last executing test programs: 1m22.500343235s ago: executing program 1 (id=353): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000118110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) setitimer(0x2, 0x0, 0x0) 1m22.457610255s ago: executing program 1 (id=356): write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x7ff, 0x9c}}, 0x28) r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x3) 1m22.431593745s ago: executing program 1 (id=360): unshare(0x8040480) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) sendmsg$inet(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000a40)="85534d815c5940a49597fc2d2ad3c8f17a8ef5dc8d3655d5e8768de851991b2f4fc1e713e5a85fcd5667f1d39fd4f53e1674c69bdb4b14166057a1b45aad29f42cc3f465bee7cd933ce6c61c3efd6074755d9d453e04f5349868b1a0b3739ea210b414812d53e901f10e11ea3399b7a47704451611a0769d1a864740b902e2047781b2cdd1220377039247fc50a82752d0b776b82772fc408d14839c7a190fed90413a7c1a15eb104b907081008480353085d57a5ea0bf3f3ba0dd4fe19b040064e344f0f153e51aa2060a1f8bd7ccb9bfdd8ee5cd4d99a06108470dfac33a39a5da6a6cc11218f2503c5614ac0d0e1fba8aff802162958819efca972d01e5bf7d", 0x101}], 0x1}, 0x4800) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000002cc0)={&(0x7f0000000b40), 0x0, 0x0, 0x0, 0x1, r0}, 0x38) 1m22.380871166s ago: executing program 1 (id=363): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) rename(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000800)='./file0\x00') 1m22.357135426s ago: executing program 1 (id=365): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_getnetconf={0x14, 0x52, 0x311}, 0x14}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) read(r0, &(0x7f00000004c0)=""/4093, 0xffd) 1m22.277583657s ago: executing program 1 (id=368): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000001c0)='locks_get_lock_context\x00', r0}, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)) 1m22.167834509s ago: executing program 32 (id=368): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000001c0)='locks_get_lock_context\x00', r0}, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)) 41.478434414s ago: executing program 5 (id=1694): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000070000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0x8ff, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 41.428483215s ago: executing program 5 (id=1695): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"]) 41.314563416s ago: executing program 5 (id=1698): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r0, 0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000004c0)='%pK \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f088a8", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 41.252426077s ago: executing program 5 (id=1699): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x81c00a, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c6e6f6e756d7461696c3d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c756e695f786c6174653d302c666c7573682c757466383d302c726f6469722c747a3d5554432c00e696e27e745267d0e7f7d60cf64c4d116172285e0a94b37c3f04b4e454913b1615b6c103a4be033c3f79c81a7a0dc9f3282eb2b984b8df829f11f7b15ceaa2ddb341548691e92d41d923144fa5f6aa8b37c7698e74a04d87cb16f3c338160646d1719f9aa1097cb78032fa4c9c60c14840662537510c0ac9f95a646f5231c0c9eb096b898803099b3050797137354ed2fb2a3dd97ad790f0758b4561eb7180b4b366c9ac840ca3d57727827ab961af0bb24ac6b14796d3bedfa4addb1c2f59217a563ca0a3729d45669905a6f0f3dbf3fd22ab36dfe7cf80913ecb4656ca"], 0x6, 0x2cf, &(0x7f0000002080)="$eJzs3T9rJGUYAPBnNrN//AO7hZUIDmhhdVyutdlD7kBM5bGFWmjw7kCyi3AHAUUcrxI7v4CfQBD8DrY2dpaCH8DyhIORmZ3ZP8nsJpFsxMvv1+TJvO8z7zMzL8mkyLOfvDY7up/Fwydf/RGDQRKdcYzjaRKj6ETjm1gz/j4AgP+zp0URfxVzLcO/f7chL4mIwY5rAwB244zf/7V0Gf58JWUBADt074MP37t9cHDn/SwbxN3Zt8eT8i/78ut8/PbD+Cym8SBuxjCeRVQvCt2o3hbK8G5RFHmalUbx5iw/npSZs49/rc//y8t1sB/DGFXR4m2jyn/34M5+NreSn5d1vFivPy7XvxXDeGWRvJZ/qyU/Jr14642V+m/EMH77ND6Padyviljmf72fZe+UrzgfleWV+Ul+POlX85aKvWbx/AqfDwAAAAAAAAAAAAAAAAAAAAAAz6cbde+cflT9e8pDdf+dvWflN93IGqP1/jzz/KQ50Wp/oKIo8iJ+aPrr3MyyrKgnLvPTeDVdbSwIAAAAAAAAAAAAAAAAAAAA19fjL748OpxOHzy6lKDpBpBGxN/3Iv7tecYrR16P7ZP79ZqH02mnDtfnpKtHYq+Zk0RsLSPSRTODS7s/G4IXTtVcBz/+1JbVW39waazMGZy9aLd9rcsMmt11dJhE65z+oubBfJNUjSCWc3pxzrV6m4aKuMj267UODbdllXv99HleqoJ8w50vg0i2Ffb2n/M7Vx9JTl5Fr7qrrendOoi2wqq90f4sTgQxmKef/lmR6NYBAAAAAAAAAAAAAAAAAAA7tfzv35bBJ1tTO0V/Z2UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJVafv7/BYK8Tj7H5F48evwfXyIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADXwD8BAAD//2T0YAU=") creat(&(0x7f0000000100)='./bus\x00', 0x44) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x301400, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 41.05228404s ago: executing program 5 (id=1702): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000000)) 40.963934811s ago: executing program 5 (id=1704): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000007b00000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="019b1d35eb66c40f13002f"], 0x34}}, 0x0) 40.953087571s ago: executing program 33 (id=1704): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000007b00000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="019b1d35eb66c40f13002f"], 0x34}}, 0x0) 24.842703489s ago: executing program 4 (id=2107): r0 = io_uring_setup(0x4a00, &(0x7f0000000440)={0x0, 0x0, 0x40, 0x0, 0x198}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r1, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x17, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x20}, 0x1) 24.7959s ago: executing program 4 (id=2109): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f00000011c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x3, [@var={0x1, 0x0, 0x0, 0xe, 0x5}]}, {0x0, [0x5f]}}, &(0x7f0000001280)=""/231, 0x2b, 0xe7, 0x1, 0x0, 0x0, @void, @value}, 0x28) 24.79332586s ago: executing program 4 (id=2111): syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file3\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbcf, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRqu1bKteuZRSt4eqlGJD6VpykalNoXZx6aWHQnstWEgrI7T+QFJxJeuwav+B0vZcyCWQxCT4EJ99SUiuuST2NSGHgAmKlUAIicLsh7TRamU53vUo8u8Hr+Z955nV+zw77M68sLsBPLdGsz9pxImIuJxElJr704go1ntDEbXGcetrK1Ofra1MJbGx8ZePk0gi4tHaylTrfyXN7dHmYCgi3vl9Et//V+e8C0vLc5PVamW+OT69ePXG6YWl5V/NXp28UrlSuTZ+9jcTZybOjp2b6Fmtn79/4e6nP/vjh7UvXv7y9if/fTGJCzHcjLXX0SujMbr5nLQrRMRkryfLyUCznvY6k8JjHpT2OSkAALpK2+7hfhilGIitm7dSvPFurskBAAAAPbExELEBAAAAHHCJ9T8AAAAccK3PATxaW5lqtXw/kfBsPbwYESON+tebrREpRK2+HYrBiDjyKIn2r7UmjYc9tdGI+ODBudeyFn36HvJuaqsR8aOdzn9Sr3+k/i3uzvrTiBjrwfyj28bfpfov9GD+vOsH4Pl072LjQtZ5/Us3739ih+tfYYdr17eR9/Wvdf+33nH/t1X/QJf7vz/vcY5bL/3/ZrdYVv9v7/7h1VbL5s+2T1XUE3i4GvHjwk71J5v1J13qv7zHOUpf3ax0i+Vd/8YLESdj5/pbkt1/n+j0zGy1Mtb4G3HnJx1zrL498Uq3+fOuPzv/R7rU3/r9p27n/8Ye5/jbpUt3OnY+2Op21D/dfmD6UTH5a71XbO75x+Ti4vx4RDH5U+f+M1uPHNwhl9Yxrf+R1X/q57u//neqP3tPqDWfh2wtsNrcZuN/bpvzd7dvvd7sFrfn01r/5Xn+p7uc//b63yp0nv9/73GOX7z5n1PdYu3r36xl87fWwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQkkbEcCRpebOfpuVyxNGI+EEcSavXFxZ/OXP979ems1jESAymM7PVylhElBrjJBuP1/tb4zPbxr+OiOMR8b/S4fq4PHW9Op138QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGw6GhHDkaTliEgjYr2UpuVy3lkBAAAAPTeSdwIAAABA31n/AwAAwMFn/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECfHf/pvftJRNTOH663TLEZG8w1M6Df0rwTAHIzkHcCQG4KeScA5OYJ1/huF+AASh4TH+oaOdTzXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYv06euHc/iYja+cP1lik2Y4O5Zgb0W5p3AkBuBnYLFp5dHsCz5yUOzy9rfCB5THxo65jaNyOH+pYTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPvPcL0laTkiis195XLE9yJiJAaTmdlqZSwijkXEe6XBQ9l4POecAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6L2FpeW5yWq1Mp910mh2NvfobHWSxjNW6wwd2ycZ6jxRpxj7Io192sn7nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDwsLC3PTVarlfmFvDMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8rawtDw3Wa1W5vvYybtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy83UAAAD//zpOCZs=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000700, r2, &(0x7f00000001c0)) 24.727710391s ago: executing program 4 (id=2117): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000640)='./file2\x00', 0x10050, &(0x7f00000000c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}]}, 0x3, 