last executing test programs: 56.112593595s ago: executing program 0 (id=93): syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x1208000, 0x0, 0x1, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=']) 56.045700765s ago: executing program 0 (id=94): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) setuid(0x0) 56.045242315s ago: executing program 0 (id=96): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="757466383d302c73686f72746e616d653d77696e6e742c636f6465706167653d3835322c636865636b3d7374726963742c757466383d302c73686f72746e616d653d6c6f7765722c696f636861727365743d6d6163726f6d616e69616e2c666c7573682c0057dbc4f54068e6fa553806ae9bdd1d3a5e0b815b72599bac9f4c969b04000000e340ac78821fa713677269495ed12ba3f77d466c43a7a6de5466212ca64786142403c213165e21b855a696e840dda2217bd4d4a9cad2e21a1836125e93479ca0f014ef248a6b054df5a81bdd05c8183a2723b2df55c6bf146eb39cde7c7e37065a9d8a805fbb10018ef2890fa88f4baa594784de4d928c7b702d4889ea868923628546234c931a33e1f7100a7cab28fb3d632fff0584849bb51dbf"], 0x1, 0x21a, &(0x7f00000005c0)="$eJzs3bFqU1EYB/CvttVSkGQQiiJ4xcUptBX3FqkgBhQlg04W26I0sWAg0A6tTr6EvoKOroKDuPoCIkgVXOyWQbhSb2xsSdtITW8xv9+SD+7533O+Q0hIICf3ztYW55bqCxsb6zEyMhBDUzEVzYEoxrEYjMyTAAD+J800je9pJu+1AACHo5mmRe//ANBfuvz8f/MQlwQA9Jjv/wGg/9y+c/f6dLk8cytJRiJqzxqVRiV7zK5PL8TDqMZ8jEchfkSkW7L66rXyzHiy6UsxKrW1Vn6tURncnp+IQhQ75yeSzPb8cIy28h9HYz4moxCnOucnO+aPx8ULf8xfikJ8uB9LUY252My286sTSXLlRnlH/sSvcQAAAAAAAAAAAAAAAAAAAAAA0AulZEvH83tKpd2uZ/nuzwfaeT7PUJwZyrd3AAAAAAAAAAAAAAAAAAAAOCrqyyuLs9Xq/OO9ikfvX77db0yXxUBr3oPe5+DFyfOfn+8+5unf7M+/Ld6cy3NbuizerT84fak+dvmorGd5ZXF4r6fWt0JEj2Z/lWvvv7ved/DYi6nZ16ufvnZ75xxejAAAAAAAAAAAAAAAAAAAoM+1f/Sb90oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/t///vXZF3jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DMAAP//1jmg1w==") mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x40, 0x4000) 56.029651985s ago: executing program 0 (id=98): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') link(&(0x7f0000000280)='./file1\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 55.752050159s ago: executing program 0 (id=111): syz_read_part_table(0x5d4, &(0x7f0000000000)="$eJzs279rW1cUB/AjxcI0GbJkyuRkaKFkScgYQZMgKQkJCDVeQgsJJIQ0mhQIKFRgSIZEQ0I0GI9ejEGLf0yWRXEXGxs8G9PBYPBgKC32UvBiFdu3S4fiYplS+Hzgcbj3fu877/wBL/hfy8bvvV4vExG9wcONb/6e6P3D7eF2oXh3qHyz8jAiEz9ExK9DX/10cJL56/bRW+NyWm+k9cT42e6H3Tu59i/f/vHl48VmNp2PlLIxEhHnJjvDfRuSUzOVXzr/9l2t9LGef7Feamy9X1t9ML1TqHTuN1sz93K3n6bccqoDqb6KeryJl/EkqlGNZ1HrU/+x9ubV/Yul9tzzG3vF7qeFaylXjogzJ5z1OP1fX/r8qNW4dWX2wuj1+vxKZfuwaS+qg6fQHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvpvKL51/+65W+ljPv1gvNbber60+mN4pVDr3m62Ze7nbT1NuOdWBVF9FPd7Ey3gS1cjEs6j1qf9Ye/Pq/sVSe+75jb1i99PCtZQrn3DO4/Z/fenzo1bj1pXZC6PX6/Mrle0zR7nq4Cl9AAAAAAAAAAAAAAAAAAAAAEREoXh3qHyz8jAiE9/FQHz924/Zg/1e+t89E/H9zxFxOeU30v7E+Nnuh907ufbB4vFi84t0PpKec5Od4f9gHP6lPwMAAP//+g2V7g==") r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'veth1_virt_wifi\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x17, r1, 0x1, 0x8, 0x6, @random="6ffc5a57a12b"}, 0x14) sendmsg$unix(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c}}], 0x30, 0x4060011}, 0x2010) 55.215052697s ago: executing program 0 (id=115): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f000006"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 55.146044998s ago: executing program 32 (id=115): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f000006"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 52.595040923s ago: executing program 5 (id=161): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000180), 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r2, 0x1, 0x0, 0xfffffffd, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x54}}, 0x0) 52.557491083s ago: executing program 5 (id=162): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000180)=0xfffffff7, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) 52.548988673s ago: executing program 5 (id=163): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000100)=""/55, 0x37}], 0x1) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) 52.484883295s ago: executing program 5 (id=164): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') link(&(0x7f0000000280)='./file1\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 52.358712246s ago: executing program 5 (id=165): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d2407010604000000000000e90924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000400)={0x40, 0x0, 0x5, "e676a44203"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f00000002c0)={0x0, 0xf, 0x1, "e9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 51.836899733s ago: executing program 5 (id=176): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) r1 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x2000200b}) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}]) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778) 51.788905314s ago: executing program 33 (id=176): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) r1 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x2000200b}) io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}]) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778) 2.046846222s ago: executing program 4 (id=1578): r0 = epoll_create1(0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) epoll_pwait(r0, &(0x7f0000000240)=[{}], 0x1, 0x7fffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000001c0)={0x1}) 1.970571653s ago: executing program 4 (id=1585): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) move_mount(r0, &(0x7f00000000c0)='./file0\x00', r1, &(0x7f0000000180)='./file0\x00', 0x154) 1.970077263s ago: executing program 4 (id=1586): r0 = gettid() timer_create(0x0, &(0x7f00000001c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0x2) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 1.358277862s ago: executing program 1 (id=1613): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000200000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.321692012s ago: executing program 1 (id=1614): symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) 1.320960682s ago: executing program 1 (id=1615): setresuid(0xee01, 0x0, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000040), 0x0) syz_clone(0x44200400, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee01) execve(&(0x7f0000000040)='./file0/file0/..\x00', 0x0, 0x0) 1.281215043s ago: executing program 1 (id=1617): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r1}, 0x10) timer_create(0xb, 0x0, &(0x7f0000001640)=0x0) timer_gettime(r2, &(0x7f0000001680)) 1.269356163s ago: executing program 1 (id=1618): r0 = gettid() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x4, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) tkill(r0, 0x12) 1.254501303s ago: executing program 1 (id=1620): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000002540)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x9, "83c5b03b"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x2, @lang_id={0x0, 0x3, 0x423}}, 0x0, 0x0}, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="000372"]}, 0x0) 1.118934565s ago: executing program 4 (id=1621): unshare(0x62040200) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010"], 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r0, @ANYBLOB="140001"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) 1.010766996s ago: executing program 2 (id=1622): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000080)=0xfffffff7, 0x4) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@filter={'filter\x00', 0x2, 0x4, 0x340, 0xffffffff, 0x0, 0xd0, 0x0, 0xfeffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [0x0, 0xffffffff], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7, 0x8}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [0x0, 0xffffffff], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x97, 0x3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0) 1.000475027s ago: executing program 2 (id=1623): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 557.715693ms ago: executing program 6 (id=1630): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) getrlimit(0x4, 0x0) 557.483853ms ago: executing program 6 (id=1632): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000c, 0x10012, r1, 0x0) capget(0x0, 0x0) 534.482323ms ago: executing program 6 (id=1633): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 509.573453ms ago: executing program 6 (id=1634): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) msync(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4) 468.285643ms ago: executing program 6 (id=1636): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000002c0)) close(0x3) 452.953484ms ago: executing program 6 (id=1638): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGDEVINFO(r1, 0x801c4803, &(0x7f0000000000)=""/215) 176.866088ms ago: executing program 3 (id=1648): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@private0={0xfc, 0x0, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x37}, 0x2, 0xb, 0x0, 0x100, 0x4, 0x4020000, r2}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @private0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x180107, r2}) 165.314738ms ago: executing program 3 (id=1649): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 138.495588ms ago: executing program 2 (id=1650): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) inotify_rm_watch(0xffffffffffffffff, 0x0) 125.648149ms ago: executing program 2 (id=1651): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 88.797059ms ago: executing program 2 (id=1652): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000000000008d04000000f4ffff7e"]) 81.154249ms ago: executing program 4 (id=1653): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000015f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) keyctl$set_reqkey_keyring(0xe, 0x1) 69.996389ms ago: executing program 3 (id=1654): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x80, 0xb2}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x40800) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6}]}}}]}, 0x3c}}, 0x0) 64.381859ms ago: executing program 4 (id=1655): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000440)=""/250, 0xfa}], 0x1}, 0x0) 41.5726ms ago: executing program 3 (id=1656): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0xf0, &(0x7f0000001b40)={&(0x7f0000000480)={0x1c, r1, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117, 0x56}, @void, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) 27.27039ms ago: executing program 3 (id=1657): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fdffffff0c0000000c00018008000100", @ANYRES32=r3, @ANYBLOB="3c000380380003800c000180080001000600000028000180080002002d5e7d0008000100041b0000040003000800010006000000060002"], 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x0) 13.40165ms ago: executing program 3 (id=1658): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10) syz_io_uring_setup(0x10e, &(0x7f00000003c0)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) 0s ago: executing program 2 (id=1659): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): 171] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.360: bg 0: block 408: padding at end of block bitmap is not set [ 38.808838][ T28] audit: type=1400 audit(1746802085.339:431): avc: denied { create } for pid=1128 comm="syz.4.344" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 38.843682][ T28] audit: type=1400 audit(1746802085.389:432): avc: denied { remove_name } for pid=1128 comm="syz.4.344" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 38.866262][ T28] audit: type=1400 audit(1746802085.389:433): avc: denied { rename } for pid=1128 comm="syz.4.344" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 38.897603][ T28] audit: type=1400 audit(1746802085.389:434): avc: denied { reparent } for pid=1128 comm="syz.4.344" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 38.931100][ T286] EXT4-fs (loop3): unmounting filesystem. [ 38.993205][ T1192] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 39.027687][ T1192] FAT-fs (loop7): unable to read boot sector [ 39.042323][ T1196] loop1: detected capacity change from 0 to 512 [ 39.127028][ T1196] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.371: inode #1: comm syz.1.371: iget: illegal inode # [ 39.144083][ T1207] netlink: 8 bytes leftover after parsing attributes in process `syz.6.375'. [ 39.155504][ T1196] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.371: error while reading EA inode 1 err=-117 [ 39.168085][ T1196] EXT4-fs (loop1): 1 orphan inode deleted [ 39.174064][ T1196] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 39.240110][ T1218] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 39.259804][ T1218] FAT-fs (loop9): unable to read boot sector [ 39.285389][ T1226] loop4: detected capacity change from 0 to 128 [ 39.306040][ T1226] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 39.318934][ T1226] ext4 filesystem being mounted at /78/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 39.319159][ T282] EXT4-fs (loop1): unmounting filesystem. [ 39.355564][ T288] EXT4-fs (loop4): unmounting filesystem. [ 39.355833][ T1232] binder: 1230:1232 ioctl c00c620f 0 returned -14 [ 39.418558][ T1243] netlink: 'syz.3.391': attribute type 8 has an invalid length. [ 39.502816][ T1256] loop4: detected capacity change from 0 to 512 [ 39.519081][ T1256] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.398: inode #1: comm syz.4.398: iget: illegal inode # [ 39.534013][ T1256] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.398: error while reading EA inode 1 err=-117 [ 39.549504][ T1256] EXT4-fs (loop4): 1 orphan inode deleted [ 39.555273][ T1256] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 39.649528][ T288] EXT4-fs (loop4): unmounting filesystem. [ 39.842075][ T1300] xt_hashlimit: max too large, truncated to 1048576 [ 39.937481][ T1308] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 39.984186][ T1313] netlink: 8 bytes leftover after parsing attributes in process `syz.3.422'. [ 40.099295][ T1306] loop6: detected capacity change from 0 to 40427 [ 40.106630][ T1306] F2FS-fs (loop6): fault_type options not supported [ 40.118659][ T1306] F2FS-fs (loop6): invalid crc value [ 40.142958][ T1306] F2FS-fs (loop6): Found nat_bits in checkpoint [ 40.260491][ T1306] F2FS-fs (loop6): Start checkpoint disabled! [ 40.273270][ T1340] futex_wake_op: syz.1.435 tries to shift op by -1; fix this program [ 40.303825][ T1306] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 40.385016][ T1351] loop4: detected capacity change from 0 to 512 [ 40.392100][ T1351] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.427173][ T8] kworker/u4:0: attempt to access beyond end of device [ 40.427173][ T8] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 40.528994][ T1351] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 40.538021][ T1351] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.569563][ T288] EXT4-fs (loop4): unmounting filesystem. [ 40.589139][ T1371] loop4: detected capacity change from 0 to 512 [ 40.595899][ T1371] EXT4-fs: Ignoring removed orlov option [ 40.619666][ T1371] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.448: casefold flag without casefold feature [ 40.632694][ T1371] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.448: couldn't read orphan inode 15 (err -117) [ 40.645016][ T1371] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 40.680846][ T288] EXT4-fs (loop4): unmounting filesystem. [ 40.705869][ T1379] xt_hashlimit: size too large, truncated to 1048576 [ 40.766097][ T1388] netlink: 28 bytes leftover after parsing attributes in process `syz.1.453'. [ 41.106164][ T1403] loop4: detected capacity change from 0 to 40427 [ 41.116934][ T1403] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 41.127573][ T1403] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 41.127720][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 41.143492][ T1403] F2FS-fs (loop4): invalid crc value [ 41.163111][ T1403] F2FS-fs (loop4): Found nat_bits in checkpoint [ 41.230786][ T1420] loop1: detected capacity change from 0 to 256 [ 41.237441][ T1403] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 41.245655][ T1403] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 41.274106][ T1420] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 41.298544][ T1403] syz.4.463: attempt to access beyond end of device [ 41.298544][ T1403] loop4: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 41.320128][ T1403] syz.4.463: attempt to access beyond end of device [ 41.320128][ T1403] loop4: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 41.338666][ T1420] exFAT-fs (loop1): hint_cluster is