last executing test programs: 5.127057274s ago: executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='block_split\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='block_split\x00', r0}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40001) 5.066889194s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000008c0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) 5.040582148s ago: executing program 3: pselect6(0x40, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_read_part_table(0x4044, &(0x7f0000004040)="$eJzszjFKxGAUBODJavBHtrCwE1aDIFvGziq3yAVyBmsLcxPL4AEsBS9mJRJNExBR9vu6x5uBCf/Sy/C8f0uumoxtm5Qkxwux9jb1adlkm+T++7uffmMrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwx5RV6eEi40OXu21STpI8HqXudlXOkyZnH6nXz8JmVu9T/cBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCw1OviT9cZu12VkjQ3X5+XC4X97Oqn1QMBAAAAAIB3duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTiQAQAAABDmb51H+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYKQAA//8fog11") 4.915627277s ago: executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) ioctl$TCFLSH(r0, 0x400455c8, 0x0) 3.582813147s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.current\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000100), 0x1001) write$cgroup_pid(r3, &(0x7f0000000340), 0xfdef) 3.549775412s ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4}, 0x8}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kvm_mmio\x00', r3}, 0x10) r4 = epoll_create(0x802) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000300)) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x5437, 0x0) capset(0x0, &(0x7f0000000280)) fchdir(0xffffffffffffffff) bpf$ENABLE_STATS(0x20, 0x0, 0x0) ioprio_get$pid(0x1, r0) 2.592087603s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r1], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10) 2.585744473s ago: executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="280000000000000029000000390000000002020100000000ff01020000000000000000000000000118"], 0x40}}, {{&(0x7f0000000300)={0xa, 0x4e23, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000000c40)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}], 0x28}}], 0x2, 0x0) 2.580749934s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_da_write_pages_extent\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='ext4_da_write_pages_extent\x00', r3}, 0x10) write$cgroup_type(r2, &(0x7f0000000180), 0xf000) 2.578311324s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) ioctl$FS_IOC_RESVSP(r1, 0x40086602, &(0x7f0000000000)={0x0, 0x0, 0x7, 0x2000000000}) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) r5 = syz_usb_connect$uac1(0x6, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES64=r5, @ANYRES64=r2], 0x0}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000280)=0xf000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000178500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00'}, 0x10) ioctl$TUNSETOFFLOAD(r8, 0x4004662b, 0x20001412) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) syz_emit_ethernet(0x11a, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaa290000000000008847000004000000000000000000000000000000000000000000637a832000cc0600fc020000000000000000000000000001000000000000000000000000000000012f0c040601180800ff020000000000000000000000000001fc02000000000000000000000000000120010000000000000000000000000001fc010000000000000000000000000000fc000000000000000000000000000000ff0200000000000000", @ANYRES32=0x41424344, @ANYRES32, @ANYBLOB="9102000090780001220e8d8cf763924b899286bbc93a00002fe4f61036d23b34c448989450b71fec512da2c8800052ccb37d0608401383d7ea900bb3d9d7c8b72a987b8fed740d8a1d132da887a35e4c162931e3b1e1d7aa"], &(0x7f0000000600)={0x1, 0x3, [0x8c1, 0x83a, 0xf99, 0x65]}) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3, &(0x7f0000000040), 0x7, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8afToi3vrmpz/78W++/dYfvvb+35b+cfOHaVq3s/FedQxDu/RSjJ9YvjzS35tiq0IAAB4Hz0bEMxHxYkR8JcoxFmduRgMAAACPoeY3Jq51mgAAAMDlVIiIiUgKlex634koFCqV9jW8X4gnC7X6buOra/W97dV0LGIySoW1jVp1NrtWeDJKSbo812o/WH61a3k+uwb3w/L1dLk1BgAAAIzGYtf+/6fl9v4/AAAAcMn0Phk/NvI8AAAAgIvjYnwAAAC4/Oz/AwAAwKX23XfeSafm/aN7rfsArL63v7dZf+/WanV3s7K1t1JZqe/cqazX6+u1amWA/wio1et3XovtvbszjeJuY2Z3/2Bpq7633Vhq3dd7qfrMCGoCAAAATnr6hY/+kkTE4devt6bUE9lYKdfMgEdIUuzquP3lnDIBhuLcH/IztXcxiQAj1/03Hbg67OMDSXdH14bBeL9NhT92d9z4v7FscwAAQD6mv+j8P1xVhbwTAHLzk7wTAHIz8LH4qYvNAxi9ktv8wZV36vx/l/F+A6fO//fTbJ4rIQAAYOgm2rPDyM4FTkShUKl8dlowWduoVWcj4vMR8edy6Vq6PJdjvgAAAAAAAAAAAAAAAAAAAAAAAADwOGo2k2gCAAAAl1pE4e9Jdv+v6fLLE93HB55I/lNuzSPi/V+++/O7y43Gzlza/6/P+hu/yPpfzeMIBgAAAFxFpTNHO/vpnf14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABim+0f3VjrTKON+shjXY7JX/GKMt+bjUYqIJ/+dRPHY45KIGBtC/MMPIuK5XvGTNK2YzLLojl+IiOs5x39qCPHhKvtoMSLe7vX+K8RUa977/VfMpof1yWLrTd4zfmf9N9Zn/fe5AWM8//HvZvrG/yDi+WLv9U8nftIn/ksDxr/9/YODfmPNX0dM9/z7k7RnhewbG1t3Znb3D25tbC2vV9er2/Pzc28svLnw+sLszNpGrZp97Rnjp1/6/eGHfetvBzgev1PnZDvDH/Wr/+UB6//vx3ePnm03S6fjR9x8qffP/7nWvPfrn/5OvJK9POn4dKd92G4fd+O3f7rRL7c0/mqf17/98y83H8Qvnqj/5mDlH6/5V4M9BAC4SLv7B5vLtVp1ZwSNF18b3hMmrUa6FTSi5PNudA52PCr5jOcT/VrkW/u3Hvp5OpvDD/M8fx1aXek+Q++hHFdKAADAhXiw0Z93JgAAAAAAAAAAAAAAAAAAAHB1tf7/f+ycHwT4wvk+aaw75mE+pQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOl/AQAA//9DhsFC") 2.495291658s ago: executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)={0xb8, 0x0, 0x0, [{{}, {0x0, 0x0, 0x9, 0x0, 'trans=fd,'}}]}, 0xb8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = dup2(r3, r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) r5 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) symlinkat(&(0x7f0000000040)='./file0\x00', r5, &(0x7f0000000080)='./file0\x00') 1.610581327s ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000100), 0x1001) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r2}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 1.605218527s ago: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) ioctl$TCFLSH(r0, 0x400455c8, 0x0) 1.604449718s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r1], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10) 1.451217912s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) 155.061856ms ago: executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x6c, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x18, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @local}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @loopback}}}}]}]}, 0x6c}}, 0x0) 154.900466ms ago: executing program 1: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = open(&(0x7f0000000040)='./bus\x00', 0x1451c2, 0x0) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x800000009) lseek(r2, 0x0, 0x4) 154.817646ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = dup2(r2, r2) setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, 0x0, 0x0) 154.605266ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_da_write_pages_extent\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='ext4_da_write_pages_extent\x00', r3}, 0x10) write$cgroup_type(r2, &(0x7f0000000180), 0xf000) 154.303796ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='ext4_es_find_extent_range_enter\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='ext4_es_find_extent_range_enter\x00', r1}, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) 154.104526ms ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000340)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 153.749346ms ago: executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='9p_protocol_dump\x00', r0}, 0x10) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents64(r4, 0x0, 0x0) 150.472276ms ago: executing program 4: r0 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}, {0x0}], 0x2, &(0x7f0000000380)=[@hoplimit_2292={{0x14}}], 0x18}}], 0x1, 0x0) 150.272556ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40042, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000080)={0x31}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x69}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='sys_enter\x00', r3}, 0x10) socket(0x1e, 0x0, 0x0) socket(0x0, 0x4, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, 0x0, &(0x7f00000002c0)}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r5}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x5, &(0x7f00000029c0), 0x64, 0x4fd, &(0x7f0000000540)="$eJzs3VFrHFsdAPD/bHZr06ZNqj5owVptJS3a3aSxbfChVhB9Kqj1vcZkE0I22ZDdtE0omuIHEERU8ElffBH8AIIUfPFRhII+KyqKeNt7H+7DvZ3L7k7SNN1N0nabTZPfD07mnJmd+Z+zYWbnzBxmAji0zkbEjYh4mqbpxYgYzObnshRrrdT43JPH9ycbKYk0vfX/JJJs3vq2kmx6PFvtaER855sR309ejFtbWZ2bqFTKS1m5VJ9fLNVWVi/Nzk/MlGfKC2Njo1fHr41fGR/pSjtPRMT1r//7Zz/+zTeu/+FLd/9x+78XftCo1kC2fHM7XlJ+u4Wtphea38XmFZZeMdh+lG+2MNO/u3UevMH6AADQWeMc/+MR8fmIuBiD0bf96SwAAADwFkq/OhAfJBFpe0c6zAcAAADeIrnmGNgkV8zGAgxELlcstsbwfjKO5SrVWv2L09XlhanWWNmhKOSmZyvlkWys8FAUkkZ5tJl/Vr68pTwWEaci4qeD/c1ycbJamer1xQ8AAAA4JI5v6f+/N9jq/wMAAAAHzFCvKwAAAAC8cfr/AAAAcPDp/wMAAMCB9q2bNxspXX//9dSdleW56p1LU+XaXHF+ebI4WV1aLM5UqzPNZ/bN77S9SrW6+OVYWL5Xqpdr9VJtZfX2fHV5oX579rlXYAMAAAB76NRnH/4tiYi1r/Q3U8ORXlcK2BP5jVySTdvs/X8/2Zr+a48qBeyJvl5XAOiZfK8rAPRModcVAHou2WF5x8E7f86mn+tufQAAgO4b/nTn+/+5bddc234xsO/ZieHwcv8fDq/m/f/dDvh1sgAHSsEZABx6r33/f0dp+lIVAgAAum6gmZJcMbu8NxC5XLEYcaL5WoBCMj1bKY9ExMmI+Otg4WON8mhzzWTHPgMAAAAAAAAAAAAAAAAAAAAAAAAA0JKmSaQAAADAgRaR+0/yx9az/IcHzw9svT5wJHl/MLJXhN795a2f35uo15dGG/Pf2Zhf/0U2/3IvrmAAAAAAW63309f78QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQTU8e359cT3sZ939fi4ihdvHzcbQ5PRqFiDj2bhL5TeslEdHXhfhrDyLiU+3iJ41qbYRsF7//zcePoexbaBf/eBfiw2H2sHH8udFu/8vF2ea0/f6Xj3iu/Ko6H/9i4/jX12H/P7HLGKcf/a7UMf6DiNP59sef9fhJh/jndhn/e99dXe20LP1VxHDb35/kuVil+vxiqbayeml2fmKmPFNeGBsbvTp+bfzK+EhperZSzv62jfGTz/z+6XbtP9Yh/tAO7T+/y/Z/+Oje40+0soV28S+caxP/T7/OPvFi/Fz22/eFLN9YPryeX2vlNzvz27+c2a79Ux3av9P//8Iu23/x2z/65y4/CgDsgdrK6txEpVJeOrCZRi99H1RDZh9mftjVDaZpmjb2qdfYThL74WtpZnp9ZAIAALrt2Ul/r2sCAAAAAAAAAAAAAAAAAAAAh9dePE5sa8y1jVzSjUdoAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xUcBAAD//9om2kE=") bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 146.879967ms ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000100), 0x1001) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r2}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 146.785267ms ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) set_tid_address(0x0) 120.391881ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 23.725157ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000040)='ext4_unlink_enter\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000040)='ext4_unlink_enter\x00', r3}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 2.45766ms ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa010600ba9380d412000000000000002900000005000000", 0xfe60) 0s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='ext4_mark_inode_dirty\x00', r1}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): ilesystem without journal. Quota mode: none. [ 91.071222][ T2668] EXT4-fs error (device loop1): __ext4_get_inode_loc:4497: comm syz-executor.1: Invalid inode table block 0 in block_group 0 [ 91.087108][ T2668] EXT4-fs (loop1): Remounting filesystem read-only [ 91.106717][ T2246] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor.1: path /root/syzkaller-testdir3676800473/syzkaller.vQLesf/53/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 91.134495][ T2246] EXT4-fs (loop1): unmounting filesystem. [ 91.227996][ T2664] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 91.295288][ T2676] loop0: detected capacity change from 0 to 512 [ 91.307621][ T2676] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 91.337583][ T2676] EXT4-fs (loop0): 1 truncate cleaned up [ 91.346922][ T2676] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 91.405515][ T2288] EXT4-fs (loop0): unmounting filesystem. [ 91.749400][ T343] device bridge_slave_1 left promiscuous mode [ 91.755340][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.764932][ T343] device bridge_slave_0 left promiscuous mode [ 91.771005][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.778900][ T343] device veth1_macvtap left promiscuous mode [ 91.784793][ T343] device veth0_vlan left promiscuous mode [ 92.205369][ T2692] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.212225][ T2692] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.219848][ T2692] device bridge_slave_0 entered promiscuous mode [ 92.226709][ T2692] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.233547][ T2692] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.240855][ T2692] device bridge_slave_1 entered promiscuous mode [ 92.256043][ T2697] loop0: detected capacity change from 0 to 512 [ 92.264839][ T2697] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 92.272827][ T2697] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 92.282512][ T2697] EXT4-fs (loop0): 1 truncate cleaned up [ 92.288078][ T2697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 92.334077][ T2288] EXT4-fs (loop0): unmounting filesystem. [ 92.546715][ T2700] loop4: detected capacity change from 0 to 40427 [ 92.554454][ T2700] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 92.562214][ T2700] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 92.571759][ T2700] F2FS-fs (loop4): invalid crc value [ 92.583347][ T2700] F2FS-fs (loop4): Found nat_bits in checkpoint [ 92.639262][ T2700] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 92.646119][ T2700] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 92.985537][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.995009][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.008106][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.017076][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.025657][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.032509][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.040005][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.052217][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.146843][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.154875][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.161721][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.174999][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.201040][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 93.216023][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.225746][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 93.234544][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 93.241854][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 93.249476][ T2692] device veth0_vlan entered promiscuous mode [ 93.260690][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 93.269568][ T2692] device veth1_macvtap entered promiscuous mode [ 93.280228][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 93.288440][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 93.322322][ T2719] loop4: detected capacity change from 0 to 512 [ 93.329144][ T2719] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 93.340250][ T2719] EXT4-fs (loop4): 1 truncate cleaned up [ 93.345842][ T2719] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 93.366279][ T2719] EXT4-fs error (device loop4): __ext4_get_inode_loc:4497: comm syz-executor.4: Invalid inode table block 0 in block_group 0 [ 93.379472][ T2719] EXT4-fs (loop4): Remounting filesystem read-only [ 93.388737][ T2498] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir2572146785/syzkaller.CERyRy/31/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 93.415464][ T2498] EXT4-fs (loop4): unmounting filesystem. [ 93.557674][ T2723] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.564554][ T2723] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.571744][ T2723] device bridge_slave_0 entered promiscuous mode [ 93.578655][ T2723] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.585530][ T2723] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.592431][ T332] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 93.592834][ T2723] device bridge_slave_1 entered promiscuous mode [ 93.639294][ T2723] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.646160][ T2723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.653207][ T2723] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.660043][ T2723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.682431][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.690230][ T696] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.699623][ T696] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.719118][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.728375][ T696] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.735239][ T696] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.771934][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.780013][ T696] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.786875][ T696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.794153][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.802069][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.815725][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 93.826816][ T2723] device veth0_vlan entered promiscuous mode [ 93.833295][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 93.841153][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 93.848365][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 93.849732][ T332] usb 2-1: Using ep0 maxpacket: 32 [ 93.874101][ T2723] device veth1_macvtap entered promiscuous mode [ 94.274959][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 94.283282][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 94.291462][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.315585][ T332] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.325976][ T332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.345794][ T332] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 94.358444][ T332] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 94.367258][ T332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.376701][ T332] usb 2-1: config 0 descriptor?? [ 94.922735][ T332] ntrig 0003:1B96:000A.000B: unknown main item tag 0x0 [ 94.929416][ T332] ntrig 0003:1B96:000A.000B: unknown main item tag 0x0 [ 94.936167][ T332] ntrig 0003:1B96:000A.000B: unknown main item tag 0x0 [ 94.942788][ T332] ntrig 0003:1B96:000A.000B: unknown main item tag 0x0 [ 94.949644][ T332] ntrig 0003:1B96:000A.000B: unknown main item tag 0x0 [ 94.959458][ T332] ntrig 0003:1B96:000A.000B: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.1-1/input0 [ 94.970593][ T43] device bridge_slave_1 left promiscuous mode [ 94.979063][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.991116][ T43] device bridge_slave_0 left promiscuous mode [ 94.997083][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.005136][ T43] device veth1_macvtap left promiscuous mode [ 95.011038][ T43] device veth0_vlan left promiscuous mode [ 95.248413][ T332] usb 2-1: USB disconnect, device number 7 [ 95.376426][ T2745] loop4: detected capacity change from 0 to 2048 [ 95.389623][ T2745] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 95.401264][ T2745] fs-verity: sha512 using implementation "sha512-avx2" [ 95.419723][ T2751] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.0'. [ 95.431418][ T2723] EXT4-fs (loop4): unmounting filesystem. [ 95.797591][ T2767] loop1: detected capacity change from 0 to 512 [ 95.812856][ T2767] EXT4-fs (loop1): 1 orphan inode deleted [ 95.818461][ T2767] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 95.986396][ T2773] syz-executor.1[2773] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 95.986687][ T2773] syz-executor.1[2773] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 96.739573][ T2779] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.744198][ T2692] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.1: lblock 0 mapped to illegal pblock 3 (length 1) [ 96.751278][ T2779] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.759286][ T2692] EXT4-fs (loop1): Remounting filesystem read-only [ 96.773448][ T2779] device bridge_slave_0 entered promiscuous mode [ 96.792491][ T2779] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.794750][ T2692] EXT4-fs (loop1): unmounting filesystem. [ 96.799635][ T2779] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.812213][ T2779] device bridge_slave_1 entered promiscuous mode [ 96.863102][ T2779] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.870009][ T2779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.877059][ T2779] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.883858][ T2779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.912995][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.920843][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.929073][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.950158][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.958708][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.965569][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.972900][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.980912][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.987772][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.995014][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.009580][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.020671][ T2794] loop4: detected capacity change from 0 to 256 [ 97.034276][ T2794] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104b5, chksum : 0x6646eacc, utbl_chksum : 0xe619d30d) [ 97.041602][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.053813][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 97.053828][ T28] audit: type=1326 audit(863.812:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.054564][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.061114][ T28] audit: type=1326 audit(863.830:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.084202][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 97.093039][ T28] audit: type=1326 audit(863.830:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.113862][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 97.120722][ T28] audit: type=1326 audit(863.830:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.173768][ T28] audit: type=1326 audit(863.830:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.197554][ T28] audit: type=1326 audit(863.830:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.200588][ T2779] device veth0_vlan entered promiscuous mode [ 97.226310][ T28] audit: type=1326 audit(863.830:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2793 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e5067cea9 code=0x7ffc0000 [ 97.296154][ T2801] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 97.305257][ T2795] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.312669][ T2795] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.320735][ T2795] device bridge_slave_0 entered promiscuous mode [ 97.327831][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 97.337101][ T2779] device veth1_macvtap entered promiscuous mode [ 97.349657][ T2795] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.355308][ T2812] loop4: detected capacity change from 0 to 512 [ 97.362593][ T2795] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.363069][ T2795] device bridge_slave_1 entered promiscuous mode [ 97.381960][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 97.387815][ T2812] EXT4-fs (loop4): 1 orphan inode deleted [ 97.390186][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 97.395614][ T2812] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 97.418055][ T2809] loop0: detected capacity change from 0 to 1024 [ 97.425115][ T2809] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.436352][ T2809] EXT4-fs: test_dummy_encryption requires encrypt feature [ 97.520905][ T2795] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.527762][ T2795] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.534834][ T2795] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.541635][ T2795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.592775][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.602469][ T416] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.610429][ T416] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.619543][ T2822] syz-executor.4[2822] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 97.619835][ T2822] syz-executor.4[2822] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 97.690439][ T10] device bridge_slave_1 left promiscuous mode [ 97.718681][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.728165][ T10] device bridge_slave_0 left promiscuous mode [ 97.736967][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.744895][ T10] device veth1_macvtap left promiscuous mode [ 97.750860][ T10] device veth0_vlan left promiscuous mode [ 97.768470][ T28] audit: type=1326 audit(864.477:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2824 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f285a87cea9 code=0x0 [ 97.825779][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 97.871470][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.879511][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.886387][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.893646][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.901685][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.908560][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.922463][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.930393][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.938141][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.946036][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.959009][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 97.967186][ T784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.979137][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 97.986847][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.994900][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 98.002202][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 98.010144][ T2795] device veth0_vlan entered promiscuous mode [ 98.020055][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 98.028033][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.037369][ T2795] device veth1_macvtap entered promiscuous mode [ 98.046875][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 98.054478][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 98.054685][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.055696][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 98.055910][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.211133][ T28] audit: type=1400 audit(864.883:451): avc: denied { ioctl } for pid=2843 comm="syz-executor.1" path="pid:[4026532292]" dev="nsfs" ino=4026532292 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 98.296875][ T2723] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 98.311347][ T2723] EXT4-fs (loop4): Remounting filesystem read-only [ 98.319637][ T2723] EXT4-fs (loop4): unmounting filesystem. [ 98.390854][ T2855] loop1: detected capacity change from 0 to 1024 [ 98.397629][ T2855] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.408758][ T2855] EXT4-fs: test_dummy_encryption requires encrypt feature [ 98.528303][ T2858] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.535368][ T2858] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.542791][ T2858] device bridge_slave_0 entered promiscuous mode [ 98.549758][ T2858] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.556862][ T2858] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.564240][ T2858] device bridge_slave_1 entered promiscuous mode [ 98.619364][ T2858] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.626221][ T2858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.633345][ T2858] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.640129][ T2858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.668005][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.676521][ T695] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.684330][ T695] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.699286][ T2871] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2871 comm=syz-executor.3 [ 98.715210][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.723201][ T28] audit: type=1400 audit(865.353:452): avc: denied { read } for pid=2870 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 98.750087][ T695] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.756951][ T695] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.764305][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.773154][ T695] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.780030][ T695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.787372][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.795242][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.811615][ T10] device bridge_slave_1 left promiscuous mode [ 98.817617][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.835114][ T10] device bridge_slave_0 left promiscuous mode [ 98.841180][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.851519][ T10] device veth1_macvtap left promiscuous mode [ 98.857980][ T10] device veth0_vlan left promiscuous mode [ 98.959994][ T2897] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2897 comm=syz-executor.0 [ 98.978664][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 98.984827][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 98.987321][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.024511][ T2858] device veth0_vlan entered promiscuous mode [ 99.032726][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 99.052206][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.109210][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.123896][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.157194][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 99.170061][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.184593][ T2858] device