last executing test programs: 44.808956582s ago: executing program 32 (id=552): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010000d04000000000000005d1c000000", @ANYRES32=r2, @ANYBLOB="60c000000800000024001280110001006272696467655f736c617665000000000c000580080022"], 0x44}, 0x1, 0x0, 0x0, 0xd1}, 0x0) 44.322278769s ago: executing program 0 (id=726): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000)=0x3ff) 44.071546433s ago: executing program 0 (id=737): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 43.64550107s ago: executing program 0 (id=753): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000400000000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000e000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r1}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 43.58869855s ago: executing program 0 (id=759): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0x1) 43.509336682s ago: executing program 0 (id=763): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xfffffffffffffde8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r0}, 0x10) setresuid(0x0, 0x0, 0x0) 43.363825964s ago: executing program 0 (id=768): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0xc001020a, 0x0, 0x3}]}) 43.315588855s ago: executing program 33 (id=768): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0xc001020a, 0x0, 0x3}]}) 25.513051928s ago: executing program 5 (id=1375): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0xffffc000) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0xff3, &(0x7f0000001e00)=""/4083, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 25.39501571s ago: executing program 5 (id=1380): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) process_mrelease(0xffffffffffffffff, 0x0) 25.366346671s ago: executing program 5 (id=1381): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000380)="618264", 0x3, 0x48c3, 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xf) 24.492913844s ago: executing program 5 (id=1412): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10) setrlimit(0x9, &(0x7f0000000000)={0x0, 0xfffffffffffffffe}) 24.482200694s ago: executing program 5 (id=1413): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@grpid}, {@auto_da_alloc}]}, 0x1, 0x4f4, &(0x7f00000008c0)="$eJzs3U1vG1sZAODXzpeTm3uTW7oABLSUQkFVncRto6oLKCuEUCVElyC1IXGjKHYcxU5pQhfpf0CiEitY8gNYd8WeDYIdm7JA4iMCNZVYGM14kpo0bkKT2CF+Hmk0c+Y4fs+pNefYr+s5AfStyxGxFRHDEfEoIiay87lsi3utLXnc6+1n8zvbz+Zz0Ww++HsurU/ORdvfJD7KnrMQET/4TsSPc+/GrW9sLs9VKuW1VnF0qlFdnapvbN5Yqs4tlhfLK6XS7Mzs9J2bt0sn1tdL1eHs6Iuvfrf1jZ8mzRrPzrT34yS1uj60FycxGBHfO41gPTCQ9We41w3hg+Qj4kJEXEmv/4kYSF9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXDuxhj+Uqt3rj+uLa+stDKlU3GUP7xUqU8neUKJ2Mol5Rn0uO35dK+8s2I+DQifjYympaL87XKQi/f+ABAH/to3/z/r5HW/A8AnHOFXjcAAOg68z8A9B/zPwD0H/M/APQf8z8A9B/zPwD0n8Pm/wPu3wkA/P/6/v37ydbcye5/vfBkY3259uTGQrm+XKyuzxfna2urxcVabTG9Z0/1sOer1GqrM7di/enkN1frjan6xubDam19pfEwva/3w/JQV3oFALzPp5de/jH5eL91dzTdom0tB3M1nG/5XjcA6JmBXjcA6BmrfUH/OsZnfOkBOCcO+y8+hYgY3X+y2Ww2T69JwCm79jn5f+hXbfl/vwKCPiP/D/1L/h/6V7OZO+qa/3HUBwIAZ5scP9Dh+/8L2f7X2ZcDP1rY/4gXp9kqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONt21/8tZmuBj0c+XyxGfBwRkzGUe7xUKU9HxCcR8YeRoZGkPNPjNgMAx5X/Sy5b/+vaxNXx/bXDuTcj6T4ifvKLBz9/OtdorP0+Of+PvfONF9n5Ui/aDwAcZneeTvdtH+Rfbz+b39262Z6/fjsiCq34O9vDsbMXfzAG030hhiJi7J+5rNySa8tdHMfW84j47EH9z8V4mgNprXy6P34S++Ouxs//V/x8WtfaJ/8WnzmBtkC/eZmMP/cOuv7ycTndH3z9F9IR6viy8S95qvmddAx8G393/BvoMP5dPmqMW7/9buto9N265xGfH4zYjb3TNv7sxs91iH/1iPH/9IUvXelU1/xlxLU4OH57rKlGdXWqvrF5Y6k6t1heLK+USrMzs9N3bt4uTaU56qnOs8Hf7l7/pFNd0v+xDvELh/T/q0fs/6/+/eiHX35P/K9/5aD4+bj4nvjJnPi1I8afG/tNoVNdEn+hQ/8Pe/2vHzH+qz9vvrNsOADQO/WNzeW5SqW81s2D3TcSXQ3q4BwctBIeibPRnvaDb3Ur1nD8T3/VbH5QrE4jxklk3YCzYO+ij4g3vW4MAAAAAAAAAAAAAABwoG78YqnXfQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD8+k8AAAD//2CSzDE=") creat(&(0x7f0000000240)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x4, 0x8001, 0x0, 0x9, 0x5d, 0xa, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "cba3d625780820d1cbf7db71038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "9300e6d6a89ef30bea2a0092000010000000aff571ec7f251438dc8876aa00"}) 24.378733836s ago: executing program 2 (id=1415): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_DESTROY(r2, 0x5502) 24.361767326s ago: executing program 2 (id=1416): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000014c0)={r1}, 0x4) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r1, 0x0) 24.346610746s ago: executing program 2 (id=1417): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xbb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10) listen(r0, 0x3) 24.303298907s ago: executing program 2 (id=1418): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8f1018, 0x0) move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0/file0\x00', 0x102) 24.299375377s ago: executing program 5 (id=1419): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x1, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@loopback, @in=@loopback, 0x4e22, 0x0, 0x4, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0xfffffffd, 0x32}, 0xa, @in=@multicast2, 0xfffffffd, 0x4, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 24.237576908s ago: executing program 2 (id=1420): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000a61a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x18) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 24.163418819s ago: executing program 2 (id=1421): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x3}, 0x4) sendmmsg$sock(r0, &(0x7f0000001600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 24.033275131s ago: executing program 34 (id=1421): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x3}, 0x4) sendmmsg$sock(r0, &(0x7f0000001600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 20.671163903s ago: executing program 1 (id=1487): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xffffffff, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x4, 0x4) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x81}}}}}}}, 0x0) 20.615781794s ago: executing program 1 (id=1488): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup3(r0, r1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xa31e2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 20.380229447s ago: executing program 1 (id=1490): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000b1000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) 20.359585868s ago: executing program 1 (id=1491): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xf, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = socket(0x1, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r1, &(0x7f0000000240), &(0x7f00000000c0)=@tcp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r0, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r2, 0x2}, 0x20) 20.299770698s ago: executing program 1 (id=1493): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@grpid}, {@auto_da_alloc}]}, 0x1, 0x4f4, &(0x7f00000008c0)="$eJzs3U1vG1sZAODXzpeTm3uTW7oABLSUQkFVncRto6oLKCuEUCVElyC1IXGjKHYcxU5pQhfpf0CiEitY8gNYd8WeDYIdm7JA4iMCNZVYGM14kpo0bkKT2CF+Hmk0c+Y4fs+pNefYr+s5AfStyxGxFRHDEfEoIiay87lsi3utLXnc6+1n8zvbz+Zz0Ww++HsurU/ORdvfJD7KnrMQET/4TsSPc+/GrW9sLs9VKuW1VnF0qlFdnapvbN5Yqs4tlhfLK6XS7Mzs9J2bt0sn1tdL1eHs6Iuvfrf1jZ8mzRrPzrT34yS1uj60FycxGBHfO41gPTCQ9We41w3hg+Qj4kJEXEmv/4kYSF9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXDuxhj+Uqt3rj+uLa+stDKlU3GUP7xUqU8neUKJ2Mol5Rn0uO35dK+8s2I+DQifjYympaL87XKQi/f+ABAH/to3/z/r5HW/A8AnHOFXjcAAOg68z8A9B/zPwD0H/M/APQf8z8A9B/zPwD0n8Pm/wPu3wkA/P/6/v37ydbcye5/vfBkY3259uTGQrm+XKyuzxfna2urxcVabTG9Z0/1sOer1GqrM7di/enkN1frjan6xubDam19pfEwva/3w/JQV3oFALzPp5de/jH5eL91dzTdom0tB3M1nG/5XjcA6JmBXjcA6BmrfUH/OsZnfOkBOCcO+y8+hYgY3X+y2Ww2T69JwCm79jn5f+hXbfl/vwKCPiP/D/1L/h/6V7OZO+qa/3HUBwIAZ5scP9Dh+/8L2f7X2ZcDP1rY/4gXp9kqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONt21/8tZmuBj0c+XyxGfBwRkzGUe7xUKU9HxCcR8YeRoZGkPNPjNgMAx5X/Sy5b/+vaxNXx/bXDuTcj6T4ifvKLBz9/OtdorP0+Of+PvfONF9n5Ui/aDwAcZneeTvdtH+Rfbz+b39262Z6/fjsiCq34O9vDsbMXfzAG030hhiJi7J+5rNySa8tdHMfW84j47EH9z8V4mgNprXy6P34S++Ouxs//V/x8WtfaJ/8WnzmBtkC/eZmMP/cOuv7ycTndH3z9F9IR6viy8S95qvmddAx8G393/BvoMP5dPmqMW7/9buto9N265xGfH4zYjb3TNv7sxs91iH/1iPH/9IUvXelU1/xlxLU4OH57rKlGdXWqvrF5Y6k6t1heLK+USrMzs9N3bt4uTaU56qnOs8Hf7l7/pFNd0v+xDvELh/T/q0fs/6/+/eiHX35P/K9/5aD4+bj4nvjJnPi1I8afG/tNoVNdEn+hQ/8Pe/2vHzH+qz9vvrNsOADQO/WNzeW5SqW81s2D3TcSXQ3q4BwctBIeibPRnvaDb3Ur1nD8T3/VbH5QrE4jxklk3YCzYO+ij4g3vW4MAAAAAAAAAAAAAABwoG78YqnXfQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD8+k8AAAD//2CSzDE=") creat(&(0x7f0000000240)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x4, 0x8001, 0x0, 0x9, 0x5d, 0xa, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "cba3d625780820d1cbf7db71038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "9300e6d6a89ef30bea2a0092000010000000aff571ec7f251438dc8876aa00"}) 20.19641933s ago: executing program 1 (id=1495): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x1, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x1ab, 0x9, 0x8}}]}, 0x40}}, 0x0) 18.968279049s ago: executing program 7 (id=1511): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r2, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) 18.87064831s ago: executing program 7 (id=1512): r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56e, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xfd, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xc6}}, [{{0x9, 0x5, 0x2, 0x3, 0x0, 0x8, 0x39, 0xfd}}]}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x10000902) syz_usb_control_io$hid(r0, &(0x7f0000000c00)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) 15.801943188s ago: executing program 7 (id=1531): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 14.709949604s ago: executing program 7 (id=1553): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000a40), 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x1000040, &(0x7f0000000140)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000000)={0x5, 0x200000000003, 0x3, 0xfffffffc}) 14.539686327s ago: executing program 7 (id=1557): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 14.33068394s ago: executing program 7 (id=1560): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x22826, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000000)={0xda, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000300)=@arm64) 14.257706191s ago: executing program 35 (id=1560): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x22826, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000000)={0xda, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000300)=@arm64) 9.263561848s ago: executing program 36 (id=1419): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x1, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@loopback, @in=@loopback, 0x4e22, 0x0, 0x4, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0xfffffffd, 0x32}, 0xa, @in=@multicast2, 0xfffffffd, 0x4, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 5.097139312s ago: executing program 37 (id=1495): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x1, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x1ab, 0x9, 0x8}}]}, 0x40}}, 0x0) 2.537741081s ago: executing program 6 (id=1716): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x40000000004) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448e4, &(0x7f0000000080)) 2.0025769s ago: executing program 3 (id=1734): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) 1.95792226s ago: executing program 3 (id=1737): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@dellink={0x34, 0x11, 0x1, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc008}, [@IFLA_IFNAME={0x14, 0x3, 'macsec0\x00'}]}, 0x34}}, 0x0) 1.880837651s ago: executing program 3 (id=1738): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0xfffc}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a3ff200140600fe8000000000000000000000000000bbfe8000f4ba785ab2a3052c00000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0) 1.865720092s ago: executing program 3 (id=1739): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000240)='./file0\x00', 0x62000024) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 1.849086422s ago: executing program 3 (id=1740): r0 = eventfd2(0x0, 0x0) io_setup(0x6, &(0x7f0000000040)=0x0) clock_gettime(0x0, &(0x7f0000000480)) io_getevents(r1, 0x3, 0x3, &(0x7f0000002a00)=[{}, {}, {}], 0x0) io_submit(r1, 0x2, &(0x7f0000002900)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x3511, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 1.390150139s ago: executing program 4 (id=1747): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1.378056569s ago: executing program 4 (id=1748): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x3, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) mremap(&(0x7f000044d000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f00009a9000/0x4000)=nil) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, 0x0) 1.34437852s ago: executing program 4 (id=1749): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.32033421s ago: executing program 4 (id=1750): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) chmod(0x0, 0x144) 1.30711534s ago: executing program 4 (id=1751): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) epoll_create(0xeed) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 937.074006ms ago: executing program 3 (id=1753): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) close_range(r1, r1, 0x0) 579.122261ms ago: executing program 8 (id=1768): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000dc0)=@updpolicy={0xb8, 0x19, 0x1, 0x4000000, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x120}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x40800}, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0xfffffffd, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) 442.760504ms ago: executing program 6 (id=1769): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_9p2000}]}}) 441.826324ms ago: executing program 8 (id=1770): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x10}]}, 0x50}}, 0x0) 432.991404ms ago: executing program 4 (id=1771): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12011001020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f01feffffff000000000006241a0000000905810300020000020904010000020d00000904010102020d00000905822f88d65d000009050302400000000008"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x14, 0x10, 0x10, 0x10, 0x10, 0x10, 0x13, 0xe, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 373.429174ms ago: executing program 6 (id=1773): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000100)={[{@dioread_lock}, {@grpquota}, {@nodioread_nolock}]}, 0x26, 0x75b, &(0x7f0000000d40)="$eJzs3M9rHOUbAPBnptmmP/L9bgTBHwcRWmihdJM0IO2p8eKtUCh4rSGZhJBJNmQ3tRsLtp6F2lwUBFHPHr0Kpf4B3qSg4F0QrfEgXlZms0lpmt1um6Qr6ecDk3ne+fW8T3Z4swN5J4AX1pvFjyRiKCIuR0S5vT2NiMOt6EjEzY3j1h/cmCqWJJrNK78nxWmx3ixvXStpr49H65R4NSLulSLOfPR43lpjdX4yz7PldnukvrA0Umusnp1bmJzNZrPFsfELo+fHx8+Pjj+xhld6rPXkuxeO3vnhnbW1H7+t335j4GwSE626o11bj5d5Khu/k1JMtNuH2uvF/UjWR0m/OwAAQE/S9nfSgda31HIcakUAAADAQdIcbAIAAAAHXhL97gEAAACwvzb/D2Bzbu9+zYPt5Le3I2J4p/wDrTnEEUeiFBHH1pNHZiYkG6fBrty8FRF3J7bff18Xd9jNXV57dFv70TnSh3d5dfbC3WL8mdhp/Em3xp/YYfwZ2Hx3wi51Hv8e5j/UYfy73GOO7754rdQx/62I1wcey//Ww/v/SCvXTvnf6zH/7bWP73Ta1/wq4tSOf3+SR3J1eT/ExMxc3vX1A/f+OX2/W/3HOuVPute/1GP9H6z/Od9pLCnynz7R/fPfKX9xT3zS7kcaEXfa66K9ti3HiYWfvu9W/3REc6f6n/T5f9lj/b98M3i9x0MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgJY2IoUjSylacppVKxPGIeDmOpXm1Vj8zU11ZnC72RQxHKZ2Zy7PRiChvtJOiPdaKH7bPbWuPR8RLPx/dSDqXZ5Wpaj7d7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYcjwihiJJKxGRRsRf5TStVCIGejh38Dn0DwAAANgjw/3uAAAAALDvPP8DAADAwfesz//JHvcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONAuX7pULM31Bzemivb0tcbKfPXa2emsNl9ZWJmqTFWXlyqz1epsnlWmqgtPul5erS6NXYiV6yP1rFYfqTVWry5UVxbrV+cWJmezq1npuVQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0xpqLUlaiYi0FadppRLxv4gYjlIyM5dnoxHx/4i4Xy4NFu2xfncaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPVdrrM5P5nm2LBAInlvwYUT8B7rRJej3yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD/UGqvzk3meLdf63RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6K/01iYhiOVU+ObR97+Hk73JrHRHvf37l0+uT9fryWLH9j63t9c/a28/1o/8AAADwQrj4NAdvPqdvPscDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0qtZYnZ/M82x5d8HFaKw2kw7H9LtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg2fwbAAD//2Wnx3E=") chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0x40200) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 372.236355ms ago: executing program 8 (id=1774): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) write$char_usb(r0, &(0x7f0000000380)="f5ec3bf80c0dd4a408b53973d37fcf7302d746b5a6ca62ea8afbc273929326ec5a4db0b564dc450de75da0ab6f34dc770ebe409cee3ddd00b254f778475841215aec02", 0x43) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x5ef789faab090e7a, 0x58) write$FUSE_INIT(r1, 0x0, 0x0) 362.445665ms ago: executing program 9 (id=1775): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 230.010107ms ago: executing program 9 (id=1776): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="10031200e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) recvmmsg(r0, &(0x7f0000003340)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)=""/149, 0x95}], 0x1}}], 0x1, 0x40, 0x0) 168.206168ms ago: executing program 9 (id=1777): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 72.152329ms ago: executing program 6 (id=1778): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 71.951209ms ago: executing program 9 (id=1779): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 62.593509ms ago: executing program 8 (id=1780): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 44.62901ms ago: executing program 6 (id=1781): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000019680)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x11, &(0x7f0000000100)=ANY=[@ANYBLOB="180200000000400000000000000000008500000041000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000807000085000000b600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 41.14523ms ago: executing program 9 (id=1782): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) uname(&(0x7f0000000100)=""/67) 26.79979ms ago: executing program 9 (id=1783): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0xaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) io_setup(0x4, &(0x7f00000014c0)) 18.19682ms ago: executing program 6 (id=1784): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000180)={0x0, 0x9, 0xf, {0xf, 0xe, "22880732fadac99d579918ff5b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f0000000280)={0x2, 0x200, 0x6, 0x4, 0x7, 0xf6}) 16.5242ms ago: executing program 8 (id=1785): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 0s ago: executing program 8 (id=1786): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) kernel console output (not intermixed with test programs): /file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.106945][ T2374] device wireguard0 entered promiscuous mode [ 62.261010][ T2400] loop3: detected capacity change from 0 to 512 [ 62.278375][ T512] kernel write not supported for file /input/event2 (pid: 512 comm: kworker/0:4) [ 62.309332][ T2400] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 62.318099][ T2400] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 62.326260][ T2400] System zones: 0-1, 15-15, 18-18, 34-34 [ 62.332963][ T2400] EXT4-fs (loop3): orphan cleanup on readonly fs [ 62.339226][ T2400] EXT4-fs warning (device loop3): ext4_enable_quotas:7017: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 62.353718][ T2400] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 62.360350][ T2400] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.864: bad orphan inode 16 [ 62.379888][ T2400] ext4_test_bit(bit=15, block=18) = 1 [ 62.386629][ T2400] is_bad_inode(inode)=0 [ 62.391290][ T2400] NEXT_ORPHAN(inode)=0 [ 62.395266][ T2400] max_ino=32 [ 62.398273][ T2400] i_nlink=2 [ 62.408480][ T2400] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 62.420137][ T2400] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 62.427933][ T2400] binfmt_misc: register: failed to install interpreter file ./file2 [ 62.457699][ T2425] loop5: detected capacity change from 0 to 256 [ 62.477556][ T2425] overlayfs: filesystem on './file2' not supported [ 62.517984][ T2438] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 62.537992][ T2441] loop3: detected capacity change from 0 to 512 [ 62.538743][ T2435] tap0: tun_chr_ioctl cmd 1074025677 [ 62.556005][ T2441] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 62.570945][ T2435] tap0: linktype set to 270 [ 62.581338][ T2441] EXT4-fs (loop3): 1 truncate cleaned up [ 62.588661][ T2450] loop5: detected capacity change from 0 to 256 [ 62.626438][ T2450] exfat: Deprecated parameter 'utf8' [ 62.631640][ T2452] bridge_slave_0: default FDB implementation only supports local addresses [ 62.659324][ T2450] exfat: Deprecated parameter 'namecase' [ 62.665007][ T2450] exfat: Deprecated parameter 'utf8' [ 62.709426][ T2462] syz.2.893[2462] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.709507][ T2462] syz.2.893[2462] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.723362][ T2450] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe20b369b, utbl_chksum : 0xe619d30d) [ 62.772988][ T2469] loop1: detected capacity change from 0 to 512 [ 62.821379][ T2469] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #3: comm syz.1.896: corrupted inode contents [ 62.841204][ T39] kernel write not supported for file /uinput (pid: 39 comm: kworker/1:1) [ 62.849918][ T2469] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #3: comm syz.1.896: mark_inode_dirty error [ 62.885463][ T2469] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #3: comm syz.1.896: corrupted inode contents [ 62.926298][ T2493] loop5: detected capacity change from 0 to 256 [ 62.940272][ T2469] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.896: mark_inode_dirty error [ 62.955950][ T2469] EXT4-fs error (device loop1): ext4_acquire_dquot:6782: comm syz.1.896: Failed to acquire dquot type 0 [ 62.970527][ T2469] EXT4-fs (loop1): 1 orphan inode deleted [ 62.976343][ T2469] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.009571][ T43] EXT4-fs error (device loop1): ext4_release_dquot:6805: comm kworker/u4:2: Failed to release dquot type 1 [ 63.049108][ T10] EXT4-fs error (device loop1): ext4_release_dquot:6805: comm kworker/u4:1: Failed to release dquot type 1 [ 63.064366][ T2486] loop6: detected capacity change from 0 to 40427 [ 63.072630][ T2486] F2FS-fs (loop6): fault_injection options not supported [ 63.086444][ T2486] F2FS-fs (loop6): Image doesn't support compression [ 63.095412][ T2486] F2FS-fs (loop6): Image doesn't support compression [ 63.109088][ T2486] F2FS-fs (loop6): invalid crc value [ 63.116459][ T2486] F2FS-fs (loop6): Found nat_bits in checkpoint [ 63.176707][ T2514] netlink: 'syz.2.916': attribute type 1 has an invalid length. [ 63.194033][ T2514] netlink: 'syz.2.916': attribute type 2 has an invalid length. [ 63.203026][ T2486] F2FS-fs (loop6): Start checkpoint disabled! [ 63.218004][ T2514] netlink: 'syz.2.916': attribute type 1 has an invalid length. [ 63.225585][ T2486] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 63.233127][ T2514] netlink: 'syz.2.916': attribute type 2 has an invalid length. [ 63.253900][ T2523] loop5: detected capacity change from 0 to 256 [ 63.262691][ T2523] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d) [ 63.280691][ T28] kauditd_printk_skb: 141 callbacks suppressed [ 63.280707][ T28] audit: type=1400 audit(1743473065.015:483): avc: denied { append } for pid=2522 comm="syz.5.920" path="/42/bus/memory.events.local" dev="loop5" ino=1048637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 63.356454][ T28] audit: type=1400 audit(1743473065.015:484): avc: denied { create } for pid=2525 comm="syz.2.922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 63.395538][ T28] audit: type=1400 audit(1743473065.015:485): avc: denied { setopt } for pid=2525 comm="syz.2.922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 63.463039][ T28] audit: type=1400 audit(1743473065.065:486): avc: denied { create } for pid=2528 comm="syz.2.923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 63.516128][ T28] audit: type=1400 audit(1743473065.065:487): avc: denied { setopt } for pid=2528 comm="syz.2.923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 63.552731][ T2554] syz.5.937[2554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.552829][ T2554] syz.5.937[2554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.569327][ T28] audit: type=1400 audit(1743473065.065:488): avc: denied { read } for pid=2528 comm="syz.2.923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 63.617447][ T2518] loop1: detected capacity change from 0 to 40427 [ 63.638289][ T28] audit: type=1400 audit(1743473065.065:489): avc: denied { create } for pid=2485 comm="syz.6.902" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 63.659806][ T2518] F2FS-fs (loop1): invalid crc value [ 63.666766][ T28] audit: type=1400 audit(1743473065.075:490): avc: denied { connect } for pid=2531 comm="syz.5.924" lport=512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 63.688931][ T2518] F2FS-fs (loop1): Found nat_bits in checkpoint [ 63.709416][ T28] audit: type=1400 audit(1743473065.105:491): avc: denied { remove_name } for pid=2485 comm="syz.6.902" name="file0" dev="loop6" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 63.768300][ T28] audit: type=1400 audit(1743473065.105:492): avc: denied { unlink } for pid=2485 comm="syz.6.902" name="file0" dev="loop6" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 63.772489][ T2578] loop2: detected capacity change from 0 to 512 [ 63.796394][ T2518] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 63.804059][ T2581] device bridge0 entered promiscuous mode [ 63.810638][ T2577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.946'. [ 63.811440][ T2581] bridge0: port 3(macsec1) entered blocking state [ 63.838887][ T2577] netlink: 8 bytes leftover after parsing attributes in process `syz.3.946'. [ 63.857143][ T2581] bridge0: port 3(macsec1) entered disabled state [ 63.883737][ T2581] device bridge0 left promiscuous mode [ 63.896705][ T2585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.949'. [ 63.988156][ T2600] loop5: detected capacity change from 0 to 256 [ 64.009559][ T2600] exfat: Deprecated parameter 'utf8' [ 64.014719][ T2600] exfat: Deprecated parameter 'namecase' [ 64.038644][ T2600] exfat: Deprecated parameter 'utf8' [ 64.066190][ T2600] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 64.210960][ T2614] incfs: Options parsing error. -22 [ 64.216126][ T2614] incfs: mount failed -22 [ 64.216908][ T2591] loop2: detected capacity change from 0 to 40427 [ 64.250825][ T2591] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 64.261532][ T2591] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 64.278637][ T2591] F2FS-fs (loop2): fault_injection options not supported [ 64.319104][ T2591] F2FS-fs (loop2): fault_type options not supported [ 64.330765][ T2591] F2FS-fs (loop2): invalid crc value [ 64.349763][ T2602] loop3: detected capacity change from 0 to 40427 [ 64.357535][ T2591] F2FS-fs (loop2): Found nat_bits in checkpoint [ 64.364039][ T2602] F2FS-fs (loop3): fault_injection options not supported [ 64.385453][ T2602] F2FS-fs (loop3): invalid crc value [ 64.413700][ T2602] F2FS-fs (loop3): Found nat_bits in checkpoint [ 64.426274][ T2636] loop1: detected capacity change from 0 to 128 [ 64.457413][ T2591] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 64.472192][ T2591] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 64.486542][ T2636] EXT4-fs mount: 11 callbacks suppressed [ 64.486563][ T2636] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 64.502607][ T2636] ext4 filesystem being mounted at /211/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 64.522121][ T2636] fscrypt (loop1, inode 12): Can't use IV_INO_LBLK_64 policy with contents mode other than AES-256-XTS [ 64.544862][ T2602] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 64.593376][ T295] EXT4-fs (loop1): unmounting filesystem. [ 64.636261][ T2653] loop1: detected capacity change from 0 to 1024 [ 64.669234][ T2653] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 64.697226][ T2653] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2739: inode #12: comm syz.1.976: corrupted in-inode xattr [ 64.764222][ T295] EXT4-fs (loop1): unmounting filesystem. [ 64.873769][ T2685] loop6: detected capacity change from 0 to 2048 [ 64.895610][ T2679] loop3: detected capacity change from 0 to 8192 [ 64.899241][ T2688] loop1: detected capacity change from 0 to 16 [ 64.900921][ T2681] loop2: detected capacity change from 0 to 2048 [ 64.914600][ T2688] erofs: Unexpected value for 'acl' [ 64.917280][ T2685] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 64.959040][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 65.012128][ T2681] loop2: unable to read partition table [ 65.024723][ T2681] loop2: partition table beyond EOD, truncated [ 65.041045][ T2681] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 65.247152][ T2737] loop2: detected capacity change from 0 to 256 [ 65.322032][ T2737] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 65.332837][ T2737] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 65.367055][ T2737] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 65.513720][ T2734] loop3: detected capacity change from 0 to 40427 [ 65.521657][ T2734] F2FS-fs (loop3): invalid crc value [ 65.547560][ T2757] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1018'. [ 65.556119][ T2734] F2FS-fs (loop3): Found nat_bits in checkpoint [ 65.604098][ T2734] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 65.656667][ T291] bio_check_eod: 4 callbacks suppressed [ 65.656688][ T291] syz-executor: attempt to access beyond end of device [ 65.656688][ T291] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 65.670501][ T2774] loop2: detected capacity change from 0 to 128 [ 65.686843][ T2774] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 65.695861][ T2774] ext4 filesystem being mounted at /203/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 65.711053][ T2774] syz.2.1027 (pid 2774) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 65.737327][ T294] EXT4-fs (loop2): unmounting filesystem. [ 65.907211][ T2804] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=49 sclass=netlink_audit_socket pid=2804 comm=syz.6.1038 [ 65.925000][ T2806] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1039'. [ 66.049221][ T2823] loop6: detected capacity change from 0 to 128 [ 66.069935][ T2823] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 66.078670][ T2801] loop2: detected capacity change from 0 to 40427 [ 66.085723][ T2823] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.097137][ T2801] F2FS-fs (loop2): invalid crc value [ 66.108852][ T2801] F2FS-fs (loop2): Found nat_bits in checkpoint [ 66.130355][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 66.192776][ T2839] SELinux: failed to load policy [ 66.204182][ T2842] SELinux: failed to load policy [ 66.217104][ T2801] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 66.233967][ T2845] loop3: detected capacity change from 0 to 512 [ 66.241387][ T2845] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 66.266896][ T2845] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 66.276022][ T2845] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec02c, mo2=0002] [ 66.277353][ T294] syz-executor: attempt to access beyond end of device [ 66.277353][ T294] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 66.283992][ T2845] System zones: 0-2, 18-18, 34-34 [ 66.304021][ T2845] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 66.318750][ T2845] EXT4-fs (loop3): 1 truncate cleaned up [ 66.324325][ T2845] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 66.377260][ T2861] loop6: detected capacity change from 0 to 512 [ 66.380459][ T291] EXT4-fs (loop3): unmounting filesystem. [ 66.390398][ T2861] EXT4-fs: Ignoring removed bh option [ 66.396222][ T2861] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 66.449498][ T2861] EXT4-fs (loop6): 1 truncate cleaned up [ 66.454990][ T2861] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 66.472443][ T2874] netlink: 'syz.1.1071': attribute type 1 has an invalid length. [ 66.480129][ T2874] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1071'. [ 66.541800][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 66.696980][ T2906] device bridge0 entered promiscuous mode [ 66.720765][ T2906] bridge0: port 3(macsec2) entered blocking state [ 66.727042][ T2906] bridge0: port 3(macsec2) entered disabled state [ 66.734890][ T2906] device bridge0 left promiscuous mode [ 66.759110][ T2916] loop5: detected capacity change from 0 to 512 [ 66.771465][ T2916] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 66.780535][ T2916] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.805431][ T2068] EXT4-fs (loop5): unmounting filesystem. [ 67.371120][ T2940] KVM: debugfs: duplicate directory 2940-4 [ 67.540954][ T2948] loop5: detected capacity change from 0 to 512 [ 67.552233][ T2948] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1100: corrupted inode contents [ 67.564247][ T2948] EXT4-fs error (device loop5): ext4_dirty_inode:6091: inode #16: comm syz.5.1100: mark_inode_dirty error [ 67.576585][ T2948] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1100: corrupted inode contents [ 67.600430][ T2952] device bridge0 entered promiscuous mode [ 67.603405][ T2948] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.1100: mark_inode_dirty error [ 67.609912][ T2954] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1102'. [ 67.626634][ T2948] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1100: corrupted inode contents [ 67.638135][ T2952] bridge0: port 3(macsec2) entered blocking state [ 67.645001][ T2948] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 67.647751][ T2952] bridge0: port 3(macsec2) entered disabled state [ 67.657715][ T2948] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1100: corrupted inode contents [ 67.672521][ T2956] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1104'. [ 67.682183][ T2958] tmpfs: Unknown parameter 'nolazytimeÙþ' [ 67.687990][ T2948] EXT4-fs error (device loop5): ext4_truncate:4313: inode #16: comm syz.5.1100: mark_inode_dirty error [ 67.699170][ T2952] device bridge0 left promiscuous mode [ 67.715510][ T2948] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 67.733945][ T2948] EXT4-fs (loop5): 1 truncate cleaned up [ 67.739870][ T2948] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 67.758727][ T2948] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.775557][ T10] EXT4-fs error (device loop5): ext4_release_dquot:6805: comm kworker/u4:1: Failed to release dquot type 1 [ 67.798147][ T2068] EXT4-fs (loop5): unmounting filesystem. [ 67.931016][ T2995] loop3: detected capacity change from 0 to 256 [ 68.005963][ T3002] syz.1.1124[3002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.006043][ T3002] syz.1.1124[3002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 68.037823][ T3006] loop3: detected capacity change from 0 to 128 [ 68.055934][ T3006] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 68.061754][ T2988] loop6: detected capacity change from 0 to 40427 [ 68.068144][ T3006] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 68.076247][ T2988] F2FS-fs (loop6): invalid crc value [ 68.090614][ T2988] F2FS-fs (loop6): Found nat_bits in checkpoint [ 68.101920][ T43] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 68.139690][ T2988] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 68.156865][ T2988] syz.6.1118: attempt to access beyond end of device [ 68.156865][ T2988] loop6: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 68.182517][ T2187] syz-executor: attempt to access beyond end of device [ 68.182517][ T2187] loop6: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 68.389893][ T28] kauditd_printk_skb: 51 callbacks suppressed [ 68.389909][ T3031] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 68.389910][ T28] audit: type=1400 audit(1743473070.125:543): avc: denied { relabelfrom } for pid=3030 comm="syz.3.1135" name="NETLINK" dev="sockfs" ino=27761 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 68.428860][ T28] audit: type=1400 audit(1743473070.155:544): avc: denied { relabelto } for pid=3030 comm="syz.3.1135" name="NETLINK" dev="sockfs" ino=27761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_route_socket permissive=1 trawcon="system_u:object_r:hwdata_t:s0" [ 68.469831][ T3033] capability: warning: `syz.3.1136' uses 32-bit capabilities (legacy support in use) [ 68.491914][ T28] audit: type=1400 audit(1743473070.225:545): avc: denied { watch } for pid=3034 comm="syz.3.1137" path="/250/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 68.519163][ T28] audit: type=1400 audit(1743473070.245:546): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 68.538885][ T296] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 68.560134][ T3039] loop3: detected capacity change from 0 to 512 [ 68.568374][ T3039] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 68.577303][ T3039] ext4 filesystem being mounted at /252/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 68.591018][ T3039] EXT4-fs (loop3): shut down requested (1) [ 68.597212][ T3039] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=15 [ 68.606166][ T3039] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=15 [ 68.614943][ T3039] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=15 [ 68.660894][ T3048] overlayfs: failed to set xattr on upper [ 68.666497][ T3048] overlayfs: ...falling back to index=off,metacopy=off. [ 68.673347][ T3048] overlayfs: ...falling back to xino=off. [ 68.679000][ T3048] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 68.719365][ T296] usb 2-1: Using ep0 maxpacket: 32 [ 68.725397][ T296] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 68.736186][ T296] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.745788][ T296] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 68.754835][ T296] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.763332][ T296] usb 2-1: config 0 descriptor?? [ 68.969392][ T512] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 69.019479][ T223] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 69.133095][ T291] EXT4-fs (loop3): unmounting filesystem. [ 69.149299][ T512] usb 3-1: Using ep0 maxpacket: 16 [ 69.155724][ T512] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.165755][ T512] usb 3-1: config 0 has no interfaces? [ 69.176589][ T512] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 69.189539][ T296] savu 0003:1E7D:2D5A.000A: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 69.201628][ T512] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.211126][ T512] usb 3-1: Product: syz [ 69.213548][ T223] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.215164][ T512] usb 3-1: Manufacturer: syz [ 69.231478][ T512] usb 3-1: SerialNumber: syz [ 69.238821][ T223] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.248531][ T223] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 69.249491][ T512] r8152-cfgselector 3-1: config 0 descriptor?? [ 69.261787][ T223] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 69.276087][ T223] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.300026][ T223] usb 6-1: config 0 descriptor?? [ 69.440721][ T3064] loop6: detected capacity change from 0 to 40427 [ 69.447545][ T3065] loop3: detected capacity change from 0 to 40427 [ 69.447829][ T3064] F2FS-fs (loop6): Image doesn't support compression [ 69.454943][ T3065] F2FS-fs (loop3): fault_injection options not supported [ 69.461501][ T296] usb 2-1: USB disconnect, device number 4 [ 69.468284][ T3065] F2FS-fs (loop3): invalid crc value [ 69.476952][ T3064] F2FS-fs (loop6): invalid crc value [ 69.479731][ T3065] F2FS-fs (loop3): Found nat_bits in checkpoint [ 69.483113][ T3064] F2FS-fs (loop6): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 69.502571][ T3064] F2FS-fs (loop6): Found nat_bits in checkpoint [ 69.538409][ T3065] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 69.550684][ T3064] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 69.583691][ T3064] syz.6.1150: attempt to access beyond end of device [ 69.583691][ T3064] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 69.597696][ T291] syz-executor: attempt to access beyond end of device [ 69.597696][ T291] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 69.598306][ T3064] syz.6.1150: attempt to access beyond end of device [ 69.598306][ T3064] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 69.639030][ T2187] syz-executor: attempt to access beyond end of device [ 69.639030][ T2187] loop6: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 69.708337][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.718251][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.725844][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.733419][ T296] usb 3-1: USB disconnect, device number 9 [ 69.748724][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.756117][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.763416][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.770713][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.777885][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.785438][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.792700][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.799923][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.807052][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.814278][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.821855][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.829094][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.836343][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.843547][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.850698][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.857895][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.865160][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.872365][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.879549][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.886719][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.893950][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.901209][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.908994][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.916295][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.923519][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.931062][ T3080] loop3: detected capacity change from 0 to 1024 [ 69.931074][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.931099][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.938064][ T3080] EXT4-fs: Ignoring removed orlov option [ 69.944696][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.952891][ T3080] EXT4-fs (loop3): Test dummy encryption mode enabled [ 69.957423][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.974268][ T3080] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 69.978406][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 69.997063][ T28] audit: type=1400 audit(1743473071.725:547): avc: denied { mount } for pid=3082 comm="syz.1.1157" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 70.019006][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 70.021184][ T28] audit: type=1400 audit(1743473071.735:548): avc: denied { remount } for pid=3082 comm="syz.1.1157" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 70.045894][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 70.045931][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 70.045953][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 70.054182][ T28] audit: type=1400 audit(1743473071.755:549): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 70.060563][ T223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 70.068966][ T3080] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 70.119728][ T223] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 70.129347][ T291] EXT4-fs (loop3): unmounting filesystem. [ 70.130606][ T3086] loop1: detected capacity change from 0 to 8192 [ 70.136432][ T223] plantronics 0003:047F:FFFF.000B: hiddev96,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 70.167238][ T28] audit: type=1400 audit(1743473071.895:550): avc: denied { getattr } for pid=3087 comm="syz.3.1159" name="KEY" dev="sockfs" ino=28877 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 70.176189][ T223] usb 6-1: USB disconnect, device number 2 [ 70.231512][ T28] audit: type=1400 audit(1743473071.965:551): avc: denied { getattr } for pid=3089 comm="syz.3.1161" name="/" dev="dax" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 70.299823][ T28] audit: type=1326 audit(1743473072.025:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3100 comm="syz.1.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702378d169 code=0x7ffc0000 [ 70.348638][ T3098] loop3: detected capacity change from 0 to 8192 [ 70.359538][ T3098] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 70.373448][ T3109] SELinux: security_context_str_to_sid (u) failed with errno=-22 [ 70.423933][ T3117] loop1: detected capacity change from 0 to 512 [ 70.432328][ T3117] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 70.445299][ T3117] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 70.454490][ T3117] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec02c, mo2=0002] [ 70.469350][ T3117] System zones: 0-2, 18-18, 34-34 [ 70.475076][ T3117] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 70.509916][ T3117] EXT4-fs (loop1): 1 truncate cleaned up [ 70.515548][ T3117] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 70.559303][ T512] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 70.610994][ T295] EXT4-fs (loop1): unmounting filesystem. [ 70.615440][ T3122] loop6: detected capacity change from 0 to 40427 [ 70.633273][ T3122] F2FS-fs (loop6): fault_injection options not supported [ 70.644147][ T3122] F2FS-fs (loop6): invalid crc value [ 70.664488][ T3122] F2FS-fs (loop6): Found nat_bits in checkpoint [ 70.729364][ T3122] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 70.749298][ T512] usb 3-1: Using ep0 maxpacket: 8 [ 70.755283][ T512] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 70.779062][ T512] usb 3-1: config 179 has no interface number 0 [ 70.800353][ T2187] syz-executor: attempt to access beyond end of device [ 70.800353][ T2187] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 70.801957][ T512] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 70.849081][ T512] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 70.872202][ T512] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 70.894030][ T512] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 70.917167][ T512] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 70.939612][ T3124] loop5: detected capacity change from 0 to 40427 [ 70.943421][ T512] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 70.959837][ T3124] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 70.969663][ T3124] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 70.983128][ T512] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.002289][ T3095] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 71.028999][ T3124] F2FS-fs (loop5): Found nat_bits in checkpoint [ 71.132548][ T3135] loop1: detected capacity change from 0 to 40427 [ 71.143149][ T3135] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 71.150982][ T3124] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 71.150991][ T3135] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 71.151025][ T3124] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 71.189964][ T3135] F2FS-fs (loop1): Found nat_bits in checkpoint [ 71.258515][ T296] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input18 [ 71.298788][ T3135] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 71.315871][ T3135] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 71.668842][ T223] usb 3-1: USB disconnect, device number 10 [ 71.668880][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 71.682861][ C0] dummy_hcd dummy_hcd.2: timer fired with no URBs pending? [ 71.682872][ T223] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 71.895644][ T3205] loop1: detected capacity change from 0 to 256 [ 71.902276][ T3205] FAT-fs (loop1): Unrecognized mount option "ut¯f8=0" or missing value [ 71.955088][ T3207] loop3: detected capacity change from 0 to 8192 [ 72.001829][ T3211] loop1: detected capacity change from 0 to 512 [ 72.015265][ T3211] EXT4-fs (loop1): 1 truncate cleaned up [ 72.027728][ T3211] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 72.053963][ T3211] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1210: invalid indirect mapped block 234881024 (level 0) [ 72.074975][ T3211] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1210: invalid indirect mapped block 16744704 (level 1) [ 72.097577][ T295] EXT4-fs (loop1): unmounting filesystem. [ 72.386721][ T3234] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 72.452611][ T3240] loop5: detected capacity change from 0 to 2048 [ 72.524131][ T3240] loop5: unable to read partition table [ 72.536424][ T3240] loop5: partition table beyond EOD, truncated [ 72.551230][ T3240] loop_reread_partitions: partition scan of loop5 () failed (rc=-5) [ 72.612875][ T3238] loop3: detected capacity change from 0 to 40427 [ 72.620164][ T3238] F2FS-fs (loop3): fault_injection options not supported [ 72.627627][ T3238] F2FS-fs (loop3): invalid crc value [ 72.633972][ T3238] F2FS-fs (loop3): Found nat_bits in checkpoint [ 72.670099][ T3238] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 72.701191][ T291] syz-executor: attempt to access beyond end of device [ 72.701191][ T291] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 72.846645][ T3263] device bridge0 entered promiscuous mode [ 72.854776][ T3263] bridge0: port 3(macsec1) entered blocking state [ 72.861321][ T3263] bridge0: port 3(macsec1) entered disabled state [ 72.869614][ T3263] device bridge0 left promiscuous mode [ 73.016120][ T3277] loop3: detected capacity change from 0 to 8192 [ 73.372571][ T3297] loop6: detected capacity change from 0 to 512 [ 73.392060][ T3297] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.450438][ T3297] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 73.470581][ T3297] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.496475][ T3284] loop2: detected capacity change from 0 to 40427 [ 73.520029][ T3284] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 73.537736][ T3284] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 73.579693][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 73.608459][ T3284] F2FS-fs (loop2): Found nat_bits in checkpoint [ 73.637862][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 73.637880][ T28] audit: type=1400 audit(1743473075.365:568): avc: denied { write } for pid=3314 comm="syz.1.1252" name="ip6_mr_cache" dev="proc" ino=4026532662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 73.740638][ T3284] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 73.747909][ T3284] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 73.759060][ T3330] loop1: detected capacity change from 0 to 2048 [ 73.810320][ T3330] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 73.862632][ T295] EXT4-fs (loop1): unmounting filesystem. [ 73.908390][ T28] audit: type=1400 audit(1743473075.635:569): avc: denied { write } for pid=3345 comm="syz.1.