invalid (17) [ 41.344739][ T1403] F2FS-fs (loop4): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 41.345035][ T1403] F2FS-fs (loop4): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 41.367137][ T1420] exFAT-fs (loop1): error, broken FAT chain. [ 41.384366][ T6] usb 4-1: config 0 interface 0 has no altsetting 0 [ 41.389456][ T1420] exFAT-fs (loop1): Filesystem has been set read-only [ 41.398605][ T1420] exFAT-fs (loop1): error, failed to bmap (inode : ffff88811854fa90 iblock : 8, err : -5) [ 41.399124][ T6] usb 4-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00 [ 41.438162][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.456828][ T6] usb 4-1: config 0 descriptor?? [ 41.638451][ T1438] loop2: detected capacity change from 0 to 8192 [ 41.645914][ T1438] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.659038][ T1440] loop6: detected capacity change from 0 to 2048 [ 41.687274][ T1440] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 41.706425][ T1440] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 41.746415][ T764] EXT4-fs (loop6): unmounting filesystem. [ 41.868119][ T1460] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 41.887060][ T6] microsoft 0003:045E:00F9.0006: hidraw0: USB HID v0.02 Device [HID 045e:00f9] on usb-dummy_hcd.3-1/input0 [ 42.325858][ T1462] loop1: detected capacity change from 0 to 131072 [ 42.333419][ T6] microsoft 0003:045E:00F9.0006: no inputs found [ 42.340597][ T6] microsoft 0003:045E:00F9.0006: could not initialize ff, continuing anyway [ 42.349369][ T1462] F2FS-fs (loop1): invalid crc value [ 42.360955][ T6] usb 4-1: USB disconnect, device number 3 [ 42.370663][ T1477] loop4: detected capacity change from 0 to 128 [ 42.383367][ T1484] fido_id[1484]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 42.420648][ T1462] F2FS-fs (loop1): Found nat_bits in checkpoint [ 42.467718][ T1462] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 42.548543][ T1506] SELinux: Context system_u:object_r:man_t:s0 is not valid (left unmapped). [ 42.952538][ T1555] syz.4.526 (1555) used greatest stack depth: 19936 bytes left [ 43.218915][ T1571] loop6: detected capacity change from 0 to 40427 [ 43.238364][ T1571] F2FS-fs (loop6): Invalid SB checksum offset: 0 [ 43.248936][ T1571] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock [ 43.273926][ T1571] F2FS-fs (loop6): invalid crc value [ 43.300918][ T1589] loop4: detected capacity change from 0 to 128 [ 43.311332][ T1571] F2FS-fs (loop6): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 43.328507][ T1589] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 43.337321][ T1589] ext4 filesystem being mounted at /129/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 43.346983][ T1571] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0 [ 43.376733][ T1571] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 43.403375][ T1589] process 'syz.4.539' launched './file1' with NULL argv: empty string added [ 43.413096][ T764] syz-executor: attempt to access beyond end of device [ 43.413096][ T764] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 43.434415][ T288] EXT4-fs (loop4): unmounting filesystem. [ 43.457851][ T1599] loop4: detected capacity change from 0 to 512 [ 43.468091][ T1599] EXT4-fs: Ignoring removed nobh option [ 43.493909][ T1599] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 43.510145][ T1599] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.542: invalid indirect mapped block 2683928664 (level 1) [ 43.526717][ T1599] EXT4-fs (loop4): 1 truncate cleaned up [ 43.536177][ T1599] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 43.548756][ T1599] EXT4-fs (loop4): unmounting filesystem. [ 43.773692][ T1637] loop2: detected capacity change from 0 to 256 [ 43.834407][ T1641] loop3: detected capacity change from 0 to 1024 [ 43.847875][ T1641] EXT4-fs: Ignoring removed nobh option [ 43.857919][ T1641] EXT4-fs: Ignoring removed bh option [ 43.869665][ T1641] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 43.914179][ T1641] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 43.933168][ T1647] futex_wake_op: syz.2.562 tries to shift op by -1; fix this program [ 43.950356][ T28] kauditd_printk_skb: 99 callbacks suppressed [ 43.950372][ T28] audit: type=1400 audit(1746802090.629:534): avc: denied { read } for pid=1640 comm="syz.3.561" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 43.951247][ T1641] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3841: comm syz.3.561: Allocating blocks 385-513 which overlap fs metadata [ 44.009560][ T1641] EXT4-fs (loop3): pa ffff88811843ff18: logic 16, phys. 129, len 24 [ 44.017662][ T1641] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 44.106337][ T286] EXT4-fs (loop3): unmounting filesystem. [ 44.136528][ T28] audit: type=1400 audit(1746802090.809:535): avc: denied { ioctl } for pid=1660 comm="syz.1.567" path="socket:[22405]" dev="sockfs" ino=22405 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 44.161823][ T1664] loop3: detected capacity change from 0 to 512 [ 44.168824][ T1664] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 44.177302][ T1664] EXT4-fs (loop3): invalid journal inode [ 44.183140][ T1664] EXT4-fs (loop3): can't get journal size [ 44.190481][ T1664] EXT4-fs (loop3): 1 truncate cleaned up [ 44.196131][ T1664] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 44.210526][ T28] audit: type=1400 audit(1746802090.889:536): avc: denied { create } for pid=1662 comm="syz.3.570" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 44.252662][ T28] audit: type=1400 audit(1746802090.889:537): avc: denied { create } for pid=1662 comm="syz.3.570" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 44.294825][ T28] audit: type=1400 audit(1746802090.889:538): avc: denied { link } for pid=1662 comm="syz.3.570" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 44.338486][ T286] EXT4-fs (loop3): unmounting filesystem. [ 44.357604][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 44.361918][ T1670] loop3: detected capacity change from 0 to 2048 [ 44.391176][ T1670] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 44.408266][ T1670] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 44.434164][ T286] EXT4-fs (loop3): unmounting filesystem. [ 44.547645][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 44.555433][ T24] usb 3-1: config 0 has an invalid interface number: 63 but max is 0 [ 44.581718][ T24] usb 3-1: config 0 has no interface number 0 [ 44.593948][ T1687] netlink: 96 bytes leftover after parsing attributes in process `syz.3.578'. [ 44.594161][ T24] usb 3-1: New USB device found, idVendor=f65e, idProduct=3868, bcdDevice=c6.17 [ 44.621412][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.636651][ T24] usb 3-1: config 0 descriptor?? [ 44.641717][ T28] audit: type=1400 audit(1746802091.309:539): avc: denied { ioctl } for pid=1690 comm="syz.3.580" path="socket:[22499]" dev="sockfs" ino=22499 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 44.667805][ T24] usb-storage 3-1:0.63: USB Mass Storage device detected [ 44.729763][ T28] audit: type=1400 audit(1746802091.409:540): avc: denied { mounton } for pid=1704 comm="syz.6.587" path="/78/file0" dev="incremental-fs" ino=418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.766034][ T28] audit: type=1400 audit(1746802091.429:541): avc: denied { getattr } for pid=1704 comm="syz.6.587" name="/" dev="incremental-fs" ino=418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 44.805787][ T1711] loop6: detected capacity change from 0 to 1024 [ 44.820217][ T1711] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 44.829435][ T1711] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.841875][ T28] audit: type=1400 audit(1746802091.519:542): avc: denied { ioctl } for pid=1710 comm="syz.6.590" path="/80/file1/file1" dev="loop6" ino=15 ioctlcmd=0x6611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 44.867761][ T6] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 44.870894][ T24] usb 3-1: USB disconnect, device number 2 [ 44.876532][ T764] EXT4-fs (loop6): unmounting filesystem. [ 45.003719][ T1723] IPv6: sit1: Disabled Multicast RS [ 45.078728][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.080593][ T1727] loop6: detected capacity change from 0 to 16 [ 45.090005][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.103101][ T1727] erofs: (device loop6): mounted with root inode @ nid 36. [ 45.106063][ T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 45.126526][ T6] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 45.130222][ T1727] erofs: (device loop6): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 45.135651][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.145387][ T1727] syz.6.597: attempt to access beyond end of device [ 45.145387][ T1727] loop6: rw=0, sector=296, nr_sectors = 8 limit=16 [ 45.154632][ T6] usb 5-1: config 0 descriptor?? [ 45.171288][ T1727] erofs: (device loop6): z_erofs_read_folio: failed to read, err [-117] [ 45.180255][ T1727] erofs: (device loop6): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 45.189901][ T1728] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 45.199593][ T1728] erofs: (device loop6): z_erofs_read_folio: failed to read, err [-117] [ 45.423331][ T28] audit: type=1400 audit(1746802092.099:543): avc: denied { mount } for pid=1733 comm="syz.2.600" name="/" dev="ramfs" ino=21448 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 45.425315][ T1734] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 45.574720][ T6] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 45.584916][ T6] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 45.752361][ T1748] loop3: detected capacity change from 0 to 512 [ 45.761273][ T1748] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 45.769644][ T1748] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 45.781437][ T1748] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 45.792317][ T1748] EXT4-fs (loop3): 1 truncate cleaned up [ 45.798278][ T1748] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 45.810087][ T1748] fscrypt (loop3, inode 2): Error -61 getting encryption context [ 45.822921][ T286] EXT4-fs (loop3): unmounting filesystem. [ 46.117665][ T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 46.177608][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 46.226601][ T1774] netlink: 16 bytes leftover after parsing attributes in process `syz.1.618'. [ 46.307712][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 46.314667][ T6] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 46.323903][ T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 46.348903][ T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 46.365239][ T1788] loop1: detected capacity change from 0 to 1024 [ 46.372686][ T6] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 46.382774][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.391164][ T6] usb 4-1: Product: syz [ 46.395648][ T6] usb 4-1: Manufacturer: syz [ 46.401331][ T1788] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 46.409862][ T6] usb 4-1: SerialNumber: syz [ 46.422413][ T1788] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 46.437746][ T1788] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28 [ 46.451842][ T1788] EXT4-fs (loop1): This should not happen!! Data will be lost [ 46.451842][ T1788] [ 46.463640][ T1788] EXT4-fs (loop1): Total free blocks count 0 [ 46.469824][ T1788] EXT4-fs (loop1): Free/Dirty block details [ 46.476276][ T1788] EXT4-fs (loop1): free_blocks=68451041280 [ 46.482374][ T1788] EXT4-fs (loop1): dirty_blocks=64 [ 46.487927][ T1788] EXT4-fs (loop1): Block reservation details [ 46.493965][ T1788] EXT4-fs (loop1): i_reserved_data_blocks=4 [ 46.516361][ T282] EXT4-fs (loop1): unmounting filesystem. [ 46.688695][ T1797] loop2: detected capacity change from 0 to 40427 [ 46.695803][ T1797] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 46.704647][ T1797] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 46.714086][ T1797] F2FS-fs (loop2): invalid crc value [ 46.734802][ T1797] F2FS-fs (loop2): Found nat_bits in checkpoint [ 46.794314][ T1797] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 46.801537][ T1797] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 46.820867][ T6] usb 4-1: 0:2 : does not exist [ 46.840403][ T1823] TCP: TCP_TX_DELAY enabled [ 46.860604][ T1797] syz.2.628: attempt to access beyond end of device [ 46.860604][ T1797] loop2: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 46.874999][ T1797] syz.2.628: attempt to access beyond end of device [ 46.874999][ T1797] loop2: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 46.889971][ T1797] F2FS-fs (loop2): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 46.890004][ T1797] F2FS-fs (loop2): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 46.929907][ T1827] incfs: Options parsing error. -22 [ 46.946893][ T1827] incfs: mount failed -22 [ 46.992809][ T1833] loop1: detected capacity change from 0 to 512 [ 47.001159][ T1831] netlink: 'syz.2.642': attribute type 3 has an invalid length. [ 47.014119][ T1833] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 47.030216][ T1833] EXT4-fs (loop1): invalid journal inode [ 47.039785][ T1833] EXT4-fs (loop1): can't get journal size [ 47.058845][ T1833] EXT4-fs (loop1): 1 truncate cleaned up [ 47.064640][ T1833] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 47.065074][ T1841] loop6: detected capacity change from 0 to 1024 [ 47.083607][ T1841] EXT4-fs: Ignoring removed nobh option [ 47.093025][ T1841] EXT4-fs: Ignoring removed bh option [ 47.106423][ T1841] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.119547][ T282] EXT4-fs (loop1): unmounting filesystem. [ 47.139672][ T1841] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 47.149272][ T1845] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3952. macoff=96 [ 47.160496][ T1841] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:3841: comm syz.6.647: Allocating blocks 385-513 which overlap fs metadata [ 47.183856][ T1841] EXT4-fs (loop6): pa ffff88810ba41930: logic 16, phys. 129, len 24 [ 47.192067][ T1841] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 47.219885][ T764] EXT4-fs (loop6): unmounting filesystem. [ 47.265230][ T1859] loop6: detected capacity change from 0 to 128 [ 47.275078][ T1859] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 47.284067][ T1859] ext4 filesystem being mounted at /99/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 47.359633][ T764] EXT4-fs (loop6): unmounting filesystem. [ 47.432096][ T6] usb 4-1: USB disconnect, device number 4 [ 47.767651][ T19] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 47.963891][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 47.977366][ T19] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.997999][ T19] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.022276][ T19] usb 3-1: config 0 interface 0 has no altsetting 0 [ 48.033593][ T19] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 48.043039][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.055119][ T19] usb 3-1: config 0 descriptor?? [ 48.080438][ T1870] loop1: detected capacity change from 0 to 262144 [ 48.089374][ T1870] F2FS-fs (loop1): invalid crc value [ 48.143563][ T1870] F2FS-fs (loop1): Found nat_bits in checkpoint [ 48.185895][ T1870] F2FS-fs (loop1): Start checkpoint disabled! [ 48.193217][ T1870] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 48.223466][ T1900] loop3: detected capacity change from 0 to 8192 [ 48.249102][ T1900] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 48.283042][ T1907] syz.4.673[1907] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.283124][ T1907] syz.4.673[1907] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.308118][ T565] usb 5-1: USB disconnect, device number 5 [ 48.468734][ T19] hid (null): unknown global tag 0x83 [ 48.480787][ T19] hid (null): unknown global tag 0xc [ 48.491679][ T19] hid (null): global environment stack underflow [ 48.509695][ T19] hid (null): unknown global tag 0xe [ 48.601341][ T1915] netlink: 4 bytes leftover after parsing attributes in process `syz.4.677'. [ 48.672248][ T304] usb 3-1: USB disconnect, device number 3 [ 48.867309][ T1938] loop1: detected capacity change from 0 to 1024 [ 48.899609][ T1938] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 48.919056][ T282] EXT4-fs (loop1): unmounting filesystem. [ 48.959932][ T1934] loop4: detected capacity change from 0 to 40427 [ 48.975373][ T1934] F2FS-fs (loop4): fault_injection options not supported [ 48.982547][ T1934] F2FS-fs (loop4): Image doesn't support compression [ 48.989311][ T1934] F2FS-fs (loop4): Image doesn't support compression [ 49.007775][ T1934] F2FS-fs (loop4): invalid crc value [ 49.032862][ T1944] loop1: detected capacity change from 0 to 8192 [ 49.040127][ T1934] F2FS-fs (loop4): Found nat_bits in checkpoint [ 49.062932][ T1944] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 49.091847][ T1934] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 49.140240][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 49.140256][ T28] audit: type=1400 audit(1746802095.819:558): avc: denied { write } for pid=1954 comm="syz.6.691" name="001" dev="devtmpfs" ino=167 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 49.184923][ T1956] netlink: 116 bytes leftover after parsing attributes in process `syz.3.692'. [ 49.197094][ T1956] Zero length message leads to an empty skb [ 49.211300][ T288] syz-executor: attempt to access beyond end of device [ 49.211300][ T288] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 49.270546][ T28] audit: type=1400 audit(1746802095.949:559): avc: denied { append } for pid=1958 comm="syz.6.693" name="001" dev="devtmpfs" ino=170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 49.367883][ T28] audit: type=1400 audit(1746802095.979:560): avc: denied { map } for pid=1958 comm="syz.6.693" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 49.437988][ T1969] loop3: detected capacity change from 0 to 512 [ 49.472410][ T1969] EXT4-fs (loop3): Test dummy encryption mode enabled [ 49.513218][ T28] audit: type=1400 audit(1746802095.989:561): avc: denied { ioctl } for pid=1963 comm="syz.3.696" path="socket:[23059]" dev="sockfs" ino=23059 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 49.564463][ T1969] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.698: inode #1: comm syz.3.698: iget: illegal inode # [ 49.582782][ T28] audit: type=1400 audit(1746802095.989:562): avc: denied { read } for pid=1963 comm="syz.3.