last executing test programs: 7m49.033282129s ago: executing program 32 (id=6905): bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001180)=@dellink={0x34, 0x11, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x20010, 0xb4a1}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_macvtap\x00'}]}, 0x34}}, 0x20000000) 7m45.199169048s ago: executing program 33 (id=6907): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500090002000000", 0x24) 7m33.060475363s ago: executing program 34 (id=6916): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2, 0x4}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 6m32.342525247s ago: executing program 35 (id=6950): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 5m53.975128546s ago: executing program 0 (id=6964): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mount(&(0x7f00000001c0), &(0x7f00000006c0)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') 5m49.269008142s ago: executing program 0 (id=6965): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x80000) 5m45.176687621s ago: executing program 0 (id=6966): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000600)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffbd35010000000000840400000000000014000000100000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b848b00ea6553f304000000815dcf00c3ee7b042d1937ba52037fdedb2150e1918c30b6301f0212feb0cff9fc56357d81b2cc1a9e37d7b75c020b070000003eb22062bafaca036d9cc7db6671573e202e0a92ee4ba12b064981cc32d1ac0b9ecc8f604dcac2563e1c1e7624cc3b88b330ad416c4c1d8c60589b6045a4ffff50df4d34bc5847bebb943a84cb56956931ba9cc39c4a9deea5d77aa843a40000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0}, 0xc) 5m39.779700115s ago: executing program 0 (id=6967): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) clock_settime(0x0, &(0x7f0000000200)={0x0, 0x989680}) 5m30.296536177s ago: executing program 0 (id=6968): mount(0x0, 0x0, &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_ALM_READ(r0, 0x40187014, &(0x7f00000000c0)) 5m25.156458822s ago: executing program 0 (id=6969): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x2, {0x0, 0x0, 0x0, r1, 0x18f40, 0x22008}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e62}]}}}]}, 0x40}}, 0x0) 5m8.241771873s ago: executing program 36 (id=6969): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x2, {0x0, 0x0, 0x0, r1, 0x18f40, 0x22008}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e62}]}}}]}, 0x40}}, 0x0) 1m54.341263622s ago: executing program 8 (id=7258): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000f82818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000480)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x8, 0x42, 0x40, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1m54.249485121s ago: executing program 8 (id=7260): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close(0xffffffffffffffff) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_getoverrun(0x0) 1m54.204279031s ago: executing program 8 (id=7262): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00', r1}, 0x10) setregid(0xffffffffffffffff, 0x0) 1m54.053322091s ago: executing program 8 (id=7267): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000640)='./file2\x00', 0x10050, &(0x7f00000000c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}]}, 0x3, 0x51e, &(0x7f0000000680)="$eJzs3dFrJHcdAPDvTLLX5C41qfqgBWuxlUvV2ySN1wYfqoLoU0Gt+HrGZBNCNtkj2bSXUGyKf4AgogVf9MkXwT9AkL74LkJB30VFkXrVB4X2RmZ29u6y2U1yuJuB5POBX3Z+M7Pz/f427G9/v51hJ4BL6+mImI2IsYh4LiKmy/VpWeKwU/L93rv7+kpeksiyV95NIinXdY/1WPl4rXzaRER882sR302Ox93dP9hcbjYbO2V9rr2VvJ9lBzc2tpbXG+uN7cXFhReWXly6uTQ/lHbORMRLX/nrj3/wi6++9JvPvfanW3+f/V6e1n+z7I3oaccwdZpeK16LrvGI2BlFsIqMFy3suFlxLgAAnCwf7384Ij5VjP+nY6wYzQEAAAAXSfbFqXg/icgAAACACyuNiKlI0np5ve9UpGm93rmG96NxNW22dtufXWvtba/m2yJmopaubTQb8+W1AzNRS/L6QnmNbbf+fE99MSKeiIgfTU8W9fpKq7la9ZcfAAAAcElc65n//3u6M/8vHFacHAAAADA8M1UnAAAAAIyc+T8AAABcfOb/AAAAcKF9/eWX85J173+9+ur+3mbr1Rurjd3N+tbeSn2ltXO7vt5qrRe/2bd12vGardbtz8f23p25dmO3Pbe7f3Brq7W33b61ceQW2AAAAMA5euKTb/8xiYjDL0wWJXel3FaLyMYe3nm8igyBUUkfZee/jC4P4Pw9/Pk+WWEewPkzpIfLq1Z1AkDlklO2D7x453fDzwUAABiN6x8ffP7/3bVKUwNGrDz/n5w2/wcunrGqEwAq0zn/dy/rqDob4DzVThoBmBTAhZcO5/z/KZcSJjoUAACo2FRRkrRezgOmIk3r9YjHi9sC1JK1jWZjPiI+FBF/mK49ltcXimcmRvMAAAAAAAAAAAAAAAAAAAAAAAAAcEZZlkQGAAAAXGgR6d+6d+a6Pv3sVO/3A1eS/0wXjxHx2k9f+cmd5XZ7ZyFf/8/769tvleufr+IbDAAAAKBXd57enccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDC9d/f1lW45z7j/+HJEzPSLPx4TxeNE1CLi6r+SGH/oeUlEjA0h/uGbEfGxfvGTPK2YKbM4Ev9KRBoRk8OK3/f1PyF+dOJfG0J8uMzezvufL/V7/6XxdPHY//03Xpb/1+D+L73f/40N6P8eH3TQ2tHqk+/8am5g/Dcjnhzv3/904yf58frEf+aMbfzOtw4OBm3Lfh5xvV//lxyNNdfeuj23u39wY2Nreb2x3theXFx4YenFpZtL83NrG81G+bdvjB9+4tf3HtQ+ONb+qyf0v0X7B7z+z56x/R+8c+fuRzqLPf+ZqMXPsmz2mf7//8JnjsfvfvZ9utwrr+evYfrWt/vGf+qXv39qUG55+1cHtH/ilPbPnrH9z33j+38+464AwDnY3T/YXG42GzsWLDzCQj7urDyNJJI4vmm5+sQ6C2+U77HlZvfdNqQj/7acHI0y+Yr6IwAAYHQeDPp7tyTVJAQAAAAAAAAAAAAAAAAAAACX0Kk/AzZoUxoRZ/w5sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//0mN1e4=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') lstat(&(0x7f0000000040)='./file2\x00', 0x0) 1m53.71747449s ago: executing program 8 (id=7281): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f00000000c0)={0x0, 0x2000, 0x80, 0x6, 0x1c}) 1m53.531194859s ago: executing program 8 (id=7292): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000008000008500000086000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x18) personality(0x400000b) 1m53.484906429s ago: executing program 37 (id=7292): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000008000008500000086000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x18) personality(0x400000b) 1m53.351791879s ago: executing program 4 (id=7302): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) fstat(0xffffffffffffffff, 0x0) 1m53.249586478s ago: executing program 4 (id=7304): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000600459e850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='kfree\x00', r0}, 0x18) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x39, 0x0, 0x0) 1m53.249042699s ago: executing program 4 (id=7306): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x8002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r0, 0x0, 0x0}, 0x20) 1m53.222798868s ago: executing program 4 (id=7307): syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0xfd, 0x46e, &(0x7f0000000400)="$eJzs3M9vFFUcAPDvbH8gv2xF/AGioGgkGltaUDl4AKOJB01M9IDH2haCLNTQaoQQXT3g0ZB4Nx5N/As86cWoJxOvejckxHAB9TJmdmfa3WV3bcvWAffzSbb73sxs3/v2zdt9b15nAxhY+7IfScS2iPg1IsYa2dYD9jWebly7OPvntYuzSaTpG38k9eOuX7s4WxxavG5rkam1bm+2eP7C6Zlqdf5cnp9cOvPu5OL5C8+cOjNzcv7k/NnpI0cOH5p6/rnpZ/sSZ1an67s/XNiz65W3Lr82e/zy2z9+nRTxt8Txfl/Ka/rVzYaKxBP9KuU2sb0pnQyXWBHWJDshs+Yaqff/sRiKlcYbi5c/KbVywIZK0zTd1H13LQX+x5IouwZAOfLP+SSiNpvNgZvn84Pg6rHGBCiL+0b+aOwZjkp+zEjb/LafstnW8dpfX2SPaLueAgCwEb491nguxn4r449Ky1X8o/na0HhE3BMROyLi3ojYGRH3RcT9EfFARDzY9JpO6z7t2hdJbh7/VK6sK7BVysZ/L+RrW63jv2L0F+NDeW57Pf6R5MSp6vzBiLg7Ig7EyKYsP9WjjO9e+uWzbvv2NY3/skdWfjEWzOtxZbjtAt3czNLMrcTc7OrHEbuHO8WfLK8EZO24KyJ2711fGaee+mpPt33/Hn8PfVhnSr+MeLLR/rVoi7+Q9F6fnLwrqvMHJ4uz4mY//Xzp9W7l31L8fZC1/5aO5/9y/ONJ83rt4trLuPTbp13nNKs8/0ebX5Od/6PJm/V0seODmaWlc1MRo8mr+faj+fbW8urHTa8cn8V/YH/n/r8jVv4SD0VEdhI/HBGPRMTevO6PRsRjEbG/R/w/vPj4O+uPf2Nl8c+tqf27Joq17Zt2DZ3+/pv6nqKxxnvEn0SH9j9cTx3It6zm/a9nTc/dytkMAAAAd55KRGyLpDKxnK5UJiYa/y+/M7ZUqguLS0+fWHjv7FzjHoHxGKkUV7rGlq+HRm0qn9YX10en2/KH8uvGnw9trucnZheqc2UHDwNua5f+n/l9qOzaARvO/VowuNbb/9M0/ajPVQH+Yz7/YXDp/zC4OvT/zW35Ht8RANzJOn3+m9jDYDD+h8Gl/8Pg0v9hcOn/MJDyO+GHV3OD/4Ylsvef8kpfeyJNSyp9tPzYlxNRKa30KDv2NSb+zr9s83apz6oSZb8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mc/AQAA//+4C+Qb") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 1m52.877225148s ago: executing program 4 (id=7314): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 1m52.336746956s ago: executing program 4 (id=7340): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0x1, 0x1203, &(0x7f0000002480)="$eJzs3M+LG2UYB/Bn19qtW/eHWqstiC960cvQ3YMXvSyyBWlAabtCKwhTd1ZDxiRkwkJErJ68+neIIII3QbzpZS/+B4K3vXizgjiyibaNpmBAOmX5fC554Hm/4X0TEniHeefwlc/e7+xV2V4+jMWFhVjsR6RbKVIsxt8+jhdf/v6HZ65cu35pq9XavpzSxa2rGy+llFaf/fatD7947rvh6Te/Xv1mKQ7W3z78ZfPng7MH5w7/uPpeu0rtKnV7w5SnG73eML9RFmm3XXWylN4oi7wqUrtbFYOp/l7Z6/dHKe/uriz3B0VVpbw7Sp1ilIa9NByMUv5u3u6mLMvSynIwvxO3q53Pb9V1HVHXD8fJqOu6fiSW43Q8GiuxGmuxHo/F4/FEnIkn42w8FU/HVz99OTpKAAAAAAAAAAAAAAAAAAAAAP+fec//nxuPanrWAAAAAAAAAAAAAAAAAAAAcLxcuXb90lartX05pVMR5af7O/s7k9dJf2sv2lFGERdiLX6P8en/iUl98bXW9oU0th6flDf/yt/c33loOr8xfpzAzPzGJJ+m80uxfHd+M9bizOz85sz8qXjh+bvyWazFj+9EL8rYjaPsnfxHGym9+nrrH/nz43EAAABwHGTptpn79yy7V3+Sn+P6wNT++ih7/kSjSyciqtEHnbwsi4HigS9ONjuN3+q6bv5DaKi49y9lKSL+y/v8Oqu1EBEPxgL/VTT9z8T9cOdLb3omAAAAAAAAAAAAzON+3E7Y9BoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2YFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//84edOb") r0 = open(&(0x7f0000000040)='./file2\x00', 0x181042, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000140)={0xb, 0x29, 0x2, {0x5}}, 0xb) sendfile(r0, r0, &(0x7f0000000240), 0x7f03) 1m52.287888546s ago: executing program 38 (id=7340): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0x1, 0x1203, &(0x7f0000002480)="$eJzs3M+LG2UYB/Bn19qtW/eHWqstiC960cvQ3YMXvSyyBWlAabtCKwhTd1ZDxiRkwkJErJ68+neIIII3QbzpZS/+B4K3vXizgjiyibaNpmBAOmX5fC554Hm/4X0TEniHeefwlc/e7+xV2V4+jMWFhVjsR6RbKVIsxt8+jhdf/v6HZ65cu35pq9XavpzSxa2rGy+llFaf/fatD7947rvh6Te/Xv1mKQ7W3z78ZfPng7MH5w7/uPpeu0rtKnV7w5SnG73eML9RFmm3XXWylN4oi7wqUrtbFYOp/l7Z6/dHKe/uriz3B0VVpbw7Sp1ilIa9NByMUv5u3u6mLMvSynIwvxO3q53Pb9V1HVHXD8fJqOu6fiSW43Q8GiuxGmuxHo/F4/FEnIkn42w8FU/HVz99OTpKAAAAAAAAAAAAAAAAAAAAAP+fec//nxuPanrWAAAAAAAAAAAAAAAAAAAAcLxcuXb90lartX05pVMR5af7O/s7k9dJf2sv2lFGERdiLX6P8en/iUl98bXW9oU0th6flDf/yt/c33loOr8xfpzAzPzGJJ+m80uxfHd+M9bizOz85sz8qXjh+bvyWazFj+9EL8rYjaPsnfxHGym9+nrrH/nz43EAAABwHGTptpn79yy7V3+Sn+P6wNT++ih7/kSjSyciqtEHnbwsi4HigS9ONjuN3+q6bv5DaKi49y9lKSL+y/v8Oqu1EBEPxgL/VTT9z8T9cOdLb3omAAAAAAAAAAAAzON+3E7Y9BoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2YFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//84edOb") r0 = open(&(0x7f0000000040)='./file2\x00', 0x181042, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000140)={0xb, 0x29, 0x2, {0x5}}, 0xb) sendfile(r0, r0, &(0x7f0000000240), 0x7f03) 1m24.567670246s ago: executing program 6 (id=7857): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x10041, 0x0) 1m24.547819615s ago: executing program 6 (id=7858): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000fc850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) time(0x0) 1m24.502762195s ago: executing program 6 (id=7861): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x48}}, 0x0) 1m24.469156425s ago: executing program 6 (id=7863): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000640)='./file2\x00', 0x10050, &(0x7f00000000c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}]}, 0x3, 0x51e, &(0x7f0000000680)="$eJzs3dFrJHcdAPDvTLLX5C41qfqgBWuxlUvV2ySN1wYfqoLoU0Gt+HrGZBNCNtkj2bSXUGyKf4AgogVf9MkXwT9AkL74LkJB30VFkXrVB4X2RmZ29u6y2U1yuJuB5POBX3Z+M7Pz/f427G9/v51hJ4BL6+mImI2IsYh4LiKmy/VpWeKwU/L93rv7+kpeksiyV95NIinXdY/1WPl4rXzaRER882sR302Ox93dP9hcbjYbO2V9rr2VvJ9lBzc2tpbXG+uN7cXFhReWXly6uTQ/lHbORMRLX/nrj3/wi6++9JvPvfanW3+f/V6e1n+z7I3oaccwdZpeK16LrvGI2BlFsIqMFy3suFlxLgAAnCwf7384Ij5VjP+nY6wYzQEAAAAXSfbFqXg/icgAAACACyuNiKlI0np5ve9UpGm93rmG96NxNW22dtufXWvtba/m2yJmopaubTQb8+W1AzNRS/L6QnmNbbf+fE99MSKeiIgfTU8W9fpKq7la9ZcfAAAAcElc65n//3u6M/8vHFacHAAAADA8M1UnAAAAAIyc+T8AAABcfOb/AAAAcKF9/eWX85J173+9+ur+3mbr1Rurjd3N+tbeSn2ltXO7vt5qrRe/2bd12vGardbtz8f23p25dmO3Pbe7f3Brq7W33b61ceQW2AAAAMA5euKTb/8xiYjDL0wWJXel3FaLyMYe3nm8igyBUUkfZee/jC4P4Pw9/Pk+WWEewPkzpIfLq1Z1AkDlklO2D7x453fDzwUAABiN6x8ffP7/3bVKUwNGrDz/n5w2/wcunrGqEwAq0zn/dy/rqDob4DzVThoBmBTAhZcO5/z/KZcSJjoUAACo2FRRkrRezgOmIk3r9YjHi9sC1JK1jWZjPiI+FBF/mK49ltcXimcmRvMAAAAAAAAAAAAAAAAAAAAAAAAAcEZZlkQGAAAAXGgR6d+6d+a6Pv3sVO/3A1eS/0wXjxHx2k9f+cmd5XZ7ZyFf/8/769tvleufr+IbDAAAAKBXd57enccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDC9d/f1lW45z7j/+HJEzPSLPx4TxeNE1CLi6r+SGH/oeUlEjA0h/uGbEfGxfvGTPK2YKbM4Ev9KRBoRk8OK3/f1PyF+dOJfG0J8uMzezvufL/V7/6XxdPHY//03Xpb/1+D+L73f/40N6P8eH3TQ2tHqk+/8am5g/Dcjnhzv3/904yf58frEf+aMbfzOtw4OBm3Lfh5xvV//lxyNNdfeuj23u39wY2Nreb2x3theXFx4YenFpZtL83NrG81G+bdvjB9+4tf3HtQ+ONb+qyf0v0X7B7z+z56x/R+8c+fuRzqLPf+ZqMXPsmz2mf7//8JnjsfvfvZ9utwrr+evYfrWt/vGf+qXv39qUG55+1cHtH/ilPbPnrH9z33j+38+464AwDnY3T/YXG42GzsWLDzCQj7urDyNJJI4vmm5+sQ6C2+U77HlZvfdNqQj/7acHI0y+Yr6IwAAYHQeDPp7tyTVJAQAAAAAAAAAAAAAAAAAAACX0Kk/AzZoUxoRZ/w5sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//0mN1e4=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') lstat(&(0x7f0000000040)='./file2\x00', 0x0) 1m24.130681844s ago: executing program 6 (id=7875): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, '\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x48}}, 0x0) 1m23.961814454s ago: executing program 6 (id=7881): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x11, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100006, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x5da0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m23.901288573s ago: executing program 39 (id=7881): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x11, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100006, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x5da0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 25.169225353s ago: executing program 9 (id=9003): bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB='\v\x00'], 0x48) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x80041285, &(0x7f0000001080)) 25.130497033s ago: executing program 9 (id=9004): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8, 0x4, 0xfffffffb}]}, 0x24}}, 0x0) 25.080724223s ago: executing program 9 (id=9006): syz_mount_image$exfat(&(0x7f0000000440), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000500)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESDEC=0x0, @ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0, @ANYRES8, @ANYBLOB="2c64697363617264b600fb278330ab3b4884d36adf6908d11f57832035e96a1513231140da182ca77aeedc492bbc501d94f854a7e26909bde6e698d72a15ec808a86c25db4ff"], 0xff, 0x14f7, &(0x7f0000002400)="$eJzs3AuUzlXbMPB97b3/DA3dTXIY9rWvP3cabJMkOSTkkCRJkuSUkDRJkpAYckoakpDjJDkMITmMMWmcz4eckyaPNEkSEhL2t/T0vJ7n6Xnfvvd7+l5rvXP91tpr9jX7vq5777lm/e//fa81813PUfVa1K/djIjEvwX++iVZCBEjhBgmhLheCBEIISrFVYq7sp5PQfK/9yTsz/VI2rXeAbuWuP+5G/c/d+P+527c/9yN+5+7cf9zN+5/7sb9Zyw32zGn2A08cu/gz/9zM379/18kp/zkrzaVv6nXfyOF+5+7cf9zpQJ/m3D/czfuf+7G/c/duP//+9X6L9a4/7kb95+x3Oxaf/7M49qOa/37xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsdzjvr9JCiL/Nr/W+GGOMMcYYY4wx9ufxea/1DhhjjDHGGGOMMfb/HwgplNAiEHlEXhEj8on84joRKwqIguJ6ERE3iDhxoygkbhKFRRFRVBQT8aK4KCGMQGEFiVCUFKVEVNwsSotbRIIoI8qKcsKJ8iJR3CoqiNtERXG7qCTuEJXFnaKKqCqqieriLlFD3C1qilqitrhH1BF1RT1RX9wrGoj7RENxv2gkHhCNxYOiiXhINBUPi2biEdFcPCpaiMdES/G4aCVaizairWj3/5T/sugrXhH9RH+RLAaIgeJVMUgMFkPEUDFMvCaGi9fFCPGGSBEjxSjxphgt3hJjxNtirBgnxot3xAQxUUwSk8UUMVWkinfFNPGemC7eFzPETDFLzBZpYo6YKz4Q88R8sUB8KBaKj8QisVgsEUtFulgmMsRykSk+FivEJyJLrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ3wqdopdYrfYI/aKfWK/+EwcEJ+Lg+ILkS2+/G/mn/un/F4gQIAECRo05IE8EAMxkB/yQyzEQkEoCBGIQBzEQSEoBIWhMBSFohAP8VACSgACAgFBSSgJUYhCaSgNCZAAZaEsOHCQCIlQAW6DilARKkElqAyVoYoQUBWqQ3WoATWgJtSE2lAb6kAdqAf14F64F+6DhtAQGkEjaAyNoQk0gabQFJpBM2gOzaEFtICW0BJaQStoA22gHbSD9tAeOkAH6ASdoDN0hi7QBZIgCbpCV+gG3aA7dIce0AN6Qk/oBb2hN7wML8Mr8Ar0hzpyAAyEgTAIBsEQGApD4TUYDq/D6/AGpMBIGAVvwgAhxBg4C2NhHIyH8VBDToRJMBlIToVUSIVpMA2mw3SYATNhJsyGNJgDc2EuzIP5MB8+hIXwEXwEi2ExLIV0SIcMWA6ZkAkr4BxkwUpYBathDayFNbAeNsB62ASbYRNsha2wHbbDp/Ap7IJdsAf2wD7YB5/BZ/A5fA4pkA3ZcAgOwWE4DEfgCORADhyFo3AMjsFxOA4n4ASchFNwGk7BGTgDZ+EcnIfzcAEuwEV4Mf6b5vvKbEwR8gottcwj88gYGSPzy/wyVsbKgrKgjMiIjJNxspAsJAvLwrKoLCrjZbwsIUtIlChJhrKkLCmjMipLy9IyQSbIsrKsdNLJRJkoK8gKsqKsKCvJO2RleaesIqvKjq66rC5ryE6upqwla8vaso6sK+vJ+rK+bCAbyIayoWwkG8nGsrFsIh+STeUAGAKPyCudaSFHQks5ClrJ1rKNbCvfgidkezkGOsiOspN8So6DsdBFtndJ8lnZVU6CbvJ5ORlekD3kVOgpX5K9ZG/ZR74s+8oOrp/sL2fAADlQzoZBcrAcIofKeVBXXulYPfmGTJEj5Sj5plwKb8kx8m05Vo6T4+U7coKcKCfJyXKKnCpT5btymnxPTpfvyxlyppwlZ8s0OUfOlR/IeXK+XCA/lAvlR3KRXCyXyKUyXS6TGXK5zJQfyxXyE5klV8pVcrVcI9fKdXK93CA3yk1ys9wit8ptcrvcIT+VO+UuuVvukXvlPrlffiYPyM/lQfmFzJZfykPyL/Kw/EoekV/LHPmNPCq/lcdifru0yx/kSXlKnpY/yjPyJ3lWnpPn5c/ygvxFXpSX5GXppVCgpFJKq0DlUXlVjMqn8qvrVKwqoAqq61VE3aDi1I2qkLpJFVZFVFFVTMWr4qqEMgqVVaRCVVKVUlF1syqtblEJqowqq8opp8qrRHWrqqBuUxXV7aqSukNVVneqKqqqqqaqq7tUDXW3qqlqqdrqHlVH1VX1VH11r2qg7lMN1f2qkXpANVYPqibqIdVUPayaqUdUc/WoaqEeUy3V46qVaq3aqLaqnXpCtVdPqg6qo+qknlKd1dOqi3pGJalnVVf1nOqmnlfd1Quqh3pR9VQvqV6qt+qjLqnLyqt+qr9KVgPUQPWqGqQGqyFqqBqmXlPD1etqhHpDpaiRapQWQqi31Bj1thqrxqnx6h01QU1Uk9RkNUVNVanqXTVNvaemq/fVDDVTzVKzVZqao4b8VmmBelON/oP89/5F/ohfn3272qE+VTvVLrVb7VF71T61X+1XB9QBdVAdVNkqWx1Sh9RhdVgdUUdUjspRR9VRdUwdU8fVcXVCnVAn1Sn1s/pRnVE/qbPqnDqnflYX1AV18befgdCgpVZa60Dn0Xl1jM6n8+vrdKwuoAvq63VE36Dj9I26kL5JF9ZFdFFdTMfr4rqENhq11aRDXVKX0lF9sy6tb9EJuowuq8tpp8vrRH3rv53/R/trp9vp9rq97qA76E66k+6sO+suuotO0km6q+6qu+luurvurnvoHrqn7ql76V66j+6j++q+up/up5N1sh6oX9WD9GA9RA/Vw/RrergerkfoETpFp+hRepQerUfrMXqMHqvH6vF6vJ6gJ+hJepKeoqfoVJ2qp+lperqermfoGXqWnqXTdJqeq+fqeXqeXqAX6IV6oV6kF+kleolO1+k6Q2foTJ2pV+gVOkuv1Cv1ar1ar9Vr9Xq9Xm/UG/VmvVlv1Vt1lt6hd+ideqferXfrvXqv3q/36wP6gD6oD+psna0P6UP6sD6sj+gjOkfn6KP6qD6mj+nj+rg+oU/ok/qkPq1P6zP6jD6rz+rz+ry+oC/oi/qivqwvX7ntC2QgAx3oIE+QJ4gJYoL8Qf4gNogNCgYFg0gQCeKCuKBQcFNQOCgSFA2KBfFB8aBEYAIMbEBBGJQMSgXR4OagdHBLkBCUCcoG5QIXlA8Sg1uDCsFtQcXg9qBScEdQObgzqBJUDaoF1YO7ghrB3UHNoFZQO7gnqBPUDeoF9YN7gwbBfUHD4P6gUfBA0Dh4MGgSPBQ0DR4OmgWPBM2DR4MWwWNBy+DxoFXQOmgTtA3a/an1vT9b5EnXz/Q3yWaAGWheNYPMYDPEDDXDzGtmuHndjDBvmBQz0owyb5rR5i0zxrxtxppxZrx5x0wwE80kM9lMMVNNqnnXTDPvmenmfTPDzDSzzGyTZuaYueYDM8/MNwvMh2ah+cgsMovNErPUpJtlJsMsN5nmY7PCfGKyzEqzyqw2a8xas86sNxvMRrPJbDZbzFazzWw3O8ynZqfZZXabPWav2Wf2m8/MAfO5OWi+MNnmS3PI/MUcNl+ZI+Zrk2O+MUfNt+aY+c4cN9+bE+YHc9KcMqfNj+aM+cmcNefMefOzuWB+MRfNJXPZ+Cs391de3lGjxjyYB2MwBvNjfozFWCyIBTGCEYzDOCyEhbAwFsaiWBTjMR5LYAm8gpCwJJbEKEaxNJbGBEzAslgWHTpMxESsgBWwIlbESlgJK2NlrIJVsBpWw7vwLrwb78ZaWAvvwXuwLtbF+lgfG2ADbIgNsRE2wsbYGJtgE2yKTbEZNsPm2BxbYAtsiS2xFbbCNtgG22E7bI/tsQN2wE7YCTtjZ+yCXTAJk7ArdsVu2A27Y3fsgT2wJ/bEXtgL+2Af7It9sR/2w2RMxoE4EAfhIByCQ3AYDsPhOBxH4AhMwRQchaNwNI7GMTgGx+I4HI/v4ASciJNwMk7BqZiKqTgNY3A6TscZOANn4SxMwzSci3NxHs7DBbgAF+JCXISLcAkuwXRMxwzMwEzMxBW4ArMwC1fhKlyDa3AdrsMNuAE34SbcgltwG27DHbgDd+JO3I27cS/uxf24Hw/gATyIBzEbs/EQHsLDeBiP4BHMwRw8ikfxGB7D43gcT+AJPIkn8TSexjN4Bs/iWTyP5/EC/oIX8RJeRo8xVor89jobawvYgvZ6G2Pz2b+Pi9piNt4WtyWssYVtkX+I0VqbYMvYsracdba8TbS3/i6uYqvaara6vcvWsHfbmr+LG9j7bEN7v21kH7D17b3/EDe2D9om9jHb1D5um9nWtrlta1vYx2xL+7htZVvbNrat7Wyftl3sMzbJPmu72ud+F2fY5XaD3Wg32c32gP3cnrc/22P2O3vB/mL72f52mH3NDrev2xH2DZtiR/4uHm/fsRPsRDvJTrZT7NTfxbPsbJtm59i59gM7z87/XZxul9mFNtMusn+7WVv2654y7cd2hf3EZtmVdpVdbdfYtXadXf8fe11tt9ptdrvdbz+zO+0uu9vusXvtvl/jK+c4aL+w2fZLe9R+aw/br+wRe9zm2G9+ja+c77j93p6wP9iT9pQ9bX+0Z+xP9qw99+v5r5z9R3vJXrbeCgKSpEhTQHkoL8VQPspP11EsFaCCdD1F6AaKoxupEN1EhakIFaViFE/FqQQZQrJEFFJJKkVRuplK0y2UQGWoLJUjR+UpkW6lCnQbVaTbqRLdQZXpTqpCVakaVae7qAbdTTWpFtWme6gO1aV6VJ/upQZ0HzWk+6kRPUCN6UFqQg9RU3qYmtEj1JwepRb0GLWkx6kVtaY21Jba0RPUnp6kDtSROtFT1Jmepi70DCXRs9SVnqNu9Dx1pxeoB71IPekl6kW9qQ+9TH3pFepH/SmZBtBAepUG0WAaQkNpGL1Gw+l1GkFvUAqNpFH0Jo2mt2gMvU1jaRyNp3doAk2kSTSZptBUSqV3aRq9R9PpfZpBM2kWzaY0mkNz6QOaR/NpAX1IC+kjWkSLaQktpXRaRhm0nDLpY1pBn1AWraRVtJrW0FpaR+tpA22kTbSZttBW2kbbaQd9SjtpF+2mPbSX9tF++owO0Od0kL6gbPqSDtFf6DB9RUfoa8qhb+gofUvH6Ds6Tt/TCfqBTtIpOk0/0hn6ic7SOTpPP9MF+oUu0iW6TJ5ECKEMVajDIMwT5g1jwnxh/vC6MDYsEBYMrw8j4Q1hXHhjWCi8KSwcFgmLhsXC+LB4WCI0IYY2pDAMS4alwmh4c1g6vCVMCMuEZcNyoQvLh4nhrWGF8LawYnh7WCm8I6wc3hlWCauGjz1QPbwrrBHeHdYMa4W1w3vCOmHdsF5YP7w3bBDeFzYM7w8bhQ+EFcMHwybhQ2HT8OGwWfhI2Dx8NGwRPha2DB8PW4WtwzZh27Bd+ETYPnwy7BB2DDuFT4Wdw6fDLuEzYVL4bNg1fO6f1n/53XpyOCAcGL4avhp6f79aEl0aTY8ui2ZEl0czox9HV0Q/iWZFV0ZXRVdH10TXRtdF10c3RDdGN0U3R7dEt0a3RbdHva+fVzhw0imnXeDyuLwuxuVz+d11LtYVcAXd9S7ibnBx7kZXyN3kCrsirqgr5uJdcVfCGYfOOnKhK+lKuai72ZV2t7gEV8aVdeWcc+Vdomvr2rl2rr170nVwHV0n95R7yj3tnnbPuGfcs66re851c8+77u4F18O96F50L7lerrfr4152fd0rrp/r75JdshvoBrpBbpAb4oa4YW6YG+6GuxFuhEtxKW6UG+VGu9FujBvjxrqxbrwb7ya4CW6Sm+SmuCku1aW6aW6am+6muxluhpvlZrk0l+bmurlunpvnFrgFbmHCQrfILXJL3BKX7tJdhstwmS7TrXArXJbLcqvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfD7XA73U632+12e91et9/tdwfcAXfQHXTZLtsdcofcYXfYHXFfuxz3jTvqvnXH3HfuuPvenXA/uJPulDvtfnRn3E/urDvnzruf3QX3i7voLrnLzrvUyLuRaZH3ItMj70dmRGZGZkVmR9IicyJzIx9E5kXmRxZEPowsjHwUWRRZHFkSWRpJjyyLZESWRzIjH0dWRD6JZEVWRlZFVkfWRNZGvC++M/QlfSkf9Tf70v4Wn+DL+LK+nHe+vE/0t/oK/jYf/Ha1r+zv9FV8VV/NP+5b+da+jW/r2/knfHv/pO/gO/pO/inf2T/tu/hnfJJ/1nf1z/lu/nnf3b/ge/gXfU//ku/le/s+/mXf17/i+/n+PtkP8AP9q36QH+yH+KF+mH/ND/ev+xH+DZ/iR/pR/k0/2r/lx/i3/Vg/zo/37/gJfqKf5Cf7KX6qT/Xv+mn+PT/dv+9n+Jl+lp/t0/wcP9d/4Of5+X6B/9Av9B/5RX6xX+KX+nS/zGf45T7Tf+xX+E98ll/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/ntfof/1O/0u/xuv8fv9fv8fv+ZP+A/9wf9Fz7bf+kP+b/4w/4rf8R/7XP8N/6o/9Yf89/54/57f8L/4E/6U/60/9Gf8T/5s/6cP+9/9hf8L/6iv+Qv89+sMcYYY4z9X1F/sD7gX3xP/jauGCiEKLCrWM4/19xS+K/zwTK+c0QI8Wz/no/8bdSpk5yc/Ntjs5QISi0WQkSu5ucRV+OVopN4WiSJjqLCv9zfYNn7Av1B/egdQuT/u5wYcTW+Wv+2/6T+E0+Nz6gcno/7L+ovFiKh1NWcfOJqfLV+xf+kfpH2f7D/fF+lCtHh73JixdX4av1E8aR4TiT9wyMZY4wxxhhjjLG/Giyrdf+j989X3p/H66s5ecXV+I/enzPGGGOMMcYYY+zae6F3n2eeSErq2J0nPOEJT/5j8tsFAq7xBYoxxhhjjDH2p7l603+td8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVe/xP/Tuxan5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi71v5PAAAA//9/Ti5y") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$FUSE_WRITE(r0, &(0x7f00000000c0)={0x18}, 