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 74.042673][ T294] syz-executor: attempt to access beyond end of device [ 74.042673][ T294] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 74.100388][ T3363] loop5: detected capacity change from 0 to 512 [ 74.106744][ T3363] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 74.131881][ T3363] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1274'. [ 74.178609][ T3365] loop5: detected capacity change from 0 to 8192 [ 74.193901][ T28] audit: type=1400 audit(1743473075.925:570): avc: denied { create } for pid=3366 comm="syz.3.1285" name="file7" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 74.329343][ T19] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 74.354229][ T3378] loop3: detected capacity change from 0 to 16 [ 74.360990][ T3378] erofs: (device loop3): mounted with root inode @ nid 36. [ 74.411699][ T3382] tmpfs: Unknown parameter 'nolazytimeÄGÚAú >Kúrí¾50¦ûcȇ´ƒã#Ù3JåTñŽ]’éºA²åæ’?ÀÉU:ü1j@¡‡s'«|ë_jŽKZðÜè˜'ûû4Y7z7°‘ÒùHy<V£ÛÍ&‹·ÒЖ' [ 74.459871][ T3386] loop3: detected capacity change from 0 to 512 [ 74.472960][ T3386] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1282: corrupted inode contents [ 74.484991][ T3386] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #16: comm syz.3.1282: mark_inode_dirty error [ 74.496485][ T3386] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1282: corrupted inode contents [ 74.508514][ T3386] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.1282: mark_inode_dirty error [ 74.519981][ T3386] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1282: corrupted inode contents [ 74.532384][ T3386] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 74.532474][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.550720][ T3386] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1282: corrupted inode contents [ 74.551509][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.572685][ T296] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 74.580158][ T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 74.589077][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.589988][ T3386] EXT4-fs error (device loop3): ext4_truncate:4313: inode #16: comm syz.3.1282: mark_inode_dirty error [ 74.598142][ T19] usb 2-1: config 0 descriptor?? [ 74.608433][ T3386] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 74.622007][ T3386] EXT4-fs (loop3): 1 truncate cleaned up [ 74.627505][ T3386] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 74.636392][ T3386] ext4 filesystem being mounted at /288/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.646925][ T43] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 74.673631][ T43] EXT4-fs error (device loop3): ext4_release_dquot:6805: comm kworker/u4:2: Failed to release dquot type 1 [ 74.699174][ T291] EXT4-fs (loop3): unmounting filesystem. [ 74.716768][ T3393] loop3: detected capacity change from 0 to 512 [ 74.723281][ T3393] EXT4-fs: Ignoring removed orlov option [ 74.731128][ T3393] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.1284: casefold flag without casefold feature [ 74.743776][ T3393] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1284: couldn't read orphan inode 15 (err -117) [ 74.755649][ T3393] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 74.759342][ T296] usb 3-1: Using ep0 maxpacket: 8 [ 74.771587][ T296] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 74.779966][ T296] usb 3-1: config 179 has no interface number 0 [ 74.786749][ T296] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 74.794693][ T291] EXT4-fs (loop3): unmounting filesystem. [ 74.798191][ T296] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 74.816097][ T296] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 74.827472][ T296] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 74.837543][ T296] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 74.850925][ T296] usb 3-1: config 179 interface 65 has no altsetting 0 [ 74.857676][ T296] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 74.866581][ T296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.886743][ T296] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input19 [ 74.980458][ T28] audit: type=1400 audit(1743473077.708:571): avc: denied { write } for pid=3407 comm="syz.6.1292" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 75.035443][ T19] logitech 0003:046D:C293.000C: unbalanced collection at end of report description [ 75.049558][ T19] logitech 0003:046D:C293.000C: parse failed [ 75.055599][ T19] logitech: probe of 0003:046D:C293.000C failed with error -22 [ 75.097808][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 75.108562][ T19] usb 3-1: USB disconnect, device number 11 [ 75.115029][ T19] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 75.169976][ T28] audit: type=1400 audit(1743473077.898:572): avc: denied { read } for pid=3421 comm="syz.5.1298" path="socket:[28481]" dev="sockfs" ino=28481 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 75.241045][ T512] usb 2-1: USB disconnect, device number 5 [ 75.309317][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 75.501238][ T24] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 75.509406][ T24] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 75.518003][ T24] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 75.528323][ T24] usb 7-1: config 220 has no interface number 2 [ 75.534415][ T24] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 75.547328][ T24] usb 7-1: config 220 interface 0 has no altsetting 0 [ 75.553924][ T24] usb 7-1: config 220 interface 76 has no altsetting 0 [ 75.560611][ T24] usb 7-1: config 220 interface 1 has no altsetting 0 [ 75.568615][ T24] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 75.577486][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.585461][ T24] usb 7-1: Product: syz [ 75.589459][ T24] usb 7-1: Manufacturer: syz [ 75.593855][ T24] usb 7-1: SerialNumber: syz [ 75.759048][ T3441] loop2: detected capacity change from 0 to 8192 [ 75.802205][ T24] usb 7-1: selecting invalid altsetting 0 [ 75.807871][ T24] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 75.824081][ T3454] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1314'. [ 75.828282][ T24] usb 7-1: No valid video chain found. [ 75.852933][ T28] audit: type=1400 audit(1743473078.578:573): avc: denied { write } for pid=3458 comm="syz.1.1315" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 75.871578][ T24] usb 7-1: USB disconnect, device number 2 [ 75.903772][ T3464] device ip6tnl2 entered promiscuous mode [ 76.093446][ T3483] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1326'. [ 76.726216][ T3516] loop2: detected capacity change from 0 to 256 [ 76.811317][ T28] audit: type=1400 audit(1743473079.528:574): avc: denied { bind } for pid=3521 comm="syz.6.1344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 76.937816][ T3540] xt_hashlimit: max too large, truncated to 1048576 [ 76.950651][ T3540] xt_bpf: check failed: parse error [ 77.064720][ T3556] device batadv_slave_1 entered promiscuous mode [ 77.079766][ T3555] device batadv_slave_1 left promiscuous mode [ 77.183820][ T3526] loop6: detected capacity change from 0 to 40427 [ 77.199843][ T3526] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 77.207548][ T3526] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 77.223120][ T3565] loop2: detected capacity change from 0 to 512 [ 77.247693][ T3565] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.1363: casefold flag without casefold feature [ 77.250628][ T3571] loop5: detected capacity change from 0 to 256 [ 77.270174][ T3526] F2FS-fs (loop6): Found nat_bits in checkpoint [ 77.279990][ T3565] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1363: couldn't read orphan inode 15 (err -117) [ 77.304423][ T3565] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 77.339486][ T3571] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 77.360069][ T3526] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 77.370485][ T3526] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 77.379676][ T294] EXT4-fs (loop2): unmounting filesystem. [ 77.432915][ T28] audit: type=1400 audit(1743473080.158:575): avc: denied { setopt } for pid=3584 comm="syz.1.1369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 77.600794][ T3602] loop2: detected capacity change from 0 to 2048 [ 77.641240][ T3602] Alternate GPT is invalid, using primary GPT. [ 77.648651][ T3602] loop2: p1 p2 p3 [ 77.652931][ T2187] syz-executor: attempt to access beyond end of device [ 77.652931][ T2187] loop6: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 77.853707][ T3630] loop1: detected capacity change from 0 to 512 [ 77.877793][ T3634] SELinux: Context system_u:object_r:lib_t:s0 is not valid (left unmapped). [ 77.881545][ T3630] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 77.886865][ T28] audit: type=1400 audit(1743473080.618:576): avc: denied { relabelto } for pid=3633 comm="syz.6.1391" name="NETLINK" dev="sockfs" ino=30119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:lib_t:s0" [ 77.895327][ T3630] ext4 filesystem being mounted at /315/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.949360][ T512] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 77.964340][ T295] EXT4-fs (loop1): unmounting filesystem. [ 78.024108][ T3652] hub 1-0:1.0: USB hub found [ 78.028845][ T3652] hub 1-0:1.0: 1 port detected [ 78.054294][ T3656] loop2: detected capacity change from 0 to 1024 [ 78.082438][ T3656] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 78.090967][ T3656] ext4 filesystem being mounted at /242/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.107402][ T3656] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 78.122345][ T3656] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28 [ 78.134760][ T3656] EXT4-fs (loop2): This should not happen!! Data will be lost [ 78.134760][ T3656] [ 78.145010][ T3656] EXT4-fs (loop2): Total free blocks count 0 [ 78.152431][ T512] usb 4-1: Using ep0 maxpacket: 8 [ 78.161512][ T512] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 78.164331][ T3656] EXT4-fs (loop2): Free/Dirty block details [ 78.175540][ T3656] EXT4-fs (loop2): free_blocks=4293918720 [ 78.180342][ T512] usb 4-1: config 179 has no interface number 0 [ 78.181427][ T3656] EXT4-fs (loop2): dirty_blocks=64 [ 78.188408][ T512] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 78.194368][ T3656] EXT4-fs (loop2): Block reservation details [ 78.203675][ T512] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 78.212761][ T3656] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 78.235838][ T512] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 78.252392][ T512] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 78.270146][ T512] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 78.288578][ T294] EXT4-fs (loop2): unmounting filesystem. [ 78.295144][ T512] usb 4-1: config 179 interface 65 has no altsetting 0 [ 78.303534][ T512] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 78.314222][ T512] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.332708][ T512] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input20 [ 78.400999][ T3674] loop6: detected capacity change from 0 to 40427 [ 78.408468][ T3674] F2FS-fs (loop6): fault_injection options not supported [ 78.418052][ T3674] F2FS-fs (loop6): invalid crc value [ 78.425098][ T3674] F2FS-fs (loop6): Found nat_bits in checkpoint [ 78.472144][ T3674] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 78.495820][ T2187] syz-executor: attempt to access beyond end of device [ 78.495820][ T2187] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 78.538744][ T512] usb 4-1: USB disconnect, device number 6 [ 78.544437][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 78.549818][ T3687] loop5: detected capacity change from 0 to 512 [ 78.556713][ T512] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 78.594545][ T3687] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 78.613488][ T3687] ext4 filesystem being mounted at /141/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 78.639355][ T223] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 78.651510][ T3697] loop6: detected capacity change from 0 to 256 [ 78.662979][ T3697] FAT-fs (loop6): Directory bread(block 64) failed [ 78.669589][ T3697] FAT-fs (loop6): Directory bread(block 65) failed [ 78.676778][ T3697] FAT-fs (loop6): Directory bread(block 66) failed [ 78.683762][ T3697] FAT-fs (loop6): Directory bread(block 67) failed [ 78.690325][ T3697] FAT-fs (loop6): Directory bread(block 68) failed [ 78.696669][ T3697] FAT-fs (loop6): Directory bread(block 69) failed [ 78.703327][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 78.703343][ T28] audit: type=1400 audit(1743473081.438:586): avc: denied { rmdir } for pid=2068 comm="syz-executor" name="lost+found" dev="loop5" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 78.703462][ T3697] FAT-fs (loop6): Directory bread(block 70) failed [ 78.710859][ T2068] EXT4-fs error (device loop5): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /141/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 78.744363][ T3697] FAT-fs (loop6): Directory bread(block 71) failed [ 78.772121][ T3697] FAT-fs (loop6): Directory bread(block 72) failed [ 78.778565][ T3697] FAT-fs (loop6): Directory bread(block 73) failed [ 78.840269][ T10] kworker/u4:1: attempt to access beyond end of device [ 78.840269][ T10] loop6: rw=1, sector=1224, nr_sectors = 12 limit=256 [ 78.854451][ T223] usb 2-1: not running at top speed; connect to a high speed hub [ 78.874220][ T223] usb 2-1: config 95 has an invalid interface number: 1 but max is 0 [ 78.892378][ T223] usb 2-1: config 95 has no interface number 0 [ 78.908565][ T223] usb 2-1: config 95 interface 1 has no altsetting 0 [ 78.943249][ T223] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 78.959311][ T223] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.970613][ T223] usb 2-1: Product: syz [ 78.974604][ T223] usb 2-1: Manufacturer: syz [ 78.979107][ T223] usb 2-1: SerialNumber: syz [ 79.124860][ T3717] x_tables: ip6_tables: CT target: only valid in raw table, not GPL [ 79.127437][ T28] audit: type=1400 audit(1743473081.848:587): avc: denied { mounton } for pid=3715 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 79.156094][ T3719] loop6: detected capacity change from 0 to 2048 [ 79.190284][ T3719] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 79.198616][ T3719] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.229618][ T3719] fs-verity: sha256 using implementation "sha256-avx2" [ 79.250469][ T223] usb 2-1: USB disconnect, device number 6 [ 79.282792][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 79.349636][ T3715] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.369649][ T3715] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.388700][ T3715] device bridge_slave_0 entered promiscuous mode [ 79.407739][ T3715] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.432393][ T3715] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.442310][ T3715] device bridge_slave_1 entered promiscuous mode [ 79.460564][ T43] device veth1_macvtap left promiscuous mode [ 79.466539][ T43] device veth0_vlan left promiscuous mode [ 79.623688][ T3742] 9pnet_fd: p9_fd_create_tcp (3742): problem connecting socket to 127.0.0.1 [ 79.704035][ T3744] loop6: detected capacity change from 0 to 8192 [ 79.760189][ T3715] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.767088][ T3715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.774215][ T3715] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.781084][ T3715] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.819579][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.828789][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.862311][ T3751] loop3: detected capacity change from 0 to 512 [ 79.872546][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.881437][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.900085][ T3751] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 79.924088][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.942904][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.957289][ T3751] EXT4-fs (loop3): Couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead [ 79.980662][ T1978] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.987535][ T1978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.028888][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.048832][ T291] EXT4-fs (loop3): unmounting filesystem. [ 80.061866][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.091051][ T1978] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.097933][ T1978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.110927][ T3756] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 80.119575][ T6] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 80.126583][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.133365][ T3756] overlayfs: missing 'lowerdir' [ 80.146768][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.172747][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.190501][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.206822][ T3715] device veth0_vlan entered promiscuous mode [ 80.214363][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 80.224517][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.233634][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 80.242442][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 80.259952][ T3715] device veth1_macvtap entered promiscuous mode [ 80.267672][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 80.276649][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 80.285018][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 80.294737][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 80.304152][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 80.309305][ T6] usb 2-1: Using ep0 maxpacket: 32 [ 80.319707][ T6] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 80.333494][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 80.344892][ T6] usb 2-1: config 0 has no interface number 0 [ 80.352286][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.361691][ T6] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.375449][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 80.396688][ T6] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.399939][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 80.424716][ T6] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 80.451011][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.485722][ T6] usb 2-1: config 0 descriptor?? [ 80.541113][ T3764] loop7: detected capacity change from 0 to 8192 [ 80.558571][ T3764] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 80.755847][ T28] audit: type=1400 audit(1743473083.468:588): avc: denied { execute_no_trans } for pid=3780 comm="syz.3.1453" path="/337/file0" dev="tmpfs" ino=1783 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 80.841136][ T28] audit: type=1400 audit(1743473083.548:589): avc: denied { create } for pid=3784 comm="syz.6.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 80.889837][ T28] audit: type=1400 audit(1743473083.558:590): avc: denied { connect } for pid=3784 comm="syz.6.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 80.917400][ T3752] loop1: detected capacity change from 0 to 2048 [ 80.942439][ T3790] loop7: detected capacity change from 0 to 128 [ 80.982763][ T3752] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 81.057673][ T3801] ./file0: Can't open blockdev [ 81.228659][ T6] uclogic 0003:28BD:0094.000D: failed retrieving string descriptor #100: -71 [ 81.249321][ T6] uclogic 0003:28BD:0094.000D: failed retrieving pen parameters: -71 [ 81.257245][ T6] uclogic 0003:28BD:0094.000D: pen probing failed: -71 [ 81.279315][ T6] uclogic 0003:28BD:0094.000D: failed probing parameters: -71 [ 81.286642][ T6] uclogic: probe of 0003:28BD:0094.000D failed with error -71 [ 81.310198][ T6] usb 2-1: USB disconnect, device number 7 [ 81.414135][ T3805] loop3: detected capacity change from 0 to 40427 [ 81.429819][ T3805] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 81.447533][ T3805] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 81.458511][ T3805] F2FS-fs (loop3): invalid crc value [ 81.482954][ T3805] F2FS-fs (loop3): Found nat_bits in checkpoint [ 81.576759][ T3805] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 81.593880][ T3805] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 81.629809][ T3805] syz.3.1462: attempt to access beyond end of device [ 81.629809][ T3805] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 81.667914][ T43] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 81.682105][ T43] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 81.739780][ T43] kworker/u4:2: attempt to access beyond end of device [ 81.739780][ T43] loop3: rw=1, sector=45104, nr_sectors = 8 limit=40427 [ 81.756178][ T295] EXT4-fs (loop1): unmounting filesystem. [ 81.989598][ T3832] hub 1-0:1.0: USB hub found [ 81.994181][ T3832] hub 1-0:1.0: 1 port detected [ 82.039608][ T28] audit: type=1400 audit(1743473084.768:591): avc: denied { map } for pid=3834 comm="syz.6.1477" path="socket:[30483]" dev="sockfs" ino=30483 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 82.073668][ T3838] loop1: detected capacity change from 0 to 1024 [ 82.149718][ T28] audit: type=1326 audit(1743473084.878:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.6.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bd18d169 code=0x7ffc0000 [ 82.197418][ T28] audit: type=1326 audit(1743473084.908:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.6.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f76bd18d169 code=0x7ffc0000 [ 82.245638][ T28] audit: type=1326 audit(1743473084.908:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.6.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bd18d169 code=0x7ffc0000 [ 82.293816][ T28] audit: type=1326 audit(1743473084.908:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3847 comm="syz.6.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f76bd18d169 code=0x7ffc0000 [ 82.572137][ T3868] loop7: detected capacity change from 0 to 512 [ 82.587614][ T3868] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 82.599309][ T223] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 82.607521][ T3868] EXT4-fs (loop7): Couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead [ 82.650425][ T3715] EXT4-fs (loop7): unmounting filesystem. [ 82.668977][ T3877] loop1: detected capacity change from 0 to 512 [ 82.695005][ T3877] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 82.708761][ T3883] loop7: detected capacity change from 0 to 1024 [ 82.715307][ T3877] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.733312][ T3883] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 82.741751][ T3883] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.755266][ T3883] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 82.770099][ T3883] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 82.782297][ T3883] EXT4-fs (loop7): This should not happen!! Data will be lost [ 82.782297][ T3883] [ 82.791903][ T3883] EXT4-fs (loop7): Total free blocks count 0 [ 82.805729][ T223] usb 7-1: not running at top speed; connect to a high speed hub [ 82.807942][ T295] EXT4-fs error (device loop1): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /334/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 82.814002][ T3883] EXT4-fs (loop7): Free/Dirty block details [ 82.839899][ T3883] EXT4-fs (loop7): free_blocks=4293918720 [ 82.845523][ T3883] EXT4-fs (loop7): dirty_blocks=16 [ 82.850504][ T3883] EXT4-fs (loop7): Block reservation details [ 82.856265][ T3883] EXT4-fs (loop7): i_reserved_data_blocks=1 [ 82.862100][ T223] usb 7-1: config 95 has an invalid interface number: 1 but max is 0 [ 82.870108][ T223] usb 7-1: config 95 has no interface number 0 [ 82.876110][ T223] usb 7-1: config 95 interface 1 has no altsetting 0 [ 82.889625][ T223] usb 7-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 82.898506][ T223] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.912007][ T223] usb 7-1: Product: syz [ 82.916345][ T223] usb 7-1: Manufacturer: syz [ 82.917182][ T3715] EXT4-fs (loop7): unmounting filesystem. [ 82.920848][ T223] usb 7-1: SerialNumber: syz [ 83.090624][ T3896] overlayfs: null uuid detected in lower fs '/', falling back to xino=off,index=off,nfs_export=off. [ 83.162152][ T223] usb 7-1: USB disconnect, device number 3 [ 83.299479][ T6] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 83.439434][ T3910] loop7: detected capacity change from 0 to 128 [ 83.500421][ T6] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 83.523192][ T6] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 83.549852][ T6] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 83.565319][ T3914] loop7: detected capacity change from 0 to 1024 [ 83.569364][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 83.589299][ T6] usb 4-1: SerialNumber: syz [ 83.595386][ T6] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 83.609479][ T6] usb-storage 4-1:1.0: USB Mass Storage device detected [ 83.617695][ T3914] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 83.629366][ T3914] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.637039][ T6] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 83.674282][ T3914] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 83.689186][ T6] scsi host1: usb-storage 4-1:1.0 [ 83.717988][ T3914] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28 [ 83.759601][ T3914] EXT4-fs (loop7): This should not happen!! Data will be lost [ 83.759601][ T3914] [ 83.809702][ T3914] EXT4-fs (loop7): Total free blocks count 0 [ 83.815540][ T3914] EXT4-fs (loop7): Free/Dirty block details [ 83.825038][ T3924] syz.6.1510[3924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.825119][ T3924] syz.6.1510[3924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.856469][ T3914] EXT4-fs (loop7): free_blocks=4293918720 [ 83.913627][ T3914] EXT4-fs (loop7): dirty_blocks=64 [ 83.918589][ T3914] EXT4-fs (loop7): Block reservation details [ 83.954821][ T3914] EXT4-fs (loop7): i_reserved_data_blocks=4 [ 84.039583][ T3715] EXT4-fs (loop7): unmounting filesystem. [ 84.081972][ T6] usb 4-1: USB disconnect, device number 7 [ 84.883593][ T3940] loop3: detected capacity change from 0 to 256 [ 85.256170][ T3959] loop6: detected capacity change from 0 to 1024 [ 85.293747][ T3959] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 85.437491][ T3957] loop3: detected capacity change from 0 to 40427 [ 85.452063][ T3957] F2FS-fs (loop3): fault_type options not supported [ 85.467430][ T3957] F2FS-fs (loop3): invalid crc value [ 85.485201][ T3957] F2FS-fs (loop3): Found nat_bits in checkpoint [ 85.577436][ T3957] F2FS-fs (loop3): Start checkpoint disabled! [ 85.595302][ T3957] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 85.824511][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 85.824527][ T28] audit: type=1400 audit(1743473088.548:603): avc: denied { mount } for pid=3965 comm="syz.3.1525" name="/" dev="configfs" ino=14494 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 85.876656][ T28] audit: type=1400 audit(1743473088.548:604): avc: denied { search } for pid=3965 comm="syz.3.1525" name="/" dev="configfs" ino=14494 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 85.921434][ T28] audit: type=1400 audit(1743473088.548:605): avc: denied { write } for pid=3965 comm="syz.3.1525" name="/" dev="configfs" ino=14494 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 85.942721][ T3972] loop3: detected capacity change from 0 to 512 [ 85.970971][ T3972] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1528: bg 0: block 393: padding at end of block bitmap is not set [ 85.995434][ T3972] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 86.009673][ T3972] EXT4-fs (loop3): 2 truncates cleaned up [ 86.016398][ T3972] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 86.060316][ T291] EXT4-fs (loop3): unmounting filesystem. [ 86.099823][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 87.229478][ T3984] loop6: detected capacity change from 0 to 2048 [ 87.271386][ T3982] loop7: detected capacity change from 0 to 8192 [ 87.292394][ T3984] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 87.314424][ T3984] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 87.329396][ T3984] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 87.349372][ T3984] EXT4-fs (loop6): This should not happen!! Data will be lost [ 87.349372][ T3984] [ 87.358860][ T3984] EXT4-fs (loop6): Total free blocks count 0 [ 87.365385][ T3984] EXT4-fs (loop6): Free/Dirty block details [ 87.371289][ T3984] EXT4-fs (loop6): free_blocks=2415919104 [ 87.376883][ T3984] EXT4-fs (loop6): dirty_blocks=64 [ 87.381824][ T3984] EXT4-fs (loop6): Block reservation details [ 87.387663][ T3984] EXT4-fs (loop6): i_reserved_data_blocks=4 [ 87.394410][ T3996] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 87.455769][ T28] audit: type=1400 audit(1743473090.178:606): avc: denied { compute_member } for pid=3997 comm="syz.6.1538" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 87.579903][ T4009] loop3: detected capacity change from 0 to 512 [ 87.595283][ T4009] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 87.626713][ T4009] EXT4-fs (loop3): 1 truncate cleaned up [ 87.639298][ T4009] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 87.740845][ T291] EXT4-fs (loop3): unmounting filesystem. [ 87.764694][ T4015] loop6: detected capacity change from 0 to 512 [ 87.821838][ T4015] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a816c098, mo2=0002] [ 87.848191][ T4015] System zones: 1-12 [ 87.873244][ T4015] EXT4-fs error (device loop6): ext4_xattr_inode_iget:404: comm syz.6.1546: inode #1: comm syz.6.1546: iget: illegal inode # [ 87.947891][ T4015] EXT4-fs error (device loop6): ext4_xattr_inode_iget:409: comm syz.6.1546: error while reading EA inode 1 err=-117 [ 87.976360][ T4022] loop3: detected capacity change from 0 to 512 [ 87.996912][ T4022] EXT4-fs: Ignoring removed orlov option [ 88.020942][ T4015] EXT4-fs (loop6): 1 orphan inode deleted [ 88.029362][ T4015] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 88.052916][ T4022] EXT4-fs error (device loop3): dx_probe:823: inode #2: comm syz.3.1548: Attempting to read directory block (0) that is past i_size (256) [ 88.112226][ T4022] EXT4-fs (loop3): Remounting filesystem read-only [ 88.118637][ T4022] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 88.128002][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 88.257915][ T28] audit: type=1400 audit(1743473090.978:607): avc: denied { sys_module } for pid=4029 comm="syz.6.1552" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 88.336480][ T4036] loop7: detected capacity change from 0 to 512 [ 88.362568][ T4036] EXT4-fs error (device loop7): ext4_xattr_inode_iget:400: comm syz.7.1553: Parent and EA inode have the same ino 15 [ 88.380760][ T4036] EXT4-fs (loop7): 1 orphan inode deleted [ 88.391899][ T4034] loop6: detected capacity change from 0 to 512 [ 88.398250][ T4034] EXT4-fs: quotafile must be on filesystem root [ 88.406880][ T28] audit: type=1400 audit(1743473091.138:608): avc: denied { mounton } for pid=4035 comm="syz.7.1553" path="/22/file0/file0" dev="loop7" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 88.429827][ T28] audit: type=1400 audit(1743473091.148:609): avc: denied { read } for pid=4035 comm="syz.7.1553" name="file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 88.452069][ T28] audit: type=1400 audit(1743473091.148:610): avc: denied { open } for pid=4035 comm="syz.7.1553" path="/22/file0/file0/file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 88.462743][ T3715] EXT4-fs error (device loop7): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 88.477444][ T28] audit: type=1400 audit(1743473091.158:611): avc: denied { ioctl } for pid=4035 comm="syz.7.1553" path="/22/file0/file0/file0" dev="overlay" ino=13 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 88.520756][ T3715] EXT4-fs error (device loop7): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 15 [ 88.529850][ T28] audit: type=1400 audit(1743473091.248:612): avc: denied { unlink } for pid=3715 comm="syz-executor" name="lost+found" dev="loop7" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1 [ 88.532359][ T3715] EXT4-fs error (device loop7): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 15 [ 88.788176][ T4053] input: syz0 as /devices/virtual/input/input22 [ 89.023268][ T4054] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.030170][ T4054] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.037502][ T4054] device bridge_slave_0 entered promiscuous mode [ 89.060248][ T4054] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.067102][ T4054] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.089814][ T4054] device bridge_slave_1 entered promiscuous mode [ 89.180421][ T1978] device bridge_slave_1 left promiscuous mode [ 89.186483][ T1978] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.194057][ T1978] device bridge_slave_0 left promiscuous mode [ 89.209331][ T1978] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.217425][ T1978] device veth1_macvtap left promiscuous mode [ 89.239364][ T1978] device veth0_vlan left promiscuous mode [ 89.473326][ T4054] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.480221][ T4054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.487310][ T4054] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.494103][ T4054] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.559900][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.579516][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.589583][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.629596][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.638194][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.659963][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.666831][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.689379][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.697699][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.719757][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.726615][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.749377][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.757304][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.779675][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.789465][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.821055][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 89.840056][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 89.862669][ T4054] device veth0_vlan entered promiscuous mode [ 89.869775][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 89.877743][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 89.900564][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 89.908246][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 89.934705][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 89.949640][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 89.970959][ T4054] device veth1_macvtap entered promiscuous mode [ 89.991752][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 90.009695][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 90.029675][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 90.051078][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 90.069479][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 90.234013][ T4068] loop8: detected capacity change from 0 to 8192 [ 90.429326][ T19] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 90.469315][ T6] usb 7-1: new low-speed USB device number 4 using dummy_hcd [ 90.619605][ T19] usb 4-1: Using ep0 maxpacket: 16 [ 90.626134][ T19] usb 4-1: unable to get BOS descriptor or descriptor too short [ 90.643113][ T19] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x82 has invalid maxpacket 1023 [ 90.654314][ T6] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.679280][ T6] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 90.688085][ T6] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 90.698805][ T19] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x3 has invalid maxpacket 32 [ 90.719280][ T19] usb 4-1: config 1 interface 0 has no altsetting 0 [ 90.726102][ T6] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 90.749331][ T6] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.758746][ T19] usb 4-1: string descriptor 0 read error: -22 [ 90.764799][ T19] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 90.780206][ T4070] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 90.787784][ T6] hub 7-1:1.0: bad descriptor, ignoring hub [ 90.799293][ T6] hub: probe of 7-1:1.0 failed with error -5 [ 90.805274][ T6] cdc_wdm 7-1:1.0: skipping garbage [ 90.810333][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.829561][ T6] cdc_wdm 7-1:1.0: skipping garbage [ 90.834696][ T4066] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 90.849299][ T4066] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 90.857406][ T6] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 91.065618][ T19] cdc_ether: probe of 4-1:1.0 failed with error -71 [ 91.073872][ T19] usb 4-1: USB disconnect, device number 8 [ 91.197940][ T4073] loop8: detected capacity change from 0 to 128 [ 91.228677][ T4073] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.261328][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 91.261346][ T28] audit: type=1400 audit(1743473093.988:614): avc: denied { setattr } for pid=4072 comm="syz.8.1566" path="/2/file1/file1" dev="loop8" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 91.449704][ T223] usb 7-1: USB disconnect, device number 4 [ 91.799331][ T6] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 91.809295][ T223] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 91.921105][ T4100] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 91.928979][ T28] audit: type=1400 audit(1743473094.648:615): avc: denied { remount } for pid=4099 comm="syz.3.1580" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 91.991871][ T6] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.009336][ T6] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 92.011879][ T223] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.029338][ T6] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 92.049277][ T223] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 92.049283][ T6] usb 9-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 92.049311][ T6] usb 9-1: Duplicate descriptor for config 1 interface 2 altsetting 1, skipping [ 92.068155][ T223] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 92.100671][ T6] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 92.109294][ T223] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 92.119272][ T6] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.128528][ T223] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.137189][ T6] usb 9-1: Product: syz [ 92.141343][ T6] usb 9-1: Manufacturer: syz [ 92.142419][ T4070] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 92.145750][ T6] usb 9-1: SerialNumber: syz [ 92.163696][ T223] hub 7-1:1.0: bad descriptor, ignoring hub [ 92.173228][ T223] hub: probe of 7-1:1.0 failed with error -5 [ 92.179171][ T223] cdc_wdm 7-1:1.0: skipping garbage [ 92.194362][ T223] cdc_wdm 7-1:1.0: skipping garbage [ 92.204510][ T223] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 92.279319][ T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 92.372682][ T6] usb 9-1: USB disconnect, device number 2 [ 92.480346][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.502604][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 92.519395][ T223] usb 7-1: USB disconnect, device number 5 [ 92.525918][ T24] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 92.535344][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 92.543665][ T24] usb 4-1: SerialNumber: syz [ 92.761144][ T24] usb 4-1: 0:2 : does not exist [ 92.770899][ T24] usb 4-1: USB disconnect, device number 9 [ 93.326193][ T4135] loop6: detected capacity change from 0 to 512 [ 93.340360][ T4135] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 93.365447][ T4135] EXT4-fs (loop6): 1 truncate cleaned up [ 93.569346][ T223] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 93.673596][ T4148] loop6: detected capacity change from 0 to 256 [ 93.690015][ T4148] FAT-fs (loop6): Unrecognized mount option "ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ" or missing value [ 93.761771][ T223] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.785621][ T223] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 93.804913][ T223] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 93.824168][ T223] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.852077][ T223] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 93.881146][ T223] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.897639][ T223] usb 4-1: Product: syz [ 93.906120][ T223] usb 4-1: Manufacturer: syz [ 93.915961][ T223] usb 4-1: SerialNumber: syz [ 93.979338][ T4159] input: syz1 as /devices/virtual/input/input23 [ 94.025213][ T4166] loop6: detected capacity change from 0 to 512 [ 94.045809][ T4155] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.053178][ T4155] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.061682][ T4155] device bridge_slave_0 entered promiscuous mode [ 94.068669][ T4155] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.075757][ T4155] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.083162][ T4155] device bridge_slave_1 entered promiscuous mode [ 94.083397][ T4166] EXT4-fs (loop6): 1 orphan inode deleted [ 94.097884][ T4166] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.108640][ T1978] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 94.128545][ T1978] EXT4-fs error (device loop6): ext4_release_dquot:6805: comm kworker/u4:5: Failed to release dquot type 1 [ 94.149384][ T1978] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 94.162910][ T1978] EXT4-fs error (device loop6): ext4_release_dquot:6805: comm kworker/u4:5: Failed to release dquot type 1 [ 94.235502][ T4173] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1611'. [ 94.297490][ T4155] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.304419][ T4155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.311512][ T4155] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.318361][ T4155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.416218][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.424435][ T1978] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.435801][ T1978] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.463994][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.482766][ T1978] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.489661][ T1978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.491363][ T4182] loop6: detected capacity change from 0 to 512 [ 94.515933][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.517082][ T4182] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 94.534579][ T1978] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.541454][ T1978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.554245][ T4182] EXT4-fs (loop6): orphan cleanup on readonly fs [ 94.564836][ T4182] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2 [ 94.581180][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.590084][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.597723][ T4182] EXT4-fs (loop6): 1 truncate cleaned up [ 94.609958][ T4182] EXT4-fs mount: 11 callbacks suppressed [ 94.609989][ T4182] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 94.636404][ T4155] device veth0_vlan entered promiscuous mode [ 94.643316][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.652476][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.661208][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.668770][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.685823][ T4155] device veth1_macvtap entered promiscuous mode [ 94.692966][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.713391][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 94.738015][ T10] device bridge_slave_1 left promiscuous mode [ 94.745573][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.764635][ T10] device bridge_slave_0 left promiscuous mode [ 94.779874][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.803079][ T10] device veth1_macvtap left promiscuous mode [ 94.808953][ T10] device veth0_vlan left promiscuous mode [ 94.822637][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 94.953086][ T223] cdc_ncm 4-1:1.0: bind() failure [ 94.959191][ T223] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 94.973944][ T223] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 94.991065][ T223] usb 4-1: USB disconnect, device number 10 [ 95.004126][ T1978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.129335][ T19] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 95.255764][ T28] audit: type=1400 audit(1743473097.981:616): avc: denied { relabelfrom } for pid=4201 comm="syz.9.1622" name="" dev="pipefs" ino=32424 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 95.278779][ T4202] SELinux: Context system_u:object_r:iptables_unit_file_t:s0 is not valid (left unmapped). [ 95.290562][ T28] audit: type=1400 audit(1743473098.021:617): avc: denied { relabelto } for pid=4201 comm="syz.9.1622" name="" dev="pipefs" ino=32424 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:iptables_unit_file_t:s0" [ 95.339677][ T19] usb 7-1: Using ep0 maxpacket: 16 [ 95.344607][ T28] audit: type=1400 audit(1743473098.061:618): avc: denied { read write } for pid=4155 comm="syz-executor" name="loop9" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 95.346066][ T19] usb 7-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 95.407448][ T28] audit: type=1400 audit(1743473098.061:619): avc: denied { open } for pid=4155 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 95.409310][ T19] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 95.458219][ T28] audit: type=1400 audit(1743473098.061:620): avc: denied { ioctl } for pid=4155 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=123 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 95.509280][ T19] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 95.510978][ T28] audit: type=1400 audit(1743473098.071:621): avc: denied { bpf } for pid=4205 comm="syz.9.1624" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 95.539135][ T19] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 95.562006][ T19] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 95.592432][ T19] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.609335][ T19] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 95.617167][ T19] usb 7-1: SerialNumber: syz [ 95.635097][ T4187] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 95.646001][ T19] cdc_acm 7-1:1.0: Control and data interfaces are not separated! [ 95.654944][ T4221] loop9: detected capacity change from 0 to 256 [ 95.660578][ T19] cdc_acm: probe of 7-1:1.0 failed with error -12 [ 95.679710][ T4221] FAT-fs (loop9): Directory bread(block 64) failed [ 95.696297][ T4221] FAT-fs (loop9): Directory bread(block 65) failed [ 95.703042][ T4221] FAT-fs (loop9): Directory bread(block 66) failed [ 95.710146][ T4221] FAT-fs (loop9): Directory bread(block 67) failed [ 95.716538][ T4221] FAT-fs (loop9): Directory bread(block 68) failed [ 95.722984][ T4221] FAT-fs (loop9): Directory bread(block 69) failed [ 95.729386][ T4221] FAT-fs (loop9): Directory bread(block 70) failed [ 95.736068][ T4221] FAT-fs (loop9): Directory bread(block 71) failed [ 95.742515][ T4221] FAT-fs (loop9): Directory bread(block 72) failed [ 95.749003][ T4221] FAT-fs (loop9): Directory bread(block 73) failed [ 95.819633][ T1414] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 95.842101][ T4227] netlink: 44 bytes leftover after parsing attributes in process `syz.9.1634'. [ 95.850951][ T4227] netlink: 'syz.9.1634': attribute