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 49.608143][ T1969] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.698: error while reading EA inode 1 err=-117 [ 49.621953][ T1983] loop4: detected capacity change from 0 to 4096 [ 49.622081][ T28] audit: type=1400 audit(1746802096.189:563): avc: denied { sqpoll } for pid=1976 comm="syz.4.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 49.652147][ T28] audit: type=1400 audit(1746802096.299:564): avc: denied { write } for pid=1980 comm="syz.2.702" path="socket:[24035]" dev="sockfs" ino=24035 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 49.677621][ T1969] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 49.701305][ T1983] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 49.705255][ T1969] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.698: inode #1: comm syz.3.698: iget: illegal inode # [ 49.725836][ T1983] EXT4-fs (loop4): shut down requested (1) [ 49.731592][ T1969] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.698: error while reading EA inode 1 err=-117 [ 49.732618][ T1983] fs-verity: sha256 using implementation "sha256-avx2" [ 49.753358][ T1969] EXT4-fs (loop3): 1 orphan inode deleted [ 49.763320][ T1969] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 49.776884][ T28] audit: type=1400 audit(1746802096.429:565): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 49.800611][ T28] audit: type=1400 audit(1746802096.429:566): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 49.802191][ T288] EXT4-fs (loop4): unmounting filesystem. [ 49.822082][ T28] audit: type=1400 audit(1746802096.429:567): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 49.934879][ T1996] netlink: 277 bytes leftover after parsing attributes in process `syz.4.709'. [ 49.948952][ T286] EXT4-fs (loop3): unmounting filesystem. [ 50.328143][ T2018] loop3: detected capacity change from 0 to 512 [ 50.355922][ T2018] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 50.436351][ T2018] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2186: inode #15: comm syz.3.729: corrupted in-inode xattr [ 50.458042][ T2018] EXT4-fs (loop3): Remounting filesystem read-only [ 50.474704][ T2018] EXT4-fs (loop3): 1 truncate cleaned up [ 50.481252][ T2018] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 50.632616][ T286] EXT4-fs (loop3): unmounting filesystem. [ 50.672948][ T2033] loop4: detected capacity change from 0 to 8192 [ 50.690436][ T2033] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 50.786997][ T2046] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 51.135344][ T2057] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.177714][ T2057] FAT-fs (loop7): unable to read boot sector [ 51.242505][ T2063] netlink: 'syz.4.737': attribute type 1 has an invalid length. [ 51.294212][ T2072] incfs: Options parsing error. -22 [ 51.310760][ T2072] incfs: mount failed -22 [ 51.703757][ T2105] loop2: detected capacity change from 0 to 128 [ 51.724260][ T2105] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 51.733613][ T2105] ext4 filesystem being mounted at /152/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 51.738180][ T2101] loop4: detected capacity change from 0 to 256 [ 51.788933][ T2101] exfat: Deprecated parameter 'utf8' [ 51.794295][ T2101] exfat: Deprecated parameter 'namecase' [ 51.801016][ T2095] loop6: detected capacity change from 0 to 8192 [ 51.802263][ T2101] exfat: Deprecated parameter 'utf8' [ 51.816534][ T2101] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 51.858595][ T2095] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 51.890610][ T2115] netlink: '+}[@': attribute type 13 has an invalid length. [ 51.908812][ T287] EXT4-fs (loop2): unmounting filesystem. [ 51.930445][ T2115] gretap0: refused to change device tx_queue_len [ 51.975864][ T2121] loop2: detected capacity change from 0 to 128 [ 51.985575][ T2115] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 52.001807][ T2121] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 52.021960][ T2121] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 52.251004][ T2153] loop2: detected capacity change from 0 to 128 [ 52.267741][ T2153] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 52.327422][ T2153] FAT-fs (loop2): FAT read failed (blocknr 128) [ 52.625356][ T2188] syz.4.798[2188] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.625435][ T2188] syz.4.798[2188] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.683953][ T2195] loop2: detected capacity change from 0 to 1024 [ 52.722218][ T2195] EXT4-fs: Ignoring removed orlov option [ 52.778092][ T2195] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c018, mo2=0002] [ 52.786251][ T2195] System zones: 0-1, 3-12 [ 52.791414][ T2195] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 52.810021][ T287] EXT4-fs (loop2): unmounting filesystem. [ 52.847645][ T561] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 52.909882][ T2216] loop6: detected capacity change from 0 to 256 [ 52.979711][ T2221] loop6: detected capacity change from 0 to 512 [ 52.989540][ T2221] EXT4-fs: Ignoring removed nomblk_io_submit option [ 53.002559][ T2221] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 53.011230][ T2221] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102] [ 53.019788][ T2221] EXT4-fs (loop6): couldn't mount RDWR because of unsupported optional features (80) [ 53.029409][ T2221] EXT4-fs (loop6): Skipping orphan cleanup due to unknown ROCOMPAT features [ 53.038766][ T561] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.059498][ T2221] EXT4-fs (loop6): couldn't mount RDWR because of unsupported optional features (80) [ 53.069142][ T561] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.085934][ T561] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 53.119374][ T561] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 53.137591][ T561] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.149875][ T561] usb 2-1: config 0 descriptor?? [ 53.245871][ T2239] loop2: detected capacity change from 0 to 512 [ 53.247710][ T2241] loop6: detected capacity change from 0 to 1024 [ 53.256055][ T2239] EXT4-fs: Ignoring removed orlov option [ 53.276753][ T2241] EXT4-fs: Ignoring removed nobh option [ 53.285338][ T2239] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.820: bg 0: block 411: padding at end of block bitmap is not set [ 53.300712][ T2239] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.820: inode #1: comm syz.2.820: iget: illegal inode # [ 53.301668][ T2241] EXT4-fs error (device loop6): ext4_ext_check_inode:520: inode #11: comm syz.6.819: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 53.331575][ T2239] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.820: error while reading EA inode 1 err=-117 [ 53.340452][ T2246] loop3: detected capacity change from 0 to 256 [ 53.346149][ T2241] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.819: couldn't read orphan inode 11 (err -117) [ 53.367741][ T2239] EXT4-fs (loop2): 1 orphan inode deleted [ 53.416330][ T2241] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:477: comm syz.6.819: Invalid block bitmap block 0 in block_group 0 [ 53.430126][ T2241] EXT4-fs error (device loop6): ext4_acquire_dquot:6789: comm syz.6.819: Failed to acquire dquot type 0 [ 53.450883][ T620] EXT4-fs error (device loop6): __ext4_get_inode_loc:4508: comm kworker/u4:5: Invalid inode table block 8589934593 in block_group 0 [ 53.571963][ T561] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 53.604706][ T2263] loop4: detected capacity change from 0 to 4096 [ 53.616035][ T561] plantronics 0003:047F:FFFF.0009: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 53.641392][ T2268] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 53.824974][ T2273] mmap: syz.4.832 (2273) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 53.858634][ T629] usb 2-1: USB disconnect, device number 3 [ 53.927395][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 53.951153][ T2299] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 54.192023][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 54.192041][ T28] audit: type=1400 audit(1746802100.869:590): avc: denied { write } for pid=2306 comm="syz.2.846" name="file0" dev="tmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 54.642529][ T28] audit: type=1400 audit(1746802101.319:591): avc: denied { connect } for pid=2316 comm="syz.3.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 54.706919][ T28] audit: type=1400 audit(1746802101.379:592): avc: denied { execstack } for pid=2322 comm="syz.6.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 55.002198][ T2350] loop3: detected capacity change from 0 to 1024 [ 55.018010][ T2350] EXT4-fs: Ignoring removed nobh option [ 55.062654][ T2350] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.865: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 55.089409][ T2350] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.865: couldn't read orphan inode 11 (err -117) [ 55.094540][ T2356] loop6: detected capacity change from 0 to 1024 [ 55.122327][ T2356] EXT4-fs error (device loop6): ext4_orphan_get:1426: comm syz.6.867: bad orphan inode 2304 [ 55.134076][ T2350] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.865: Invalid block bitmap block 0 in block_group 0 [ 55.156832][ T2350] Quota error (device loop3): write_blk: dquota write failed [ 55.157027][ T28] audit: type=1400 audit(1746802101.829:593): avc: denied { watch } for pid=2355 comm="syz.6.867" path="/130/bus/control" dev="loop6" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 55.167772][ T2350] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 55.202562][ T2350] EXT4-fs error (device loop3): ext4_acquire_dquot:6789: comm syz.3.865: Failed to acquire dquot type 0 [ 55.294636][ T620] EXT4-fs error (device loop3): __ext4_get_inode_loc:4508: comm kworker/u4:5: Invalid inode table block 8589934593 in block_group 0 [ 55.311214][ T28] audit: type=1400 audit(1746802101.989:594): avc: denied { map } for pid=2365 comm="syz.2.871" path="socket:[26203]" dev="sockfs" ino=26203 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 55.376190][ T28] audit: type=1400 audit(1746802101.989:595): avc: denied { read } for pid=2365 comm="syz.2.871" path="socket:[26203]" dev="sockfs" ino=26203 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 55.406726][ T2370] loop1: detected capacity change from 0 to 4096 [ 55.421567][ T2370] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #15: comm syz.1.873: corrupted inode contents [ 55.466004][ T2370] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #15: comm syz.1.873: mark_inode_dirty error [ 55.501075][ T2370] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #15: comm syz.1.873: corrupted inode contents [ 55.513330][ T2370] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #15: comm syz.1.873: mark_inode_dirty error [ 55.541931][ T2370] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #15: comm syz.1.873: corrupted inode contents [ 55.560619][ T28] audit: type=1400 audit(1746802102.239:596): avc: denied { create } for pid=2379 comm="syz.2.877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 55.582225][ T2370] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #15: comm syz.1.873: mark_inode_dirty error [ 55.628198][ T2370] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #15: comm syz.1.873: corrupted inode contents [ 55.641800][ T2370] EXT4-fs error (device loop1): ext4_truncate:4313: inode #15: comm syz.1.873: mark_inode_dirty error [ 55.662183][ T2386] loop3: detected capacity change from 0 to 512 [ 55.665183][ T2370] EXT4-fs error (device loop1) in ext4_setattr:5630: Corrupt filesystem [ 55.688325][ T2376] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #15: comm syz.1.873: corrupted inode contents [ 55.720374][ T2386] EXT4-fs (loop3): 1 orphan inode deleted [ 55.739901][ T620] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 55.750302][ T2386] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.760982][ T620] EXT4-fs error (device loop3): ext4_release_dquot:6812: comm kworker/u4:5: Failed to release dquot type 1 [ 55.922012][ T2402] loop1: detected capacity change from 0 to 1024 [ 55.927632][ T1665] Bluetooth: hci0: command 0x1003 tx timeout [ 55.928588][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 55.938178][ T2402] EXT4-fs: Ignoring removed orlov option [ 55.956302][ T2402] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.047735][ T561] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 56.201542][ T2428] loop2: detected capacity change from 0 to 1024 [ 56.238957][ T2428] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.247639][ T561] usb 4-1: Using ep0 maxpacket: 16 [ 56.256586][ T561] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 56.266561][ T561] usb 4-1: config 0 has no interface number 0 [ 56.272999][ T561] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x3 has invalid maxpacket 50270, setting to 1024 [ 56.347642][ T19] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 56.397173][ T561] usb 4-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 56.413411][ T2442] syz.4.904[2442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.413496][ T2442] syz.4.904[2442] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.414184][ T561] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.449150][ T2444] loop2: detected capacity change from 0 to 512 [ 56.475408][ T561] usb 4-1: Product: syz [ 56.479967][ T561] usb 4-1: Manufacturer: syz [ 56.484907][ T561] usb 4-1: SerialNumber: syz [ 56.499623][ T2444] EXT4-fs (loop2): 1 orphan inode deleted [ 56.523461][ T561] usb 4-1: config 0 descriptor?? [ 56.531356][ T2444] ext4 filesystem being mounted at /193/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.539443][ T2386] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 56.549410][ T10] EXT4-fs error (device loop2): ext4_release_dquot:6812: comm kworker/u4:1: Failed to release dquot type 1 [ 56.557671][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 56.566640][ T2444] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 56.574809][ T19] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.586323][ T19] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.595488][ T2444] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 56.599927][ T19] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 56.612733][ T19] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 56.624261][ T19] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 56.637104][ T19] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 56.647872][ T19] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 56.673228][ T2458] netlink: 'syz.4.911': attribute type 2 has an invalid length. [ 56.697151][ T19] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 56.729757][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 56.757581][ T19] usb 