0xfffffdef) open(&(0x7f0000000840)='./file1\x00', 0x14133e, 0x39) 25.021340693s ago: executing program 9 (id=9009): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) 24.982045273s ago: executing program 9 (id=9010): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe2f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r0}, 0x10) syz_open_dev$usbfs(&(0x7f0000000500), 0x77, 0x141341) 24.889567062s ago: executing program 9 (id=9013): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) sysinfo(&(0x7f0000001080)=""/207) 24.889435382s ago: executing program 40 (id=9013): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) sysinfo(&(0x7f0000001080)=""/207) 3.809052131s ago: executing program 2 (id=9703): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@private=0x8001, @in=@rand_addr=0x64010102, 0x4e22, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@broadcast, 0x0, 0x32}, @in=@dev, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x3}, 0x0, 0x2, 0xa, 0x0, 0xae, 0x96}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x0, 0x0, 0x0, 0x70bd26, 0x2}}]}, 0x154}}, 0x0) 3.777195521s ago: executing program 2 (id=9705): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0) 3.767756831s ago: executing program 2 (id=9707): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000186000e900000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000007000000000000000000000001050000018000000000000000010000851000000000000000020000000000000000000100da"], 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 3.740444021s ago: executing program 2 (id=9708): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e22, 0x80000, @mcast1, 0x1ff}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=[@rthdr={{0x18, 0x29, 0x39, {0x3b, 0x0, 0x1, 0x7}}}], 0x18}, 0x0) 3.739911231s ago: executing program 2 (id=9710): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x5, 0x24, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0xed, 0x3e, 0xc9, 0x8, 0xccd, 0xb3, 0x2dee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb0, 0x87, 0x1d}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x40095505, 0x0) 2.161617017s ago: executing program 5 (id=9788): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r2}, 0x10, &(0x7f00000003c0)={0x0, 0x10}}, 0x0) 2.161398227s ago: executing program 5 (id=9789): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000640), 0x2, 0x4fd, &(0x7f00000015c0)="$eJzs3d9rHFsdAPDvTHbvbdpcN1d9uBZsi60kRbtJGtsGwaog+lRQ63uNyTaEbLIl2bRNKJriHyCI+ANf9MkXwT9AkOJfIEJB30VFkdrqgw/Vkd2djWm6mx822dXs5wMnM2fmzH7PyTBn58wMOwEMrAsRMR4RWZZllyOilC9P8xRbrdQo9+L5o7lGSiLLbj9LIsmXtT/r7Xx6Jt/sVER8+QsRX0tej7u2sbk0W61WVvP8RH05eZllm1cWl2cXKguVlenpqeszN2auzUweSTtHI+Lm5/743W/95PM3f/HxB7+78+fxr7ca2LKzHUep1fRi83/RVoiI1eMI1ieFZgtbrvW5LgAA7K1xvv/+iPhIRFyOUgw1z+YAAACAkyT79Ei8TFr3/wAAAICTKY2IkUjScv6870ikabnceob3g3E6rdbW6h/LStvXC0ajmN5drFYm82cHRqOYNPJT+TO27fzVXfnpiHg3Ir5TGm7my3O16nxfr3wAAADA4Diza/z/91Jr/A8AAACcMKP9rgAAAABw7Iz/AQAA4OQz/gcAAIAT7Yu3bjVS1n7/9fz9jfWl2v0r85W1pfLy+lx5rrZ6r7xQqy00f7Nveb/Pq9Zq9z4RK+sPJ+qVtfrE2sbmneXa+kr9zuIrr8AGAAAAeujd809+m0TE1ieH04jIkh3rihHZ0M7Chd7XDzg+6WEK/+H46gH03lC/KwD0jVN6GFzFflcA6Lv9+oGuD+/86r+NmBl6AABAj419aPv+fzM1vJWvS/paM+C45ff/E8c6DB4X4WBwuf8Hg6u41xmAQQGceOkBDvVD3P//5Q86Fsyyw9cMAAA4SiPNlKTlfBwwEmlaLke803wtQDG5u1itTEbE+yLiN6Xi2438VHPLxOUBAAAAAAAAAAAAAAAAAAAAAAAAADigLEsi62J4uwwAAADw/ywi/VOSv/9rrHRpZPf1gbeSf5Sa04h48MPb33s4W6+vTjWW/3V7ef37+fKrvb56AQAAAHTSHqe3x/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcJRePH801069jPuXz0bEaKf4hTjVnJ6KYkSc/lsShR3bJRExdATxtx5HxHud4ieNasVoXovd8dOIGO5z/DNHEB8G2ZNG//OZTsdfGhea087HXyFPb6p7/5du939DXfq/dzp9YPr6orNPfzbRNf7jiLOFzv1PO37SJf7FA7bxq1/Z3Oy2LvtxxFjH75/klVgTSeHexNrG5pXF5dmFykJlZXp66vrMjZlrM5MTdxerlfxvxxjf/vDP/7VX+093iT+6T/svHbD9/3z68PkHWrPFXauK8aMsG7/Yef+/1yV+87vvU8/io/nubuTH2vNbrfmdzv301+fO79H++S7t32//jx+w/Ze/9M3fH7AoANADaxubS7PVamX1cDNJxNYbbG5msGaGo4dBZ2OvMu2T2B7U5xt5qP+JXXDomf71SQAAwPH4z0l/v2sCAAAAAAAAAAAAAAAAAAAAg2u/nwGLI/g5sd0xt/rTVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPf07AAD//+Hvy+A=") quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000000)=@filename='./file0\x00', 0x0, &(0x7f0000000300)='./file0\x00') 2.029008966s ago: executing program 5 (id=9791): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xfec0ffff00000000}, 0x0, 0x0, 0x3, 0xb}, 0x20) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000000)={0x2}) 1.999171146s ago: executing program 5 (id=9793): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x101080, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x5}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) close(r0) 1.772051006s ago: executing program 2 (id=9794): syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000087ff0f10ab0701fc908d01020301090212433f00003b0009040000000802"], 0x0) socket$inet6(0xa, 0x80000, 0x4) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, 0x0, 0x0) 1.771480256s ago: executing program 5 (id=9804): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="68020000210001000000000000000000ff0200000000000000000000000000017f00000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000a001000010000000000000008000b00000000002c001300e0000001007e00000000000000000000fc0000000000000000000000000000000000000000000000cc0111"], 0x268}}, 0x0) 1.742814606s ago: executing program 5 (id=9795): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="002201"], 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x93, &(0x7f00000004c0)="b9425b44651dd2323c963599000000110000024a16941ff5f4b4f1f080f3a6b14d4169adf4fcf2b877fceaffffff6250f1ffdf4cd9f5d3969890520d00157d88010000003a5bd5531d459dffff03000000003446af32cae18eae73ce1dfa614a3b0091ff000018e8f5b3371da3635b8b4fa676f0e24ca1204a7546570eb9692af9c3ea43652a7acf6d5be6fe03c0083084f04f") 706.852603ms ago: executing program 1 (id=9827): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) 660.812232ms ago: executing program 1 (id=9829): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000000, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) setuid(0xee01) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40086610, &(0x7f0000000140)={0x1, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 582.100282ms ago: executing program 1 (id=9832): ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000006800000000000000000000000900000002"]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x0, 0x309, 0x0, 0x25dfdbf8, {0x1d}}, 0x14}, 0x1, 0x0, 0x0, 0xc015}, 0x20040800) ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6tnl0\x00', @random="0600002000"}) 540.393232ms ago: executing program 1 (id=9837): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000d80)={0x1, 0x0, [{0x0, 0x0, 0x0}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1ff) 523.207662ms ago: executing program 1 (id=9838): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 465.536241ms ago: executing program 1 (id=9839): r0 = socket(0x1, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x5452, &(0x7f0000000380)={'gre0\x00', 0x0}) recvmsg(r0, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0x0) sendmmsg$unix(r0, &(0x7f0000001040)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) 164.397171ms ago: executing program 7 (id=9847): r0 = fsopen(&(0x7f0000000080)='virtiofs\x00', 0x0) r1 = dup2(r0, r0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000040)='source', 0x0, r0) read$FUSE(r1, &(0x7f0000006fc0)={0x2020}, 0x2020) 164.196681ms ago: executing program 7 (id=9848): pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x11000) vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000680)="85", 0x1}], 0x1, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 100.995761ms ago: executing program 3 (id=9851): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) utime(0x0, 0x0) 88.00953ms ago: executing program 3 (id=9852): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40404}, 0x100) 54.470381ms ago: executing program 7 (id=9853): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mem_exclusive\x00', 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000140)={'full'}, 0x2f) 50.61979ms ago: executing program 3 (id=9854): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r1, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0, 0xf0}, 0x20) 39.43464ms ago: executing program 7 (id=9855): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) getegid() 37.486051ms ago: executing program 3 (id=9856): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) shutdown(r0, 0x2) sendto$inet6(r0, 0x0, 0x0, 0x20000010, 0x0, 0x0) 25.230281ms ago: executing program 7 (id=9857): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x0, 0x0, 0x400}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000010405"], 0x1c}}, 0x0) 619.09µs ago: executing program 3 (id=9858): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xa0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x17) 492.57µs ago: executing program 3 (id=9859): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000ffff00030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 0s ago: executing program 7 (id=9860): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffffffffffd8e, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x80) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f00000000c0)=0x33c, 0x4) kernel console output (not intermixed with test programs): r,lazytime,block_validity,mblk_io_submit,debug,errors=remount-ro,debug,. Quota mode: writeback. [ 1048.357202][T18735] loop1: detected capacity change from 0 to 512 [ 1048.364004][T18707] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1048.382104][ T26] Bluetooth: hci0: command 0x1003 tx timeout [ 1048.384094][T18735] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.8492: inode #1: comm syz.1.8492: iget: illegal inode # [ 1048.387971][T15163] Bluetooth: hci0: sending frame failed (-49) [ 1048.438394][T18735] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.8492: error while reading EA inode 1 err=-117 [ 1048.453226][T18735] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.8492: inode #1: comm syz.1.8492: iget: illegal inode # [ 1048.466784][T18735] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.8492: error while reading EA inode 1 err=-117 [ 1048.486637][T18735] EXT4-fs (loop1): 1 orphan inode deleted [ 1048.492659][T18735] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 1048.737642][T18754] loop9: detected capacity change from 0 to 4096 [ 1048.767074][ T1297] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 1048.786418][T18754] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1049.408396][ T1297] usb 8-1: Using ep0 maxpacket: 16 [ 1049.536787][ T1297] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 1049.545596][ T1297] usb 8-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 1049.610510][ T1297] usb 8-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 1049.621116][ T1297] usb 8-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1049.664967][ T1297] usb 8-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 1049.674601][ T1297] usb 8-1: config 1 interface 0 has no altsetting 0 [ 1049.686374][ T1297] usb 8-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 1049.695337][ T1297] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1049.772720][ T1297] ums-sddr09 8-1:1.0: USB Mass Storage device detected [ 1049.807411][T18767] loop1: detected capacity change from 0 to 256 [ 1049.915277][T18767] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097162) [ 1049.925098][T18767] FAT-fs (loop1): Filesystem has been set read-only [ 1050.017806][ T1297] scsi host1: usb-storage 8-1:1.0 [ 1050.135369][T13780] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1050.226159][ T1297] usb 8-1: USB disconnect, device number 9 [ 1050.391933][T13780] usb 10-1: Using ep0 maxpacket: 8 [ 1050.520322][T13780] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1050.537126][T13780] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1050.552296][T13780] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1050.573681][T13780] usb 10-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 1050.587463][T13780] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1050.601526][T13780] usb 10-1: config 0 descriptor?? [ 1050.616479][ T26] Bluetooth: hci0: command 0x1001 tx timeout [ 1050.622353][T15163] Bluetooth: hci0: sending frame failed (-49) [ 1050.863992][T18769] UDC core: couldn't find an available UDC or it's busy: -16 [ 1050.871213][T18769] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1050.963199][T18800] loop2: detected capacity change from 0 to 512 [ 1051.024630][T18800] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.8515: inode #1: comm syz.2.8515: iget: illegal inode # [ 1051.048624][T18800] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.8515: error while reading EA inode 1 err=-117 [ 1051.065245][T18807] loop7: detected capacity change from 0 to 512 [ 1051.073305][T18800] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.8515: inode #1: comm syz.2.8515: iget: illegal inode # [ 1051.086024][ T30] kauditd_printk_skb: 3308 callbacks suppressed [ 1051.086042][ T30] audit: type=1400 audit(2000000012.843:7985): avc: denied { setopt } for pid=18808 comm="syz.1.8521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1051.112435][T18800] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.8515: error while reading EA inode 1 err=-117 [ 1051.126051][T18800] EXT4-fs (loop2): 1 orphan inode deleted [ 1051.131684][ T30] audit: type=1400 audit(2000000012.908:7986): avc: denied { mounton } for pid=18806 comm="syz.7.8520" path="/syzcgroup/unified/syz7/file1" dev="cgroup2" ino=279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 1051.131728][T18800] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 1051.161189][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x4 [ 1051.208735][T18807] Quota error (device loop7): dq_insert_tree: Quota tree root isn't allocated! [ 1051.218415][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x6 [ 1051.225208][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x5 [ 1051.225901][T18807] Quota error (device loop7): qtree_write_dquot: Error -5 occurred while creating quota [ 1051.232715][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.250320][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.257415][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.262958][T18807] EXT4-fs error (device loop7): ext4_acquire_dquot:6188: comm syz.7.8520: Failed to acquire dquot type 0 [ 1051.266366][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.277171][ T30] audit: type=1400 audit(2000000013.039:7987): avc: denied { listen } for pid=18814 comm="syz.1.8523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1051.282432][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.309150][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.316237][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.316483][T18807] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.8520: bg 0: block 64: padding at end of block bitmap is not set [ 1051.323164][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.344537][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.348575][ T30] audit: type=1400 audit(2000000013.067:7988): avc: denied { ioctl } for pid=18814 comm="syz.1.8523" path="socket:[76193]" dev="sockfs" ino=76193 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1051.351572][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.383835][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.386680][T18807] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 1051.390792][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.407226][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.410687][T18807] EXT4-fs (loop7): 1 truncate cleaned up [ 1051.414156][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.426519][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.428951][T18807] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1051.434146][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.446816][ T30] audit: type=1326 audit(2000000013.142:7989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18816 comm="syz.1.8525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1051.452451][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.482060][T18807] ext4 filesystem being mounted at /syzcgroup/unified/syz7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1051.482200][ T30] audit: type=1326 audit(2000000013.161:7990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18816 comm="syz.1.8525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1051.494199][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.517582][ T30] audit: type=1326 audit(2000000013.161:7991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18816 comm="syz.1.8525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1051.531208][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.555946][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.567487][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.583135][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.590816][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.599819][ T30] audit: type=1326 audit(2000000013.179:7992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18816 comm="syz.1.8525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1051.623588][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.631930][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.641353][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.649453][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.656559][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.663608][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.670817][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.678101][T13780] elecom 0003:056E:00FE.000F: unknown main item tag 0x0 [ 1051.692073][T13780] elecom 0003:056E:00FE.000F: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.9-1/input0 [ 1051.725727][T13780] usb 10-1: USB disconnect, device number 7 [ 1051.931021][T18852] netlink: 32 bytes leftover after parsing attributes in process `syz.7.8539'. [ 1052.100046][T18869] SELinux: security_context_str_to_sid(staff_u) failed for (dev ?, type ?) errno=-22 [ 1052.129167][T18869] incfs: Backing dir is not set, filesystem can't be mounted. [ 1052.145008][T18848] loop2: detected capacity change from 0 to 40427 [ 1052.151442][T18869] incfs: mount failed -2 [ 1052.196687][T18848] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1052.206679][T18848] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1052.229487][T18848] F2FS-fs (loop2): invalid crc value [ 1052.267272][T18891] netlink: 'syz.7.8557': attribute type 3 has an invalid length. [ 1052.268432][T18848] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1052.338171][T18848] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1052.345063][T18848] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1052.371186][T18900] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 