0x51e, &(0x7f0000000680)="$eJzs3dFrJHcdAPDvTLLX5C41qfqgBWuxlUvV2ySN1wYfqoLoU0Gt+HrGZBNCNtkj2bSXUGyKf4AgogVf9MkXwT9AkL74LkJB30VFkXrVB4X2RmZ29u6y2U1yuJuB5POBX3Z+M7Pz/f427G9/v51hJ4BL6+mImI2IsYh4LiKmy/VpWeKwU/L93rv7+kpeksiyV95NIinXdY/1WPl4rXzaRER882sR302Ox93dP9hcbjYbO2V9rr2VvJ9lBzc2tpbXG+uN7cXFhReWXly6uTQ/lHbORMRLX/nrj3/wi6++9JvPvfanW3+f/V6e1n+z7I3oaccwdZpeK16LrvGI2BlFsIqMFy3suFlxLgAAnCwf7384Ij5VjP+nY6wYzQEAAAAXSfbFqXg/icgAAACACyuNiKlI0np5ve9UpGm93rmG96NxNW22dtufXWvtba/m2yJmopaubTQb8+W1AzNRS/L6QnmNbbf+fE99MSKeiIgfTU8W9fpKq7la9ZcfAAAAcElc65n//3u6M/8vHFacHAAAADA8M1UnAAAAAIyc+T8AAABcfOb/AAAAcKF9/eWX85J173+9+ur+3mbr1Rurjd3N+tbeSn2ltXO7vt5qrRe/2bd12vGardbtz8f23p25dmO3Pbe7f3Brq7W33b61ceQW2AAAAMA5euKTb/8xiYjDL0wWJXel3FaLyMYe3nm8igyBUUkfZee/jC4P4Pw9/Pk+WWEewPkzpIfLq1Z1AkDlklO2D7x453fDzwUAABiN6x8ffP7/3bVKUwNGrDz/n5w2/wcunrGqEwAq0zn/dy/rqDob4DzVThoBmBTAhZcO5/z/KZcSJjoUAACo2FRRkrRezgOmIk3r9YjHi9sC1JK1jWZjPiI+FBF/mK49ltcXimcmRvMAAAAAAAAAAAAAAAAAAAAAAAAAcEZZlkQGAAAAXGgR6d+6d+a6Pv3sVO/3A1eS/0wXjxHx2k9f+cmd5XZ7ZyFf/8/769tvleufr+IbDAAAAKBXd57enccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDC9d/f1lW45z7j/+HJEzPSLPx4TxeNE1CLi6r+SGH/oeUlEjA0h/uGbEfGxfvGTPK2YKbM4Ev9KRBoRk8OK3/f1PyF+dOJfG0J8uMzezvufL/V7/6XxdPHY//03Xpb/1+D+L73f/40N6P8eH3TQ2tHqk+/8am5g/Dcjnhzv3/904yf58frEf+aMbfzOtw4OBm3Lfh5xvV//lxyNNdfeuj23u39wY2Nreb2x3theXFx4YenFpZtL83NrG81G+bdvjB9+4tf3HtQ+ONb+qyf0v0X7B7z+z56x/R+8c+fuRzqLPf+ZqMXPsmz2mf7//8JnjsfvfvZ9utwrr+evYfrWt/vGf+qXv39qUG55+1cHtH/ilPbPnrH9z33j+38+464AwDnY3T/YXG42GzsWLDzCQj7urDyNJJI4vmm5+sQ6C2+U77HlZvfdNqQj/7acHI0y+Yr6IwAAYHQeDPp7tyTVJAQAAAAAAAAAAAAAAAAAAACX0Kk/AzZoUxoRZ/w5sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//0mN1e4=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') lstat(&(0x7f0000000040)='./file2\x00', 0x0) lstat(&(0x7f0000000180)='./file3\x00', 0x0) 24.483932714s ago: executing program 4 (id=2121): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 24.406828985s ago: executing program 4 (id=2124): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea4, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) get_robust_list(0x0, &(0x7f0000000580)=0x0, &(0x7f00000005c0)) 24.356666936s ago: executing program 34 (id=2124): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea4, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) get_robust_list(0x0, &(0x7f0000000580)=0x0, &(0x7f00000005c0)) 17.595236713s ago: executing program 2 (id=2288): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000480)={0x30, r1, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117, 0x56}, @val={0x8}, @val={0xc, 0x99, {0x2, 0x77}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0) 17.575670663s ago: executing program 2 (id=2290): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ff7fffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='sys_enter\x00', r1}, 0x10) capset(0x0, 0x0) 17.512664343s ago: executing program 2 (id=2293): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x7000000) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0xffffb9e3, 0x5}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x100000) 17.502806824s ago: executing program 2 (id=2295): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000640)='./file2\x00', 0x10050, &(0x7f00000000c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}]}, 0x3, 0x51e, &(0x7f0000000680)="$eJzs3dFrJHcdAPDvTLLX5C41qfqgBWuxlUvV2ySN1wYfqoLoU0Gt+HrGZBNCNtkj2bSXUGyKf4AgogVf9MkXwT9AkL74LkJB30VFkXrVB4X2RmZ29u6y2U1yuJuB5POBX3Z+M7Pz/f427G9/v51hJ4BL6+mImI2IsYh4LiKmy/VpWeKwU/L93rv7+kpeksiyV95NIinXdY/1WPl4rXzaRER882sR302Ox93dP9hcbjYbO2V9rr2VvJ9lBzc2tpbXG+uN7cXFhReWXly6uTQ/lHbORMRLX/nrj3/wi6++9JvPvfanW3+f/V6e1n+z7I3oaccwdZpeK16LrvGI2BlFsIqMFy3suFlxLgAAnCwf7384Ij5VjP+nY6wYzQEAAAAXSfbFqXg/icgAAACACyuNiKlI0np5ve9UpGm93rmG96NxNW22dtufXWvtba/m2yJmopaubTQb8+W1AzNRS/L6QnmNbbf+fE99MSKeiIgfTU8W9fpKq7la9ZcfAAAAcElc65n//3u6M/8vHFacHAAAADA8M1UnAAAAAIyc+T8AAABcfOb/AAAAcKF9/eWX85J173+9+ur+3mbr1Rurjd3N+tbeSn2ltXO7vt5qrRe/2bd12vGardbtz8f23p25dmO3Pbe7f3Brq7W33b61ceQW2AAAAMA5euKTb/8xiYjDL0wWJXel3FaLyMYe3nm8igyBUUkfZee/jC4P4Pw9/Pk+WWEewPkzpIfLq1Z1AkDlklO2D7x453fDzwUAABiN6x8ffP7/3bVKUwNGrDz/n5w2/wcunrGqEwAq0zn/dy/rqDob4DzVThoBmBTAhZcO5/z/KZcSJjoUAACo2FRRkrRezgOmIk3r9YjHi9sC1JK1jWZjPiI+FBF/mK49ltcXimcmRvMAAAAAAAAAAAAAAAAAAAAAAAAAcEZZlkQGAAAAXGgR6d+6d+a6Pv3sVO/3A1eS/0wXjxHx2k9f+cmd5XZ7ZyFf/8/769tvleufr+IbDAAAAKBXd57enccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDC9d/f1lW45z7j/+HJEzPSLPx4TxeNE1CLi6r+SGH/oeUlEjA0h/uGbEfGxfvGTPK2YKbM4Ev9KRBoRk8OK3/f1PyF+dOJfG0J8uMzezvufL/V7/6XxdPHY//03Xpb/1+D+L73f/40N6P8eH3TQ2tHqk+/8am5g/Dcjnhzv3/904yf58frEf+aMbfzOtw4OBm3Lfh5xvV//lxyNNdfeuj23u39wY2Nreb2x3theXFx4YenFpZtL83NrG81G+bdvjB9+4tf3HtQ+ONb+qyf0v0X7B7z+z56x/R+8c+fuRzqLPf+ZqMXPsmz2mf7//8JnjsfvfvZ9utwrr+evYfrWt/vGf+qXv39qUG55+1cHtH/ilPbPnrH9z33j+38+464AwDnY3T/YXG42GzsWLDzCQj7urDyNJJI4vmm5+sQ6C2+U77HlZvfdNqQj/7acHI0y+Yr6IwAAYHQeDPp7tyTVJAQAAAAAAAAAAAAAAAAAAACX0Kk/AzZoUxoRZ/w5sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//0mN1e4=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') lstat(&(0x7f0000000040)='./file2\x00', 0x0) lstat(&(0x7f0000000180)='./file3\x00', 0x0) 17.223149308s ago: executing program 2 (id=2306): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000280)=0xfffffffa, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000002c0)=0x1, 0x4) write(r0, &(0x7f0000000340)="91", 0x1) syz_clone(0x40200400, 0x0, 0x0, 0x0, 0x0, 0x0) 17.03190118s ago: executing program 2 (id=2311): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000180)=""/165) 16.986489491s ago: executing program 35 (id=2311): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000180)=""/165) 4.003100379s ago: executing program 7 (id=2824): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="150000006bffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 3.944130459s ago: executing program 7 (id=2825): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mprotect(&(0x7f00006f0000/0x4000)=nil, 0x4000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 3.938172519s ago: executing program 7 (id=2827): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$sock_bt_hci(r0, 0x400448e1, &(0x7f0000000040)) 1.214286494s ago: executing program 7 (id=2888): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000000a0000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r3, &(0x7f0000001600), &(0x7f0000000300)=@tcp6=r0, 0x2}, 0x20) 1.188134185s ago: executing program 7 (id=2889): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0a000000070000000300000001"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) mount$incfs(&(0x7f0000000b40)='./file0\x00', &(0x7f0000000b80)='.\x00', &(0x7f0000000bc0), 0x1, &(0x7f0000000c00)={[], [{@obj_type={'obj_type', 0x3d, '\x00'}}]}) 1.186561255s ago: executing program 6 (id=2890): syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbff, {{@in=@rand_addr=0x400, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in=@empty, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e000006a001c000000000000000000000008000000", @ANYRES64=r1], 0x38}, 0x0) 1.104100876s ago: executing program 7 (id=2893): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x6cb, 0x73f6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000d00)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="200205"], 0x0, 0x0, 0x0, 0x0}, 0x0) 710.613791ms ago: executing program 3 (id=2917): io_setup(0x9, &(0x7f0000000080)=0x0) r1 = epoll_create1(0x0) r2 = eventfd2(0xffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000b80)={0xa0001011}) io_submit(r0, 0x1, &(0x7f0000000940)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, r2, 0x0, 0x0, 0xde, 0x0, 0x1, r2}]) 659.542852ms ago: executing program 6 (id=2919): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@delneigh={0x24, 0x1d, 0x10, 0x70bd2d, 0x25dfdbfd, {0x7, 0x0, 0x0, 0x0, 0x1, 0x11, 0x8}, [@NDA_NH_ID={0x8, 0xd, 0x101}]}, 0x24}, 0x1, 0x0, 0x0, 0x24048094}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000200001032abd7000ffdbdf250a"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x4000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) 623.997302ms ago: executing program 6 (id=2921): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10) io_setup(0x3, &(0x7f0000000340)) 594.605982ms ago: executing program 3 (id=2922): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@nouid32}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x80000000) 594.492173ms ago: executing program 3 (id=2923): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x30) 594.165682ms ago: executing program 3 (id=2924): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0xff, 0x7ffc0001}]}) 538.401163ms ago: executing program 3 (id=2926): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xadf9e01e72382fda, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r2, @ANYBLOB="0100000000000000000001000000060006000300000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) 527.737173ms ago: executing program 3 (id=2927): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)=0x3) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 525.457423ms