2-1: SerialNumber: syz [ 56.768234][ T19] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 56.776423][ T19] cdc_acm: probe of 2-1:1.0 failed with error -12 [ 56.788866][ T2467] input: syz0 as /devices/virtual/input/input7 [ 56.879939][ T561] usb 4-1: USB disconnect, device number 5 [ 56.977484][ T6] usb 2-1: USB disconnect, device number 4 [ 57.100942][ T2485] loop4: detected capacity change from 0 to 256 [ 57.157810][ T2489] loop4: detected capacity change from 0 to 1024 [ 57.164466][ T2489] EXT4-fs: Ignoring removed orlov option [ 57.177669][ T2489] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.250539][ T2499] loop4: detected capacity change from 0 to 4096 [ 57.434484][ T2504] loop4: detected capacity change from 0 to 40427 [ 57.443193][ T2504] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 57.451274][ T2504] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 57.470927][ T2504] F2FS-fs (loop4): Found nat_bits in checkpoint [ 57.497729][ T561] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 57.547314][ T2504] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 57.554449][ T2504] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 57.621414][ T288] syz-executor: attempt to access beyond end of device [ 57.621414][ T288] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 57.715387][ T561] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 57.732853][ T561] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 57.747010][ T561] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 57.758947][ T2522] loop2: detected capacity change from 0 to 512 [ 57.765684][ T561] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.774764][ T561] usb 7-1: config 0 descriptor?? [ 57.808292][ T2522] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 57.827192][ T2522] EXT4-fs (loop2): orphan cleanup on readonly fs [ 57.842714][ T2522] EXT4-fs warning (device loop2): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 57.867655][ T2522] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 57.900452][ T2522] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2925: inode #16: comm syz.2.936: corrupted xattr block 31 [ 57.920685][ T2520] loop3: detected capacity change from 0 to 40427 [ 57.929089][ T2520] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 57.937012][ T2520] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 57.945919][ T2522] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 57.953363][ T2520] F2FS-fs (loop3): invalid crc value [ 57.955221][ T2522] EXT4-fs (loop2): 1 orphan inode deleted [ 57.963280][ T2520] F2FS-fs (loop3): Found nat_bits in checkpoint [ 58.017613][ T2520] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 58.020734][ T2535] syz.2.939[2535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.024759][ T2535] syz.2.939[2535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.024798][ T2520] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 58.168697][ T2538] loop2: detected capacity change from 0 to 8192 [ 58.176162][ T2538] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 58.273064][ T2543] device pim6reg1 entered promiscuous mode [ 58.390236][ T561] usb 7-1: language id specifier not provided by device, defaulting to English [ 58.482288][ T2555] bridge0: port 3(vlan2) entered blocking state [ 58.488784][ T2555] bridge0: port 3(vlan2) entered disabled state [ 58.495633][ T2555] device vlan2 entered promiscuous mode [ 58.501350][ T2555] device vlan1 entered promiscuous mode [ 58.507165][ T2555] bridge0: port 3(vlan2) entered blocking state [ 58.513478][ T2555] bridge0: port 3(vlan2) entered forwarding state [ 58.534740][ T2557] loop3: detected capacity change from 0 to 256 [ 58.541584][ T2557] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 58.554368][ T2557] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 58.791658][ T561] uclogic 0003:256C:006D.000A: failed retrieving string descriptor #200: -71 [ 58.800676][ T561] uclogic 0003:256C:006D.000A: failed retrieving pen parameters: -71 [ 58.808857][ T561] uclogic 0003:256C:006D.000A: failed probing pen v2 parameters: -71 [ 58.816976][ T561] uclogic 0003:256C:006D.000A: failed probing parameters: -71 [ 58.824521][ T561] uclogic: probe of 0003:256C:006D.000A failed with error -71 [ 58.841945][ T561] usb 7-1: USB disconnect, device number 2 [ 58.865700][ T2569] loop1: detected capacity change from 0 to 1024 [ 58.875285][ T2569] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 58.900956][ T2569] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 58.911494][ T2569] JBD2: no valid journal superblock found [ 58.921574][ T2569] EXT4-fs (loop1): error loading journal [ 58.925558][ T2575] input: syz0 as /devices/virtual/input/input8 [ 58.949688][ T2577] netlink: 24 bytes leftover after parsing attributes in process `syz.4.958'. [ 58.959011][ T2577] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.967011][ T2577] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.979742][ T629] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 59.167694][ T629] usb 4-1: Using ep0 maxpacket: 32 [ 59.176182][ T629] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 59.194808][ T2585] loop4: detected capacity change from 0 to 40427 [ 59.194834][ T629] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 59.201834][ T2585] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 59.214825][ T629] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 59.218120][ T2585] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 59.227422][ T629] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 59.236202][ T2585] F2FS-fs (loop4): invalid crc value [ 59.250864][ T629] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 59.266933][ T629] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 59.268794][ T2585] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 59.280118][ T629] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 59.293079][ T2585] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 59.299864][ T629] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.318281][ T629] usb 4-1: config 0 descriptor?? [ 59.334855][ T2585] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 59.342025][ T2585] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 59.410998][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 59.411029][ T28] audit: type=1400 audit(1746802106.089:617): avc: denied { ioctl } for pid=2600 comm="syz.2.967" path="/209/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 59.467235][ T2585] syz.4.962: attempt to access beyond end of device [ 59.467235][ T2585] loop4: rw=2049, sector=77824, nr_sectors = 408 limit=40427 [ 59.526005][ T629] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 59.549956][ T28] audit: type=1400 audit(1746802106.229:618): avc: denied { write } for pid=2610 comm="syz.6.972" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 59.647581][ T28] audit: type=1326 audit(1746802106.319:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2616 comm="syz.4.974" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a3638e969 code=0x0 [ 59.762107][ T28] audit: type=1400 audit(1746802106.439:620): avc: denied { read write } for pid=2562 comm="syz.3.951" name="lp0" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 59.769451][ T561] usb 4-1: USB disconnect, device number 6 [ 59.786347][ T28] audit: type=1400 audit(1746802106.439:621): avc: denied { open } for pid=2562 comm="syz.3.951" path="/dev/usb/lp0" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 59.813724][ T561] usblp0: removed [ 60.157631][ T19] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 60.254010][ T28] audit: type=1400 audit(1746802106.929:622): avc: denied { mount } for pid=2629 comm="syz.1.979" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 60.289258][ T28] audit: type=1400 audit(1746802106.969:623): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 60.333767][ T2635] input: syz1 as /devices/virtual/input/input9 [ 60.347752][ T19] usb 7-1: Using ep0 maxpacket: 16 [ 60.354345][ T19] usb 7-1: config 0 has no interfaces? [ 60.373733][ T19] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.392062][ T19] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 60.405840][ T19] usb 7-1: SerialNumber: syz [ 60.414635][ T19] usb 7-1: config 0 descriptor?? [ 60.491312][ T2652] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 60.498543][ T2652] IPv6: NLM_F_CREATE should be set when creating new route [ 60.561434][ T28] audit: type=1400 audit(1746802107.229:624): avc: denied { read write } for pid=2658 comm="syz.4.993" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 60.585088][ T28] audit: type=1400 audit(1746802107.229:625): avc: denied { open } for pid=2658 comm="syz.4.993" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 60.608756][ T28] audit: type=1400 audit(1746802107.229:626): avc: denied { ioctl } for pid=2658 comm="syz.4.993" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 60.639259][ T561] usb 7-1: USB disconnect, device number 3 [ 60.677462][ T2665] loop4: detected capacity change from 0 to 256 [ 60.684471][ T2665] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 60.695574][ T2665] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 60.705218][ T2665] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 60.796795][ T2679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1001'. [ 60.809008][ T2679] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 60.824685][ T2682] netlink: 'syz.4.1002': attribute type 4 has an invalid length. [ 60.832597][ T2682] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.1002'. [ 60.890605][ T2690] loop4: detected capacity change from 0 to 256 [ 60.909052][ T2690] exfat: Deprecated parameter 'namecase' [ 60.927054][ T2690] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 61.101505][ T2712] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1016'. [ 61.111549][ T2712] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1016'. [ 61.133557][ T2714] loop4: detected capacity change from 0 to 128 [ 61.141081][ T2714] EXT4-fs (loop4): Test dummy encryption mode enabled [ 61.164951][ T2716] capability: warning: `syz.1.1017' uses 32-bit capabilities (legacy support in use) [ 61.174307][ T2719] loop6: detected capacity change from 0 to 1024 [ 61.181633][ T2714] ext4 filesystem being mounted at /267/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 61.187940][ T2719] EXT4-fs: Ignoring removed orlov option [ 61.197840][ T2719] EXT4-fs: Ignoring removed nomblk_io_submit option [ 61.312969][ T2739] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2739 comm=syz.1.1023 [ 61.430238][ T2750] loop3: detected capacity change from 0 to 2048 [ 61.532442][ T2750] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.609180][ T2750] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 61.627683][ T2750] EXT4-fs (loop3): This should not happen!! Data will be lost [ 61.627683][ T2750] [ 61.643604][ T2750] EXT4-fs (loop3): Total free blocks count 0 [ 61.666785][ T2750] EXT4-fs (loop3): Free/Dirty block details [ 61.673145][ T2750] EXT4-fs (loop3): free_blocks=2415919104 [ 61.691677][ T2750] EXT4-fs (loop3): dirty_blocks=912 [ 61.697327][ T2750] EXT4-fs (loop3): Block reservation details [ 61.703758][ T2750] EXT4-fs (loop3): i_reserved_data_blocks=57 [ 61.735259][ T2774] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1039'. [ 61.932375][ T2763] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 61.945016][ T2763] EXT4-fs (loop3): This should not happen!! Data will be lost [ 61.945016][ T2763] [ 62.141458][ T2799] loop3: detected capacity change from 0 to 1024 [ 62.148281][ T2799] ext4: Unknown parameter 'nouser_xattr' [ 62.164029][ T2799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1049'. [ 62.180537][ T2799] bridge0: port 3(vlan2) entered disabled state [ 62.186920][ T2799] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.194140][ T2799] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.270346][ T2808] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1054'. [ 62.279625][ T2808] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1054'. [ 62.288896][ T19] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 62.487618][ T19] usb 3-1: Using ep0 maxpacket: 32 [ 62.499092][ T19] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.507211][ T19] usb 3-1: config 0 has no interface number 0 [ 62.542117][ T2827] SELinux: failed to load policy [ 62.552683][ T19] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 62.561921][ T1665] Bluetooth: hci0: sending frame failed (-49) [ 62.568470][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 62.584349][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.597689][ T19] usb 3-1: Product: syz [ 62.601885][ T19] usb 3-1: Manufacturer: syz [ 62.606520][ T19] usb 3-1: SerialNumber: syz [ 62.623299][ T2827] loop3: detected capacity change from 0 to 10865 [ 62.632098][ T19] usb 3-1: config 0 descriptor?? [ 62.638264][ T19] smsc95xx v2.0.0 [ 62.646402][ T2827] F2FS-fs (loop3): invalid crc value [ 62.691737][ T2827] syz.3.1062: attempt to access beyond end of device [ 62.691737][ T2827] loop3: rw=12288, sector=12288, nr_sectors = 8 limit=10865 [ 62.706368][ T2827] syz.3.1062: attempt to access beyond end of device [ 62.706368][ T2827] loop3: rw=12288, sector=12288, nr_sectors = 8 limit=10865 [ 62.725124][ T2827] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-5) [ 62.969310][ T2861] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 62.975600][ T2853] loop4: detected capacity change from 0 to 40427 [ 62.996351][ T2853] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 63.004198][ T2853] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 63.022839][ T2853] F2FS-fs (loop4): invalid crc value [ 63.046021][ T2853] F2FS-fs (loop4): Found nat_bits in checkpoint [ 63.075579][ T2870] loop3: detected capacity change from 0 to 512 [ 63.091359][ T2870] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 63.115247][ T2853] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 63.116659][ T2874] loop6: detected capacity change from 0 to 128 [ 63.122406][ T2853] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 63.168246][ T2870] ext4 filesystem being mounted at /210/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.196119][ T2874] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 63.205090][ T2874] System zones: 1-3, 19-19, 35-36 [ 63.211621][ T2853] syz.4.1071: attempt to access beyond end of device [ 63.211621][ T2853] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 63.238760][ T288] syz-executor: attempt to access beyond end of device [ 63.238760][ T288] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 63.254132][ T2870] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1078: bg 0: block 304: padding at end of block bitmap is not set [ 63.278041][ T2874] ext4 filesystem being mounted at /152/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 63.294820][ T2870] EXT4-fs (loop3): Remounting filesystem read-only [ 63.439774][ T2890] loop3: detected capacity change from 0 to 512 [ 63.478405][ T2890] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 63.494593][ T2898] loop4: detected capacity change from 0 to 512 [ 63.504716][ T2890] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.554975][ T2898] EXT4-fs (loop4): 1 orphan inode deleted [ 63.561178][ T2898] ext4 filesystem being mounted at /288/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.572075][ T620] EXT4-fs error (device loop4): ext4_release_dquot:6812: comm kworker/u4:5: Failed to release dquot type 1 [ 63.648552][ T19] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 63.659517][ T19] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 63.670395][ T19] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 63.681839][ T19] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 63.709405][ T19] usb 3-1: USB disconnect, device number 4 [ 64.093187][ T2950] loop1: detected capacity change from 0 to 2048 [ 64.099801][ T561] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 64.134172][ T2950] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 64.149100][ T2950] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 64.161599][ T2950] EXT4-fs (loop1): This should not happen!! Data will be lost [ 64.161599][ T2950] [ 64.161622][ T2950] EXT4-fs (loop1): Total free blocks count 0 [ 64.161636][ T2950] EXT4-fs (loop1): Free/Dirty block details [ 64.161649][ T2950] EXT4-fs (loop1): free_blocks=2415919104 [ 64.161664][ T2950] EXT4-fs (loop1): dirty_blocks=16 [ 64.161676][ T2950] EXT4-fs (loop1): Block reservation details [ 64.161687][ T2950] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 64.288657][ T561] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.304006][ T561] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 64.321014][ T561] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.336918][ T561] usb 5-1: config 0 descriptor?? [ 64.440794][ T2950] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 64.453516][ T2950] EXT4-fs (loop1): This should not happen!! Data will be lost [ 64.453516][ T2950] [ 64.749290][ T561] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor [ 64.772606][ T561] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.000B/input/input10 [ 64.861601][ T561] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 65.030856][ T3000] loop2: detected capacity change from 0 to 2048 [ 65.072491][ T3000] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 65.097562][ T3000] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 65.110296][ T3000] EXT4-fs (loop2): This should not happen!! Data will be lost [ 65.110296][ T3000] [ 65.120416][ T3000] EXT4-fs (loop2): Total free blocks count 0 [ 65.126904][ T3000] EXT4-fs (loop2): Free/Dirty block details [ 65.133213][ T3000] EXT4-fs (loop2): free_blocks=2415919104 [ 65.139167][ T3000] EXT4-fs (loop2): dirty_blocks=336 [ 65.144472][ T3000] EXT4-fs (loop2): Block reservation details [ 65.150724][ T3000] EXT4-fs (loop2): i_reserved_data_blocks=21 [ 65.273459][ T561] usb 5-1: USB disconnect, device number 6 [ 65.387066][ T3009] loop3: detected capacity change from 0 to 40427 [ 65.414454][ T3009] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 65.424173][ T3009] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 65.433505][ T3009] F2FS-fs (loop3): invalid crc value [ 65.435311][ T3011] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 65.441076][ T3009] F2FS-fs (loop3): Found nat_bits in checkpoint [ 65.452260][ T3011] EXT4-fs (loop2): This should not happen!! Data will be lost [ 65.452260][ T3011] [ 65.532534][ T3009] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 65.544681][ T3009] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 65.546282][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 65.546295][ T28] audit: type=1400 audit(1746802112.219:637): avc: denied { relabelfrom } for pid=3021 comm="syz.6.1134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 65.578672][ T28] audit: type=1400 audit(1746802112.249:638): avc: denied { relabelto } for pid=3021 comm="syz.6.1134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 65.628327][ T3009] syz.3.1131: attempt to access beyond end of device [ 65.628327][ T3009] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 65.661297][ T286] syz-executor: attempt to access beyond end of device [ 65.661297][ T286] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 65.684343][ T287] EXT4-fs unmount: 45 callbacks suppressed [ 65.696506][ T3026] fuse: Invalid group_id [ 65.839409][ T3043] loop2: detected capacity change from 0 to 2048 [ 65.862727][ T3045] loop3: detected capacity change from 0 to 256 [ 65.878622][ T3045] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 65.892893][ T3043] Alternate GPT is invalid, using primary GPT. [ 65.903745][ T3043] loop2: p1 p2 p3 [ 65.961311][ T3051] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1148'. [ 65.971291][ T28] audit: type=1400 audit(1746802112.649:639): avc: denied { append } for pid=3044 comm="syz.3.1137" path="/220/file0/blkio.bfq.io_serviced" dev="loop3" ino=1048632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 65.971548][ T311] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 66.037168][ T28] audit: type=1400 audit(1746802112.689:640): avc: denied { map } for pid=3044 comm="syz.3.1137" path="/220/file0/blkio.bfq.io_serviced" dev="loop3" ino=1048632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 66.060513][ T383] udevd[383]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 66.073358][ T305] udevd[305]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 66.083144][ T3059] loop1: detected capacity change from 0 to 512 [ 66.085872][ T311] udevd[311]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 66.089634][ T6] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 66.109100][ T3059] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 66.139730][ T3059] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 66.156405][ T3059] ext4 filesystem being mounted at /188/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.268532][ T282] EXT4-fs (loop1): unmounting filesystem. [ 66.298921][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.316820][ T3088] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 66.328032][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.338258][ T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 66.375330][ T6] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 66.391200][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.418087][ T6] usb 5-1: config 0 descriptor?? [ 66.612742][ T3112] loop2: detected capacity change from 0 to 512 [ 66.632075][ T3112] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 66.672104][ T3112] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 66.689622][ T3100] loop6: detected capacity change from 0 to 40427 [ 66.696331][ T3112] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.707763][ T3100] F2FS-fs (loop6): fault_injection options not supported [ 66.720882][ T3100] F2FS-fs (loop6): invalid crc value [ 66.764023][ T3100] F2FS-fs (loop6): Found nat_bits in checkpoint [ 66.831003][ T6] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 66.854629][ T287] EXT4-fs (loop2): unmounting filesystem. [ 66.861976][ T6] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 66.914183][ T561] kernel write not supported for file bpf-prog (pid: 561 comm: kworker/1:3) [ 66.928157][ T3100] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 66.977856][ T28] audit: type=1400 audit(1746802113.659:641): avc: denied { compute_member } for pid=3132 comm="syz.2.1178" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 67.062419][ T3100] syz.6.1167: attempt to access beyond end of device [ 67.062419][ T3100] loop6: rw=0, sector=49152, nr_sectors = 8 limit=40427 [ 67.084108][ T764] syz-executor: attempt to access beyond end of device [ 67.084108][ T764] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 67.108564][ T6] usb 5-1: USB disconnect, device number 7 [ 67.213687][ T3147] loop2: detected capacity change from 0 to 128 [ 67.281418][ T3106] loop3: detected capacity change from 0 to 131072 [ 67.299451][ T3106] F2FS-fs (loop3): invalid crc value [ 67.322735][ T3106] F2FS-fs (loop3): Found nat_bits in checkpoint [ 67.355428][ T3158] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1191'. [ 67.382925][ T3158] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1191'. [ 67.396519][ T3106] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 67.794006][ T3201] tmpfs: Unknown parameter 'nolazytime1' [ 67.813415][ T3171] loop1: detected capacity change from 0 to 40427 [ 67.842710][ T3208] loop2: detected capacity change from 0 to 2048 [ 67.860228][ T3171] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 67.874964][ T3171] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 67.933988][ T3208] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 67.948071][ T3208] ext4 filesystem being mounted at /257/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.982091][ T3171] F2FS-fs (loop1): invalid crc value [ 68.010408][ T28] audit: type=1400 audit(1746802114.689:642): avc: denied { append } for pid=3207 comm="syz.2.1210" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 68.068747][ T287] EXT4-fs (loop2): unmounting filesystem. [ 68.171438][ T3223] loop3: detected capacity change from 0 to 40427 [ 68.190778][ T3171] F2FS-fs (loop1): Found nat_bits in checkpoint [ 68.297411][ T3171] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 68.306813][ T3223] F2FS-fs (loop3): Found nat_bits in checkpoint [ 68.307638][ T3171] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 68.492017][ T3223] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 68.502589][ T282] syz-executor: attempt to access beyond end of device [ 68.502589][ T282] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 68.530454][ T3223] syz.3.1197: attempt to access beyond end of device [ 68.530454][ T3223] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 68.558622][ T286] syz-executor: attempt to access beyond end of device [ 68.558622][ T286] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 68.785011][ T3369] loop6: detected capacity change from 0 to 256 [ 68.805842][ T3371] loop3: detected capacity change from 0 to 512 [ 68.808539][ T3369] FAT-fs (loop6): Directory bread(block 64) failed [ 68.819006][ T3369] FAT-fs (loop6): Directory bread(block 65) failed [ 68.825592][ T3369] FAT-fs (loop6): Directory bread(block 66) failed [ 68.833821][ T3369] FAT-fs (loop6): Directory bread(block 67) failed [ 68.840885][ T3369] FAT-fs (loop6): Directory bread(block 68) failed [ 68.848917][ T3369] FAT-fs (loop6): Directory bread(block 69) failed [ 68.849516][ T3371] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.864603][ T3369] FAT-fs (loop6): Directory bread(block 70) failed [ 68.872793][ T3369] FAT-fs (loop6): Directory bread(block 71) failed [ 68.880367][ T3369] FAT-fs (loop6): Directory bread(block 72) failed [ 68.887124][ T3369] FAT-fs (loop6): Directory bread(block 73) failed [ 68.890618][ T3371] EXT4-fs error (device loop3): ext4_quota_enable:6976: comm syz.3.1217: Bad quota inum: 29696, type: 1 [ 68.905030][ T3371] EXT4-fs warning (device loop3): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix. [ 68.921038][ T3371] EXT4-fs (loop3): mount failed [ 69.046583][ T3386] netlink: 4344 bytes leftover after parsing attributes in process `syz.1.1227'. [ 69.058802][ T3388] SELinux: Context system_u:object_r:iptables_unit_file_t:s0 is not valid (left unmapped). [ 69.069336][ T28] audit: type=1400 audit(1746802115.749:643): avc: denied { relabelto } for pid=3387 comm="syz.3.1226" name="" dev="pipefs" ino=29225 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:iptables_unit_file_t:s0" [ 69.125888][ T28] audit: type=1400 audit(1746802115.749:644): avc: denied { nlmsg_read } for pid=3385 comm="syz.1.1227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 69.316165][ T3406] loop1: detected capacity change from 0 to 256 [ 69.363494][ T3406] FAT-fs (loop1): Directory bread(block 64) failed [ 69.377811][ T3406] FAT-fs (loop1): Directory bread(block 65) failed [ 69.398956][ T3406] FAT-fs (loop1): Directory bread(block 66) failed [ 69.405506][ T3406] FAT-fs (loop1): Directory bread(block 67) failed [ 69.415615][ T3406] FAT-fs (loop1): Directory bread(block 68) failed [ 69.422907][ T3406] FAT-fs (loop1): Directory bread(block 69) failed [ 69.429671][ T3406] FAT-fs (loop1): Directory bread(block 70) failed [ 69.452410][ T3406] FAT-fs (loop1): Directory bread(block 71) failed [ 69.463483][ T3418] loop3: detected capacity change from 0 to 1024 [ 69.470007][ T3406] FAT-fs (loop1): Directory bread(block 72) failed [ 69.476556][ T3406] FAT-fs (loop1): Directory bread(block 73) failed [ 69.500456][ T3418] EXT4-fs: Ignoring removed oldalloc option [ 69.568391][ T3418] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 69.646307][ T3430] loop2: detected capacity change from 0 to 512 [ 69.652968][ T3430] ext4: Bad value for 'sb' [ 69.767737][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 69.767946][ T1665] Bluetooth: hci0: command 0x1003 tx timeout [ 69.808074][ T286] EXT4-fs (loop3): unmounting filesystem. [ 69.928472][ T3447] loop3: detected capacity change from 0 to 1024 [ 69.945785][ T3449] loop1: detected capacity change from 0 to 128 [ 69.964469][ T3447] EXT4-fs: Ignoring removed oldalloc option [ 69.970608][ T28] audit: type=1400 audit(1746802116.639:645): avc: denied { mount } for pid=3452 comm="syz.4.1257" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 69.997205][ T28] audit: type=1400 audit(1746802116.679:646): avc: denied { remount } for pid=3452 comm="syz.4.1257" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 70.034741][ T3455] loop2: detected capacity change from 0 to 256 [ 70.040356][ T3447] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 70.063201][ T3455] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 70.068329][ T3449] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 70.123521][ T286] EXT4-fs (loop3): unmounting filesystem. [ 70.178127][ T3465] loop4: detected capacity change from 0 to 256 [ 70.185481][ T3449] ext4 filesystem being mounted at /215/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 70.187580][ T3412] loop6: detected capacity change from 0 to 131072 [ 70.203106][ T3465] exfat: Deprecated parameter 'utf8' [ 70.219012][ T3412] F2FS-fs (loop6): Invalid segment/section count (31, 24 x 150994945) [ 70.227223][ T3412] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 70.239837][ T3465] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 70.251194][ T282] EXT4-fs (loop1): unmounting filesystem. [ 70.291776][ T3474] xt_CONNSECMARK: invalid mode: 0 [ 70.436573][ T3412] F2FS-fs (loop6): invalid crc value [ 70.453699][ T3412] F2FS-fs (loop6): Found nat_bits in checkpoint [ 70.531552][ T3412] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 70.560780][ T3412] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4 [ 70.633575][ T3494] loop1: detected capacity change from 0 to 1024 [ 70.641681][ T3494] EXT4-fs: Ignoring removed oldalloc option [ 70.657676][ T3494] EXT4-fs: Ignoring removed bh option [ 70.668117][ T3494] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.699445][ T3494] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 70.729797][ T3494] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.1274: Allocating blocks 481-513 which overlap fs metadata [ 70.745401][ T3494] EXT4-fs (loop1): pa ffff888100689888: logic 0, phys. 465, len 3 [ 70.753324][ T3494] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 70.771766][ T282] EXT4-fs (loop1): unmounting filesystem. [ 70.837607][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 70.858829][ T3503] loop6: detected capacity change from 0 to 256 [ 70.871595][ T3503] FAT-fs (loop6): Directory bread(block 64) failed [ 70.878376][ T3503] FAT-fs (loop6): Directory bread(block 65) failed [ 70.885088][ T3503] FAT-fs (loop6): Directory bread(block 66) failed [ 70.891855][ T3503] FAT-fs (loop6): Directory bread(block 67) failed [ 70.898557][ T3503] FAT-fs (loop6): Directory bread(block 68) failed [ 70.905198][ T3503] FAT-fs (loop6): Directory bread(block 69) failed [ 70.915137][ T3503] FAT-fs (loop6): Directory bread(block 70) failed [ 70.921783][ T3503] FAT-fs (loop6): Directory bread(block 71) failed [ 70.928558][ T3503] FAT-fs (loop6): Directory bread(block 72) failed [ 70.935168][ T3503] FAT-fs (loop6): Directory bread(block 73) failed [ 70.959648][ T3508] incfs: Options parsing error. -22 [ 70.965010][ T3508] incfs: mount failed -22 [ 71.010450][ T3514] loop6: detected capacity change from 0 to 256 [ 71.017011][ T3514] exfat: Deprecated parameter 'utf8' [ 71.017608][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 71.022578][ T3514] exfat: Deprecated parameter 'utf8' [ 71.039126][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.052774][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.064152][ T3514] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6d3f72e, utbl_chksum : 0xe619d30d) [ 71.065495][ T24] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 71.086566][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.096923][ T24] usb 5-1: config 0 descriptor?? [ 71.115608][ T3516] loop1: detected capacity change from 0 to 2048 [ 71.149620][ T3516] Alternate GPT is invalid, using primary GPT. [ 71.156053][ T3516] loop1: p1 p2 p3 [ 71.527813][ T24] savu 0003:1E7D:2D5A.000D: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 71.565676][ T3541] loop2: detected capacity change from 0 to 8192 [ 71.649854][ T3548] loop2: detected capacity change from 0 to 512 [ 71.660583][ T3548] EXT4-fs (loop2): 1 orphan inode deleted [ 71.666518][ T3548] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 71.675960][ T3548] ext4 filesystem being mounted at /278/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.687064][ T3355] __quota_error: 1 callbacks suppressed [ 71.687078][ T3355] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 71.703017][ T3355] EXT4-fs error (device loop2): ext4_release_dquot:6812: comm kworker/u4:144: Failed to release dquot type 1 [ 71.737875][ T6] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 71.798580][ T24] usb 5-1: USB disconnect, device number 8 [ 71.917612][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 