type 6 has an invalid length. [ 95.858426][ T4227] netlink: 'syz.9.1634': attribute type 5 has an invalid length. [ 95.866123][ T4227] netlink: 'syz.9.1634': attribute type 4 has an invalid length. [ 95.917893][ T223] usb 7-1: USB disconnect, device number 6 [ 95.943253][ T4235] loop9: detected capacity change from 0 to 512 [ 95.959910][ T4235] EXT4-fs: Invalid want_extra_isize 7 [ 96.009298][ T1414] usb 9-1: Using ep0 maxpacket: 32 [ 96.015643][ T1414] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 96.035477][ T1414] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 96.050791][ T1414] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 96.069365][ T1414] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 96.089034][ T1414] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 96.109274][ T1414] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 96.137952][ T1414] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 96.157188][ T1414] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.179592][ T1414] usb 9-1: config 0 descriptor?? [ 96.387253][ T1414] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 96.449446][ T512] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 96.564170][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 96.564186][ T28] audit: type=1400 audit(1743473099.291:660): avc: denied { name_bind } for pid=4256 comm="syz.6.1648" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 96.590859][ T1414] usb 9-1: USB disconnect, device number 3 [ 96.602847][ T1414] usblp0: removed [ 96.608109][ T4260] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1649'. [ 96.625762][ T28] audit: type=1400 audit(1743473099.291:661): avc: denied { node_bind } for pid=4256 comm="syz.6.1648" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 96.653236][ T512] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.663287][ T512] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 96.672806][ T512] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 96.682131][ T512] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 96.690244][ T512] usb 10-1: SerialNumber: syz [ 96.898112][ T512] usb 10-1: 0:2 : does not exist [ 96.906258][ T512] usb 10-1: USB disconnect, device number 2 [ 96.929320][ T223] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 97.002918][ T4266] loop3: detected capacity change from 0 to 256 [ 97.012438][ T4266] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 97.024810][ T4266] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 97.034168][ T28] audit: type=1400 audit(1743473099.761:662): avc: denied { mount } for pid=4265 comm="syz.3.1652" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 97.069973][ T28] audit: type=1400 audit(1743473099.791:663): avc: denied { write } for pid=4265 comm="syz.3.1652" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 97.099611][ T28] audit: type=1400 audit(1743473099.791:664): avc: denied { add_name } for pid=4265 comm="syz.3.1652" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 97.144191][ T28] audit: type=1400 audit(1743473099.791:665): avc: denied { create } for pid=4265 comm="syz.3.1652" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 97.149379][ T223] usb 7-1: Using ep0 maxpacket: 32 [ 97.187985][ T28] audit: type=1400 audit(1743473099.791:666): avc: denied { associate } for pid=4265 comm="syz.3.1652" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 97.230724][ T223] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.252601][ T28] audit: type=1400 audit(1743473099.791:667): avc: denied { remount } for pid=4265 comm="syz.3.1652" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 97.272733][ T28] audit: type=1400 audit(1743473099.791:668): avc: denied { remove_name } for pid=4265 comm="syz.3.1652" name="file0" dev="loop3" ino=1048701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 97.279306][ T223] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.313752][ T28] audit: type=1400 audit(1743473099.791:669): avc: denied { rename } for pid=4265 comm="syz.3.1652" name="file0" dev="loop3" ino=1048701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 97.338673][ T223] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 97.340213][ T4270] overlayfs: failed to create directory ./file0/work (errno: 13); mounting read-only [ 97.357894][ T223] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.363581][ T4270] overlayfs: conflicting lowerdir path [ 97.374103][ T223] usb 7-1: config 0 descriptor?? [ 97.379061][ T4272] loop8: detected capacity change from 0 to 128 [ 97.410794][ T4272] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 97.434116][ T4272] ext4 filesystem being mounted at /23/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 97.476223][ T4054] EXT4-fs (loop8): unmounting filesystem. [ 97.789936][ T223] savu 0003:1E7D:2D5A.000E: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 98.017084][ T4312] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 98.041143][ T4312] device bridge_slave_0 left promiscuous mode [ 98.047150][ T4312] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.069915][ T4312] device bridge_slave_1 left promiscuous mode [ 98.075915][ T4312] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.110175][ T24] usb 7-1: USB disconnect, device number 7 [ 98.122276][ T295] EXT4-fs (loop1): unmounting filesystem. [ 98.191311][ T4313] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.203046][ T4313] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.216659][ T4313] device bridge_slave_0 entered promiscuous mode [ 98.231140][ T4313] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.242516][ T4313] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.250041][ T4313] device bridge_slave_1 entered promiscuous mode [ 98.304099][ T4313] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.310984][ T4313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.318061][ T4313] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.324867][ T4313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.349589][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.357068][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.364396][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.373816][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.382167][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.389038][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.399956][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.408179][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.415067][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.428794][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 98.438253][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 98.455205][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 98.467133][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 98.475366][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 98.483239][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 98.495437][ T4313] device veth0_vlan entered promiscuous mode [ 98.512663][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.522459][ T4313] device veth1_macvtap entered promiscuous mode [ 98.529816][ T39] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 98.535584][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.556775][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.650421][ T43] device bridge_slave_1 left promiscuous mode [ 98.656560][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.664393][ T43] device bridge_slave_0 left promiscuous mode [ 98.670598][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.678729][ T43] device veth1_macvtap left promiscuous mode [ 98.684699][ T43] device veth0_vlan left promiscuous mode [ 98.720463][ T39] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.737867][ T39] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.758808][ T39] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 98.790184][ T4335] loop6: detected capacity change from 0 to 40427 [ 98.796629][ T39] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 98.806135][ T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.814050][ T4335] F2FS-fs (loop6): Small segment_count (9 < 1 * 24) [ 98.814754][ T39] usb 9-1: config 0 descriptor?? [ 98.821649][ T4335] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 98.836956][ T4335] F2FS-fs (loop6): Found nat_bits in checkpoint [ 98.859497][ T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 98.909017][ T4335] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 98.917903][ T4335] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 98.949358][ T2187] syz-executor: attempt to access beyond end of device [ 98.949358][ T2187] loop6: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 99.050604][ T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.061732][ T24] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 99.071522][ T24] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 99.081110][ T24] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.097509][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.106537][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.114438][ T24] usb 5-1: Product: syz [ 99.118452][ T24] usb 5-1: Manufacturer: syz [ 99.122857][ T24] usb 5-1: SerialNumber: syz [ 99.155979][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.163470][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.170763][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.177925][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.186000][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x2 [ 99.193253][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.200476][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.207613][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.214890][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.222481][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.229779][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.237159][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.238831][ T39] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 99.244492][ T296] hid-generic 00A0:0006:0003.000F: unknown main item tag 0x0 [ 99.246042][ T296] hid-generic 00A0:0006:0003.000F: hidraw0: HID v0.05 Device [syz1] on syz0 [ 99.253781][ T39] plantronics 0003:047F:FFFF.0010: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 99.449297][ T223] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 99.511116][ T296] usb 9-1: USB disconnect, device number 4 [ 99.649334][ T223] usb 7-1: Using ep0 maxpacket: 16 [ 99.655348][ T223] usb 7-1: config 0 has no interfaces? [ 99.662592][ T223] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 99.671548][ T223] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.679300][ T223] usb 7-1: Product: syz [ 99.683290][ T223] usb 7-1: Manufacturer: syz [ 99.687703][ T223] usb 7-1: SerialNumber: syz [ 99.692732][ T223] usb 7-1: config 0 descriptor?? [ 99.876997][ T4369] loop9: detected capacity change from 0 to 128 [ 99.885334][ T4369] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 99.893888][ T4369] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 99.906486][ T512] usb 7-1: USB disconnect, device number 8 [ 99.920166][ T4155] EXT4-fs (loop9): unmounting filesystem. [ 100.065223][ T4382] loop8: detected capacity change from 0 to 256 [ 100.109394][ T4386] loop8: detected capacity change from 0 to 2048 [ 100.121620][ T4386] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 100.133147][ T24] cdc_ncm 5-1:1.0: bind() failure [ 100.145517][ T24] cdc_ncm: probe of 5-1:1.1 failed with error -71 [ 100.159588][ T24] cdc_mbim: probe of 5-1:1.1 failed with error -71 [ 100.166878][ T24] usb 5-1: USB disconnect, device number 5 [ 100.167400][ T4054] EXT4-fs (loop8): unmounting filesystem. [ 100.245073][ T4403] loop9: detected capacity change from 0 to 512 [ 100.252420][ T4403] EXT4-fs (loop9): Test dummy encryption mode enabled [ 100.259032][ T4403] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 100.271353][ T4403] EXT4-fs error (device loop9): ext4_xattr_ibody_find:2186: inode #17: comm syz.9.1708: corrupted in-inode xattr [ 100.283713][ T4403] EXT4-fs error (device loop9): ext4_orphan_get:1405: comm syz.9.1708: couldn't read orphan inode 17 (err -117) [ 100.295782][ T4403] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 100.312786][ T4155] EXT4-fs (loop9): unmounting filesystem. [ 100.350909][ T4415] loop9: detected capacity change from 0 to 256 [ 100.424443][ T4419] loop6: detected capacity change from 0 to 128 [ 100.431031][ T4419] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 100.444348][ T4419] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 100.463696][ T1978] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 100.493147][ T4417] loop9: detected capacity change from 0 to 40427 [ 100.500266][ T4417] F2FS-fs (loop9): fault_injection options not supported [ 100.507810][ T4417] F2FS-fs (loop9): invalid crc value [ 100.514235][ T4417] F2FS-fs (loop9): Found nat_bits in checkpoint [ 100.549330][ T223] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 100.549353][ T4417] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 100.632603][ T4155] syz-executor: attempt to access beyond end of device [ 100.632603][ T4155] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 100.744447][ T223] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.755325][ T223] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.764911][ T223] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 100.777674][ T223] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 100.786584][ T223] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.800993][ T223] usb 9-1: config 0 descriptor?? [ 100.939330][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 100.960979][ T4456] loop3: detected capacity change from 0 to 128 [ 101.020742][ T4464] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.029979][ T4464] FAT-fs (loop7): unable to read boot sector [ 101.052706][ T4470] device veth1_macvtap left promiscuous mode [ 101.119313][ T24] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 101.180519][ T4468] loop4: detected capacity change from 0 to 40427 [ 101.187236][ T4468] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 101.193943][ T4468] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 101.204907][ T4468] F2FS-fs (loop4): Found nat_bits in checkpoint [ 101.209643][ T223] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 101.220081][ T223] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 101.248433][ T4468] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 101.255352][ T4468] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 101.282992][ T4313] syz-executor: attempt to access beyond end of device [ 101.282992][ T4313] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 101.330514][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.341796][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.351504][ T24] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 101.364277][ T24] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 101.373212][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.381792][ T24] usb 10-1: config 0 descriptor?? [ 101.490328][ T296] usb 9-1: USB disconnect, device number 5 [ 101.629420][ T28] kauditd_printk_skb: 1718 callbacks suppressed [ 101.629436][ T28] audit: type=1400 audit(1743473104.361:2388): avc: denied { setopt } for pid=4497 comm="syz.4.1748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 101.790171][ T24] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x3 [ 101.799523][ T24] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 101.808275][ T24] plantronics 0003:047F:FFFF.0012: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0 [ 102.071131][ T28] audit: type=1400 audit(1743473104.801:2389): avc: denied { write } for pid=4508 comm="syz.8.1763" name="001" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 102.095137][ T24] usb 10-1: USB disconnect, device number 3 [ 102.119501][ T4515] futex_wake_op: syz.8.1755 tries to shift op by -1; fix this program [ 102.138610][ T28] audit: type=1400 audit(1743473104.861:2390): avc: denied { getopt } for pid=4516 comm="syz.8.1756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 102.181115][ T4521] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 102.274613][ T4527] futex_wake_op: syz.8.1761 tries to shift op by -1; fix this program [ 102.327400][ T28] audit: type=1400 audit(1743473105.051:2391): avc: denied { create } for pid=4534 comm="syz.8.1766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 102.346865][ T296] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 102.350244][ T28] audit: type=1400 audit(1743473105.051:2392): avc: denied { getopt } for pid=4534 comm="syz.8.1766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 102.377238][ T4537] loop8: detected capacity change from 0 to 512 [ 102.391349][ T4537] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 102.400148][ T4537] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.422344][ T4054] EXT4-fs (loop8): unmounting filesystem. [ 102.436295][ T28] audit: type=1400 audit(1743473105.161:2393): avc: denied { create } for pid=4540 comm="syz.8.