1052.492725][T18905] loop9: detected capacity change from 0 to 4096 [ 1052.515613][T15037] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1052.535580][T18905] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1052.546851][T15037] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1052.627597][T18916] SELinux: Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped). [ 1052.760028][T18932] loop1: detected capacity change from 0 to 1024 [ 1052.829456][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 1052.862542][T18932] EXT4-fs (loop1): Ignoring removed bh option [ 1052.872534][T18932] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1052.958265][T18949] tap0: tun_chr_ioctl cmd 1074025677 [ 1052.969502][T18932] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,i_version,dioread_lock,noblock_validity,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,max_batch_time=0x0000000000000002,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 1052.977294][T18949] tap0: linktype set to 270 [ 1053.001296][T15037] tipc: Subscription rejected, illegal request [ 1053.050819][T18930] loop9: detected capacity change from 0 to 40427 [ 1053.133979][T18930] F2FS-fs (loop9): Invalid log blocks per segment (4278190089) [ 1053.147350][T18930] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 1053.175919][T18930] F2FS-fs (loop9): invalid crc value [ 1053.204646][T18930] F2FS-fs (loop9): Found nat_bits in checkpoint [ 1053.263892][T18976] loop2: detected capacity change from 0 to 2048 [ 1053.278916][T18930] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 1053.296415][T18930] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1053.333243][T18976] Alternate GPT is invalid, using primary GPT. [ 1053.342725][T18976] loop2: p1 p2 p3 [ 1053.347485][T18930] attempt to access beyond end of device [ 1053.347485][T18930] loop9: rw=2049, want=45104, limit=40427 [ 1053.366052][T18930] F2FS-fs (loop9): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1053.442192][T18402] udevd[18402]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 1053.442193][T18391] udevd[18391]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 1053.462662][T18412] udevd[18412]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 1053.488556][T18982] loop2: detected capacity change from 0 to 512 [ 1053.547292][T18982] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1053.577870][T18982] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1053.595129][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 1053.628983][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 1053.663602][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 1053.690984][T18987] EXT4-fs error (device loop2): ext4_search_dir:1549: inode #2: block 3: comm syz.2.8594: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 1053.712147][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 1053.761644][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 1053.777531][T18993] loop1: detected capacity change from 0 to 16 [ 1053.828039][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 1053.853843][T18993] erofs: (device loop1): mounted with root inode @ nid 36. [ 1053.856576][T18982] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz.2.8594: path /167/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 1053.891405][T18982] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #2: block 18: comm syz.2.8594: lblock 23 mapped to illegal pblock 18 (length 1) [ 1053.959123][T19002] loop1: detected capacity change from 0 to 256 [ 1054.008148][T19002] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 1054.070774][T19002] exFAT-fs (loop1): hint_cluster is invalid (17) [ 1054.261948][T19020] tap0: tun_chr_ioctl cmd 2148553947 [ 1054.391233][T19032] bridge0: port 1(bridge_slave_0) entered blocking state [ 1054.398179][T19032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1054.428140][T19034] syz.2.8615[19034] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1054.428226][T19034] syz.2.8615[19034] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1054.582592][T19043] loop1: detected capacity change from 0 to 8192 [ 1054.788816][T19055] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1054.940966][T19066] netlink: 12 bytes leftover after parsing attributes in process `syz.9.8631'. [ 1054.947713][T19064] loop1: detected capacity change from 0 to 1024 [ 1055.017768][T19074] input: syz0 as /devices/virtual/input/input31 [ 1055.043196][T19064] EXT4-fs (loop1): Ignoring removed orlov option [ 1055.075261][T19064] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 1055.132342][T19064] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,noinit_itable,barrier=0x0000000000000d0d,norecovery,inlinecrypt,max_dir_size_kb=0x0000000000000004,nodelalloc,stripe=0x0000000000000004,bsdgroups,errors=remount-ro,orlov,. Quota mode: none. [ 1055.266889][ T1297] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1055.573330][T19087] loop2: detected capacity change from 0 to 40427 [ 1055.593417][T19087] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1055.601355][T19087] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1055.619301][T19087] F2FS-fs (loop2): invalid crc value [ 1055.647140][T19087] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1055.662564][ T1297] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1055.684267][ T1297] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1055.693224][ T1297] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1055.727388][ T1297] usb 10-1: config 0 descriptor?? [ 1055.744609][T19087] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1055.755099][T19087] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1055.871743][T19098] loop1: detected capacity change from 0 to 40427 [ 1055.944813][T19098] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1055.961801][T19098] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1055.982185][T19098] F2FS-fs (loop1): invalid crc value [ 1056.005443][T19098] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1056.058083][T19098] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1056.064968][T19098] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1056.200521][T15881] attempt to access beyond end of device [ 1056.200521][T15881] loop1: rw=2049, want=40968, limit=40427 [ 1056.240906][ T1297] keytouch 0003:0926:3333.0010: fixing up Keytouch IEC report descriptor [ 1056.270768][ T1297] input: HID 0926:3333 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:0926:3333.0010/input/input32 [ 1056.361611][ T1297] keytouch 0003:0926:3333.0010: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.9-1/input0 [ 1056.520922][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 1056.520940][ T30] audit: type=1400 audit(2000000017.950:8051): avc: denied { mounton } for pid=19126 comm="syz.1.8653" path="/281/file0" dev="tmpfs" ino=1476 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1056.551137][T19127] incfs: Error accessing: ./file0. [ 1056.556115][T19127] incfs: mount failed -20 [ 1056.766375][T19135] loop1: detected capacity change from 0 to 2048 [ 1056.818642][T19135] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,dioread_lock,barrier=0x0000000000000000,,errors=continue. Quota mode: none. [ 1056.848433][T19135] ext4 filesystem being mounted at /284/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1056.900241][ T30] audit: type=1400 audit(2000000018.296:8052): avc: denied { ioctl } for pid=19134 comm="syz.1.8656" path="/284/file0/file0/file0" dev="loop1" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1056.925399][T19135] fs-verity: sha512 using implementation "sha512-avx2" [ 1057.041074][ T1070] usb 10-1: USB disconnect, device number 8 [ 1057.099335][ T30] audit: type=1400 audit(2000000018.483:8053): avc: denied { mount } for pid=19145 comm="syz.3.8660" name="/" dev="ramfs" ino=77852 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 1057.449708][T19171] loop2: detected capacity change from 0 to 4096 [ 1057.539407][T19171] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1057.568433][ T30] audit: type=1400 audit(2000000018.923:8054): avc: denied { rename } for pid=19170 comm="syz.2.8670" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1057.615161][T19183] loop9: detected capacity change from 0 to 1024 [ 1057.631067][T19183] EXT4-fs (loop9): Ignoring removed orlov option [ 1057.695646][T19183] EXT4-fs (loop9): warning: checktime reached, running e2fsck is recommended [ 1057.719302][T19192] rose0: tun_chr_ioctl cmd 1074025677 [ 1057.724802][T19192] rose0: linktype set to 823 [ 1057.734719][T19183] EXT4-fs (loop9): mounted filesystem without journal. Opts: jqfmt=vfsv1,noinit_itable,barrier=0x0000000000000d0d,norecovery,inlinecrypt,max_dir_size_kb=0x0000000000000004,nodelalloc,stripe=0x0000000000000004,bsdgroups,errors=remount-ro,orlov,. Quota mode: none. [ 1058.060080][T19196] loop2: detected capacity change from 0 to 40427 [ 1058.116211][T19210] overlayfs: upper fs does not support tmpfile. [ 1058.159032][T19196] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1058.175903][T19196] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1058.197554][T19212] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8687'. [ 1058.206965][T19196] F2FS-fs (loop2): invalid crc value [ 1058.228175][T19196] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1058.228601][T19212] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8687'. [ 1058.333010][T19196] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1058.345781][T19196] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1058.366105][T19208] loop1: detected capacity change from 0 to 40427 [ 1058.408177][ T30] audit: type=1400 audit(2000000019.708:8055): avc: denied { unlink } for pid=19195 comm="syz.2.8680" name="file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1058.456405][T19208] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1058.473919][T19208] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1058.505030][T19208] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1058.554475][T19208] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1058.561486][T19208] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1058.611458][ T30] audit: type=1326 audit(2000000019.895:8056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19231 comm="syz.3.8693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa01ced29 code=0x7ffc0000 [ 1058.634944][ T1070] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 1058.643090][T19232] netlink: 'syz.3.8693': attribute type 1 has an invalid length. [ 1058.659247][ T30] audit: type=1326 audit(2000000019.895:8057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19231 comm="syz.3.8693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa01ced29 code=0x7ffc0000 [ 1058.666575][T19232] netlink: 'syz.3.8693': attribute type 2 has an invalid length. [ 1058.690883][ T30] audit: type=1326 audit(2000000019.924:8058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19231 comm="syz.3.8693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2aa01ced29 code=0x7ffc0000 [ 1058.732000][ T30] audit: type=1326 audit(2000000019.924:8059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19231 comm="syz.3.8693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa01ced29 code=0x7ffc0000 [ 1058.756944][ T30] audit: type=1326 audit(2000000019.924:8060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19231 comm="syz.3.8693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa01ced29 code=0x7ffc0000 [ 1058.813638][T19238] loop9: detected capacity change from 0 to 2048 [ 1058.832588][T19236] loop3: detected capacity change from 0 to 8192 [ 1058.933447][T19238] EXT4-fs (loop9): mounted filesystem without journal. Opts: i_version,dioread_lock,barrier=0x0000000000000000,,errors=continue. Quota mode: none. [ 1058.967486][T19238] ext4 filesystem being mounted at /348/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1059.028655][T19240] loop2: detected capacity change from 0 to 40427 [ 1059.072989][ T1070] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1059.084106][ T1070] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1059.092968][ T1070] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1059.101699][ T1070] usb 8-1: config 0 descriptor?? [ 1059.126562][T19240] F2FS-fs (loop2): fault_injection options not supported [ 1059.146494][T19240] F2FS-fs (loop2): invalid crc value [ 1059.162680][T19253] loop9: detected capacity change from 0 to 512 [ 1059.174250][T19240] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1059.202188][T19256] bridge: RTM_DELNEIGH with unconfigured vlan 1 on bridge_slave_0 [ 1059.245085][T19240] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1059.265533][T19253] EXT4-fs (loop9): Ignoring removed orlov option [ 1059.282731][T19253] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 1059.308108][T19253] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c028, mo2=0002] [ 1059.322086][T19253] System zones: 1-12 [ 1059.359061][T19253] EXT4-fs (loop9): 1 truncate cleaned up [ 1059.359100][T17250] attempt to access beyond end of device [ 1059.359100][T17250] loop2: rw=2049, want=45104, limit=40427 [ 1059.364894][T19253] EXT4-fs (loop9): mounted filesystem without journal. Opts: orlov,debug,nogrpid,errors=remount-ro,. Quota mode: none. [ 1059.446525][T19271] syz.3.8707[19271] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1059.446527][T19253] EXT4-fs error (device loop9): ext4_read_inline_dir:1614: inode #12: block 7: comm syz.9.8699: path /349/file0/file0: bad entry in directory: inode out of bounds - offset=24, inode=16777215, rec_len=16, size=80 fake=0 [ 1059.446605][T19271] syz.3.8707[19271] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1059.479201][T19253] EXT4-fs (loop9): Remounting filesystem read-only [ 1059.512933][T19271] SELinux: failed to load policy [ 1059.629364][ T1070] keytouch 0003:0926:3333.0011: fixing up Keytouch IEC report descriptor [ 1059.650430][ T1070] input: HID 0926:3333 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0926:3333.0011/input/input33 [ 1059.704598][T19294] netlink: 228 bytes leftover after parsing attributes in process `syz.9.8717'. [ 1059.738251][ T1070] keytouch 0003:0926:3333.0011: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.7-1/input0 [ 1059.741966][T19297] ip6erspan0: tun_chr_ioctl cmd 2147767521 [ 1060.013736][T19319] loop3: detected capacity change from 0 to 512 [ 1060.096084][T19319] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1060.105895][T13780] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1060.132132][T19319] EXT4-fs (loop3): 1 truncate cleaned up [ 1060.137843][T19319] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,max_dir_size_kb=0x00000000000001ff,bsdgroups,max_batch_time=0x000000000000007f,bsddf,,errors=continue. Quota mode: none. [ 1060.272972][ T1070] usb 8-1: USB disconnect, device number 10 [ 1060.494664][T13780] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1060.505456][T13780] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1060.515027][T13780] usb 2-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 1060.524253][T13780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1060.554124][T13780] usb 2-1: config 0 descriptor?? [ 1060.562758][T19337] tmpfs: Unknown parameter 'Ù' [ 1060.665004][T19348] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8741'. [ 1060.727226][T19350] tap0: tun_chr_ioctl cmd 1074025677 [ 1060.734196][T19350] tap0: linktype set to 5 [ 1060.794723][T19358] loop9: detected capacity change from 0 to 512 [ 1060.821499][T19358] EXT4-fs (loop9): Ignoring removed bh option [ 1060.854657][T19358] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem [ 1060.875777][T19358] EXT4-fs (loop9): 1 truncate cleaned up [ 1060.889352][T19358] EXT4-fs (loop9): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 1060.900237][T19369] incfs: iterate_incfs_dir / -22 [ 1060.917901][T19358] EXT4-fs warning (device loop9): verify_group_input:147: Cannot add at group 9 (only 1 groups) [ 1061.073328][T13780] hid-generic 0003:05AC:4262.0012: unbalanced delimiter at end of report description [ 1061.104269][T13780] hid-generic: probe of 0003:05AC:4262.0012 failed with error -22 [ 1061.287090][T13780] usb 2-1: USB disconnect, device number 80 [ 1061.297175][T19388] loop2: detected capacity change from 0 to 8192 [ 1061.722533][T19401] input: syz1 as /devices/virtual/input/input34 [ 1062.008230][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 1062.008248][ T30] audit: type=1400 audit(2000000023.076:8080): avc: denied { read } for pid=19420 comm="syz.7.8776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1062.142088][ T30] audit: type=1326 audit(2000000023.207:8081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.169956][T19375] loop9: detected capacity change from 0 to 131072 [ 1062.197489][T19375] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0xf2f50610) [ 1062.222344][ T30] audit: type=1326 audit(2000000023.207:8082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.253568][T19375] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 1062.269625][T19375] F2FS-fs (loop9): Test dummy encryption mode enabled [ 1062.279640][ T30] audit: type=1326 audit(2000000023.254:8083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.314975][T19375] F2FS-fs (loop9): invalid crc value [ 1062.329193][ T30] audit: type=1326 audit(2000000023.272:8084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.378229][T19375] F2FS-fs (loop9): Found nat_bits in checkpoint [ 1062.450334][ T30] audit: type=1326 audit(2000000023.300:8085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.530600][ T30] audit: type=1326 audit(2000000023.300:8086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.556625][T19375] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 1062.562762][T19458] tap0: tun_chr_ioctl cmd 2147767517 [ 1062.575866][T19454] loop3: detected capacity change from 0 to 1024 [ 1062.582117][T19375] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1062.590041][ T30] audit: type=1326 audit(2000000023.300:8087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.639679][ T30] audit: type=1326 audit(2000000023.328:8088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.677648][ T30] audit: type=1326 audit(2000000023.328:8089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19426 comm="syz.7.8778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1062.750026][T19454] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1063.303501][T19484] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 1063.398135][T19494] bridge0: port 3(syz_tun) entered blocking state [ 1063.444805][T19494] bridge0: port 3(syz_tun) entered disabled state [ 1063.466630][T19494] device syz_tun entered promiscuous mode [ 1063.520176][T19494] bridge0: port 3(syz_tun) entered blocking state [ 1063.526478][T19494] bridge0: port 3(syz_tun) entered forwarding state [ 1063.981098][T19542] tmpfs: Unknown parameter '9' [ 1064.022519][ T1052] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1064.418100][ T1052] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1064.429726][ T1052] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1064.438592][ T1052] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.450784][ T1052] usb 3-1: config 0 descriptor?? [ 1064.653215][ T1297] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1064.704457][T19581] loop9: detected capacity change from 0 to 8192 [ 1064.920692][ T1297] usb 2-1: Using ep0 maxpacket: 16 [ 1064.942785][ T1052] keytouch 0003:0926:3333.0013: fixing up Keytouch IEC report descriptor [ 1064.955639][ T1052] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0013/input/input35 [ 1065.048835][ T1297] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1065.064531][ T1297] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1065.084899][ T1052] keytouch 0003:0926:3333.0013: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 1065.177191][ T1297] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1065.194349][ T1297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1065.221942][ T1297] usb 2-1: SerialNumber: syz [ 1065.233819][T19595] loop9: detected capacity change from 0 to 256 [ 1065.252019][T19572] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1065.389679][T19605] loop9: detected capacity change from 0 to 1024 [ 1065.467355][T19605] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 1065.490354][T19572] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1065.533965][T19605] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1065.547051][T19605] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev loop9, type ext4) errno=-22 [ 1065.606017][T19615] loop3: detected capacity change from 0 to 512 [ 1065.712059][T19615] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.8857: bg 0: block 248: padding at end of block bitmap is not set [ 1065.756673][T19615] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.8857: Failed to acquire dquot type 1 [ 1065.791376][T19615] EXT4-fs (loop3): 1 truncate cleaned up [ 1065.800491][T19615] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1065.811504][T19615] ext4 filesystem being mounted at /375/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1065.818935][T13780] usb 3-1: USB disconnect, device number 77 [ 1065.927175][T19631] tap0: tun_chr_ioctl cmd 1074812118 [ 1065.979062][ T1297] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 1066.196083][T13780] usb 2-1: USB disconnect, device number 81 [ 1066.609688][T19659] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1066.719922][T19665] loop2: detected capacity change from 0 to 256 [ 1066.751513][T19665] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d16cac, utbl_chksum : 0xe619d30d) [ 1066.784552][T19665] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 1066.810158][T19665] exFAT-fs (loop2): Filesystem has been set read-only [ 1066.829070][T19672] loop1: detected capacity change from 0 to 128 [ 1066.835254][T19665] exFAT-fs (loop2): error, failed to bmap (inode : ffff888120b40970 iblock : 8, err : -5) [ 1066.855919][T19665] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 1067.132813][T19699] netlink: 'syz.2.8892': attribute type 12 has an invalid length. [ 1067.144607][T19699] netlink: 'syz.2.8892': attribute type 29 has an invalid length. [ 1067.153106][T19699] netlink: 148 bytes leftover after parsing attributes in process `syz.2.8892'. [ 1067.162903][T19699] netlink: 59 bytes leftover after parsing attributes in process `syz.2.8892'. [ 1067.332696][ T8] tipc: Subscription rejected, illegal request [ 1067.396160][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 1067.396177][ T30] audit: type=1400 audit(2000000028.118:8147): avc: denied { read write } for pid=15045 comm="syz-executor" name="loop7" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1067.426383][ T60] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1067.486414][ T30] audit: type=1400 audit(2000000028.127:8148): avc: denied { append } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=15 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1067.534708][ T30] audit: type=1400 audit(2000000028.164:8149): avc: denied { open } for pid=15045 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1067.583215][ T30] audit: type=1400 audit(2000000028.164:8150): avc: denied { ioctl } for pid=15045 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=119 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1067.630532][ T30] audit: type=1400 audit(2000000028.183:8151): avc: denied { ioctl } for pid=19693 comm="syz.1.8890" path="/dev/raw-gadget" dev="devtmpfs" ino=250 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1067.675432][ T30] audit: type=1400 audit(2000000028.221:8152): avc: denied { prog_load } for pid=19721 comm="syz.7.8902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1067.697950][T19726] loop3: detected capacity change from 0 to 128 [ 1067.713311][ T30] audit: type=1400 audit(2000000028.221:8153): avc: denied { bpf } for pid=19721 comm="syz.7.8902" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1067.753768][ T30] audit: type=1400 audit(2000000028.221:8154): avc: denied { perfmon } for pid=19721 comm="syz.7.8902" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1067.785788][ T30] audit: type=1400 audit(2000000028.249:8155): avc: denied { prog_run } for pid=19721 comm="syz.7.8902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1067.808327][T19726] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 1067.828386][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1067.834490][ T30] audit: type=1400 audit(2000000028.436:8156): avc: denied { confidentiality } for pid=19727 comm="syz.7.8905" lockdown_reason="use of bpf to read kernel RAM" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 1067.854123][ T60] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1067.891709][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.911409][ T668] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 1067.927037][ T60] usb 2-1: config 0 descriptor?? [ 1068.171836][T19743] loop3: detected capacity change from 0 to 8192 [ 1068.438605][ T60] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor [ 1068.460791][ T60] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0014/input/input36 [ 1068.501827][T13780] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1068.547275][ T60] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 1068.608345][T19762] loop3: detected capacity change from 0 to 256 [ 1068.711054][T19762] FAT-fs (loop3): Directory bread(block 64) failed [ 1068.726398][T19762] FAT-fs (loop3): Directory bread(block 65) failed [ 1068.738335][T19762] FAT-fs (loop3): Directory bread(block 66) failed [ 1068.744693][T19762] FAT-fs (loop3): Directory bread(block 67) failed [ 1068.752236][T19762] FAT-fs (loop3): Directory bread(block 68) failed [ 1068.758525][T13780] usb 3-1: Using ep0 maxpacket: 8 [ 1068.763511][T19762] FAT-fs (loop3): Directory bread(block 69) failed [ 1068.763575][T19762] FAT-fs (loop3): Directory bread(block 70) failed [ 1068.763598][T19762] FAT-fs (loop3): Directory bread(block 71) failed [ 1068.763635][T19762] FAT-fs (loop3): Directory bread(block 72) failed [ 1068.763657][T19762] FAT-fs (loop3): Directory bread(block 73) failed [ 1068.871917][T19783] netlink: 28 bytes leftover after parsing attributes in process `syz.7.8931'. [ 1068.923445][T19787] device ip6tnl2 entered promiscuous mode [ 1068.935120][T19785] Invalid ELF header magic: != ELF [ 1068.951029][T13780] usb 3-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 1068.973381][T13780] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 1068.989597][T13780] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1069.069143][T13780] hub 3-1:32.0: bad descriptor, ignoring hub [ 1069.074973][T13780] hub: probe of 3-1:32.0 failed with error -5 [ 1069.098278][ T1052] usb 2-1: USB disconnect, device number 82 [ 1069.144836][T19806] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1069.159098][T19808] tipc: Started in network mode [ 1069.175765][T19808] tipc: Node identity 3a20300a74797065, cluster identity 4711 [ 1069.191082][T19808] tipc: Enabling of bearer rejected, failed to enable media [ 1069.205626][T19814] syz.7.8944[19814] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1069.205703][T19814] syz.7.8944[19814] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1069.256847][T19816] loop9: detected capacity change from 0 to 512 [ 1069.303755][T19816] EXT4-fs (loop9): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1069.327801][T19816] EXT4-fs error (device loop9): ext4_free_branches:1030: inode #11: comm syz.9.8946: invalid indirect mapped block 4294967295 (level 1) [ 1069.350768][T19816] EXT4-fs error (device loop9): ext4_free_branches:1030: inode #11: comm syz.9.8946: invalid indirect mapped block 4294967295 (level 1) [ 1069.375575][T19816] EXT4-fs (loop9): 2 truncates cleaned up [ 1069.381473][T19816] EXT4-fs (loop9): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000000006,dioread_nolock,,errors=continue. Quota mode: writeback. [ 1069.421327][T13780] usb 3-1: USB disconnect, device number 78 [ 1069.774057][T13780] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1070.046270][T19870] loop9: detected capacity change from 0 to 2048 [ 1070.071819][T19874] loop2: detected capacity change from 0 to 128 [ 1070.128667][T19874] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 1070.136813][T19874] FAT-fs (loop2): Filesystem has been set read-only [ 1070.146475][T19870] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1070.158983][T13780] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1070.165442][T19874] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 1070.172566][T13780] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1070.186902][T13780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1070.195599][T13780] usb 4-1: config 0 descriptor?? [ 1070.201390][T19874] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 1070.336142][T19908] input: syz0 as /devices/virtual/input/input38 [ 1070.371636][T19912] loop9: detected capacity change from 0 to 256 [ 1070.433643][T19912] FAT-fs (loop9): Directory bread(block 64) failed [ 1070.441096][T19912] FAT-fs (loop9): Directory bread(block 65) failed [ 1070.447615][T19912] FAT-fs (loop9): Directory bread(block 66) failed [ 1070.454957][T19912] FAT-fs (loop9): Directory bread(block 67) failed [ 1070.461578][T19912] FAT-fs (loop9): Directory bread(block 68) failed [ 1070.468002][T19912] FAT-fs (loop9): Directory bread(block 69) failed [ 1070.476358][T19912] FAT-fs (loop9): Directory bread(block 70) failed [ 1070.482820][T19912] FAT-fs (loop9): Directory bread(block 71) failed [ 1070.502575][T19912] FAT-fs (loop9): Directory bread(block 72) failed [ 1070.510428][T19912] FAT-fs (loop9): Directory bread(block 73) failed [ 1070.634671][T19929] nicvf0: tun_chr_ioctl cmd 35108 [ 1070.697577][T19937] incfs: Error accessing: ./file0. [ 1070.702678][T19937] incfs: mount failed -20 [ 1070.705291][T13780] keytouch 0003:0926:3333.0015: fixing up Keytouch IEC report descriptor [ 1070.730128][T13780] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0015/input/input39 [ 1070.761758][T19941] loop2: detected capacity change from 0 to 128 [ 1070.789647][ T60] usb 8-1: new full-speed USB device number 11 using dummy_hcd [ 1070.799356][T19941] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 1070.807429][T19941] System zones: 1-3, 19-19, 35-36 [ 1070.813861][T13780] keytouch 0003:0926:3333.0015: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 1070.822333][T19941] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,,errors=continue. Quota mode: none. [ 1070.842610][T19941] ext4 filesystem being mounted at /265/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1070.853813][ T1052] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1070.910186][T19948] loop9: detected capacity change from 0 to 256 [ 1070.957117][T19948] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xb8397d31, utbl_chksum : 0xe619d30d) [ 1071.058293][T19961] loop2: detected capacity change from 0 to 256 [ 1071.082540][T19961] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1071.095154][T14069] tipc: Left network mode [ 1071.174553][ T60] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1071.193639][ T60] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1071.238086][T19965] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.245310][T19965] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.253671][T19965] device bridge_slave_0 entered promiscuous mode [ 1071.263237][T19965] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.270200][T19965] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.278092][ T1052] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 1071.289907][ T1052] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1071.299107][T19965] device bridge_slave_1 entered promiscuous mode [ 1071.307824][ T1052] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 1071.321084][ T1052] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1071.330424][ T1052] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1071.341900][ T1052] usb 2-1: config 0 descriptor?? [ 1071.377687][ T60] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1071.386586][ T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1071.394669][ T60] usb 8-1: Product: syz [ 1071.398684][ T60] usb 8-1: Manufacturer: syz [ 1071.403276][ T60] usb 8-1: SerialNumber: syz [ 1071.416727][T19965] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.423594][T19965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.430841][T19965] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.438244][T19965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.463006][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1071.470835][T15037] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.478500][T15037] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.490626][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1071.499029][T15037] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.505903][T15037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.514792][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1071.523064][T15037] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.527707][ T26] usb 4-1: USB disconnect, device number 6 [ 1071.529959][T15037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.555837][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1071.564793][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1071.574736][T14069] device bridge_slave_1 left promiscuous mode [ 1071.581057][T14069] bridge0: port 2(bridge_slave_1) entered disabled state [ 1071.588587][T14069] bridge0: port 1(bridge_slave_0) entered disabled state [ 1071.596562][T14069] device veth1_macvtap left promiscuous mode [ 1071.602510][T14069] device veth0_vlan left promiscuous mode [ 1071.686375][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1071.697461][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1071.705459][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1071.712830][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1071.722102][T19965] device veth0_vlan entered promiscuous mode [ 1071.733094][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1071.741298][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1071.751026][T19965] device veth1_macvtap entered promiscuous mode [ 1071.760681][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1071.768332][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1071.776516][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1071.786209][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1071.794308][T15037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1071.832289][T19972] SELinux: Context system_u:object_r:updpwd_exec_t:s0 is not valid (left unmapped). [ 1071.859966][ T1052] isku 0003:1E7D:319C.0016: unknown main item tag 0x0 [ 1071.867920][ T1052] isku 0003:1E7D:319C.0016: hidraw0: USB HID v80.04 Device [HID 1e7d:319c] on usb-dummy_hcd.1-1/input0 [ 1071.922966][ T60] usb 8-1: 0:2 : does not exist [ 1071.959427][T19979] loop5: detected capacity change from 0 to 128 [ 1071.988606][T19979] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 1071.997127][T19979] System zones: 1-3, 19-19, 35-36 [ 1072.002644][T19979] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,,errors=continue. Quota mode: none. [ 1072.013768][T19979] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1072.081706][T19987] loop5: detected capacity change from 0 to 128 [ 1072.108788][T19989] loop3: detected capacity change from 0 to 256 [ 1072.140697][T19989] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x06198a3e, utbl_chksum : 0xe619d30d) [ 1072.295386][T19991] loop5: detected capacity change from 0 to 40427 [ 1072.313436][ T1052] usb 2-1: USB disconnect, device number 83 [ 1072.319396][T19991] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 1072.326942][T19991] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1072.343744][T19991] F2FS-fs (loop5): invalid crc value [ 1072.350787][T19991] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1072.385833][T13780] usb 8-1: USB disconnect, device number 11 [ 1072.389044][T19991] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 1072.398688][T19991] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1072.499909][T20003] binder: 20002:20003 ioctl c0306201 20000100 returned -14 [ 1072.588226][T20015] loop5: detected capacity change from 0 to 256 [ 1072.615172][T20015] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d) [ 1072.627463][T20015] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 1072.682329][T20015] exFAT-fs (loop5): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 1072.682329][T20015] [ 1072.694272][T20015] exFAT-fs (loop5): Filesystem has been set read-only [ 1072.700856][T20015] exFAT-fs (loop5): error, failed to bmap (inode : ffff888120b43040 iblock : 0, err : -5) [ 1072.812324][ T30] kauditd_printk_skb: 279 callbacks suppressed [ 1072.812341][ T30] audit: type=1400 audit(2000000033.187:8436): avc: denied { write } for pid=20027 comm="syz.5.9038" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1072.839563][ T30] audit: type=1400 audit(2000000033.187:8437): avc: denied { nlmsg_write } for pid=20027 comm="syz.5.9038" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1072.868778][ T30] audit: type=1400 audit(2000000033.234:8438): avc: denied { write } for pid=20029 comm="syz.5.9039" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1072.940241][T20038] loop1: detected capacity change from 0 to 256 [ 1072.954265][ T30] audit: type=1326 audit(2000000033.262:8439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1072.977887][ T20] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1072.980194][ T30] audit: type=1326 audit(2000000033.262:8440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1073.021543][T20038] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1073.036825][T20043] @ÿ: renamed from bond_slave_0 [ 1073.041898][ T30] audit: type=1326 audit(2000000033.262:8441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1073.076853][ T30] audit: type=1326 audit(2000000033.262:8442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1073.108105][ T30] audit: type=1326 audit(2000000033.262:8443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1073.134277][ T30] audit: type=1326 audit(2000000033.262:8444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1073.161795][ T30] audit: type=1326 audit(2000000033.262:8445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20032 comm="syz.1.9040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd672928d29 code=0x7ffc0000 [ 1073.260926][T20069] loop5: detected capacity change from 0 to 512 [ 1073.328487][T20069] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 1073.366802][T20082] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge_slave_0 [ 1073.391398][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1073.409350][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1073.429232][ T20] usb 4-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 1073.437941][T20069] EXT4-fs (loop5): mounted filesystem without journal. Opts: barrier,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000010,journal_dev=0x000000000000000d,,errors=continue. Quota mode: writeback. [ 1073.438401][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1073.466535][ T20] usb 4-1: config 0 descriptor?? [ 1073.502206][T20069] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1073.563826][T20106] binfmt_misc: register: failed to install interpreter file ./file0 [ 1073.596394][T20112] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9077'. [ 1073.608391][T20112] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 1073.800056][T20142] loop1: detected capacity change from 0 to 2048 [ 1073.806546][T20146] device batadv_slave_1 entered promiscuous mode [ 1073.814477][T20146] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9092'. [ 