veth1_macvtap entered promiscuous mode [ 99.211442][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 99.219389][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 99.227771][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.236811][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.245175][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.645960][ T416] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 99.906009][ T416] usb 5-1: Using ep0 maxpacket: 32 [ 99.907844][ T2933] xt_limit: Overflow, try lower: 184549376/256 [ 99.920180][ T2936] virtio-fs: tag <(null)> not found [ 100.101046][ T416] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.775504][ T416] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.797642][ T10] device bridge_slave_1 left promiscuous mode [ 101.808478][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.816268][ T10] device bridge_slave_0 left promiscuous mode [ 101.822399][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.837224][ T10] device veth1_macvtap left promiscuous mode [ 101.847725][ T10] device veth0_vlan left promiscuous mode [ 101.910435][ T416] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 101.944115][ T416] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 101.952709][ T416] usb 5-1: Product: syz [ 101.961825][ T2960] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2960 comm=syz-executor.0 [ 101.974825][ T416] usb 5-1: Manufacturer: syz [ 102.019045][ T416] hub 5-1:4.0: USB hub found [ 102.085464][ T2977] virtio-fs: tag <(null)> not found [ 102.257179][ T416] hub 5-1:4.0: 2 ports detected [ 102.398991][ T2995] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2995 comm=syz-executor.0 [ 104.066341][ T416] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 104.072592][ T416] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 104.104932][ T3004] loop0: detected capacity change from 0 to 256 [ 104.115245][ T3004] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 104.127085][ T416] usb 5-1: USB disconnect, device number 9 [ 104.129194][ T3009] loop4: detected capacity change from 0 to 512 [ 104.146718][ T3009] EXT4-fs (loop4): 1 orphan inode deleted [ 104.152337][ T3009] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 104.334876][ T3017] syz-executor.4[3017] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.335185][ T3017] syz-executor.4[3017] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.611757][ T3039] input: syz0 as /devices/virtual/input/input15 [ 104.631708][ T3040] virtio-fs: tag <(null)> not found [ 104.638048][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 104.638100][ T28] audit: type=1400 audit(870.818:459): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=453 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 104.740762][ T28] audit: type=1400 audit(870.818:460): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=453 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 104.764146][ T28] audit: type=1400 audit(870.818:461): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=453 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 107.167348][ T2858] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.4: lblock 0 mapped to illegal pblock 3 (length 1) [ 107.189259][ T2858] EXT4-fs (loop4): Remounting filesystem read-only [ 107.203997][ T2858] EXT4-fs (loop4): unmounting filesystem. [ 107.283631][ T3064] device vlan2 entered promiscuous mode [ 107.315665][ T3067] loop0: detected capacity change from 0 to 256 [ 107.322394][ T3067] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 107.369098][ T3070] loop3: detected capacity change from 0 to 512 [ 107.399402][ T3068] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.406355][ T3068] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.408910][ T3070] EXT4-fs (loop3): 1 orphan inode deleted [ 107.413887][ T3068] device bridge_slave_0 entered promiscuous mode [ 107.418784][ T3070] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 107.426154][ T3068] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.449930][ T3068] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.457497][ T3068] device bridge_slave_1 entered promiscuous mode [ 107.675185][ T3085] syz-executor.3[3085] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.675263][ T3085] syz-executor.3[3085] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.685771][ T3081] virtio-fs: tag <(null)> not found [ 109.779421][ T28] audit: type=1400 audit(875.562:462): avc: denied { ioctl } for pid=3093 comm="syz-executor.0" path="socket:[31700]" dev="sockfs" ino=31700 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 109.782895][ T3094] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 109.951593][ T2779] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.3: lblock 0 mapped to illegal pblock 3 (length 1) [ 109.980727][ T2779] EXT4-fs (loop3): Remounting filesystem read-only [ 110.000561][ T2779] EXT4-fs (loop3): unmounting filesystem. [ 110.046065][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 110.057055][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.100238][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.108683][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.118151][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.125033][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.144433][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.152621][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.177092][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.183954][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.209411][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.220826][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.230471][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.238474][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.248059][ T3105] device vlan2 entered promiscuous mode [ 110.263797][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 110.292596][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 110.331104][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 110.338948][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 110.348633][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 110.361734][ T3110] incfs_lookup_dentry err:-14 [ 110.366236][ T3110] incfs: Can't find or create .index dir in ./file0 [ 110.375273][ T3110] incfs: mount failed -14 [ 110.379986][ T3110] incfs_lookup_dentry err:-14 [ 110.385999][ T3110] incfs: Can't find or create .index dir in ./file0 [ 110.392612][ T3110] incfs: mount failed -14 [ 110.405223][ T3068] device veth0_vlan entered promiscuous mode [ 110.435799][ T3068] device veth1_macvtap entered promiscuous mode [ 110.455279][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 110.482314][ T28] audit: type=1400 audit(876.217:463): avc: denied { bind } for pid=3119 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 110.482887][ T3126] virtio-fs: tag <(null)> not found [ 110.501832][ T28] audit: type=1400 audit(876.217:464): avc: denied { name_bind } for pid=3119 comm="syz-executor.1" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 110.517237][ T3107] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.537951][ T3107] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.538250][ T28] audit: type=1400 audit(876.217:465): avc: denied { node_bind } for pid=3119 comm="syz-executor.1" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 110.550900][ T3107] device bridge_slave_0 entered promiscuous mode [ 110.586880][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 110.596186][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 110.605103][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 110.613356][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 110.622227][ T357] device bridge_slave_1 left promiscuous mode [ 110.628204][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.636525][ T357] device bridge_slave_0 left promiscuous mode [ 110.642498][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.650989][ T357] device veth1_macvtap left promiscuous mode [ 110.657112][ T357] device veth0_vlan left promiscuous mode [ 110.782119][ T3107] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.789165][ T3107] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.796598][ T3107] device bridge_slave_1 entered promiscuous mode [ 110.855126][ T3108] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.875810][ T3108] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.893083][ T3108] device bridge_slave_0 entered promiscuous mode [ 110.932075][ T3108] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.940015][ T3108] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.949230][ T3108] device bridge_slave_1 entered promiscuous mode [ 110.968466][ T3145] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 111.507525][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.514777][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.531784][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.539828][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.547796][ T334] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.554635][ T334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.563998][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.572159][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.580212][ T334] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.587072][ T334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.594260][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 111.602103][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 111.610097][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.630284][ T28] audit: type=1400 audit(877.279:466): avc: denied { map } for pid=3156 comm="syz-executor.1" path="socket:[33195]" dev="sockfs" ino=33195 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 111.653168][ T28] audit: type=1400 audit(877.279:467): avc: denied { accept } for pid=3156 comm="syz-executor.1" path="socket:[33195]" dev="sockfs" ino=33195 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 111.672764][ T3107] device veth0_vlan entered promiscuous mode [ 111.684271][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.692669][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.700578][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.708395][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.715907][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.723380][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.731149][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.739526][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.747601][ T416] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.754460][ T416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.761680][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.770017][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.778260][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.785128][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.792295][ T783] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 111.799727][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 111.807719][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 111.816087][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.832860][ T3108] device veth0_vlan entered promiscuous mode [ 111.849929][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 111.862330][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.865444][ T3162] syz-executor.4[3162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.871109][ T3162] syz-executor.4[3162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.872659][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.898867][ T3162] syz-executor.4[3162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.901885][ T3162] syz-executor.4[3162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.903300][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.938047][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.946988][ T3107] device veth1_macvtap entered promiscuous mode [ 111.970803][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.980194][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.988640][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.996868][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 112.022139][ T3173] syz-executor.1[3173] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.022217][ T3173] syz-executor.1[3173] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.051256][ T783] usb 1-1: Using ep0 maxpacket: 32 [ 112.055302][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 112.078530][ T3174] virtio-fs: tag <(null)> not found [ 112.150665][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 112.202902][ T783] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.216374][ T3108] device veth1_macvtap entered promiscuous mode [ 112.228122][ T783] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.248674][ T783] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 112.262310][ T783] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 112.296167][ T783] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 112.317706][ T783] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 112.334876][ T783] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.346140][ T783] usb 1-1: config 0 descriptor?? [ 112.351633][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 112.360557][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 112.369370][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 112.377804][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 112.389807][ T3187] loop3: detected capacity change from 0 to 512 [ 112.398480][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 112.584480][ T3199] syz-executor.2[3199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.584543][ T3199] syz-executor.2[3199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.615966][ T3199] syz-executor.2[3199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.621523][ T3201] incfs_lookup_dentry err:-14 [ 112.631091][ T3199] syz-executor.2[3199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.641731][ T3201] incfs: Can't find or create .index dir in ./file0 [ 112.661968][ T357] device bridge_slave_1 left promiscuous mode [ 112.667916][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.670412][ T3201] incfs: mount failed -14 [ 112.677925][ T3206] incfs_lookup_dentry err:-14 [ 112.683709][ T3206] incfs: Can't find or create .index dir in ./file0 [ 112.684319][ T357] device bridge_slave_0 left promiscuous mode [ 112.696134][ T3206] incfs: mount failed -14 [ 112.696580][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.708492][ T357] device bridge_slave_1 left promiscuous mode [ 112.715179][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.722741][ T357] device bridge_slave_0 left promiscuous mode [ 112.728864][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.737409][ T357] device