ago: executing program 8 (id=2928): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 512.333813ms ago: executing program 6 (id=2929): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file7\x00', 0x21c0, 0x103) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file7\x00', r0, &(0x7f0000000400)='./file4\x00', 0x5) 504.568034ms ago: executing program 8 (id=2930): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000004000000070000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 480.130023ms ago: executing program 6 (id=2931): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) nanosleep(&(0x7f0000000200), 0x0) 452.304674ms ago: executing program 6 (id=2932): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1) 438.918224ms ago: executing program 8 (id=2933): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file4\x00', 0x1018000, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000880)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file4'}}, {@upperdir={'upperdir', 0x3d, './file4'}}], [], 0x2c}) 364.046935ms ago: executing program 8 (id=2934): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_NESTED_STATE(r3, 0xc080aebe, 0x0) 342.224365ms ago: executing program 8 (id=2937): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002600)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) setresuid(0xee01, 0xffffffffffffffff, 0x0) 326.113346ms ago: executing program 8 (id=2939): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = gettid() sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='Q', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x160) 124.090758ms ago: executing program 0 (id=2943): timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) unshare(0x64000600) 123.934689ms ago: executing program 0 (id=2944): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002580)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x38}}, 0x0) 123.779018ms ago: executing program 0 (id=2945): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0) fsync(r0) 111.861189ms ago: executing program 0 (id=2946): r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) unshare(0x60000480) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000001800e70202000000250c00000a800000ff030006"], 0x1c}}, 0x0) 53.964679ms ago: executing program 0 (id=2947): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000001e0000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800040000000000050017"], 0x44}}, 0x0) 0s ago: executing program 0 (id=2948): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r2) kernel console output (not intermixed with test programs): system being mounted at /209/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 70.435204][ T3787] netlink: 'syz.3.1490': attribute type 19 has an invalid length. [ 70.436431][ T3781] EXT4-fs warning (device loop5): verify_group_input:151: Cannot add at group 5 (only 1 groups) [ 70.443219][ T3787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1490'. [ 70.476931][ T1147] EXT4-fs (loop5): unmounting filesystem. [ 70.595512][ T3807] loop3: detected capacity change from 0 to 512 [ 70.611181][ T3807] EXT4-fs (loop3): corrupt root inode, run e2fsck [ 70.627617][ T3807] EXT4-fs (loop3): mount failed [ 70.639425][ T3811] loop5: detected capacity change from 0 to 128 [ 70.657500][ T3811] syz.5.1500: attempt to access beyond end of device [ 70.657500][ T3811] loop5: rw=2049, sector=145, nr_sectors = 760 limit=128 [ 70.718204][ T28] kauditd_printk_skb: 137 callbacks suppressed [ 70.718221][ T28] audit: type=1400 audit(1746175819.550:594): avc: denied { setopt } for pid=3814 comm="syz.3.1502" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 70.750760][ T3822] loop4: detected capacity change from 0 to 512 [ 70.764100][ T28] audit: type=1400 audit(1746175819.580:595): avc: denied { read } for pid=3814 comm="syz.3.1502" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 70.796161][ T3822] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 70.806106][ T3822] ext4 filesystem being mounted at /321/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.827649][ T3822] EXT4-fs (loop4): unmounting filesystem. [ 70.859896][ T3833] loop4: detected capacity change from 0 to 256 [ 70.876962][ T3833] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 70.900217][ T28] audit: type=1400 audit(1746175819.730:596): avc: denied { getopt } for pid=3836 comm="syz.5.1511" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 70.930485][ T3843] input: syz1 as /devices/virtual/input/input21 [ 70.937214][ T28] audit: type=1400 audit(1746175819.760:597): avc: denied { write } for pid=3832 comm="syz.4.1509" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 70.974110][ T28] audit: type=1400 audit(1746175819.760:598): avc: denied { add_name } for pid=3832 comm="syz.4.1509" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 70.997586][ T3847] loop5: detected capacity change from 0 to 512 [ 71.005166][ T28] audit: type=1400 audit(1746175819.760:599): avc: denied { associate } for pid=3832 comm="syz.4.1509" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 71.027525][ T457] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 71.035726][ T28] audit: type=1400 audit(1746175819.760:600): avc: denied { write open } for pid=3832 comm="syz.4.1509" path="/323/file1/file0" dev="loop4" ino=1048694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 71.064142][ T28] audit: type=1400 audit(1746175819.760:601): avc: denied { setattr } for pid=3832 comm="syz.4.1509" name="file0" dev="loop4" ino=1048694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 71.071739][ T3847] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 71.106468][ T3847] ext4 filesystem being mounted at /222/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.114895][ T28] audit: type=1400 audit(1746175819.790:602): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=698 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.143367][ T3852] loop3: detected capacity change from 0 to 128 [ 71.160682][ T3852] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 71.165376][ T28] audit: type=1400 audit(1746175819.790:603): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=698 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.196278][ T1147] EXT4-fs (loop5): unmounting filesystem. [ 71.206492][ T3852] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 71.235454][ T3852] EXT4-fs error (device loop3): __ext4_find_entry:1696: inode #2: comm syz.3.1517: checksumming directory block 0 [ 71.249097][ T457] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.265493][ T457] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.275676][ T457] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 71.285342][ T457] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.299309][ T457] usb 3-1: config 0 descriptor?? [ 71.321644][ T277] EXT4-fs (loop3): unmounting filesystem. [ 71.539543][ T19] kernel write not supported for file /691/clear_refs (pid: 19 comm: kworker/0:1) [ 71.630853][ T3932] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1551'. [ 71.640665][ T3930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1550'. [ 71.677251][ T3935] loop5: detected capacity change from 0 to 256 [ 71.696569][ T3937] loop0: detected capacity change from 0 to 256 [ 71.712836][ T3937] exfat: Deprecated parameter 'namecase' [ 71.731588][ T3937] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 71.837133][ T3943] loop5: detected capacity change from 0 to 512 [ 71.859768][ T3918] loop3: detected capacity change from 0 to 40427 [ 71.870237][ T3948] ------------[ cut here ]------------ [ 71.871861][ T3943] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 71.875847][ T3948] WARNING: CPU: 0 PID: 3948 at mm/page_alloc.c:5814 __alloc_pages+0x2f6/0x3a0 [ 71.893648][ T3948] Modules linked in: [ 71.894158][ T3943] ext4 filesystem being mounted at /234/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.897690][ T3948] CPU: 0 PID: 3948 Comm: syz.0.1560 Not tainted 6.1.134-syzkaller-00033-g0c1a07d9c284 #0 [ 71.914521][ T3918] F2FS-fs (loop3): fault_injection options not supported [ 71.917972][ T3948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 71.935237][ T3948] RIP: 0010:__alloc_pages+0x2f6/0x3a0 [ 71.940674][ T3948] Code: 0c 25 28 00 00 00 48 3b 8c 24 a0 00 00 00 0f 85 93 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 8e 87 bf 05 01 <0f> 0b eb a5 a9 00 00 08 00 48 8b 54 24 10 75 42 44 89 f6 81 e6 7f [ 71.942746][ T3943] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 71.960514][ T3948] RSP: 0018:ffffc90012c67920 EFLAGS: 00010246 [ 71.970051][ T3943] EXT4-fs: Cannot change journaled quota options when quota turned on [ 71.979335][ T3918] F2FS-fs (loop3): fault_type options not supported [ 71.984388][ T3948] [ 71.984396][ T3948] RAX: ffffc90012c67900 RBX: 000000000000000f RCX: 0000000000000000 [ 71.984414][ T3948] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffffc90012c67988 [ 71.984427][ T3948] RBP: ffffc90012c67a08 R08: dffffc0000000000 R09: ffffc90012c67970 [ 71.984441][ T3948] R10: fffff5200258cf31 R11: 1ffff9200258cf2e R12: dffffc0000000000 [ 71.984456][ T3948] R13: 0000000000000000 R14: 0000000000040d40 R15: 1ffff9200258cf28 [ 71.991077][ T3918] F2FS-fs (loop3): Image doesn't support compression [ 71.993387][ T3948] FS: 00007faea12c16c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 72.001403][ T3918] F2FS-fs (loop3): Image doesn't support compression [ 72.009395][ T3948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.009415][ T3948] CR2: 0000200000001000 CR3: 0000000134449000 CR4: 00000000003506b0 [ 72.009431][ T3948] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.009442][ T3948] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.009454][ T3948] Call Trace: [ 72.009459][ T3948] [ 72.009467][ T3948] ? __cfi___alloc_pages+0x10/0x10 [ 72.018691][ T3918] F2FS-fs (loop3): invalid crc value [ 72.025631][ T3948] __kmalloc_large_node+0xa1/0x1c0 [ 72.040196][ T3953] tap0: tun_chr_ioctl cmd 2147767521 [ 72.040414][ T3948] ? incfs_realloc_mount_info+0x99/0x440 [ 72.050580][ T3918] F2FS-fs (loop3): Found nat_bits in checkpoint [ 72.056030][ T3948] __kmalloc+0xe0/0x1e0 [ 72.101500][ T3918] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 72.103256][ T3948] incfs_realloc_mount_info+0x99/0x440 [ 72.143159][ T3948] incfs_alloc_mount_info+0x476/0x540 [ 72.148733][ T3948] incfs_mount_fs+0x3c6/0x880 [ 72.153433][ T3948] ? __cfi_incfs_mount_fs+0x10/0x10 [ 72.158700][ T3948] ? vfs_parse_fs_string+0xfe/0x160 [ 72.163930][ T3948] legacy_get_tree+0xfe/0x1a0 [ 72.168695][ T3948] ? __cfi_incfs_mount_fs+0x10/0x10 [ 72.173921][ T3948] vfs_get_tree+0x9a/0x270 [ 72.178429][ T3948] do_new_mount+0x25a/0xa20 [ 72.183063][ T3948] path_mount+0x675/0x1010 [ 72.187645][ T3948] ? user_path_at_empty+0x161/0x1c0 [ 72.192958][ T3948] __se_sys_mount+0x318/0x380 [ 72.197731][ T3948] ? __this_cpu_preempt_check+0x13/0x20 [ 72.203303][ T3948] ? __x64_sys_mount+0xd0/0xd0 [ 72.208153][ T3948] ? __kasan_check_write+0x14/0x20 [ 72.213299][ T3948] ? fpregs_restore_userregs+0x128/0x260 [ 72.219021][ T3948] __x64_sys_mount+0xbf/0xd0 [ 72.223644][ T3948] x64_sys_call+0x65d/0x9a0 [ 72.228423][ T3948] do_syscall_64+0x4c/0xa0 [ 72.232871][ T3948] ? clear_bhb_loop+0x15/0x70 [ 72.237617][ T3948] ? clear_bhb_loop+0x15/0x70 [ 72.242315][ T3948] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 72.248285][ T3948] RIP: 0033:0x7faea038e969 [ 72.252714][ T3948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.272380][ T3948] RSP: 002b:00007faea12c1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 72.280916][ T3948] RAX: ffffffffffffffda RBX: 00007faea05b5fa0 RCX: 00007faea038e969 [ 72.288955][ T3948] RDX: 0000200000000140 RSI: 0000200000000080 RDI: 0000200000000000 [ 72.296990][ T3948] RBP: 00007faea0410ab1 R08: 0000200000000200 R09: 0000000000000000 [ 72.305008][ T3948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.313171][ T3948] R13: 0000000000000000 R14: 00007faea05b5fa0 R15: 00007ffdf7720638 [ 72.321278][ T3948] [ 72.324343][ T3948] ---[ end trace 0000000000000000 ]--- [ 72.330355][ T3948] incfs: Error allocating mount info. -12 [ 72.330506][ T1147] EXT4-fs (loop5): unmounting filesystem. [ 72.336309][ T3948] incfs: mount failed -12 [ 72.343215][ T277] syz-executor: attempt to access beyond end of device [ 72.343215][ T277] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 72.346516][ T457] hid-led 0003:1D34:000A.001A: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.2-1/input0 [ 72.373073][ T457] hid-led 0003:1D34:000A.001A: Dream Cheeky Webmail Notifier initialized [ 72.383063][ T457] usb 3-1: USB disconnect, device number 11 [ 72.406566][ T3958] binder: 3957:3958 ioctl c018620c 200000000140 returned -1 [ 72.585689][ T3983] loop5: detected capacity change from 0 to 256 [ 72.595825][ T3983] exfat: Deprecated parameter 'namecase' [ 72.603019][ T3983] exfat: Deprecated parameter 'utf8' [ 72.612396][ T3988] input: syz0 as /devices/virtual/input/input22 [ 72.626126][ T3983] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 72.665007][ T3992] loop0: detected capacity change from 0 to 512 [ 72.693628][ T3992] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.1579: casefold flag without casefold feature [ 72.724247][ T3992] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1579: couldn't read orphan inode 15 (err -117) [ 72.744213][ T3992] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 72.782562][ T276] EXT4-fs (loop0): unmounting filesystem. [ 72.847031][ T3985] loop3: detected capacity change from 0 to 40427 [ 72.861113][ T3985] F2FS-fs (loop3): fault_injection options not supported [ 72.884914][ T3985] F2FS-fs (loop3): invalid crc value [ 72.913626][ T3985] F2FS-fs (loop3): Found nat_bits in checkpoint [ 72.964549][ T3985] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 72.974216][ T19] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 73.153495][ T4041] Unsupported ieee802154 address type: 0 [ 73.165177][ T19] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 73.184118][ T19] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 73.196076][ T19] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 73.205573][ T19] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.214640][ T19] usb 6-1: config 0 descriptor?? [ 73.384206][ T457] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 73.502115][ T4064] loop4: detected capacity change from 0 to 512 [ 73.508859][ T4064] EXT4-fs: Ignoring removed bh option [ 73.514644][ T4064] EXT4-fs: quotafile must be on filesystem root [ 73.559808][ T4066] incfs: Options parsing error. -22 [ 73.565143][ T457] usb 3-1: Using ep0 maxpacket: 8 [ 73.565864][ T4066] incfs: mount failed -22 [ 73.571400][ T457] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 73.583175][ T457] usb 3-1: config 179 has no interface number 0 [ 73.589746][ T457] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 73.601091][ T457] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 73.612437][ T457] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 73.623721][ T457] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 73.635795][ T19] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor [ 73.644266][ T457] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 73.658783][ T19] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.001B/input/input23 [ 73.670229][ T457] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 73.679364][ T457] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.689333][ T4034] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 73.746348][ T19] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 73.864089][ T368] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 73.900522][ T4034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.909287][ T4034] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.045734][ T284] usb 6-1: USB disconnect, device number 9 [ 74.055149][ T368] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.066758][ T368] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.080007][ T368] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 74.093334][ T368] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 74.102432][ T368] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.111319][ T368] usb 5-1: config 0 descriptor?? [ 74.119775][ T19] usb 3-1: USB disconnect, device number 12 [ 74.125765][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 74.125804][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 74.486282][ T4093] loop3: detected capacity change from 0 to 40427 [ 74.493759][ T4093] F2FS-fs (loop3): Invalid log blocks per segment (83886089) [ 74.501232][ T4093] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 74.510483][ T4093] F2FS-fs (loop3): invalid crc value [ 74.517042][ T4093] F2FS-fs (loop3): Found nat_bits in checkpoint [ 74.524510][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.532329][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.540082][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.547798][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.557176][ T4093] F2FS-fs (loop3): Start checkpoint disabled! [ 