71.924343][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.935353][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.945173][ T6] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 71.954340][ T19] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 71.962014][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.970932][ T6] usb 2-1: config 0 descriptor?? [ 72.157751][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 72.164800][ T19] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 72.173658][ T19] usb 3-1: config 0 has no interface number 0 [ 72.181428][ T19] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x3 has invalid maxpacket 50270, setting to 1024 [ 72.199213][ T19] usb 3-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 72.208529][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.211779][ T3577] netlink: 'syz.6.1308': attribute type 4 has an invalid length. [ 72.216623][ T19] usb 3-1: Product: syz [ 72.224417][ T3577] netlink: 3657 bytes leftover after parsing attributes in process `syz.6.1308'. [ 72.229111][ T19] usb 3-1: Manufacturer: syz [ 72.243011][ T19] usb 3-1: SerialNumber: syz [ 72.257416][ T19] usb 3-1: config 0 descriptor?? [ 72.263213][ T3548] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 72.339361][ T3583] loop4: detected capacity change from 0 to 4096 [ 72.347416][ T3587] loop6: detected capacity change from 0 to 2048 [ 72.361853][ T3583] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 72.376341][ T3587] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 72.387561][ T6] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:05AC:8241.000E/input/input12 [ 72.404072][ T3587] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 72.418925][ T1665] Bluetooth: hci0: command 0x1003 tx timeout [ 72.420049][ T288] EXT4-fs (loop4): unmounting filesystem. [ 72.425103][ T3587] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 72.431350][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 72.443053][ T3587] EXT4-fs (loop6): This should not happen!! Data will be lost [ 72.443053][ T3587] [ 72.466968][ T3587] EXT4-fs (loop6): Total free blocks count 0 [ 72.481233][ T3587] EXT4-fs (loop6): Free/Dirty block details [ 72.487186][ T3587] EXT4-fs (loop6): free_blocks=2415919104 [ 72.493570][ T3587] EXT4-fs (loop6): dirty_blocks=16 [ 72.498897][ T6] appleir 0003:05AC:8241.000E: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 72.498954][ T3587] EXT4-fs (loop6): Block reservation details [ 72.517904][ T3587] EXT4-fs (loop6): i_reserved_data_blocks=1 [ 72.546391][ T3597] loop4: detected capacity change from 0 to 256 [ 72.569208][ T3597] syz.4.1316: attempt to access beyond end of device [ 72.569208][ T3597] loop4: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 72.581967][ T28] audit: type=1400 audit(1746802119.259:648): avc: denied { ioctl } for pid=3598 comm="syz.3.1317" path="socket:[30459]" dev="sockfs" ino=30459 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 72.616896][ T3551] usb 3-1: USB disconnect, device number 5 [ 72.626309][ T6] usb 2-1: USB disconnect, device number 5 [ 72.691399][ T3613] loop4: detected capacity change from 0 to 256 [ 72.698084][ T3613] exfat: Deprecated parameter 'utf8' [ 72.720095][ T3613] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 72.748336][ T3605] fido_id[3605]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 72.969548][ T3587] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 73.127501][ T287] EXT4-fs (loop2): unmounting filesystem. [ 73.163630][ T3643] overlayfs: missing 'lowerdir' [ 73.191752][ T28] audit: type=1326 audit(1746802119.869:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.217664][ T6] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 73.223362][ T28] audit: type=1326 audit(1746802119.899:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.274401][ T28] audit: type=1326 audit(1746802119.929:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.304043][ T28] audit: type=1326 audit(1746802119.929:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.327997][ T28] audit: type=1326 audit(1746802119.929:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.351556][ T28] audit: type=1326 audit(1746802119.929:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.382579][ T28] audit: type=1326 audit(1746802119.929:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.395241][ T3654] loop2: detected capacity change from 0 to 256 [ 73.406160][ T28] audit: type=1326 audit(1746802119.929:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3644 comm="syz.2.1335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6cb8e969 code=0x7ffc0000 [ 73.437671][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 73.443871][ T6] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 73.466934][ T6] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 73.476210][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.497027][ T6] usb 4-1: Product: syz [ 73.501684][ T6] usb 4-1: Manufacturer: syz [ 73.506701][ T6] usb 4-1: SerialNumber: syz [ 73.519377][ T6] usb 4-1: config 0 descriptor?? [ 73.638048][ T3356] Bluetooth: hci0: Frame reassembly failed (-84) [ 73.768580][ T24] usb 4-1: USB disconnect, device number 7 [ 73.870700][ T3695] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1361'. [ 73.883697][ T3675] loop1: detected capacity change from 0 to 40427 [ 73.908001][ T3675] F2FS-fs (loop1): invalid crc value [ 73.933202][ T3675] F2FS-fs (loop1): Found nat_bits in checkpoint [ 73.974607][ T3675] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 74.039036][ T3675] syz.1.1351: attempt to access beyond end of device [ 74.039036][ T3675] loop1: rw=2049, sector=45096, nr_sectors = 40 limit=40427 [ 74.146069][ T282] syz-executor: attempt to access beyond end of device [ 74.146069][ T282] loop1: rw=2049, sector=45136, nr_sectors = 8 limit=40427 [ 74.200441][ T629] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 74.202000][ T3672] loop2: detected capacity change from 0 to 131072 [ 74.215305][ T3672] F2FS-fs (loop2): Test dummy encryption mode enabled [ 74.237765][ T3672] F2FS-fs (loop2): invalid crc value [ 74.259565][ T3672] F2FS-fs (loop2): Found nat_bits in checkpoint [ 74.341070][ T3718] xt_hashlimit: size too large, truncated to 1048576 [ 74.348143][ T3672] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 74.398662][ T629] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 74.418679][ T629] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 74.447796][ T629] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 74.467260][ T629] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.477690][ T629] usb 5-1: Product: syz [ 74.481885][ T629] usb 5-1: Manufacturer: syz [ 74.486486][ T629] usb 5-1: SerialNumber: syz [ 74.507964][ T629] usb 5-1: config 0 descriptor?? [ 74.523449][ T3701] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 74.530721][ T3701] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 74.593646][ T3720] loop3: detected capacity change from 0 to 40427 [ 74.609052][ T3720] F2FS-fs (loop3): fault_injection options not supported [ 74.616913][ T3720] F2FS-fs (loop3): Image doesn't support compression [ 74.624521][ T3720] F2FS-fs (loop3): Image doesn't support compression [ 74.632091][ T3720] F2FS-fs (loop3): fault_type options not supported [ 74.656753][ T3720] F2FS-fs (loop3): invalid crc value [ 74.668648][ T3720] F2FS-fs (loop3): Found nat_bits in checkpoint [ 74.741537][ T3701] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 74.748835][ T3701] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 74.772564][ T3720] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 74.858770][ T286] syz-executor: attempt to access beyond end of device [ 74.858770][ T286] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 74.876817][ T3727] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1371'. [ 74.998637][ T3740] SELinux: Context is not valid (left unmapped). [ 75.106598][ T3752] loop3: detected capacity change from 0 to 128 [ 75.121076][ T3752] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 75.129910][ T3752] ext4 filesystem being mounted at /256/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.157559][ T629] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 75.197874][ T3752] support for the xor transformation has been removed. [ 75.233099][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 1024 [ 75.248730][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 8192 [ 75.264307][ T286] EXT4-fs error (device loop3): ext4_empty_dir:3166: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 75.277840][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 1024 [ 75.293669][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 8192 [ 75.317834][ T286] EXT4-fs error (device loop3): ext4_empty_dir:3166: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 75.335105][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 1024 [ 75.370726][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 8192 [ 75.394794][ T286] EXT4-fs error (device loop3): ext4_empty_dir:3166: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 75.411301][ T286] EXT4-fs error (device loop3): ext4_readdir:223: inode #11: comm syz-executor: path /256/file0/lost+found: directory fails checksum at offset 1024 [ 75.549774][ T286] EXT4-fs (loop3): unmounting filesystem. [ 75.564324][ T629] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 75.574137][ T629] usb 5-1: USB disconnect, device number 9 [ 75.687676][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 75.687688][ T1665] Bluetooth: hci0: command 0x1003 tx timeout [ 76.093697][ T3765] loop4: detected capacity change from 0 to 2048 [ 76.102871][ T3768] input: syz1 as /devices/virtual/input/input14 [ 76.131421][ T3765] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 76.143759][ T3765] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 76.174017][ T3765] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 76.192250][ T3765] EXT4-fs (loop4): This should not happen!! Data will be lost [ 76.192250][ T3765] [ 76.206152][ T3765] EXT4-fs (loop4): Total free blocks count 0 [ 76.245448][ T3765] EXT4-fs (loop4): Free/Dirty block details [ 76.257715][ T3765] EXT4-fs (loop4): free_blocks=2415919104 [ 76.263486][ T3765] EXT4-fs (loop4): dirty_blocks=608 [ 76.278691][ T3356] device vlan2 left promiscuous mode [ 76.295194][ T3765] EXT4-fs (loop4): Block reservation details [ 76.301865][ T3356] device vlan1 left promiscuous mode [ 76.318384][ T3765] EXT4-fs (loop4): i_reserved_data_blocks=84 [ 76.328077][ T3356] bridge0: port 3(vlan2) entered disabled state [ 76.358329][ T3356] device bridge_slave_1 left promiscuous mode [ 76.364515][ T3356] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.383339][ T3785] loop6: detected capacity change from 0 to 256 [ 76.428607][ T3356] device bridge_slave_0 left promiscuous mode [ 76.445156][ T3785] FAT-fs (loop6): Directory bread(block 64) failed [ 76.462815][ T3356] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.470415][ T3785] FAT-fs (loop6): Directory bread(block 65) failed [ 76.476992][ T3785] FAT-fs (loop6): Directory bread(block 66) failed [ 76.495233][ T3356] device veth1_macvtap left promiscuous mode [ 76.501348][ T3356] device veth0_vlan left promiscuous mode [ 76.504893][ T3775] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 76.512933][ T3785] FAT-fs (loop6): Directory bread(block 67) failed [ 76.532625][ T3785] FAT-fs (loop6): Directory bread(block 68) failed [ 76.539283][ T3785] FAT-fs (loop6): Directory bread(block 69) failed [ 76.545923][ T3785] FAT-fs (loop6): Directory bread(block 70) failed [ 76.552490][ T3785] FAT-fs (loop6): Directory bread(block 71) failed [ 76.559341][ T3785] FAT-fs (loop6): Directory bread(block 72) failed [ 76.565894][ T3785] FAT-fs (loop6): Directory bread(block 73) failed [ 76.849478][ T3812] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 76.858787][ T3812] F2FS-fs (loop9): Unable to read 1th superblock [ 76.865211][ T3812] I/O error, dev loop9, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 76.879256][ T3812] F2FS-fs (loop9): Unable to read 2th superblock [ 76.924713][ T3813] loop1: detected capacity change from 0 to 4096 [ 76.932233][ T3817] loop4: detected capacity change from 0 to 2048 [ 76.946586][ T3776] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.967641][ T3776] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.978158][ T3813] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 76.984481][ T3776] device bridge_slave_0 entered promiscuous mode [ 77.010312][ T282] EXT4-fs (loop1): unmounting filesystem. [ 77.020132][ T3776] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.037852][ T3817] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 77.044359][ T3802] loop6: detected capacity change from 0 to 40427 [ 77.054921][ T3817] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 77.061215][ T3802] F2FS-fs (loop6): Small segment_count (9 < 1 * 24) [ 77.076480][ T3802] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 77.087163][ T3817] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 77.104772][ T3817] EXT4-fs (loop4): This should not happen!! Data will be lost [ 77.104772][ T3817] [ 77.105794][ T3776] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.124191][ T3776] device bridge_slave_1 entered promiscuous mode [ 77.131521][ T3802] F2FS-fs (loop6): Found nat_bits in checkpoint [ 77.136159][ T3817] EXT4-fs (loop4): Total free blocks count 0 [ 77.145278][ T3817] EXT4-fs (loop4): Free/Dirty block details [ 77.161730][ T3817] EXT4-fs (loop4): free_blocks=2415919104 [ 77.175333][ T3817] EXT4-fs (loop4): dirty_blocks=960 [ 77.182595][ T3802] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 77.193316][ T3802] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 77.201543][ T3817] EXT4-fs (loop4): Block reservation details [ 77.207780][ T3817] EXT4-fs (loop4): i_reserved_data_blocks=72 [ 77.338671][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 77.338688][ T28] audit: type=1400 audit(1746802124.019:671): avc: denied { lock } for pid=3801 comm="syz.6.1403" path="/231/file2/file1" dev="loop6" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 77.371810][ T764] syz-executor: attempt to access beyond end of device [ 77.371810][ T764] loop6: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 77.425904][ T3829] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 77.456803][ T3835] loop1: detected capacity change from 0 to 512 [ 77.484983][ T3776] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.492115][ T3776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.499539][ T3776] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.506592][ T3776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.572817][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.582285][ T3835] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 77.592944][ T28] audit: type=1400 audit(1746802124.269:672): avc: denied { validate_trans } for pid=3836 comm="syz.2.1416" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 77.646086][ T3835] ext4 filesystem being mounted at /251/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 77.659906][ T3835] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.1415: corrupted inode contents [ 77.672781][ T3835] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #2: comm syz.1.1415: mark_inode_dirty error [ 77.684623][ T3835] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.1415: corrupted inode contents [ 77.685010][ T3355] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.696668][ T3835] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.1415: mark_inode_dirty error [ 77.727884][ T28] audit: type=1326 audit(1746802124.399:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3842 comm="syz.6.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f80bd985927 code=0x7ffc0000 [ 77.752447][ T282] EXT4-fs (loop1): unmounting filesystem. [ 77.768454][ T3355] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.776635][ T28] audit: type=1326 audit(1746802124.399:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3842 comm="syz.6.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f80bd92ab39 code=0x7ffc0000 [ 77.811071][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.830102][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.834369][ T3850] SELinux: Context system_u:object_r:var_lib_t:s0 is not valid (left unmapped). [ 77.848001][ T3850] audit: audit_backlog=65 > audit_backlog_limit=64 [ 77.854542][ T3850] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 77.862299][ T3850] audit: backlog limit exceeded [ 77.867572][ T3355] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.874645][ T3355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.886529][ T28] audit: type=1326 audit(1746802124.399:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3842 comm="syz.6.