last executing test programs: 3.433991586s ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r1}, 0x10) write$cgroup_int(r0, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 3.252533862s ago: executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{r0}, &(0x7f0000000a40), &(0x7f0000000a80)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r2, &(0x7f0000000800)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) 3.212151968s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x6, 0x1000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) fgetxattr(r2, &(0x7f0000000000)=ANY=[], 0x0, 0x0) 3.189327312s ago: executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, 0x0) write(r0, 0x0, 0x0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000340)={0xffffffffffffffb4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.941575769s ago: executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@noop, @ssrr={0x89, 0xb, 0x4, [@private, @multicast1]}]}}}], 0x20}, 0x0) 1.928578101s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) unshare(0x60600) creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)=@v2={0x2, @adiantum, 0x0, '\x00', @auto="ff53133206d1bf442d38f6c23e1e4f1f"}) 1.914243813s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x5452, &(0x7f0000000a00)={'dvmrp0\x00', @random="63749f3b111e"}) setsockopt$sock_attach_bpf(r2, 0x1, 0x7, &(0x7f0000000000), 0x4) 1.284639048s ago: executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000000000), 0x0) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) read$ptp(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r1}, 0x10) timer_create(0x3, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0) r2 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 1.222854877s ago: executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="f7", 0x1}], 0x1}, 0x20004001) recvmsg$unix(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="1c", 0x1}], 0x1, &(0x7f0000001080)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x41) 1.114164933s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) unshare(0x60600) creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)=@v2={0x2, @adiantum, 0x0, '\x00', @auto="ff53133206d1bf442d38f6c23e1e4f1f"}) 1.103966875s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_unlink_exit\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_unlink_exit\x00', r1}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 1.077751198s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages_extent\x00', r1}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_da_write_pages_extent\x00', r5}, 0x10) write$cgroup_type(r6, &(0x7f0000000000), 0x9) 1.058066831s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000090000000000000000030800850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x0, 0x0) 1.027034516s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f00000001c0), &(0x7f00000002c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='tlb_flush\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) r3 = open(&(0x7f0000000140)='./bus\x00', 0x400145042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.007190489s ago: executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2a0800, 0x40) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000ffdbdf251a000000060021006100000004002598172b3c0061000000050092000400000008009a000100000008009a0001000000ccbd65b6df9f4685700b0cc1d35f09967c949ea4744dbd0f9fae4afb600abcd91e71ffdfb427a1075f1a0287558932dd782730e08989581863b9ece8408e5af11bff840c1b2a4776c3e9cb7174670027f01d7e4b0942692c4aafe399dc53a916c5d0c45ae89e18f0cc1533c1e8aca92fd01f07ce5ab4311e4b5813a3c227e3d0c834c78c"], 0x40}, 0x1, 0x0, 0x0, 0x20041081}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = gettid() tkill(r2, 0xb) ptrace$ARCH_SHSTK_STATUS(0x1e, r2, &(0x7f0000000000), 0x5005) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_delrule={0x2c, 0x21, 0xf, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x8}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x2c}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000027c0)) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000001700)=0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x18, 0xa01, 0x0, 0x0, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000002e00), 0xffffffffffffffff) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000014c0)={'wg1\x00', &(0x7f0000000040)=@ethtool_gstrings}) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000002e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000004400)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000007500000008000300f023197477f1b63baacf8746b786753923d19675cf11b30268f3c59c7a6664cec4d0bb88e7c040e3c5863c36755c200680b5f1d87d0b86f02c6550b2988060d86a19ccadc1137746dfcffd1f8db2029157877cfb4ac4cd827f4df98914883113f00d171d38c15a20d847ab363cb0f059", @ANYRES32=r8, @ANYBLOB], 0x1c}}, 0x0) 993.084701ms ago: executing program 3: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x77) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b0001110000000904"], 0x0) 971.856944ms ago: executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x800}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 493.244716ms ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) r3 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) mmap$IORING_OFF_CQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x8000000) getdents(r2, &(0x7f0000000180)=""/108, 0x6c) 479.425158ms ago: executing program 1: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='sys_enter\x00', r1}, 0x10) setgroups(0x0, 0x0) 468.015629ms ago: executing program 1: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000100000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) 446.667803ms ago: executing program 1: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="ef", 0xffe3}], 0x1, 0x0, 0x0, 0x20000000}, 0xa}], 0x420, 0x0) 437.661215ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 428.140455ms ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x101000, 0xc1) symlinkat(&(0x7f0000000300)='./file0\x00', r3, &(0x7f00000003c0)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000000090400001202068202"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f00000000c0)={0x0, 0x0, 0xc, {0xc, 0x0, "ed1ed5f4962f010ba046"}}, 0x0, 0x0, 0x0}, 0x0) 377.628303ms ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000090000000000000000030800850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x0, 0x0) 366.853435ms ago: executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2a0800, 0x40) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000ffdbdf251a000000060021006100000004002598172b3c0061000000050092000400000008009a000100000008009a0001000000ccbd65b6df9f4685700b0cc1d35f09967c949ea4744dbd0f9fae4afb600abcd91e71ffdfb427a1075f1a0287558932dd782730e08989581863b9ece8408e5af11bff840c1b2a4776c3e9cb7174670027f01d7e4b0942692c4aafe399dc53a916c5d0c45ae89e18f0cc1533c1e8aca92fd01f07ce5ab4311e4b5813a3c227e3d0c834c78c"], 0x40}, 0x1, 0x0, 0x0, 0x20041081}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = gettid() tkill(r2, 0xb) ptrace$ARCH_SHSTK_STATUS(0x1e, r2, &(0x7f0000000000), 0x5005) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_delrule={0x2c, 0x21, 0xf, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x8}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x2c}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000027c0)) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000001700)=0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x18, 0xa01, 0x0, 0x0, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000002e00), 0xffffffffffffffff) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000014c0)={'wg1\x00', &(0x7f0000000040)=@ethtool_gstrings}) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000002e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000004400)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000007500000008000300f023197477f1b63baacf8746b786753923d19675cf11b30268f3c59c7a6664cec4d0bb88e7c040e3c5863c36755c200680b5f1d87d0b86f02c6550b2988060d86a19ccadc1137746dfcffd1f8db2029157877cfb4ac4cd827f4df98914883113f00d171d38c15a20d847ab363cb0f059", @ANYRES32=r8, @ANYBLOB], 0x1c}}, 0x0) 349.761387ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x52e, &(0x7f0000000a80)="$eJzs3c9vI1cdAPDvTH52mza70ANUwC5QWNBq7Y23XVW9tHsBoaoSouKAOGxD4o1C7DjETmlCJNK/ASSQOMGfwAGJA1JPHLhxROKAkMoBaYEItEECyWjGk9RNnMY0jg3x5yONZt48+33fW+/Mm3l25gUwtm5ExF5ETEfEGxExX+xPiiVe6SzZ6x7v7y4d7O8uJdFuv/7XJM/P9kXXezJPFmXORsTXvhzxreRk3Ob2ztpirVbdLNLlVn2j3Nzeub1aX1yprlTXK5V7C/fuvHj3hcrA2nq9/vNHX1p99eu/+uUn3/3t3he/l1VrrsjrbscgdZo+dRQnMxkRr15EsBGYKNbTI64HH04aER+JiM/kx/98TOT/OwGAy6zdno/2fHcaALjs0nwMLElLxVjAXKRpqdQZw3smrqS1RrN162Fja325M1Z2NabSh6u16p1rM7//Tn7FMJVk6YU8L8/P05Vj6bsRcS0ifjjzRJ4uLTVqy6O77AGAsfbksf7/HzOd/r8PPb7VAwD+b8yOugIAwNDp/wFg/Oj/AWD89NH/F1/27114XQCA4XD/DwDjR/8PAONH/w8AY+Wrr72WLe2D4vnXy29ub6013ry9XG2ulepbS6WlxuZGaaXRWMmf2VM/q7xao7Gx8HxsvVVuVZutcnN750G9sbXeepA/1/tBdWoorQIAPsi16+/8LomIvZeeyJfomstBXw2XWzrqCgAjMzHqCgAjY7YvGF/93+P/5kLrAYxOz4d5z/bcfL8f/xdB/M4I/qfc/Hj/4//meIbLxfg/jK8PN/7/8sDrAQyf8X8YX+12cnzO/+mjLADgUjrHb/zb3x/URQgwUmdN5j2Q7/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkpmLiG9HkpaKucDnIk1LpYinIuJqTCUPV2vVOxHxdFyPiKmZLL0w6koDAOeU/jkp5v+6Of/c3PHc6eSfM/k6Ir77k9d/9NZiq7W5kO3/29H+mcPpwyrvve8c8woCAAOW99+VYt11I/94f3fpcBlmfR7dj38XUxEvHezv5ksnZzIm8/Vsfi1x5e9Jke7MRfpsREwMIP7e2xHxsV7tT/KxkavFzKfd8aOI/dRQ46fvi5/meZ11dvH10QHUBcbNO/cj4pVex18aN/J17+N/Nj9Dnd+j+53CDs99B13xD89/Ez3iZ8f8jX5jPP/rr5zY2Z7v5L0d8exkr/jJUfzklPjP9Rn/D5/41A9ePiWv/dOIm9E7fnescqu+UW5u79xerS+uVFeq65XKvYV7d168+0KlnI9Rlw9Hqk/6y0u3nj6tbln7r5wSf7Zn+6eP3vu5Ptv/s3+98c1Pf0D8L3y29+f/TM/4HVmf+Pk+4y9e+cWp03dn8ZdPaf9Zn/+tPuO/+6ed5T5fCgAMQXN7Z22xVqtunmsjuwsdRDknNrIqDrTAMzb+GMOLdebG1EX9q174xuTRteJgS/5GVuKQm5MOvBXn2ng8rFijPS8BF++9g37UNQEAAAAAAAAAAAAAAE4zjD9dGnUbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLz+EwAA//+2KMyN") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0xa236) ioctl$FS_IOC_RESVSP(r2, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfa64}) ftruncate(r2, 0x3) r3 = dup3(r1, r0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000380), 0x101bf) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f00000000c0)={0x0, r4}) 286.827067ms ago: executing program 2: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@broadcast, 0x2}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0xfffffffffffffff8) ioctl$KVM_RUN(r4, 0xae80, 0x0) 250.920182ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 58.406411ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3, r4}]}, 0x40}, 0x1, 0xd}, 0x0) 0s ago: executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f00000004c0)={'#! ', './file0'}, 0xb) splice(r3, 0x0, r4, 0x0, 0x8000f28, 0x0) splice(r0, 0x0, r4, 0x0, 0x80, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) write$binfmt_misc(r4, &(0x7f0000000100)={'syz1'}, 0x4) write(r2, 0x0, 0x0) kernel console output (not intermixed with test programs): nterface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 33.373856][ T466] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 33.382759][ T466] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.394971][ T466] usb 3-1: Product: syz [ 33.399233][ T466] usb 3-1: Manufacturer: syz [ 33.408185][ T466] usb 3-1: SerialNumber: syz [ 33.684286][ T466] usb 3-1: config 0 descriptor?? [ 33.709145][ T603] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.716077][ T603] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.723458][ T603] device bridge_slave_0 entered promiscuous mode [ 33.731510][ T603] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.738443][ T603] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.746147][ T603] device bridge_slave_1 entered promiscuous mode [ 33.809173][ T603] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.816045][ T603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.823127][ T603] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.830038][ T603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.855257][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.862577][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.870697][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.878050][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.895941][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.904020][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.910960][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.918363][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.926726][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.933590][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.943017][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.945968][ T466] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 33.958773][ T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 33.984026][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.998352][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.014718][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.022952][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.030489][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.038411][ T603] device veth0_vlan entered promiscuous mode [ 34.074589][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.084674][ T603] device veth1_macvtap entered promiscuous mode [ 34.092828][ T10] device bridge_slave_1 left promiscuous mode [ 34.099153][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.106890][ T10] device bridge_slave_0 left promiscuous mode [ 34.112919][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.121530][ T10] device veth1_macvtap left promiscuous mode [ 34.127526][ T10] device veth0_vlan left promiscuous mode [ 34.162165][ T352] usb 3-1: USB disconnect, device number 3 [ 34.264603][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.272946][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.285749][ T621] loop1: detected capacity change from 0 to 40427 [ 34.322588][ T621] F2FS-fs (loop1): invalid crc value [ 34.326609][ T19] usb 5-1: USB disconnect, device number 2 [ 34.367477][ T629] input: syz0 as /devices/virtual/input/input4 [ 34.370314][ T624] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 34.378630][ T621] F2FS-fs (loop1): Found nat_bits in checkpoint [ 34.449084][ T621] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 34.488261][ T314] syz-executor.1: attempt to access beyond end of device [ 34.488261][ T314] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 34.522238][ T314] syz-executor.1: attempt