74.562241][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.564312][ T4093] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 74.578053][ T4093] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 74.578663][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.602280][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.611888][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.642969][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.655876][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.663338][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.671018][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.679078][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.686611][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.694135][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.709405][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.739912][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.754601][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783379][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783409][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783431][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783453][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783475][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783496][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783517][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783538][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783559][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783580][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783601][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783622][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783654][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783676][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783696][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783717][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783737][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783758][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783778][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.783800][ T368] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 74.784068][ T368] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 74.948205][ T368] plantronics 0003:047F:FFFF.001C: hiddev96,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 74.950167][ T368] usb 5-1: USB disconnect, device number 12 [ 75.358663][ T4104] loop5: detected capacity change from 0 to 131072 [ 75.384955][ T4104] F2FS-fs (loop5): invalid crc value [ 75.396389][ T4104] F2FS-fs (loop5): Found nat_bits in checkpoint [ 75.463248][ T4104] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 75.483469][ T4135] netlink: 'syz.3.1641': attribute type 4 has an invalid length. [ 75.575576][ T4123] loop4: detected capacity change from 0 to 40427 [ 75.600729][ T4123] F2FS-fs (loop4): Found nat_bits in checkpoint [ 75.664118][ T4123] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 75.710724][ T279] syz-executor: attempt to access beyond end of device [ 75.710724][ T279] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 75.828819][ T4153] __nla_validate_parse: 1 callbacks suppressed [ 75.828841][ T4153] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1650'. [ 75.844103][ T19] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 75.859182][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 75.859199][ T28] audit: type=1400 audit(1746175824.690:633): avc: denied { ioctl } for pid=4154 comm="syz.4.1646" path="socket:[31738]" dev="sockfs" ino=31738 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 75.912886][ T4161] input: syz1 as /devices/virtual/input/input24 [ 75.924294][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 75.958911][ T4168] device batadv_slave_1 entered promiscuous mode [ 75.970551][ T4167] device batadv_slave_1 left promiscuous mode [ 75.994263][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.024043][ T19] usb 4-1: Using ep0 maxpacket: 32 [ 76.031118][ T19] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.060585][ T19] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.073619][ T19] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 76.088122][ T28] audit: type=1400 audit(1746175824.930:634): avc: denied { bind } for pid=4181 comm="syz.5.1663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 76.098700][ T19] usb 4-1: config 0 interface 0 has no altsetting 0 [ 76.120879][ T19] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 76.139341][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.150092][ T19] usb 4-1: config 0 descriptor?? [ 76.156736][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.187669][ T4163] loop2: detected capacity change from 0 to 40427 [ 76.195076][ T4163] F2FS-fs (loop2): fault_injection options not supported [ 76.203047][ T4163] F2FS-fs (loop2): invalid crc value [ 76.214131][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.233298][ T4163] F2FS-fs (loop2): Found nat_bits in checkpoint [ 76.274133][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.286947][ T4205] netlink: 'syz.0.1671': attribute type 280 has an invalid length. [ 76.301740][ T4163] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 76.366580][ T4210] mmap: syz.0.1673 (4210) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 76.370945][ T28] audit: type=1400 audit(1746175825.200:635): avc: denied { ioctl } for pid=4211 comm="syz.5.1675" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=32947 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 76.404903][ T278] syz-executor: attempt to access beyond end of device [ 76.404903][ T278] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 76.412144][ T28] audit: type=1400 audit(1746175825.230:636): avc: denied { bind } for pid=4212 comm="syz.4.1674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 76.454798][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.504166][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.557585][ T28] audit: type=1400 audit(1746175825.390:637): avc: denied { mount } for pid=4225 comm="syz.4.1683" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 76.568381][ T19] logitech 0003:046D:C29C.001D: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 76.601773][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.608499][ T28] audit: type=1400 audit(1746175825.390:638): avc: denied { mounton } for pid=4225 comm="syz.4.1683" path="/368/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 76.631796][ T28] audit: type=1400 audit(1746175825.430:639): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 76.655388][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.734455][ T457] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 76.789119][ T28] audit: type=1400 audit(1746175825.620:640): avc: denied { relabelfrom } for pid=4251 comm="syz.5.1693" name="" dev="pipefs" ino=32528 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 76.955673][ T4249] loop4: detected capacity change from 0 to 40427 [ 76.965410][ T4249] F2FS-fs (loop4): Found nat_bits in checkpoint [ 76.967745][ T19] logitech 0003:046D:C29C.001D: no inputs found [ 76.989648][ T19] usb 4-1: USB disconnect, device number 10 [ 77.008312][ T4249] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 77.049871][ T4269] loop5: detected capacity change from 0 to 256 [ 77.056712][ T279] syz-executor: attempt to access beyond end of device [ 77.056712][ T279] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 77.098261][ T28] audit: type=1400 audit(1746175825.930:641): avc: denied { mounton } for pid=4268 comm="syz.5.1699" path="/269/file0/bus" dev="loop5" ino=1048698 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 77.160734][ T4271] loop4: detected capacity change from 0 to 512 [ 77.167453][ T4271] EXT4-fs: Ignoring removed mblk_io_submit option [ 77.174338][ T4271] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 77.186798][ T4271] EXT4-fs (loop4): 1 truncate cleaned up [ 77.192535][ T4271] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 77.203855][ T28] audit: type=1400 audit(1746175826.030:642): avc: denied { relabelto } for pid=4270 comm="syz.4.1700" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 77.236402][ T1147] FAT-fs (loop5): error, corrupted directory (invalid entries) [ 77.238108][ T279] EXT4-fs (loop4): unmounting filesystem. [ 77.244597][ T1147] FAT-fs (loop5): Filesystem has been set read-only [ 77.257048][ T1147] FAT-fs (loop5): error, corrupted directory (invalid entries) [ 77.438050][ T4288] loop2: detected capacity change