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f80bd985927 code=0x7ffc0000 [ 77.891930][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.910676][ T28] audit: type=1326 audit(1746802124.399:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3842 comm="syz.6.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f80bd92ab39 code=0x7ffc0000 [ 77.941489][ T28] audit: type=1326 audit(1746802124.399:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3842 comm="syz.6.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f80bd985927 code=0x7ffc0000 [ 77.966631][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.976873][ T3355] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.983987][ T3355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.007818][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.025008][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.033711][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.042902][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.062370][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.082159][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.095020][ T3868] loop1: detected capacity change from 0 to 512 [ 78.104478][ T3776] device veth0_vlan entered promiscuous mode [ 78.121678][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.131295][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.156575][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.164534][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.169423][ T3868] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.1428: corrupted inode contents [ 78.189571][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.197783][ T3868] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #16: comm syz.1.1428: mark_inode_dirty error [ 78.200078][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.218429][ T3868] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.1428: corrupted inode contents [ 78.231178][ T3776] device veth1_macvtap entered promiscuous mode [ 78.246249][ T3868] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.1428: mark_inode_dirty error [ 78.262520][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.272607][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.282524][ T3868] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.1428: corrupted inode contents [ 78.297053][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.324298][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.332655][ T3868] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 78.359495][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.368211][ T3868] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.1428: corrupted inode contents [ 78.401199][ T3868] EXT4-fs error (device loop1): ext4_truncate:4313: inode #16: comm syz.1.1428: mark_inode_dirty error [ 78.442947][ T3868] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 78.474831][ T3868] EXT4-fs (loop1): 1 truncate cleaned up [ 78.488118][ T3355] EXT4-fs error (device loop1): ext4_release_dquot:6812: comm kworker/u4:144: Failed to release dquot type 1 [ 78.504270][ T3868] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 78.532874][ T3868] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.650442][ T3907] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1443'. [ 78.666905][ T282] EXT4-fs (loop1): unmounting filesystem. [ 78.792080][ T3923] loop2: detected capacity change from 0 to 128 [ 78.803954][ T3923] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 78.817566][ T3923] FAT-fs (loop2): error, corrupted file size (i_pos 548, 512) [ 78.825202][ T3923] FAT-fs (loop2): Filesystem has been set read-only [ 79.147621][ T19] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 79.157585][ T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 79.337619][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 79.344758][ T3928] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1452'. [ 79.354482][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.367441][ T6] usb 3-1: unable to get BOS descriptor or descriptor too short [ 79.375584][ T6] usb 3-1: no configurations [ 79.380267][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.390072][ T6] usb 3-1: can't read configurations, error -22 [ 79.396588][ T19] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 79.405841][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.414679][ T19] usb 2-1: config 0 descriptor?? [ 79.468960][ T3939] loop6: detected capacity change from 0 to 131072 [ 79.478624][ T3939] F2FS-fs (loop6): Found nat_bits in checkpoint [ 79.510099][ T3939] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 79.678487][ T3950] loop4: detected capacity change from 0 to 512 [ 79.685086][ T3950] EXT4-fs: Ignoring removed orlov option [ 79.694258][ T3950] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 79.712773][ T3950] EXT4-fs (loop4): 1 orphan inode deleted [ 79.718686][ T3950] EXT4-fs (loop4): 1 truncate cleaned up [ 79.724365][ T3950] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 79.734168][ T3954] 9pnet_virtio: no channels available for device syz [ 79.747271][ T3950] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 79.761876][ T3950] EXT4-fs (loop4): Remounting filesystem read-only [ 79.781687][ T288] EXT4-fs (loop4): unmounting filesystem. [ 79.864512][ T3964] syz.6.1467[3964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.864583][ T3964] syz.6.1467[3964] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.956771][ T3980] SELinux: Context system_u:object_r:systemd_logind_var_run_t:s0 is not valid (left unmapped). [ 80.012061][ T3984] input: syz1 as /devices/virtual/input/input15 [ 80.106280][ T3999] loop4: detected capacity change from 0 to 512 [ 80.112710][ T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 80.122853][ T3999] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 80.144881][ T288] EXT4-fs (loop4): unmounting filesystem. [ 80.248549][ T4026] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1495'. [ 80.309067][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.320128][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.330084][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 80.343137][ T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 80.352265][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.362789][ T24] usb 4-1: config 0 descriptor?? [ 80.433680][ T629] usb 2-1: USB disconnect, device number 6 [ 80.743847][ T4038] loop4: detected capacity change from 0 to 131072 [ 80.751493][ T4038] F2FS-fs (loop4): Test dummy encryption mode enabled [ 80.759275][ T4038] F2FS-fs (loop4): invalid crc value [ 80.766144][ T4038] F2FS-fs (loop4): Found nat_bits in checkpoint [ 80.771686][ T24] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 80.781323][ T24] plantronics 0003:047F:FFFF.0010: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 80.804949][ T4038] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 80.999252][ T4053] input: syz1 as /devices/virtual/input/input16 [ 81.058430][ T19] usb 4-1: USB disconnect, device number 8 [ 81.083759][ T4061] tmpfs: Unknown parameter 'context' [ 81.111945][ T4063] loop4: detected capacity change from 0 to 1024 [ 81.120138][ T4063] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 81.138299][ T4063] jbd2_journal_init_inode: Cannot locate journal superblock [ 81.145619][ T4063] EXT4-fs (loop4): Could not load journal inode [ 81.324019][ T4098] device sit0 entered promiscuous mode [ 81.331377][ T4098] netlink: 'syz.2.1526': attribute type 1 has an invalid length. [ 81.340409][ T4098] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1526'. [ 81.453075][ T4104] incfs: Options parsing error. -22 [ 81.458527][ T4104] incfs: mount failed -22 [ 81.595722][ T4051] loop1: detected capacity change from 0 to 131072 [ 81.605697][ T4051] F2FS-fs (loop1): invalid crc value [ 81.627713][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 81.640697][ T4051] F2FS-fs (loop1): Found nat_bits in checkpoint [ 81.692571][ T4051] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 81.750341][ T4133] loop2: detected capacity change from 0 to 512 [ 81.756929][ T4133] EXT4-fs: Ignoring removed mblk_io_submit option [ 81.763832][ T4133] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 81.773352][ T4133] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 81.781442][ T4133] System zones: 1-12 [ 81.786054][ T4133] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2186: inode #15: comm syz.2.1541: corrupted in-inode xattr [ 81.798642][ T4133] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1541: couldn't read orphan inode 15 (err -117) [ 81.812163][ T4133] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 81.827613][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 81.838239][ T287] EXT4-fs (loop2): unmounting filesystem. [ 81.847153][ T24] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 81.877310][ T24] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 81.891061][ T24] usb 5-1: config 0 interface 0 has no altsetting 0 [ 81.901156][ T24] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 81.918535][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.932686][ T24] usb 5-1: config 0 descriptor?? [ 82.102248][ T4157] loop2: detected capacity change from 0 to 512 [ 82.135588][ T4157] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 82.149130][ T4157] ext4 filesystem being mounted at /340/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.164587][ T4157] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.1553: corrupted inode contents [ 82.176863][ T4157] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #2: comm syz.2.1553: mark_inode_dirty error [ 82.189876][ T4157] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.1553: corrupted inode contents [ 82.203832][ T4157] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.1553: mark_inode_dirty error [ 82.226585][ T3356] Bluetooth: hci0: Frame reassembly failed (-84) [ 82.250935][ T287] EXT4-fs (loop2): unmounting filesystem. [ 82.293461][ T4173] loop1: detected capacity change from 0 to 512 [ 82.310996][ T4173] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 82.320015][ T4173] ext4 filesystem being mounted at /262/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.347209][ T24] hid (null): unknown global tag 0xd [ 82.352643][ T24] hid (null): unknown global tag 0xc [ 82.359679][ T24] hid (null): unknown global tag 0xc [ 82.374902][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.382451][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.390035][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.397552][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.404976][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.412799][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.418444][ T282] EXT4-fs (loop1): unmounting filesystem. [ 82.420286][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.433410][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.440847][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.448400][ T24] hid-generic 0003:060B:500A.0011: unknown main item tag 0x0 [ 82.455813][ T24] hid-generic 0003:060B:500A.0011: collection stack underflow [ 82.463429][ T24] hid-generic 0003:060B:500A.0011: item 0 0 0 12 parsing failed [ 82.471472][ T24] hid-generic: probe of 0003:060B:500A.0011 failed with error -22 [ 82.565100][ T19] usb 5-1: USB disconnect, device number 10 [ 82.623230][ T4183] loop1: detected capacity change from 0 to 40427 [ 82.631262][ T4183] F2FS-fs (loop1): invalid crc value [ 82.638727][ T4183] F2FS-fs (loop1): Found nat_bits in checkpoint [ 82.643823][ T4190] loop6: detected capacity change from 0 to 16 [ 82.652841][ T4190] erofs: (device loop6): mounted with root inode @ nid 36. [ 82.662479][ T28] kauditd_printk_skb: 80 callbacks suppressed [ 82.662494][ T28] audit: type=1400 audit(1746802129.339:757): avc: denied { read } for pid=4189 comm="syz.6.1563" name="file1" dev="loop6" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 82.691293][ T4183] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 82.727164][ T4183] syz.1.1561: attempt to access beyond end of device [ 82.727164][ T4183] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 82.749085][ T282] syz-executor: attempt to access beyond end of device [ 82.749085][ T282] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 83.098628][ T28] audit: type=1400 audit(1746802129.779:758): avc: denied { relabelfrom } for pid=4215 comm="syz.1.1575" name="NETLINK" dev="sockfs" ino=31712 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 83.133399][ T28] audit: type=1400 audit(1746802129.779:759): avc: denied { relabelto } for pid=4215 comm="syz.1.1575" name="NETLINK" dev="sockfs" ino=31712 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 83.187352][ T4225] overlayfs: missing 'lowerdir' [ 83.199493][ T4229] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000004 [ 83.228314][ T4233] loop2: detected capacity change from 0 to 512 [ 83.244078][ T4233] EXT4-fs: Ignoring removed orlov option [ 83.267204][ T4233] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 83.276335][ T4233] ext4 filesystem being mounted at /344/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.289238][ T28] audit: type=1400 audit(1746802129.969:760): avc: denied { connect } for pid=4247 comm="syz.6.1589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 83.317654][ T287] EXT4-fs (loop2): unmounting filesystem. [ 83.333705][ T28] audit: type=1400 audit(1746802129.999:761): avc: denied { setopt } for pid=4250 comm="syz.1.1590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 83.353548][ T28] audit: type=1400 audit(1746802129.999:762): avc: denied { bind } for pid=4250 comm="syz.1.1590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 83.373720][ T28] audit: type=1400 audit(1746802129.999:763): avc: denied { name_bind } for pid=4250 comm="syz.1.1590" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 83.395204][ T28] audit: type=1400 audit(1746802129.999:764): avc: denied { node_bind } for pid=4250 comm="syz.1.1590" saddr=fe80::aa src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 83.636001][ T4289] netlink: 74 bytes leftover after parsing attributes in process `syz.2.1616'. [ 83.677255][ T4293] loop2: detected capacity change from 0 to 1024 [ 83.701517][ T4293] EXT4-fs: Ignoring removed orlov option [ 83.714548][ T4293] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.729395][ T4293] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 83.817478][ T287] EXT4-fs (loop2): unmounting filesystem. [ 84.237678][ T6] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 84.257598][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 84.257741][ T1663] Bluetooth: hci0: command 0x1003 tx timeout [ 84.269965][ T4163] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 84.309719][ T28] audit: type=1400 audit(1746802130.989:765): avc: denied { write } for pid=4337 comm="syz.3.1625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 84.387619][ T629] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 84.428309][ T28] audit: type=1400 audit(1746802131.109:766): avc: denied { write } for pid=4344 comm="syz.3.1627" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 84.452410][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 84.476533][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.498980][ T6] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 84.517702][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.530971][ T4349] loop6: detected capacity change from 0 to 512 [ 84.539612][ T6] usb 2-1: config 0 descriptor?? [ 84.546018][ T4349] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 84.554911][ T4349] EXT4-fs (loop6): invalid journal inode [ 84.560819][ T4349] EXT4-fs (loop6): can't get journal size [ 84.567243][ T4349] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c118, mo2=0002] [ 84.575636][ T629] usb 5-1: Using ep0 maxpacket: 16 [ 84.581085][ T4349] System zones: 1-12, 13-13 [ 84.586996][ T4349] EXT4-fs (loop6): 1 truncate cleaned up [ 84.587175][ T4325] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1621'. [ 84.592756][ T4349] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 84.616964][ T764] EXT4-fs (loop6): unmounting filesystem. [ 84.623242][ T629] usb 5-1: unable to get BOS descriptor or descriptor too short [ 84.631438][ T629] usb 5-1: no configurations [ 84.641778][ T629] usb 5-1: can't read configurations, error -22 [ 84.978253][ T4383] loop3: detected capacity change from 0 to 256 [ 84.984768][ T4383] exfat: Deprecated parameter 'utf8' [ 