last executing test programs: 42.716385267s ago: executing program 0 (id=81): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xff72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 42.619164358s ago: executing program 0 (id=85): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='kfree\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}}, 0x0) 42.600742578s ago: executing program 0 (id=86): r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r2}, 0x18) vmsplice(r0, 0x0, 0x0, 0x8) 42.579718808s ago: executing program 0 (id=87): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}}) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x1304825, &(0x7f0000000140)='usrjquota=') 42.423359749s ago: executing program 0 (id=89): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 42.233434251s ago: executing program 0 (id=92): unshare(0x22060600) r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="11"], 0x11) 42.225559621s ago: executing program 32 (id=92): unshare(0x22060600) r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="11"], 0x11) 37.294980349s ago: executing program 5 (id=212): io_setup(0x1, &(0x7f00000004c0)=0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)) r2 = syz_open_pts(r1, 0x60c40) io_submit(r0, 0x1, &(0x7f0000001600)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x6, r2, 0x0, 0x0, 0x8f}]) 37.163561831s ago: executing program 5 (id=217): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) accept4(r0, 0x0, 0x0, 0x0) 36.561506705s ago: executing program 5 (id=237): r0 = socket$inet(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) r1 = socket$inet(0x2, 0x2, 0x1) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000380), 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) 36.499534686s ago: executing program 5 (id=240): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x8000, &(0x7f0000000480)={[{@dmask={'dmask', 0x3d, 0x5}}, {@keep_last_dots}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@utf8}, {@dmask={'dmask', 0x3d, 0x2}}, {@dmask={'dmask', 0x3d, 0x8}}, {@umask={'umask', 0x3d, 0x7}}, {@iocharset={'iocharset', 0x3d, 'default'}}, {@keep_last_dots}, {@sys_tz}]}, 0x1, 0x1548, &(0x7f0000001900)="$eJzs3AuYTdX7OPD3XWvtMSSdJrkMa613c5LLMkmSS5JckiRJktwSkib5SkJiyC1pSEJyGZLLEJLLxKRxv98vCU2SJklCckvW/1H8fftVv++lvl/P85v38zz7sd6z9rv22vOeM2fvdZz5psvQmo1rVWtIRPCn4C//JAFALAAMBIBrACAAgHJx5eIu9OeUmPTnDsL+Wg+lXukZsCuJ65+9cf2zN65/9sb1z964/tkb1z974/pnb1x/xrKzzdMLXstb9t14/T874/f//0OySo/9Ym3p67sCxPyzKVz/7I3r/39W8M/sxPXP3rj+2VXslZ4A+yvN/vfS+PWfHeT4wx6uf/bG9WcsO/t5HTgnXPF16Cu1QSR7fwZypZ9/jDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcayh9P+MgUAl9pXel6MMcYYY4wxxhj76/gcV3oGjDHGGGOMMcYY+89DECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+W/lvwA94EXoCb0gCXpDH3gJ+kI/6A8DYCC8DIPgFRgMr0IyDIGh8BoMg9dhOLwBI2AkjII3YTS8BWNgLIyD8ZACE2AivA2T4B2YDFNgKkyDVJgOM+BdmAmzYDa8B3PgfZgL82A+LIA0+AAWwiJIhw9hMXwEGbAElsIyWA4rYCWsgtWwBtbCuh/7wgbYCJtgM2yBrbANtsMO2Akfwy74BHbDntfnAUAmfPZH+bD+d/NPXcqHvfApZEJXBAQUKFChwhiMwViMxVyYC3NjbsyDeTCCEYzDOMyLeTEf5sMCWADjMR4LY2E0aJCQsAgWwShGsRgWw+JYHEtiSXToMAETsAzejGWxLJbDclgey2MFrIgVsTJWxipYBatiVayG1bA6VseaWBPvxruxN9bBOlgX62I9rHdpeQobYkNshI2wMTbGJtgEm2JTbI7NsSW2xFbYCltja2yLbbEdtsP22B4TMRE7YAfsiB2xE3bCztgZu2AX7IrdsFvWCzkAX8QXsRdWF72xD/bBvpicoz8OwAH4Mg7CV/AVfBWTcQgOxdfwNXwdh+NJHIEjcRSOwiriLRyDY5HEeEzBFJyIE3ESTsLJOAWn4DRMxek4A2fgTJyFs/A9nIPv4/s4D+fhAkzDNFyIizAd03ExnsIMXIJLcRkuxxW4HFfhalyFa3EdrsUNuAE34SbcgltwG27DHbgDP0YFgJ/gHtyDyZiJmbgP9+F+3I8H8ABmYRYexIN4CA/hYTyMR/AIHsVjeByP4Qk8gSfxFJ7G03gWz+I5fC7+q0Yfl1iTDOICJZSIETEiVsSKXCKXyC1yizwij4iIiIgTcSKvyCvyiXyigCgg4kW8KCwKCyOMIBHGAICIiqgoJoqJ4qK4KClKCiecSBAJoowoI8qKsqKcuFWUF7eJCqKiaOMqi8qiimjrqoo7RTVRTVQXNURNUUvUErVFbVFH1BF1RV1RT9QT9cUDooHojf3xIXGhMo3FEGwihmJT0UzIi7/BWonh2Fq0EW3FE2IkjsD2opVLFE+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo7XqKXmIy9hZ9xDTsK/qJ/mKAmIk1xHs4J2dN8apIFkPEUPGaWICvi+HiDTFCjBSjxJtitHhLjBFjxTgxXqSICWKieFtMEu+IyWKKmCqmiVQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJNfCAWikUiXXwoFouPRIZYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lORKT4T+8TnYr/4QhwQX4os8ZU4KL4Wh8Q34rD4VhwR34mj4pg4Lr4XJ8QP4qQ4JU6LM+Ks+FGcEz+J88ILkCiFlFLJQMbIHDJW5pS55FUytwwu/nSvlXHyOplXXi/zyfyygCwo42UhWVhqaaSVJENZRBaVUXmDLCZvlMVlCVlSlpJOlpYJ8iZZRt4sy8pbZDl5qywvb5MVZEVZSVaWt8sq8g4JkV+OUV3WkDVlLXm3TIJ7ZB15r6wr75P15P2yvnxANpAPyobyIdlIPiwby0dkE/mobCqbyeayhWwpH5Ot5OOytWwj28onZDv5pGwvn5KJ8mnZQfqLT5FnZWf5nOwin5ddZTfZXf4kz0sve8peEnqD7CNfkn1lP9lfDpAD5ctykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZTpFT5TSZKqfL/hdHmi3lP8x/+3fyB/989E1ys9wit8ptcrvcIXfKj+UuuUvulrvlXrlXZspMuU/uk/vlfnlAHpBZMkselAflIXlIHpaH5RF5RB6Vx+QZ+b08IX+QJ+UpeUqekWflWXnu4s8AFCqhpFIqUDEqh4pVOVUudZXKra5WedQ1KqKuVXHqOpVXXa/yqfyqgCqo4lUhVVhpZZRVpEJVRBVVUXUDXnzCqJKqlHKqtEpQN/0r+aqYulEVVyV+lX9pfkl/ML+WqqVqpVqp1qq1aqvaqnaqnWqv2qtElag6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKkklqT7qJdVX9VP91QA1UL2sBqlBarAarJJVshqqhqphapgaroarEWqEGqVGqdFqtBqjxqhxapxKUSlqopqoJqlJarKarKaqqSpVpaoZaoaaqWaq2Wq2mqPmqLlqrpqv5qs0laYWqoUqXaWrxWqxylBL1BK1TC1TK9QKtUqtUmvUGrVOrVMb1AaVoTarzWqr2qq2q+1qp9qpdqldarfarfaqvSpTZap9ap/ar/arA+qAylJZ6qA6qA6pQ+qwOqyOqCPqqDqqjqvj6oQ6oU6qk+q0Oq3OqrPqnDqnzqvzFy77AhGIQAUqiAligtggNsgV5ApyB7mDPEGeIBJEgrggLsgbXB/kC/IHBYKCQXxQKCgc6MAENhAXix4NbgiKBTcGxYMSQcmgVOCC0kFCzMXO4JagXHBrUD64LagQVAwqBZWD24MqwR1B1eDOoFpwV1A9qBHUDGoFdwe1g3uCOsG9Qd3gvqBecH9QP3ggaBA8GDQMHgoaBQ8HjYNHgibBo0HToFnQPGgRtAxuDsr+ZeN7fzL/466n7qWTdG/dR7+k++p+ur8eoAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erKeoqfqaTpVT9cz9Lt6pp6lZ+v39Bz9vp6r5+n5eoFO0x/ohXqRTtcf6sX6I52hl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q536J36Y71Lf6J36z16r/5UZ+rP9D79ud6vv9AH9Jc6S3+lD+qv9SH9jT6sv9VH9Hf6qD6mj+vv9Qn9gz6pT+nT+ow+q3/U5/RP+rz2Fy7uL7y9G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emr8lr8pl8poApYOJNvClsCpsLyJApYoqYqImaYqaYKW6Km5KmpHHGmQSTYMqYMqasKWvKmXKmvClvKpgKppKpZG43t5s7zB3mTnOnucvcZWqYGqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqapqa5aW5ampamlWllWpvWpq1pa9qZdqa9aW8STaLpYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6miSTZPqYPqav6Wv6m/5moBloBplBZrAZbJJNshlqhpphZpgZboabEWakGXXhQtW8ZcaYsWacGW9STIqZaCaaSWaSmWwmm6lmqkk1qWaGmWFmmplmtplt5pg5Zq6Za+ab+SbNpJmFZqFJN+lmsVlsMkyGWWqWmuVmuVlpVprVZrVZa9aa9bDebDQbzWaz2Ww1W812s93sNDvNLrPL7Da7zV6z12SaTLPP7DP7zX5zwBwwWSbLHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81Zk//i+6U3sTanzWWvsrnt1TaPvcb+z7iALWjjbSFb2Gqbz+b/VWystcVtCVvSlrLOlrYJ9qbfxBVsRVvJVra32yr2Dlv1N3Fte4+tY++1de19tpa9+1dxPXu/rW8fsQ0QAWwz28i2sI3tI7aJfdQ2tc1sc9vCtrNP2vb2KZton7Yd7DO/iRfaRXa1XWPX2nV2t91jT9sz9pD9xp61P9qetpcdaF+2g+wrdrB91SbbIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk210+0M+66daWf9Jk6zH9g5Nt3OtfPsfLvg5/jCnNLth3ax/chm2ACW2mV2uV1hV9pV/3+uy+wGu9FusrvsJ3ar3Wa32x1256ULYbvH7rWf2kz7mT1ov7b77Rf2gD1ss+xXP8cXzu+w/dYesd/Zo/aYPW6/tyfsD+pS9oVz/97+ZM9bb4GQgCQpCiiGclAs5aRcdBXlpqspD11DEbqW4ug6ykvXUz7KTwWoIMVTISpMmgxZIgqpCBWlKN1Al6ZXkkqRo9KUQDdRGbqZytItVI5upfJ0G1WgilSJKtPtVIXuoKp0J1Wju6g61aCaVIvuptp0D9Whe6ku3Uf16H6qTw9QA3qQGtJD1Igepsb0CDWhR6kpNaPm1IJa0mPUih6n1tSG2tIT1I6epPb0FCXS09SBnqGO9DfqRM9SZ3qOutDz1JW6UXd6gXrQi9STelES9aY+9BL1pX7UnwbQQHqZBtErNJhepWQaQkPpNRpGr9NweoNG0EgaRW/SaHqLxtBYGkfjKYUm0ER6mybROzSZptBUmkapNJ1m0Ls0k2bRbHqP5tD7NJfm0XxaQGn0AS2kRZROH9Ji+ogyaAktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO+ph20Se0m/bQXvqUMukz2kef0376gg7Ql5RFX9FB+poO0Td0mL71veg7OkrH6Dh9TyfoBzpJp+g0naGz9COdo5/oPHmCEEMRylCFQRgT5ghjw5xhrvCqMHd4dZgnvCaMhNeGceF1Yd7w+jBfmD8sEBYM48NCYeFQhya0IYVhWCQsGkbDG8Ji4Y1h8bBEWDIsFbqwdJgQ3hSWCW8Oy4a3hOXCW8Py4W1hhbBi+Mh9lcPbwyrhHWHV8M6wWnhXWD2sEdYMa4V3h7XDe8I64b1h3fC+sGx4f1g/fCBsED4YNgwfChuFD4eNw0fCJuGjYdOwWdg8bBG2DB8LW4WPh63DNmHb8ImwXfhk2D58KkwMnw47hM/83H//oj/uTwp7h33Cl8KXQu/vlfOjC6Jp0Q+iC6OLounRD6OLox9FM6JLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohujm6Le18oBDp1w0ikXuBiXw8W6nC6Xu8rldle7PO4aF3HXujh3ncvrrnf5XH5XwBV08a6QK+y0M846cqEr4oq6qLvBFXM3uuKuhCvpSjnnSrsE18K1dC1dK/e4a+3auLbuCfeEe9I96Z5yT7mnXQf3jOvo/uY6uWddZ/ece84977q6bq67e8H1cBPy/PKaTHJ9XB/X1/V1/V1/N9ANdIPcIDfYDXbJLtkNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOpbgUN9FNdJPcJDfZTXZT3VSX6lLdDDfDzXQzXZVZvxxlrpvr5rv5Ls2luYXuwjVjulvsFrsMl+GWuqVuuVvuVrqVbrVb7da6tW69W+82uo1us9vstrqtbrvb7na6nW6X2+V2+2t+GdRlun1un9vv9rsD7kuX5b5yB93X7pD7xh1237oj7jt31B1zx9337oT7wZ10p9xpd8addT+6c+4nd955lxKZEJkYeTsyKfJOZHJkSmRqZFokNTI9MiPybmRmZFZkduS9yJzI+5G5kXmR+ZEFkbTIB5GFkUWR9MiHkcWRjyIZkSWRpZFlkeWRFRHvC20NfRFf1Ef9Db6Yv9EX9yV8SV/KO1/aJ/ibfBl/sy/rb/Hl/K2+vL/NV/AVfSX/qG/qm/nmvoVv6R/zrfzjvrVv49v6J3w7/6Rv75/yif5p38E/4zv6v/lO/lnf2T/nu/jnfVffzXf3L/ge/kXf0/fySb637+Nf8n19P9/fD/AD/ct+kH/FD/av+mQ/xA/1r/lh/nU/3L/hR/iRflTMm370pVtkGO9T/AQ/0b/tJ/l3/GQ/xU/103yqn+5n+Hf9TD/Lz/bv+Tn+fT/Xz/Pz/QKf5j/wC/0in+4/9Iv9Rz7DL7m0qOxX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u9/hd/qP/S7/id/t9/i9/lOf6T/z+/znfr//wh/wX/os/5U/6L/2h/w3/rD/1h/x3/mj/pg/7r/3J/wP/qQ/5U/7M/6s/9Gf8z/58/ydNcYYY4yxf8qEy03x655flvN7/06O+Lud+wDA1dsKZv19/4UryvX5fmn3E/HtIgDwdK8uD13aqldPSkq6uG+GhKDoPIBLnwRd8POy8cV4CbSFJyER2kCZ351/P9HtLP2D8aO3AuT6u5xYuBxfHv9zAEz6nfEfe2LUwvLh6bj/Zfx5AMWLXs7JCZfjJdD25/WVNlD2D+afv9U/mH/OL1IAWv9dTm64HF+efwI8Ds9A4q/2ZIwxxhhjjDHGftFPVOp06f7z0v/4/L3783h1OScHXI7/0f05Y4wxxhhjjDHGrrxnu3V/6rFL39x7LDGxTaefH/lnGlX/lZ3/9UYT+E+NzI3fbXgPcOkRBQB/ckCACw353zyLLf+VYyVffLX8z67lZ3wA3Ytd/NLjX3fQ2D9fi3+ncaV+IzHGGGOMMcb+Uy5f9P/6cXWlJsQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVD/40/J3alz5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi70v5fAAAA//8XnvpB") setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 36.290781927s ago: executing program 5 (id=246): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000880)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={r2, 0x20, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000f80)=""/4096, 0x1000}}, 0x10) 36.172896478s ago: executing program 5 (id=251): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0xff, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r1, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) 36.064341459s ago: executing program 33 (id=251): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0xff, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r1, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) 28.27234631s ago: executing program 1 (id=403): bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@cgroup, 0x2c, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000002c0)=ANY=[@ANYRES32=r0], 0x20) 28.23318563s ago: executing program 1 (id=406): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000000), &(0x7f00000003c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 28.2190518s ago: executing program 1 (id=407): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000060000000000000000000000850000009e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 28.19531808s ago: executing program 1 (id=408): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000001080), 0x1, 0x4f7, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBre9LAekBVagDRIHo/GPbHZjJ2HXsVX785FGM2/eeL7vrTXveb9J/AIYW1cj4iAirkTEexEx1z6ftLd4q7Vl1z24f3v16P7t1SQajXf/kTTrs3Nx4jWZZ9v3nI6I738n4kfJ6bi1vf3NlXK5tNMuF+qV7UJtb//GRmVlvbRe2ioWlxaXFt64+Xqxb319ufKbe9/eePsHH//uS3f/dPDNn2TNmm3XnexHP7W6njuOk5mMiLcvI9gQTLT7c2XYDeGJpBHxmYh4pfn8z8VE8928mC6PNQDwKdBozEVj7mQZABh1aTMHlqT5di5gNtI0n2/l8F6MmbRcrdWv36rubq21cmXzkUtvbZRLC+1c4Xzkkqy8+GF2/LBcjEfLNyPihYj46dQzzXJ+9eJ5BgCgv559bP7/91Rr/gcARtz0eRcsD6YdAMDgnDv/AwAjx/wPAOPH/A8A48f8DwDjx/wPAOPmTmf+nxh2SwCAgfjeO+9kW+Oo/f3Xa+/v7W5W37+xVqpt5iu7q/nV6s52fr1aXS+X8qvVynn3K1er24uvxe4HhXqpVi/U9vaXK9Xdrfpy83u9l0u5gfQKADjLCy9/8pckIg7efKa5xYm1HMzVMNrSYTcAGBo5fxhfvoUbxpf/4wPnreXZ81eEP3qCYI0Pn+BFQL9d+7z8P4wr+X8YX/L/ML7k/2F8NRpJrzX/0+NLAICRIscPDPTn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiZpvb/IlymubzEc9FxHzkklsb5dJCRDwfEX+eyk1l5cWhthgAeHrp35L2+l/X5l6dfbz2SvKfqeY+In7883d/9sFKvb6zmJ3/5/H5+kft88VhtB8AOE9nnu7M4x0P7t9e7WyDbM+9b7UWF83iHrW3Vs1kTGa7P05HLiJm/pW0ym3Z55WJPsQ/OIyIz3Xrf9LMjcy3Vz59PH4W+7mBxk8fiZ8261r77N/is6fuPNUz5nlrvcK4+CQbf97q9vylcbW5n+66+PF0c4R6ep3x7+jU+Nd53qebY0238e/qRWO89vvv9qw7jPjCZLf4yXH8pEf8Vy8Y/84Xv/xKr7rGLyOuRff4J2MV6pXtQm1v/8ZGZWW9tF7aKhaXFpcW3rj5erHQzFEXOpnq0/7+5vXne/b/1xEzPeJPn9P/r53Z68bxAPyr/773w6/0in8Y8Y2vdn//XzwjfjYnfv3M+A+tzPy25/LdWfy1Vv8P/9/3//oF49/96/7aBS8FAAagtre/uVIul3b6epCLPt/wxEFySW12MOIH2efxp73PS+2UWddr/vCLj1/KKofe074cDHlgAi7dw4d+2C0BAAAAAAAAAAAAAAB6ufQ/J0qH3UMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG2f8CAAD//zwQyy8=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x81012, r0, 0x0) 28.097154351s ago: executing program 1 (id=412): mknod$loop(&(0x7f0000000d00)='./file0\x00', 0x0, 0x1) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x80, &(0x7f0000002240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 27.931133482s ago: executing program 1 (id=415): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) fstatfs(0xffffffffffffffff, 0x0) 27.853831853s ago: executing program 34 (id=415): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) fstatfs(0xffffffffffffffff, 0x0) 9.713524645s ago: executing program 2 (id=840): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000380)="618264", 0x3, 0x48c3, 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xf) 9.649390185s ago: executing program 2 (id=842): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) fstatfs(0xffffffffffffffff, 0x0) 9.561985815s ago: executing program 2 (id=843): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740"], 0x64}}, 0x0) 9.532854046s ago: executing program 2 (id=845): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk") mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x1c0) getdents(r0, 0xfffffffffffffffd, 0x58) 9.125765919s ago: executing program 2 (id=858): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x6dc1, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x80, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x2022, 0x0) 8.94522628s ago: executing program 2 (id=865): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000400000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) 8.9451012s ago: executing program 35 (id=865): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000400000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) 1.24387906s ago: executing program 7 (id=1141): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x18, r2, 0x309, 0x0, 0x0, {0x21}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0xf000000}, 0x0) 1.224141s ago: executing program 7 (id=1143): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0xe, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000b40), &(0x7f0000000180)=@tcp=r1}, 0x20) recvfrom$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 1.204664511s ago: executing program 7 (id=1144): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0x0, 0x3000}) r1 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r1, &(0x7f000000e0c0)=[{{0x0, 0x0, 0x0}, 0x101}], 0x1, 0x2, 0x0) io_uring_enter(r0, 0x0, 0xcbffffff, 0xf, &(0x7f0000000000), 0x18) 1.141948581s ago: executing program 3 (id=1148): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.100870661s ago: executing program 3 (id=1151): syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x1208000, 0x0, 0x1, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=']) 1.078199641s ago: executing program 3 (id=1152): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0xaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) io_setup(0x4, &(0x7f00000014c0)) 994.371432ms ago: executing program 3 (id=1153): prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0) setuid(0xee01) r0 = socket(0x1e, 0x4, 0x0) recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) setresuid(0xee01, 0xee01, 0x0) 626.108735ms ago: executing program 4 (id=1158): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x100) 625.947575ms ago: executing program 4 (id=1159): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000002c0)={r1, 0x11, 0x6, @random="08d32bfb45c9"}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}, 0x10) 625.686715ms ago: executing program 4 (id=1160): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000001200)={@local, @empty, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x1, 0x19, 0x3c, 0x64, 0x0, 0x9, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}}, @payload_named={{{{{0x28, 0x0, 0x1, 0x0, 0x1, 0xa, 0x2, 0x2, 0x3, 0x0, 0x1, 0xe, 0x1, 0x2, 0x0, 0x1, 0x3, 0x4e22, 0x4e23}, 0x1, 0x2}, 0x2, 0x4}}}}}}}, 0x0) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x2000) 587.795765ms ago: executing program 4 (id=1161): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x4e24, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=@updpolicy={0xc4, 0x19, 0x1, 0x70bd26, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffb}}, [@mark={0xc, 0x15, {0x35075b, 0xffff}}]}, 0xc4}}, 0x10) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb8}}, 0x0) 525.414486ms ago: executing program 4 (id=1162): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) ustat(0x4, &(0x7f0000000180)) 525.236006ms ago: executing program 4 (id=1163): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x27, 0x2, 0x4a1dd8c1, 0xfffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}}, 0x50) getxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000002140)=@known='system.posix_acl_default\x00', 0x0, 0x0) 477.311926ms ago: executing program 8 (id=1164): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007110b3000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 466.041266ms ago: executing program 8 (id=1165): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x80) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x93) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0x7f) 452.608096ms ago: executing program 8 (id=1166): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f00000017c0)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0xc) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) pwritev2(r1, 0x0, 0x0, 0x5405, 0x0, 0x0) 442.249086ms ago: executing program 8 (id=1167): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 