from 0 to 256 [ 77.446684][ T4288] FAT-fs (loop2): IO charset macromani not found [ 77.457064][ T4283] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.464306][ T4283] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.471764][ T4283] device bridge_slave_0 entered promiscuous mode [ 77.481613][ T4283] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.488760][ T4283] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.496465][ T4283] device bridge_slave_1 entered promiscuous mode [ 77.584060][ T298] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 77.599892][ T4283] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.607218][ T4283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.614620][ T4283] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.621635][ T4283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.649317][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.657800][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.665625][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.683330][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.691849][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.698938][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.717761][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.726873][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.733963][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.752282][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.762236][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.766952][ T4309] syz.2.1716[4309] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.771140][ T4309] syz.2.1716[4309] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 77.779612][ T4311] loop3: detected capacity change from 0 to 512 [ 77.799065][ T4283] device veth0_vlan entered promiscuous mode [ 77.807259][ T4311] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 77.808840][ T298] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 77.826975][ T298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.835219][ T298] usb 5-1: Product: syz [ 77.837773][ T4311] EXT4-fs (loop3): orphan cleanup on readonly fs [ 77.839493][ T298] usb 5-1: Manufacturer: syz [ 77.852217][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.860857][ T4311] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:511: comm syz.3.1717: Block bitmap for bg 0 marked uninitialized [ 77.861130][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.874457][ T4311] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 77.890384][ T298] usb 5-1: SerialNumber: syz [ 77.890788][ T4311] EXT4-fs (loop3): 1 orphan inode deleted [ 77.901003][ T4311] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 77.909087][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.917017][ T298] r8152-cfgselector 5-1: config 0 descriptor?? [ 77.924465][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.937088][ T4311] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 77.940193][ T4283] device veth1_macvtap entered promiscuous mode [ 77.954358][ T4311] EXT4-fs (loop3): re-mounted. Quota mode: none. [ 77.961740][ T43] device bridge_slave_1 left promiscuous mode [ 77.963311][ T4311] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:511: comm syz.3.1717: Block bitmap for bg 0 marked uninitialized [ 77.968581][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.991099][ T43] device bridge_slave_0 left promiscuous mode [ 77.997548][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.010167][ T43] device veth1_macvtap left promiscuous mode [ 78.010465][ T277] EXT4-fs (loop3): unmounting filesystem. [ 78.016809][ T43] device veth0_vlan left promiscuous mode [ 78.112454][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.137125][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.151898][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.210380][ T4327] loop6: detected capacity change from 0 to 512 [ 78.221654][ T4327] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 78.236516][ T4327] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 78.245597][ T4327] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.262725][ T4327] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.1706: bg 0: block 304: padding at end of block bitmap is not set [ 78.277927][ T4327] EXT4-fs (loop6): Remounting filesystem read-only [ 78.316632][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 78.363908][ T298] r8152-cfgselector 5-1: Unknown version 0x0000 [ 78.372670][ T298] r8152-cfgselector 5-1: bad CDC descriptors [ 78.373232][ T4341] loop6: detected capacity change from 0 to 128 [ 78.379341][ T298] r8152-cfgselector 5-1: Unknown version 0x0000 [ 78.395934][ T298] r8152-cfgselector 5-1: USB disconnect, device number 13 [ 78.410382][ T4341] EXT4-fs (loop6): Test dummy encryption mode enabled [ 78.425068][ T4341] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 78.433813][ T4341] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 78.462346][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 78.568932][ T4339] loop3: detected capacity change from 0 to 40427 [ 78.576228][ T4339] F2FS-fs (loop3): fault_injection options not supported [ 78.584341][ T4339] F2FS-fs (loop3): invalid crc value [ 78.590905][ T4339] F2FS-fs (loop3): Found nat_bits in checkpoint [ 78.637193][ T4339] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 78.726165][ T277] syz-executor: attempt to access beyond end of device [ 78.726165][ T277] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 78.803302][ T4353] loop2: detected capacity change from 0 to 40427 [ 78.810646][ T4353] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 78.818801][ T4353] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 78.866696][ T4353] F2FS-fs (loop2): Found nat_bits in checkpoint [ 78.945739][ T4353] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 78.957670][ T4353] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 78.967464][ T4384] syz.3.1743[4384] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.967543][ T4384] syz.3.1743[4384] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.282495][ T4415] loop3: detected capacity change from 0 to 40427 [ 79.301088][ T4415] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 79.309381][ T4415] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 79.320611][ T4415] F2FS-fs (loop3): Found nat_bits in checkpoint [ 79.344468][ T4426] loop4: detected capacity change from 0 to 2048 [ 79.358031][ T4426] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 79.369176][ T4415] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 79.380068][ T457] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 79.380599][ T4415] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 79.447501][ T4438] loop4: detected capacity change from 0 to 128 [ 79.455785][ T4438] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 79.464273][ T283] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 79.472633][ T4438] System zones: 1-3, 19-19, 35-36 [ 79.479139][ T4438] ext4 filesystem being mounted at /391/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 79.564070][ T457] usb 7-1: Using ep0 maxpacket: 32 [ 79.571374][ T457] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 79.579839][ T457] usb 7-1: config 0 has no interface number 0 [ 79.586169][ T457] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.614127][ T457] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.623906][ T457] usb 7-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 79.633516][ T457] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.642556][ T457] usb 7-1: config 0 descriptor?? [ 79.657164][ T283] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 79.666626][ T283] usb 3-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 79.677442][ T283] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 79.686706][ T283] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 79.706544][ T283] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 79.715735][ T283] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 79.725505][ T283] usb 3-1: Product: syz [ 79.729765][ T283] usb 3-1: Manufacturer: syz [ 79.736290][ T283] cdc_wdm 3-1:1.0: skipping garbage [ 79.741574][ T283] cdc_wdm: probe of 3-1:1.0 failed with error -22 [ 79.775360][ T4463] device veth1_macvtap left promiscuous mode [ 79.945924][ T4420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1761'. [ 79.956125][ T298] usb 3-1: USB disconnect, device number 13 [ 79.964232][ T284] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 80.144377][ T284] usb 4-1: Using