscall_64+0x3b/0xb0 [ 119.601083][ T3458] ? clear_bhb_loop+0x55/0xb0 [ 119.605572][ T3458] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 119.611317][ T3458] RIP: 0033:0x7f7e3497dff9 [ 119.615547][ T3458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.635010][ T3458] RSP: 002b:00007f7e356e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.643256][ T3458] RAX: ffffffffffffffda RBX: 00007f7e34b35f80 RCX: 00007f7e3497dff9 [ 119.651064][ T3458] RDX: 0000000000000000 RSI: 0000000020002ac0 RDI: 0000000000000006 [ 119.658878][ T3458] RBP: 00007f7e349f0296 R08: 0000000000000000 R09: 0000000000000000 [ 119.666678][ T3458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.674508][ T3458] R13: 0000000000000000 R14: 00007f7e34b35f80 R15: 00007ffc3264cf08 [ 119.682485][ T3458] [ 119.685330][ T3458] ---[ end trace 0000000000000000 ]--- [ 119.693805][ T8] device veth1_macvtap left promiscuous mode [ 119.702639][ T8] device veth0_vlan left promiscuous mode [ 119.717800][ T8] device veth1_macvtap left promiscuous mode [ 119.721324][ T3462] loop1: detected capacity change from 0 to 1024 [ 119.723791][ T8] device veth0_vlan left promiscuous mode [ 119.760285][ T3462] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 119.778371][ T3462] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038 (0x7fffffff) [ 119.808256][ T321] usb 3-1: Using ep0 maxpacket: 8 [ 119.843760][ T3179] EXT4-fs (loop1): unmounting filesystem. [ 119.889147][ T3470] loop1: detected capacity change from 0 to 16 [ 119.904857][ T3470] erofs: (device loop1): mounted with root inode @ nid 36. [ 119.938267][ T321] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.048405][ T321] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 120.071781][ T321] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 120.076831][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 120.076846][ T28] audit: type=1400 audit(1727924291.186:420): avc: denied { read } for pid=3481 comm="syz.4.1130" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 120.079907][ T321] usb 3-1: SerialNumber: syz [ 120.113998][ T28] audit: type=1400 audit(1727924291.226:421): avc: denied { open } for pid=3481 comm="syz.4.1130" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 120.145465][ T3429] EXT4-fs (loop3): unmounting filesystem. [ 120.151348][ T321] usb 3-1: config 0 descriptor?? [ 120.196829][ T321] usb 3-1: Found UVC 0.00 device (05ac:8501) [ 120.206909][ T321] uvcvideo 3-1:0.0: Entity type for entity Output 255 was not initialized! [ 120.215738][ T321] usb 3-1: Failed to create links for entity 255 [ 120.222933][ T321] usb 3-1: Failed to register entities (-22). [ 120.286678][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.293631][ T3495] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.300786][ T3495] device bridge_slave_0 entered promiscuous mode [ 120.307514][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.314877][ T3495] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.318326][ T649] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 120.326651][ T3495] device bridge_slave_1 entered promiscuous mode [ 120.362796][ T28] audit: type=1400 audit(1727924291.476:422): avc: denied { setattr } for pid=3493 comm="syz.0.1137" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 120.369747][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.391285][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.398393][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.399790][ T401] usb 3-1: USB disconnect, device number 24 [ 120.405154][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.443276][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.451263][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.459193][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.467872][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.476057][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.482902][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.491333][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.499533][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.506380][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.528982][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.537608][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.545355][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.554761][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.563156][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.570488][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.578616][ T3495] device veth0_vlan entered promiscuous mode [ 120.588843][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.597565][ T3495] device veth1_macvtap entered promiscuous mode [ 120.606866][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.614839][ T649] usb 2-1: Using ep0 maxpacket: 16 [ 120.620061][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.748954][ T649] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 120.760590][ T649] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 120.780686][ T649] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 120.888907][ T3528] netem: change failed [ 120.901572][ T3530] loop3: detected capacity change from 0 to 512 [ 120.908118][ T3530] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 120.916356][ T3530] EXT4-fs (loop3): invalid journal inode [ 120.922004][ T3530] EXT4-fs (loop3): can't get journal size [ 120.929594][ T3530] EXT4-fs (loop3): 1 truncate cleaned up [ 120.935073][ T3530] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 120.949995][ T649] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.960535][ T649] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.962091][ T3530] EXT4-fs warning (device loop3): verify_group_input:151: Cannot add at group 9 (only 1 groups) [ 120.968800][ T649] usb 2-1: Product: syz [ 120.982702][ T649] usb 2-1: Manufacturer: syz [ 120.987114][ T649] usb 2-1: SerialNumber: syz [ 121.000705][ T3495] EXT4-fs (loop3): unmounting filesystem. [ 121.058306][ T314] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 121.066738][ T8] device bridge_slave_1 left promiscuous mode [ 121.072916][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.080185][ T8] device bridge_slave_0 left promiscuous mode [ 121.086161][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.093677][ T8] device veth1_macvtap left promiscuous mode [ 121.099560][ T8] device veth0_vlan left promiscuous mode [ 121.148349][ T321] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 121.173502][ T3541] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1153'. [ 121.182326][ T3541] netem: unknown loss type 13 [ 121.186817][ T3541] netem: change failed [ 121.209648][ T3543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3543 comm=syz.3.1154 [ 121.398305][ T321] usb 5-1: Using ep0 maxpacket: 8 [ 121.428312][ T314] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.438325][ T314] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 121.478440][ T649] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 121.518330][ T314] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 121.527245][ T314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 121.535028][ T314] usb 1-1: SerialNumber: syz [ 121.548426][ T321] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 121.557323][ T321] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.565630][ T321] usb 5-1: config 0 descriptor?? [ 121.829066][ T321] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 122.338334][ T649] usb 2-1: 2:1: cannot get freq at ep 0x82 [ 122.359809][ T314] usb 1-1: 0:2 : does not exist [ 122.362013][ T649] usb 2-1: USB disconnect, device number 22 [ 122.416203][ T319] udevd[319]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 122.610456][ T314] usb 1-1: USB disconnect, device number 18 [ 122.984113][ T3566] loop2: detected capacity change from 0 to 1024 [ 123.003658][ T3566] EXT4-fs: Ignoring removed orlov option [ 123.009569][ T3566] EXT4-fs (loop2): Test dummy encryption mode enabled [ 123.018144][ T3566] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 123.076597][ T3415] EXT4-fs (loop2): unmounting filesystem. [ 123.091989][ T3572] loop2: detected capacity change from 0 to 1024 [ 123.109546][ T3572] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 123.138884][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.149730][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.151888][ T3581] syz.0.1170[3581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.160322][ T3581] syz.0.1170[3581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.160326][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.160541][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.204122][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.214657][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.225330][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.235893][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.246514][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.257178][ T3415] EXT4-fs error (device loop2): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 123.268798][ T3585] device pim6reg1 entered promiscuous mode [ 123.350372][ T3415] EXT4-fs (loop2): unmounting filesystem. [ 123.493157][ T3593] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.501407][ T3593] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.509918][ T3593] device bridge_slave_0 entered promiscuous mode [ 123.520000][ T3593] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.527926][ T3593] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.535689][ T3593] device bridge_slave_1 entered promiscuous mode [ 123.548419][ T321] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 123.565423][ T321] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 123.584816][ T321] asix: probe of 5-1:0.0 failed with error -71 [ 123.593158][ T321] usb 5-1: USB disconnect, device number 27 [ 123.622165][ T3593] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.629022][ T3593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.636210][ T3593] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.643021][ T3593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.663432][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 123.671237][ T311] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.678494][ T311] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.687215][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 123.696042][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.702909][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.722915][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 123.731029][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.737870][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.756292][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 123.764550][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 123.773362][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 123.785801][ T3593] device veth0_vlan entered promiscuous mode [ 123.794432][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 123.802495][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 123.809828][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 123.827023][ T3593] device veth1_macvtap entered promiscuous mode [ 123.839751][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 123.847860][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 123.856397][ T649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 123.858313][ T19] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 123.998712][ T10] device bridge_slave_1 left promiscuous mode [ 124.005503][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.012840][ T10] device bridge_slave_0 left promiscuous mode [ 124.019083][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.026591][ T10] device veth1_macvtap left promiscuous mode [ 124.032624][ T10] device veth0_vlan left promiscuous mode [ 124.108280][ T19] usb 1-1: Using ep0 maxpacket: 16 [ 124.108298][ T311] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 124.158331][ T314] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 124.228539][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.239262][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.358524][ T311] usb 4-1: Using ep0 maxpacket: 8 [ 124.368559][ T19] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 124.377428][ T19] usb 1-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 124.385601][ T19] usb 1-1: Product: syz [ 124.389658][ T19] usb 1-1: Manufacturer: syz [ 124.395248][ T19] usb 1-1: config 0 descriptor?? [ 124.410225][ T3618] loop4: detected capacity change from 0 to 2048 [ 124.423574][ T3618] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002] [ 124.431704][ T3618] System zones: 0-7 [ 124.435839][ T3618] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 124.449755][ T28] audit: type=1400 