1073.923011][T20142] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1073.963639][T20167] loop2: detected capacity change from 0 to 256 [ 1073.983782][ T20] petalynx 0003:18B1:0037.0017: unbalanced collection at end of report description [ 1074.004520][ T20] petalynx 0003:18B1:0037.0017: parse failed [ 1074.013193][T20167] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d) [ 1074.013941][ T20] petalynx: probe of 0003:18B1:0037.0017 failed with error -22 [ 1074.035201][T20167] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 1074.109171][T20167] exFAT-fs (loop2): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 1074.109171][T20167] [ 1074.130024][T20180] netlink: 'syz.5.9107': attribute type 6 has an invalid length. [ 1074.135907][T20167] exFAT-fs (loop2): Filesystem has been set read-only [ 1074.163011][T20167] exFAT-fs (loop2): error, failed to bmap (inode : ffff888120b400d0 iblock : 0, err : -5) [ 1074.222411][ T20] usb 4-1: USB disconnect, device number 7 [ 1074.243134][T20197] loop5: detected capacity change from 0 to 128 [ 1074.501591][T20230] syz.2.9128[20230] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1074.501671][T20230] syz.2.9128[20230] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1074.644054][T20249] loop1: detected capacity change from 0 to 1024 [ 1074.746831][T20249] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 1074.779088][T20249] EXT4-fs (loop1): barriers disabled [ 1074.798709][T20249] JBD2: no valid journal superblock found [ 1074.809599][T20249] EXT4-fs (loop1): error loading journal [ 1074.822127][T20279] loop3: detected capacity change from 0 to 2048 [ 1074.886071][T20279] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1074.928220][T15051] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 1074.951995][T20299] loop1: detected capacity change from 0 to 512 [ 1074.980353][T14948] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1074.989897][T20299] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 1075.002244][T20307] loop3: detected capacity change from 0 to 128 [ 1075.029419][T20311] loop5: detected capacity change from 0 to 256 [ 1075.036833][T20299] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000010,journal_dev=0x000000000000000d,,errors=continue. Quota mode: writeback. [ 1075.057303][T20299] ext4 filesystem being mounted at /353/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1075.179878][T20324] loop1: detected capacity change from 0 to 128 [ 1075.241876][T20338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9179'. [ 1075.252354][T20324] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1075.258348][T14948] usb 3-1: Using ep0 maxpacket: 16 [ 1075.270702][ T1052] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 1075.284816][T20324] ext4 filesystem being mounted at /356/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1075.300889][T20324] netlink: 'syz.1.9172': attribute type 16 has an invalid length. [ 1075.311966][T20324] netlink: 'syz.1.9172': attribute type 3 has an invalid length. [ 1075.327267][T20324] netlink: 29478 bytes leftover after parsing attributes in process `syz.1.9172'. [ 1075.347804][T20347] loop3: detected capacity change from 0 to 512 [ 1075.376592][T20347] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,bsddf,,errors=continue. Quota mode: writeback. [ 1075.392101][T20354] loop5: detected capacity change from 0 to 512 [ 1075.407116][T20347] ext4 filesystem being mounted at /422/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1075.424078][T14948] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1075.437907][T14948] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1075.476286][T20354] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1075.488205][T20354] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1075.547051][T14948] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1075.577638][T14948] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1075.585774][T14948] usb 3-1: SerialNumber: syz [ 1075.611152][T20263] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1075.696693][ T1052] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1075.716556][ T1052] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1075.737001][ T1052] usb 8-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 1075.757491][ T1052] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1075.780008][ T1052] usb 8-1: config 0 descriptor?? [ 1075.840060][T20363] loop5: detected capacity change from 0 to 40427 [ 1075.847412][T20263] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1075.953526][T20363] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 1075.963309][T20380] loop3: detected capacity change from 0 to 40427 [ 1075.969598][T20363] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1075.979022][T20363] F2FS-fs (loop5): invalid crc value [ 1075.985915][T20363] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1076.021940][T20380] F2FS-fs (loop3): invalid crc value [ 1076.040855][T20363] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 1076.047731][T20363] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1076.050172][T20380] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1076.132630][T20380] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 1076.143582][T20363] attempt to access beyond end of device [ 1076.143582][T20363] loop5: rw=2049, want=40968, limit=40427 [ 1076.192468][T15051] attempt to access beyond end of device [ 1076.192468][T15051] loop3: rw=2049, want=45104, limit=40427 [ 1076.275106][ T1052] petalynx 0003:18B1:0037.0018: unbalanced collection at end of report description [ 1076.295564][ T1052] petalynx 0003:18B1:0037.0018: parse failed [ 1076.301487][ T1052] petalynx: probe of 0003:18B1:0037.0018 failed with error -22 [ 1076.338218][T14948] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 1076.352464][T20377] loop1: detected capacity change from 0 to 131072 [ 1076.399645][T20392] loop5: detected capacity change from 0 to 512 [ 1076.402841][T20377] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 1076.413934][T20377] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1076.432192][T20392] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1076.443508][T20377] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1076.444475][T20392] EXT4-fs (loop5): 1 orphan inode deleted [ 1076.455278][T20392] EXT4-fs (loop5): 1 truncate cleaned up [ 1076.462332][T20392] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,nolazytime,block_validity,quota,. Quota mode: writeback. [ 1076.491046][T20377] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1076.492736][ T1052] usb 8-1: USB disconnect, device number 12 [ 1076.498004][T20377] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1076.504104][T20392] EXT4-fs (loop5): shut down requested (1) [ 1076.557733][ T1499] usb 3-1: USB disconnect, device number 79 [ 1076.592127][T20401] netlink: 'syz.5.9201': attribute type 16 has an invalid length. [ 1076.599905][T20401] netlink: 64138 bytes leftover after parsing attributes in process `syz.5.9201'. [ 1076.662917][T14948] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1076.845335][T20418] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9207'. [ 1076.920828][T20428] xt_hashlimit: size too large, truncated to 1048576 [ 1077.075767][T14948] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 1077.097077][T14948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1077.111267][T14948] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 1077.143063][T14948] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1077.153228][T14948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.162292][T14948] usb 4-1: config 0 descriptor?? [ 1077.218692][T20442] loop2: detected capacity change from 0 to 256 [ 1077.270339][T20442] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 1077.300607][T20455] netlink: 55 bytes leftover after parsing attributes in process `syz.7.9224'. [ 1077.318915][T20442] attempt to access beyond end of device [ 1077.318915][T20442] loop2: rw=524288, want=696, limit=256 [ 1077.333684][T20442] attempt to access beyond end of device [ 1077.333684][T20442] loop2: rw=524288, want=952, limit=256 [ 1077.347051][T20442] attempt to access beyond end of device [ 1077.347051][T20442] loop2: rw=0, want=448, limit=256 [ 1077.361031][T20442] attempt to access beyond end of device [ 1077.361031][T20442] loop2: rw=0, want=448, limit=256 [ 1077.377090][T20442] attempt to access beyond end of device [ 1077.377090][T20442] loop2: rw=0, want=448, limit=256 [ 1077.393581][T20442] attempt to access beyond end of device [ 1077.393581][T20442] loop2: rw=0, want=448, limit=256 [ 1077.404650][T20462] attempt to access beyond end of device [ 1077.404650][T20462] loop2: rw=0, want=448, limit=256 [ 1077.416031][T20442] attempt to access beyond end of device [ 1077.416031][T20442] loop2: rw=0, want=448, limit=256 [ 1077.554403][T20484] user requested TSC rate below hardware speed [ 1077.675405][T14948] isku 0003:1E7D:319C.0019: unknown main item tag 0x0 [ 1077.686189][T14948] isku 0003:1E7D:319C.0019: hidraw0: USB HID v80.04 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0 [ 1077.836621][T20506] syz.5.9246[20506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1077.836705][T20506] syz.5.9246[20506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1078.117602][T14948] usb 4-1: USB disconnect, device number 8 [ 1078.291882][T20526] loop5: detected capacity change from 0 to 512 [ 1078.314125][ T30] kauditd_printk_skb: 170 callbacks suppressed [ 1078.314142][ T30] audit: type=1400 audit(2000000038.323:8616): avc: denied { create } for pid=20500 comm="syz.7.9244" name="blkio.bfq.avg_queue_size" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=2321202E2F6367726F75702F66696C65306161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161 [ 1078.325047][ T30] audit: type=1400 audit(2000000038.323:8617): avc: denied { associate } for pid=20500 comm="syz.7.9244" name="blkio.bfq.avg_queue_size" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=2321202E2F6367726F75702F66696C65306161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161 [ 1078.415843][ T30] audit: type=1400 audit(2000000038.323:8618): avc: denied { read append open } for pid=20500 comm="syz.7.9244" path="/427/blkio.bfq.avg_queue_size" dev="tmpfs" ino=2217 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=2321202E2F6367726F75702F66696C65306161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161 [ 1078.503842][ T30] audit: type=1400 audit(2000000038.342:8619): avc: denied { unlink } for pid=15045 comm="syz-executor" name="blkio.bfq.avg_queue_size" dev="tmpfs" ino=2217 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=2321202E2F6367726F75702F66696C653061616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616 [ 1078.591998][T13780] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1078.602263][T20526] EXT4-fs (loop5): Mount option "nouser_xattr" will be removed by 3.5 [ 1078.602263][T20526] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1078.602263][T20526] [ 1078.680670][ T30] audit: type=1400 audit(2000000038.463:8620): avc: denied { read } for pid=20533 comm="syz.2.9259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1078.725179][ T30] audit: type=1400 audit(2000000038.716:8621): avc: denied { shutdown } for pid=20533 comm="syz.2.9259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1078.758682][T20526] EXT4-fs (loop5): 1 orphan inode deleted [ 1078.764344][T20526] EXT4-fs (loop5): mounted filesystem without journal. Opts: stripe=0x0000000000000009,inlinecrypt,nouser_xattr,,errors=continue. Quota mode: writeback. [ 1078.779804][T20526] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1078.836342][ T30] audit: type=1400 audit(2000000038.819:8622): avc: denied { listen } for pid=20541 comm="syz.7.9261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1078.842694][T20544] loop3: detected capacity change from 0 to 512 [ 1078.905930][ T30] audit: type=1326 audit(2000000038.884:8623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20548 comm="syz.7.9265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1078.930053][ T30] audit: type=1326 audit(2000000038.884:8624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20548 comm="syz.7.9265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1078.967972][ T30] audit: type=1326 audit(2000000038.884:8625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20548 comm="syz.7.9265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f8ca5466d29 code=0x7ffc0000 [ 1079.010703][T13780] usb 2-1: Using ep0 maxpacket: 16 [ 1079.016133][T20544] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1079.027754][T20544] ext4 filesystem being mounted at /430/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1079.087070][T20564] loop3: detected capacity change from 0 to 512 [ 1079.137995][T20564] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1079.149801][T13780] usb 2-1: config index 0 descriptor too short (expected 17170, got 18) [ 1079.161934][T13780] usb 2-1: config 0 has too many interfaces: 63, using maximum allowed: 32 [ 1079.172811][T20564] EXT4-fs (loop3): 1 orphan inode deleted [ 1079.181879][T20564] EXT4-fs (loop3): 1 truncate cleaned up [ 1079.198048][T13780] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 63 [ 1079.201026][T20564] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,nolazytime,block_validity,quota,. Quota mode: writeback. [ 1079.216869][T20569] loop5: detected capacity change from 0 to 512 [ 1079.245745][T20564] EXT4-fs (loop3): shut down requested (1) [ 1079.278156][T20569] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,auto_da_alloc,minixdf,,errors=continue. Quota mode: writeback. [ 1079.291974][T20569] ext4 filesystem being mounted at /61/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1079.409679][T13780] usb 2-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 1079.428351][T13780] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.436250][T13780] usb 2-1: Product: syz [ 1079.438489][T20586] loop5: detected capacity change from 0 to 512 [ 1079.440457][T13780] usb 2-1: Manufacturer: syz [ 1079.452171][T13780] usb 2-1: SerialNumber: syz [ 1079.463852][T20585] SELinux: policydb version 0 does not match my version range 15-33 [ 1079.467787][T13780] usb 2-1: config 0 descriptor?? [ 1079.474948][T20585] SELinux: failed to load policy [ 1079.503556][T20586] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 1079.539556][T13780] ums-freecom 2-1:0.0: USB Mass Storage device detected [ 1079.550167][T20586] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1079.643653][T20586] EXT4-fs error (device loop5): ext4_get_first_dir_block:3597: inode #12: comm syz.5.9277: Directory hole found for htree leaf block 0 [ 1079.767702][ T1499] usb 2-1: USB disconnect, device number 84 [ 1079.975368][T20624] binder: BC_ATTEMPT_ACQUIRE not supported [ 1079.991897][T20624] binder: 20623:20624 ioctl c0306201 200003c0 returned -22 [ 1080.222228][T20648] serio: Serial port tty25 [ 1080.305153][T20644] loop5: detected capacity change from 0 to 40427 [ 1080.346309][T20655] usb usb1: usbfs: process 20655 (syz.1.9308) did not claim interface 0 before use [ 1080.369151][T20644] F2FS-fs (loop5): fault_injection options not supported [ 1080.376059][T20644] F2FS-fs (loop5): fault_type options not supported [ 1080.389832][ T60] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 1080.397818][T20644] F2FS-fs (loop5): invalid crc value [ 1080.404924][T20644] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1080.437194][T20644] F2FS-fs (loop5): Start checkpoint disabled! [ 1080.448801][T20644] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 1080.625219][T20675] loop1: detected capacity change from 0 to 2048 [ 1080.657604][ T60] usb 8-1: Using ep0 maxpacket: 16 [ 1080.668454][T20681] loop5: detected capacity change from 0 to 1024 [ 1080.670686][T20675] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,data_err=ignore,max_batch_time=0x0000000000000007,sysvgroups,,errors=continue. Quota mode: none. [ 1080.691902][T20675] ext4 filesystem being mounted at /397/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1080.707294][T20681] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 1080.713764][T20675] fs-verity: sha256 using implementation "sha256-avx2" [ 1080.718363][T20681] EXT4-fs (loop5): barriers disabled [ 1080.728691][T20681] JBD2: no valid journal superblock found [ 1080.734201][T20681] EXT4-fs (loop5): error loading journal [ 1080.768699][T20686] loop1: detected capacity change from 0 to 2048 [ 1080.796295][ T60] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1080.806052][ T60] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1080.903052][ T60] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1080.911929][ T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1080.919821][ T20] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1080.929348][ T60] usb 8-1: SerialNumber: syz [ 1080.936761][T20686] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 1080.956446][T20638] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1080.966912][T15881] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1080.981820][T15881] EXT4-fs (loop1): Remounting filesystem read-only [ 1081.180911][ T20] usb 4-1: Using ep0 maxpacket: 16 [ 1081.193213][T20638] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1081.309307][ T20] usb 4-1: config index 0 descriptor too short (expected 17170, got 18) [ 1081.317549][ T20] usb 4-1: config 0 has too many interfaces: 63, using maximum allowed: 32 [ 1081.326281][ T20] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 63 [ 1081.448193][ T1499] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1081.501711][ T20] usb 4-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 1081.510625][ T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1081.518426][ T20] usb 4-1: Product: syz [ 1081.522379][ T20] usb 4-1: Manufacturer: syz [ 1081.526839][ T20] usb 4-1: SerialNumber: syz [ 1081.532235][ T20] usb 4-1: config 0 descriptor?? [ 1081.577533][ T20] ums-freecom 4-1:0.0: USB Mass Storage device detected [ 1081.683479][ T60] cdc_ether: probe of 8-1:1.0 failed with error -22 [ 1081.794445][ T60] usb 4-1: USB disconnect, device number 9 [ 1081.886569][ T1499] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1081.899835][ T1499] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1081.909481][ T1499] usb 3-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 1081.918265][ T1499] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1081.926933][ T1499] usb 3-1: config 0 descriptor?? [ 1081.931956][T14948] usb 8-1: USB disconnect, device number 13 [ 1081.948554][T20710] loop1: detected capacity change from 0 to 512 [ 1081.989026][T20710] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1082.001122][T20710] ext4 filesystem being mounted at /400/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1082.399685][ T1052] usb 6-1: new full-speed USB device number 88 using dummy_hcd [ 1082.418166][T20739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9341'. [ 1082.433066][ T1499] uclogic 0003:5543:0042.001A: unbalanced delimiter at end of report description [ 1082.446516][ T1499] uclogic 0003:5543:0042.001A: parse failed [ 1082.452961][ T1499] uclogic: probe of 0003:5543:0042.001A failed with error -22 [ 1082.515207][T20751] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20751 comm=syz.7.9347 [ 1082.577650][T20762] loop3: detected capacity change from 0 to 128 [ 1082.648647][T20762] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1082.650696][ T1297] usb 3-1: USB disconnect, device number 80 [ 1082.659414][T20762] ext4 filesystem being mounted at /452/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1082.848671][ T1052] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1082.859369][ T1052] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1082.945084][ T1052] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1082.954047][ T1052] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1082.962154][ T1052] usb 6-1: SerialNumber: syz [ 1083.020669][ T1052] usb 6-1: 0:2 : does not exist [ 1083.226757][T20792] loop2: detected capacity change from 0 to 128 [ 1083.255899][T20796] netlink: 'syz.7.9366': attribute type 25 has an invalid length. [ 1083.263547][T20796] netlink: 'syz.7.9366': attribute type 7 has an invalid length. [ 1083.297222][T20792] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1083.308858][T20792] ext4 filesystem being mounted at /334/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1083.466478][T20817] netlink: 71 bytes leftover after parsing attributes in process `syz.2.9376'. [ 1083.502563][ T1052] usb 6-1: USB disconnect, device number 88 [ 1083.519458][T20823] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9379'. [ 1083.681973][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 1083.681990][ T30] audit: type=1326 audit(2000000043.346:8678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.711677][ T30] audit: type=1326 audit(2000000043.383:8679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.736047][ T30] audit: type=1326 audit(2000000043.383:8680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.760838][ T30] audit: type=1326 audit(2000000043.402:8681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.786295][ T30] audit: type=1326 audit(2000000043.402:8682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.810341][ T30] audit: type=1326 audit(2000000043.402:8683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.838219][ T30] audit: type=1326 audit(2000000043.430:8684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.861916][ T30] audit: type=1326 audit(2000000043.430:8685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.886013][ T30] audit: type=1326 audit(2000000043.430:8686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1083.910330][ T30] audit: type=1326 audit(2000000043.430:8687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20837 comm="syz.2.9386" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1084.013468][T20850] xt_hashlimit: max too large, truncated to 1048576 [ 1084.033997][T20852] netlink: 'syz.5.9393': attribute type 12 has an invalid length. [ 1084.238480][ T1297] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1084.259804][ T1052] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1084.304675][T20884] loop1: detected capacity change from 0 to 128 [ 1084.358033][T20884] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1084.370978][T20884] ext4 filesystem being mounted at /416/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1084.385208][T20884] fscrypt (loop1, inode 12): Unsupported encryption flags (0x08) [ 1084.516991][T20900] x_tables: unsorted underflow at hook 2 [ 1084.532401][ T1052] usb 4-1: Using ep0 maxpacket: 16 [ 1084.595322][T20913] loop1: detected capacity change from 0 to 128 [ 1084.606109][T20915] sch_tbf: burst 3 is lower than device lo mtu (65550) ! [ 1084.623409][ T1297] usb 3-1: config 0 has an invalid interface number: 7 but max is 0 [ 1084.631718][ T1297] usb 3-1: config 0 has no interface number 0 [ 1084.638051][ T1297] usb 3-1: config 0 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1084.649369][ T1297] usb 3-1: config 0 interface 7 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1084.659352][ T1297] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 1084.668273][ T1297] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1084.680926][T20913] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 1084.682858][ T1297] usb 3-1: config 0 descriptor?? [ 1084.695397][T20913] FAT-fs (loop1): bogus number of directory entries (203) [ 1084.702791][T20913] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1084.708892][ T1052] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1084.720851][ T1052] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1084.731247][ T1052] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 1084.744333][ T1052] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1084.757710][ T1052] usb 4-1: config 0 descriptor?? [ 1084.807033][T20927] loop1: detected capacity change from 0 to 512 [ 1084.849308][T20927] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1084.860196][T20927] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.9428: bad orphan inode 131083 [ 1084.875220][T20927] EXT4-fs (loop1): mounted filesystem without journal. Opts: stripe=0x000000000000003d,init_itable,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 1085.191181][ T1297] uclogic 0003:5543:0522.001B: item fetching failed at offset 2/5 [ 1085.207142][ T1297] uclogic 0003:5543:0522.001B: parse failed [ 1085.214271][ T1297] uclogic: probe of 0003:5543:0522.001B failed with error -22 [ 1085.287206][ T1052] konepure 0003:1E7D:2DB4.001C: unknown main item tag 0x0 [ 1085.294614][ T1052] konepure 0003:1E7D:2DB4.001C: unknown main item tag 0x0 [ 1085.314964][ T1052] konepure 0003:1E7D:2DB4.001C: unknown main item tag 0x0 [ 1085.322941][ T1052] konepure 0003:1E7D:2DB4.001C: unknown main item tag 0x0 [ 1085.331634][ T1052] konepure 0003:1E7D:2DB4.001C: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.3-1/input0 [ 1085.401374][T20990] loop1: detected capacity change from 0 to 512 [ 1085.413093][ T1052] usb 3-1: USB disconnect, device number 81 [ 1085.436781][T20990] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 1085.444958][T20990] EXT4-fs (loop1): Ignoring removed bh option [ 1085.456884][T20990] EXT4-fs (loop1): Mount option "noload" incompatible with ext2 [ 1085.473766][T20996] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1085.505130][ T1499] usb 4-1: USB disconnect, device number 10 [ 1085.526426][T20998] loop5: detected capacity change from 0 to 1024 [ 1085.533755][T20998] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled [ 1085.548417][T20998] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,auto_da_alloc=0x0000000000000004,resuid=0x0000000000000000,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback. [ 1085.734088][T18412] printk: udevd: 1311 output lines suppressed due to ratelimiting [ 1085.833725][T21025] loop1: detected capacity change from 0 to 1024 [ 1085.875743][T21025] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noload,resuid=0x000000000000ee00,noauto_da_alloc,discard,max_dir_size_kb=0x0000000000000002,stripe=0x0000000000000008,sb=0x0000000000000000,init_itable=0x0000000000007fff,nodioread_nolock,nogrpid,,errors=continue. Quota mode: none. [ 1085.913699][T21034] loop5: detected capacity change from 0 to 256 [ 1086.022870][T21043] loop5: detected capacity change from 0 to 128 [ 1086.094858][T21043] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1086.114797][T21043] ext4 filesystem being mounted at /105/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1086.218792][T21051] loop5: detected capacity change from 0 to 512 [ 1086.301570][T21051] EXT4-fs (loop5): mounted filesystem without journal. Opts: quota,barrier=0x0000000000001000,grpjquota=,norecovery,dioread_lock,,errors=continue. Quota mode: writeback. [ 1086.318836][T21051] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1086.512423][T21076] loop2: detected capacity change from 0 to 1024 [ 1086.548709][T21080] netlink: 'syz.1.9493': attribute type 28 has an invalid length. [ 1086.559799][T21082] netlink: 'syz.7.9494': attribute type 4 has an invalid length. [ 1086.573790][T21082] netlink: 17 bytes leftover after parsing attributes in process `syz.7.9494'. [ 1086.591559][T21084] loop5: detected capacity change from 0 to 512 [ 1086.599621][T21082] netlink: 12 bytes leftover after parsing attributes in process `syz.7.9494'. [ 1086.608839][T21076] EXT4-fs (loop2): Ignoring removed nobh option [ 1086.624214][T21084] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1086.626193][T21076] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1086.653269][T21084] EXT4-fs (loop5): 1 truncate cleaned up [ 1086.658945][T21084] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,init_itable=0x0000000000008001,errors=remount-ro,data_err=ignore,. Quota mode: none. [ 1086.693498][T21076] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.9491: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 1086.725682][T21076] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.9491: couldn't read orphan inode 11 (err -117) [ 1086.737700][T21076] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,mblk_io_submit,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback. [ 1086.868056][T21106] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 1087.058563][T21129] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9516'. [ 1087.209110][T21105] loop1: detected capacity change from 0 to 40427 [ 1087.212849][T21157] loop5: detected capacity change from 0 to 1024 [ 1087.233133][T21105] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 1087.242068][T21163] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 1087.245241][T21105] F2FS-fs (loop1): invalid crc value [ 1087.263688][T21105] F2FS-fs (loop1): invalid crc value [ 1087.269288][T21105] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 1087.279810][T21157] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 1087.290710][T21157] JBD2: no valid journal superblock found [ 1087.296526][T21157] EXT4-fs (loop5): error loading journal [ 1087.548831][T21208] loop1: detected capacity change from 0 to 512 [ 1087.583317][T21208] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 1087.600693][T21208] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #2: comm syz.1.9552: corrupted xattr block 255 [ 1087.623166][T21208] SELinux: (dev loop1, type ext4) getxattr errno 117 [ 1087.770832][T21228] loop2: detected capacity change from 0 to 512 [ 1087.799180][T21228] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1087.811316][T21228] EXT4-fs (loop2): 1 truncate cleaned up [ 1087.816884][T21228] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1087.927075][T21249] loop5: detected capacity change from 0 to 128 [ 1087.960438][T21249] FAT-fs (loop5): Directory bread(block 162) failed [ 1087.967147][T21249] FAT-fs (loop5): Directory bread(block 163) failed [ 1087.973817][T21249] FAT-fs (loop5): Directory bread(block 164) failed [ 1087.980381][T21249] FAT-fs (loop5): Directory bread(block 165) failed [ 1087.986908][T21249] FAT-fs (loop5): Directory bread(block 166) failed [ 1087.993768][T21249] FAT-fs (loop5): Directory bread(block 167) failed [ 1088.000298][T21249] FAT-fs (loop5): Directory bread(block 168) failed [ 1088.006855][T21249] FAT-fs (loop5): Directory bread(block 169) failed [ 1088.023324][T21249] FAT-fs (loop5): Directory bread(block 162) failed [ 1088.029877][T21249] FAT-fs (loop5): Directory bread(block 163) failed [ 1088.044123][T21249] handle_bad_sector: 14324 callbacks suppressed [ 1088.044141][T21249] attempt to access beyond end of device [ 1088.044141][T21249] loop5: rw=3, want=232, limit=128 [ 1088.044313][ T1052] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1088.056739][T21249] attempt to access beyond end of device [ 1088.056739][T21249] loop5: rw=2051, want=234, limit=128 [ 1088.187332][T21277] loop2: detected capacity change from 0 to 512 [ 1088.209001][T21277] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1088.221596][T21277] EXT4-fs (loop2): 1 orphan inode deleted [ 1088.227241][T21277] EXT4-fs (loop2): 1 truncate cleaned up [ 1088.232704][T21277] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000004000000,jqfmt=vfsv0,quota,. Quota mode: writeback. [ 1088.255039][T21277] EXT4-fs error (device loop2): empty_inline_dir:1869: inode #12: block 7: comm syz.2.9585: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=784, size=60 fake=0 [ 1088.273853][T21277] EXT4-fs (loop2): Remounting filesystem read-only [ 1088.280352][T21277] EXT4-fs warning (device loop2): empty_inline_dir:1876: bad inline directory (dir #12) - inode 13, rec_len 784, name_len 5inline size 60 [ 1088.303906][T21286] blk_update_request: I/O error, dev loop11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1088.314853][T21286] FAT-fs (loop11): unable to read boot sector [ 1088.343484][T21288] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 1088.349102][T21288] pim6reg0: linktype set to 65534 [ 1088.364992][ T1297] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 1088.444586][T21302] tun0: tun_chr_ioctl cmd 2147767506 [ 1088.482649][ T1052] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1088.493528][ T1052] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1088.502455][ T1052] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1088.511480][ T1052] usb 2-1: config 0 descriptor?? [ 1088.588724][T21321] tmpfs: Bad value for 'gid' [ 1088.609362][T21323] loop2: detected capacity change from 0 to 512 [ 1088.654388][T21323] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1088.663345][T21323] EXT4-fs (loop2): 1 truncate cleaned up [ 1088.669028][T21323] EXT4-fs (loop2): mounted filesystem without journal. Opts: lazytime,grpjquota=,grpquota,discard,mblk_io_submit,debug_want_extra_isize=0x000000000000000e,grpquota,nombcache,,errors=continue. Quota mode: writeback. [ 1088.669089][T13780] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1088.749923][ T1297] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1088.760708][ T1297] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1088.769637][ T1297] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1088.778227][ T1297] usb 8-1: config 0 descriptor?? [ 1088.953018][T14948] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 1089.017712][ T1052] keytouch 0003:0926:3333.001D: fixing up Keytouch IEC report descriptor [ 1089.027089][ T1052] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001D/input/input41 [ 1089.081372][T13780] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1089.092206][T13780] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1089.101048][T13780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1089.109681][T13780] usb 4-1: config 0 descriptor?? [ 1089.126082][ T30] kauditd_printk_skb: 560 callbacks suppressed [ 1089.126099][ T30] audit: type=1400 audit(2000000048.444:9248): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=4356 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1089.154521][ T1052] keytouch 0003:0926:3333.001D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 1089.154613][ T30] audit: type=1400 audit(2000000048.444:9249): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=4356 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1089.189631][ T30] audit: type=1400 audit(2000000048.444:9250): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=4356 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1089.295611][ T1297] keytouch 0003:0926:3333.001E: fixing up Keytouch IEC report descriptor [ 1089.304952][ T1297] input: HID 0926:3333 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0926:3333.001E/input/input42 [ 1089.382294][ T1297] keytouch 0003:0926:3333.001E: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.7-1/input0 [ 1089.402285][T14948] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00 [ 1089.411337][T14948] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1089.419918][T14948] usb 6-1: config 0 descriptor?? [ 1089.637982][T13780] keytouch 0003:0926:3333.001F: fixing up Keytouch IEC report descriptor [ 1089.647363][T13780] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001F/input/input43 [ 1089.735160][T13780] keytouch 0003:0926:3333.001F: input,hidraw2: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 1089.758185][ T30] audit: type=1326 audit(2000000049.033:9251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21335 comm="syz.2.9611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1089.784866][ T30] audit: type=1326 audit(2000000049.033:9252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21335 comm="syz.2.9611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1089.808952][ T30] audit: type=1326 audit(2000000049.033:9253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21335 comm="syz.2.9611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1089.833081][ T30] audit: type=1326 audit(2000000049.033:9254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21335 comm="syz.2.9611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1089.856933][ T30] audit: type=1326 audit(2000000049.033:9255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21335 comm="syz.2.9611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1089.919481][ T1499] usb 2-1: USB disconnect, device number 85 [ 1089.925849][ C1] keytouch 0003:0926:3333.001D: usb_submit_urb(ctrl) failed: -19 [ 1089.936293][T14948] playstation 0003:054C:0DF2.0020: hidraw3: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.5-1/input0 [ 1090.109361][ T1052] usb 8-1: USB disconnect, device number 14 [ 1090.115292][T21348] device veth0_virt_wifi entered promiscuous mode [ 1090.122687][T21348] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9616'. [ 1090.129180][ C0] keytouch 0003:0926:3333.001E: usb_submit_urb(ctrl) failed: -19 [ 1090.147619][T21350] input: syz0 as /devices/virtual/input/input44 [ 1090.161049][T14948] playstation 0003:054C:0DF2.0020: Failed to retrieve feature with reportID 9: -71 [ 1090.170588][T14948] playstation 0003:054C:0DF2.0020: Failed to retrieve DualSense pairing info: -71 [ 1090.180248][T14948] playstation 0003:054C:0DF2.0020: Failed to get MAC address from DualSense [ 1090.185228][T21354] loop2: detected capacity change from 0 to 512 [ 1090.189738][T14948] playstation 0003:054C:0DF2.0020: Failed to create dualsense. [ 1090.203447][T14948] playstation: probe of 0003:054C:0DF2.0020 failed with error -71 [ 1090.212237][T14948] usb 6-1: USB disconnect, device number 89 [ 1090.238741][T21354] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.9619: corrupted in-inode xattr [ 1090.254021][T21354] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.9619: couldn't read orphan inode 15 (err -117) [ 1090.266113][T21354] EXT4-fs (loop2): mounted filesystem without journal. Opts: nouid32,block_validity,,errors=continue. Quota mode: writeback. [ 1090.280518][T21354] EXT4-fs warning (device loop2): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135 [ 1090.340868][ T30] audit: type=1326 audit(2000000049.576:9256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21356 comm="syz.2.9620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1090.364943][ T30] audit: type=1326 audit(2000000049.576:9257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21356 comm="syz.2.9620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5bdb14d29 code=0x7ffc0000 [ 1090.532001][T21371] netlink: 'syz.2.9627': attribute type 4 has an invalid length. [ 1090.539624][T21371] netlink: 17 bytes leftover after parsing attributes in process `syz.2.9627'. [ 1090.637175][T21382] loop1: detected capacity change from 0 to 2048 [ 1090.675945][T21382] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 1090.690930][T21382] EXT4-fs (loop1): shut down requested (2) [ 1090.697042][T21382] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=15 [ 1090.705828][T21382] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=15 [ 1090.724596][T21392] loop5: detected capacity change from 0 to 512 [ 1090.750153][T21392] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.9635: inode #1: comm syz.5.9635: iget: illegal inode # [ 1090.764747][ T1297] usb 4-1: USB disconnect, device number 11 [ 1090.767609][T21398] loop1: detected capacity change from 0 to 1024 [ 1090.771890][T21392] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.9635: error while reading EA inode 1 err=-117 [ 1090.790874][T21392] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.9635: inode #1: comm syz.5.9635: iget: illegal inode # [ 1090.805246][T21392] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.9635: error while reading EA inode 1 err=-117 [ 1090.817697][T21392] EXT4-fs (loop5): 1 orphan inode deleted [ 1090.823319][T21392] EXT4-fs (loop5): mounted filesystem without journal. Opts: user_xattr,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,jqfmt=vfsv0,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback. [ 1090.823402][T21398] EXT4-fs (loop1): Ignoring removed orlov option [ 1090.855248][T21398] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 1090.875517][T21398] EXT4-fs (loop1): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000003,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1091.055149][T21414] loop5: detected capacity change from 0 to 512 [ 1091.124934][T21414] EXT4-fs (loop5): mounted filesystem without journal. Opts: nobarrier,nodioread_nolock,,errors=continue. Quota mode: writeback. [ 1091.144851][T21414] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1091.184439][T21414] SELinux: Context : is not valid (left unmapped). [ 1091.204236][T21430] loop1: detected capacity change from 0 to 1024 [ 1091.221783][T21430] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 1091.235161][T21430] EXT4-fs (loop1): invalid journal inode [ 1091.241230][T21430] EXT4-fs (loop1): can't get journal size [ 1091.247564][T21430] EXT4-fs error (device loop1): ext4_protect_reserved_inode:182: inode #2: comm syz.1.9649: blocks 48-48 from inode overlap system zone [ 1091.261872][T21430] EXT4-fs (loop1): failed to initialize system zone (-117) [ 1091.269489][T21430] EXT4-fs (loop1): mount failed [ 1091.288498][T21438] loop5: detected capacity change from 0 to 2048 [ 1091.347123][T21448] loop1: detected capacity change from 0 to 512 [ 1091.353897][T21438] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1091.368171][T21450] SELinux: policydb table sizes (8,0) do not match mine (8,7) [ 1091.376822][T21450] SELinux: failed to load policy [ 1091.384454][T21448] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1091.529443][ T1297] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 1091.620138][T21488] loop1: detected capacity change from 0 to 256 [ 1091.675267][T21488] FAT-fs (loop1): Directory bread(block 64) failed [ 1091.681651][T21488] FAT-fs (loop1): Directory bread(block 65) failed [ 1091.688008][T21488] FAT-fs (loop1): Directory bread(block 66) failed [ 1091.694709][T21488] FAT-fs (loop1): Directory bread(block 67) failed [ 1091.701440][T21488] FAT-fs (loop1): Directory bread(block 68) failed [ 1091.707808][T21488] FAT-fs (loop1): Directory bread(block 69) failed [ 1091.716086][T21488] FAT-fs (loop1): Directory bread(block 70) failed [ 1091.722515][T21488] FAT-fs (loop1): Directory bread(block 71) failed [ 1091.728821][T21488] FAT-fs (loop1): Directory bread(block 72) failed [ 1091.736702][T21488] FAT-fs (loop1): Directory bread(block 73) failed [ 1091.748105][T21496] ip6erspan0: tun_chr_ioctl cmd 1074025680 [ 1091.782687][T21498] netlink: 'syz.5.9680': attribute type 1 has an invalid length. [ 1091.790394][ T1297] usb 8-1: Using ep0 maxpacket: 16 [ 1091.795470][T21498] netlink: 'syz.5.9680': attribute type 2 has an invalid length. [ 1091.875478][T21512] loop2: detected capacity change from 0 to 512 [ 1091.883246][T21512] EXT4-fs (loop2): Ignoring removed bh option [ 1091.889272][T21512] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 1091.899041][T21512] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 1091.906994][T21512] System zones: 1-12 [ 1091.911564][T21512] EXT4-fs (loop2): 1 truncate cleaned up [ 1091.917385][ T1297] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1091.928947][T21512] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,debug,usrjquota=,,errors=continue. Quota mode: none. [ 1091.945708][ T1297] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1091.955491][ T1297] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1091.968990][ T1297] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1091.977907][ T1297] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.986800][T21512] EXT4-fs warning (device loop2): verify_group_input:165: Last group not full [ 1091.995955][ T1297] usb 8-1: config 0 descriptor?? [ 1092.160175][T13780] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 1092.307606][ T1052] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 1092.315833][ T1052] hid-generic 0000:0000:0000.0021: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1092.317063][T21572] loop1: detected capacity change from 0 to 256 [ 1092.345938][T21572] exfat: Unknown parameter 'keep_last_dots' [ 1092.363667][T21574] tap0: tun_chr_ioctl cmd 1074025692 [ 1092.416742][T13780] usb 6-1: Using ep0 maxpacket: 16 [ 1092.455491][T21588] loop3: detected capacity change from 0 to 512 [ 1092.472323][T21590] syz.1.9723[21590] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1092.472402][T21590] syz.1.9723[21590] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1092.485672][T21590] SELinux: Context @ is not valid (left unmapped). [ 1092.504269][T21588] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 1092.511532][T21588] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1092.522499][ T1297] microsoft 0003:045E:07DA.0022: No inputs registered, leaving [ 1092.526693][T21592] netlink: 165 bytes leftover after parsing attributes in process `syz.1.9724'. [ 1092.532168][ T1297] microsoft 0003:045E:07DA.0022: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 1092.550418][ T1297] microsoft 0003:045E:07DA.0022: no inputs found [ 1092.551200][T21588] EXT4-fs (loop3): 1 truncate cleaned up [ 1092.563074][ T1297] microsoft 0003:045E:07DA.0022: could not initialize ff, continuing anyway [ 1092.571747][T13780] usb 6-1: config index 0 descriptor too short (expected 17170, got 18) [ 1092.575187][T21588] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,data_err=abort,,errors=continue. Quota mode: none. [ 1092.606575][T13780] usb 6-1: config 0 has too many interfaces: 63, using maximum allowed: 32 [ 1092.616780][T13780] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 63 [ 1092.718527][T21615] loop3: detected capacity change from 0 to 128 [ 1092.720112][T21616] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9734'. [ 1092.748436][T14948] usb 8-1: USB disconnect, device number 15 [ 1092.757343][T21618] loop1: detected capacity change from 0 to 512 [ 1092.790967][ T1052] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1092.791106][T13780] usb 6-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 1092.807347][T13780] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.818127][T13780] usb 6-1: Product: syz [ 1092.822137][T13780] usb 6-1: Manufacturer: syz [ 1092.826929][T13780] usb 6-1: SerialNumber: syz [ 1092.832462][T13780] usb 6-1: config 0 descriptor?? [ 1092.838896][T21618] EXT4-fs (loop1): mounted filesystem without journal. Opts: noquota,barrier=0x0000000000000100,grpjquota=,abort,dioread_lock,,errors=continue. Quota mode: writeback. [ 1092.855985][T21618] ext4 filesystem being mounted at /504/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1092.876451][T21618] EXT4-fs error (device loop1): ext4_remount:5846: comm syz.1.9736: Abort forced by user [ 1092.877295][T13780] ums-freecom 6-1:0.0: USB Mass Storage device detected [ 1092.891440][T21618] EXT4-fs (loop1): Remounting filesystem read-only [ 1093.020792][T21644] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9746'. [ 1093.079613][ T1052] usb 3-1: Using ep0 maxpacket: 8 [ 1093.138030][T14948] usb 6-1: USB disconnect, device number 90 [ 1093.295057][T21665] loop3: detected capacity change from 0 to 8192 [ 1093.343854][T21671] pim6reg1: tun_chr_ioctl cmd 35111 [ 1093.378970][ T1052] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1093.393791][ T1052] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.403145][ T1052] usb 3-1: Product: syz [ 1093.407721][ T1052] usb 3-1: Manufacturer: syz [ 1093.412752][ T1052] usb 3-1: SerialNumber: syz [ 1093.431156][ T1052] usb 3-1: config 0 descriptor?? [ 1093.607989][T21715] loop1: detected capacity change from 0 to 512 [ 1093.636279][T21715] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1093.647958][T21715] EXT4-fs (loop1): 1 truncate cleaned up [ 1093.650280][T21718] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9781'. [ 1093.653483][T21715] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1093.685476][T21718] netlink: 'syz.7.9781': attribute type 8 has an invalid length. [ 1093.692949][ T1052] usb 3-1: USB disconnect, device number 82 [ 1093.822771][T21737] loop5: detected capacity change from 0 to 512 [ 1093.869358][T21737] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities [ 1093.877407][T21740] loop1: detected capacity change from 0 to 512 [ 1093.915256][T21740] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1093.926228][T21740] ext4 filesystem being mounted at /518/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1093.939669][T21740] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.9790: inode #1: comm syz.1.9790: iget: illegal inode # [ 1093.952698][T21740] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.9790: error while reading EA inode 1 err=-117 [ 1093.965384][T21740] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.9790: inode #1: comm syz.1.9790: iget: illegal inode # [ 1093.978789][T21740] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.9790: error while reading EA inode 1 err=-117 [ 1093.985264][T21745] binder: 21744:21745 ioctl c018620c 20000000 returned -22 [ 1094.249436][T21751] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9804'. [ 1094.370331][T21749] loop1: detected capacity change from 0 to 131072 [ 1094.428086][T21749] F2FS-fs (loop1): invalid crc value [ 1094.438784][T21749] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1094.482575][T21749] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 1094.498059][ T30] kauditd_printk_skb: 193 callbacks suppressed [ 1094.498076][ T30] audit: type=1400 audit(2000000053.467:9451): avc: denied { rename } for pid=21748 comm="syz.1.9792" name="file4" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1094.535466][T13780] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1094.565577][ T1052] usb 6-1: new high-speed USB device number 91 using dummy_hcd [ 1094.645283][ T30] audit: type=1400 audit(2000000053.607:9452): avc: denied { write } for pid=21772 comm="syz.7.9803" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1094.673496][T21775] loop3: detected capacity change from 0 to 512 [ 1094.716521][T21777] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9806'. [ 1094.726629][T21775] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 1094.735882][T21775] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 1094.754669][T21779] IPv6: NLM_F_REPLACE set, but no existing node found! [ 1094.779673][T21775] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1094.790131][T13780] usb 3-1: Using ep0 maxpacket: 16 [ 1094.797154][T21775] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 1094.810698][T21775] System zones: 0-1, 15-15, 18-18, 34-34 [ 1094.826559][T21775] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1094.838117][T21775] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 1094.849232][ T30] audit: type=1400 audit(2000000053.804:9453): avc: denied { execute } for pid=21788 comm="syz.7.9810" path="/533/cpu.stat" dev="tmpfs" ino=2767 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1094.854341][T21775] EXT4-fs warning (device loop3): ext4_enable_quotas:6423: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1094.897128][T21775] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 1094.910705][T21775] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.9805: bg 0: block 40: padding at end of block bitmap is not set [ 1094.928938][T21775] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 1094.929108][T13780] usb 3-1: config index 0 descriptor too short (expected 17170, got 18) [ 1094.948245][ T30] audit: type=1400 audit(2000000053.888:9454): avc: denied { create } for pid=21794 comm="syz.1.9813" dev="anon_inodefs" ino=89413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1094.970352][T21775] EXT4-fs (loop3): 1 truncate cleaned up [ 1094.980990][ T30] audit: type=1400 audit(2000000053.916:9455): avc: denied { ioctl } for pid=21794 comm="syz.1.9813" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=89413 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1094.982494][T21775] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsv0,norecovery,norecovery,dioread_lock,,errors=continue. Quota mode: writeback. [ 1095.032901][T13780] usb 3-1: config 0 has too many interfaces: 63, using maximum allowed: 32 [ 1095.036019][ T1052] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1095.041876][T13780] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 63 [ 1095.061303][ T30] audit: type=1400 audit(2000000054.000:9456): avc: denied { execute_no_trans } for pid=21799 comm="syz.1.9815" path="/523/file0" dev="tmpfs" ino=2743 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1095.106483][ T1052] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1095.126731][ T1052] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1095.129100][ T30] audit: type=1400 audit(2000000054.056:9457): avc: denied { read write } for pid=21807 comm="syz.1.9819" name="ppp" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1095.143957][ T1052] usb 6-1: config 0 descriptor?? [ 1095.163133][ T30] audit: type=1400 audit(2000000054.066:9458): avc: denied { open } for pid=21807 comm="syz.1.9819" path="/dev/ppp" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1095.239180][T13780] usb 3-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 1095.248149][T13780] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.256448][T13780] usb 3-1: Product: syz [ 1095.260645][T13780] usb 3-1: Manufacturer: syz [ 1095.265063][T13780] usb 3-1: SerialNumber: syz [ 1095.270228][T13780] usb 3-1: config 0 descriptor?? [ 1095.315349][T13780] ums-freecom 3-1:0.0: USB Mass Storage device detected [ 1095.322657][ T30] audit: type=1326 audit(2000000054.234:9459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21826 comm="syz.3.9828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa01ced29 code=0x7ffc0000 [ 1095.355538][T21831] loop1: detected capacity change from 0 to 512 [ 1095.390784][T21831] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1095.402048][T21831] ext4 filesystem being mounted at /532/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1095.545152][ T26] usb 3-1: USB disconnect, device number 83 [ 1095.593908][T21847] loop3: detected capacity change from 0 to 40427 [ 1095.615026][T21847] F2FS-fs (loop3): invalid crc value [ 1095.621276][T21847] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 1095.645849][T21847] F2FS-fs (loop3): recover fsync data on readonly fs [ 1095.652597][T21847] F2FS-fs (loop3): checkpoint=disable on readonly fs [ 1095.667476][ T1052] keytouch 0003:0926:3333.0023: fixing up Keytouch IEC report descriptor [ 1095.677423][ T1052] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0023/input/input45 [ 1095.766043][ T1052] keytouch 0003:0926:3333.0023: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 1095.803371][T21867] tun0: tun_chr_ioctl cmd 1074025677 [ 1095.809326][T21867] tun0: linktype set to 776 [ 1095.925515][T21883] tipc: Started in network mode [ 1095.930220][T21883] tipc: Node identity ac14140f, cluster identity 4711 [ 1095.937069][T21883] tipc: New replicast peer: 255.255.255.255 [ 1095.943284][T21883] tipc: Enabled bearer , priority 10 [ 1095.991133][T21895] netlink: 8 bytes leftover after parsing attributes in process `syz.7.9857'. [ 1096.019916][ C1] ================================================================== [ 1096.027814][ C1] BUG: KASAN: use-after-free in cpu_map_generic_redirect+0x1a8/0x6d0 [ 1096.035707][ C1] Read of size 8 at addr ffff88810da0cb18 by task syz-executor/287 [ 1096.043431][ C1] [ 1096.045611][ C1] CPU: 1 PID: 287 Comm: syz-executor Tainted: G W 5.15.176-syzkaller-00972-g829d9f138569 #0 [ 1096.056801][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1096.066811][ C1] Call Trace: [ 1096.069940][ C1] [ 1096.072636][ C1] dump_stack_lvl+0x151/0x1c0 [ 1096.077139][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1096.082608][ C1] ? panic+0x760/0x760 [ 1096.086521][ C1] print_address_description+0x87/0x3b0 [ 1096.091890][ C1] kasan_report+0x179/0x1c0 [ 1096.096326][ C1] ? kfree+0xcc/0x270 [ 1096.100136][ C1] ? cpu_map_generic_redirect+0x1a8/0x6d0 [ 1096.105692][ C1] ? cpu_map_generic_redirect+0x1a8/0x6d0 [ 1096.111249][ C1] __asan_report_load8_noabort+0x14/0x20 [ 1096.116720][ C1] cpu_map_generic_redirect+0x1a8/0x6d0 [ 1096.122095][ C1] ? bpf_prog_run_generic_xdp+0x965/0x1070 [ 1096.127736][ C1] ? cpu_map_enqueue+0x370/0x370 [ 1096.132528][ C1] xdp_do_generic_redirect+0x3df/0xb40 [ 1096.137806][ C1] do_xdp_generic+0x50b/0x7c0 [ 1096.142318][ C1] ? kasan_set_track+0x4b/0x70 [ 1096.146917][ C1] ? kasan_set_free_info+0x23/0x40 [ 1096.151955][ C1] ? ____kasan_slab_free+0x126/0x160 [ 1096.157160][ C1] ? generic_xdp_tx+0x490/0x490 [ 1096.161845][ C1] ? handle_softirqs+0x25e/0x5c0 [ 1096.166624][ C1] ? __x64_sys_write+0x7b/0x90 [ 1096.171221][ C1] ? migrate_disable+0xd9/0x190 [ 1096.175912][ C1] __netif_receive_skb_core+0x1706/0x3640 [ 1096.181467][ C1] ? set_rps_cpu+0x5e0/0x5e0 [ 1096.185893][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 1096.191267][ C1] ? __raise_softirq_irqoff+0x1a/0xe0 [ 1096.196563][ C1] ? raise_softirq+0xa6/0x110 [ 1096.201112][ C1] ? __kasan_slab_free+0x11/0x20 [ 1096.205849][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 1096.211233][ C1] __netif_receive_skb+0x11c/0x530 [ 1096.216174][ C1] ? rcu_sched_clock_irq+0x12f0/0x12f0 [ 1096.221467][ C1] ? inode_free_by_rcu+0x1c/0x20 [ 1096.226252][ C1] ? deliver_ptype_list_skb+0x3b0/0x3b0 [ 1096.231638][ C1] ? __kasan_check_write+0x14/0x20 [ 1096.236584][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 1096.241172][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 1096.246385][ C1] process_backlog+0x31c/0x650 [ 1096.250986][ C1] __napi_poll+0xc4/0x5a0 [ 1096.255304][ C1] net_rx_action+0x47d/0xc50 [ 1096.259723][ C1] ? net_tx_action+0x550/0x550 [ 1096.264334][ C1] handle_softirqs+0x25e/0x5c0 [ 1096.268921][ C1] __irq_exit_rcu+0x52/0xf0 [ 1096.273252][ C1] irq_exit_rcu+0x9/0x10 [ 1096.277333][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 1096.282802][ C1] [ 1096.285620][ C1] [ 1096.288357][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1096.294171][ C1] RIP: 0010:pipe_write+0x914/0x1930 [ 1096.299223][ C1] Code: 88 c6 42 8d 04 f5 08 00 00 00 89 03 43 80 3c 27 00 48 8b 9c 24 c8 00 00 00 74 08 48 89 df e8 43 85 f5 ff 48 c7 03 00 00 00 00 00 10 00 00 4c 89 ef 31 f6 48 8b 8c 24 c0 00 00 00 e8 d5 42 a7 [ 1096.318740][ C1] RSP: 0018:ffffc900007bfa60 EFLAGS: 00000246 [ 1096.324639][ C1] RAX: 0000000000000010 RBX: ffff888116034090 RCX: 0000000000000046 [ 1096.332443][ C1] RDX: ffff88810963bb40 RSI: 0000000000000000 RDI: 0000000000000000 [ 1096.340260][ C1] RBP: ffffc900007bfc30 R08: ffffffff81bd4c7e R09: 0000000000000003 [ 1096.348069][ C1] R10: fffff520000f7f3c R11: dffffc0000000001 R12: dffffc0000000000 [ 1096.356311][ C1] R13: ffffea0005338000 R14: 0000000000000001 R15: 1ffff11022c06812 [ 1096.364128][ C1] ? pipe_write+0x8be/0x1930 [ 1096.368563][ C1] ? pipe_read+0x1040/0x1040 [ 1096.372975][ C1] ? selinux_file_permission+0x450/0x570 [ 1096.378442][ C1] ? fsnotify_perm+0x6a/0x5b0 [ 1096.382961][ C1] ? iov_iter_init+0x53/0x190 [ 1096.387470][ C1] vfs_write+0xd5d/0x1110 [ 1096.391645][ C1] ? file_end_write+0x1c0/0x1c0 [ 1096.396334][ C1] ? sigprocmask+0x280/0x280 [ 1096.400803][ C1] ? __kasan_check_read+0x11/0x20 [ 1096.405612][ C1] ? __fdget_pos+0x209/0x3a0 [ 1096.410034][ C1] ksys_write+0x199/0x2c0 [ 1096.414202][ C1] ? __ia32_sys_read+0x90/0x90 [ 1096.418801][ C1] ? debug_smp_processor_id+0x17/0x20 [ 1096.424011][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1096.429997][ C1] __x64_sys_write+0x7b/0x90 [ 1096.434421][ C1] x64_sys_call+0x2f/0x9a0 [ 1096.438694][ C1] do_syscall_64+0x3b/0xb0 [ 1096.443028][ C1] ? clear_bhb_loop+0x35/0x90 [ 1096.447566][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1096.453272][ C1] RIP: 0033:0x7f92273787a0 [ 1096.457517][ C1] Code: 40 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d a1 7d 1c 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 1096.477047][ C1] RSP: 002b:00007ffe0316fd18 