ep0 maxpacket: 16 [ 80.151020][ T284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.162340][ T284] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.172262][ T284] usb 4-1: config 0 interface 0 has no altsetting 0 [ 80.178948][ T284] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 80.188128][ T284] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.196852][ T284] usb 4-1: config 0 descriptor?? [ 80.259048][ T457] input: HID 28bd:0094 Pen as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/0003:28BD:0094.001E/input/input26 [ 80.272692][ T457] uclogic 0003:28BD:0094.001E: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.6-1/input1 [ 80.469920][ T298] usb 7-1: USB disconnect, device number 2 [ 80.538183][ T4487] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1787'. [ 80.813180][ T298] usb 4-1: USB disconnect, device number 11 [ 80.986614][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 80.986631][ T28] audit: type=1400 audit(1746175829.820:682): avc: denied { getopt } for pid=4500 comm="syz.6.1793" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 81.490733][ T28] audit: type=1326 audit(1746175830.320:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4497 comm="syz.4.1792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420338e969 code=0x7fc00000 [ 81.714094][ T457] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 81.724881][ T4550] loop3: detected capacity change from 0 to 128 [ 81.731528][ T4550] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 81.744525][ T4550] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 81.889590][ T4560] loop3: detected capacity change from 0 to 128 [ 81.901746][ T28] audit: type=1326 audit(1746175830.740:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f454bd8e969 code=0x7ffc0000 [ 81.905117][ T4560] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.937089][ T28] audit: type=1326 audit(1746175830.740:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f454bd8e969 code=0x7ffc0000 [ 81.960618][ T28] audit: type=1326 audit(1746175830.740:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f454bd2ab39 code=0x7ffc0000 [ 81.984103][ T28] audit: type=1326 audit(1746175830.740:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f454bd8e969 code=0x7ffc0000 [ 82.008759][ T457] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.019032][ T457] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 82.028336][ T28] audit: type=1326 audit(1746175830.740:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f454bd8e969 code=0x7ffc0000 [ 82.052500][ T28] audit: type=1326 audit(1746175830.740:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f454bd2ab39 code=0x7ffc0000 [ 82.076112][ T457] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 82.085300][ T28] audit: type=1326 audit(1746175830.740:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f454bd8e969 code=0x7ffc0000 [ 82.108879][ T457] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 82.117052][ T457] usb 7-1: SerialNumber: syz [ 82.122496][ T28] audit: type=1326 audit(1746175830.740:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4535 comm="syz.2.1809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f454bd8e969 code=0x7ffc0000 [ 82.350026][ T457] usb 7-1: 0:2 : does not exist [ 82.361005][ T457] usb 7-1: USB disconnect, device number 3 [ 82.408304][ T4571] loop2: detected capacity change from 0 to 40427 [ 82.415552][ T4571] F2FS-fs (loop2): heap/no_heap options were deprecated [ 82.423357][ T4571] F2FS-fs (loop2): invalid crc value [ 82.429798][ T4571] F2FS-fs (loop2): Found nat_bits in checkpoint [ 82.478286][ T4571] F2FS-fs (loop2): Start checkpoint disabled! [ 82.485198][ T4571] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 82.583761][ T10] kworker/u4:1: attempt to access beyond end of device [ 82.583761][ T10] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 82.834084][ T283] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 82.871252][ T4595] loop2: detected capacity change from 0 to 40427 [ 82.880971][ T4595] F2FS-fs (loop2): heap/no_heap options were deprecated [ 82.890350][ T4595] F2FS-fs (loop2): invalid crc value [ 82.899588][ T4595] F2FS-fs (loop2): Found nat_bits in checkpoint [ 82.943734][ T4595] F2FS-fs (loop2): Start checkpoint disabled! [ 82.963534][ T4595] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 82.982140][ T4607] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 83.036094][ T283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.056333][ T283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.067827][ T283] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 83.069381][ T4595] syz.2.1835: attempt to access beyond end of device [ 83.069381][ T4595] loop2: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 83.077662][ T283] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.104580][ T283] usb 5-1: config 0 descriptor?? [ 83.173113][ T4617] incfs: Options parsing error. -22 [ 83.173265][ T43] kworker/u4:2: attempt to access beyond end of device [ 83.173265][ T43] loop2: rw=1, sector=77944, nr_sectors = 8 limit=40427 [ 83.178509][ T4617] incfs: mount failed -22 [ 83.193877][ T43] kworker/u4:2: attempt to access beyond end of device [ 83.193877][ T43] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 83.457832][ T4637] IPv6: NLM_F_CREATE should be specified when creating new route [ 83.515129][ T283] keytouch 0003:0926:3333.0020: fixing up Keytouch IEC report descriptor [ 83.526224][ T283] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0020/input/input27 [ 83.611145][ T283] keytouch 0003:0926:3333.0020: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 83.673860][ T4640] loop0: detected capacity change from 0 to 256 [ 83.693615][ T4640] FAT-fs (loop0): Directory bread(block 64) failed [ 83.700458][ T4640] FAT-fs (loop0): Directory bread(block 65) failed [ 83.708476][ T4640] FAT-fs (loop0): Directory bread(block 66) failed [ 83.715414][ T4640] FAT-fs (loop0): Directory bread(block 67) failed [ 83.722029][ T4640] FAT-fs (loop0): Directory bread(block 68) failed [ 83.729000][ T4640] FAT-fs (loop0): Directory bread(block 69) failed [ 83.735932][ T4640] FAT-fs (loop0): Directory bread(block 70) failed [ 83.742682][ T4640] FAT-fs (loop0): Directory bread(block 71) failed [ 83.750142][ T4640] FAT-fs (loop0): Directory bread(block 72) failed [ 83.757150][ T4640] FAT-fs (loop0): Directory bread(block 73) failed [ 83.824485][ T284] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 83.968179][ T283] usb 5-1: USB disconnect, device number 14 [ 84.004088][ T284] usb 3-1: Using ep0 maxpacket: 8 [ 84.014868][ T284] usb 3-1: config 0 has an invalid interface number: 200 but max is 0 [ 84.023698][ T284] usb 3-1: config 0 has no interface number 0 [ 84.029087][ T4660] loop3: detected capacity change from 0 to 256 [ 84.030587][ T284] usb 3-1: config 0 interface 200 has no altsetting 0 [ 84.037348][ T4660] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 84.050218][ T284] usb 3-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 84.054053][ T4660] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 84.063472][ T284] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.076127][ T4660] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 84.079860][ T284] usb 3-1: Product: syz [ 84.095916][ T284] usb 3-1: Manufacturer: syz [ 84.100622][ T284] usb 3-1: SerialNumber: syz [ 84.106249][ T284] usb 3-1: config 0 descriptor?? [ 84.316422][ T284] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.200/input/input28 [ 84.329976][ T284] usb 3-1: USB disconnect, device number 14 [ 84.374523][ T298] hid-generic 0000:0004:0000.0021: unknown main item tag 0x0 [ 84.381988][ T298] hid-generic 0000:0004:0000.0021: unknown main item tag 0x0 [ 84.389620][ T298] hid-generic 0000:0004:0000.0021: unknown main item tag 0x0 [ 84.398081][ T298] hid-generic 0000:0004:0000.0021: hidraw0: HID v0.00 Device [syz1] on syz1 [ 84.503520][ T4686] usb usb8: usbfs: process 4686 (syz.3.1875) did not claim interface 0 before use [ 84.529951][ T4690] syz.4.1877[4690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.530035][ T4690] syz.4.1877[4690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.690763][ T4692] loop3: detected capacity change from 0 to 40427 [ 84.709400][ T4692] F2FS-fs (loop3): fault_injection options not supported [ 84.717690][ T4692] F2FS-fs (loop3): invalid crc value [ 84.724538][ T4692] F2FS-fs (loop3): Found nat_bits in checkpoint [ 84.764716][ T4692] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 84.824082][ T283] usb 7-1: new full-speed USB device