388.951457ms ago: executing program 8 (id=1168): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) 377.933057ms ago: executing program 8 (id=1169): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448e4, &(0x7f0000000040)) 317.468927ms ago: executing program 7 (id=1170): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) 265.005418ms ago: executing program 7 (id=1172): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) unshare(0x60400) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000001c0)={r1, r0, 0x4, r2}, 0x10) 222.297468ms ago: executing program 7 (id=1174): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGPHYS(r1, 0x80404812, &(0x7f0000000140)) 145.124099ms ago: executing program 3 (id=1176): bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000020"], 0xfe44, 0x0) 113.695479ms ago: executing program 3 (id=1179): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000900)='sched_switch\x00', r1}, 0x18) syz_clone(0x40004000, 0x0, 0x0, 0x0, 0x0, 0x0) 95.633519ms ago: executing program 6 (id=1180): mount$9p_fd(0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_batadv\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) 78.588169ms ago: executing program 6 (id=1181): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) fgetxattr(r1, &(0x7f0000000000)=ANY=[], 0x0, 0x0) 63.42689ms ago: executing program 6 (id=1182): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x9, 0x15031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000380)={{&(0x7f0000ff9000/0x4000)=nil, 0x4000}, 0x1}) 53.1879ms ago: executing program 6 (id=1183): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x3, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000004018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 41.82524ms ago: executing program 6 (id=1184): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x7, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001ec0)={'erspan0\x00', 0x0}) sendto$packet(r1, &(0x7f00000002c0)="05030500d3fc030000004788031c09101128", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 0s ago: executing program 6 (id=1185): unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000200)={'lo\x00', {0x2, 0x4e23, @broadcast}}) kernel console output (not intermixed with test programs): . [ 31.360808][ T881] loop1: detected capacity change from 0 to 2048 [ 31.397559][ T888] loop4: detected capacity change from 0 to 512 [ 31.404520][ T881] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 31.447531][ T888] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 31.473254][ T888] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 31.498449][ T291] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 31.513666][ T294] EXT4-fs (loop4): unmounting filesystem. [ 31.533057][ T291] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 31.583186][ T291] EXT4-fs (loop1): unmounting filesystem. [ 31.644927][ T911] loop5: detected capacity change from 0 to 256 [ 31.683529][ T911] exfat: Deprecated parameter 'utf8' [ 31.727033][ T911] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 31.869517][ T922] tmpfs: Unknown parameter 'rootcon’' [ 31.895864][ T907] loop1: detected capacity change from 0 to 40427 [ 31.932536][ T907] F2FS-fs (loop1): fault_injection options not supported [ 31.943754][ T907] F2FS-fs (loop1): heap/no_heap options were deprecated [ 31.954481][ T930] loop3: detected capacity change from 0 to 128 [ 31.966436][ T907] F2FS-fs (loop1): Image doesn't support compression [ 31.984686][ T930] EXT4-fs: Ignoring removed bh option [ 31.991553][ T930] EXT4-fs: Ignoring removed nobh option [ 31.997099][ T907] F2FS-fs (loop1): invalid crc value [ 32.011796][ T907] F2FS-fs (loop1): Found nat_bits in checkpoint [ 32.018366][ T930] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 32.037110][ T930] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 32.084049][ T907] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 32.121182][ T930] fscrypt (loop3, inode 12): Reserved bits set in encryption policy [ 32.162849][ T291] syz-executor: attempt to access beyond end of device [ 32.162849][ T291] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 32.181730][ T378] EXT4-fs (loop3): unmounting filesystem. [ 32.286817][ T947] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.294417][ T947] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.301960][ T947] device bridge_slave_0 entered promiscuous mode [ 32.312513][ T961] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 32.321726][ T947] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.328698][ T947] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.336083][ T961] FAT-fs (loop3): unable to read boot sector [ 32.342460][ T947] device bridge_slave_1 entered promiscuous mode [ 32.377820][ T968] loop4: detected capacity change from 0 to 2048 [ 32.397840][ T968] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 32.410021][ T968] EXT4-fs (loop4): shut down requested (2) [ 32.423300][ T294] EXT4-fs (loop4): unmounting filesystem. [ 32.440414][ T974] loop4: detected capacity change from 0 to 512 [ 32.447228][ T974] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 32.457408][ T974] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 32.465196][ T974] System zones: 1-12 [ 32.470364][ T974] EXT4-fs (loop4): 1 truncate cleaned up [ 32.475835][ T974] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 32.489152][ T313] tipc: Left network mode [ 32.500875][ T294] EXT4-fs (loop4): unmounting filesystem. [ 32.502870][ T947] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.513286][ T947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.520390][ T947] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.527170][ T947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.538984][ T977] loop4: detected capacity change from 0 to 128 [ 32.553565][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.559942][ T977] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 32.570340][ T962] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.570406][ T977] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.587547][ T962] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.603604][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.611712][ T962] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.618569][ T962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.625980][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.627041][ T294] EXT4-fs (loop4): unmounting filesystem. [ 32.634921][ T962] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.646360][ T962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.668370][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.687415][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.703507][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.716409][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.724483][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.731920][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.741415][ T947] device veth0_vlan entered promiscuous mode [ 32.751455][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.760197][ T947] device veth1_macvtap entered promiscuous mode [ 32.769362][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.779190][ T962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.827947][ T989] loop2: detected capacity change from 0 to 16 [ 32.840874][ T989] erofs: (device loop2): mounted with root inode @ nid 36. [ 32.916099][ T998] netlink: 20 bytes leftover after parsing attributes in process `syz.2.277'. [ 32.960077][ T1006] loop6: detected capacity change from 0 to 512 [ 32.971356][ T1006] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.280: casefold flag without casefold feature [ 32.984575][ T1006] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.280: couldn't read orphan inode 15 (err -117) [ 32.997506][ T1006] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 33.029234][ T947] EXT4-fs (loop6): unmounting filesystem. [ 33.045293][ T1012] loop6: detected capacity change from 0 to 1024 [ 33.051815][ T1012] EXT4-fs: Ignoring removed orlov option [ 33.059842][ T313] device bridge_slave_1 left promiscuous mode [ 33.065765][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.069773][ T1012] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 33.081049][ T313] device bridge_slave_0 left promiscuous mode [ 33.087186][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.097224][ T313] device veth0_vlan left promiscuous mode [ 33.151875][ T947] EXT4-fs (loop6): unmounting filesystem. [ 33.288854][ T39] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 33.469880][ T39] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 33.481734][ T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 33.490615][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.498372][ T39] usb 3-1: Product: syz [ 33.502409][ T39] usb 3-1: Manufacturer: syz [ 33.506821][ T39] usb 3-1: SerialNumber: syz [ 33.716110][ T39] cdc_ncm 3-1:1.0: bind() failure [ 33.723523][ T39] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 33.733775][ T39] cdc_ncm 3-1:1.1: bind() failure [ 33.739734][ T39] usb 3-1: USB disconnect, device number 4 [ 34.233202][ T1062] netlink: 176 bytes leftover after parsing attributes in process `syz.6.302'. [ 34.468797][ T610] Bluetooth: hci0: command 0x1003 tx timeout [ 34.469517][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 34.634437][ T1070] loop1: detected capacity change from 0 to 40427 [ 34.641781][ T1070] F2FS-fs (loop1): fault_injection options not supported [ 34.655448][ T1070] F2FS-fs (loop1): Image doesn't support compression [ 34.662673][ T1070] F2FS-fs (loop1): invalid crc value [ 34.669456][ T1070] F2FS-fs (loop1): Found nat_bits in checkpoint [ 34.708881][ T1070] F2FS-fs (loop1): Start checkpoint disabled! [ 34.715328][ T1070] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 34.740531][ T1070] syz.1.305: attempt to access beyond end of device [ 34.740531][ T1070] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 34.771006][ T313] kworker/u4:3: attempt to access beyond end of device [ 34.771006][ T313] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 34.870841][ T1086] loop1: detected capacity change from 0 to 256 [ 34.877218][ T1086] exfat: Deprecated parameter 'utf8' [ 34.882461][ T1086] exfat: Deprecated parameter 'namecase' [ 34.887953][ T1086] exfat: Deprecated parameter 'namecase' [ 34.893443][ T1086] exfat: Deprecated parameter 'utf8' [ 34.901580][ T1086] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 35.048098][ T1095] loop3: detected capacity change from 0 to 2048 [ 35.405464][ T1121] usb usb8: usbfs: process 1121 (syz.1.325) did not claim interface 2 before use [ 35.593528][ T1119] loop3: detected capacity change from 0 to 40427 [ 35.605358][ T1119] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 35.618916][ T1119] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 35.630289][ T1135] futex_wake_op: syz.1.332 tries to shift op by -1; fix this program [ 35.638473][ T1119] F2FS-fs (loop3): invalid crc value [ 35.655674][ T1119] F2FS-fs (loop3): Found nat_bits in checkpoint [ 35.703240][ T1119] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 35.710211][ T332] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 35.722532][ T1119] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 35.822207][ T28] kauditd_printk_skb: 128 callbacks suppressed [ 35.822223][ T28] audit: type=1400 audit(1745462063.881:374): avc: denied { mounton } for pid=1118 comm="syz.3.324" path="/55/bus/bus" dev="loop3" ino=456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.857004][ T28] audit: type=1400 audit(1745462063.881:375): avc: denied { write } for pid=1118 comm="syz.3.324" name="bus" dev="loop3" ino=456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.880140][ T28] audit: type=1400 audit(1745462063.881:376): avc: denied { add_name } for pid=1118 comm="syz.3.324" name="work" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.903871][ T1119] overlayfs: failed to resolve './file0': -2 [ 35.910698][ T28] audit: type=1400 audit(1745462063.941:377): avc: denied { setattr } for pid=1118 comm="syz.3.324" name="work" dev="loop3" ino=457 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.948956][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 35.956530][ T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.967614][ T313] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 35.976553][ T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.992500][ T332] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 36.001981][ T313] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 36.018798][ T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.028909][ T28] audit: type=1400 audit(1745462063.961:378): avc: denied { remove_name } for pid=1118 comm="syz.3.324" name="#1" dev="loop3" ino=459 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 36.039027][ T332] usb 3-1: config 0 descriptor?? [ 36.104816][ T28] audit: type=1400 audit(1745462063.961:379): avc: denied { rename } for pid=1118 comm="syz.3.324" name="#1" dev="loop3" ino=459 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 36.168822][ T39] usb 2-1: Using ep0 maxpacket: 32 [ 36.173897][ T28] audit: type=1400 audit(1745462063.961:380): avc: denied { unlink } for pid=1118 comm="syz.3.324" name="#1" dev="loop3" ino=460 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 36.174960][ T39] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 36.231688][ T39] usb 2-1: config 0 has no interface number 0 [ 36.248173][ T39] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 36.257153][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.265111][ T39] usb 2-1: Product: syz [ 36.269769][ T39] usb 2-1: Manufacturer: syz [ 36.274205][ T39] usb 2-1: SerialNumber: syz [ 36.280341][ T39] usb 2-1: config 0 descriptor?? [ 36.285872][ T39] smsc95xx v2.0.0 [ 36.330349][ T1168] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ' [ 36.354677][ T28] audit: type=1400 audit(1745462064.411:381): avc: denied { name_bind } for pid=1171 comm="syz.6.346" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 36.377082][ T1174] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 36.415022][ T28] audit: type=1400 audit(1745462064.471:382): avc: denied { bind } for pid=1179 comm="syz.3.350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 36.457884][ T28] audit: type=1400 audit(1745462064.511:383): avc: denied { write } for pid=1185 comm="syz.6.353" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 36.485119][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.497730][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.509036][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.517877][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.524775][ T58] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 36.532358][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.540238][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.547105][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.549496][ T1195] bridge0: port 3(vlan2) entered blocking state [ 36.554405][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.560245][ T1195] bridge0: port 3(vlan2) entered disabled state [ 36.566926][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.575055][ T1195] device vlan2 entered promiscuous mode [ 36.579763][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.585269][ T1195] bridge0: mtu less than device minimum [ 36.592257][ T332] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 36.604910][ T332] lg-g15 0003:046D:C222.0004: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.2-1/input0 [ 36.682342][ T1207] loop6: detected capacity change from 0 to 256 [ 36.724991][ T6] usb 3-1: USB disconnect, device number 5 [ 36.731926][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.742665][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.756342][ T58] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 36.765328][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.774742][ T58] usb 5-1: config 0 descriptor?? [ 36.978797][ T332] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 37.158807][ T332] usb 7-1: Using ep0 maxpacket: 16 [ 37.164724][ T332] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 37.175281][ T332] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 37.184206][ T332] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.193050][ T332] usb 7-1: Product: syz [ 37.197061][ T332] usb 7-1: Manufacturer: syz [ 37.201488][ T332] usb 7-1: SerialNumber: syz [ 37.298860][ T39] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71 [ 37.309424][ T39] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 37.318551][ T39] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 37.329237][ T39] smsc95xx: probe of 2-1:0.67 failed with error -71 [ 37.336849][ T39] usb 2-1: USB disconnect, device number 3 [ 37.392602][ T58] usb 5-1: string descriptor 0 read error: -22 [ 37.558809][ T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 37.594378][ T58] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0005/input/input7 [ 37.607401][ T58] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0005/input/input8 [ 37.619138][ T332] usb 7-1: 0:2 : does not exist [ 37.624792][ T58] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0005/input/input9 [ 37.637989][ T58] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0005/input/input10 [ 37.651800][ T58] uclogic 0003:256C:006D.0005: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 37.748965][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 37.758943][ T6] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 37.767792][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.775843][ T6] usb 3-1: Product: syz [ 37.780146][ T6] usb 3-1: Manufacturer: syz [ 37.784539][ T6] usb 3-1: SerialNumber: syz [ 37.789701][ T6] r8152-cfgselector 