audit(1727924295.566:423): avc: denied { create } for pid=3617 comm="syz.4.1184" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 124.476026][ T3216] EXT4-fs (loop4): unmounting filesystem. [ 124.528346][ T314] usb 2-1: New USB device found, idVendor=046d, idProduct=c539, bcdDevice= 0.00 [ 124.537225][ T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.545963][ T314] usb 2-1: config 0 descriptor?? [ 124.558539][ T311] usb 4-1: unable to get BOS descriptor or descriptor too short [ 124.648342][ T311] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.659218][ T311] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.668713][ T311] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 124.838339][ T311] usb 4-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.40 [ 124.847265][ T311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.855858][ T10] device bridge_slave_1 left promiscuous mode [ 124.861820][ T311] usb 4-1: Product: syz [ 124.865743][ T311] usb 4-1: Manufacturer: syz [ 124.869195][ T19] kovaplus 0003:1E7D:2D50.0036: item fetching failed at offset 5/7 [ 124.870375][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.885056][ T311] usb 4-1: SerialNumber: syz [ 124.888364][ T19] kovaplus 0003:1E7D:2D50.0036: parse failed [ 124.895548][ T19] kovaplus: probe of 0003:1E7D:2D50.0036 failed with error -22 [ 124.903357][ T10] device bridge_slave_0 left promiscuous mode [ 124.910198][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.927088][ T10] device veth1_macvtap left promiscuous mode [ 124.941718][ T10] device veth0_vlan left promiscuous mode [ 125.079860][ T19] usb 1-1: USB disconnect, device number 19 [ 125.108332][ T314] usbhid 2-1:0.0: can't add hid device: -71 [ 125.114120][ T314] usbhid: probe of 2-1:0.0 failed with error -71 [ 125.121227][ T314] usb 2-1: USB disconnect, device number 23 [ 125.179316][ T311] usb 4-1: USB disconnect, device number 31 [ 125.798296][ T314] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 126.078345][ T314] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 126.251961][ T3637] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1189'. [ 126.518402][ T60] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 126.718310][ T314] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 126.727154][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.798381][ T60] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 127.208326][ T314] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 127.215053][ T314] usb 5-1: No valid video chain found. [ 127.318303][ T649] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 127.428855][ T311] usb 5-1: USB disconnect, device number 28 [ 127.438317][ T60] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 127.447247][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.488813][ T60] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 127.495556][ T60] usb 2-1: No valid video chain found. [ 127.691820][ T311] usb 2-1: USB disconnect, device number 24 [ 127.698277][ T649] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.709375][ T649] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.718946][ T649] usb 1-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 127.727868][ T649] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.736158][ T649] usb 1-1: config 0 descriptor?? [ 128.209143][ T649] cypress 0003:04B4:07B1.0037: unknown main item tag 0x6 [ 128.216010][ T649] cypress 0003:04B4:07B1.0037: item fetching failed at offset 4/5 [ 128.223777][ T649] cypress 0003:04B4:07B1.0037: parse failed [ 128.229562][ T649] cypress: probe of 0003:04B4:07B1.0037 failed with error -22 [ 128.409799][ T649] usb 1-1: USB disconnect, device number 20 [ 128.979276][ T3654] loop4: detected capacity change from 0 to 512 [ 128.994129][ T3654] EXT4-fs: Ignoring removed nobh option [ 128.999646][ T3654] EXT4-fs: Ignoring removed nobh option [ 129.007999][ T3654] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 129.025704][ T3654] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 129.034251][ T3654] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1197: invalid indirect mapped block 2683928664 (level 1) [ 129.048644][ T3654] EXT4-fs (loop4): 1 truncate cleaned up [ 129.054260][ T3654] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 129.065387][ T3654] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.1197: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 129.086972][ T3654] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.1197: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 129.112239][ T3216] EXT4-fs (loop4): unmounting filesystem. [ 129.296936][ T28] audit: type=1400 audit(1727924300.406:424): avc: denied { read } for pid=3670 comm="syz.3.1201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 129.377034][ T3679] loop3: detected capacity change from 0 to 256 SYZFAIL: mkdir(syz-tmp) failed (errno 28: No space left on device) loop exited with status 67 SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: failed to mkdtemp (errno 28: No space left on device) SYZFAIL: repeatedly failed to execute the program proc=2 req=1175 state=1 status=67 (errno 9: Bad file descriptor) [ 129.475234][ T28] audit: type=1326 audit(1727924300.586:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3696 comm="syz.3.1205" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f80a077dff9 code=0x0 [ 129.748764][ T8] device bridge_slave_1 left promiscuous mode [ 129.754770][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.763369][ T8] device bridge_slave_0 left promiscuous mode [ 129.769375][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.776704][ T8] device veth1_macvtap left promiscuous mode [ 129.782687][ T8] device veth0_vlan left promiscuous mode [ 130.528813][ T8] device bridge_slave_1 left promiscuous mode [ 130.534727][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.541955][ T8] device bridge_slave_0 left promiscuous mode [ 130.547880][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.555743][ T8] device bridge_slave_1 left promiscuous mode [ 130.561688][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.568844][ T8] device bridge_slave_0 left promiscuous mode [ 130.574740][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.582432][ T8] device veth1_macvtap left promiscuous mode [ 130.588303][ T8] device veth0_vlan left promiscuous mode [ 130.594202][ T8] device veth1_macvtap left promiscuous mode [ 130.600054][ T8] device veth0_vlan left promiscuous mode