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 102.437590][ T4541] tipc: Started in network mode [ 102.456471][ T28] audit: type=1400 audit(1743473105.161:2394): avc: denied { write } for pid=4540 comm="syz.8.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 102.461563][ T4541] tipc: Node identity ac14140f, cluster identity 4711 [ 102.481433][ T28] audit: type=1400 audit(1743473105.161:2395): avc: denied { nlmsg_write } for pid=4540 comm="syz.8.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 102.488000][ T4541] tipc: New replicast peer: 255.255.255.255 [ 102.514017][ T4541] tipc: Enabled bearer , priority 10 [ 102.539379][ T45] Bluetooth: hci1: command 0x1003 tx timeout [ 102.539537][ T980] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 102.563192][ T296] usb 4-1: Using ep0 maxpacket: 32 [ 102.576565][ T296] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 102.588942][ T296] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 102.597455][ T296] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 102.615906][ T296] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 102.644594][ T4554] loop8: detected capacity change from 0 to 1024 [ 102.652473][ T4553] loop6: detected capacity change from 0 to 2048 [ 102.652754][ T296] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 102.668402][ T4554] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.668457][ T296] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 102.692525][ T296] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 102.701440][ T296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.710873][ T296] usb 4-1: config 0 descriptor?? [ 102.722440][ T4554] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 102.734431][ T28] audit: type=1400 audit(1743473105.461:2396): avc: denied { read write } for pid=4551 comm="syz.8.1774" name="file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 102.735415][ T4554] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 102.756979][ T28] audit: type=1400 audit(1743473105.461:2397): avc: denied { open } for pid=4551 comm="syz.8.1774" path="/57/file1/file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 102.775012][ T4554] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 102.796307][ T4553] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 102.806765][ T4554] EXT4-fs (loop8): This should not happen!! Data will be lost [ 102.806765][ T4554] [ 102.815234][ T4553] ext4 filesystem being mounted at /206/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.834986][ T4554] EXT4-fs (loop8): Total free blocks count 0 [ 102.840890][ T4554] EXT4-fs (loop8): Free/Dirty block details [ 102.846999][ T4554] EXT4-fs (loop8): free_blocks=20480 [ 102.852368][ T4554] EXT4-fs (loop8): dirty_blocks=16 [ 102.857519][ T4554] EXT4-fs (loop8): Block reservation details [ 102.863509][ T4554] EXT4-fs (loop8): i_reserved_data_blocks=1 [ 102.876529][ T6] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 102.891047][ T2187] EXT4-fs (loop6): unmounting filesystem. [ 102.918251][ T296] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 102.938735][ T4054] EXT4-fs (loop8): unmounting filesystem. [ 103.001124][ T4054] ------------[ cut here ]------------ [ 103.006427][ T4054] WARNING: CPU: 1 PID: 4054 at fs/inode.c:332 drop_nlink+0xc1/0x110 [ 103.014407][ T4054] Modules linked in: [ 103.018126][ T4054] CPU: 1 PID: 4054 Comm: syz-executor Not tainted 6.1.129-syzkaller-00053-gdf2dac406f15 #0 [ 103.028160][ T4054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 103.038168][ T4054] RIP: 0010:drop_nlink+0xc1/0x110 [ 103.043100][ T4054] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 57 d0 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2f 21 a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 103.060520][ T6] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.062575][ T4054] RSP: 0018:ffffc9000158fbf0 EFLAGS: 00010293 [ 103.073515][ T6] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 93, changing to 10 [ 103.079035][ T4054] RAX: ffffffff81cd7661 RBX: 0000000000000000 RCX: ffff88810bb70000 [ 103.090071][ T6] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 50824, setting to 1024 [ 103.097703][ T4054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.109040][ T6] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 103.116985][ T4054] RBP: ffffc9000158fc18 R08: ffffffff81cd75e4 R09: 0000000000000003 [ 103.134195][ T4054] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 103.142034][ T4054] R13: 1ffff110224fceb7 R14: ffff8881127e7570 R15: ffff8881127e75b8 [ 103.149808][ T4054] FS: 0000555562a86500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 103.158543][ T4054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.160393][ T512] usb 4-1: USB disconnect, device number 11 [ 103.164994][ T4054] CR2: 0000555562aa94e8 CR3: 000000011d924000 CR4: 00000000003506a0 [ 103.172105][ T6] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 103.178509][ T4054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 103.188000][ T512] usblp0: removed [ 103.195196][ T4054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 103.198799][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.206480][ T4054] Call Trace: [ 103.206491][ T4054] [ 103.215795][ T6] usb 5-1: Product: syz [ 103.217390][ T4054] ? show_regs+0x58/0x60 [ 103.220195][ T6] usb 5-1: Manufacturer: syz [ 103.220211][ T6] usb 5-1: SerialNumber: syz [ 103.224158][ T4054] ? __warn+0x160/0x3d0 [ 103.241103][ T4054] ? drop_nlink+0xc1/0x110 [ 103.245340][ T4054] ? report_bug+0x4d5/0x7d0 [ 103.249693][ T4054] ? drop_nlink+0xc1/0x110 [ 103.253931][ T4054] ? handle_bug+0x41/0x70 [ 103.258095][ T4054] ? exc_invalid_op+0x1b/0x50 [ 103.262761][ T4054] ? asm_exc_invalid_op+0x1b/0x20 [ 103.267634][ T4054] ? drop_nlink+0x44/0x110 [ 103.271959][ T4054] ? drop_nlink+0xc1/0x110 [ 103.276127][ T4054] ? drop_nlink+0xc1/0x110 [ 103.280422][ T4054] shmem_rmdir+0x59/0x90 [ 103.284465][ T4054] vfs_rmdir+0x398/0x500 [ 103.288627][ T4054] incfs_kill_sb+0x113/0x230 [ 103.293078][ T4054] deactivate_locked_super+0xad/0x110 [ 103.298265][ T4054] deactivate_super+0xbe/0xf0 [ 103.302795][ T4054] cleanup_mnt+0x485/0x510 [ 103.307029][ T4054] ? user_path_at_empty+0x14e/0x1a0 [ 103.312168][ T4054] __cleanup_mnt+0x19/0x20 [ 103.316400][ T4054] task_work_run+0x24d/0x2e0 [ 103.319352][ T296] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 103.320849][ T4054] ? task_work_cancel+0x2e0/0x2e0 [ 103.333093][ T4054] ? __x64_sys_umount+0x122/0x170 [ 103.337931][ T4054] exit_to_user_mode_loop+0x94/0xa0 [ 103.342995][ T4054] exit_to_user_mode_prepare+0x5a/0xa0 [ 103.348255][ T4054] syscall_exit_to_user_mode+0x26/0x130 [ 103.353664][ T4054] do_syscall_64+0x47/0xb0 [ 103.357887][ T4054] ? clear_bhb_loop+0x55/0xb0 [ 103.362430][ T4054] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 103.368141][ T4054] RIP: 0033:0x7ff9bed8e497 [ 103.372397][ T4054] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 103.391939][ T4054] RSP: 002b:00007fffcdf2b738 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 103.400186][ T4054] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff9bed8e497 [ 103.407965][ T4054] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf2b7f0 [ 103.415811][ T4054] RBP: 00007fffcdf2b7f0 R08: 0000000000000000 R09: 0000000000000000 [ 103.423708][ T4054] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffcdf2c880 [ 103.431596][ T4054] R13: 00007ff9bee0e08c R14: 000000000001923b R15: 00007fffcdf2c8c0 [ 103.431675][ T4547] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 103.439354][ T4054] [ 103.446510][ T4547] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 103.449120][ T4054] ---[ end trace 0000000000000000 ]--- [ 103.461801][ T4054] ================================================================== [ 103.469687][ T4054] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 103.475760][ T4054] Write of size 4 at addr 0000000000000170 by task syz-executor/4054 [ 103.484232][ T4054] [ 103.486406][ T4054] CPU: 1 PID: 4054 Comm: syz-executor Tainted: G W 6.1.129-syzkaller-00053-gdf2dac406f15 #0 [ 103.497675][ T4054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 103.500485][ T296] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.507571][ T4054] Call Trace: [ 103.507582][ T4054] [ 103.507591][ T4054] dump_stack_lvl+0x151/0x1b7 [ 103.507624][ T4054] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 103.518678][ T296] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.521365][ T4054] ? _printk+0xd1/0x111 [ 103.521396][ T4054] print_report+0xe1/0x4e0 [ 103.524195][ T296] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 103.528656][ T4054] ? __virt_addr_valid+0x59/0x2f0 [ 103.528691][ T4054] ? kasan_addr_to_slab+0xd/0x80 [ 103.534150][ T296] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 103.543502][ T4054] ? ihold+0x20/0x60 [ 103.543531][ T4054] kasan_report+0x13c/0x170 [ 103.543563][ T4054] ? ihold+0x20/0x60 [ 103.547702][ T296] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.551747][ T4054] kasan_check_range+0x294/0x2a0 [ 103.551783][ T4054] __kasan_check_write+0x14/0x20 [ 103.565743][ T296] usb 7-1: config 0 descriptor?? [ 103.569279][ T4054] ihold+0x20/0x60 [ 103.569308][ T4054] vfs_rmdir+0x268/0x500 [ 103.624696][ T4054] incfs_kill_sb+0x113/0x230 [ 103.629124][ T4054] deactivate_locked_super+0xad/0x110 [ 103.629338][ T512] tipc: Node number set to 2886997007 [ 103.634326][ T4054] deactivate_super+0xbe/0xf0 [ 103.634353][ T4054] cleanup_mnt+0x485/0x510 [ 103.648693][ T4054] ? user_path_at_empty+0x14e/0x1a0 [ 103.653726][ T4054] __cleanup_mnt+0x19/0x20 [ 103.657989][ T4054] task_work_run+0x24d/0x2e0 [ 103.662402][ T4054] ? task_work_cancel+0x2e0/0x2e0 [ 103.667386][ T4054] ? __x64_sys_umount+0x122/0x170 [ 103.672249][ T4054] exit_to_user_mode_loop+0x94/0xa0 [ 103.677805][ T4054] exit_to_user_mode_prepare+0x5a/0xa0 [ 103.683139][ T4054] syscall_exit_to_user_mode+0x26/0x130 [ 103.688476][ T4054] do_syscall_64+0x47/0xb0 [ 103.692727][ T4054] ? clear_bhb_loop+0x55/0xb0 [ 103.697240][ T4054] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 103.702969][ T4054] RIP: 0033:0x7ff9bed8e497 [ 103.707222][ T4054] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 103.726664][ T4054] RSP: 002b:00007fffcdf2b738 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 103.734911][ T4054] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff9bed8e497 [ 103.742719][ T4054] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf2b7f0 [ 103.750534][ T4054] RBP: 00007fffcdf2b7f0 R08: 0000000000000000 R09: 0000000000000000 [ 103.758342][ T4054] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffcdf2c880 [ 103.766154][ T4054] R13: 00007ff9bee0e08c R14: 000000000001923b R15: 00007fffcdf2c8c0 [ 103.773969][ T4054] [ 103.776928][ T4054] ================================================================== [ 103.785511][ T4054] Disabling lock debugging due to kernel taint [ 103.791858][ T4054] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 103.799484][ T4054] #PF: supervisor write access in kernel mode [ 103.805469][ T4054] #PF: error_code(0x0002) - not-present page [ 103.811290][ T4054] PGD 1302d6067 P4D 1302d6067 PUD 0 [ 103.816407][ T4054] Oops: 0002 [#1] PREEMPT SMP KASAN [ 103.821441][ T4054] CPU: 0 PID: 4054 Comm: syz-executor Tainted: G B W 6.1.129-syzkaller-00053-gdf2dac406f15 #0 [ 103.832728][ T4054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 103.842619][ T4054] RIP: 0010:ihold+0x25/0x60 [ 103.846957][ T4054] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 01 19 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 00 c8 ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 84 1c a8 [ 103.866494][ T4054] RSP: 0018:ffffc9000158fc30 EFLAGS: 00010246 [ 103.872407][ T4054] RAX: ffff88810bb70000 RBX: 0000000000000001 RCX: ffff88810bb70000 [ 103.880304][ T4054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 103.888112][ T4054] RBP: ffffc9000158fc40 R08: ffffffff8144b443 R09: fffffbfff0f6e8fd [ 103.895934][ T4054] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11024055547 [ 103.903735][ T4054] R13: ffff88810fafbbb0 R14: 0000000000000000 R15: 1ffff11021f5f77c [ 103.911543][ T4054] FS: 0000555562a86500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 103.920315][ T4054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.926740][ T4054] CR2: 0000000000000170 CR3: 000000011d924000 CR4: 00000000003506b0 [ 103.934548][ T4054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 103.942356][ T4054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 103.950165][ T4054] Call Trace: [ 103.953309][ T4054] [ 103.956070][ T4054] ? __die_body+0x62/0xb0 [ 103.960234][ T4054] ? __die+0x7e/0x90 [ 103.963987][ T4054] ? page_fault_oops+0x7f9/0xa90 [ 103.968740][ T4054] ? vprintk_default+0x26/0x30 [ 103.973347][ T4054] ? kernelmode_fixup_or_oops+0xd0/0xd0 [ 103.978918][ T4054] ? add_taint+0x44/0xe0 [ 103.982992][ T4054] ? panic+0x667/0x667 [ 103.986898][ T4054] ? preempt_schedule_thunk+0x16/0x18 [ 103.992111][ T4054] ? exc_page_fault+0x529/0x6d0 [ 103.996801][ T4054] ? asm_exc_page_fault+0x27/0x30 [ 104.001658][ T4054] ? add_taint+0x93/0xe0 [ 104.005730][ T4054] ? ihold+0x25/0x60 [ 104.009483][ T4054] vfs_rmdir+0x268/0x500 [ 104.013642][ T4054] incfs_kill_sb+0x113/0x230 [ 104.018058][ T4054] deactivate_locked_super+0xad/0x110 [ 104.023268][ T4054] deactivate_super+0xbe/0xf0 [ 104.027776][ T4054] cleanup_mnt+0x485/0x510 [ 104.032028][ T4054] ? user_path_at_empty+0x14e/0x1a0 [ 104.037062][ T4054] __cleanup_mnt+0x19/0x20 [ 104.041316][ T4054] task_work_run+0x24d/0x2e0 [ 104.045741][ T4054] ? task_work_cancel+0x2e0/0x2e0 [ 104.050624][ T4054] ? __x64_sys_umount+0x122/0x170 [ 104.055464][ T4054] exit_to_user_mode_loop+0x94/0xa0 [ 104.060497][ T4054] exit_to_user_mode_prepare+0x5a/0xa0 [ 104.065790][ T4054] syscall_exit_to_user_mode+0x26/0x130 [ 104.071310][ T4054] do_syscall_64+0x47/0xb0 [ 104.075565][ T4054] ? clear_bhb_loop+0x55/0xb0 [ 104.080064][ T4054] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 104.085790][ T4054] RIP: 0033:0x7ff9bed8e497 [ 104.090042][ T4054] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 104.109487][ T4054] RSP: 002b:00007fffcdf2b738 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 104.117730][ T4054] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff9bed8e497 [ 104.125541][ T4054] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffcdf2b7f0 [ 104.133352][ T4054] RBP: 00007fffcdf2b7f0 R08: 0000000000000000 R09: 0000000000000000 [ 104.141161][ T4054] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffcdf2c880 [ 104.148980][ T4054] R13: 00007ff9bee0e08c R14: 000000000001923b R15: 00007fffcdf2c8c0 [ 104.156790][ T4054] [ 104.159649][ T4054] Modules linked in: [ 104.163395][ T4054] CR2: 0000000000000170 [ 104.167381][ T4054] ---[ end trace 0000000000000000 ]--- [ 104.172668][ T4054] RIP: 0010:ihold+0x25/0x60 [ 104.177007][ T4054] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 01 19 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 00 c8 ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 84 1c a8 [ 104.196451][ T4054] RSP: 0018:ffffc9000158fc30 EFLAGS: 00010246 [ 104.202353][ T4054] RAX: ffff88810bb70000 RBX: 0000000000000001 RCX: ffff88810bb70000 [ 104.210161][ T4054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.217973][ T4054] RBP: ffffc9000158fc40 R08: ffffffff8144b443 R09: fffffbfff0f6e8fd [ 104.225785][ T4054] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11024055547 [ 104.233597][ T4054] R13: ffff88810fafbbb0 R14: 0000000000000000 R15: 1ffff11021f5f77c [ 104.241410][ T4054] FS: 0000555562a86500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 104.250181][ T4054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.256601][ T4054] CR2: 0000000000000170 CR3: 000000011d924000 CR4: 00000000003506b0 [ 104.264413][ T4054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 104.272220][ T4054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 104.280152][ T4054] Kernel panic - not syncing: Fatal exception [ 104.286389][ T4054] Kernel Offset: disabled [ 104.290527][ T4054] Rebooting in 86400 seconds..