3-1: config 0 descriptor?? [ 37.803453][ T58] usb 5-1: USB disconnect, device number 4 [ 37.847459][ T1235] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 38.022920][ T332] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 38.028847][ T311] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 38.040522][ T332] usb 7-1: USB disconnect, device number 2 [ 38.048252][ T1224] udevd[1224]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 38.168827][ T19] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 38.200935][ T6] r8152-cfgselector 3-1: Unknown version 0x0000 [ 38.207114][ T6] r8152-cfgselector 3-1: bad CDC descriptors [ 38.213360][ T6] r8152-cfgselector 3-1: Unknown version 0x0000 [ 38.219968][ T6] r8152-cfgselector 3-1: USB disconnect, device number 6 [ 38.241131][ T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.251942][ T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.261499][ T311] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 38.270500][ T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.278907][ T311] usb 4-1: config 0 descriptor?? [ 38.368939][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 38.374899][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 38.385931][ T19] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 38.398982][ T19] usb 2-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00 [ 38.407838][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.417157][ T19] usb 2-1: config 0 descriptor?? [ 38.543283][ T1244] loop6: detected capacity change from 0 to 1024 [ 38.549800][ T1244] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.558185][ T1244] EXT4-fs error (device loop6): ext4_ext_check_inode:520: inode #11: comm syz.6.376: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 38.576637][ T1244] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.376: couldn't read orphan inode 11 (err -117) [ 38.588514][ T1244] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 38.601609][ T1244] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:477: comm syz.6.376: Invalid block bitmap block 0 in block_group 0 [ 38.608827][ T319] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 38.615243][ T1244] EXT4-fs error (device loop6): ext4_acquire_dquot:6782: comm syz.6.376: Failed to acquire dquot type 0 [ 38.636668][ T1244] EXT4-fs error (device loop6): ext4_read_inode_bitmap:140: comm syz.6.376: Invalid inode bitmap blk 137438953472 in block_group 0 [ 38.656030][ T962] EXT4-fs error (device loop6): __ext4_get_inode_loc:4508: comm kworker/u4:6: Invalid inode table block 8589934593 in block_group 0 [ 38.670440][ T947] EXT4-fs (loop6): unmounting filesystem. [ 38.686358][ T311] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 38.693727][ T311] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 38.754102][ T1254] input: syz0 as /devices/virtual/input/input11 [ 38.798844][ T319] usb 5-1: Using ep0 maxpacket: 8 [ 38.804802][ T319] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 38.825903][ T19] kye 0003:0458:5019.0007: unknown main item tag 0x0 [ 38.833238][ T19] kye 0003:0458:5019.0007: unknown main item tag 0x0 [ 38.839806][ T19] kye 0003:0458:5019.0007: unknown main item tag 0x0 [ 38.846392][ T19] kye 0003:0458:5019.0007: unknown main item tag 0x0 [ 38.852965][ T19] kye 0003:0458:5019.0007: unknown main item tag 0x0 [ 38.859849][ T319] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 38.868686][ T319] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.877323][ T19] kye 0003:0458:5019.0007: hidraw1: USB HID v0.00 Device [HID 0458:5019] on usb-dummy_hcd.1-1/input0 [ 38.888225][ T319] usb 5-1: Product: syz [ 38.892280][ T311] cp2112 0003:10C4:EA90.0006: Part Number: 0x82 Device Version: 0xFE [ 38.900173][ T19] kye 0003:0458:5019.0007: tablet-enabling feature report not found [ 38.907989][ T19] kye 0003:0458:5019.0007: tablet enabling failed [ 38.914372][ T319] usb 5-1: Manufacturer: syz [ 38.917045][ T1258] loop2: detected capacity change from 0 to 40427 [ 38.918808][ T319] usb 5-1: SerialNumber: syz [ 38.931942][ T1258] F2FS-fs (loop2): fault_injection options not supported [ 38.933618][ T319] usb 5-1: config 0 descriptor?? [ 38.944868][ T1258] F2FS-fs (loop2): invalid crc value [ 38.949015][ T58] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 38.961145][ T1258] F2FS-fs (loop2): Found nat_bits in checkpoint [ 38.994818][ T1258] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 39.029571][ T39] usb 2-1: USB disconnect, device number 4 [ 39.037063][ T292] syz-executor: attempt to access beyond end of device [ 39.037063][ T292] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 39.148835][ T58] usb 7-1: Using ep0 maxpacket: 8 [ 39.159630][ T58] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 39.167711][ T58] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 39.182802][ T58] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 39.195942][ T58] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 39.204884][ T58] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.215974][ T332] usb 5-1: USB disconnect, device number 5 [ 39.294124][ T311] cp2112 0003:10C4:EA90.0006: error setting SMBus config [ 39.303353][ T311] cp2112: probe of 0003:10C4:EA90.0006 failed with error -71 [ 39.312143][ T311] usb 4-1: USB disconnect, device number 3 [ 39.369973][ T1276] loop2: detected capacity change from 0 to 512 [ 39.376639][ T1276] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 39.384919][ T1276] EXT4-fs (loop2): invalid journal inode [ 39.390561][ T1276] EXT4-fs (loop2): can't get journal size [ 39.396579][ T1276] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c119, mo2=0002] [ 39.404563][ T1276] System zones: 1-12, 13-13 [ 39.409659][ T1276] EXT4-fs (loop2): 1 truncate cleaned up [ 39.415115][ T1276] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 39.432232][ T319] usb 7-1: USB disconnect, device number 3 [ 39.432327][ T1276] fscrypt (loop2, inode 12): Error -61 getting encryption context [ 39.452921][ T292] EXT4-fs (loop2): unmounting filesystem. [ 39.471910][ T1279] loop2: detected capacity change from 0 to 512 [ 39.481364][ T1279] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.389: casefold flag without casefold feature [ 39.493943][ T1279] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.389: couldn't read orphan inode 15 (err -117) [ 39.506119][ T1279] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 39.522870][ T292] EXT4-fs (loop2): unmounting filesystem. [ 39.584593][ T1290] loop1: detected capacity change from 0 to 2048 [ 39.629339][ T1290] loop1: p1 < > p4 [ 39.634175][ T1290] loop1: p4 size 8388608 extends beyond EOD, truncated [ 39.646685][ T1292] loop2: detected capacity change from 0 to 1024 [ 39.670655][ T1292] EXT4-fs: Ignoring removed orlov option [ 39.680366][ T1224] udevd[1224]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 39.688561][ T1292] EXT4-fs (loop2): Test dummy encryption mode enabled [ 39.692383][ T435] udevd[435]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 39.703150][ T1292] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 39.727165][ T292] EXT4-fs (loop2): unmounting filesystem. [ 39.753332][ T1302] loop2: detected capacity change from 0 to 512 [ 39.770706][ T1302] EXT4-fs error (device loop2): ext4_acquire_dquot:6782: comm syz.2.397: Failed to acquire dquot type 1 [ 39.782274][ T1302] EXT4-fs (loop2): 1 truncate cleaned up [ 39.787749][ T1302] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 39.788041][ T1307] loop1: detected capacity change from 0 to 1024 [ 39.797021][ T1302] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.825332][ T1307] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 39.854220][ T292] EXT4-fs (loop2): unmounting filesystem. [ 39.862388][ T291] EXT4-fs (loop1): unmounting filesystem. [ 39.921495][ T1318] loop3: detected capacity change from 0 to 2048 [ 39.947486][ T1328] loop1: detected capacity change from 0 to 512 [ 39.950391][ T1318] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 39.977649][ T378] EXT4-fs (loop3): unmounting filesystem. [ 39.980616][ T1328] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 39.992083][ T1328] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.018818][ T319] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 40.035247][ T291] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 40.052513][ T1337] device gretap0 entered promiscuous mode [ 40.053149][ T291] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 40.058075][ T1337] device macsec1 entered promiscuous mode [ 40.082506][ T1337] device gretap0 left promiscuous mode [ 40.148830][ T332] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 40.166699][ T1341] SELinux: ebitmap start bit (1704960) is beyond the end of the bitmap (1088) [ 40.183353][ T291] EXT4-fs (loop1): unmounting filesystem. [ 40.184515][ T1341] SELinux: failed to load policy [ 40.220105][ T319] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 40.228190][ T319] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 40.245591][ T319] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 40.257011][ T319] usb 7-1: config 220 has no interface number 2 [ 40.275208][ T319] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 40.296423][ T319] usb 7-1: config 220 interface 0 has no altsetting 0 [ 40.303323][ T319] usb 7-1: config 220 interface 76 has no altsetting 0 [ 40.310087][ T319] usb 7-1: config 220 interface 1 has no altsetting 0 [ 40.328605][ T319] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 40.342665][ T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.349350][ T319] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.368069][ T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.374221][ T319] usb 7-1: Product: syz [ 40.389259][ T332] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 40.391247][ T319] usb 7-1: Manufacturer: syz [ 40.407718][ T319] usb 7-1: SerialNumber: syz [ 40.423244][ T332] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 40.437650][ T332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.456711][ T332] usb 5-1: config 0 descriptor?? [ 40.504820][ T1357] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.511880][ T1357] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.519463][ T1357] device bridge_slave_0 entered promiscuous mode [ 40.526319][ T1357] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.533241][ T1357] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.540528][ T1357] device bridge_slave_1 entered promiscuous mode [ 40.605133][ T1357] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.612032][ T1357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.619096][ T1357] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.625875][ T1357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.638123][ T319] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 40.644966][ T319] usb 7-1: No valid video chain found. [ 40.651309][ T319] usb 7-1: selecting invalid altsetting 0 [ 40.660908][ T319] usb 7-1: USB disconnect, device number 4 [ 40.674213][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.682019][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.689734][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.708797][ T311] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 40.718847][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.726820][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.733699][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.741665][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.749717][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.756609][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.763847][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.771740][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.781966][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.790839][ T329] device bridge_slave_1 left promiscuous mode [ 40.796802][ T329] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.804202][ T329] device bridge_slave_0 left promiscuous mode [ 40.810326][ T329] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.818099][ T329] device veth1_macvtap left promiscuous mode [ 40.824066][ T329] device veth0_vlan left promiscuous mode [ 40.867718][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.874982][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.884694][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.892028][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.899262][ T311] usb 4-1: Using ep0 maxpacket: 16 [ 40.904165][ T1357] device veth0_vlan entered promiscuous mode [ 40.910453][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.918272][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.925498][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.928241][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.933522][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.944488][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.947334][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.956708][ T1357] device veth1_macvtap entered promiscuous mode [ 40.968144][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.969313][ T1353] netlink: 40 bytes leftover after parsing attributes in process `syz.3.420'. [ 40.975496][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.991446][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.992031][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.998660][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 41.012759][ T311] usb 4-1: unable to get BOS descriptor or descriptor too short [ 41.013941][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 41.021392][ T311] usb 4-1: no configurations [ 41.029570][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 41.034904][ T311] usb 4-1: can't read configurations, error -22 [ 41.040238][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 41.053402][ T332] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 41.056624][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.060744][ T332] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 41.080277][ T332] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 41.109737][ T332] usb 5-1: USB disconnect, device number 6 [ 41.132813][ T1370] device vlan2 entered promiscuous mode [ 41.199175][ T1374] loop6: detected capacity change from 0 to 128 [ 41.205801][ T1374] EXT4-fs (loop6): Test dummy encryption mode enabled [ 41.214801][ T1374] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 41.223384][ T1374] ext4 filesystem being mounted at /29/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 41.235941][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 41.235955][ T28] audit: type=1400 audit(1745462069.301:421): avc: denied { create } for pid=1373 comm="syz.6.426" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 41.262881][ T1374] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 41.273614][ T28] audit: type=1400 audit(1745462069.331:422): avc: denied { write } for pid=1373 comm="syz.6.426" name="file0" dev="loop6" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 41.296548][ T947] EXT4-fs (loop6): unmounting filesystem. [ 41.302424][ T28] audit: type=1400 audit(1745462069.331:423): avc: denied { open } for pid=1373 comm="syz.6.426" path="/29/mnt/file0" dev="loop6" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 41.334518][ T28] audit: type=1400 audit(1745462069.371:424): avc: denied { sqpoll } for pid=1379 comm="syz.7.427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 41.356978][ T28] audit: type=1400 audit(1745462069.371:425): avc: denied { map } for pid=1379 comm="syz.7.427" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=20987 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 41.381507][ T28] audit: type=1400 audit(1745462069.371:426): avc: denied { write } for pid=1379 comm="syz.7.427" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=20987 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 41.418484][ T1389] loop2: detected capacity change from 0 to 128 [ 41.432817][ T1389] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 41.457347][ T1389] ext4 filesystem being mounted at /78/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 41.476733][ T1389] fscrypt (loop2, inode 12): Mutually exclusive encryption flags (0x1f) [ 41.525981][ T292] EXT4-fs (loop2): unmounting filesystem. [ 41.540658][ T1401] loop2: detected capacity change from 0 to 512 [ 41.555457][ T1401] EXT4-fs: Ignoring removed oldalloc option [ 41.562777][ T28] audit: type=1400 audit(1745462069.621:427): avc: denied { map } for pid=1404 comm="syz.3.438" path="socket:[20444]" dev="sockfs" ino=20444 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 41.590532][ T1401] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 41.612419][ T1409] Zero length message leads to an empty skb [ 41.631826][ T1401] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 41.648652][ T1401] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=b846c01c, mo2=0102] [ 41.656701][ T1401] System zones: 0-2, 18-18, 34-34 [ 41.662196][ T1401] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 41.670404][ T1401] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.435: bad orphan inode 15 [ 41.680631][ T1401] ext4_test_bit(bit=14, block=18) = 1 [ 41.687791][ T1401] is_bad_inode(inode)=0 [ 41.697338][ T1401] NEXT_ORPHAN(inode)=2264924160 [ 41.702215][ T1401] max_ino=32 [ 41.705392][ T1401] i_nlink=0 [ 41.708398][ T1401] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 41.725388][ T1401] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.435: bg 0: block 80: padding at end of block bitmap is not set [ 41.739917][ T1401] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 41.748634][ T1401] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 41.768563][ T1401] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.775585][ T1401] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.794792][ T292] EXT4-fs (loop2): unmounting filesystem. [ 41.805422][ T1424] loop4: detected capacity change from 0 to 512 [ 41.837840][ T1424] EXT4-fs: Ignoring removed oldalloc option [ 41.851057][ T1424] EXT4-fs error (device loop4): ext4_xattr_inode_iget:400: comm syz.4.446: Parent and EA inode have the same ino 15 [ 41.863270][ T1424] EXT4-fs (loop4): Remounting filesystem read-only [ 41.870774][ T1424] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 41.883820][ T1424] EXT4-fs error (device loop4): ext4_xattr_inode_iget:400: comm syz.4.446: Parent and EA inode have the same ino 15 [ 41.894217][ T1433] loop7: detected capacity change from 0 to 256 [ 41.902652][ T1433] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.913156][ T1424] EXT4-fs (loop4): Remounting filesystem read-only [ 41.919721][ T1424] EXT4-fs (loop4): 1 orphan inode deleted [ 41.925318][ T1424] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 41.928949][ T1433] exFAT-fs (loop7): Medium has reported failures. Some data may be lost. [ 41.944947][ T1433] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 41.978972][ T294] EXT4-fs (loop4): unmounting filesystem. [ 41.984869][ T1437] loop2: detected capacity change from 0 to 128 [ 41.993264][ T1437] EXT4-fs: Ignoring removed bh option [ 41.999559][ T1437] EXT4-fs: Ignoring removed nobh option [ 42.025788][ T1437] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 42.038447][ T1437] ext4 filesystem being mounted at /81/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 42.076192][ T1437] fscrypt (loop2, inode 12): Reserved bits set in encryption policy [ 42.091057][ T292] EXT4-fs (loop2): unmounting filesystem. [ 42.117190][ T28] audit: type=1400 audit(1745462070.171:428): avc: denied { wake_alarm } for pid=1449 comm="syz.2.457" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 42.175960][ T1455] input: syz1 as /devices/virtual/input/input12 [ 42.217554][ T28] audit: type=1400 audit(1745462070.271:429): avc: denied { read write } for pid=1458 comm="syz.2.460" name="usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 42.271562][ T28] audit: type=1400 audit(1745462070.271:430): avc: denied { open } for pid=1458 comm="syz.2.460" path="/dev/usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 42.300901][ T1465] loop7: detected capacity change from 0 to 512 [ 42.340492][ T1465] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 42.380822][ T1465] EXT4-fs (loop7): orphan cleanup on readonly fs [ 42.397549][ T1465] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:511: comm syz.7.463: Block bitmap for bg 0 marked uninitialized [ 42.414205][ T1465] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 42.428880][ T1465] EXT4-fs (loop7): 1 orphan inode deleted [ 42.436628][ T1465] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 42.460640][ T1476] incfs: Options parsing error. -22 [ 42.467180][ T1476] incfs: mount failed -22 [ 42.480882][ T1465] EXT4-fs (loop7): warning: mounting fs with errors, running e2fsck is recommended [ 42.491861][ T1465] EXT4-fs (loop7): re-mounted. Quota mode: none. [ 42.498654][ T1465] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:511: comm syz.7.463: Block bitmap for bg 0 marked uninitialized [ 42.526801][ T1357] EXT4-fs (loop7): unmounting filesystem. [ 42.562623][ T1488] loop3: detected capacity change from 0 to 128 [ 42.587959][ T1488] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 42.613536][ T1497] loop7: detected capacity change from 0 to 2048 [ 42.621229][ T1488] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 42.650192][ T378] EXT4-fs (loop3): unmounting filesystem. [ 42.657520][ T1503] loop6: detected capacity change from 0 to 512 [ 42.669726][ T1497] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 42.717095][ T1503] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.480: corrupted inode contents [ 42.729231][ T1503] EXT4-fs error (device loop6): ext4_dirty_inode:6091: inode #16: comm syz.6.480: mark_inode_dirty error [ 42.729710][ T1357] EXT4-fs (loop7): unmounting filesystem. [ 42.740688][ T1503] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.480: corrupted inode contents [ 42.758139][ T1503] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #16: comm syz.6.480: mark_inode_dirty error [ 42.769538][ T1503] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.480: corrupted inode contents [ 42.781376][ T1503] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 42.790374][ T1503] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.480: corrupted inode contents [ 42.802246][ T1503] EXT4-fs error (device loop6): ext4_truncate:4313: inode #16: comm syz.6.480: mark_inode_dirty error [ 42.813448][ T1503] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 42.822574][ T1503] EXT4-fs (loop6): 1 truncate cleaned up [ 42.828068][ T1503] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 42.839001][ T962] EXT4-fs error (device loop6): ext4_release_dquot:6805: comm kworker/u4:6: Failed to release dquot type 1 [ 42.851869][ T1503] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.895134][ T1521] loop3: detected capacity change from 0 to 512 [ 42.902709][ T947] EXT4-fs (loop6): unmounting filesystem. [ 42.906207][ T1521] EXT4-fs: Ignoring removed nobh option [ 42.928103][ T1521] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.486: casefold flag without casefold feature [ 42.938850][ T332] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 42.948836][ T58] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 42.963591][ T1521] EXT4-fs (loop3): Remounting filesystem read-only [ 42.971428][ T1526] loop6: detected capacity change from 0 to 256 [ 42.977531][ T1521] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.486: couldn't read orphan inode 15 (err -117) [ 43.014019][ T1521] EXT4-fs (loop3): Remounting filesystem read-only [ 43.027321][ T1521] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 43.066317][ T1519] loop7: detected capacity change from 0 to 40427 [ 43.082956][ T1519] F2FS-fs (loop7): invalid crc value [ 43.083966][ T1521] EXT4-fs error (device loop3): ext4_check_dx_root:2266: inode #2: comm syz.3.486: Corrupt dir, invalid name_len for '.', running e2fsck is recommended [ 43.103757][ T1521] EXT4-fs (loop3): Remounting filesystem read-only [ 43.113610][ T1519] F2FS-fs (loop7): Found nat_bits in checkpoint [ 43.120998][ T1532] process 'syz.6.490' launched '/dev/fd/-1/./file1' with NULL argv: empty string added [ 43.130980][ T58] usb 5-1: Using ep0 maxpacket: 16 [ 43.136984][ T378] EXT4-fs (loop3): unmounting filesystem. [ 43.137171][ T58] usb 5-1: config index 0 descriptor too short (expected 21028, got 36) [ 43.151170][ T58] usb 5-1: config 15 has too many interfaces: 74, using maximum allowed: 32 [ 43.160221][ T58] usb 5-1: config 15 has an invalid interface number: 251 but max is 73 [ 43.168468][ T58] usb 5-1: config 15 has an invalid descriptor of length 0, skipping remainder of the config [ 43.182948][ T332] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 43.200910][ T58] usb 5-1: config 15 has 1 interface, different from the descriptor's value: 74 [ 43.210485][ T332] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 43.211672][ T1519] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 43.219415][ T58] usb 5-1: config 15 has no interface number 0 [ 43.239090][ T58] usb 5-1: config 15 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 43.258868][ T332] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 43.267869][ T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 43.275719][ T58] usb 5-1: config 15 interface 251 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 43.288564][ T332] usb 3-1: SerialNumber: syz [ 43.301082][ T58] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 43.310088][ T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.320851][ T58] usb 5-1: Product: syz [ 43.324875][ T58] usb 5-1: Manufacturer: syz [ 43.338181][ T58] usb 5-1: SerialNumber: syz [ 43.357940][ T1508] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 43.363451][ T1519] syz.7.485: attempt to access beyond end of device [ 43.363451][ T1519] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 43.506808][ T332] usb 3-1: 0:2 : does not exist [ 43.520092][ T332] usb 3-1: USB disconnect, device number 7 [ 43.594108][ T58] asix: probe of 5-1:15.251 failed with error -22 [ 43.619560][ T58] usb 5-1: USB disconnect, device number 7 [ 43.729359][ T435] udevd[435]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 43.730584][ T1575] loop6: detected capacity change from 0 to 1024 [ 43.754924][ T1575] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.761728][ T1575] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 43.776529][ T1575] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 43.790120][ T1575] EXT4-fs error (device loop6): ext4_xattr_ibody_get:603: inode #2: comm syz.6.506: corrupted in-inode xattr [ 43.801746][ T1575] EXT4-fs (loop6): Remounting filesystem read-only [ 43.815760][ T947] EXT4-fs (loop6): unmounting filesystem. [ 43.834621][ T1581] loop7: detected capacity change from 0 to 256 [ 43.856152][ T1584] syz.6.510[1584] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.856223][ T1584] syz.6.510[1584] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.870663][ T1581] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 43.912991][ T1586] loop6: detected capacity change from 0 to 512 [ 43.931323][ T1586] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 43.940551][ T1586] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.968093][ T947] EXT4-fs (loop6): unmounting filesystem. [ 44.032959][ T1600] loop6: detected capacity change from 0 to 256 [ 44.048918][ T311] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 44.056438][ T1600] exfat: Deprecated parameter 'utf8' [ 44.068480][ T1600] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xc61f63e4, utbl_chksum : 0xe619d30d) [ 44.173063][ T1609] loop6: detected capacity change from 0 to 512 [ 44.209245][ T1609] EXT4-fs: Ignoring removed mblk_io_submit option [ 44.215840][ T1609] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 44.239889][ T311] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 44.258846][ T311] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 44.270099][ T1609] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 44.278798][ T311] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 44.288505][ T311] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 44.301442][ T311] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 44.309074][ T1609] System zones: 1-12 [ 44.310666][ T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.323317][ T1609] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2186: inode #15: comm syz.6.521: corrupted in-inode xattr [ 44.333155][ T311] usb 4-1: invalid MIDI out EP 0 [ 44.352627][ T1609] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.521: couldn't read orphan inode 15 (err -117) [ 44.365878][ T1609] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 44.374974][ T311] snd-usb-audio: probe of 4-1:27.0 failed with error -22 [ 44.406819][ T1224] udevd[1224]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 44.439539][ T947] EXT4-fs (loop6): unmounting filesystem. [ 44.536416][ T311] usb 4-1: USB disconnect, device number 6 [ 44.553423][ T1626] loop6: detected capacity change from 0 to 1024 [ 44.584607][ T1626] EXT4-fs: Ignoring removed oldalloc option [ 44.621790][ T1626] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 44.638809][ T58] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 44.765854][ T1642] loop2: detected capacity change from 0 to 512 [ 44.771966][ T1594] loop7: detected capacity change from 0 to 131072 [ 44.779623][ T1594] F2FS-fs (loop7): Test dummy encryption mode enabled [ 44.790447][ T1594] F2FS-fs (loop7): invalid crc value [ 44.796700][ T1642] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 44.803774][ T1594] F2FS-fs (loop7): Found nat_bits in checkpoint [ 44.809243][ T1642] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 44.826181][ T947] EXT4-fs (loop6): unmounting filesystem. [ 44.828899][ T58] usb 5-1: Using ep0 maxpacket: 8 [ 44.831791][ T1642] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.534: Corrupt directory, running e2fsck is recommended [ 44.848536][ T58] usb 5-1: unable to get BOS descriptor or descriptor too short [ 44.858491][ T1642] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 44.866701][ T58] usb 5-1: config 0 has an invalid interface number: 88 but max is 0 [ 44.887073][ T58] usb 5-1: config 0 has no interface number 0 [ 44.893089][ T58] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 44.904031][ T58] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 44.913401][ T1594] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 44.913893][ T58] usb 5-1: config 0 interface 88 has no altsetting 0 [ 44.927622][ T1642] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2186: inode #15: comm syz.2.534: corrupted in-inode xattr [ 44.939961][ T1642] EXT4-fs (loop2): Remounting filesystem read-only [ 44.946407][ T1642] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.534: couldn't read orphan inode 15 (err -117) [ 44.958285][ T1642] EXT4-fs (loop2): Remounting filesystem read-only [ 44.964690][ T1642] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 44.974037][ T58] usb 5-1: string descriptor 0 read error: -22 [ 44.988793][ T58] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 44.997755][ T58] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 45.007852][ T1642] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 45.020017][ T58] usb 5-1: config 0 descriptor?? [ 45.024849][ T1642] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 45.034892][ T1642] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.534: Corrupt directory, running e2fsck is recommended [ 45.052532][ T1642] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 45.057132][ T58] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input13 [ 45.079117][ T1642] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 45.096112][ T1642] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.534: Corrupt directory, running e2fsck is recommended [ 45.138887][ T1652] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 45.165465][ T435] udevd[435]: Error opening device "/dev/input/event3": Input/output error [ 45.174499][ T1652] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 45.179567][ T435] udevd[435]: Unable to EVIOCGABS device "/dev/input/event3" [ 45.193114][ T1658] loop3: detected capacity change from 0 to 256 [ 45.201366][ T1652] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.534: Corrupt directory, running e2fsck is recommended [ 45.202655][ T435] udevd[435]: Unable to EVIOCGABS device "/dev/input/event3" [ 45.216053][ T1642] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 45.244596][ T1658] FAT-fs (loop3): Directory bread(block 64) failed [ 45.251188][ T1658] FAT-fs (loop3): Directory bread(block 65) failed [ 45.257607][ T1658] FAT-fs (loop3): Directory bread(block 66) failed [ 45.264758][ T1658] FAT-fs (loop3): Directory bread(block 67) failed [ 45.272117][ T1658] FAT-fs (loop3): Directory bread(block 68) failed [ 45.278442][ T1658] FAT-fs (loop3): Directory bread(block 69) failed [ 45.285110][ T1658] FAT-fs (loop3): Directory bread(block 70) failed [ 45.291620][ T1658] FAT-fs (loop3): Directory bread(block 71) failed [ 45.296407][ T58] usb 5-1: USB disconnect, device number 8 [ 45.298004][ T1658] FAT-fs (loop3): Directory bread(block 72) failed [ 45.312148][ T292] EXT4-fs (loop2): unmounting filesystem. [ 45.315310][ T1658] FAT-fs (loop3): Directory bread(block 73) failed [ 45.468871][ T311] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 45.598374][ T1668] loop7: detected capacity change from 0 to 40427 [ 45.605406][ T1668] F2FS-fs (loop7): fault_type options not supported [ 45.612581][ T1668] F2FS-fs (loop7): invalid crc value [ 45.618489][ T1668] F2FS-fs (loop7): Found nat_bits in checkpoint [ 45.651198][ T1668] F2FS-fs (loop7): Start checkpoint disabled! [ 45.657696][ T1668] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6 [ 45.668812][ T311] usb 7-1: Using ep0 maxpacket: 16 [ 45.679694][ T311] usb 7-1: config 0 has an invalid interface number: 41 but max is 0 [ 45.687759][ T311] usb 7-1: config 0 has no interface number 0 [ 45.703345][ T311] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 45.713607][ T311] usb 7-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 45.714687][ T1668] F2FS-fs (loop7): ino:10, start:1, end:8193, need to trigger GC to reclaim enough free segment when checkpoint is enabled [ 45.723783][ T311] usb 7-1: config 0 interface 41 has no altsetting 0 [ 45.742583][ T1238] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 45.759802][ T311] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 45.777316][ T311] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.785293][ T311] usb 7-1: Product: syz [ 45.796062][ T311] usb 7-1: Manufacturer: syz [ 45.800641][ T311] usb 7-1: SerialNumber: syz [ 45.809286][ T311] usb 7-1: config 0 descriptor?? [ 45.814288][ T1659] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 45.829078][ T1659] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 45.846497][ T329] kworker/u4:4: attempt to access beyond end of device [ 45.846497][ T329] loop7: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 45.940504][ T1238] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.956709][ T1238] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.976488][ T1238] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 45.989662][ T1238] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 46.009747][ T1238] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 46.021545][ T1238] usb 3-1: config 0 descriptor?? [ 46.052714][ T1659] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 46.064338][ T1659] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 46.087620][ T1700] loop4: detected capacity change from 0 to 512 [ 46.095333][ T1700] EXT4-fs: Ignoring removed nobh option [ 46.103018][ T1700] EXT4-fs: Ignoring removed bh option [ 46.109706][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x4 [ 46.117756][ T1700] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 46.125841][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x2 [ 46.133526][ T1700] EXT4-fs (loop4): 1 truncate cleaned up [ 46.134701][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.139512][ T1700] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 46.147541][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.163658][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.171275][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.178836][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.179807][ T294] EXT4-fs (loop4): unmounting filesystem. [ 46.186282][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.186305][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.206785][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.214412][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.222769][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.234048][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.241632][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.250277][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.257736][ T332] hid-generic 0000:3000000:0000.0009: unknown main item tag 0x0 [ 46.265792][ T332] hid-generic 0000:3000000:0000.0009: hidraw0: HID v0.00 Device [sy] on syz0 [ 46.312541][ T1712] device ip6tnl2 entered promiscuous mode [ 46.432771][ T1238] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 46.451592][ T1238] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 46.480260][ T311] CoreChips: probe of 7-1:0.41 failed with error -32 [ 46.501216][ T311] usb 7-1: USB disconnect, device number 5 [ 46.712185][ T332] usb 3-1: USB disconnect, device number 8 [ 46.737806][ T1729] loop4: detected capacity change from 0 to 40427 [ 46.744587][ T1729] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 46.752939][ T1729] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 46.762763][ T1729] F2FS-fs (loop4): Found nat_bits in checkpoint [ 46.795392][ T1729] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 46.802292][ T1729] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 47.049224][ T1753] netlink: 4 bytes leftover after parsing attributes in process `syz.6.575'. [ 47.160573][ T28] kauditd_printk_skb: 30 callbacks suppressed [ 47.160590][ T28] audit: type=1400 audit(1745462075.221:460): avc: denied { write } for pid=1757 comm="syz.6.576" name="ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.432380][ T28] audit: type=1400 audit(1745462075.491:461): avc: denied { map } for pid=1772 comm="syz.7.583" path="/dev/ashmem" dev="devtmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 47.574552][ T1784] netlink: 4 bytes leftover after parsing attributes in process `syz.4.587'. [ 47.584786][ T1782] loop7: detected capacity change from 0 to 8192 [ 47.639214][ T1782] loop7: p1 < > p2 p3 < p5 > [ 47.644279][ T1782] loop7: partition table partially beyond EOD, truncated [ 47.651498][ T1782] loop7: p1 start 408832 is beyond EOD, truncated [ 47.657991][ T1782] loop7: p2 start 6684676 is beyond EOD, truncated [ 47.666438][ T1782] loop7: p5 start 6684676 is beyond EOD, truncated [ 47.692014][ T1794] loop2: detected capacity change from 0 to 512 [ 47.704970][ T1794] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 47.740543][ T435] udevd[435]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory [ 47.751128][ T1794] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 47.769891][ T28] audit: type=1400 audit(1745462075.831:462): avc: denied { bind } for pid=1802 comm="syz.7.594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 47.777772][ T1794] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.850841][ T292] EXT4-fs (loop2): unmounting filesystem. [ 47.889629][ T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 48.029067][ T1811] loop3: detected capacity change from 0 to 40427 [ 48.039895][ T1811] F2FS-fs (loop3): invalid crc value [ 48.048933][ T1811] F2FS-fs (loop3): Found nat_bits in checkpoint [ 48.069923][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 48.089107][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.096855][ T1811] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 48.106363][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 48.142700][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 48.149722][ T1820] netlink: 'syz.6.600': attribute type 3 has an invalid length. [ 48.158822][ T58] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 48.170236][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.195567][ T24] usb 5-1: config 0 descriptor?? [ 48.252639][ T1829] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.323793][ T1811] syz.3.599: attempt to access beyond end of device [ 48.323793][ T1811] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 48.349007][ T58] usb 3-1: Using ep0 maxpacket: 32 [ 48.360047][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 48.369716][ T58] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 48.389902][ T58] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 48.398825][ T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.406595][ T58] usb 3-1: Product: syz [ 48.413001][ T58] usb 3-1: Manufacturer: syz [ 48.417485][ T58] usb 3-1: SerialNumber: syz [ 48.433140][ T58] usb 3-1: config 0 descriptor?? [ 48.452187][ T58] snd-usb-audio: probe of 3-1:0.0 failed with error -12 [ 48.474842][ T1222] udevd[1222]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 48.615278][ T24] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 48.630225][ T1238] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 48.638391][ T24] plantronics 0003:047F:FFFF.000B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 48.653975][ T319] usb 3-1: USB disconnect, device number 9 [ 48.764987][ T1847] tipc: Started in network mode [ 48.769822][ T1847] tipc: Node identity 7, cluster identity 4711 [ 48.775790][ T1847] tipc: Node number set to 7 [ 48.801335][ T28] audit: type=1400 audit(1745462076.861:463): avc: denied { ioctl } for pid=1848 comm="syz.3.614" path="/dev/fuse" dev="devtmpfs" ino=93 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 48.826378][ T1851] 9p: Unknown uid 00000000004294967295 [ 48.850196][ T1238] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 48.850227][ T1238] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 48.850253][ T1238] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 48.850273][ T1238] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 48.850304][ T1238] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 48.850326][ T1238] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.865937][ T1238] usb 7-1: invalid MIDI out EP 0 [ 48.868240][ T1238] snd-usb-audio: probe of 7-1:27.0 failed with error -22 [ 48.883534][ T1857] netlink: 44 bytes leftover after parsing attributes in process `syz.3.618'. [ 48.885793][ T1224] udevd[1224]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 48.890103][ T1238] usb 5-1: USB disconnect, device number 9 [ 48.935914][ T28] audit: type=1400 audit(1745462076.991:464): avc: denied { ioctl } for pid=1854 comm="syz.7.617" path="socket:[23047]" dev="sockfs" ino=23047 ioctlcmd=0x48dd scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 48.935948][ T28] audit: type=1400 audit(1745462076.991:465): avc: denied { compute_member } for pid=1861 comm="syz.3.620" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 49.043310][ T1864] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 49.052505][ T1864] FAT-fs (loop7): unable to read boot sector [ 49.071558][ T19] usb 7-1: USB disconnect, device number 6 [ 49.398814][ T1238] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 49.546307][ T1908] netlink: 96 bytes leftover after parsing attributes in process `syz.4.641'. [ 49.591671][ T1238] usb 4-1: Using ep0 maxpacket: 16 [ 49.603072][ T1238] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 49.611988][ T1238] usb 4-1: config 0 has no interface number 0 [ 49.617939][ T1238] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 49.618815][ T39] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 49.627782][ T1238] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 49.644926][ T1238] usb 4-1: config 0 interface 41 has no altsetting 0 [ 49.661338][ T1238] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 49.675833][ T1238] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.689794][ T1238] usb 4-1: Product: syz [ 49.694639][ T1238] usb 4-1: Manufacturer: syz [ 49.699142][ T1238] usb 4-1: SerialNumber: syz [ 49.707128][ T1238] usb 4-1: config 0 descriptor?? [ 49.712160][ T28] audit: type=1400 audit(1745462077.771:466): avc: denied { getopt } for pid=1917 comm="syz.4.646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 49.731413][ T1879] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 49.738307][ T1879] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 49.829024][ T39] usb 8-1: Using ep0 maxpacket: 32 [ 49.839851][ T39] usb 8-1: config 0 has an invalid interface number: 67 but max is 0 [ 49.847877][ T39] usb 8-1: config 0 has no interface number 0 [ 49.867677][ T39] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 49.876687][ T39] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.884529][ T39] usb 8-1: Product: syz [ 49.888468][ T39] usb 8-1: Manufacturer: syz [ 49.892924][ T39] usb 8-1: SerialNumber: syz [ 49.909383][ T39] usb 8-1: config 0 descriptor?? [ 49.914975][ T39] smsc95xx v2.0.0 [ 49.943282][ T1931] loop6: detected capacity change from 0 to 512 [ 49.950032][ T1931] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 49.959658][ T1879] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 49.959687][ T1879] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 49.975723][ T1931] EXT4-fs (loop6): 1 truncate cleaned up [ 49.981258][ T1931] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 49.999534][ T28] audit: type=1400 audit(1745462078.061:467): avc: denied { rename } for pid=1930 comm="syz.6.652" name="file2" dev="loop6" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 50.024341][ T1931] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #16: comm syz.6.652: invalid indirect mapped block 3489660928 (level 0) [ 50.038434][ T1931] EXT4-fs (loop6): Remounting filesystem read-only [ 50.044874][ T28] audit: type=1400 audit(1745462078.081:468): avc: denied { ioctl } for pid=1930 comm="syz.6.652" path="/83/file2/file1" dev="loop6" ino=16 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 50.069438][ T1931] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #16: comm syz.6.652: invalid indirect mapped block 6 (level 1) [ 50.083060][ T1931] EXT4-fs (loop6): Remounting filesystem read-only [ 50.104964][ T947] EXT4-fs (loop6): unmounting filesystem. [ 50.134726][ T28] audit: type=1400 audit(1745462078.191:469): avc: denied { block_suspend } for pid=1936 comm="syz.6.653" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 50.210879][ T1941] loop2: detected capacity change from 0 to 8192 [ 50.223253][ T1941] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 50.317781][ T1958] netlink: 76 bytes leftover after parsing attributes in process `syz.6.673'. [ 50.352880][ T1962] loop2: detected capacity change from 0 to 512 [ 50.359684][ T1962] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 50.374301][ T1962] EXT4-fs (loop2): 1 truncate cleaned up [ 50.380134][ T1962] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 50.389435][ T1238] CoreChips: probe of 4-1:0.41 failed with error -71 [ 50.397773][ T1238] usb 4-1: USB disconnect, device number 7 [ 50.401851][ T1968] loop6: detected capacity change from 0 to 1024 [ 50.410095][ T1968] EXT4-fs: Ignoring removed orlov option [ 50.416442][ T1962] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.664: invalid indirect mapped block 3489660928 (level 0) [ 50.430645][ T1962] EXT4-fs (loop2): Remounting filesystem read-only [ 50.431743][ T1968] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 50.437172][ T1962] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.664: invalid indirect mapped block 6 (level 1) [ 50.459265][ T1962] EXT4-fs (loop2): Remounting filesystem read-only [ 50.477265][ T947] EXT4-fs (loop6): unmounting filesystem. [ 50.483965][ T292] EXT4-fs (loop2): unmounting filesystem. [ 50.552808][ T1981] loop6: detected capacity change from 0 to 512 [ 50.571554][ T1981] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 50.583085][ T1981] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.609243][ T1981] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 50.657354][ T947] EXT4-fs (loop6): unmounting filesystem. [ 50.729273][ T39] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 50.826326][ T2014] futex_wake_op: syz.6.687 tries to shift op by -1; fix this program [ 50.874676][ T2019] loop4: detected capacity change from 0 to 2048 [ 50.903472][ T2019] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 50.930029][ T39] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 50.947092][ T39] smsc95xx: probe of 8-1:0.67 failed with error -71 [ 50.958456][ T39] usb 8-1: USB disconnect, device number 2 [ 50.982472][ T294] EXT4-fs (loop4): unmounting filesystem. [ 51.084915][ T2027] loop3: detected capacity change from 0 to 40427 [ 51.092101][ T2027] F2FS-fs (loop3): fault_injection options not supported [ 51.099689][ T2027] F2FS-fs (loop3): invalid crc value [ 51.105934][ T2027] F2FS-fs (loop3): Found nat_bits in checkpoint [ 51.137719][ T2027] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 51.192508][ T378] syz-executor: attempt to access beyond end of device [ 51.192508][ T378] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 51.328819][ T58] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 51.368688][ T2064] loop3: detected capacity change from 0 to 1024 [ 51.375287][ T2064] EXT4-fs: Ignoring removed orlov option [ 51.389590][ T2064] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c018, mo2=0002] [ 51.397517][ T2064] System zones: 0-1, 3-12 [ 51.402783][ T2064] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 51.425233][ T378] EXT4-fs (loop3): unmounting filesystem. [ 51.508825][ T58] usb 7-1: Using ep0 maxpacket: 16 [ 51.520008][ T58] usb 7-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 51.530144][ T2084] loop4: detected capacity change from 0 to 256 [ 51.530625][ T58] usb 7-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 51.558100][ T58] usb 7-1: Product: syz [ 51.572698][ T58] usb 7-1: Manufacturer: syz [ 51.577134][ T58] usb 7-1: SerialNumber: syz [ 51.595141][ T58] usb 7-1: config 0 descriptor?? [ 51.606381][ T58] usb 7-1: selecting invalid altsetting 1 [ 51.625473][ T58] snd-usb-audio: probe of 7-1:0.0 failed with error -22 [ 51.634245][ T435] udevd[435]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 51.803998][ T2099] loop7: detected capacity change from 0 to 40427 [ 51.812410][ T2099] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504) [ 51.815542][ T39] usb 7-1: USB disconnect, device number 7 [ 51.819331][ T2099] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 51.836209][ T2099] F2FS-fs (loop7): invalid crc value [ 51.842794][ T2099] F2FS-fs (loop7): Found nat_bits in checkpoint [ 51.857223][ T2108] loop4: detected capacity change from 0 to 1024 [ 51.879963][ T2108] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 51.890759][ T2108] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.725: bg 0: block 260: invalid block bitmap [ 51.894142][ T2099] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 51.903532][ T2108] EXT4-fs error (device loop4): ext4_free_inode:355: comm syz.4.725: bit already cleared for inode 15 [ 51.910369][ T2099] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 51.928853][ T58] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 51.941622][ T294] EXT4-fs (loop4): unmounting filesystem. [ 51.994296][ T1357] syz-executor: attempt to access beyond end of device [ 51.994296][ T1357] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 52.118816][ T58] usb 3-1: Using ep0 maxpacket: 8 [ 52.130183][ T58] usb 3-1: unable to get BOS descriptor or descriptor too short [ 52.139468][ T58] usb 3-1: config 0 has an invalid interface number: 88 but max is 0 [ 52.147366][ T58] usb 3-1: config 0 has no interface number 0 [ 52.153385][ T58] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 52.164169][ T58] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 52.173808][ T58] usb 3-1: config 0 interface 88 has no altsetting 0 [ 52.192328][ T58] usb 3-1: string descriptor 0 read error: -22 [ 52.198599][ T58] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 52.207745][ T58] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 52.216792][ T58] usb 3-1: config 0 descriptor?? [ 52.222940][ T58] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input16 [ 52.234792][ T28] kauditd_printk_skb: 84 callbacks suppressed [ 52.234804][ T28] audit: type=1400 audit(1745462080.301:554): avc: denied { read } for pid=88 comm="acpid" name="event3" dev="devtmpfs" ino=757 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.268295][ T28] audit: type=1400 audit(1745462080.301:555): avc: denied { open } for pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=757 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.297066][ T435] udevd[435]: Error opening device "/dev/input/event3": Input/output error [ 52.305707][ T435] udevd[435]: Unable to EVIOCGABS device "/dev/input/event3" [ 52.313108][ T435] udevd[435]: Unable to EVIOCGABS device "/dev/input/event3" [ 52.320796][ T435] udevd[435]: Assertion 'close_nointr(fd) != -EBADF' failed at util.c:228, function safe_close(). Aborting. [ 52.337964][ T103] udevd[103]: worker [435] terminated by signal 6 (Aborted) [ 52.345529][ T28] audit: type=1400 audit(1745462080.401:556): avc: denied { map } for pid=2131 comm="syz.3.734" path="socket:[24242]" dev="sockfs" ino=24242 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 52.345604][ T103] udevd[103]: worker [435] failed while handling '/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input16/event3' [ 52.380950][ T1238] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 52.398912][ T28] audit: type=1400 audit(1745462080.431:557): avc: denied { read } for pid=2131 comm="syz.3.734" path="socket:[24242]" dev="sockfs" ino=24242 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 52.428120][ T58] usb 3-1: USB disconnect, device number 10 [ 52.468225][ T28] audit: type=1400 audit(1745462080.501:558): avc: denied { ioctl } for pid=2133 comm="syz.3.735" path="socket:[24754]" dev="sockfs" ino=24754 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 52.494107][ T28] audit: type=1400 audit(1745462080.521:559): avc: denied { create } for pid=2137 comm="syz.6.737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 52.514431][ T28] audit: type=1400 audit(1745462080.521:560): avc: denied { read } for pid=2137 comm="syz.6.737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 52.534683][ T28] audit: type=1400 audit(1745462080.601:561): avc: denied { write } for pid=2137 comm="syz.6.737" path="socket:[24763]" dev="sockfs" ino=24763 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 52.608720][ T2130] loop4: detected capacity change from 0 to 40427 [ 52.619594][ T1238] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 52.635119][ T1238] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 52.646198][ T1238] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 52.659103][ T1238] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 52.673453][ T1238] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.684987][ T2130] F2FS-fs (loop4): Found nat_bits in checkpoint [ 52.685242][ T1238] usb 8-1: config 0 descriptor?? [ 52.768609][ T2130] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 52.805722][ T2130] F2FS-fs (loop4): access invalid blkaddr:2048 [ 52.818819][ T2130] CPU: 1 PID: 2130 Comm: syz.4.733 Not tainted 6.1.129-syzkaller-00018-g6a8cf1324d00 #0 [ 52.828361][ T2130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 52.838267][ T2130] Call Trace: [ 52.841392][ T2130] [ 52.844161][ T2130] dump_stack_lvl+0x151/0x1b7 [ 52.848673][ T2130] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 52.853964][ T2130] ? f2fs_get_next_page_offset+0x770/0x770 [ 52.859607][ T2130] dump_stack+0x15/0x1e [ 52.863605][ T2130] __f2fs_is_valid_blkaddr+0xda6/0x1450 [ 52.868990][ T2130] f2fs_is_valid_blkaddr+0x25/0x30 [ 52.873926][ T2130] f2fs_map_blocks+0xd10/0x4510 [ 52.878624][ T2130] ? f2fs_map_lock+0x260/0x260 [ 52.883217][ T2130] ? xa_load+0x1a1/0x210 [ 52.887299][ T2130] ? xas_find_conflict+0x8c0/0x8c0 [ 52.892246][ T2130] ? folio_unlock+0x5c/0x70 [ 52.896580][ T2130] f2fs_mpage_readpages+0xc65/0x20f0 [ 52.901702][ T2130] ? post_alloc_hook+0x213/0x220 [ 52.906481][ T2130] ? get_page_from_freelist+0x3a98/0x3b10 [ 52.912034][ T2130] ? dquot_release_reservation_block+0xa0/0xa0 [ 52.918044][ T2130] ? __this_cpu_preempt_check+0x13/0x20 [ 52.923401][ T2130] ? memcg_rstat_updated+0x57/0x120 [ 52.928442][ T2130] f2fs_readahead+0xfd/0x250 [ 52.932860][ T2130] ? blk_start_plug+0x9c/0x130 [ 52.937462][ T2130] read_pages+0x1be/0xd40 [ 52.941621][ T2130] ? workingset_activation+0x430/0x430 [ 52.946919][ T2130] ? folio_add_lru+0x280/0x3f0 [ 52.951523][ T2130] ? page_cache_ra_unbounded+0x800/0x800 [ 52.956986][ T2130] ? filemap_add_folio+0x18f/0x200 [ 52.961944][ T2130] ? __filemap_add_folio+0xf60/0xf60 [ 52.967055][ T2130] page_cache_ra_unbounded+0x61f/0x800 [ 52.972360][ T2130] ? readahead_gfp_mask+0x190/0x190 [ 52.977382][ T2130] ? save_fpregs_to_fpstate+0x18f/0x220 [ 52.982774][ T2130] page_cache_ra_order+0x987/0xc40 [ 52.987713][ T2130] ? compat_start_thread+0x20/0x20 [ 52.992658][ T2130] ? do_page_cache_ra+0x110/0x110 [ 52.997516][ T2130] ? finish_task_switch+0x167/0x7b0 [ 53.002552][ T2130] ondemand_readahead+0x925/0xef0 [ 53.007413][ T2130] ? page_cache_sync_ra+0x450/0x450 [ 53.012447][ T2130] ? __futex_queue+0x1c1/0x3c0 [ 53.017048][ T2130] ? blk_cgroup_congested+0x132/0x150 [ 53.022256][ T2130] page_cache_sync_ra+0x3d6/0x450 [ 53.027121][ T2130] f2fs_readdir+0x599/0xc10 [ 53.031459][ T2130] ? f2fs_fill_dentries+0xd00/0xd00 [ 53.036490][ T2130] ? debug_smp_processor_id+0x17/0x20 [ 53.041710][ T2130] ? security_file_permission+0x86/0xb0 [ 53.047074][ T2130] iterate_dir+0x265/0x600 [ 53.051340][ T2130] ? f2fs_fill_dentries+0xd00/0xd00 [ 53.056379][ T2130] __se_sys_getdents64+0x1c1/0x460 [ 53.061332][ T2130] ? __x64_sys_getdents64+0x90/0x90 [ 53.066345][ T2130] ? filldir+0x670/0x670 [ 53.070440][ T2130] ? fpregs_restore_userregs+0x130/0x290 [ 53.075895][ T2130] __x64_sys_getdents64+0x7b/0x90 [ 53.080757][ T2130] x64_sys_call+0x5ae/0x9a0 [ 53.085095][ T2130] do_syscall_64+0x3b/0x80 [ 53.089343][ T2130] ? clear_bhb_loop+0x55/0xb0 [ 53.093859][ T2130] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.099586][ T2130] RIP: 0033:0x7f6bdb78e969 [ 53.103861][ T2130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.123287][ T2130] RSP: 002b:00007f6bdc68b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 53.131529][ T2130] RAX: ffffffffffffffda RBX: 00007f6bdb9b5fa0 RCX: 00007f6bdb78e969 [ 53.139338][ T2130] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 53.147151][ T2130] RBP: 00007f6bdb810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 53.154961][ T2130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.162770][ T2130] R13: 0000000000000000 R14: 00007f6bdb9b5fa0 R15: 00007ffcb57d2d88 [ 53.170585][ T2130] [ 53.175026][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.182573][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.190142][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.197851][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.199898][ T2161] syz.4.733: attempt to access beyond end of device [ 53.199898][ T2161] loop4: rw=2049, sector=45096, nr_sectors = 96 limit=40427 [ 53.206617][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.226198][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.238445][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.245723][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.246119][ T2130] syz.4.733: attempt to access beyond end of device [ 53.246119][ T2130] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 53.253083][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.273792][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.281188][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.287206][ T2130] syz.4.733: attempt to access beyond end of device [ 53.287206][ T2130] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 53.288469][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.323560][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.325463][ T2164] syz.2.747[2164] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.330991][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.347781][ T2164] syz.2.747[2164] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.349318][ T1238] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 53.368055][ T294] syz-executor: attempt to access beyond end of device [ 53.368055][ T294] loop4: rw=2049, sector=45192, nr_sectors = 8 limit=40427 [ 53.368245][ T1238] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 53.393211][ T1238] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0 [ 53.408970][ T28] audit: type=1400 audit(1745462081.471:562): avc: denied { unlink } for pid=2162 comm="syz.3.746" name="#7" dev="tmpfs" ino=807 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 53.409831][ T2165] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 53.461964][ T1238] usb 8-1: USB disconnect, device number 3 [ 53.490527][ T2165] overlayfs: filesystem on './bus' not supported as upperdir [ 53.557920][ T28] audit: type=1400 audit(1745462081.611:563): avc: denied { create } for pid=2170 comm="syz.2.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 53.722712][ T2156] loop6: detected capacity change from 0 to 131072 [ 53.736285][ T2156] F2FS-fs (loop6): Invalid segment/section count (31, 24 x 150994945) [ 53.756824][ T2156] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 53.774966][ T2156] F2FS-fs (loop6): invalid crc value [ 53.802093][ T2156] F2FS-fs (loop6): Found nat_bits in checkpoint [ 53.839500][ T2173] loop3: detected capacity change from 0 to 40427 [ 53.856023][ T2173] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 53.872561][ T2173] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 53.878913][ T2156] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 53.887625][ T2156] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4 [ 53.920072][ T2173] F2FS-fs (loop3): Found nat_bits in checkpoint [ 53.985877][ T2173] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 53.992895][ T2173] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 54.000237][ T58] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 54.209993][ T58] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 54.225284][ T58] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 54.251551][ T58] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 54.275739][ T58] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 54.314054][ T58] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 54.346364][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.378437][ T58] usb 3-1: invalid MIDI out EP 0 [ 54.403786][ T58] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 54.423772][ T1224] udevd[1224]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 54.555649][ T2232] hub 1-0:1.0: USB hub found [ 54.564666][ T2232] hub 1-0:1.0: 1 port detected [ 54.581415][ T39] usb 3-1: USB disconnect, device number 11 [ 54.866110][ T2238] loop6: detected capacity change from 0 to 40427 [ 54.881604][ T2238] F2FS-fs (loop6): fault_injection options not supported [ 54.895159][ T2238] F2FS-fs (loop6): invalid crc value [ 54.901963][ T2238] F2FS-fs (loop6): Found nat_bits in checkpoint [ 54.953762][ T2238] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 55.044917][ T947] syz-executor: attempt to access beyond end of device [ 55.044917][ T947] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 55.158846][ T19] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 55.359927][ T19] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 55.379557][ T19] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 55.398508][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 55.418572][ T19] usb 4-1: SerialNumber: syz [ 55.433562][ T2247] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 55.588806][ T39] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 55.645420][ T2247] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 55.779896][ T39] usb 5-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 55.799405][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.808668][ T39] usb 5-1: config 0 descriptor?? [ 55.989119][ T2271] loop2: detected capacity change from 0 to 131072 [ 56.001329][ T2271] F2FS-fs (loop2): Invalid log sectorsize (67108873) [ 56.007914][ T2271] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 56.019456][ T2271] F2FS-fs (loop2): invalid crc value [ 56.035740][ T2271] F2FS-fs (loop2): Found nat_bits in checkpoint [ 56.061790][ T19] cdc_ether 4-1:1.0 eth1: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 56.085971][ T2271] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 56.093105][ T2271] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 56.162238][ T2271] random: crng reseeded on system resumption [ 56.227993][ T39] kye 0003:0458:4018.000D: hidraw0: USB HID v0.03 Device [HID 0458:4018] on usb-dummy_hcd.4-1/input0 [ 56.428717][ T39] usb 5-1: USB disconnect, device number 10 [ 56.634541][ T2308] hub 1-0:1.0: USB hub found [ 56.644349][ T2308] hub 1-0:1.0: 1 port detected [ 57.320180][ T2322] loop4: detected capacity change from 0 to 40427 [ 57.363037][ T2322] F2FS-fs (loop4): Found nat_bits in checkpoint [ 57.375603][ T2320] loop2: detected capacity change from 0 to 131072 [ 57.388913][ T2320] F2FS-fs (loop2): Test dummy encryption mode enabled [ 57.396906][ T2320] F2FS-fs (loop2): invalid crc value [ 57.429862][ T2320] F2FS-fs (loop2): Found nat_bits in checkpoint [ 57.444731][ T2322] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 57.492901][ T2320] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 57.528903][ T2322] xt_hashlimit: size too large, truncated to 1048576 [ 57.734931][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 57.734948][ T28] audit: type=1400 audit(1745462085.791:597): avc: denied { nlmsg_read } for pid=2343 comm="syz.6.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 57.811424][ T28] audit: type=1400 audit(1745462085.811:598): avc: denied { setopt } for pid=2345 comm="syz.7.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.853267][ T28] audit: type=1400 audit(1745462085.821:599): avc: denied { read } for pid=2343 comm="syz.6.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 57.898944][ T28] audit: type=1400 audit(1745462085.861:600): avc: denied { bind } for pid=2347 comm="syz.7.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.925474][ T19] usb 4-1: USB disconnect, device number 8 [ 57.931844][ T19] cdc_ether 4-1:1.0 eth1: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 58.035336][ T294] syz-executor: attempt to access beyond end of device [ 58.035336][ T294] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 58.088882][ T24] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 58.139696][ T28] audit: type=1400 audit(1745462086.201:601): avc: denied { getopt } for pid=2377 comm="syz.2.831" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 58.180810][ T2382] netlink: 104 bytes leftover after parsing attributes in process `syz.2.833'. [ 58.233588][ T2388] loop4: detected capacity change from 0 to 256 [ 58.238475][ T2390] loop3: detected capacity change from 0 to 128 [ 58.246612][ T2388] exfat: Deprecated parameter 'utf8' [ 58.261748][ T2388] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdd33351c, utbl_chksum : 0xe619d30d) [ 58.280912][ T2390] ext4 filesystem being mounted at /165/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 58.289929][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.332549][ T28] audit: type=1400 audit(1745462086.391:602): avc: denied { write } for pid=2387 comm="syz.4.825" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 58.340926][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.356184][ T28] audit: type=1400 audit(1745462086.391:603): avc: denied { add_name } for pid=2387 comm="syz.4.825" name="hugetlb.2MB.rsvd.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 58.363857][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 58.387526][ T2396] EXT4-fs (loop3): shut down requested (2) [ 58.429161][ T2398] loop4: detected capacity change from 0 to 512 [ 58.440000][ T28] audit: type=1400 audit(1745462086.391:604): avc: denied { associate } for pid=2387 comm="syz.4.825" name="hugetlb.2MB.rsvd.usage_in_bytes" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 58.446412][ T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 58.486626][ T28] audit: type=1400 audit(1745462086.391:605): avc: denied { append } for pid=2387 comm="syz.4.825" path="/153/file0/hugetlb.2MB.rsvd.usage_in_bytes" dev="loop4" ino=1048637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 58.487463][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.513184][ T28] audit: type=1400 audit(1745462086.391:606): avc: denied { map } for pid=2387 comm="syz.4.825" path="/153/file0/hugetlb.2MB.rsvd.usage_in_bytes" dev="loop4" ino=1048637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 58.522676][ T24] usb 7-1: config 0 descriptor?? [ 58.552799][ T2398] EXT4-fs (loop4): 1 orphan inode deleted [ 58.558516][ T2398] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.569747][ T43] EXT4-fs error (device loop4): ext4_release_dquot:6805: comm kworker/u4:2: Failed to release dquot type 1 [ 58.610465][ T2412] loop2: detected capacity change from 0 to 1024 [ 58.635787][ T43] EXT4-fs error (device loop4): ext4_release_dquot:6805: comm kworker/u4:2: Failed to release dquot type 1 [ 58.637359][ T2412] EXT4-fs error (device loop2): ext4_acquire_dquot:6782: comm syz.2.845: Failed to acquire dquot type 0 [ 58.649816][ T2415] netlink: 'syz.3.841': attribute type 4 has an invalid length. [ 58.663027][ T2410] loop7: detected capacity change from 0 to 4096 [ 58.672919][ T2412] EXT4-fs error (device loop2): mb_free_blocks:1815: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 58.696913][ T2412] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #13: comm syz.2.845: corrupted inode contents [ 58.723392][ T2412] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #13: comm syz.2.845: mark_inode_dirty error [ 58.737239][ T2412] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #13: comm syz.2.845: corrupted inode contents [ 58.749459][ T2412] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #13: comm syz.2.845: mark_inode_dirty error [ 58.760859][ T2412] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #13: comm syz.2.845: corrupted inode contents [ 58.779252][ T2412] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 58.806543][ T2412] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #13: comm syz.2.845: corrupted inode contents [ 58.843799][ T19] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 58.851478][ T2412] EXT4-fs error (device loop2): ext4_truncate:4313: inode #13: comm syz.2.845: mark_inode_dirty error [ 58.879105][ T19] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 58.888944][ T2412] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 58.924971][ T2412] EXT4-fs (loop2): 1 truncate cleaned up [ 58.976439][ T24] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 58.991012][ T24] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 59.006657][ T292] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 74: comm syz-executor: path /151/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=768, inode=0, rec_len=0, size=1024 fake=0 [ 59.038949][ T292] EXT4-fs error (device loop2): ext4_acquire_dquot:6782: comm syz-executor: Failed to acquire dquot type 0 [ 59.203161][ T2460] loop3: detected capacity change from 0 to 128 [ 59.241679][ T2460] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 59.303603][ T2463] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.310547][ T2463] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.317646][ T2463] device bridge_slave_0 entered promiscuous mode [ 59.325233][ T2463] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.332196][ T2463] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.339113][ T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 59.339743][ T2463] device bridge_slave_1 entered promiscuous mode [ 59.361237][ T19] usb 7-1: USB disconnect, device number 8 [ 59.491683][ T2463] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.498564][ T2463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.505687][ T2463] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.512468][ T2463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.518835][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 59.527274][ T24] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 59.546051][ T24] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 59.561607][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 59.574582][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.583891][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.585018][ T2487] loop7: detected capacity change from 0 to 4096 [ 59.593495][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.606406][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 59.616831][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.620923][ T2487] EXT4-fs error (device loop7): ext4_get_first_dir_block:3603: inode #12: block 80: comm syz.7.877: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 59.645647][ T2487] EXT4-fs error (device loop7): ext4_get_first_dir_block:3605: inode #12: comm syz.7.877: directory missing '..' [ 59.658363][ T594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.666227][ T594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.687816][ T2463] device veth0_vlan entered promiscuous mode [ 59.703848][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.723658][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.732468][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.740277][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.762870][ T2463] device veth1_macvtap entered promiscuous mode [ 59.770895][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.792852][ T2500] tipc: Started in network mode [ 59.797538][ T2500] tipc: Node identity ac14142f, cluster identity 4711 [ 59.805702][ T2500] tipc: New replicast peer: 0.0.0.0 [ 59.811393][ T2500] tipc: Enabled bearer , priority 10 [ 59.817406][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.831565][ T24] usb 5-1: USB disconnect, device number 11 [ 59.840787][ T594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.851904][ T2500] netlink: 32 bytes leftover after parsing attributes in process `syz.7.884'. [ 59.979889][ T2523] loop8: detected capacity change from 0 to 1024 [ 59.989278][ T2523] EXT4-fs: Ignoring removed orlov option [ 60.093669][ T2544] loop7: detected capacity change from 0 to 1024 [ 60.129342][ T2542] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 60.219960][ T962] device bridge_slave_1 left promiscuous mode [ 60.228877][ T962] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.236205][ T962] device bridge_slave_0 left promiscuous mode [ 60.248994][ T962] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.262539][ T962] device veth1_macvtap left promiscuous mode [ 60.269207][ T962] device veth0_vlan left promiscuous mode [ 60.398824][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 60.406548][ T2583] netlink: 'syz.7.920': attribute type 1 has an invalid length. [ 60.414672][ T2583] netlink: 'syz.7.920': attribute type 2 has an invalid length. [ 60.422887][ T2583] netlink: 'syz.7.920': attribute type 1 has an invalid length. [ 60.430409][ T2583] netlink: 'syz.7.920': attribute type 2 has an invalid length. [ 60.599910][ T24] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 60.611338][ T24] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 60.629001][ T24] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 60.650003][ T24] usb 5-1: config 220 has no interface number 2 [ 60.662644][ T24] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 60.688610][ T24] usb 5-1: config 220 interface 0 has no altsetting 0 [ 60.699646][ T24] usb 5-1: config 220 interface 76 has no altsetting 0 [ 60.710747][ T24] usb 5-1: config 220 interface 1 has no altsetting 0 [ 60.727314][ T24] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 60.744817][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.752843][ T24] usb 5-1: Product: syz [ 60.756895][ T24] usb 5-1: Manufacturer: syz [ 60.761482][ T24] usb 5-1: SerialNumber: syz [ 60.911510][ T2616] loop7: detected capacity change from 0 to 256 [ 60.941783][ T311] tipc: Node number set to 2886997039 [ 60.977210][ T24] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 60.999302][ T24] usb 5-1: No valid video chain found. [ 61.004623][ T24] usb 5-1: selecting invalid altsetting 0 [ 61.068628][ T24] usb 5-1: USB disconnect, device number 12 [ 61.257391][ T2648] netlink: 'syz.3.948': attribute type 280 has an invalid length. [ 61.378326][ T2664] netlink: 'syz.3.955': attribute type 5 has an invalid length. [ 61.430577][ T594] Bluetooth: hci0: Frame reassembly failed (-84) [ 61.734860][ T2692] SELinux: policydb magic number 0x6b7a7973 does not match expected magic number 0xf97cff8c [ 61.755112][ T2692] SELinux: failed to load policy [ 62.538286][ T2772] loop7: detected capacity change from 0 to 1024 [ 62.628252][ T2772] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:3841: comm syz.7.1012: Allocating blocks 497-513 which overlap fs metadata [ 62.673461][ T2772] EXT4-fs (loop7): pa ffff888131ae42a0: logic 256, phys. 385, len 8 [ 62.681351][ T2772] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 62.766155][ T2763] loop3: detected capacity change from 0 to 40427 [ 62.809420][ T2763] F2FS-fs (loop3): heap/no_heap options were deprecated [ 62.816491][ T2763] F2FS-fs (loop3): heap/no_heap options were deprecated [ 62.825272][ T2763] F2FS-fs (loop3): invalid crc value [ 62.832407][ T2763] F2FS-fs (loop3): Found nat_bits in checkpoint [ 62.880269][ T2763] F2FS-fs (loop3): Start checkpoint disabled! [ 62.886793][ T2763] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 63.013741][ T962] kworker/u4:6: attempt to access beyond end of device [ 63.013741][ T962] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 63.069737][ T28] kauditd_printk_skb: 72 callbacks suppressed [ 63.069753][ T28] audit: type=1400 audit(1745462091.131:673): avc: denied { setopt } for pid=2785 comm="syz.7.1006" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 63.110254][ T28] audit: type=1400 audit(1745462091.151:674): avc: denied { bind } for pid=2785 comm="syz.7.1006" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 63.170457][ T2791] No source specified [ 63.306864][ T2797] loop7: detected capacity change from 0 to 1024 [ 63.326110][ T2797] EXT4-fs: Ignoring removed oldalloc option [ 63.372311][ T2797] EXT4-fs (loop7): Online defrag not supported with bigalloc [ 63.470168][ T28] audit: type=1326 audit(1745462091.531:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.493573][ T319] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 63.509057][ T28] audit: type=1326 audit(1745462091.561:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.537424][ T607] Bluetooth: hci0: command 0x1003 tx timeout [ 63.543275][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 63.550823][ T28] audit: type=1326 audit(1745462091.561:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.574339][ T28] audit: type=1326 audit(1745462091.561:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.597771][ T28] audit: type=1326 audit(1745462091.561:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.627218][ T28] audit: type=1326 audit(1745462091.561:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.650923][ T28] audit: type=1326 audit(1745462091.561:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.674513][ T28] audit: type=1326 audit(1745462091.561:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2805 comm="syz.7.1015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f189e18e969 code=0x7ffc0000 [ 63.700734][ T319] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.725545][ T319] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.745995][ T319] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 63.765304][ T319] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 63.774496][ T319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.783211][ T319] usb 4-1: config 0 descriptor?? [ 63.923325][ T2842] loop6: detected capacity change from 0 to 2048 [ 63.988271][ T2859] loop4: detected capacity change from 0 to 2048 [ 63.995325][ T2842] Alternate GPT is invalid, using primary GPT. [ 64.003416][ T2842] loop6: p1 p2 p3 [ 64.036252][ T103] Alternate GPT is invalid, using primary GPT. [ 64.054081][ T103] loop6: p1 p2 p3 [ 64.078465][ T2859] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 64.100409][ T2859] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 10 with max blocks 23 with error 28 [ 64.128537][ T434] udevd[434]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 64.136822][ T2859] EXT4-fs (loop4): This should not happen!! Data will be lost [ 64.136822][ T2859] [ 64.147577][ T314] udevd[314]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 64.148071][ T1223] udevd[1223]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 64.158513][ T2859] EXT4-fs (loop4): Total free blocks count 0 [ 64.173264][ T2859] EXT4-fs (loop4): Free/Dirty block details [ 64.187801][ T2859] EXT4-fs (loop4): free_blocks=66060304 [ 64.198457][ T2859] EXT4-fs (loop4): dirty_blocks=48 [ 64.203732][ T2859] EXT4-fs (loop4): Block reservation details [ 64.204628][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.209769][ T2859] EXT4-fs (loop4): i_reserved_data_blocks=3 [ 64.230934][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.235362][ T2886] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 32 with error 28 [ 64.273113][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.277298][ T2891] netlink: 'syz.6.1054': attribute type 2 has an invalid length. [ 64.290875][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.294774][ T2886] EXT4-fs (loop4): This should not happen!! Data will be lost [ 64.294774][ T2886] [ 64.308810][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.322793][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.331660][ T2898] loop6: detected capacity change from 0 to 1024 [ 64.335945][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.346782][ T2898] EXT4-fs: dax option not supported [ 64.351458][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.359343][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.366547][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.374075][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.381431][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.388658][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.396158][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.403405][ T319] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 64.411019][ T319] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 64.428918][ T319] plantronics 0003:047F:FFFF.0010: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 64.448243][ T319] usb 4-1: USB disconnect, device number 9 [ 64.468275][ T2907] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1060'. [ 64.593515][ T2928] netlink: 'syz.8.1069': attribute type 2 has an invalid length. [ 64.777304][ T2949] loop6: detected capacity change from 0 to 512 [ 64.791030][ T2949] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #3: comm syz.6.1079: corrupted inode contents [ 64.803231][ T2949] EXT4-fs error (device loop6): ext4_dirty_inode:6091: inode #3: comm syz.6.1079: mark_inode_dirty error [ 64.815408][ T2949] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #3: comm syz.6.1079: corrupted inode contents [ 64.827446][ T2949] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #3: comm syz.6.1079: mark_inode_dirty error [ 64.838998][ T2949] EXT4-fs error (device loop6): ext4_acquire_dquot:6782: comm syz.6.1079: Failed to acquire dquot type 0 [ 64.851063][ T2949] EXT4-fs (loop6): 1 orphan inode deleted [ 64.856772][ T2949] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.864205][ T2943] loop4: detected capacity change from 0 to 40427 [ 64.879095][ T962] EXT4-fs error (device loop6): ext4_release_dquot:6805: comm kworker/u4:6: Failed to release dquot type 1 [ 64.883463][ T2943] F2FS-fs (loop4): Found nat_bits in checkpoint [ 64.932246][ T2943] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 64.968318][ T294] syz-executor: attempt to access beyond end of device [ 64.968318][ T294] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 65.019148][ T2963] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1083'. [ 65.066592][ T2967] loop7: detected capacity change from 0 to 2048 [ 65.112284][ T2971] loop4: detected capacity change from 0 to 256 [ 65.311657][ T2986] loop6: detected capacity change from 0 to 512 [ 65.320778][ T2986] ext4 filesystem being mounted at /177/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 65.335049][ T2986] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #2: comm syz.6.1092: corrupted inode contents [ 65.346907][ T2986] EXT4-fs error (device loop6): ext4_dirty_inode:6091: inode #2: comm syz.6.1092: mark_inode_dirty error [ 65.358432][ T2986] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #2: comm syz.6.1092: corrupted inode contents [ 65.370523][ T2986] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #2: comm syz.6.1092: mark_inode_dirty error [ 65.389171][ T58] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 65.476274][ T2998] loop6: detected capacity change from 0 to 1024 [ 65.482968][ T2998] EXT4-fs: Ignoring removed nomblk_io_submit option [ 65.492442][ T2998] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.503915][ T2998] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 65.548564][ T3006] loop6: detected capacity change from 0 to 256 [ 65.566786][ T3006] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 65.579034][ T58] usb 5-1: Using ep0 maxpacket: 16 [ 65.592201][ T58] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 65.608846][ T58] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 65.617803][ T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.625937][ T58] usb 5-1: Product: syz [ 65.630185][ T58] usb 5-1: Manufacturer: syz [ 65.634622][ T58] usb 5-1: SerialNumber: syz [ 65.828194][ T313] Bluetooth: hci0: Frame reassembly failed (-84) [ 65.853716][ T3023] loop3: detected capacity change from 0 to 4096 [ 65.930115][ T3030] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1109'. [ 66.051837][ T58] usb 5-1: 0:2 : does not exist [ 66.454898][ T58] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 66.465386][ T58] usb 5-1: USB disconnect, device number 13 [ 66.575754][ T3075] loop3: detected capacity change from 0 to 512 [ 66.583405][ T3075] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 66.591850][ T3075] EXT4-fs (loop3): orphan cleanup on readonly fs [ 66.598257][ T3075] EXT4-fs warning (device loop3): ext4_enable_quotas:7017: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 66.612862][ T3075] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 66.619749][ T3075] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2925: inode #16: comm syz.3.1130: corrupted xattr block 31 [ 66.632108][ T3075] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 66.645687][ T3075] EXT4-fs (loop3): 1 orphan inode deleted [ 66.669203][ T2878] udevd[2878]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 66.771826][ T3088] fuse: Invalid group_id [ 66.809913][ T3090] loop3: detected capacity change from 0 to 8192 [ 66.923938][ T3104] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1142'. [ 66.932878][ T3104] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1142'. [ 66.942095][ T3104] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1142'. [ 67.016467][ T3119] loop4: detected capacity change from 0 to 2048 [ 67.035631][ T3121] 9p: Unknown access argument ÿ: -22 [ 67.040729][ T3119] ext4 filesystem being mounted at /196/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.175152][ T3126] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1150: bg 0: block 345: padding at end of block bitmap is not set [ 67.189682][ T3126] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 117 [ 67.202266][ T3126] EXT4-fs (loop4): This should not happen!! Data will be lost [ 67.202266][ T3126] [ 67.222128][ T43] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 2048 with error 117 [ 67.234596][ T43] EXT4-fs (loop4): This should not happen!! Data will be lost [ 67.234596][ T43] [ 67.257954][ T43] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2081 with max blocks 2024 with error 28 [ 67.270697][ T43] EXT4-fs (loop4): This should not happen!! Data will be lost [ 67.270697][ T43] [ 67.280227][ T43] EXT4-fs (loop4): Total free blocks count 0 [ 67.285955][ T43] EXT4-fs (loop4): Free/Dirty block details [ 67.291723][ T43] EXT4-fs (loop4): free_blocks=0 [ 67.296448][ T43] EXT4-fs (loop4): dirty_blocks=2032 [ 67.351274][ T3131] loop4: detected capacity change from 0 to 512 [ 67.360904][ T3131] ext4 filesystem being mounted at /197/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.407482][ T3131] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 67.428694][ T3136] input: syz0 as /devices/virtual/input/input18 [ 67.487001][ T3144] device batadv_slave_1 entered promiscuous mode [ 67.493640][ T3143] device batadv_slave_1 left promiscuous mode [ 67.526117][ T3146] SELinux: unknown common Ee [ 67.531974][ T3146] SELinux: failed to load policy [ 67.548905][ T3148] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1161'. [ 67.759957][ T43] Bluetooth: hci1: Frame reassembly failed (-84) [ 67.838859][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 67.838869][ T3167] Bluetooth: hci0: command 0x1003 tx timeout [ 67.850886][ T3021] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 68.094041][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 68.094057][ T28] audit: type=1400 audit(1745462096.151:718): avc: denied { ioctl } for pid=3199 comm="syz.6.1184" path="socket:[28429]" dev="sockfs" ino=28429 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 68.136795][ T3202] ================================================================== [ 68.144672][ T3202] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480 [ 68.151523][ T3202] Write of size 8 at addr ffff888112bc0a00 by task syz.6.1185/3202 [ 68.159260][ T3202] [ 68.161421][ T3202] CPU: 0 PID: 3202 Comm: syz.6.1185 Not tainted 6.1.129-syzkaller-00018-g6a8cf1324d00 #0 [ 68.171056][ T3202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 68.180951][ T3202] Call Trace: [ 68.184081][ T3202] [ 68.186865][ T3202] dump_stack_lvl+0x151/0x1b7 [ 68.191366][ T3202] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 68.196666][ T3202] ? _printk+0xd1/0x111 [ 68.200654][ T3202] ? __virt_addr_valid+0x242/0x2f0 [ 68.205605][ T3202] print_report+0x158/0x4e0 [ 68.209943][ T3202] ? __virt_addr_valid+0x242/0x2f0 [ 68.214905][ T3202] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 68.220963][ T3202] ? enqueue_timer+0xa6/0x480 [ 68.225478][ T3202] kasan_report+0x13c/0x170 [ 68.229817][ T3202] ? enqueue_timer+0xa6/0x480 [ 68.234364][ T3202] __asan_report_store8_noabort+0x17/0x20 [ 68.239897][ T3202] enqueue_timer+0xa6/0x480 [ 68.244227][ T3202] __mod_timer+0x8d3/0xcf0 [ 68.248476][ T3202] ? mod_timer_pending+0x30/0x30 [ 68.253247][ T3202] ? __kasan_kmalloc+0x9c/0xb0 [ 68.257860][ T3202] mod_timer+0x1f/0x30 [ 68.261751][ T3202] can_pernet_init+0x1dd/0x2d0 [ 68.266366][ T3202] ops_init+0x1cd/0x480 [ 68.270345][ T3202] setup_net+0x4ca/0xd60 [ 68.274424][ T3202] ? copy_net_ns+0x5b0/0x5b0 [ 68.278849][ T3202] ? __kasan_kmalloc+0x9c/0xb0 [ 68.283465][ T3202] copy_net_ns+0x35f/0x5b0 [ 68.287706][ T3202] create_new_namespaces+0x416/0x670 [ 68.292827][ T3202] unshare_nsproxy_namespaces+0x126/0x180 [ 68.298391][ T3202] ksys_unshare+0x545/0x980 [ 68.302719][ T3202] ? sighand_ctor+0x60/0x60 [ 68.307056][ T3202] ? debug_smp_processor_id+0x17/0x20 [ 68.312285][ T3202] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 68.318187][ T3202] ? exit_to_user_mode_prepare+0x39/0xa0 [ 68.323633][ T3202] __x64_sys_unshare+0x38/0x40 [ 68.328232][ T3202] x64_sys_call+0x728/0x9a0 [ 68.332573][ T3202] do_syscall_64+0x3b/0x80 [ 68.336826][ T3202] ? clear_bhb_loop+0x55/0xb0 [ 68.341345][ T3202] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.347069][ T3202] RIP: 0033:0x7f511a78e969 [ 68.351321][ T3202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.370931][ T3202] RSP: 002b:00007f511b531038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 68.379175][ T3202] RAX: ffffffffffffffda RBX: 00007f511a9b5fa0 RCX: 00007f511a78e969 [ 68.386998][ T3202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000062040200 [ 68.394797][ T3202] RBP: 00007f511a810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 68.402608][ T3202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.410428][ T3202] R13: 0000000000000001 R14: 00007f511a9b5fa0 R15: 00007ffde86bc258 [ 68.418249][ T3202] [ 68.421095][ T3202] [ 68.423267][ T3202] Allocated by task 3021: [ 68.427443][ T3202] kasan_set_track+0x4b/0x70 [ 68.431943][ T3202] kasan_save_alloc_info+0x1f/0x30 [ 68.436889][ T3202] __kasan_kmalloc+0x9c/0xb0 [ 68.441316][ T3202] __kmalloc+0xb4/0x1e0 [ 68.445313][ T3202] hci_alloc_dev_priv+0x27/0x1c00 [ 68.450169][ T3202] hci_uart_tty_ioctl+0x401/0xa70 [ 68.455035][ T3202] tty_ioctl+0x903/0xc50 [ 68.459112][ T3202] __se_sys_ioctl+0x114/0x190 [ 68.463635][ T3202] __x64_sys_ioctl+0x7b/0x90 [ 68.468049][ T3202] x64_sys_call+0x98/0x9a0 [ 68.472301][ T3202] do_syscall_64+0x3b/0x80 [ 68.476555][ T3202] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.482283][ T3202] [ 68.484453][ T3202] Freed by task 3021: [ 68.488273][ T3202] kasan_set_track+0x4b/0x70 [ 68.492700][ T3202] kasan_save_free_info+0x2b/0x40 [ 68.497561][ T3202] ____kasan_slab_free+0x131/0x180 [ 68.502507][ T3202] __kasan_slab_free+0x11/0x20 [ 68.507105][ T3202] __kmem_cache_free+0x21d/0x410 [ 68.511880][ T3202] kfree+0x7a/0xf0 [ 68.515439][ T3202] hci_release_dev+0x14d3/0x1640 [ 68.520211][ T3202] bt_host_release+0x83/0xa0 [ 68.524640][ T3202] device_release+0x95/0x1c0 [ 68.529066][ T3202] kobject_put+0x178/0x260 [ 68.533330][ T3202] put_device+0x1f/0x30 [ 68.537323][ T3202] hci_dev_cmd+0x2be/0x9b0 [ 68.541562][ T3202] hci_sock_ioctl+0x415/0x7f0 [ 68.546082][ T3202] sock_do_ioctl+0x152/0x3b0 [ 68.550501][ T3202] sock_ioctl+0x455/0x740 [ 68.554668][ T3202] __se_sys_ioctl+0x114/0x190 [ 68.559180][ T3202] __x64_sys_ioctl+0x7b/0x90 [ 68.563610][ T3202] x64_sys_call+0x98/0x9a0 [ 68.567872][ T3202] do_syscall_64+0x3b/0x80 [ 68.572115][ T3202] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.577842][ T3202] [ 68.580013][ T3202] Last potentially related work creation: [ 68.585592][ T3202] kasan_save_stack+0x3b/0x60 [ 68.590180][ T3202] __kasan_record_aux_stack+0xb4/0xc0 [ 68.595375][ T3202] kasan_record_aux_stack_noalloc+0xb/0x10 [ 68.601022][ T3202] insert_work+0x56/0x310 [ 68.605184][ T3202] __queue_work+0x9b6/0xd70 [ 68.609520][ T3202] queue_work_on+0x105/0x170 [ 68.613949][ T3202] __hci_cmd_sync_sk+0xc2a/0xf70 [ 68.618720][ T3202] hci_cmd_sync_status+0x52/0x130 [ 68.623589][ T3202] hci_dev_cmd+0x771/0x9b0 [ 68.627837][ T3202] hci_sock_ioctl+0x415/0x7f0 [ 68.632346][ T3202] sock_do_ioctl+0x152/0x3b0 [ 68.636787][ T3202] sock_ioctl+0x455/0x740 [ 68.640949][ T3202] __se_sys_ioctl+0x114/0x190 [ 68.645454][ T3202] __x64_sys_ioctl+0x7b/0x90 [ 68.649880][ T3202] x64_sys_call+0x98/0x9a0 [ 68.654130][ T3202] do_syscall_64+0x3b/0x80 [ 68.658384][ T3202] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.664117][ T3202] [ 68.666281][ T3202] Second to last potentially related work creation: [ 68.672718][ T3202] kasan_save_stack+0x3b/0x60 [ 68.677219][ T3202] __kasan_record_aux_stack+0xb4/0xc0 [ 68.682428][ T3202] kasan_record_aux_stack_noalloc+0xb/0x10 [ 68.688066][ T3202] insert_work+0x56/0x310 [ 68.692234][ T3202] __queue_work+0x9b6/0xd70 [ 68.696586][ T3202] queue_work_on+0x105/0x170 [ 68.701001][ T3202] hci_cmd_timeout+0x199/0x200 [ 68.705604][ T3202] process_one_work+0x73d/0xcb0 [ 68.710290][ T3202] worker_thread+0xa60/0x1260 [ 68.714799][ T3202] kthread+0x26d/0x300 [ 68.718703][ T3202] ret_from_fork+0x1f/0x30 [ 68.722958][ T3202] [ 68.725129][ T3202] The buggy address belongs to the object at ffff888112bc0000 [ 68.725129][ T3202] which belongs to the cache kmalloc-8k of size 8192 [ 68.739014][ T3202] The buggy address is located 2560 bytes inside of [ 68.739014][ T3202] 8192-byte region [ffff888112bc0000, ffff888112bc2000) [ 68.752293][ T3202] [ 68.754464][ T3202] The buggy address belongs to the physical page: [ 68.760717][ T3202] page:ffffea00044af000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112bc0 [ 68.770808][ T3202] head:ffffea00044af000 order:3 compound_mapcount:0 compound_pincount:0 [ 68.778959][ T3202] flags: 0x4000000000010200(slab|head|zone=1) [ 68.784859][ T3202] raw: 4000000000010200 ffffea0004494400 dead000000000003 ffff888100043500 [ 68.793269][ T3202] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 68.801684][ T3202] page dumped because: kasan: bad access detected [ 68.807946][ T3202] page_owner tracks the page as allocated [ 68.813486][ T3202] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 292, tgid 292 (syz-executor), ts 21586274066, free_ts 21565748083 [ 68.834488][ T3202] post_alloc_hook+0x213/0x220 [ 68.839087][ T3202] prep_new_page+0x1b/0x110 [ 68.843428][ T3202] get_page_from_freelist+0x3a98/0x3b10 [ 68.848808][ T3202] __alloc_pages+0x234/0x610 [ 68.853234][ T3202] alloc_slab_page+0x6c/0xf0 [ 68.857662][ T3202] new_slab+0x90/0x3e0 [ 68.861568][ T3202] ___slab_alloc+0x6f9/0xb80 [ 68.865993][ T3202] __slab_alloc+0x5d/0xa0 [ 68.870172][ T3202] __kmem_cache_alloc_node+0x207/0x2a0 [ 68.875466][ T3202] __kmalloc_node+0xa3/0x1e0 [ 68.879895][ T3202] kvmalloc_node+0x221/0x640 [ 68.884324][ T3202] pfifo_fast_init+0x25e/0x7a0 [ 68.888906][ T3202] qdisc_create_dflt+0x144/0x3e0 [ 68.893677][ T3202] dev_activate+0x2fd/0x1130 [ 68.898104][ T3202] __dev_open+0x3c7/0x4e0 [ 68.902325][ T3202] __dev_change_flags+0x1db/0x6e0 [ 68.907133][ T3202] page last free stack trace: [ 68.911653][ T3202] free_unref_page_prepare+0x9f1/0xa00 [ 68.916940][ T3202] free_unref_page+0xb2/0x5c0 [ 68.921450][ T3202] __free_pages+0x61/0xf0 [ 68.925629][ T3202] __free_slab+0xce/0x1a0 [ 68.929897][ T3202] __unfreeze_partials+0x165/0x1a0 [ 68.934859][ T3202] put_cpu_partial+0xa9/0x100 [ 68.939352][ T3202] __slab_free+0x1c8/0x280 [ 68.943617][ T3202] ___cache_free+0xc6/0xd0 [ 68.947859][ T3202] qlist_free_all+0xc5/0x140 [ 68.952286][ T3202] kasan_quarantine_reduce+0x15a/0x180 [ 68.957581][ T3202] __kasan_slab_alloc+0x24/0x80 [ 68.962266][ T3202] slab_post_alloc_hook+0x53/0x2c0 [ 68.967212][ T3202] __kmem_cache_alloc_node+0x193/0x2a0 [ 68.972564][ T3202] kmalloc_trace+0x2a/0xa0 [ 68.976781][ T3202] syslog_print+0x10c/0x600 [ 68.981101][ T3202] do_syslog+0x732/0x7f0 [ 68.985182][ T3202] [ 68.987350][ T3202] Memory state around the buggy address: [ 68.992829][ T3202] ffff888112bc0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.000718][ T3202] ffff888112bc0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.008620][ T3202] >ffff888112bc0a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.016510][ T3202] ^ [ 69.020419][ T3202] ffff888112bc0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.028335][ T3202] ffff888112bc0b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.036215][ T3202] ================================================================== [ 69.044113][ T3202] Disabling lock debugging due to kernel taint [ 69.052782][ T311] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 69.067333][ T28] audit: type=1400 audit(1745462097.121:719): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.109092][ T28] audit: type=1400 audit(1745462097.121:720): avc: denied { remove_name } for pid=85 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.132125][ T28] audit: type=1400 audit(1745462097.121:721): avc: denied { rename } for pid=85 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.154176][ T28] audit: type=1400 audit(1745462097.121:722): avc: denied { add_name } for pid=85 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.177633][ T28] audit: type=1400 audit(1745462097.121:723): avc: denied { unlink } for pid=85 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.199693][ T28] audit: type=1400 audit(1745462097.121:724): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.250100][ T311] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.260842][ T311] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.270541][ T311] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 69.283249][ T311] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 69.292074][ T311] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.300640][ T311] usb 8-1: config 0 descriptor?? [ 69.708686][ T311] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 69.717597][ T311] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0 [ 69.828819][ T3171] Bluetooth: hci1: command 0x1003 tx timeout [ 69.829551][ T607] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 69.908846][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 69.920473][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 69.928735][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.1.129-syzkaller-00018-g6a8cf1324d00 #0 [ 69.939487][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 69.949369][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 69.954490][ C0] Code: 39 03 0f 84 40 01 00 00 e8 cc 57 2a 00 4c 89 e7 e8 34 46 d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 20 07 72 00 49 8b 3e e8 e8 3e d7 [ 69.973949][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 69.979833][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d580 [ 69.987689][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 69.995458][ C0] RBP: ffffc90000007d00 R08: ffffffff814ae03b R09: 0000000000000007 [ 70.003267][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888112bc09c8 [ 70.011083][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888112bc09e0 [ 70.018909][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 70.019508][ T58] usb 8-1: USB disconnect, device number 4 [ 70.027656][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.027674][ C0] CR2: 00007f883ff80178 CR3: 0000000120336000 CR4: 00000000003506b0 [ 70.047535][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.055345][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.063169][ C0] Call Trace: [ 70.066280][ C0] [ 70.068973][ C0] ? __die_body+0x62/0xb0 [ 70.073136][ C0] ? die_addr+0x9f/0xd0 [ 70.077127][ C0] ? exc_general_protection+0x317/0x4c0 [ 70.082513][ C0] ? asm_exc_general_protection+0x27/0x30 [ 70.088065][ C0] ? __queue_work+0x28b/0xd70 [ 70.092578][ C0] ? __queue_work+0x4f1/0xd70 [ 70.097090][ C0] ? __queue_work+0x29c/0xd70 [ 70.101606][ C0] delayed_work_timer_fn+0x61/0x80 [ 70.106550][ C0] ? queue_work_node+0x1d0/0x1d0 [ 70.111325][ C0] call_timer_fn+0x3b/0x2d0 [ 70.115665][ C0] ? queue_work_node+0x1d0/0x1d0 [ 70.120439][ C0] __run_timers+0x756/0xa10 [ 70.124782][ C0] ? calc_index+0x270/0x270 [ 70.129116][ C0] ? asm_sysvec_call_function_single+0x1b/0x20 [ 70.135108][ C0] run_timer_softirq+0x69/0xf0 [ 70.139718][ C0] handle_softirqs+0x1db/0x650 [ 70.144318][ C0] ? irqtime_account_irq+0xdc/0x260 [ 70.149341][ C0] __irq_exit_rcu+0x52/0xf0 [ 70.153677][ C0] irq_exit_rcu+0x9/0x10 [ 70.157757][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 70.163224][ C0] [ 70.166027][ C0] [ 70.168787][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 70.174600][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760 [ 70.179979][ C0] Code: 89 de 48 83 e6 08 31 ff e8 87 35 53 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 33 31 53 fc 0f 00 2d fc 4d ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30 [ 70.199419][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3 [ 70.205321][ C0] RAX: ffffffff8522091d RBX: 0000000000000000 RCX: ffffffff8701d580 [ 70.213131][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 70.220944][ C0] RBP: ffffffff87007c10 R08: ffffffff85220909 R09: fffffbfff0e03ab1 [ 70.228758][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 70.236571][ C0] R13: ffff88810a39d804 R14: dffffc0000000000 R15: ffff8881097fd064 [ 70.244412][ C0] ? acpi_idle_enter+0x3f9/0x760 [ 70.249150][ C0] ? acpi_idle_enter+0x40d/0x760 [ 70.253926][ C0] ? intel_idle_xstate+0xa0/0xa0 [ 70.258697][ C0] cpuidle_enter_state+0x5eb/0x17f0 [ 70.263733][ C0] ? cpuidle_enter_s2idle+0x600/0x600 [ 70.268939][ C0] ? menu_enable_device+0x380/0x380 [ 70.273980][ C0] ? __sched_text_start+0x8/0x8 [ 70.278661][ C0] cpuidle_enter+0x5f/0xa0 [ 70.282919][ C0] do_idle+0x3d1/0x580 [ 70.286820][ C0] ? ct_irq_exit+0x9/0x10 [ 70.290986][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 70.296031][ C0] cpu_startup_entry+0x44/0x60 [ 70.300617][ C0] rest_init+0x10b/0x130 [ 70.304696][ C0] ? time_init+0x38/0x38 [ 70.308792][ C0] arch_call_rest_init+0xe/0xe [ 70.313375][ C0] start_kernel+0x46c/0x4d8 [ 70.317720][ C0] x86_64_start_reservations+0x2a/0x2c [ 70.323010][ C0] x86_64_start_kernel+0x7c/0x81 [ 70.327783][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 70.333515][ C0] [ 70.336389][ C0] Modules linked in: [ 70.340113][ C0] ---[ end trace 0000000000000000 ]--- [ 70.345410][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 70.350526][ C0] Code: 39 03 0f 84 40 01 00 00 e8 cc 57 2a 00 4c 89 e7 e8 34 46 d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 20 07 72 00 49 8b 3e e8 e8 3e d7 [ 70.369996][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 70.375868][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d580 [ 70.383677][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 70.391488][ C0] RBP: ffffc90000007d00 R08: ffffffff814ae03b R09: 0000000000000007 [ 70.399314][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888112bc09c8 [ 70.407114][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888112bc09e0 [ 70.414924][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 70.423691][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.430112][ C0] CR2: 00007f883ff80178 CR3: 0000000120336000 CR4: 00000000003506b0 [ 70.437924][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.445735][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.453545][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 70.460876][ C0] Kernel Offset: disabled [ 70.465004][ C0] Rebooting in 86400 seconds..