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1096.485294][ C1] RAX: ffffffffffffffda RBX: 0000555578d224b0 RCX: 00007f92273787a0 [ 1096.493102][ C1] RDX: 0000000000000030 RSI: 00007ffe0316fd50 RDI: 000000000000000c [ 1096.501001][ C1] RBP: 0000555578d2abe0 R08: 00007ffe031cc080 R09: 00007ffe031cc0b0 [ 1096.508933][ C1] R10: 00000000000305a2 R11: 0000000000000202 R12: 0000000000000001 [ 1096.516740][ C1] R13: 0000000000000008 R14: 00007ffe0316fd30 R15: 0000000000000000 [ 1096.524563][ C1] [ 1096.527424][ C1] [ 1096.529596][ C1] Allocated by task 21055: [ 1096.533840][ C1] ____kasan_kmalloc+0xdb/0x110 [ 1096.538526][ C1] __kasan_kmalloc+0x9/0x10 [ 1096.542863][ C1] __kmalloc+0x13f/0x2c0 [ 1096.546943][ C1] bpf_map_kmalloc_node+0xdb/0x160 [ 1096.551892][ C1] cpu_map_update_elem+0x26c/0xea0 [ 1096.556844][ C1] bpf_map_update_value+0x1a3/0x3c0 [ 1096.561871][ C1] map_update_elem+0x644/0x770 [ 1096.566471][ C1] __sys_bpf+0x405/0x760 [ 1096.570641][ C1] __x64_sys_bpf+0x7c/0x90 [ 1096.574975][ C1] x64_sys_call+0x87f/0x9a0 [ 1096.579320][ C1] do_syscall_64+0x3b/0xb0 [ 1096.583676][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1096.589671][ C1] [ 1096.591847][ C1] Freed by task 21056: [ 1096.595752][ C1] kasan_set_track+0x4b/0x70 [ 1096.600181][ C1] kasan_set_free_info+0x23/0x40 [ 1096.604942][ C1] ____kasan_slab_free+0x126/0x160 [ 1096.609889][ C1] __kasan_slab_free+0x11/0x20 [ 1096.614493][ C1] slab_free_freelist_hook+0xbd/0x190 [ 1096.619801][ C1] kfree+0xcc/0x270 [ 1096.623444][ C1] put_cpu_map_entry+0x6dd/0x750 [ 1096.628216][ C1] cpu_map_kthread_run+0x22d0/0x2390 [ 1096.633353][ C1] kthread+0x421/0x510 [ 1096.637246][ C1] ret_from_fork+0x1f/0x30 [ 1096.641495][ C1] [ 1096.643664][ C1] Last potentially related work creation: [ 1096.649223][ C1] kasan_save_stack+0x3b/0x60 [ 1096.653732][ C1] __kasan_record_aux_stack+0xd3/0xf0 [ 1096.658938][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 1096.664584][ C1] insert_work+0x56/0x320 [ 1096.668745][ C1] __queue_work+0x92a/0xcd0 [ 1096.673087][ C1] queue_work_on+0x105/0x170 [ 1096.677510][ C1] cpu_map_free+0x1e7/0x2c0 [ 1096.681850][ C1] bpf_map_free_deferred+0x10d/0x1e0 [ 1096.686972][ C1] process_one_work+0x6bb/0xc10 [ 1096.691747][ C1] worker_thread+0xad5/0x12a0 [ 1096.696351][ C1] kthread+0x421/0x510 [ 1096.700251][ C1] ret_from_fork+0x1f/0x30 [ 1096.704545][ C1] [ 1096.706675][ C1] Second to last potentially related work creation: [ 1096.713186][ C1] kasan_save_stack+0x3b/0x60 [ 1096.717700][ C1] __kasan_record_aux_stack+0xd3/0xf0 [ 1096.722906][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 1096.728600][ C1] call_rcu+0x123/0x10b0 [ 1096.732736][ C1] cpu_map_free+0x109/0x2c0 [ 1096.737053][ C1] bpf_map_free_deferred+0x10d/0x1e0 [ 1096.742172][ C1] process_one_work+0x6bb/0xc10 [ 1096.746863][ C1] worker_thread+0xad5/0x12a0 [ 1096.751371][ C1] kthread+0x421/0x510 [ 1096.755275][ C1] ret_from_fork+0x1f/0x30 [ 1096.759528][ C1] [ 1096.761697][ C1] The buggy address belongs to the object at ffff88810da0cb00 [ 1096.761697][ C1] which belongs to the cache kmalloc-192 of size 192 [ 1096.775585][ C1] The buggy address is located 24 bytes inside of [ 1096.775585][ C1] 192-byte region [ffff88810da0cb00, ffff88810da0cbc0) [ 1096.788728][ C1] The buggy address belongs to the page: [ 1096.794177][ C1] page:ffffea0004368300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10da0c [ 1096.804241][ C1] flags: 0x4000000000000200(slab|zone=1) [ 1096.809742][ C1] raw: 4000000000000200 ffffea00063d5e80 0000000900000007 ffff888100042c00 [ 1096.818141][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1096.826551][ C1] page dumped because: kasan: bad access detected [ 1096.832807][ C1] page_owner tracks the page as allocated [ 1096.838354][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 101, ts 1068883372722, free_ts 1068831744057 [ 1096.854416][ C1] post_alloc_hook+0x1a3/0x1b0 [ 1096.859007][ C1] prep_new_page+0x1b/0x110 [ 1096.863346][ C1] get_page_from_freelist+0x3550/0x35d0 [ 1096.868728][ C1] __alloc_pages+0x27e/0x8f0 [ 1096.873523][ C1] new_slab+0x9a/0x4e0 [ 1096.877433][ C1] ___slab_alloc+0x39e/0x830 [ 1096.881855][ C1] __slab_alloc+0x4a/0x90 [ 1096.886018][ C1] kmem_cache_alloc_trace+0x147/0x270 [ 1096.891231][ C1] kernfs_fop_open+0x324/0xab0 [ 1096.895828][ C1] do_dentry_open+0x81c/0xfd0 [ 1096.900339][ C1] vfs_open+0x73/0x80 [ 1096.904159][ C1] path_openat+0x26f0/0x2f40 [ 1096.908586][ C1] do_filp_open+0x21c/0x460 [ 1096.912966][ C1] do_sys_openat2+0x13f/0x820 [ 1096.917441][ C1] __x64_sys_openat+0x243/0x290 [ 1096.922127][ C1] x64_sys_call+0x6bf/0x9a0 [ 1096.926496][ C1] page last free stack trace: [ 1096.930994][ C1] free_unref_page_prepare+0x7c8/0x7d0 [ 1096.936268][ C1] free_unref_page+0xe8/0x750 [ 1096.940783][ C1] __free_pages+0x61/0xf0 [ 1096.944950][ C1] free_pages+0x7c/0x90 [ 1096.948941][ C1] tlb_finish_mmu+0x253/0x320 [ 1096.953456][ C1] exit_mmap+0x484/0x990 [ 1096.957539][ C1] __mmput+0x95/0x310 [ 1096.961351][ C1] mmput+0x5b/0x170 [ 1096.964998][ C1] do_exit+0xb9c/0x2ca0 [ 1096.968991][ C1] do_group_exit+0x141/0x310 [ 1096.973417][ C1] get_signal+0x7a3/0x1630 [ 1096.977680][ C1] arch_do_signal_or_restart+0xbd/0x1680 [ 1096.983141][ C1] exit_to_user_mode_loop+0xa0/0xe0 [ 1096.988171][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 1096.993804][ C1] syscall_exit_to_user_mode+0x26/0x160 [ 1096.999124][ C1] do_syscall_64+0x47/0xb0 [ 1097.003379][ C1] [ 1097.005547][ C1] Memory state around the buggy address: [ 1097.011046][ C1] ffff88810da0ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1097.018922][ C1] ffff88810da0ca80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1097.026821][ C1] >ffff88810da0cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1097.034712][ C1] ^ [ 1097.039400][ C1] ffff88810da0cb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1097.047300][ C1] ffff88810da0cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1097.055214][ C1] ================================================================== [ 1097.063184][ C1] Disabling lock debugging due to kernel taint [ 1097.069298][ C1] ================================================================================ [ 1097.078411][ C1] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 [ 1097.086473][ C1] index 16382 is out of range for type 'unsigned long[8]' [ 1097.093448][ C1] CPU: 1 PID: 287 Comm: syz-executor Tainted: G B W 5.15.176-syzkaller-00972-g829d9f138569 #0 [ 1097.104649][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1097.114501][ C1] Call Trace: [ 1097.117623][ C1] [ 1097.120310][ C1] dump_stack_lvl+0x151/0x1c0 [ 1097.124827][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1097.130289][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 1097.131404][T15094] tipc: Node number set to 2886997007 [ 1097.135320][ C1] ? sched_clock+0x9/0x10 [ 1097.135349][ C1] dump_stack+0x15/0x20 [ 1097.148874][ C1] __ubsan_handle_out_of_bounds+0x118/0x140 [ 1097.154602][ C1] __pv_queued_spin_lock_slowpath+0xb9d/0xc40 [ 1097.160514][ C1] ? sysvec_apic_timer_interrupt+0x64/0xc0 [ 1097.166141][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1097.172135][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 1097.178396][ C1] ? kasan_check_range+0x293/0x2a0 [ 1097.183329][ C1] _raw_spin_lock+0x139/0x1b0 [ 1097.187843][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 1097.193053][ C1] ? cpu_map_generic_redirect+0x1a8/0x6d0 [ 1097.198604][ C1] ? cpu_map_generic_redirect+0x1a8/0x6d0 [ 1097.204162][ C1] cpu_map_generic_redirect+0x1d5/0x6d0 [ 1097.209542][ C1] ? bpf_prog_run_generic_xdp+0x965/0x1070 [ 1097.215180][ C1] ? cpu_map_enqueue+0x370/0x370 [ 1097.219955][ C1] xdp_do_generic_redirect+0x3df/0xb40 [ 1097.225256][ C1] do_xdp_generic+0x50b/0x7c0 [ 1097.229756][ C1] ? kasan_set_track+0x4b/0x70 [ 1097.234356][ C1] ? kasan_set_free_info+0x23/0x40 [ 1097.239300][ C1] ? ____kasan_slab_free+0x126/0x160 [ 1097.244431][ C1] ? generic_xdp_tx+0x490/0x490 [ 1097.249109][ C1] ? handle_softirqs+0x25e/0x5c0 [ 1097.253927][ C1] ? __x64_sys_write+0x7b/0x90 [ 1097.258484][ C1] ? migrate_disable+0xd9/0x190 [ 1097.263177][ C1] __netif_receive_skb_core+0x1706/0x3640 [ 1097.268822][ C1] ? set_rps_cpu+0x5e0/0x5e0 [ 1097.273244][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 1097.278640][ C1] ? __raise_softirq_irqoff+0x1a/0xe0 [ 1097.283830][ C1] ? raise_softirq+0xa6/0x110 [ 1097.288353][ C1] ? __kasan_slab_free+0x11/0x20 [ 1097.293117][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 1097.298518][ C1] __netif_receive_skb+0x11c/0x530 [ 1097.303563][ C1] ? rcu_sched_clock_irq+0x12f0/0x12f0 [ 1097.308835][ C1] ? inode_free_by_rcu+0x1c/0x20 [ 1097.313614][ C1] ? deliver_ptype_list_skb+0x3b0/0x3b0 [ 1097.318993][ C1] ? __kasan_check_write+0x14/0x20 [ 1097.323958][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 1097.328540][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 1097.333748][ C1] process_backlog+0x31c/0x650 [ 1097.338352][ C1] __napi_poll+0xc4/0x5a0 [ 1097.342513][ C1] net_rx_action+0x47d/0xc50 [ 1097.346942][ C1] ? net_tx_action+0x550/0x550 [ 1097.351629][ C1] handle_softirqs+0x25e/0x5c0 [ 1097.356404][ C1] __irq_exit_rcu+0x52/0xf0 [ 1097.360739][ C1] irq_exit_rcu+0x9/0x10 [ 1097.364930][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 1097.370388][ C1] [ 1097.373175][ C1] [ 1097.375941][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1097.381758][ C1] RIP: 0010:pipe_write+0x914/0x1930 [ 1097.386878][ C1] Code: 88 c6 42 8d 04 f5 08 00 00 00 89 03 43 80 3c 27 00 48 8b 9c 24 c8 00 00 00 74 08 48 89 df e8 43 85 f5 ff 48 c7 03 00 00 00 00 00 10 00 00 4c 89 ef 31 f6 48 8b 8c 24 c0 00 00 00 e8 d5 42 a7 [ 1097.406408][ C1] RSP: 0018:ffffc900007bfa60 EFLAGS: 00000246 [ 1097.412465][ C1] RAX: 0000000000000010 RBX: ffff888116034090 RCX: 0000000000000046 [ 1097.420256][ C1] RDX: ffff88810963bb40 RSI: 0000000000000000 RDI: 0000000000000000 [ 1097.428070][ C1] RBP: ffffc900007bfc30 R08: ffffffff81bd4c7e R09: 0000000000000003 [ 1097.435880][ C1] R10: fffff520000f7f3c R11: dffffc0000000001 R12: dffffc0000000000 [ 1097.443690][ C1] R13: ffffea0005338000 R14: 0000000000000001 R15: 1ffff11022c06812 [ 1097.451510][ C1] ? pipe_write+0x8be/0x1930 [ 1097.455935][ C1] ? pipe_read+0x1040/0x1040 [ 1097.460489][ C1] ? selinux_file_permission+0x450/0x570 [ 1097.465951][ C1] ? fsnotify_perm+0x6a/0x5b0 [ 1097.470477][ C1] ? iov_iter_init+0x53/0x190 [ 1097.474996][ C1] vfs_write+0xd5d/0x1110 [ 1097.479137][ C1] ? file_end_write+0x1c0/0x1c0 [ 1097.483920][ C1] ? sigprocmask+0x280/0x280 [ 1097.488349][ C1] ? __kasan_check_read+0x11/0x20 [ 1097.493205][ C1] ? __fdget_pos+0x209/0x3a0 [ 1097.494320][T15094] usb 6-1: USB disconnect, device number 91 [ 1097.497719][ C1] ksys_write+0x199/0x2c0 [ 1097.497747][ C1] ? __ia32_sys_read+0x90/0x90 [ 1097.497769][ C1] ? debug_smp_processor_id+0x17/0x20 [ 1097.517417][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1097.523317][ C1] __x64_sys_write+0x7b/0x90 [ 1097.527745][ C1] x64_sys_call+0x2f/0x9a0 [ 1097.531999][ C1] do_syscall_64+0x3b/0xb0 [ 1097.536252][ C1] ? clear_bhb_loop+0x35/0x90 [ 1097.540771][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1097.546491][ C1] RIP: 0033:0x7f92273787a0 [ 1097.550747][ C1] Code: 40 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d a1 7d 1c 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 1097.570181][ C1] RSP: 002b:00007ffe0316fd18 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1097.578427][ C1] RAX: ffffffffffffffda RBX: 0000555578d224b0 RCX: 00007f92273787a0 [ 1097.586236][ C1] RDX: 0000000000000030 RSI: 00007ffe0316fd50 RDI: 000000000000000c [ 1097.594047][ C1] RBP: 0000555578d2abe0 R08: 00007ffe031cc080 R09: 00007ffe031cc0b0 [ 1097.601862][ C1] R10: 00000000000305a2 R11: 0000000000000202 R12: 0000000000000001 [ 1097.609678][ C1] R13: 0000000000000008 R14: 00007ffe0316fd30 R15: 0000000000000000 [ 1097.617500][ C1] [ 1097.620393][ C1] ================================================================================ [ 1097.629557][ C1] general protection fault, probably for non-canonical address 0xe010f4fb9f81ff65: 0000 [#1] PREEMPT SMP KASAN [ 1097.641008][ C1] KASAN: maybe wild-memory-access in range [0x0087c7dcfc0ffb28-0x0087c7dcfc0ffb2f] [ 1097.650120][ C1] CPU: 1 PID: 287 Comm: syz-executor Tainted: G B W 5.15.176-syzkaller-00972-g829d9f138569 #0 [ 1097.661312][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1097.671210][ C1] RIP: 0010:__pv_queued_spin_lock_slowpath+0x2f3/0xc40 [ 1097.677893][ C1] Code: 74 1e 48 89 4c 24 10 48 8b 7c 24 10 e8 86 98 5d 00 48 8b 4c 24 10 48 ba 00 00 00 00 00 fc ff df 4c 03 21 4c 89 e0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 e7 e8 ff 98 5d 00 48 ba 00 00 00 00 00 fc [ 1097.697338][ C1] RSP: 0018:ffffc900001d05a0 EFLAGS: 00010206 [ 1097.703239][ C1] RAX: 0010f8fb9f81ff65 RBX: ffff8881f7138ad4 RCX: ffffffff86285820 [ 1097.711254][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 1097.719058][ C1] RBP: ffffc900001d0690 R08: ffffffff8141a99b R09: 0000000000000003 [ 1097.726871][ C1] R10: fffffbfff0e9a84c R11: dffffc0000000001 R12: 0087c7dcfc0ffb29 [ 1097.734678][ C1] R13: 1ffff11021b41940 R14: 1ffff1103ee27159 R15: ffff88810da0ca04 [ 1097.742493][ C1] FS: 0000555578d0e500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1097.751261][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1097.757677][ C1] CR2: 0000001b2fb1fffc CR3: 000000011ce14000 CR4: 00000000003506a0 [ 1097.765489][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1097.773299][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1097.781114][ C1] Call Trace: [ 1097.784235][ C1] [ 1097.786929][ C1] ? __die_body+0x62/0xb0 [ 1097.791091][ C1] ? die_addr+0x9f/0xd0 [ 1097.795085][ C1] ? exc_general_protection+0x311/0x4b0 [ 1097.800471][ C1] ? asm_exc_general_protection+0x27/0x30 [ 1097.806019][ C1] ? check_panic_on_warn+0x5b/0xb0 [ 1097.811112][ C1] ? __pv_queued_spin_lock_slowpath+0x2f3/0xc40 [ 1097.817190][ C1] ? sysvec_apic_timer_interrupt+0x64/0xc0 [ 1097.822822][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1097.828810][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 1097.835059][ C1] ? kasan_check_range+0x293/0x2a0 [ 1097.840230][ C1] _raw_spin_lock+0x139/0x1b0 [ 1097.844731][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 1097.849958][ C1] ? cpu_map_generic_redirect+0x1a8/0x6d0 [ 1097.855500][ C1] ? cpu_map_generic_redirect+0x1a8/0x6d0 [ 1097.861051][ C1] cpu_map_generic_redirect+0x1d5/0x6d0 [ 1097.866440][ C1] ? bpf_prog_run_generic_xdp+0x965/0x1070 [ 1097.872072][ C1] ? cpu_map_enqueue+0x370/0x370 [ 1097.876846][ C1] xdp_do_generic_redirect+0x3df/0xb40 [ 1097.882140][ C1] do_xdp_generic+0x50b/0x7c0 [ 1097.886753][ C1] ? kasan_set_track+0x4b/0x70 [ 1097.891341][ C1] ? kasan_set_free_info+0x23/0x40 [ 1097.896291][ C1] ? ____kasan_slab_free+0x126/0x160 [ 1097.901453][ C1] ? generic_xdp_tx+0x490/0x490 [ 1097.906136][ C1] ? handle_softirqs+0x25e/0x5c0 [ 1097.910905][ C1] ? __x64_sys_write+0x7b/0x90 [ 1097.915468][ C1] ? migrate_disable+0xd9/0x190 [ 1097.920153][ C1] __netif_receive_skb_core+0x1706/0x3640 [ 1097.925712][ C1] ? set_rps_cpu+0x5e0/0x5e0 [ 1097.930134][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 1097.935515][ C1] ? __raise_softirq_irqoff+0x1a/0xe0 [ 1097.940722][ C1] ? raise_softirq+0xa6/0x110 [ 1097.945324][ C1] ? __kasan_slab_free+0x11/0x20 [ 1097.950094][ C1] ? slab_free_freelist_hook+0xbd/0x190 [ 1097.955478][ C1] __netif_receive_skb+0x11c/0x530 [ 1097.960422][ C1] ? rcu_sched_clock_irq+0x12f0/0x12f0 [ 1097.965716][ C1] ? inode_free_by_rcu+0x1c/0x20 [ 1097.970492][ C1] ? deliver_ptype_list_skb+0x3b0/0x3b0 [ 1097.975874][ C1] ? __kasan_check_write+0x14/0x20 [ 1097.980934][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 1097.985530][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 1097.990733][ C1] process_backlog+0x31c/0x650 [ 1097.995340][ C1] __napi_poll+0xc4/0x5a0 [ 1097.999506][ C1] net_rx_action+0x47d/0xc50 [ 1098.003924][ C1] ? net_tx_action+0x550/0x550 [ 1098.008557][ C1] handle_softirqs+0x25e/0x5c0 [ 1098.013128][ C1] __irq_exit_rcu+0x52/0xf0 [ 1098.017465][ C1] irq_exit_rcu+0x9/0x10 [ 1098.021542][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 1098.027008][ C1] [ 1098.029784][ C1] [ 1098.032562][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1098.038422][ C1] RIP: 0010:pipe_write+0x914/0x1930 [ 1098.043411][ C1] Code: 88 c6 42 8d 04 f5 08 00 00 00 89 03 43 80 3c 27 00 48 8b 9c 24 c8 00 00 00 74 08 48 89 df e8 43 85 f5 ff 48 c7 03 00 00 00 00 00 10 00 00 4c 89 ef 31 f6 48 8b 8c 24 c0 00 00 00 e8 d5 42 a7 [ 1098.062855][ C1] RSP: 0018:ffffc900007bfa60 EFLAGS: 00000246 [ 1098.068754][ C1] RAX: 0000000000000010 RBX: ffff888116034090 RCX: 0000000000000046 [ 1098.076572][ C1] RDX: ffff88810963bb40 RSI: 0000000000000000 RDI: 0000000000000000 [ 1098.084384][ C1] RBP: ffffc900007bfc30 R08: ffffffff81bd4c7e R09: 0000000000000003 [ 1098.092186][ C1] R10: fffff520000f7f3c R11: dffffc0000000001 R12: dffffc0000000000 [ 1098.099997][ C1] R13: ffffea0005338000 R14: 0000000000000001 R15: 1ffff11022c06812 [ 1098.107813][ C1] ? pipe_write+0x8be/0x1930 [ 1098.112243][ C1] ? pipe_read+0x1040/0x1040 [ 1098.116669][ C1] ? selinux_file_permission+0x450/0x570 [ 1098.122128][ C1] ? fsnotify_perm+0x6a/0x5b0 [ 1098.126651][ C1] ? iov_iter_init+0x53/0x190 [ 1098.131160][ C1] vfs_write+0xd5d/0x1110 [ 1098.135326][ C1] ? file_end_write+0x1c0/0x1c0 [ 1098.140012][ C1] ? sigprocmask+0x280/0x280 [ 1098.144441][ C1] ? __kasan_check_read+0x11/0x20 [ 1098.149294][ C1] ? __fdget_pos+0x209/0x3a0 [ 1098.153728][ C1] ksys_write+0x199/0x2c0 [ 1098.157897][ C1] ? __ia32_sys_read+0x90/0x90 [ 1098.162490][ C1] ? debug_smp_processor_id+0x17/0x20 [ 1098.167698][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1098.173599][ C1] __x64_sys_write+0x7b/0x90 [ 1098.178078][ C1] x64_sys_call+0x2f/0x9a0 [ 1098.182277][ C1] do_syscall_64+0x3b/0xb0 [ 1098.186529][ C1] ? clear_bhb_loop+0x35/0x90 [ 1098.191040][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1098.199322][ C1] RIP: 0033:0x7f92273787a0 [ 1098.203572][ C1] Code: 40 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d a1 7d 1c 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ 1098.223010][ C1] RSP: 002b:00007ffe0316fd18 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1098.231249][ C1] RAX: ffffffffffffffda RBX: 0000555578d224b0 RCX: 00007f92273787a0 [ 1098.239205][ C1] RDX: 0000000000000030 RSI: 00007ffe0316fd50 RDI: 000000000000000c [ 1098.247016][ C1] RBP: 0000555578d2abe0 R08: 00007ffe031cc080 R09: 00007ffe031cc0b0 [ 1098.254826][ C1] R10: 00000000000305a2 R11: 0000000000000202 R12: 0000000000000001 [ 1098.262810][ C1] R13: 0000000000000008 R14: 00007ffe0316fd30 R15: 0000000000000000 [ 1098.270630][ C1] [ 1098.273488][ C1] Modules linked in: [ 1098.277264][ C1] ---[ end trace e0c4c4cb24b8e90d ]--- [ 1098.282520][ C1] RIP: 0010:__pv_queued_spin_lock_slowpath+0x2f3/0xc40 [ 1098.289231][ C1] Code: 74 1e 48 89 4c 24 10 48 8b 7c 24 10 e8 86 98 5d 00 48 8b 4c 24 10 48 ba 00 00 00 00 00 fc ff df 4c 03 21 4c 89 e0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 e7 e8 ff 98 5d 00 48 ba 00 00 00 00 00 fc [ 1098.308896][ C1] RSP: 0018:ffffc900001d05a0 EFLAGS: 00010206 [ 1098.314854][ C1] RAX: 0010f8fb9f81ff65 RBX: ffff8881f7138ad4 RCX: ffffffff86285820 [ 1098.322817][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 1098.330614][ C1] RBP: ffffc900001d0690 R08: ffffffff8141a99b R09: 0000000000000003 [ 1098.338400][ C1] R10: fffffbfff0e9a84c R11: dffffc0000000001 R12: 0087c7dcfc0ffb29 [ 1098.346244][ C1] R13: 1ffff11021b41940 R14: 1ffff1103ee27159 R15: ffff88810da0ca04 [ 1098.354048][ C1] FS: 0000555578d0e500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1098.362826][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1098.369208][ C1] CR2: 0000001b2fb1fffc CR3: 000000011ce14000 CR4: 00000000003506a0 [ 1098.377056][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1098.384865][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1098.392654][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 1098.400020][ C1] Kernel Offset: disabled [ 1098.404156][ C1] Rebooting in 86400 seconds..