veth1_macvtap left promiscuous mode [ 112.743544][ T357] device veth0_vlan left promiscuous mode [ 112.750780][ T357] device veth1_macvtap left promiscuous mode [ 112.756721][ T357] device veth0_vlan left promiscuous mode [ 112.779173][ T3213] loop3: detected capacity change from 0 to 512 [ 112.805974][ T3213] EXT4-fs (loop3): 1 orphan inode deleted [ 112.813558][ T3213] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 112.848479][ T3213] EXT4-fs error (device loop3): ext4_discard_preallocations:5101: comm syz-executor.3: Error -117 loading buddy information for 523466497 [ 112.863421][ T3213] EXT4-fs (loop3): Remounting filesystem read-only [ 112.870126][ T3213] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #16: comm syz-executor.3: attempt to clear invalid blocks 41 len 1 [ 112.884131][ T783] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 112.885216][ T3213] EXT4-fs error (device loop3): __ext4_get_inode_loc:4497: comm syz-executor.3: Invalid inode table block 0 in block_group 0 [ 112.892031][ T783] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 112.905412][ T3213] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 112.911485][ T783] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 112.921171][ T3213] EXT4-fs error (device loop3): ext4_punch_hole:4142: inode #16: comm syz-executor.3: mark_inode_dirty error [ 112.933117][ T783] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 112.946895][ T783] ntrig 0003:1B96:000A.000C: unknown main item tag 0x0 [ 112.963751][ T783] ntrig 0003:1B96:000A.000C: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 112.977818][ T3108] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.3: lblock 0 mapped to illegal pblock 3 (length 1) [ 112.997124][ T3108] EXT4-fs (loop3): unmounting filesystem. [ 113.190225][ T783] usb 1-1: USB disconnect, device number 4 [ 113.285998][ T28] audit: type=1400 audit(878.792:468): avc: denied { read } for pid=3237 comm="syz-executor.3" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 113.326221][ T28] audit: type=1400 audit(878.838:469): avc: denied { open } for pid=3237 comm="syz-executor.3" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 113.378361][ T3237] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.386237][ T3237] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.399409][ T3237] device bridge_slave_0 entered promiscuous mode [ 113.415253][ T3237] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.425125][ T3237] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.477924][ T3237] device bridge_slave_1 entered promiscuous mode [ 113.677955][ T3237] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.684801][ T3237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.691933][ T3237] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.698702][ T3237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.706832][ T3250] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 113.733405][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 113.741175][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.748658][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.766810][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 113.774937][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.781809][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.789148][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 113.797240][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.798217][ T3257] loop4: detected capacity change from 0 to 512 [ 113.804129][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.825036][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 113.833646][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.855853][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 113.867488][ T3237] device veth0_vlan entered promiscuous mode [ 113.874132][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 113.888347][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 113.896400][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 113.908301][ T3237] device veth1_macvtap entered promiscuous mode [ 113.915675][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 113.931242][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 113.942871][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 113.959635][ T3260] loop0: detected capacity change from 0 to 128 [ 113.967536][ T3260] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 114.090903][ T3289] loop3: detected capacity change from 0 to 128 [ 114.097742][ T3289] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 114.193061][ T3284] loop1: detected capacity change from 0 to 40427 [ 114.200364][ T3284] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 114.208194][ T3284] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 114.216851][ T3284] F2FS-fs (loop1): invalid crc value [ 114.231224][ T3284] F2FS-fs (loop1): Found nat_bits in checkpoint [ 114.261209][ T28] audit: type=1326 audit(879.697:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0de7cea9 code=0x7fc00000 [ 114.278102][ T3284] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 114.291223][ T3284] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 114.338258][ T2795] bio_check_eod: 5 callbacks suppressed [ 114.338275][ T2795] syz-executor.1: attempt to access beyond end of device [ 114.338275][ T2795] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 114.357884][ T2795] syz-executor.1: attempt to access beyond end of device [ 114.357884][ T2795] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 114.380850][ T3047] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 114.384649][ T3315] skbuff: bad partial csum: csum=65506/2 headroom=144 headlen=65526 [ 114.400296][ T343] kworker/u4:3: attempt to access beyond end of device [ 114.400296][ T343] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 114.457488][ T357] device bridge_slave_1 left promiscuous mode [ 114.463472][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.470862][ T357] device bridge_slave_0 left promiscuous mode [ 114.479567][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.489098][ T357] device veth1_macvtap left promiscuous mode [ 114.495450][ T357] device veth0_vlan left promiscuous mode [ 114.519845][ T3321] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 114.673031][ T3047] usb 1-1: Using ep0 maxpacket: 32 [ 114.779371][ T3344] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 114.791108][ T3342] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.798290][ T3342] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.805658][ T3342] device bridge_slave_0 entered promiscuous mode [ 114.812890][ T3342] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.819768][ T3342] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.824779][ T3047] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.827113][ T3342] device bridge_slave_1 entered promiscuous mode [ 114.843452][ T3047] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.853784][ T3047] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 114.864839][ T3047] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 114.874229][ T3047] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 114.886952][ T3047] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 114.895795][ T3047] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.905967][ T3047] usb 1-1: config 0 descriptor?? [ 114.954181][ T28] audit: type=1326 audit(880.334:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c0de7cea9 code=0x7fc00000 [ 114.955027][ T3342] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.984051][ T3342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.986978][ T28] audit: type=1326 audit(880.334:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3277 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c0de7cea9 code=0x7fc00000 [ 114.991171][ T3342] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.020964][ T3342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.057318][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.065617][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.079003][ T523] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.128921][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.137601][ T696] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.144474][ T696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.151864][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 115.159812][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 115.186737][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 115.260817][ T3377] loop3: detected capacity change from 0 to 16 [ 115.267617][ T3377] erofs: Unknown parameter '1844674407370955161518446744073709551615017777777777777777777770xffffffffffffffff|}v).ijI7&@>r'p' [ 115.402042][ T3379] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3379 comm=syz-executor.4 [ 115.430674][ T3047] ntrig 0003:1B96:000A.000D: unknown main item tag 0x0 [ 115.438294][ T3047] ntrig 0003:1B96:000A.000D: unknown main item tag 0x0 [ 115.445071][ T3047] ntrig 0003:1B96:000A.000D: unknown main item tag 0x0 [ 115.453606][ T3047] ntrig 0003:1B96:000A.000D: unknown main item tag 0x0 [ 115.456450][ T3342] device veth0_vlan entered promiscuous mode [ 115.460356][ T3047] ntrig 0003:1B96:000A.000D: unknown main item tag 0x0 [ 115.473616][ T3047] ntrig 0003:1B96:000A.000D: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 115.475873][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 115.492416][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 115.501122][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 115.508491][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 115.522674][ T3385] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 115.527438][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 115.538126][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 115.546955][ T3342] device veth1_macvtap entered promiscuous mode [ 115.557673][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 115.565730][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 115.573853][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 115.592497][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 115.600714][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 115.613410][ T3389] input: syz0 as /devices/virtual/input/input17 [ 115.747211][ T3047] usb 1-1: USB disconnect, device number 5 [ 115.909215][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 115.909230][ T28] audit: type=1326 audit(881.229:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 115.952592][ T8] device bridge_slave_1 left promiscuous mode [ 115.952798][ T3409] loop1: detected capacity change from 0 to 40427 [ 115.965740][ T28] audit: type=1326 audit(881.257:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 115.976365][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.006728][ T28] audit: type=1326 audit(881.312:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.026386][ T3409] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 116.037281][ T3409] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 116.037492][ T8] device bridge_slave_0 left promiscuous mode [ 116.046143][ T3409] F2FS-fs (loop1): invalid crc value [ 116.051383][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.058215][ T3409] F2FS-fs (loop1): Found nat_bits in checkpoint [ 116.075663][ T8] device veth1_macvtap left promiscuous mode [ 116.081823][ T8] device veth0_vlan left promiscuous mode [ 116.093392][ T28] audit: type=1326 audit(881.395:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.126642][ T3409] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 116.133588][ T3409] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 116.141002][ T28] audit: type=1326 audit(881.423:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.197142][ T28] audit: type=1326 audit(881.469:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.219208][ T3342] syz-executor.1: attempt to access beyond end of device [ 116.219208][ T3342] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 116.222057][ T28] audit: type=1326 audit(881.478:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.235078][ T3342] syz-executor.1: attempt to access beyond end of device [ 116.235078][ T3342] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 116.305639][ T357] kworker/u4:4: attempt to access beyond end of device [ 116.305639][ T357] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 116.360139][ T28] audit: type=1326 audit(881.635:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.383492][ T28] audit: type=1326 audit(881.635:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.406633][ T28] audit: type=1326 audit(881.635:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3382 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb467cea9 code=0x7fc00000 [ 116.623187][ T696] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 116.637497][ T3460] loop3: detected capacity change from 0 to 256 [ 116.648220][ T3460] FAT-fs (loop3): Directory bread(block 64) failed [ 116.654616][ T3460] FAT-fs (loop3): Directory bread(block 65) failed [ 116.666261][ T3460] FAT-fs (loop3): Directory bread(block 66) failed [ 116.672792][ T3460] FAT-fs (loop3): Directory bread(block 67) failed [ 116.679284][ T3460] FAT-fs (loop3): Directory bread(block 68) failed [ 116.685656][ T3460] FAT-fs (loop3): Directory bread(block 69) failed [ 116.692069][ T3460] FAT-fs (loop3): Directory bread(block 70) failed [ 116.698552][ T3460] FAT-fs (loop3): Directory bread(block 71) failed [ 116.714445][ T3460] FAT-fs (loop3): Directory bread(block 72) failed [ 116.720901][ T3460] FAT-fs (loop3): Directory bread(block 73) failed [ 116.772061][ T3463] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.779051][ T3463] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.788664][ T3463] device bridge_slave_0 entered promiscuous mode [ 116.795701][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.802738][ T3463] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.810285][ T3463] device bridge_slave_1 entered promiscuous mode [ 116.872486][ T695] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 116.883211][ T696] usb 1-1: Using ep0 maxpacket: 8 [ 116.887719][ T3463] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.892453][ T3471] kvm [3470]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800 [ 116.894959][ T3463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.895050][ T3463] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.918379][ T3463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.947551][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.955440][ T783] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.962805][ T783] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.984968][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.993501][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.000368][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.007720][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.015678][ T696] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.027387][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.034263][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.041535][ T696] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.051296][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.058969][ T696] usb 1-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 117.068219][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.075905][ T696] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.096434][ T696] usb 1-1: config 0 descriptor?? [ 117.105400][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 117.113908][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 117.122235][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 117.129689][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 117.137133][ T3463] device veth0_vlan entered promiscuous mode [ 117.154579][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 117.164347][ T3463] device veth1_macvtap entered promiscuous mode [ 117.175387][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 117.192358][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 117.305966][ T695] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 117.371916][ T8] device bridge_slave_1 left promiscuous mode [ 117.377877][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.385293][ T8] device bridge_slave_0 left promiscuous mode [ 117.391235][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.399346][ T8] device veth1_macvtap left promiscuous mode [ 117.405278][ T695] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 117.414207][ T8] device veth0_vlan left promiscuous mode [ 117.419890][ T695] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 117.428068][ T695] usb 5-1: SerialNumber: syz [ 117.483247][ T3490] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3490 comm=syz-executor.1 [ 117.620785][ T696] belkin 0003:1020:0006.000E: unexpected long global item [ 117.628991][ T696] belkin 0003:1020:0006.000E: parse failed [ 117.636703][ T696] belkin: probe of 0003:1020:0006.000E failed with error -22 [ 117.778102][ T3510] loop3: detected capacity change from 0 to 512 [ 117.789227][ T3510] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 117.798954][ T3510] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: iget: bad i_size value: -67835469387268086 [ 117.812706][ T3510] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 117.825224][ T3510] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 117.837930][ T696] usb 1-1: USB disconnect, device number 6 [ 117.856163][ T3237] EXT4-fs (loop3): unmounting filesystem. [ 118.181884][ T3537] bpf_get_probe_write_proto: 6 callbacks suppressed [ 118.181903][ T3537] syz-executor.2[3537] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.188443][ T3537] syz-executor.2[3537] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.315312][ T695] cdc_ether 5-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.4-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 119.017934][ T3539] loop2: detected capacity change from 0 to 16 [ 119.024246][ T3539] erofs: Unknown parameter '1844674407370955161518446744073709551615017777777777777777777770xffffffffffffffff|}v).ijI7&@>r'p' [ 119.290140][ T783] usb 5-1: USB disconnect, device number 10 [ 119.296579][ T783] cdc_ether 5-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.4-1, CDC Ethernet Device [ 119.564261][ T3568] loop0: detected capacity change from 0 to 256 [ 119.567061][ T3555] loop3: detected capacity change from 0 to 40427 [ 119.579668][ T3568] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 119.621734][ T3572] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 119.697274][ T3580] syz-executor.0[3580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.697345][ T3580] syz-executor.0[3580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.900968][ T3589] loop0: detected capacity change from 0 to 16 [ 119.919661][ T3589] erofs: Unknown parameter '1844674407370955161518446744073709551615017777777777777777777770xffffffffffffffff|}v).ijI7&@>r'p' [ 120.073768][ T3591] loop4: detected capacity change from 0 to 512 [ 120.090547][ T3591] EXT4-fs (loop4): Invalid log cluster size: 393216 [ 120.315381][ T3628] loop3: detected capacity change from 0 to 512 [ 120.322104][ T3628] EXT4-fs (loop3): Invalid log cluster size: 393216 [ 120.372249][ T3631] loop3: detected capacity change from 0 to 128 [ 120.380492][ T3631] FAT-fs (loop3): error, corrupted file size (i_pos 196, 617103980) [ 120.388400][ T3631] FAT-fs (loop3): Filesystem has been set read-only [ 120.429339][ T3637] loop2: detected capacity change from 0 to 128 [ 120.476945][ T3644] loop4: detected capacity change from 0 to 2048 [ 120.503299][ T3644] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 120.732893][ T3659] loop0: detected capacity change from 0 to 512 [ 120.742346][ T3068] EXT4-fs (loop4): unmounting filesystem. [ 120.753651][ T3659] EXT4-fs (loop0): Invalid log cluster size: 393216 [ 120.787729][ T3663] loop4: detected capacity change from 0 to 1024 [ 120.807182][ T3663] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 120.980618][ T3663] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 120.995545][ T3663] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 121.007676][ T3663] EXT4-fs (loop4): This should not happen!! Data will be lost [ 121.007676][ T3663] [ 121.017131][ T3663] EXT4-fs (loop4): Total free blocks count 0 [ 121.022991][ T3663] EXT4-fs (loop4): Free/Dirty block details [ 121.028716][ T3663] EXT4-fs (loop4): free_blocks=68451041280 [ 121.034506][ T3663] EXT4-fs (loop4): dirty_blocks=16400 [ 121.039743][ T3663] EXT4-fs (loop4): Block reservation details [ 121.045572][ T3663] EXT4-fs (loop4): i_reserved_data_blocks=1025 [ 121.058665][ T10] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 121.181925][ T3690] syz-executor.1[3690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.182003][ T3690] syz-executor.1[3690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.196318][ T3690] syz-executor.1[3690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.207956][ T3690] syz-executor.1[3690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.262846][ T3697] loop0: detected capacity change from 0 to 1024 [ 121.294172][ T3697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 121.786268][ T3697] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 121.801048][ T3697] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 121.813165][ T3697] EXT4-fs (loop0): This should not happen!! Data will be lost [ 121.813165][ T3697] [ 121.822755][ T3697] EXT4-fs (loop0): Total free blocks count 0 [ 121.828631][ T3697] EXT4-fs (loop0): Free/Dirty block details [ 121.834457][ T3697] EXT4-fs (loop0): free_blocks=68451041280 [ 121.840199][ T3697] EXT4-fs (loop0): dirty_blocks=16400 [ 121.845452][ T3697] EXT4-fs (loop0): Block reservation details [ 121.851364][ T3697] EXT4-fs (loop0): i_reserved_data_blocks=1025 [ 121.885477][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 121.907970][ T3732] binder: 3729:3732 ioctl c0306201 0 returned -14 [ 121.909168][ T3731] loop3: detected capacity change from 0 to 256 [ 121.929950][ T3732] input: syz0 as /devices/virtual/input/input18 [ 121.937301][ T3731] incfs: Can't find or create .incomplete dir in ./file0 [ 121.946146][ T28] kauditd_printk_skb: 70 callbacks suppressed [ 121.946160][ T28] audit: type=1400 audit(886.795:562): avc: denied { rmdir } for pid=3730 comm="syz-executor.3" name=".index" dev="loop3" ino=1048733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 121.983733][ T3731] incfs: mount failed -28 [ 121.992825][ T3731] incfs: Can't find or create .incomplete dir in ./file0 [ 122.003232][ T3731] incfs: mount failed -28 [ 122.027199][ T3739] loop3: detected capacity change from 0 to 128 [ 122.084531][ T28] audit: type=1326 audit(886.924:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3738 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc560e7cea9 code=0x0 [ 122.152816][ T3756] loop0: detected capacity change from 0 to 1024 [ 122.191547][ T3756] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 122.200628][ T28] audit: type=1400 audit(887.025:564): avc: denied { mounton } for pid=3738 comm="syz-executor.3" path="/root/syzkaller-testdir792473726/syzkaller.mPZAZM/57/file0/file0/bus" dev="loop3" ino=1048737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 122.453575][ T3768] loop4: detected capacity change from 0 to 256 [ 122.497041][ T3768] incfs: Can't find or create .incomplete dir in ./file0 [ 122.510934][ T3768] incfs: mount failed -28 [ 122.518284][ T3768] incfs: Can't find or create .incomplete dir in ./file0 [ 122.528406][ T3768] incfs: mount failed -28 [ 122.582524][ T3779] binder: 3778:3779 ioctl c0306201 0 returned -14 [ 122.605103][ T3779] input: syz0 as /devices/virtual/input/input19 [ 122.619585][ T3756] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 122.646626][ T3756] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 122.659317][ T28] audit: type=1400 audit(887.459:565): avc: denied { create } for pid=3781 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 122.671752][ T3772] loop2: detected capacity change from 0 to 32768 [ 122.679063][ T3756] EXT4-fs (loop0): This should not happen!! Data will be lost [ 122.679063][ T3756] [ 122.688802][ T28] audit: type=1400 audit(887.478:566): avc: denied { setopt } for pid=3781 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 122.697345][ T3756] EXT4-fs (loop0): Total free blocks count 0 [ 122.719900][ T3756] EXT4-fs (loop0): Free/Dirty block details [ 122.725883][ T3756] EXT4-fs (loop0): free_blocks=68451041280 [ 122.731572][ T3756] EXT4-fs (loop0): dirty_blocks=16400 [ 122.737015][ T3756] EXT4-fs (loop0): Block reservation details [ 122.742953][ T3756] EXT4-fs (loop0): i_reserved_data_blocks=1025 [ 122.749437][ T3772] loop2: p1 p2 p3 < p5 p6 p7 > [ 122.775194][ T357] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 122.906461][ T3808] syz-executor.2[3808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.906529][ T3808] syz-executor.2[3808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.969323][ T3237] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000ae15) [ 122.992630][ T3237] FAT-fs (loop3): Filesystem has been set read-only [ 122.999162][ T3237] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000ae15) [ 123.018643][ T3821] loop4: detected capacity change from 0 to 128 [ 123.058739][ T523] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 123.264782][ T334] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 123.318761][ T523] usb 2-1: Using ep0 maxpacket: 32 [ 123.449099][ T523] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.470520][ T523] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.480204][ T523] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 123.516420][ T523] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 123.526129][ T523] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 123.539143][ T523] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 123.548267][ T523] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.575089][ T523] usb 2-1: config 0 descriptor?? [ 123.637417][ T3827] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.644404][ T3827] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.652999][ T3827] device bridge_slave_0 entered promiscuous mode [ 123.665771][ T334] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.676653][ T3827] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.676729][ T334] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.693301][ T3827] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.702410][ T3827] device bridge_slave_1 entered promiscuous mode [ 123.711406][ T10] device bridge_slave_1 left promiscuous mode [ 123.717748][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.726328][ T10] device bridge_slave_0 left promiscuous mode [ 123.732704][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.743717][ T10] device veth1_macvtap left promiscuous mode [ 123.749727][ T10] device veth0_vlan left promiscuous mode [ 123.903910][ T334] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 123.913103][ T334] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.920986][ T334] usb 1-1: Product: syz [ 123.924983][ T334] usb 1-1: Manufacturer: syz [ 123.929335][ T334] usb 1-1: SerialNumber: syz [ 123.995401][ T3844] bpf_get_probe_write_proto: 2 callbacks suppressed [ 123.995413][ T3844] syz-executor.4[3844] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.002114][ T3844] syz-executor.4[3844] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.034304][ T3844] syz-executor.4[3844] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.046103][ T3844] syz-executor.4[3844] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.090257][ T3827] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.108578][ T3827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.115688][ T3827] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.122483][ T3827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.142999][ T523] ntrig 0003:1B96:000A.000F: unknown main item tag 0x0 [ 124.149707][ T523] ntrig 0003:1B96:000A.000F: unknown main item tag 0x0 [ 124.158579][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.163817][ T523] ntrig 0003:1B96:000A.000F: unknown main item tag 0x0 [ 124.172251][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.179711][ T523] ntrig 0003:1B96:000A.000F: unknown main item tag 0x0 [ 124.186600][ T523] ntrig 0003:1B96:000A.000F: unknown main item tag 0x0 [ 124.196956][ T523] ntrig 0003:1B96:000A.000F: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.1-1/input0 [ 124.220199][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.232816][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.262764][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.271535][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.284911][ T783] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.291787][ T783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.299069][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.307285][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.315325][ T783] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.322189][ T783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.348682][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 124.356626][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 124.364687][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 124.372664][ T783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 124.390430][ T3827] device veth0_vlan entered promiscuous mode [ 124.399387][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 124.409440][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 124.418369][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 