to access beyond end of device [ 34.522238][ T314] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 34.582600][ T636] loop3: detected capacity change from 0 to 512 [ 34.588192][ T43] kworker/u4:2: attempt to access beyond end of device [ 34.588192][ T43] loop1: rw=2049, sector=40960, nr_sectors = 128 limit=40427 [ 34.590454][ T636] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 34.644173][ T636] block device autoloading is deprecated and will be removed. [ 34.654054][ T636] I/O error, dev loop75, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 34.697163][ T636] EXT4-fs (loop3): couldn't read superblock of external journal [ 35.223737][ T466] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 35.235119][ T665] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.242114][ T665] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.253352][ T665] device bridge_slave_0 entered promiscuous mode [ 35.285572][ T665] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.292577][ T665] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.312041][ T665] device bridge_slave_1 entered promiscuous mode [ 35.350560][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 35.350575][ T28] audit: type=1400 audit(1717502999.715:187): avc: denied { write } for pid=685 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 35.377103][ T686] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 35.386401][ T686] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 35.408727][ T688] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 35.433149][ T691] syz-executor.2 (pid 691) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 35.464449][ T691] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 35.473534][ T691] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 35.508085][ T28] audit: type=1400 audit(1717502999.875:188): avc: denied { create } for pid=665 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.536321][ T665] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.543189][ T665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.550411][ T665] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.557180][ T665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.570037][ T28] audit: type=1400 audit(1717502999.895:189): avc: denied { write } for pid=665 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.594119][ T466] usb 4-1: config 0 has no interfaces? [ 35.594706][ T28] audit: type=1400 audit(1717502999.895:190): avc: denied { read } for pid=665 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.599522][ T466] usb 4-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 35.651790][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.655981][ T466] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.666797][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.676478][ T466] usb 4-1: config 0 descriptor?? [ 35.685745][ T28] audit: type=1400 audit(1717503000.055:191): avc: denied { write } for pid=698 comm="syz-executor.2" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.707560][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.743884][ T28] audit: type=1400 audit(1717503000.055:192): avc: denied { add_name } for pid=698 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.765918][ T28] audit: type=1400 audit(1717503000.055:193): avc: denied { create } for pid=698 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 35.795258][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.796259][ T28] audit: type=1400 audit(1717503000.055:194): avc: denied { associate } for pid=698 comm="syz-executor.2" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 35.803672][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.831894][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.845355][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.853596][ T705] syz-executor.2[705] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.853656][ T705] syz-executor.2[705] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.865520][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.883740][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.898716][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.906885][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.923220][ T665] device veth0_vlan entered promiscuous mode [ 35.941055][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 35.949646][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.972440][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.980750][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.003500][ T665] device veth1_macvtap entered promiscuous mode [ 36.023762][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.031128][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.039704][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 36.048302][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.056964][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 36.073994][ T10] device bridge_slave_1 left promiscuous mode [ 36.080427][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.088652][ T10] device bridge_slave_0 left promiscuous mode [ 36.095006][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.111023][ T10] device veth1_macvtap left promiscuous mode [ 36.117040][ T10] device veth0_vlan left promiscuous mode [ 36.129327][ T60] usb 4-1: USB disconnect, device number 2 [ 36.308802][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 36.319447][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.327817][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.336187][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.400002][ T28] audit: type=1400 audit(1717503000.765:195): avc: denied { ioctl } for pid=738 comm="syz-executor.4" path="socket:[16886]" dev="sockfs" ino=16886 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.426163][ T28] audit: type=1400 audit(1717503000.765:196): avc: denied { bind } for pid=738 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 36.463360][ T742] device pim6reg1 entered promiscuous mode [ 36.587169][ T748] syz-executor.1[748] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.587246][ T748] syz-executor.1[748] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.642928][ T756] syz-executor.2[756] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.654566][ T756] syz-executor.2[756] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.675495][ T758] wireguard: wg1: Could not create IPv6 socket [ 36.715648][ T760] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 36.801492][ T774] binder: 772:774 ioctl 400c620e 200028c0 returned -22 [ 36.809363][ T778] syz-executor.3[778] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.809441][ T778] syz-executor.3[778] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.893195][ T788] loop0: detected capacity change from 0 to 512 [ 36.930647][ T794] wireguard: wg1: Could not create IPv6 socket [ 36.943130][ T788] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 36.952671][ T788] ext4 filesystem being mounted at /root/syzkaller-testdir4107712192/syzkaller.G0B40U/5/file0 supports timestamps until 2038 (0x7fffffff) [ 36.980597][ T603] EXT4-fs (loop0): unmounting filesystem. [ 37.009592][ T802] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 37.030202][ T802] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 37.041487][ T805] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 37.071500][ T810] syz-executor.4[810] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.071555][ T810] syz-executor.4[810] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.116439][ T815] netlink: 166 bytes leftover after parsing attributes in process `syz-executor.3'. [ 37.190622][ T818] loop0: detected capacity change from 0 to 2048 [ 37.224688][ T818] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 37.257744][ T818] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set [ 37.273285][ T818] EXT4-fs (loop0): Remounting filesystem read-only [ 37.302988][ T603] EXT4-fs (loop0): unmounting filesystem. [ 37.318224][ T836] KVM: debugfs: duplicate directory 836-5 [ 37.341901][ T840] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 37.525365][ T865] wireguard: wg1: Could not create IPv6 socket [ 37.604847][ T871] binder: 870:871 ioctl 400c620e 200028c0 returned -22 [ 37.658862][ T876] loop0: detected capacity change from 0 to 512 [ 37.704631][ T876] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 37.740584][ T876] ext4 filesystem being mounted at /root/syzkaller-testdir4107712192/syzkaller.G0B40U/14/file0 supports timestamps until 2038 (0x7fffffff) [ 37.759955][ T887] device syzkaller0 entered promiscuous mode [ 37.778420][ T883] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 37.826712][ T603] EXT4-fs (loop0): unmounting filesystem. [ 37.947544][ T915] loop2: detected capacity change from 0 to 512 [ 37.971693][ T919] syz-executor.1[919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.971771][ T919] syz-executor.1[919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.046214][ T925] device syzkaller0 entered promiscuous mode [ 38.058822][ T932] loop1: detected capacity change from 0 to 512 [ 38.084432][ T935] KVM: debugfs: duplicate directory 935-5 [ 38.086518][ T915] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 38.090448][ T932] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.114211][ T915] ext4 filesystem being mounted at /root/syzkaller-testdir2682739372/syzkaller.NVWyX6/38/file0 supports timestamps until 2038 (0x7fffffff) [ 38.120017][ T932] ext2: Unknown parameter 'mask' [ 38.156962][ T318] EXT4-fs (loop2): unmounting filesystem. [ 38.189077][ T939] kvm [938]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010006 data 0x0 [ 38.223758][ T37] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 38.328802][ T956] syz-executor.2[956] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.328885][ T956] syz-executor.2[956] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.372269][ T959] loop2: detected capacity change from 0 to 128 [ 38.533862][ T466] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 38.569814][ T967] device syzkaller0 entered promiscuous mode [ 38.644374][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.729496][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.815178][ T37] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 38.849354][ T37] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.873456][ T37] usb 1-1: config 0 descriptor?? [ 38.896194][ T976] kvm [975]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010006 data 0x0 [ 38.913895][ T466] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.931658][ T466] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.941457][ T466] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 38.950650][ T466] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.976694][ T466] usb 4-1: config 0 descriptor?? [ 39.013796][ T320] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 39.168145][ T1006] overlayfs: invalid redirect ((null)) [ 39.223779][ T1008] netlink: 166 bytes leftover after parsing attributes in process `syz-executor.4'. [ 39.263770][ T320] usb 3-1: Using ep0 maxpacket: 8 [ 39.296365][ T1014] overlayfs: './file1' not a directory [ 39.339785][ T1014] fuse: Unknown parameter './file0' [ 39.355360][ T37] hid-led 0003:27B8:01ED.0002: unbalanced delimiter at end of report description [ 39.365266][ T37] hid-led: probe of 0003:27B8:01ED.0002 failed with error -22 [ 39.444075][ T466] hid (null): bogus close delimiter [ 39.453881][ T320] usb 3-1: unable to get BOS descriptor or descriptor too short [ 39.567212][ T320] usb 3-1: config 0 has no interfaces? [ 39.574446][ T728] usb 1-1: USB disconnect, device number 2 [ 39.843911][ T320] usb 3-1: string descriptor 0 read error: -22 [ 39.850517][ T320] usb 3-1: New USB device found, idVendor=046d, idProduct=c29b, bcdDevice= 0.40 [ 39.859872][ T320] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.868847][ T320] usb 3-1: config 0 descriptor?? [ 39.963787][ T466] usb 4-1: string descriptor 0 read error: -71 [ 39.993826][ T466] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71 [ 40.002970][ T466] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 40.012229][ T466] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71 [ 40.020841][ T466] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 40.028519][ T466] uclogic: probe of 0003:256C:006D.0003 failed with error -71 [ 40.037140][ T466] usb 4-1: USB disconnect, device number 3 [ 40.941018][ T319] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 40.996263][ T1132] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 41.342886][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 41.342898][ T28] audit: type=1400 audit(1717503005.705:238): avc: denied { map } for pid=1147 comm="syz-executor.3" path="pipe:[18956]" dev="pipefs" ino=18956 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 41.353808][ T319] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 41.451426][ T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 41.474382][ T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.493884][ T319] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 41.510208][ T320] usb 3-1: USB disconnect, device number 4 [ 41.586282][ T319] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 41.596110][ T319] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 41.747123][ T466] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 41.827434][ T319] usb 1-1: Manufacturer: syz [ 41.899010][ T319] usb 1-1: config 0 descriptor?? [ 42.103755][ T466] usb 5-1: Using ep0 maxpacket: 32 [ 42.233849][ T466] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 42.304295][ T466] usb 5-1: language id specifier not provided by device, defaulting to English [ 42.390529][ T1193] loop1: detected capacity change from 0 to 2048 [ 42.404858][ T319] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 42.409280][ T1193] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 42.412394][ T319] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 42.428827][ T319] appleir 0003:05AC:8243.0004: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 42.477628][ T1193] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 42.487390][ T1193] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 42.499291][ T1193] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 42.509323][ T1193] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 42.521323][ T1193] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 42.531324][ T1193] EXT4-fs error (device loop1): ext4_punch_hole:4142: inode #18: comm syz-executor.1: mark_inode_dirty error [ 42.543443][ T1197] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.1: lblock 0 mapped to illegal pblock 112 (length 1) [ 42.558324][ T728] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 42.559525][ T1197] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.1: lblock 0 mapped to illegal pblock 112 (length 1) [ 42.589581][ T665] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.1: lblock 0 mapped to illegal pblock 16 (length 1) [ 42.607910][ T665] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 42.618493][ T665] EXT4-fs (loop1): unmounting filesystem. [ 42.673985][ T466] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.40 [ 42.683885][ T466] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.692949][ T466] usb 5-1: Manufacturer: ☳쵐㝓⸱畿쵧ᾳ쬿琋肪潵痨䭣藖倓뚊픓쓨⻚ꉇ싶ﱴ鼴䮒尝豓ᘏഭ痓ế瑲硖⹍让윹⚯룐變ج쀓늏㹑팊ໆ뛾㊚禎螗踌똴ᝑᐹ莄煘甅Ӟ꧔둉皔ཌ㺯䠠ࠛ槼䲽翅챰ᠯᖹꏃ鷭᪕ᰃꊠ䊆둅慹节爅괒ὠ顎…ጸ﯎񈥡 [ 42.725618][ T466] usb 5-1: SerialNumber: syz [ 42.731426][ T319] usb 1-1: USB disconnect, device number 3 [ 42.764732][ T466] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 42.835927][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.842776][ T1200] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.850491][ T1200] device bridge_slave_0 entered promiscuous mode [ 42.859937][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.867119][ T1200] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.874800][ T1200] device bridge_slave_1 entered promiscuous mode [ 42.923873][ T728] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 42.943137][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.950092][ T1200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.957211][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.964011][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.976732][ T60] usb 5-1: USB disconnect, device number 3 [ 42.998796][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.006423][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.014109][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.036646][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.045478][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.052328][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.059879][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.068120][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.075012][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.086818][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.094664][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.113341][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.124463][ T1200] device veth0_vlan entered promiscuous mode [ 43.130675][ T728] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 43.143108][ T28] audit: type=1400 audit(1717503007.515:239): avc: denied { setopt } for pid=1208 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 43.163945][ T728] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.171832][ T728] usb 3-1: Product: syz [ 43.175830][ T728] usb 3-1: Manufacturer: syz [ 43.180191][ T728] usb 3-1: SerialNumber: syz [ 43.188848][ T1200] device veth1_macvtap entered promiscuous mode [ 43.196142][ T728] usb 3-1: config 0 descriptor?? [ 43.201895][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.204255][ T28] audit: type=1400 audit(1717503007.575:240): avc: denied { setopt } for pid=1210 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 43.214057][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.250721][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.260913][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.280364][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.297288][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.315311][ T8] device bridge_slave_1 left promiscuous mode [ 43.321257][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.337690][ T8] device bridge_slave_0 left promiscuous mode [ 43.341665][ T28] audit: type=1400 audit(1717503007.705:241): avc: denied { append } for pid=1222 comm="syz-executor.1" name="001" dev="devtmpfs" ino=144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 43.344029][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.381653][ T8] device veth1_macvtap left promiscuous mode [ 43.389104][ T28] audit: type=1326 audit(1717503007.765:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1224 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc86267cee9 code=0x0 [ 43.390318][ T8] device veth0_vlan left promiscuous mode [ 43.455469][ T728] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 43.471637][ T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 43.523874][ T6] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 43.611660][ T28] audit: type=1400 audit(1717503007.975:243): avc: denied { connect } for pid=1240 comm="syz-executor.4" lport=250 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 43.632875][ T28] audit: type=1400 audit(1717503007.995:244): avc: denied { write } for pid=1240 comm="syz-executor.4" laddr=172.20.20.10 lport=250 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 43.663368][ T60] usb 3-1: USB disconnect, device number 5 [ 43.883517][ T28] audit: type=1400 audit(1717503008.245:245): avc: denied { mounton } for pid=1247 comm="syz-executor.4" path="/root/syzkaller-testdir2906598418/syzkaller.NSevoM/101/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 43.910743][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 43.921817][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 255, setting to 64 [ 43.932621][ T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 43.945655][ T6] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 43.954723][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.973971][ T6] usb 1-1: config 0 descriptor?? [ 43.994343][ T1213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 44.113094][ T1256] loop4: detected capacity change from 0 to 2048 [ 44.126843][ T1256] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 44.173556][ T1256] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 44.188980][ T1256] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm syz-executor.4: mark_inode_dirty error [ 44.201440][ T1256] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 44.211327][ T1256] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm syz-executor.4: mark_inode_dirty error [ 44.226815][ T1256] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 44.256985][ T1256] EXT4-fs error (device loop4): ext4_punch_hole:4142: inode #18: comm syz-executor.4: mark_inode_dirty error [ 44.269774][ T1266] loop3: detected capacity change from 0 to 128 [ 44.299617][ T1264] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.4: lblock 0 mapped to illegal pblock 112 (length 1) [ 44.317478][ T1264] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.4: lblock 0 mapped to illegal pblock 112 (length 1) [ 44.381001][ T1270] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 44.391673][ T401] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 44.420575][ T401] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 44.432819][ T401] EXT4-fs (loop4): unmounting filesystem. [ 44.444762][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.452084][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.470557][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.478594][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.494569][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.501893][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.512562][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.520915][ T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 44.528619][ T6] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 44.543444][ T6] plantronics 0003:047F:FFFF.0005: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 44.927027][ T728] usb 1-1: USB disconnect, device number 4 [ 45.054736][ T1296] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.061704][ T1296] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.069819][ T1296] device bridge_slave_0 entered promiscuous mode [ 45.077108][ T1296] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.085037][ T1296] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.092522][ T1296] device bridge_slave_1 entered promiscuous mode [ 45.178702][ T1296] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.185621][ T1296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.192693][ T1296] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.199497][ T1296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.236260][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.245050][ T728] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.252744][ T728] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.276295][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.285025][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.291930][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.299604][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.308937][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.315920][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.323537][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.355059][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.364091][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.377972][ T1296] device veth0_vlan entered promiscuous mode [ 45.397262][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.405986][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.413457][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.427956][ T1296] device veth1_macvtap entered promiscuous mode [ 45.440031][ T349] device bridge_slave_1 left promiscuous mode [ 45.459858][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.480225][ T349] device bridge_slave_0 left promiscuous mode [ 45.488882][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.497384][ T349] device veth1_macvtap left promiscuous mode [ 45.503392][ T349] device veth0_vlan left promiscuous mode [ 45.600900][ T28] audit: type=1326 audit(1717503009.965:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1324 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe177a7cee9 code=0x0 [ 45.710722][ T28] audit: type=1400 audit(1717503010.075:247): avc: denied { create } for pid=1333 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 45.846861][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.168267][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.177449][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.191300][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.202860][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.312272][ T1327] loop1: detected capacity change from 0 to 40427 [ 46.375853][ T1327] F2FS-fs (loop1): Found nat_bits in checkpoint [ 46.388546][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 46.388562][ T28] audit: type=1400 audit(1717503010.755:250): avc: denied { relabelfrom } for pid=1352 comm="syz-executor.3" name="" dev="pipefs" ino=19829 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 46.388578][ T1353] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 46.508575][ T1357] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 46.527938][ T1327] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 46.559637][ T28] audit: type=1400 audit(1717503010.755:251): avc: denied { relabelto } for pid=1352 comm="syz-executor.3" name="" dev="pipefs" ino=19829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:dhcp_state_t:s0" [ 46.587604][ T28] audit: type=1400 audit(1717503010.875:252): avc: denied { connect } for pid=1354 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.609289][ T1362] netlink: 'syz-executor.3': attribute type 27 has an invalid length. [ 46.617807][ T28] audit: type=1400 audit(1717503010.875:253): avc: denied { write } for pid=1354 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.618441][ T1200] syz-executor.1: attempt to access beyond end of device [ 46.618441][ T1200] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 47.027406][ T1362] bridge0: port 3(syz_tun) entered disabled state [ 47.035376][ T1362] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.042528][ T1362] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.181819][ T28] audit: type=1400 audit(1717503011.545:254): avc: denied { read } for pid=1379 comm="syz-executor.3" name="usbmon7" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 47.232266][ T28] audit: type=1400 audit(1717503011.545:255): avc: denied { open } for pid=1379 comm="syz-executor.3" path="/dev/usbmon7" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 47.268521][ T28] audit: type=1400 audit(1717503011.545:256): avc: denied { write } for pid=1379 comm="syz-executor.3" name="usbmon7" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 47.313533][ T28] audit: type=1400 audit(1717503011.675:257): avc: denied { ioctl } for pid=1387 comm="syz-executor.4" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=19868 ioctlcmd=0xaa01 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 47.724686][ T319] kernel read not supported for file /usbmon7 (pid: 319 comm: kworker/1:2) [ 47.830839][ T28] audit: type=1400 audit(1717503012.175:258): avc: denied { mounton } for pid=1415 comm="syz-executor.1" path="/root/syzkaller-testdir3023245041/syzkaller.i7GM2A/13/file1/bus" dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 47.858929][ T28] audit: type=1400 audit(1717503012.175:259): avc: denied { unlink } for pid=1415 comm="syz-executor.1" name="#b" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 47.926208][ T1418] SELinux: Context d is not valid (left unmapped). [ 48.106707][ T45] Bluetooth: hci0: sending frame failed (-49) [ 48.112676][ T1396] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 48.133557][ T1438] device pim6reg1 entered promiscuous mode [ 48.182915][ T1443] loop4: detected capacity change from 0 to 512 [ 48.227418][ T1443] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 48.243054][ T1443] ext4 filesystem being mounted at /root/syzkaller-testdir1384711477/syzkaller.EmYmws/10/file0 supports timestamps until 2038 (0x7fffffff) [ 48.309227][ T1296] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor.4: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 48.326921][ T1296] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor.4: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 48.367970][ T1453] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 48.405509][ T1296] EXT4-fs (loop4): unmounting