84.990286][ T4383] exfat: Deprecated parameter 'namecase' [ 84.998968][ T4383] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d) [ 85.057833][ T3551] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 85.155849][ T6] usb 2-1: string descriptor 0 read error: -22 [ 85.247602][ T629] ================================================================== [ 85.255690][ T629] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480 [ 85.262723][ T629] Write of size 8 at addr ffff888113144a00 by task kworker/1:5/629 [ 85.270598][ T629] [ 85.272909][ T629] CPU: 1 PID: 629 Comm: kworker/1:5 Not tainted 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 85.282693][ T629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 85.292751][ T629] Workqueue: usb_hub_wq hub_event [ 85.297808][ T629] Call Trace: [ 85.301073][ T629] [ 85.303992][ T629] __dump_stack+0x21/0x24 [ 85.308317][ T629] dump_stack_lvl+0xee/0x150 [ 85.312901][ T629] ? __cfi_dump_stack_lvl+0x8/0x8 [ 85.317918][ T629] ? enqueue_timer+0xae/0x480 [ 85.322587][ T629] print_address_description+0x71/0x210 [ 85.328125][ T629] print_report+0x4a/0x60 [ 85.332445][ T629] kasan_report+0x122/0x150 [ 85.336943][ T629] ? enqueue_timer+0xae/0x480 [ 85.341616][ T629] __asan_report_store8_noabort+0x17/0x20 [ 85.347337][ T629] enqueue_timer+0xae/0x480 [ 85.351845][ T629] __mod_timer+0x79f/0xb30 [ 85.356272][ T629] schedule_timeout+0x127/0x2e0 [ 85.361115][ T629] ? __cfi_schedule_timeout+0x10/0x10 [ 85.366476][ T629] ? __cfi_process_timeout+0x10/0x10 [ 85.371752][ T629] ? __cfi__raw_spin_lock+0x10/0x10 [ 85.376955][ T629] ? _raw_spin_lock+0x8e/0xe0 [ 85.381626][ T629] wait_for_common+0x354/0x620 [ 85.386386][ T629] ? usb_hcd_giveback_urb+0x351/0x410 [ 85.391755][ T629] ? wait_for_completion+0x20/0x20 [ 85.396946][ T629] ? usb_submit_urb+0x122d/0x1900 [ 85.401961][ T629] wait_for_completion_timeout+0xe/0x10 [ 85.407500][ T629] usb_start_wait_urb+0x166/0x2f0 [ 85.412515][ T629] ? usb_api_blocking_completion+0xb0/0xb0 [ 85.418312][ T629] ? usb_alloc_urb+0x44/0x140 [ 85.422980][ T629] ? __kasan_check_write+0x14/0x20 [ 85.428085][ T629] usb_control_msg+0x241/0x3f0 [ 85.432840][ T629] hub_ext_port_status+0x100/0x6b0 [ 85.437944][ T629] hub_port_reset+0x652/0x16e0 [ 85.442704][ T629] hub_port_init+0x2ad/0x2880 [ 85.447375][ T629] ? __kasan_check_write+0x14/0x20 [ 85.452501][ T629] ? __cfi_mutex_unlock+0x10/0x10 [ 85.457524][ T629] ? _find_next_zero_bit+0x8d/0x140 [ 85.462719][ T629] hub_event+0x2643/0x4680 [ 85.467141][ T629] ? __cfi_hub_event+0x10/0x10 [ 85.471898][ T629] ? __kasan_check_write+0x14/0x20 [ 85.477015][ T629] ? _raw_spin_lock_irq+0x8f/0xe0 [ 85.482042][ T629] ? __kasan_check_read+0x11/0x20 [ 85.487063][ T629] ? read_word_at_a_time+0x12/0x20 [ 85.492168][ T629] ? strscpy+0x9b/0x290 [ 85.496316][ T629] process_one_work+0x71f/0xc40 [ 85.501159][ T629] worker_thread+0xa29/0x11f0 [ 85.505910][ T629] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 85.511367][ T629] kthread+0x281/0x320 [ 85.515423][ T629] ? __cfi_worker_thread+0x10/0x10 [ 85.520521][ T629] ? __cfi_kthread+0x10/0x10 [ 85.525101][ T629] ret_from_fork+0x1f/0x30 [ 85.529532][ T629] [ 85.532538][ T629] [ 85.534854][ T629] Allocated by task 4163: [ 85.539163][ T629] kasan_set_track+0x4b/0x70 [ 85.543741][ T629] kasan_save_alloc_info+0x25/0x30 [ 85.548854][ T629] __kasan_kmalloc+0x95/0xb0 [ 85.553432][ T629] __kmalloc+0xb1/0x1e0 [ 85.557584][ T629] hci_alloc_dev_priv+0x27/0x1bd0 [ 85.562604][ T629] hci_uart_tty_ioctl+0x3c8/0xa00 [ 85.567649][ T629] tty_ioctl+0x8ef/0xc60 [ 85.571879][ T629] __se_sys_ioctl+0x12f/0x1b0 [ 85.576726][ T629] __x64_sys_ioctl+0x7b/0x90 [ 85.581309][ T629] x64_sys_call+0x58b/0x9a0 [ 85.585810][ T629] do_syscall_64+0x4c/0xa0 [ 85.590248][ T629] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 85.596138][ T629] [ 85.598448][ T629] Freed by task 4163: [ 85.602408][ T629] kasan_set_track+0x4b/0x70 [ 85.606986][ T629] kasan_save_free_info+0x31/0x50 [ 85.612003][ T629] ____kasan_slab_free+0x132/0x180 [ 85.617103][ T629] __kasan_slab_free+0x11/0x20 [ 85.621872][ T629] slab_free_freelist_hook+0xc2/0x190 [ 85.627243][ T629] __kmem_cache_free+0xb7/0x1b0 [ 85.632174][ T629] kfree+0x6f/0xf0 [ 85.635898][ T629] hci_release_dev+0x13ad/0x1500 [ 85.640831][ T629] bt_host_release+0x82/0x90 [ 85.645524][ T629] device_release+0xa4/0x1d0 [ 85.650120][ T629] kobject_put+0x19d/0x280 [ 85.654552][ T629] put_device+0x1f/0x30 [ 85.658699][ T629] hci_dev_cmd+0x265/0x720 [ 85.663130][ T629] hci_sock_ioctl+0x41e/0x7f0 [ 85.667795][ T629] sock_do_ioctl+0x101/0x310 [ 85.672373][ T629] sock_ioctl+0x4d8/0x6e0 [ 85.676689][ T629] __se_sys_ioctl+0x12f/0x1b0 [ 85.681359][ T629] __x64_sys_ioctl+0x7b/0x90 [ 85.685967][ T629] x64_sys_call+0x58b/0x9a0 [ 85.690463][ T629] do_syscall_64+0x4c/0xa0 [ 85.694957][ T629] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 85.700844][ T629] [ 85.703156][ T629] Last potentially related work creation: [ 85.708852][ T629] kasan_save_stack+0x3a/0x60 [ 85.713602][ T629] __kasan_record_aux_stack+0xb6/0xc0 [ 85.719073][ T629] kasan_record_aux_stack_noalloc+0xb/0x10 [ 85.724889][ T629] insert_work+0x51/0x300 [ 85.729216][ T629] __queue_work+0x9b1/0xd30 [ 85.733713][ T629] queue_work_on+0xd2/0x140 [ 85.738208][ T629] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 85.743140][ T629] hci_cmd_sync_status+0x53/0x120 [ 85.748160][ T629] hci_dev_cmd+0x33b/0x720 [ 85.752568][ T629] hci_sock_ioctl+0x41e/0x7f0 [ 85.757233][ T629] sock_do_ioctl+0x101/0x310 [ 85.761812][ T629] sock_ioctl+0x4d8/0x6e0 [ 85.766131][ T629] __se_sys_ioctl+0x12f/0x1b0 [ 85.770800][ T629] __x64_sys_ioctl+0x7b/0x90 [ 85.775388][ T629] x64_sys_call+0x58b/0x9a0 [ 85.779878][ T629] do_syscall_64+0x4c/0xa0 [ 85.784376][ T629] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 85.790283][ T629] [ 85.792596][ T629] Second to last potentially related work creation: [ 85.799165][ T629] kasan_save_stack+0x3a/0x60 [ 85.803838][ T629] __kasan_record_aux_stack+0xb6/0xc0 [ 85.809230][ T629] kasan_record_aux_stack_noalloc+0xb/0x10 [ 85.815085][ T629] insert_work+0x51/0x300 [ 85.819455][ T629] __queue_work+0x9b1/0xd30 [ 85.823949][ T629] queue_work_on+0xd2/0x140 [ 85.828466][ T629] hci_cmd_timeout+0x191/0x200 [ 85.833225][ T629] process_one_work+0x71f/0xc40 [ 85.838062][ T629] worker_thread+0xa29/0x11f0 [ 85.842727][ T629] kthread+0x281/0x320 [ 85.846794][ T629] ret_from_fork+0x1f/0x30 [ 85.851213][ T629] [ 85.853528][ T629] The buggy address belongs to the object at ffff888113144000 [ 85.853528][ T629] which belongs to the cache kmalloc-8k of size 8192 [ 85.867575][ T629] The buggy address is located 2560 bytes inside of [ 85.867575][ T629] 8192-byte region [ffff888113144000, ffff888113146000) [ 85.881103][ T629] [ 85.883418][ T629] The buggy address belongs to the physical page: [ 85.889820][ T629] page:ffffea00044c5000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113140 [ 85.900055][ T629] head:ffffea00044c5000 order:3 compound_mapcount:0 compound_pincount:0 [ 85.908372][ T629] flags: 0x4000000000010200(slab|head|zone=1) [ 85.914471][ T629] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500 [ 85.923048][ T629] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 85.931617][ T629] page dumped because: kasan: bad access detected [ 85.938024][ T629] page_owner tracks the page as allocated [ 85.943724][ T629] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4163, tgid 4162 (syz.3.1555), ts 82225814691, free_ts 82225412417 [ 85.966382][ T629] post_alloc_hook+0x1f5/0x210 [ 85.971165][ T629] prep_new_page+0x1c/0x110 [ 85.975699][ T629] get_page_from_freelist+0x2c6e/0x2ce0 [ 85.981240][ T629] __alloc_pages+0x19e/0x3a0 [ 85.985852][ T629] alloc_slab_page+0x6e/0xf0 [ 85.990466][ T629] new_slab+0x98/0x3d0 [ 85.994534][ T629] ___slab_alloc+0x6f6/0xb50 [ 85.999126][ T629] __slab_alloc+0x5e/0xa0 [ 86.003459][ T629] __kmem_cache_alloc_node+0x203/0x2c0 [ 86.008932][ T629] __kmalloc+0xa1/0x1e0 [ 86.013088][ T629] hci_alloc_dev_priv+0x27/0x1bd0 [ 86.018112][ T629] hci_uart_tty_ioctl+0x3c8/0xa00 [ 86.023154][ T629] tty_ioctl+0x8ef/0xc60 [ 86.027474][ T629] __se_sys_ioctl+0x12f/0x1b0 [ 86.032148][ T629] __x64_sys_ioctl+0x7b/0x90 [ 86.036751][ T629] x64_sys_call+0x58b/0x9a0 [ 86.041263][ T629] page last free stack trace: [ 86.045922][ T629] free_unref_page_prepare+0x742/0x750 [ 86.051375][ T629] free_unref_page+0x8f/0x530 [ 86.056046][ T629] __free_pages+0x67/0x100 [ 86.060450][ T629] __free_slab+0xca/0x1a0 [ 86.064768][ T629] __unfreeze_partials+0x160/0x190 [ 86.069896][ T629] put_cpu_partial+0xa9/0x100 [ 86.074573][ T629] __slab_free+0x1c4/0x280 [ 86.078980][ T629] ___cache_free+0xbf/0xd0 [ 86.083391][ T629] qlist_free_all+0xc6/0x140 [ 86.087984][ T629] kasan_quarantine_reduce+0x14a/0x170 [ 86.093457][ T629] __kasan_slab_alloc+0x24/0x80 [ 86.098324][ T629] slab_post_alloc_hook+0x4f/0x2d0 [ 86.103427][ T629] kmem_cache_alloc+0x16e/0x330 [ 86.108284][ T629] jbd2__journal_start+0x13d/0x6e0 [ 86.113476][ T629] __ext4_journal_start_sb+0x242/0x4a0 [ 86.118927][ T629] ext4_dirty_inode+0x8f/0x100 [ 86.123680][ T629] [ 86.126005][ T629] Memory state around the buggy address: [ 86.131618][ T629] ffff888113144900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.139663][ T629] ffff888113144980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.147739][ T629] >ffff888113144a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.155799][ T629] ^ [ 86.159847][ T629] ffff888113144a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.167893][ T629] ffff888113144b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.175952][ T629] ================================================================== [ 86.183994][ T629] Disabling lock debugging due to kernel taint [ 86.191872][ T3551] usb 7-1: Using ep0 maxpacket: 32 SYZFAIL: failed to send rpc fd=3 want=14376 sent=0 n=-1 (errno 32: Broken pipe) [ 86.210947][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0012/input/input17 [ 86.284900][ T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0012/input/input18 [ 86.327606][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 86.339361][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 86.347785][ C1] CPU: 1 PID: 4366 Comm: syz.6.1638 Tainted: G B 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 86.348946][ T6] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0012/input/input19 [ 86.359078][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 86.359096][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 86.386894][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 30 7d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 6c 20 6d 00 49 8b 7d 00 e8 13 79 [ 86.406519][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 86.412616][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888111268000 [ 86.420608][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 86.428786][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 86.436782][ C1] R10: ffffed1022628939 R11: 1ffff11022628939 R12: dffffc0000000000 [ 86.439740][ T6] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0012/input/input20 [ 86.444859][ C1] R13: 0000000000000000 R14: ffff8881131449c8 R15: 0000000000000008 [ 86.444881][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 86.473593][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.480198][ C1] CR2: 00007ffd27f1fffc CR3: 0000000006e0f000 CR4: 00000000003506a0 [ 86.488207][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.496201][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.504207][ C1] Call Trace: [ 86.507510][ C1] [ 86.510367][ C1] delayed_work_timer_fn+0x61/0x80 [ 86.515501][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 86.521330][ C1] call_timer_fn+0x46/0x2a0 [ 86.525853][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 86.527899][ T6] uclogic 0003:256C:006D.0012: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 86.531674][ C1] __run_timers+0x667/0x9a0 [ 86.548677][ C1] ? calc_index+0x200/0x200 [ 86.553212][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 86.558436][ C1] run_timer_softirq+0x6a/0xf0 [ 86.563209][ C1] handle_softirqs+0x1d7/0x600 [ 86.568001][ C1] __irq_exit_rcu+0x52/0xf0 [ 86.572508][ C1] irq_exit_rcu+0x9/0x10 [ 86.576771][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 86.582404][ C1] [ 86.585331][ C1] [ 86.588369][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 86.594409][ C1] RIP: 0010:memset_erms+0x9/0x10 [ 86.599352][ C1] Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 [ 86.618959][ C1] RSP: 0018:ffffc90004d376d8 EFLAGS: 00010207 [ 86.625024][ C1] RAX: dffffc00000000f8 RBX: fffff5200229d400 RCX: 0000000000004440 [ 86.632988][ C1] RDX: 0000000000080000 RSI: 00000000000000f8 RDI: fffff52002318fc0 [ 86.640966][ C1] RBP: ffffc90004d376f0 R08: 0000000000000004 R09: fffff5200229d400 [ 86.648940][ C1] R10: fffff520009a6ed0 R11: 1ffff920009a6ed0 R12: ffff888112e54b88 [ 86.656934][ C1] R13: dffffc0000000000 R14: 00000000003fffff R15: 0000000000400000 [ 86.664923][ C1] ? __kasan_poison_vmalloc+0x70/0x80 [ 86.670321][ C1] __vunmap+0x2b3/0xb70 [ 86.674481][ C1] ? __kasan_check_write+0x14/0x20 [ 86.679594][ C1] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 86.685487][ C1] ? vunmap+0x60/0x60 [ 86.689472][ C1] ? __cfi_ida_free+0x10/0x10 [ 86.694149][ C1] vfree+0x61/0x90 [ 86.697873][ C1] kcov_close+0x2b/0x50 [ 86.702030][ C1] ? __cfi_kcov_close+0x10/0x10 [ 86.706881][ C1] __fput+0x1fc/0x8f0 [ 86.710865][ C1] ____fput+0x15/0x20 [ 86.714842][ C1] task_work_run+0x1db/0x240 [ 86.719439][ C1] ? __cfi_task_work_run+0x10/0x10 [ 86.724552][ C1] ? free_nsproxy+0x21f/0x270 [ 86.729233][ C1] do_exit+0xa1d/0x2650 [ 86.733392][ C1] ? remove_hrtimer+0x137/0x280 [ 86.738244][ C1] ? __cfi_do_exit+0x10/0x10 [ 86.742838][ C1] ? hrtimer_try_to_cancel+0x307/0x320 [ 86.748297][ C1] ? __kasan_check_write+0x14/0x20 [ 86.753419][ C1] ? _raw_spin_lock_irq+0x8f/0xe0 [ 86.758446][ C1] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 86.763997][ C1] do_group_exit+0x210/0x2d0 [ 86.768595][ C1] ? __kasan_check_write+0x14/0x20 [ 86.773746][ C1] get_signal+0x13b5/0x1520 [ 86.778260][ C1] arch_do_signal_or_restart+0xb0/0x1030 [ 86.783898][ C1] ? do_futex+0x2dc/0x420 [ 86.788232][ C1] ? _copy_from_user+0x8f/0xc0 [ 86.793001][ C1] ? __cfi_do_futex+0x10/0x10 [ 86.797681][ C1] ? lock_vma_under_rcu+0x3eb/0x4d0 [ 86.802889][ C1] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 86.809127][ C1] ? __se_sys_futex+0x273/0x2e0 [ 86.813989][ C1] ? do_user_addr_fault+0x9ac/0x1050 [ 86.819284][ C1] exit_to_user_mode_loop+0x7a/0xb0 [ 86.824480][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 86.829937][ C1] syscall_exit_to_user_mode+0x1a/0x30 [ 86.835420][ C1] do_syscall_64+0x58/0xa0 [ 86.839842][ C1] ? clear_bhb_loop+0x15/0x70 [ 86.844517][ C1] ? clear_bhb_loop+0x15/0x70 [ 86.849199][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 86.855104][ C1] RIP: 0033:0x7f80bd98e969 [ 86.859541][ C1] Code: Unable to access opcode bytes at 0x7f80bd98e93f. [ 86.866552][ C1] RSP: 002b:00007ffd619921f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 86.874961][ C1] RAX: fffffffffffffdfc RBX: 0000000000014b04 RCX: 00007f80bd98e969 [ 86.882928][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f80bdbb5fac [ 86.890893][ C1] RBP: 0000000000000bea R08: 002bc65de170d4fc R09: 00000001619924ef [ 86.898859][ C1] R10: 00007ffd619922f0 R11: 0000000000000246 R12: 00007f80bdbb5fac [ 86.906846][ C1] R13: 00007ffd619922f0 R14: 00000000000156ee R15: 00007ffd61992310 [ 86.914821][ C1] [ 86.917844][ C1] Modules linked in: [ 86.921748][ C1] ---[ end trace 0000000000000000 ]--- [ 86.927199][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 86.932490][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 30 7d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 6c 20 6d 00 49 8b 7d 00 e8 13 79 [ 86.952180][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 86.958342][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888111268000 [ 86.966338][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 86.974305][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 86.982448][ C1] R10: ffffed1022628939 R11: 1ffff11022628939 R12: dffffc0000000000 [ 86.990417][ C1] R13: 0000000000000000 R14: ffff8881131449c8 R15: 0000000000000008 [ 86.998471][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 87.007403][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.013983][ C1] CR2: 00007ffd27f1fffc CR3: 0000000006e0f000 CR4: 00000000003506a0 [ 87.021953][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 87.029921][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 87.037990][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 87.045490][ C1] Kernel Offset: disabled [ 87.049807][ C1] Rebooting in 86400 seconds..