124.428278][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 124.449812][ T523] usb 2-1: USB disconnect, device number 8 [ 124.454019][ T3827] device veth1_macvtap entered promiscuous mode [ 124.471110][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 124.480445][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 124.488336][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 124.497038][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 124.506522][ T696] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 124.645566][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 124.654484][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.678763][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 124.688730][ T695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 124.735113][ T3865] loop4: detected capacity change from 0 to 128 [ 125.171860][ T334] cdc_ncm 1-1:1.0: bind() failure [ 125.282827][ T28] audit: type=1400 audit(889.877:567): avc: denied { mounton } for pid=3880 comm="syz-executor.1" path="/root/syzkaller-testdir683440490/syzkaller.riEeDw/34/file0" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 125.312308][ T334] cdc_ncm: probe of 1-1:1.1 failed with error -71 [ 125.319202][ T3882] incfs: ino conflict with backing FS 1 [ 125.330119][ T3882] incfs: ino conflict with backing FS 4 [ 125.344793][ T334] cdc_mbim: probe of 1-1:1.1 failed with error -71 [ 125.354904][ T334] usb 1-1: USB disconnect, device number 7 [ 125.374372][ T28] audit: type=1400 audit(889.924:568): avc: denied { rename } for pid=3880 comm="syz-executor.1" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="incremental-fs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 125.412644][ T3876] loop3: detected capacity change from 0 to 32768 [ 125.476214][ T3876] loop3: p1 p2 p3 < p5 p6 p7 > [ 125.500709][ T3897] syz-executor.1[3897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.500779][ T3897] syz-executor.1[3897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.526636][ T3884] loop2: detected capacity change from 0 to 40427 [ 125.547574][ T3884] F2FS-fs (loop2): Found nat_bits in checkpoint [ 125.586322][ T3884] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 125.619688][ T3107] syz-executor.2: attempt to access beyond end of device [ 125.619688][ T3107] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 125.635399][ T3107] syz-executor.2: attempt to access beyond end of device [ 125.635399][ T3107] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 125.654709][ T3107] syz-executor.2: attempt to access beyond end of device [ 125.654709][ T3107] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 125.941329][ T28] audit: type=1400 audit(890.487:569): avc: denied { mount } for pid=3928 comm="syz-executor.3" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 126.012840][ T3926] loop0: detected capacity change from 0 to 32768 [ 126.035088][ T3934] loop3: detected capacity change from 0 to 128 [ 126.042446][ T3932] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.049598][ T3932] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.049623][ T3926] loop0: p1 p2 p3 < p5 p6 p7 > [ 126.056865][ T3932] device bridge_slave_0 entered promiscuous mode [ 126.070363][ T3932] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.088160][ T3932] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.101373][ T3932] device bridge_slave_1 entered promiscuous mode [ 126.171249][ T3932] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.178126][ T3932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.185220][ T3932] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.192013][ T3932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.219080][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.227467][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.235168][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.266716][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.274720][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.281589][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.288848][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.296887][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.303743][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.311607][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 126.319335][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 126.334405][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 126.342607][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 126.351062][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 126.358643][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 126.369480][ T3932] device veth0_vlan entered promiscuous mode [ 126.381228][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 126.389939][ T3932] device veth1_macvtap entered promiscuous mode [ 126.401207][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 126.409849][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 126.430589][ T28] audit: type=1400 audit(890.939:570): avc: denied { create } for pid=3951 comm="syz-executor.2" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 126.452197][ T28] audit: type=1400 audit(890.939:571): avc: denied { write } for pid=3951 comm="syz-executor.2" name="bus" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 126.548571][ T10] device bridge_slave_1 left promiscuous mode [ 126.554588][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.562051][ T10] device bridge_slave_0 left promiscuous mode [ 126.568017][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.575663][ T10] device veth1_macvtap left promiscuous mode [ 126.581560][ T10] device veth0_vlan left promiscuous mode [ 126.659370][ T3958] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 126.674900][ T3958] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.681935][ T3958] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.688937][ T60] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 126.892000][ T3978] loop4: detected capacity change from 0 to 128 [ 126.899801][ T3978] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 126.915012][ T3068] EXT4-fs (loop4): unmounting filesystem. [ 127.069511][ T4001] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 127.078859][ T60] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.096618][ T60] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.143417][ T3867] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 127.274269][ T60] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 127.284487][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.292487][ T60] usb 1-1: Product: syz [ 127.296625][ T60] usb 1-1: Manufacturer: syz [ 127.301011][ T60] usb 1-1: SerialNumber: syz [ 127.349599][ T4012] loop4: detected capacity change from 0 to 128 [ 127.357422][ T4012] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 127.360206][ T4011] loop3: detected capacity change from 0 to 128 [ 127.375694][ T3068] EXT4-fs (loop4): unmounting filesystem. [ 127.414141][ T3867] usb 3-1: Using ep0 maxpacket: 32 [ 127.544160][ T3867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 127.565852][ T3867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 127.587508][ T3867] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 127.596463][ T3867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.618867][ T3867] usb 3-1: config 0 descriptor?? [ 127.641679][ T3969] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 127.663689][ T3867] hub 3-1:0.0: USB hub found [ 127.904564][ T4038] loop4: detected capacity change from 0 to 512 [ 127.923410][ T3867] hub 3-1:0.0: 2 ports detected [ 127.935138][ T4038] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 127.949757][ T4038] EXT4-fs (loop4): orphan cleanup on readonly fs [ 127.958098][ T4038] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756 [ 127.971824][ T4038] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 17 (err -117) [ 127.984165][ T4038] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 128.280270][ T4044] incfs: ino conflict with backing FS 1 [ 128.286382][ T4044] incfs: ino conflict with backing FS 4 [ 128.627563][ T60] cdc_ncm 1-1:1.0: bind() failure [ 128.649225][ T60] cdc_ncm: probe of 1-1:1.1 failed with error -71 [ 128.670917][ T60] cdc_mbim: probe of 1-1:1.1 failed with error -71 [ 128.677936][ T60] usb 1-1: USB disconnect, device number 8 [ 129.050810][ T3867] usb 3-1: USB disconnect, device number 8 [ 129.347421][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 129.347436][ T28] audit: type=1400 audit(893.625:574): avc: denied { read } for pid=4071 comm="syz-executor.3" name="file2" dev="sda1" ino=1961 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 129.360323][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.383084][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.391763][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.393851][ T28] audit: type=1400 audit(893.625:575): avc: denied { ioctl } for pid=4071 comm="syz-executor.3" path="/root/syzkaller-testdir2808239589/syzkaller.4iCqTJ/25/file2" dev="sda1" ino=1961 ioctlcmd=0x1288 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 129.399241][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.434451][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.442115][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.449473][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.456769][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.464063][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.471341][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.478650][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.485960][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.493515][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.500830][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.508227][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.515479][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.522805][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.530072][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.537355][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.544625][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.551906][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.559148][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.566456][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.573737][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.589618][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.597085][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.604514][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.612015][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.619891][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.627639][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.635382][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.642831][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.650138][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.662501][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.670060][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.677870][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.685256][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.692651][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.699903][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.707250][ T3867] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 129.715225][ T3867] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz0 [ 129.753627][ T4086] loop3: detected capacity change from 0 to 256 [ 129.786967][ T4086] incfs: Can't find or create .incomplete dir in ./file0 [ 129.802029][ T4086] incfs: mount failed -28 [ 129.816694][ T4086] incfs: Can't find or create .incomplete dir in ./file0 [ 129.830455][ T4086] incfs: mount failed -28 [ 129.904290][ T4082] loop2: detected capacity change from 0 to 40427 [ 129.911202][ T4082] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x1f10) [ 129.919214][ T4082] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 129.927891][ T4082] F2FS-fs (loop2): invalid crc value [ 129.934631][ T4082] F2FS-fs (loop2): Found nat_bits in checkpoint [ 129.959172][ T4082] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 129.966181][ T4082] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 130.062589][ T4097] loop1: detected capacity change from 0 to 256 [ 130.069471][ T4097] FAT-fs (loop1): Unrecognized mount option "shortn" or missing value [ 130.820136][ T4112] loop3: detected capacity change from 0 to 256 [ 130.843645][ T4116] usb usb8: usbfs: process 4116 (syz-executor.3) did not claim interface 0 before use [ 130.863630][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.871592][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.878858][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.886648][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.893904][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.901163][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.908425][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.915698][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.922958][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.930547][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.937871][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.940976][ T28] audit: type=1326 audit(895.092:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facc427cea9 code=0x7ffc0000 [ 130.945407][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 130.974066][ T28] audit: type=1326 audit(895.092:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7facc427cea9 code=0x7ffc0000 [ 130.975415][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.005667][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.012970][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.020201][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.027510][ T28] audit: type=1326 audit(895.092:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facc427cea9 code=0x7ffc0000 [ 131.037536][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.058433][ T3068] EXT4-fs (loop4): unmounting filesystem. [ 131.066725][ T28] audit: type=1326 audit(895.092:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7facc427cea9 code=0x7ffc0000 [ 131.071237][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.090643][ T28] audit: type=1326 audit(895.176:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facc427cea9 code=0x7ffc0000 [ 131.099344][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.120582][ T28] audit: type=1326 audit(895.203:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7facc427cea9 code=0x7ffc0000 [ 131.132651][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.150947][ T28] audit: type=1326 audit(895.203:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7facc427a627 code=0x7ffc0000 [ 131.180403][ T28] audit: type=1326 audit(895.203:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4122 