filesystem. [ 48.434094][ T1454] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 48.446475][ T1296] syz-executor.4 (1296) used greatest stack depth: 20896 bytes left [ 48.544201][ T1454] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.551251][ T1454] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.745089][ T1458] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.752159][ T1458] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.770980][ T1458] device bridge_slave_0 entered promiscuous mode [ 48.785767][ T1458] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.800344][ T1458] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.826392][ T1458] device bridge_slave_1 entered promiscuous mode [ 49.056602][ T1458] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.063555][ T1458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.070871][ T1458] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.078430][ T1458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.155755][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.163545][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.171087][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.196338][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.208707][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.215636][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.240695][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.266752][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.273744][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.306045][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.321850][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.329989][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.338710][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.355661][ T8] device bridge_slave_1 left promiscuous mode [ 49.361924][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.370016][ T8] device bridge_slave_0 left promiscuous mode [ 49.376547][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.387195][ T8] device veth1_macvtap left promiscuous mode [ 49.397444][ T8] device veth0_vlan left promiscuous mode [ 49.423770][ T1165] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 49.596279][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.601692][ T1505] loop2: detected capacity change from 0 to 512 [ 49.604864][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.778968][ T1165] usb 2-1: Using ep0 maxpacket: 32 [ 49.855995][ T1505] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 49.865743][ T1505] ext4 filesystem being mounted at /root/syzkaller-testdir2682739372/syzkaller.NVWyX6/74/file0 supports timestamps until 2038 (0x7fffffff) [ 49.896940][ T1458] device veth0_vlan entered promiscuous mode [ 49.906862][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.915125][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.921845][ T318] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz-executor.2: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 49.931944][ T1458] device veth1_macvtap entered promiscuous mode [ 49.946419][ T318] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz-executor.2: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 49.947999][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.964475][ T1165] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 49.971384][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.994702][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.002960][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.011402][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.023834][ T1165] usb 2-1: language id specifier not provided by device, defaulting to English [ 50.036844][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.045118][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.053448][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.062905][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.126318][ T318] EXT4-fs (loop2): unmounting filesystem. [ 50.363931][ T60] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 50.421813][ T1516] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.433897][ T1165] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.40 [ 50.443409][ T1516] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.450713][ T1165] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.459352][ T1516] device bridge_slave_0 entered promiscuous mode [ 50.465817][ T1165] usb 2-1: Manufacturer: ☳쵐㝓⸱畿쵧ᾳ쬿琋肪潵痨䭣藖倓뚊픓쓨⻚ꉇ싶ﱴ鼴䮒尝豓ᘏഭ痓ế瑲硖⹍让윹⚯룐變ج쀓늏㹑팊ໆ뛾㊚禎螗踌똴ᝑᐹ莄煘甅Ӟ꧔둉皔ཌ㺯䠠ࠛ槼䲽翅챰ᠯᖹꏃ鷭᪕ᰃꊠ䊆둅慹节爅괒ὠ顎…ጸ﯎񈥡 [ 50.498088][ T1516] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.505397][ T1516] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.512869][ T1516] device bridge_slave_1 entered promiscuous mode [ 50.524655][ T1165] usb 2-1: SerialNumber: syz [ 50.585216][ T1165] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 50.697975][ T1516] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.704881][ T1516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.711964][ T1516] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.718768][ T1516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.723930][ T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 50.743356][ T1532] loop0: detected capacity change from 0 to 512 [ 50.752612][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.757242][ T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 50.769676][ T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 50.780367][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.780724][ T60] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 50.797783][ T319] usb 2-1: USB disconnect, device number 3 [ 50.807631][ T1165] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.808461][ T1532] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: iget: bad extended attribute block 65536 [ 50.841077][ T1532] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 50.853844][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.862062][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.868950][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.873819][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 50.877524][ T1532] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 50.891719][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 50.914066][ T60] usb 5-1: SerialNumber: syz [ 50.914326][ T8] device bridge_slave_1 left promiscuous mode [ 50.925923][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.933414][ T8] device bridge_slave_0 left promiscuous mode [ 50.940458][ T603] EXT4-fs (loop0): unmounting filesystem. [ 50.941389][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.953366][ T1511] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 50.969136][ T60] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 50.970931][ T8] device veth1_macvtap left promiscuous mode [ 50.984080][ T60] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 50.994867][ T8] device veth0_vlan left promiscuous mode [ 51.163482][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.171624][ T728] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.178540][ T728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.192499][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.200621][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.192395][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 52.192479][ T28] audit: type=1400 audit(1717503016.555:280): avc: denied { getopt } for pid=1545 comm="syz-executor.0" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 52.448035][ T728] usb 5-1: USB disconnect, device number 4 [ 52.462204][ T1516] device veth0_vlan entered promiscuous mode [ 52.484279][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.502331][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.510582][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.518776][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.559543][ T1516] device veth1_macvtap entered promiscuous mode [ 52.566603][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 52.575824][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.583929][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 52.593565][ T1560] device pim6reg1 entered promiscuous mode [ 52.612126][ T1562] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 52.622065][ T1562] tipc: Started in network mode [ 52.627052][ T1562] tipc: Node identity 6, cluster identity 4711 [ 52.633062][ T1562] tipc: Node number set to 6 [ 52.640799][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.656021][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.665921][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.674924][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.689132][ T1564] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 52.706633][ T28] audit: type=1400 audit(1717503017.075:281): avc: denied { write } for pid=1563 comm="syz-executor.1" name="task" dev="proc" ino=20930 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 52.734858][ T28] audit: type=1400 audit(1717503017.095:282): avc: denied { add_name } for pid=1563 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 52.755636][ T28] audit: type=1400 audit(1717503017.095:283): avc: denied { create } for pid=1563 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 52.790879][ T28] audit: type=1400 audit(1717503017.095:284): avc: denied { associate } for pid=1563 comm="syz-executor.1" name="file0" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 52.858061][ T1577] loop4: detected capacity change from 0 to 512 [ 52.874423][ T1577] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 52.918199][ T1577] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 52.930501][ T1577] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 52.947918][ T1577] System zones: 0-2, 18-18, 34-34 [ 52.977877][ T1577] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 15 [ 53.024026][ T1577] ext4_test_bit(bit=14, block=18) = 1 [ 53.029496][ T1577] is_bad_inode(inode)=0 [ 53.041191][ T1577] NEXT_ORPHAN(inode)=2264924160 [ 53.049447][ T1577] max_ino=32 [ 53.059418][ T1577] i_nlink=0 [ 53.064770][ T1577] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 53.076108][ T1591] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)" [ 53.111716][ T1577] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 80: padding at end of block bitmap is not set [ 53.156097][ T1577] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 53.184138][ T1577] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 53.244654][ T1458] EXT4-fs (loop4): unmounting filesystem. [ 53.495812][ T28] audit: type=1326 audit(1717503017.865:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1647 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe177a7cee9 code=0x0 [ 53.763403][ T1673] loop1: detected capacity change from 0 to 256 [ 53.829752][ T1673] syz-executor.1: attempt to access beyond end of device [ 53.829752][ T1673] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 53.927409][ T1679] geneve1: tun_chr_ioctl cmd 1074025681 [ 54.463982][ T28] audit: type=1400 audit(1717503018.825:286): avc: denied { create } for pid=1687 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.497705][ T1695] loop0: detected capacity change from 0 to 512 [ 54.615692][ T1695] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 54.628803][ T1695] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.832463][ T1695] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: casefold flag without casefold feature [ 54.856287][ T1695] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002] [ 54.864696][ T1695] System zones: 0-2, 18-18, 34-35 [ 54.870108][ T1695] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 55.214231][ T603] EXT4-fs (loop0): unmounting filesystem. [ 55.242377][ T28] audit: type=1400 audit(1717503019.605:287): avc: denied { map } for pid=1710 comm="syz-executor.4" path="socket:[21622]" dev="sockfs" ino=21622 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.284357][ T1711] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 55.352006][ T28] audit: type=1400 audit(1717503019.715:288): avc: denied { getopt } for pid=1721 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 55.392181][ T28] audit: type=1400 audit(1717503019.755:289): avc: denied { shutdown } for pid=1726 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.631450][ T1742] loop1: detected capacity change from 0 to 512 [ 56.318887][ T1742] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.556343][ T1742] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature [ 56.591611][ T1742] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002] [ 56.599500][ T1742] System zones: 0-2, 18-18, 34-35 [ 56.605051][ T1742] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 56.704021][ T1754] overlayfs: './file0' not a directory [ 56.740698][ T1756] loop3: detected capacity change from 0 to 256 [ 56.825880][ T1200] EXT4-fs (loop1): unmounting filesystem. [ 56.843961][ T1753] loop4: detected capacity change from 0 to 256 [ 56.876739][ T1753] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 56.909934][ T1767] loop2: detected capacity change from 0 to 128 [ 56.962174][ T1767] FAT-fs (loop2): error, clusters badly computed (104 != 1) [ 56.975755][ T1767] FAT-fs (loop2): Filesystem has been set read-only [ 56.981498][ T1773] netem: change failed [ 57.062234][ T1786] loop3: detected capacity change from 0 to 2048 [ 57.133434][ T1788] loop1: detected capacity change from 0 to 512 [ 57.141786][ T1788] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.248639][ T1788] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature [ 57.262832][ T1788] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002] [ 57.271742][ T1788] System zones: 0-2, 18-18, 34-35 [ 57.279706][ T1788] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 57.703840][ T1786] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 57.758068][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 57.758084][ T28] audit: type=1400 audit(1717503022.125:292): avc: denied { map } for pid=1785 comm="syz-executor.3" path="/root/syzkaller-testdir1961205298/syzkaller.6K8eVA/114/file0/cpuacct.usage_sys" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 57.811184][ T1799] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 57.897092][ T1200] EXT4-fs (loop1): unmounting filesystem. [ 57.903416][ T1799] EXT4-fs (loop3): Remounting filesystem read-only [ 57.950366][ T1808] loop4: detected capacity change from 0 to 128 [ 57.966725][ T1799] syz-executor.3 (1799) used greatest stack depth: 20488 bytes left [ 57.987295][ T316] EXT4-fs (loop3): unmounting filesystem. [ 58.000727][ T1810] loop1: detected capacity change from 0 to 512 [ 58.021885][ T1808] FAT-fs (loop4): error, clusters badly computed (104 != 1) [ 58.044432][ T1810] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 58.058211][ T1808] FAT-fs (loop4): Filesystem has been set read-only [ 58.060182][ T1810] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 58.087840][ T1810] EXT4-fs (loop1): 1 truncate cleaned up [ 58.099734][ T1810] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 58.129490][ T1810] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 58.130113][ T28] audit: type=1400 audit(1717503022.495:293): avc: denied { setattr } for pid=1809 comm="syz-executor.1" path="/root/syzkaller-testdir3023245041/syzkaller.i7GM2A/56/file0" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 58.224269][ T1200] EXT4-fs (loop1): unmounting filesystem. [ 58.230401][ T28] audit: type=1326 audit(1717503022.575:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000 [ 58.255657][ T28] audit: type=1326 audit(1717503022.575:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000 [ 58.281064][ T28] audit: type=1326 audit(1717503022.575:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000 [ 58.305227][ T28] audit: type=1326 audit(1717503022.575:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000 [ 58.330278][ T28] audit: type=1326 audit(1717503022.575:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000 [ 58.376255][ T1815] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.383211][ T1815] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.396400][ T1815] device bridge_slave_0 entered promiscuous mode [ 58.403389][ T1815] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.410511][ T1815] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.418187][ T1815] device bridge_slave_1 entered promiscuous mode [ 58.454839][ T1832] loop1: detected capacity change from 0 to 256 [ 58.470691][ T1832] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 58.491312][ T28] audit: type=1400 audit(1717503022.855:299): avc: denied { read write } for pid=1831 comm="syz-executor.1" name="file1" dev="loop1" ino=1048633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 58.515351][ T28] audit: type=1400 audit(1717503022.855:300): avc: denied { open } for pid=1831 comm="syz-executor.1" path="/root/syzkaller-testdir3023245041/syzkaller.i7GM2A/58/file2/file1" dev="loop1" ino=1048633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 58.604061][ T10] device bridge_slave_1 left promiscuous mode [ 58.611566][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.620453][ T10] device bridge_slave_0 left promiscuous mode [ 58.626567][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.635208][ T10] device veth1_macvtap left promiscuous mode [ 58.641229][ T10] device veth0_vlan left promiscuous mode [ 58.741940][ T1848] loop1: detected capacity change from 0 to 2048 [ 58.749939][ T1848] EXT4-fs: Ignoring removed mblk_io_submit option [ 58.768626][ T1848] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 58.858602][ T1821] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.873756][ T1821] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.882030][ T1821] device bridge_slave_0 entered promiscuous mode [ 58.903469][ T1821] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.910489][ T1821] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.918056][ T1821] device bridge_slave_1 entered promiscuous mode [ 58.924704][ T1830] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.931729][ T1830] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.939852][ T1830] device bridge_slave_0 entered promiscuous mode [ 58.968689][ T1830] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.975633][ T1830] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.982988][ T1830] device bridge_slave_1 entered promiscuous mode [ 59.012514][ T1815] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.020028][ T1815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.027263][ T1815] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.034435][ T1815] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.047440][ T1848] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 234: padding at end of block bitmap is not set [ 59.062683][ T1848] EXT4-fs (loop1): Remounting filesystem read-only [ 59.135412][ T728] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.143151][ T728] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.179282][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.187057][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.194576][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.202940][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.211105][ T728] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.218096][ T728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.223539][ T1200] EXT4-fs (loop1): unmounting filesystem. [ 59.225974][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.249559][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.264785][ T728] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.271673][ T728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.285584][ T1858] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 59.320796][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.329104][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.337187][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.345279][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.372136][ T1815] device veth0_vlan entered promiscuous mode [ 59.381312][ T1862] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 59.392941][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.402571][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.416529][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.424578][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.437049][ T1866] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 59.446339][ T1866] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 59.447196][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.462821][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.539355][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.547556][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.558209][ T1815] device veth1_macvtap entered promiscuous mode [ 59.592668][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.600216][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.608410][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.617252][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.625521][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.639149][ T1874] netem: change failed [ 59.649105][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.659475][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.695562][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.704602][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.712806][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.719698][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.727561][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.736459][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.750455][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.757381][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.764872][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.772239][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.788342][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.793809][ T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 59.815646][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.824434][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.833146][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.840366][ T466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.847858][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.855987][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.864020][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.872166][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.880443][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.887317][ T466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.894529][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.902540][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.913007][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.935283][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.943317][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.960852][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.969660][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.995887][ T1821] device veth0_vlan entered promiscuous mode [ 60.008049][ T1830] device veth0_vlan entered promiscuous mode [ 60.019244][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.027526][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.036565][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.044099][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.051634][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.059957][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.067456][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.074899][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.083054][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.091473][ T1887] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 60.105790][ T10] device bridge_slave_1 left promiscuous mode [ 60.112823][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.120255][ T10] device bridge_slave_0 left promiscuous mode [ 60.126361][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.135055][ T10] device bridge_slave_1 left promiscuous mode [ 60.141627][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.149339][ T10] device bridge_slave_0 left promiscuous mode [ 60.155702][ T6] usb 4-1: config 0 has an invalid interface number: 54 but max is 1 [ 60.161298][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.164442][ T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 60.180816][ T6] usb 4-1: config 0 has no interface number 1 [ 60.187026][ T6] usb 4-1: config 0 interface 54 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 60.187343][ T10] device veth1_macvtap left promiscuous mode [ 60.196512][ T6] usb 4-1: config 0 interface 0 has no altsetting 0 [ 60.202489][ T10] device veth0_vlan left promiscuous mode [ 60.214639][ T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 60.339759][ T1821] device veth1_macvtap entered promiscuous mode [ 60.347256][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.356625][ T1890] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.2'. [ 60.364013][ T6] usb 4-1: New USB device found, idVendor=0582, idProduct=000c, bcdDevice=c7.66 [ 60.368989][ T1830] device veth1_macvtap entered promiscuous mode [ 60.375112][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.392278][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 60.392427][ T6] usb 4-1: Product: syz [ 60.401052][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.404090][ T6] usb 4-1: Manufacturer: syz [ 60.412363][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 60.416392][ T6] usb 4-1: SerialNumber: syz [ 60.424239][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.429048][ T6] usb 4-1: config 0 descriptor?? [ 60.438737][ T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.456961][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.464918][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 60.470239][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.474786][ T6] usb 4-1: selecting invalid altsetting 0 [ 60.479094][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 60.496900][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.505433][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 60.513668][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.583951][ T24] usb 2-1: config 0 has no interfaces? [ 60.686794][ T1901] loop4: detected capacity change from 0 to 128 [ 60.697706][ T6] usb 4-1: USB disconnect, device number 4 [ 60.718119][ T1903] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 60.727580][ T1901] FAT-fs (loop4): error, clusters badly computed (104 != 1) [ 60.735801][ T1901] FAT-fs (loop4): Filesystem has been set read-only [ 60.753812][ T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 60.762712][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.771464][ T24] usb 2-1: Product: syz [ 60.775519][ T24] usb 2-1: Manufacturer: syz [ 60.779940][ T24] usb 2-1: SerialNumber: syz [ 60.785173][ T24] r8152-cfgselector 2-1: config 0 descriptor?? [ 61.074041][ T349] usb 2-1: config 0 descriptor?? [ 61.142137][ T1912] loop0: detected capacity change from 0 to 1024 [ 61.163232][ T1912] EXT4-fs: Ignoring removed orlov option [ 61.175465][ T1912] EXT4-fs: Ignoring removed nomblk_io_submit option [ 61.235164][ T1912] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 61.276979][ T24] usb 2-1: USB disconnect, device number 4 [ 61.284098][ T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 61.293939][ T349] usb 2-1: can't set config #0, error -71 [ 61.328618][ T1821] EXT4-fs (loop0): unmounting filesystem. [ 61.352269][ T1914] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.366265][ T1914] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.373779][ T1914] device bridge_slave_0 entered promiscuous mode [ 61.382210][ T1914] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.397751][ T1914] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.400209][ T1931] loop3: detected capacity change from 0 to 512 [ 61.405360][ T1914] device bridge_slave_1 entered promiscuous mode [ 61.411663][ T1931] EXT4-fs: Ignoring removed bh option [ 61.423293][ T1931] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 61.435331][ T1931] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 17 [ 61.447823][ T1931] EXT4-fs (loop3): Remounting filesystem read-only [ 61.454555][ T1931] ext4_test_bit(bit=16, block=4) = 1 [ 61.459613][ T1931] is_bad_inode(inode)=0 [ 61.464497][ T1931] NEXT_ORPHAN(inode)=1048336 [ 61.470048][ T1929] netem: change failed [ 61.474882][ T1931] max_ino=32 [ 61.477985][ T1931] i_nlink=0 [ 61.480990][ T1931] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 61.523188][ T316] EXT4-fs (loop3): unmounting filesystem. [ 61.633524][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.642385][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.643804][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.660643][ T43] device bridge_slave_1 left promiscuous mode [ 61.670152][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.672267][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.691595][ T6] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 61.701044][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.701432][ T43] device bridge_slave_0 left promiscuous mode [ 61.709982][ T6] usb 3-1: config 0 descriptor?? [ 61.720802][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.732454][ T43] device veth1_macvtap left promiscuous mode [ 61.739021][ T43] device veth0_vlan left promiscuous mode [ 61.814863][ T1948] loop3: detected capacity change from 0 to 256 [ 61.837895][ T1934] loop0: detected capacity change from 0 to 40427 [ 61.845123][ T1948] FAT-fs (loop3): Directory bread(block 1285) failed [ 61.849505][ T1951] syz-executor.1[1951] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.852758][ T1934] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 61.862020][ T1951] syz-executor.1[1951] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.872364][ T1934] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 61.896599][ T1934] F2FS-fs (loop0): invalid crc value [ 61.912433][ T1934] F2FS-fs (loop0): Found nat_bits in checkpoint [ 61.967939][ T1934] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 61.974894][ T1934] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 62.000899][ T1821] syz-executor.0: attempt to access beyond end of device [ 62.000899][ T1821] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 62.026634][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.035041][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.043310][ T319] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.050291][ T319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.058299][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.066741][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.076772][ T319] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.083647][ T319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.091102][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.099073][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.121313][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.135788][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.149159][ T1914] device veth0_vlan entered promiscuous mode [ 62.158638][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.167607][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.179006][ T1963] loop0: detected capacity change from 0 to 512 [ 62.180461][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.187540][ T1963] EXT4-fs: Ignoring removed bh option [ 62.206185][ T1963] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 62.216677][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.218049][ T1963] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 17 [ 62.226541][ T1914] device veth1_macvtap entered promiscuous mode [ 62.236467][ T1963] EXT4-fs (loop0): Remounting filesystem read-only [ 62.247565][ T1963] ext4_test_bit(bit=16, block=4) = 1 [ 62.247776][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.252711][ T1963] is_bad_inode(inode)=0 [ 62.252722][ T1963] NEXT_ORPHAN(inode)=1048336 [ 62.252730][ T1963] max_ino=32 [ 62.252738][ T1963] i_nlink=0 [ 62.252784][ T1963] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 62.289839][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.325018][ T1821] EXT4-fs (loop0): unmounting filesystem. [ 62.353791][ T728] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 62.499510][ T28] audit: type=1400 audit(1717503026.865:301): avc: denied { ioctl } for pid=1979 comm="syz-executor.0" path="socket:[23239]" dev="sockfs" ino=23239 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 62.675011][ T1995] loop0: detected capacity change from 0 to 512 [ 62.681968][ T1995] EXT4-fs: Ignoring removed bh option [ 62.692763][ T1995] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 62.705211][ T1995] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 17 [ 62.715657][ T728] usb 4-1: config index 0 descriptor too short (expected 26989, got 96) [ 62.723963][ T6] uclogic 0003:256C:006D.0006: failed retrieving Huion firmware version: -71 [ 62.732569][ T6] uclogic 0003:256C:006D.0006: failed probing parameters: -71 [ 62.740315][ T728] usb 4-1: config 101 has too many interfaces: 120, using maximum allowed: 32 [ 62.749193][ T6] uclogic: probe of 0003:256C:006D.0006 failed with error -71 [ 62.749202][ T1995] EXT4-fs (loop0): Remounting filesystem read-only [ 62.756566][ T728] usb 4-1: config 101 has an invalid descriptor of length 111, skipping remainder of the config [ 62.765062][ T1995] ext4_test_bit(bit=16, block=4) = 1 [ 62.779354][ T6] usb 3-1: USB disconnect, device number 6 [ 62.787613][ T728] usb 4-1: config 101 has 0 interfaces, different from the descriptor's value: 120 [ 62.810554][ T1995] is_bad_inode(inode)=0 [ 62.814629][ T1995] NEXT_ORPHAN(inode)=1048336 [ 62.819070][ T1995] max_ino=32 [ 62.822104][ T1995] i_nlink=0 [ 62.825468][ T1995] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 62.881046][ T1821] EXT4-fs (loop0): unmounting filesystem. [ 62.923773][ T728] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 62.932679][ T728] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 62.973779][ T728] usb 4-1: Product: syz [ 62.977800][ T728] usb 4-1: Manufacturer: syz [ 62.994752][ T2002] loop0: detected capacity change from 0 to 2048 [ 63.001713][ T2002] EXT4-fs: Ignoring removed mblk_io_submit option [ 63.049869][ T2002] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 63.271795][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 63.271812][ T28] audit: type=1400 audit(1717503027.635:323): avc: denied { nlmsg_read } for pid=2010 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 63.347935][ T28] audit: type=1400 audit(1717503027.715:324): avc: denied { read } for pid=2012 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 63.409312][ T2003] syz-executor.1 (2003) used greatest stack depth: 20352 bytes left [ 63.476516][ T2002] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set [ 63.619064][ T2025] loop4: detected capacity change from 0 to 512 [ 63.711004][ T2025] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 63.711028][ T2002] EXT4-fs (loop0): Remounting filesystem read-only [ 63.744308][ T2025] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: casefold flag without casefold feature [ 63.762939][ T2025] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002] [ 63.770975][ T2025] System zones: 0-2, 18-18, 34-35 [ 63.776995][ T2025] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 63.808383][ T728] usb 4-1: USB disconnect, device number 5 [ 64.348951][ T1914] EXT4-fs (loop4): unmounting filesystem. [ 64.399777][ T2035] process 'syz-executor.3' launched '/dev/fd/-1' with NULL argv: empty string added [ 64.421133][ T1821] EXT4-fs (loop0): unmounting filesystem. [ 64.633566][ T2062] mmap: syz-executor.0 (2062): VmData 167407616 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data. [ 64.673621][ T2065] loop0: detected capacity change from 0 to 512 [ 64.679952][ T6] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 64.711206][ T2067] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 64.719603][ T2071] syz-executor.1[2071] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.719685][ T2071] syz-executor.1[2071] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.741246][ T2065] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 64.810017][ T2065] ext4 filesystem being mounted at /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/26/bus supports timestamps until 2038 (0x7fffffff) [ 64.849024][ T28] audit: type=1400 audit(1717503029.215:325): avc: denied { unmount } for pid=1815 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 64.881363][ T1821] EXT4-fs (loop0): unmounting filesystem. [ 65.043892][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 65.061211][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 65.071312][ T6] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 65.080916][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.092093][ T6] usb 5-1: config 0 descriptor?? [ 65.243633][ T2093] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 65.303766][ T319] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 65.321078][ T2130] loop3: detected capacity change from 0 to 40427 [ 65.328968][ T2130] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 65.337417][ T2130] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 65.352599][ T2130] F2FS-fs (loop3): Found nat_bits in checkpoint [ 65.408376][ T2130] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 65.415436][ T2130] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 65.430244][ T2142] kvm: emulating exchange as write [ 65.576875][ T6] hid (null): bogus close delimiter [ 65.713835][ T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 65.736727][ T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 65.747158][ T319] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 65.756513][ T319] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.767089][ T319] usb 1-1: config 0 descriptor?? [ 65.784268][ T6] usb 5-1: language id specifier not provided by device, defaulting to English [ 66.085724][ T28] audit: type=1400 audit(1717503030.455:326): avc: denied { ioctl } for pid=2177 comm="syz-executor.1" path="socket:[24909]" dev="sockfs" ino=24909 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 66.229103][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input5 [ 66.242480][ T28] audit: type=1400 audit(1717503030.615:327): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=510 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.254898][ T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input6 [ 66.265096][ T319] hid (null): bogus close delimiter [ 66.289001][ T28] audit: type=1400 audit(1717503030.615:328): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=510 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.296095][ T6] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input7 [ 66.312903][ T28] audit: type=1400 audit(1717503030.685:329): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=510 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.340316][ T6] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input8 [ 66.400034][ T6] uclogic 0003:256C:006D.0007: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 66.416699][ T6] usb 5-1: USB disconnect, device number 5 [ 66.555362][ T28] audit: type=1326 audit(1717503030.925:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2189 comm=128ECDC7F032938DBE2AB597BA0CCE exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86267cee9 code=0x7ffc0000 [ 66.581761][ T28] audit: type=1326 audit(1717503030.925:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2189 comm=128ECDC7F032938DBE2AB597BA0CCE exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86267cee9 code=0x7ffc0000 [ 66.621983][ T28] audit: type=1326 audit(1717503030.925:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2189 comm=128ECDC7F032938DBE2AB597BA0CCE exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fc86267cee9 code=0x7ffc0000 [ 66.773803][ T319] usb 1-1: string descriptor 0 read error: -71 [ 66.797531][ T319] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71 [ 66.808205][ T319] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71 [ 66.817827][ T319] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71 [ 66.831704][ T319] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 66.839744][ T319] uclogic: probe of 0003:256C:006D.0008 failed with error -71 [ 66.855049][ T319] usb 1-1: USB disconnect, device number 5 [ 66.977827][ T2223] device batadv_slave_1 entered promiscuous mode [ 67.029120][ T2222] device batadv_slave_1 left promiscuous mode [ 67.046830][ T2227] loop1: detected capacity change from 0 to 8192 [ 67.094827][ T2227] loop1: p1 < > [ 67.179877][ T2237] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2237 comm=syz-executor.4 [ 67.323000][ T2252] incfs: Options parsing error. -22 [ 67.333316][ T2252] incfs: mount failed -22 [ 67.380533][ T2258] device batadv_slave_1 entered promiscuous mode [ 67.428485][ T2257] device batadv_slave_1 left promiscuous mode [ 67.463811][ T6] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 67.625891][ T2284] syz-executor.4[2284] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.626016][ T2284] syz-executor.4[2284] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.658658][ T2284] loop4: detected capacity change from 0 to 2048 [ 67.702888][ T2284] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 67.720090][ T2293] device batadv_slave_1 entered promiscuous mode [ 67.733935][ T2284] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 67.764281][ T2291] device batadv_slave_1 left promiscuous mode [ 67.773420][ T2284] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 67.785762][ T2284] EXT4-fs (loop4): This should not happen!! Data will be lost [ 67.785762][ T2284] [ 67.795752][ T2284] EXT4-fs (loop4): Total free blocks count 0 [ 67.801619][ T2284] EXT4-fs (loop4): Free/Dirty block details [ 67.807471][ T2284] EXT4-fs (loop4): free_blocks=2415919104 [ 67.813106][ T2284] EXT4-fs (loop4): dirty_blocks=16 [ 67.818458][ T2284] EXT4-fs (loop4): Block reservation details [ 67.824348][ T2284] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 67.833874][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.846140][ T2298] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 67.853610][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.870483][ T1914] EXT4-fs (loop4): unmounting filesystem. [ 67.872923][ T2303] incfs: ino conflict with backing FS 1 [ 67.876279][ T319] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 67.884296][ T2303] incfs: ino conflict with backing FS 4 [ 67.894181][ T6] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 67.908059][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.925792][ T6] usb 4-1: config 0 descriptor?? [ 68.143725][ T319] usb 1-1: Using ep0 maxpacket: 32 [ 68.257694][ T2329] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 68.276998][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 68.277014][ T28] audit: type=1401 audit(1717503032.645:359): op=fscreate invalid_context=0435 [ 68.292074][ T319] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 68.307462][ T319] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.344473][ T2335] incfs: ino conflict with backing FS 1 [ 68.350745][ T2335] incfs: ino conflict with backing FS 4 [ 68.382723][ T2339] xt_bpf: check failed: parse error [ 68.413035][ T2344] syz-executor.2[2344] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.413340][ T2344] syz-executor.2[2344] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.425075][ T6] hid (null): bogus close delimiter [ 68.462065][ T2344] loop2: detected capacity change from 0 to 2048 [ 68.474775][ T319] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 68.485080][ T319] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 68.493547][ T319] usb 1-1: Product: syz [ 68.497764][ T28] audit: type=1400 audit(1717503032.865:360): avc: denied { getopt } for pid=2349 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 68.498347][ T319] usb 1-1: Manufacturer: syz [ 68.519059][ T2344] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 68.536309][ T2344] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 68.551533][ T2344] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 68.564723][ T319] hub 1-1:4.0: USB hub found [ 68.569328][ T2344] EXT4-fs (loop2): This should not happen!! Data will be lost [ 68.569328][ T2344] [ 68.579048][ T2344] EXT4-fs (loop2): Total free blocks count 0 [ 68.585050][ T2344] EXT4-fs (loop2): Free/Dirty block details [ 68.591004][ T2344] EXT4-fs (loop2): free_blocks=2415919104 [ 68.596992][ T2344] EXT4-fs (loop2): dirty_blocks=16 [ 68.602020][ T2344] EXT4-fs (loop2): Block reservation details [ 68.607848][ T2344] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 68.627993][ T1815] EXT4-fs (loop2): unmounting filesystem. [ 68.633790][ T6] usb 4-1: language id specifier not provided by device, defaulting to English [ 68.642843][ T728] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 68.714726][ T2355] loop4: detected capacity change from 0 to 512 [ 68.785129][ T2355] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 68.833075][ T2282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.869989][ T2355] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: casefold flag without casefold feature [ 68.884684][ T2355] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002] [ 68.892762][ T2355] System zones: 0-2, 18-18, 34-35 [ 68.900224][ T2355] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 69.111538][ T2282] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.250835][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input9 [ 69.328568][ T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input10 [ 69.376042][ T6] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input11 [ 70.173686][ C1] sched: RT throttling activated [ 70.198733][ T6] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input12 [ 70.212542][ T6] uclogic 0003:256C:006D.0009: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 70.233853][ T319] hub 1-1:4.0: config failed, hub has too many ports! (err -19) [ 70.241777][ T1914] EXT4-fs (loop4): unmounting filesystem. [ 70.243828][ T728] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.265127][ T6] usb 4-1: USB disconnect, device number 6 [ 70.303830][ T728] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.327474][ T728] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 70.336988][ T728] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.350077][ T728] usb 2-1: config 0 descriptor?? [ 70.465463][ T2384] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2384 comm=syz-executor.4 [ 70.510882][ T28] audit: type=1401 audit(1717503034.875:361): op=fscreate invalid_context=0435 [ 70.793437][ T1965] usb 1-1: USB disconnect, device number 6 [ 70.846859][ T28] audit: type=1400 audit(1717503035.215:362): avc: denied { relabelfrom } for pid=2397 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 70.870109][ T28] audit: type=1400 audit(1717503035.245:363): avc: denied { relabelto } for pid=2397 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 70.892895][ T728] sony 0003:054C:0268.000A: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.1-1/input0 [ 70.904656][ T728] sony 0003:054C:0268.000A: failed to claim input [ 70.953764][ T28] audit: type=1326 audit(1717503035.315:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000 [ 70.978054][ T28] audit: type=1326 audit(1717503035.325:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000 [ 71.001878][ T28] audit: type=1326 audit(1717503035.325:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000 [ 71.026301][ T28] audit: type=1326 audit(1717503035.325:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000 [ 71.053852][ T28] audit: type=1326 audit(1717503035.325:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000 [ 71.092339][ T319] usb 2-1: USB disconnect, device number 5 [ 71.207054][ T2418] syz-executor.4[2418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.207126][ T2418] syz-executor.4[2418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.614530][ T2442] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2442 comm=syz-executor.1 [ 71.864862][ T2462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63767 sclass=netlink_route_socket pid=2462 comm=syz-executor.3 [ 71.990564][ T2479] loop1: detected capacity change from 0 to 128 [ 72.000009][ T2479] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 72.016759][ T2479] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.052925][ T43] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.173805][ T728] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 72.186342][ T2504] loop4: detected capacity change from 0 to 256 [ 72.220918][ T2504] FAT-fs (loop4): Directory bread(block 64) failed [ 72.231806][ T2504] FAT-fs (loop4): Directory bread(block 65) failed [ 72.252120][ T2504] FAT-fs (loop4): Directory bread(block 66) failed [ 72.258850][ T2504] FAT-fs (loop4): Directory bread(block 67) failed [ 72.266277][ T2504] FAT-fs (loop4): Directory bread(block 68) failed [ 72.272724][ T2504] FAT-fs (loop4): Directory bread(block 69) failed [ 72.279238][ T2504] FAT-fs (loop4): Directory bread(block 70) failed [ 72.295027][ T2504] FAT-fs (loop4): Directory bread(block 71) failed [ 72.304944][ T2504] FAT-fs (loop4): Directory bread(block 72) failed [ 72.311722][ T2504] FAT-fs (loop4): Directory bread(block 73) failed [ 72.321157][ T2513] loop1: detected capacity change from 0 to 256 [ 72.338982][ T2513] exfat: Deprecated parameter 'namecase' [ 72.339663][ T2437] loop2: detected capacity change from 0 to 131072 [ 72.351630][ T2437] request_module fs- succeeded, but still no fs? [ 72.363580][ T2513] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 72.414557][ T2517] Driver unsupported XDP return value 0 on prog (id 639) dev N/A, expect packet loss! [ 72.479549][ T2524] loop0: detected capacity change from 0 to 512 [ 72.502632][ T2524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 72.511574][ T2524] ext4 filesystem being mounted at /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus supports timestamps until 2038 (0x7fffffff) [ 72.529251][ T2524] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) [ 72.533821][ T728] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.542914][ T2524] EXT4-fs error (device loop0): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=16444, inode=113, rec_len=26368, size=2048 fake=0 [ 72.555208][ T728] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.580807][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: directory entry overrun - offset=60, inode=113, rec_len=26368, size=2048 fake=0 [ 72.607015][ T728] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 72.616185][ T728] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.624787][ T728] usb 4-1: config 0 descriptor?? [ 72.633285][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 7: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=536870912, rec_len=0, size=2048 fake=0 [ 72.665355][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 72.685340][ T2533] loop1: detected capacity change from 0 to 128 [ 72.697012][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 72.698810][ T2533] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 72.730858][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 72.755716][ T2533] ext4 filesystem being mounted at /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/128/mnt supports timestamps until 2038 (0x7fffffff) [ 72.757070][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 72.794646][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 72.820624][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 17: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 72.845942][ T1821] EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.0: lblock 23 mapped to illegal pblock 18 (length 1) [ 72.861707][ T1200] EXT4-fs (loop1): unmounting filesystem. [ 72.877094][ T2538] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 72.956561][ T1821] EXT4-fs (loop0): unmounting filesystem. [ 73.084704][ T2554] loop1: detected capacity change from 0 to 512 [ 73.105716][ T2554] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 73.114716][ T2554] ext4 filesystem being mounted at /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus supports timestamps until 2038 (0x7fffffff) [ 73.126357][ T728] sony 0003:054C:0268.000B: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0 [ 73.136921][ T2554] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.1: bad entry in directory: directory entry overrun - offset=16444, inode=113, rec_len=26368, size=2048 fake=0 [ 73.172360][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: directory entry overrun - offset=60, inode=113, rec_len=26368, size=2048 fake=0 [ 73.198470][ T728] sony 0003:054C:0268.000B: failed to claim input [ 73.244054][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 7: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=536870912, rec_len=0, size=2048 fake=0 [ 73.272292][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 73.299087][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 73.337328][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 73.356491][ T728] usb 4-1: USB disconnect, device number 7 [ 73.368505][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.369890][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 73.400088][ T2557] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.401734][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 73.409496][ T2557] device bridge_slave_0 entered promiscuous mode [ 73.432821][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 73.463724][ T1200] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.1: lblock 23 mapped to illegal pblock 18 (length 1) [ 73.485275][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.492136][ T2557] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.524661][ T2565] input: syz1 as /devices/virtual/input/input13 [ 73.532528][ T2557] device bridge_slave_1 entered promiscuous mode [ 73.635358][ T1200] EXT4-fs (loop1): unmounting filesystem. [ 73.659252][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.666292][ T2557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.673469][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.680422][ T2557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.717757][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.725668][ T1965] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.734357][ T1965] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.766369][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.775215][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.782173][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.789810][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.797991][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.804962][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.818621][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.830074][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.838984][ T43] device bridge_slave_1 left promiscuous mode [ 73.845108][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.853799][ T1165] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 73.861405][ T2577] loop2: detected capacity change from 0 to 256 [ 73.867899][ T43] device bridge_slave_0 left promiscuous mode [ 73.868253][ T2577] exfat: Deprecated parameter 'namecase' [ 73.874315][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.882629][ T2577] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 73.899235][ T43] device veth1_macvtap left promiscuous mode [ 73.905516][ T43] device veth0_vlan left promiscuous mode [ 73.942660][ T2581] loop2: detected capacity change from 0 to 256 [ 74.056328][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.068685][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.088085][ T2589] SELinux: Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped). [ 74.089713][ T2557] device veth0_vlan entered promiscuous mode [ 74.098806][ T28] kauditd_printk_skb: 98 callbacks suppressed [ 74.098823][ T28] audit: type=1400 audit(1717503038.475:467): avc: denied { relabelto } for pid=2588 comm="syz-executor.3" name="file0" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 74.105060][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.146837][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.161401][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.169040][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.184752][ T2557] device veth1_macvtap entered promiscuous mode [ 74.196172][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.204366][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.212540][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.226384][ T2571] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.233318][ T2571] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.240920][ T2571] device bridge_slave_0 entered promiscuous mode [ 74.250991][ T28] audit: type=1400 audit(1717503038.625:468): avc: denied { rmdir } for pid=316 comm="syz-executor.3" name="file0" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 74.253894][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.278338][ T1165] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.287174][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.306616][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.317004][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.326938][ T2571] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.334438][ T2571] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.341874][ T2571] device bridge_slave_1 entered promiscuous mode [ 74.381779][ T2600] loop3: detected capacity change from 0 to 512 [ 74.397428][ T2600] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 74.407503][ T2600] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 74.426197][ T2600] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 74.439039][ T2600] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 74.447481][ T2600] ext2 filesystem being mounted at /root/syzkaller-testdir1961205298/syzkaller.6K8eVA/178/file0 supports timestamps until 2038 (0x7fffffff) [ 74.463278][ T43] tipc: Left network mode [ 74.467919][ T1165] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 74.477195][ T1165] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.485428][ T1165] usb 5-1: Product: syz [ 74.486284][ T316] EXT4-fs (loop3): unmounting filesystem. [ 74.489549][ T1165] usb 5-1: Manufacturer: syz [ 74.499603][ T1165] usb 5-1: SerialNumber: syz [ 74.531155][ T2607] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 74.534178][ T2571] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.547200][ T2571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.554314][ T2571] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.561187][ T2571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.597831][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.606436][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.615787][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.645164][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.653381][ T319] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.660393][ T319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.667858][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.676213][ T319] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.683097][ T319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.691015][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.710613][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.726312][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.743509][ T2571] device veth0_vlan entered promiscuous mode [ 74.750098][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.764230][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.771883][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.784455][ T2571] device veth1_macvtap entered promiscuous mode [ 74.795835][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.815425][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.842671][ T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.876042][ T2621] overlayfs: invalid redirect ((null)) [ 74.886618][ T2629] syz-executor.1[2629] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.886698][ T2629] syz-executor.1[2629] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.901765][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x1 [ 74.920926][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.928247][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.938145][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.945586][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.952850][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.960709][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.968993][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x2 [ 74.983810][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 74.997438][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.010774][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.018438][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.026551][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x4 [ 75.033817][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.040999][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.048578][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.058482][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.066295][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.073534][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.080768][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.088337][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.095627][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.102921][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.110849][ T43] device bridge_slave_1 left promiscuous mode [ 75.116856][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.120957][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.124201][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.138543][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.146006][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.146155][ T43] device bridge_slave_0 left promiscuous mode [ 75.153240][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.161584][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.166649][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.180646][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.188977][ T43] device veth1_macvtap left promiscuous mode [ 75.191277][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.195280][ T43] device veth0_vlan left promiscuous mode [ 75.203829][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.215132][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.222420][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.229663][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.237108][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.245231][ T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 75.253067][ T728] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 75.428708][ T28] audit: type=1400 audit(1717503039.795:469): avc: denied { setopt } for pid=2654 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 75.494701][ T2661] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2661 comm=syz-executor.2 [ 75.508026][ T28] audit: type=1400 audit(1717503039.875:470): avc: denied { read } for pid=2660 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 75.545208][ T2663] syz-executor.0[2663] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 75.545327][ T2663] syz-executor.0[2663] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 75.614707][ T1165] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 75.633941][ T1165] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 75.641410][ T1165] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 75.851060][ T1165] cdc_ncm 5-1:1.0: setting tx_max = 184 [ 75.858669][ T1165] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 75.871625][ T1165] usb 5-1: USB disconnect, device number 6 [ 75.877492][ T1165] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 76.163736][ T6] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 76.423328][ T2712] loop2: detected capacity change from 0 to 512 [ 76.435772][ T2712] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 76.444930][ T2712] ext4 filesystem being mounted at /root/syzkaller-testdir1700565255/syzkaller.FRe4Fm/78/file0 supports timestamps until 2038 (0x7fffffff) [ 76.480022][ T1815] EXT4-fs (loop2): unmounting filesystem. [ 76.524189][ T6] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 76.529192][ T2720] loop4: detected capacity change from 0 to 1024 [ 76.540583][ T6] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 76.541107][ T2720] EXT4-fs: Ignoring removed orlov option [ 76.554164][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.563578][ T2720] EXT4-fs: Ignoring removed nomblk_io_submit option [ 76.586079][ T2720] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 76.604359][ T28] audit: type=1400 audit(1717503040.975:471): avc: denied { map } for pid=2719 comm="syz-executor.4" path="/root/syzkaller-testdir3991703340/syzkaller.fC2s8x/61/file1/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 76.611059][ T2720] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 76.646903][ T1165] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 76.650177][ T6] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 76.713970][ T2720] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 76.714781][ T2726] syz-executor.0[2726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.726365][ T2726] syz-executor.0[2726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.766226][ T28] audit: type=1400 audit(1717503041.135:472): avc: denied { unlink } for pid=1914 comm="syz-executor.4" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 76.800851][ T28] audit: type=1400 audit(1717503041.135:473): avc: denied { unlink } for pid=1914 comm="syz-executor.4" name="file1" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.800962][ T1914] ================================================================== [ 76.829674][ T28] audit: type=1400 audit(1717503041.135:474): avc: denied { unmount } for pid=1914 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 76.831524][ T1914] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 76.859333][ T1914] Read of size 4 at addr ffff88813ac38000 by task syz-executor.4/1914 [ 76.867321][ T1914] [ 76.869498][ T1914] CPU: 1 PID: 1914 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00137-gc36abc6d4212 #0 [ 76.879383][ T1914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 76.889364][ T1914] Call Trace: [ 76.892489][ T1914] [ 76.895267][ T1914] dump_stack_lvl+0x151/0x1b7 [ 76.899781][ T1914] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 76.905080][ T1914] ? _printk+0xd1/0x111 [ 76.909067][ T1914] ? __virt_addr_valid+0x242/0x2f0 [ 76.914028][ T1914] print_report+0x158/0x4e0 [ 76.918353][ T1914] ? __virt_addr_valid+0x242/0x2f0 [ 76.923309][ T1914] ? kasan_addr_to_slab+0xd/0x80 [ 76.928248][ T1914] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 76.933749][ T1914] kasan_report+0x13c/0x170 [ 76.938056][ T1914] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 76.943526][ T1914] __asan_report_load4_noabort+0x14/0x20 [ 76.949087][ T1914] ext4_xattr_delete_inode+0xcd0/0xce0 [ 76.954470][ T1914] ? sb_end_intwrite+0x130/0x130 [ 76.959243][ T1914] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 76.965149][ T1914] ? __kasan_check_read+0x11/0x20 [ 76.970113][ T1914] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 76.975930][ T1914] ? ext4_evict_inode+0xbc2/0x1550 [ 76.980887][ T1914] ext4_evict_inode+0xef9/0x1550 [ 76.985653][ T1914] ? _raw_spin_unlock+0x4c/0x70 [ 76.990365][ T1914] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 76.996076][ T1914] ? _raw_spin_unlock+0x4c/0x70 [ 77.000755][ T1914] ? inode_io_list_del+0x18b/0x1a0 [ 77.005707][ T1914] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 77.011455][ T1914] evict+0x2a3/0x630 [ 77.015255][ T1914] iput+0x642/0x870 [ 77.018894][ T1914] vfs_rmdir+0x3c2/0x500 [ 77.022974][ T1914] do_rmdir+0x3ab/0x630 [ 77.026976][ T1914] ? d_delete_notify+0x160/0x160 [ 77.031742][ T1914] __x64_sys_unlinkat+0xdf/0xf0 [ 77.036514][ T1914] do_syscall_64+0x3d/0xb0 [ 77.041124][ T1914] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.046985][ T1914] RIP: 0033:0x7f686b07c6c7 [ 77.051230][ T1914] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.070768][ T1914] RSP: 002b:00007fff37e48cf8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 77.079188][ T1914] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f686b07c6c7 [ 77.087092][ T1914] RDX: 0000000000000200 RSI: 00007fff37e49ea0 RDI: 00000000ffffff9c [ 77.094894][ T1914] RBP: 00007f686b0d9636 R08: 0000000000000000 R09: 0000000000000000 [ 77.102698][ T1914] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff37e49ea0 [ 77.110521][ T1914] R13: 00007f686b0d9636 R14: 0000000000012ad1 R15: 0000000000000009 [ 77.118545][ T1914] [ 77.121392][ T1914] [ 77.123560][ T1914] The buggy address belongs to the physical page: [ 77.129899][ T1914] page:ffffea0004eb0e00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x13ac38 [ 77.140227][ T1914] flags: 0x4000000000000000(zone=1) [ 77.145455][ T1914] raw: 4000000000000000 ffffea0004eb1008 ffffea0004f40e08 0000000000000000 [ 77.153888][ T1914] raw: 0000000000000001 0000000000000003 00000000ffffff7f 0000000000000000 [ 77.162375][ T1914] page dumped because: kasan: bad access detected [ 77.168625][ T1914] page_owner tracks the page as freed [ 77.173854][ T1914] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 2613, tgid 2612 (syz-executor.3), ts 74620233352, free_ts 74789509119 [ 77.193450][ T1914] post_alloc_hook+0x213/0x220 [ 77.198048][ T1914] prep_new_page+0x1b/0x110 [ 77.202389][ T1914] get_page_from_freelist+0x27ea/0x2870 [ 77.207788][ T1914] __alloc_pages+0x3a1/0x780 [ 77.212196][ T1914] __folio_alloc+0x15/0x40 [ 77.216449][ T1914] wp_page_copy+0x23b/0x1690 [ 77.220878][ T1914] do_wp_page+0xc25/0xdf0 [ 77.225041][ T1914] handle_mm_fault+0x15a2/0x2f40 [ 77.229855][ T1914] exc_page_fault+0x24d/0x700 [ 77.234330][ T1914] asm_exc_page_fault+0x27/0x30 [ 77.239019][ T1914] page last free stack trace: [ 77.243532][ T1914] free_unref_page_prepare+0x83d/0x850 [ 77.248831][ T1914] free_unref_page_list+0xf1/0x7b0 [ 77.253773][ T1914] release_pages+0xf7f/0xfe0 [ 77.258213][ T1914] free_pages_and_swap_cache+0x8a/0xa0 [ 77.263665][ T1914] tlb_flush_mmu+0xfe/0x1d0 [ 77.268191][ T1914] unmap_page_range+0x219d/0x2480 [ 77.273054][ T1914] unmap_vmas+0x4e4/0x660 [ 77.277218][ T1914] exit_mmap+0x2d1/0x940 [ 77.281416][ T1914] __mmput+0x95/0x310 [ 77.285199][ T1914] mmput+0x56/0x170 [ 77.288848][ T1914] do_exit+0xb29/0x2b80 [ 77.292839][ T1914] do_group_exit+0x21a/0x2d0 [ 77.297260][ T1914] __x64_sys_exit_group+0x3f/0x40 [ 77.302124][ T1914] do_syscall_64+0x3d/0xb0 [ 77.306565][ T1914] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.312288][ T1914] [ 77.314457][ T1914] Memory state around the buggy address: [ 77.319928][ T1914] ffff88813ac37f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.327829][ T1914] ffff88813ac37f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.335724][ T1914] >ffff88813ac38000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.343618][ T1914] ^ [ 77.347530][ T1914] ffff88813ac38080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.355425][ T1914] ffff88813ac38100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/04 12:10:41 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 77.363324][ T1914] ================================================================== [ 77.373039][ T6] usb 4-1: USB disconnect, device number 8 [ 77.487170][ T1914] Disabling lock debugging due to kernel taint [ 77.497893][ T2683] device syz_tun left promiscuous mode [ 77.503194][ T2683] bridge0: port 3(syz_tun) entered disabled state [ 77.513717][ T1165] usb 2-1: Using ep0 maxpacket: 32