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7facc42402e9 code=0x7ffc0000 [ 131.189257][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.214062][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.221442][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.228716][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.235855][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.243511][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.252622][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.259883][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.267419][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.274798][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.282019][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.289210][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.296453][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.308963][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.316285][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.323533][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.330749][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.338072][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.345315][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.352615][ T3047] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 131.384357][ T3047] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz0] on syz0 [ 131.771639][ T4150] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.778612][ T4150] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.787204][ T4150] device bridge_slave_0 entered promiscuous mode [ 131.796214][ T4150] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.803169][ T4150] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.810439][ T4150] device bridge_slave_1 entered promiscuous mode [ 131.905781][ T4150] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.912669][ T4150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.919746][ T4150] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.926548][ T4150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.952683][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 131.973653][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.981584][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.998245][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 132.006181][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.013016][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.020272][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 132.028289][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.035124][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.250723][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 132.273706][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 132.289257][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 132.299918][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 132.307695][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 132.314972][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 132.330068][ T4150] device veth0_vlan entered promiscuous mode [ 132.341791][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 132.351283][ T4150] device veth1_macvtap entered promiscuous mode [ 132.375360][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 132.389189][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 132.472327][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.480168][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.487492][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.494727][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.502214][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.509488][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.516647][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.527297][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.535645][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.543988][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.554511][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.569518][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.888486][ T343] device bridge_slave_1 left promiscuous mode [ 132.928008][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.947718][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.955028][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.962184][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.969366][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.969529][ T343] device bridge_slave_0 left promiscuous mode [ 132.976566][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.976606][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 132.982635][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.989720][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.010985][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.018156][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.018240][ T343] device veth1_macvtap left promiscuous mode [ 133.025322][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.025343][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.025362][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.031302][ T343] device veth0_vlan left promiscuous mode [ 133.038379][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.065590][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.072772][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.079963][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.087251][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.094489][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.101681][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.108926][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.116120][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.123298][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.130538][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.137719][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.144909][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.152159][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.159339][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.166540][ T315] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 133.176228][ T315] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz0] on syz0 [ 133.347378][ T4204] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 133.470472][ T60] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 133.546634][ T4216] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 133.752181][ T60] usb 2-1: Using ep0 maxpacket: 8 [ 133.936619][ T60] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 133.945658][ T60] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 133.955840][ T60] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 134.055495][ T783] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 134.131358][ T60] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 134.140354][ T60] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.149844][ T60] usb 2-1: Product: syz [ 134.154119][ T60] usb 2-1: SerialNumber: syz [ 134.290906][ T4252] loop2: detected capacity change from 0 to 512 [ 134.299556][ T4252] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode # [ 134.313373][ T4252] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117 [ 134.326384][ T783] usb 5-1: Using ep0 maxpacket: 32 [ 134.333140][ T4252] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode # [ 134.347797][ T4252] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117 [ 134.362156][ T4252] EXT4-fs (loop2): 1 orphan inode deleted [ 134.367854][ T4252] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 134.388748][ T4256] loop0: detected capacity change from 0 to 16 [ 134.395643][ T4256] erofs: Unknown parameter '1844674407370955161518446744073709551615017777777777777777777770xffffffffffffffff|}v).ijI7&@>r'p' [ 134.434311][ T4191] loop1: detected capacity change from 0 to 256 [ 134.465641][ T4191] FAT-fs (loop1): Directory bread(block 64) failed [ 134.472556][ T4191] FAT-fs (loop1): Directory bread(block 65) failed [ 134.479927][ T3932] EXT4-fs (loop2): unmounting filesystem. [ 134.485968][ T4191] FAT-fs (loop1): Directory bread(block 66) failed [ 134.492963][ T4191] FAT-fs (loop1): Directory bread(block 67) failed [ 134.499431][ T4191] FAT-fs (loop1): Directory bread(block 68) failed [ 134.500212][ T783] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.517472][ T4191] FAT-fs (loop1): Directory bread(block 69) failed [ 134.523922][ T4191] FAT-fs (loop1): Directory bread(block 70) failed [ 134.530290][ T783] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.539874][ T4191] FAT-fs (loop1): Directory bread(block 71) failed [ 134.546255][ T4191] FAT-fs (loop1): Directory bread(block 72) failed [ 134.552901][ T4191] FAT-fs (loop1): Directory bread(block 73) failed [ 134.683966][ T783] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 134.693370][ T783] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 134.712773][ T783] usb 5-1: Product: syz [ 134.716797][ T783] usb 5-1: Manufacturer: syz [ 134.760122][ T783] hub 5-1:4.0: USB hub found [ 134.786404][ T4272] loop2: detected capacity change from 0 to 1024 [ 134.793287][ T4272] EXT4-fs: Ignoring removed oldalloc option [ 134.799054][ T4272] ext4: Unknown parameter 'fsuuid' [ 134.967150][ T4191] syz-executor.1: attempt to access beyond end of device [ 134.967150][ T4191] loop1: rw=2049, sector=1800, nr_sectors = 24 limit=256 [ 134.988236][ T4286] binder: 4285:4286 ioctl c0306201 20000880 returned -14 [ 134.998150][ T783] hub 5-1:4.0: 2 ports detected [ 135.052440][ T60] usb 2-1: 0:2 : does not exist [ 135.058081][ T60] usb 2-1: USB disconnect, device number 9 [ 135.182649][ T4307] device veth0_vlan left promiscuous mode [ 135.188498][ T4307] device veth0_vlan entered promiscuous mode [ 135.195524][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 135.206404][ T4307] loop0: detected capacity change from 0 to 2048 [ 135.209258][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 135.220848][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 135.222201][ T4312] binder: 4311:4312 ioctl c0306201 20000880 returned -14 [ 135.239349][ T4307] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 135.616743][ T4330] loop1: detected capacity change from 0 to 1024 [ 135.623927][ T4330] EXT4-fs: Ignoring removed oldalloc option [ 135.638093][ T4330] ext4: Unknown parameter 'fsuuid' [ 135.652919][ T4335] syz-executor.3[4335] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.652992][ T4335] syz-executor.3[4335] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.772793][ T4333] loop2: detected capacity change from 0 to 40427 [ 135.792088][ T4333] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 135.800577][ T4333] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 135.813414][ T4333] F2FS-fs (loop2): invalid crc value [ 135.859647][ T4345] loop3: detected capacity change from 0 to 16 [ 135.866712][ T4345] erofs: Unknown parameter '1844674407370955161518446744073709551615017777777777777777777770xffffffffffffffff|}v).ijI7&@>r'p' [ 135.990485][ T4333] F2FS-fs (loop2): Found nat_bits in checkpoint [ 136.022977][ T4333] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 136.029960][ T4333] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 136.110090][ T2288] EXT4-fs (loop0): unmounting filesystem. [ 136.460709][ T783] hub 5-1:4.0: activate --> -90 [ 136.471640][ T3047] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 136.602664][ T4366] device wg2 entered promiscuous mode [ 137.032661][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 137.039280][ T60] usb 5-1: USB disconnect, device number 11 [ 137.056669][ T783] hub 5-1:4.0: hub_ext_port_status failed (err = -71) [ 137.186705][ T3047] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.203019][ T3047] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.222589][ T3047] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 137.229246][ T4393] loop1: detected capacity change from 0 to 40427 [ 137.236199][ T3047] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.246271][ T3047] usb 3-1: config 0 descriptor?? [ 137.251833][ T4393] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 137.259431][ T4393] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 137.268207][ T4393] F2FS-fs (loop1): invalid crc value [ 137.275061][ T4393] F2FS-fs (loop1): Found nat_bits in checkpoint [ 137.298442][ T4393] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 137.305375][ T4393] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 137.581234][ T4410] loop3: detected capacity change from 0 to 1024 [ 137.587981][ T4410] EXT4-fs: Ignoring removed mblk_io_submit option [ 137.609761][ T4410] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 137.635859][ T3827] EXT4-fs (loop3): unmounting filesystem. [ 137.695848][ T60] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 137.707934][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 137.966877][ T3047] hid (null): bogus close delimiter [ 138.096637][ T60] usb 2-1: Using ep0 maxpacket: 32 [ 138.195473][ T3047] usb 3-1: language id specifier not provided by device, defaulting to English [ 138.226695][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.243076][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.252825][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 138.263511][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 138.273008][ T60] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 138.285873][ T60] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 138.294927][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.305221][ T60] usb 2-1: config 0 descriptor?? [ 138.737729][ T3047] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0013/input/input22 [ 138.750395][ T3047] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0013/input/input23 [ 138.763073][ T3047] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0013/input/input24 [ 138.776382][ T3047] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0013/input/input25 [ 138.791737][ T3047] uclogic 0003:256C:006D.0013: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 138.931434][ T60] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 138.938143][ T60] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 138.944961][ T60] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 138.951731][ T60] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 138.958492][ T60] ntrig 0003:1B96:000A.0014: unknown main item tag 0x0 [ 138.965448][ T19] usb 3-1: USB disconnect, device number 9 [ 138.965959][ T60] ntrig 0003:1B96:000A.0014: hidraw1: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.1-1/input0 [ 139.125926][ T3047] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 139.213585][ T60] usb 2-1: USB disconnect, device number 10 [ 139.396769][ T3047] usb 5-1: Using ep0 maxpacket: 32 [ 139.537670][ T3047] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.548502][ T334] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 139.555860][ T3047] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.689368][ T3047] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 139.698353][ T3047] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 139.706562][ T3047] usb 5-1: Product: syz [ 139.710632][ T3047] usb 5-1: Manufacturer: syz [ 139.765572][ T3047] hub 5-1:4.0: USB hub found [ 139.938509][ T4425] Bluetooth: hci0: command 0x1003 tx timeout [ 139.938534][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 139.981839][ T334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.992657][ T334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.002146][ T334] usb 1-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.00 [ 140.011113][ T3047] hub 5-1:4.0: 2 ports detected [ 140.015940][ T315] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 140.023389][ T334] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.031697][ T334] usb 1-1: config 0 descriptor?? [ 140.209345][ T783] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 140.246454][ T4498] loop3: detected capacity change from 0 to 32768 [ 140.296365][ T4498] loop3: p1 p3 < > [ 140.306839][ T315] usb 3-1: Using ep0 maxpacket: 8 [ 140.361756][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 140.458566][ T315] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 140.467118][ T315] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 140.476982][ T315] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 140.567444][ T334] logitech 0003:046D:C29A.0015: unknown main item tag 0x0 [ 140.574387][ T334] logitech 0003:046D:C29A.0015: item fetching failed at offset 5/7 [ 140.582234][ T334] logitech 0003:046D:C29A.0015: parse failed [ 140.588043][ T334] logitech: probe of 0003:046D:C29A.0015 failed with error -22 [ 140.599406][ T783] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.610255][ T783] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.619788][ T783] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 140.628693][ T783] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.636835][ T783] usb 2-1: config 0 descriptor?? [ 140.696910][ T315] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 140.705809][ T315] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.713622][ T315] usb 3-1: Product: syz [ 140.717570][ T315] usb 3-1: SerialNumber: syz [ 140.784920][ T334] usb 1-1: USB disconnect, device number 9 [ 140.980246][ T4463] loop2: detected capacity change from 0 to 256 [ 140.991825][ T4463] FAT-fs (loop2): Directory bread(block 64) failed [ 140.998176][ T4463] FAT-fs (loop2): Directory bread(block 65) failed [ 141.004588][ T4463] FAT-fs (loop2): Directory bread(block 66) failed [ 141.010836][ T4463] FAT-fs (loop2): Directory bread(block 67) failed [ 141.017232][ T4463] FAT-fs (loop2): Directory bread(block 68) failed [ 141.023539][ T4463] FAT-fs (loop2): Directory bread(block 69) failed [ 141.029856][ T4463] FAT-fs (loop2): Directory bread(block 70) failed [ 141.036216][ T4463] FAT-fs (loop2): Directory bread(block 71) failed [ 141.042545][ T4463] FAT-fs (loop2): Directory bread(block 72) failed [ 141.048883][ T4463] FAT-fs (loop2): Directory bread(block 73) failed [ 141.152157][ T783] hid (null): bogus close delimiter [ 141.301971][ T4463] syz-executor.2: attempt to access beyond end of device [ 141.301971][ T4463] loop2: rw=2049, sector=1800, nr_sectors = 24 limit=256 [ 141.390334][ T783] usb 2-1: language id specifier not provided by device, defaulting to English [ 141.401216][ T334] hub 5-1:4.0: activate --> -90 [ 141.405971][ T315] usb 3-1: 0:2 : does not exist [ 141.411458][ T315] usb 3-1: USB disconnect, device number 10 [ 141.437995][ T4512] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 49 (only 8 groups) [ 141.497330][ T4513] loop0: detected capacity change from 0 to 512 [ 141.522331][ T4513] EXT4-fs (loop0): orphan cleanup on readonly fs [ 141.529056][ T4513] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 248: padding at end of block bitmap is not set [ 141.543775][ T4513] __quota_error: 126 callbacks suppressed [ 141.543787][ T4513] Quota error (device loop0): write_blk: dquota write failed [ 141.556600][ T4513] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 141.566634][ T4513] EXT4-fs (loop0): 1 truncate cleaned up [ 141.572464][ T4513] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 141.612168][ T2288] EXT4-fs (loop0): unmounting filesystem. [ 141.791734][ T60] usb 5-1: USB disconnect, device number 12 [ 141.812799][ T334] hub 5-1:4.0: hub_ext_port_status failed (err = -71) [ 141.868776][ T783] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0016/input/input26 [ 141.889634][ T783] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0016/input/input27 [ 141.902387][ T783] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0016/input/input28 [ 141.929528][ T783] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0016/input/input29 [ 141.944118][ T783] uclogic 0003:256C:006D.0016: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 141.966036][ T4526] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 142.089519][ T334] usb 2-1: USB disconnect, device number 11 [ 142.528780][ T4550] incfs: Options parsing error. -22 [ 142.533892][ T4550] incfs: mount failed -22 [ 142.614594][ T4424] Bluetooth: hci0: command 0x1003 tx timeout [ 142.614594][ T4475] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 142.715228][ T4576] 9p: Unknown Cache mode mmap" [ 142.727970][ T28] audit: type=1400 audit(905.975:710): avc: denied { write } for pid=4577 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 143.510157][ T4588] loop3: detected capacity change from 0 to 512 [ 143.555897][ T4588] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 143.611706][ T4588] EXT4-fs (loop3): orphan cleanup on readonly fs [ 143.618383][ T4588] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #17: comm syz-executor.3: iget: bad i_size value: -6917529027641081756 [ 143.619399][ T4595] syz-executor.1[4595] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.632061][ T4588] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 17 (err -117) [ 143.655991][ T4595] syz-executor.1[4595] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.656970][ T4588] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 143.705330][ T4595] syz-executor.1[4595] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.705404][ T4595] syz-executor.1[4595] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.726001][ T343] Bluetooth: hci0: Frame reassembly failed (-84) [ 143.743931][ T28] audit: type=1400 audit(906.898:711): avc: denied { write } for pid=4598 comm="syz-executor.4" path="socket:[41337]" dev="sockfs" ino=41337 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 144.120485][ T783] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 144.510544][ T783] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.521424][ T783] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.531016][ T783] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 144.539885][ T783] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.548096][ T783] usb 3-1: config 0 descriptor?? [ 144.666318][ T4622] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 49 (only 8 groups) [ 144.701293][ T4622] loop4: detected capacity change from 0 to 512 [ 144.708956][ T4622] EXT4-fs (loop4): orphan cleanup on readonly fs [ 144.715622][ T4622] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set [ 144.730535][ T4622] Quota error (device loop4): write_blk: dquota write failed [ 144.737808][ T4622] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 144.748101][ T4622] EXT4-fs (loop4): 1 truncate cleaned up [ 144.754611][ T4622] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 144.796091][ T4150] EXT4-fs (loop4): unmounting filesystem. [ 145.069251][ T4627] syz-executor.1[4627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.069314][ T4627] syz-executor.1[4627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.081818][ T4627] syz-executor.1[4627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.093470][ T4627] syz-executor.1[4627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 145.106069][ T4630] loop4: detected capacity change from 0 to 1024 [ 145.124033][ T4630] EXT4-fs: Ignoring removed orlov option [ 145.129820][ T4630] EXT4-fs: Ignoring removed nomblk_io_submit option [ 145.141115][ T4630] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 145.152756][ T28] audit: type=1400 audit(908.218:712): avc: denied { map } for pid=4629 comm="syz-executor.4" path="/root/syzkaller-testdir2420027151/syzkaller.E8Yn9Q/36/file1/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 145.155528][ T4630] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 145.196292][ T4630] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 145.218010][ T28] audit: type=1400 audit(908.273:713): avc: denied { unmount } for pid=4150 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 145.237781][ T4150] ================================================================== [ 145.245661][ T4150] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 145.253470][ T4150] Read of size 4 at addr ffff8881374f5000 by task syz-executor.4/4150 [ 145.261453][ T4150] [ 145.263625][ T4150] CPU: 0 PID: 4150 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00003-gdda68b1657b1 #0 [ 145.273521][ T4150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 145.283421][ T4150] Call Trace: [ 145.286552][ T4150] [ 145.289338][ T4150] dump_stack_lvl+0x151/0x1b7 [ 145.293829][ T4150] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 145.299120][ T4150] ? _printk+0xd1/0x111 [ 145.303116][ T4150] ? __virt_addr_valid+0x242/0x2f0 [ 145.308062][ T4150] print_report+0x158/0x4e0 [ 145.312401][ T4150] ? __virt_addr_valid+0x242/0x2f0 [ 145.317349][ T4150] ? kasan_addr_to_slab+0xd/0x80 [ 145.322123][ T4150] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 145.327591][ T4150] kasan_report+0x13c/0x170 [ 145.331929][ T4150] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 145.337399][ T4150] __asan_report_load4_noabort+0x14/0x20 [ 145.342866][ T4150] ext4_xattr_delete_inode+0xcd0/0xce0 [ 145.348163][ T4150] ? sb_end_intwrite+0x130/0x130 [ 145.352934][ T4150] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 145.358837][ T4150] ? __kasan_check_read+0x11/0x20 [ 145.363698][ T4150] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 145.369424][ T4150] ? ext4_evict_inode+0xbc2/0x1550 [ 145.374372][ T4150] ext4_evict_inode+0xef9/0x1550 [ 145.379146][ T4150] ? _raw_spin_unlock+0x4c/0x70 [ 145.383835][ T4150] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 145.389560][ T4150] ? __kasan_check_write+0x14/0x20 [ 145.394515][ T4150] ? _raw_spin_lock+0xa4/0x1b0 [ 145.399108][ T4150] ? _raw_spin_trylock_bh+0x190/0x190 [ 145.404315][ T4150] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 145.410046][ T4150] evict+0x2a3/0x630 [ 145.413785][ T4150] iput+0x642/0x870 [ 145.417422][ T4150] vfs_rmdir+0x3c2/0x500 [ 145.421502][ T4150] do_rmdir+0x3ab/0x630 [ 145.425496][ T4150] ? d_delete_notify+0x160/0x160 [ 145.430271][ T4150] __x64_sys_unlinkat+0xdf/0xf0 [ 145.434953][ T4150] do_syscall_64+0x3d/0xb0 [ 145.439205][ T4150] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.444936][ T4150] RIP: 0033:0x7f32cfc7c687 [ 145.449189][ T4150] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 145.468631][ T4150] RSP: 002b:00007fff4b304ce8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 145.476875][ T4150] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f32cfc7c687 [ 145.484685][ T4150] RDX: 0000000000000200 RSI: 00007fff4b305e90 RDI: 00000000ffffff9c [ 145.492499][ T4150] RBP: 00007f32cfcd9636 R08: 0000000000000000 R09: 0000000000000000 [ 145.500308][ T4150] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff4b305e90 [ 145.508121][ T4150] R13: 00007f32cfcd9636 R14: 0000000000022384 R15: 0000000000000007 [ 145.515937][ T4150] [ 145.518795][ T4150] [ 145.520964][ T4150] The buggy address belongs to the physical page: [ 145.527225][ T4150] page:ffffea0004dd3d40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1374f5 [ 145.537283][ T4150] flags: 0x4000000000000000(zone=1) [ 145.542324][ T4150] raw: 4000000000000000 ffffea0004dd3c48 ffffea0004f3ed08 0000000000000000 [ 145.550743][ T4150] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 145.559154][ T4150] page dumped because: kasan: bad access detected [ 145.565412][ T4150] page_owner tracks the page as freed [ 145.570611][ T4150] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 4629, tgid 4629 (syz-executor.4), ts 145149999417, free_ts 145213698711 [ 145.590402][ T4150] post_alloc_hook+0x213/0x220 [ 145.595001][ T4150] prep_new_page+0x1b/0x110 [ 145.599339][ T4150] get_page_from_freelist+0x27ea/0x2870 [ 145.604721][ T4150] __alloc_pages+0x3a1/0x780 [ 145.609148][ T4150] __folio_alloc+0x15/0x40 [ 145.613399][ T4150] wp_page_copy+0x23b/0x1690 [ 145.617826][ T4150] do_wp_page+0xc25/0xdf0 [ 145.621991][ T4150] handle_mm_fault+0x15a2/0x2f40 [ 145.626766][ T4150] exc_page_fault+0x3b3/0x700 [ 145.631280][ T4150] asm_exc_page_fault+0x27/0x30 [ 145.635967][ T4150] page last free stack trace: [ 145.640480][ T4150] free_unref_page_prepare+0x83d/0x850 [ 145.645776][ T4150] free_unref_page_list+0xf1/0x7b0 [ 145.650726][ T4150] release_pages+0xf7f/0xfe0 [ 145.655149][ T4150] free_pages_and_swap_cache+0x8a/0xa0 [ 145.660441][ T4150] tlb_finish_mmu+0x1e0/0x3f0 [ 145.664957][ T4150] exit_mmap+0x421/0x940 [ 145.669033][ T4150] __mmput+0x95/0x310 [ 145.672853][ T4150] mmput+0x56/0x170 [ 145.676497][ T4150] do_exit+0xb29/0x2b80 [ 145.680491][ T4150] do_group_exit+0x21a/0x2d0 [ 145.684917][ T4150] get_signal+0x169d/0x1820 [ 145.689258][ T4150] arch_do_signal_or_restart+0xb0/0x16f0 [ 145.694726][ T4150] exit_to_user_mode_loop+0x74/0xa0 [ 145.699759][ T4150] exit_to_user_mode_prepare+0x5a/0xa0 [ 145.705055][ T4150] syscall_exit_to_user_mode+0x26/0x140 [ 145.710435][ T4150] do_syscall_64+0x49/0xb0 [ 145.714690][ T4150] [ 145.716859][ T4150] Memory state around the buggy address: [ 145.722331][ T4150] ffff8881374f4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.730229][ T4150] ffff8881374f4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 145.738125][ T4150] >ffff8881374f5000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 145.746020][ T4150] ^ [ 145.749928][ T4150] ffff8881374f5080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 145.757828][ T4150] ffff8881374f5100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 1970/01/01 00:15:08 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 145.765724][ T4150] ================================================================== [ 145.773875][ T4150] Disabling lock debugging due to kernel taint [ 145.825521][ T4150] EXT4-fs (loop4): unmounting filesystem. [ 145.885796][ T4588] EXT4-fs (loop3): unmounting filesystem. [ 145.908203][ T4475] Bluetooth: hci0: Opcode 0x1003 failed: -110