number 4 using dummy_hcd [ 84.915911][ T4720] loop2: detected capacity change from 0 to 256 [ 84.925483][ T4720] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x88000078, utbl_chksum : 0xe619d30d) [ 85.020903][ T283] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 85.032688][ T283] usb 7-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 85.041928][ T283] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.061789][ T283] usb 7-1: config 0 descriptor?? [ 85.078494][ T4696] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 85.103141][ T4739] loop2: detected capacity change from 0 to 512 [ 85.110759][ T4739] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.127771][ T4739] ext4 filesystem being mounted at /367/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.158415][ T4750] loop2: detected capacity change from 0 to 256 [ 85.172020][ T4750] FAT-fs (loop2): Directory bread(block 64) failed [ 85.179838][ T4750] FAT-fs (loop2): Directory bread(block 65) failed [ 85.186726][ T4750] FAT-fs (loop2): Directory bread(block 66) failed [ 85.193328][ T4750] FAT-fs (loop2): Directory bread(block 67) failed [ 85.200256][ T4750] FAT-fs (loop2): Directory bread(block 68) failed [ 85.207018][ T4750] FAT-fs (loop2): Directory bread(block 69) failed [ 85.213797][ T4750] FAT-fs (loop2): Directory bread(block 70) failed [ 85.221019][ T4750] FAT-fs (loop2): Directory bread(block 71) failed [ 85.228585][ T4750] FAT-fs (loop2): Directory bread(block 72) failed [ 85.235558][ T4750] FAT-fs (loop2): Directory bread(block 73) failed [ 85.363336][ T4765] loop3: detected capacity change from 0 to 16 [ 85.370683][ T4765] erofs: (device loop3): mounted with root inode @ nid 36. [ 85.450341][ T4772] loop3: detected capacity change from 0 to 256 [ 85.457155][ T4772] exfat: Deprecated parameter 'namecase' [ 85.465537][ T4772] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 85.506206][ T283] uclogic 0003:5543:0003.0022: item fetching failed at offset 0/1 [ 85.514757][ T283] uclogic 0003:5543:0003.0022: parse failed [ 85.521075][ T283] uclogic: probe of 0003:5543:0003.0022 failed with error -22 [ 85.708972][ T4793] loop2: detected capacity change from 0 to 1024 [ 85.716588][ T283] usb 7-1: USB disconnect, device number 4 [ 85.747960][ T4793] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.762429][ T4793] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 85.777722][ T4793] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 65 with error 28 [ 85.790785][ T4793] EXT4-fs (loop2): This should not happen!! Data will be lost [ 85.790785][ T4793] [ 85.800574][ T4793] EXT4-fs (loop2): Total free blocks count 0 [ 85.806331][ T4800] netlink: 'syz.3.1924': attribute type 34 has an invalid length. [ 85.806884][ T4793] EXT4-fs (loop2): Free/Dirty block details [ 85.820567][ T4793] EXT4-fs (loop2): free_blocks=4293918720 [ 85.826464][ T4793] EXT4-fs (loop2): dirty_blocks=80 [ 85.831732][ T4793] EXT4-fs (loop2): Block reservation details [ 85.837791][ T4793] EXT4-fs (loop2): i_reserved_data_blocks=5 [ 86.049616][ T4826] loop4: detected capacity change from 0 to 40427 [ 86.056587][ T4826] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 86.064530][ T4826] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 86.073549][ T4826] F2FS-fs (loop4): invalid crc value [ 86.080443][ T4826] F2FS-fs (loop4): Found nat_bits in checkpoint [ 86.109598][ T4826] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 86.116730][ T4826] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 86.150005][ T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 86.156639][ T284] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0 [ 86.159463][ T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 86.167314][ T284] hid-generic 0000:0000:0000.0023: hidraw0: HID v0.00 Device [syz1] on syz0 [ 86.286894][ T28] kauditd_printk_skb: 400 callbacks suppressed [ 86.286910][ T28] audit: type=1400 audit(1746175835.120:1092): avc: denied { write } for pid=4847 comm="syz.3.1945" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 86.325862][ T4854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1947'. [ 86.554075][ T284] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 86.584079][ T6] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 86.744587][ T284] usb 5-1: Using ep0 maxpacket: 16 [ 86.752222][ T284] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.753749][ T4875] loop2: detected capacity change from 0 to 512 [ 86.766487][ T284] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.769876][ T6] usb 7-1: Using ep0 maxpacket: 16 [ 86.779774][ T284] usb 5-1: config 0 interface 0 has no altsetting 0 [ 86.786016][ T4875] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 86.791853][ T284] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 86.802649][ T6] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 86.811274][ T284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.820668][ T4875] EXT4-fs (loop2): 1 truncate cleaned up [ 86.828328][ T284] usb 5-1: config 0 descriptor?? [ 86.833263][ T6] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.848743][ T6] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 86.864137][ T6] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 86.873303][ T6] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.881406][ T6] usb 7-1: Product: syz [ 86.885641][ T6] usb 7-1: Manufacturer: syz [ 86.890273][ T6] usb 7-1: SerialNumber: syz [ 86.928753][ T4882] loop3: detected capacity change from 0 to 512 [ 86.935913][ T4882] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 86.947681][ T4882] EXT4-fs (loop3): 1 truncate cleaned up [ 86.977753][ T4885] loop3: detected capacity change from 0 to 512 [ 86.996201][ T4885] ext4 filesystem being mounted at /449/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.011482][ T4885] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.1960: corrupted inode contents [ 87.024762][ T4885] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #2: comm syz.3.1960: mark_inode_dirty error [ 87.036527][ T4885] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.1960: corrupted inode contents [ 87.048696][ T4885] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.1960: mark_inode_dirty error [ 87.070495][ T4878] loop2: detected capacity change from 0 to 40427 [ 87.080728][ T4878] F2FS-fs (loop2): Found nat_bits in checkpoint [ 87.120020][ T4878] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 87.135487][ T28] audit: type=1400 audit(1746175835.970:1093): avc: denied { rename } for pid=4877 comm="syz.2.1957" name="file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 87.138452][ T4889] f2fs_ckpt-7:2: attempt to access beyond end of device [ 87.138452][ T4889] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 87.307292][ T6] usb 7-1: 0:2 : does not exist [ 87.491021][ T284] usb 5-1: USB disconnect, device number 15 [ 87.915202][ T6] usb 7-1: 1:0: failed to get current value for ch 0 (-22) [ 87.928871][ T6] usb 7-1: USB disconnect, device number 5 [ 88.137402][ T4922] loop4: detected capacity change from 0 to 256 [ 88.361066][ T4936] loop0: detected capacity change from 0 to 1024 [ 88.364093][ T457] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 88.386146][ T4936] ext4 filesystem being mounted at /359/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.398857][ T4936] EXT4-fs error (device loop0): ext4_map_blocks:744: inode #15: block 3: comm syz.0.1981: lblock 3 mapped to illegal pblock 3 (length 1) [ 88.413293][ T4936] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 88.425749][ T4936] EXT4-fs (loop0): This should not happen!! Data will be lost [ 88.425749][ T4936] [ 88.425779][ T298] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 88.480557][ T28] audit: type=1400 audit(1746175837.310:1094): avc: denied { mount } for pid=4946 comm="syz.6.1985" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 88.502844][ T28] audit: type=1400 audit(1746175837.310:1095): avc: denied { mounton } for pid=4946 comm="syz.6.1985" path="/24/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 88.527694][ T28] audit: type=1400 audit(1746175837.370:1096): avc: denied { unmount } for pid=4283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 88.553036][ T4949] incfs: Options parsing error. -22 [ 88.558344][ T457] usb 3-1: Using ep0 maxpacket: 32 [ 88.559451][ T4949] incfs: mount failed -22 [ 88.565053][ T457] usb 3-1: config 0 has an invalid interface number: 154 but max is 0 [ 88.576331][ T457] usb 3-1: config 0 has no interface number 0 [ 88.588900][ T457] usb 3-1: New USB device found, idVendor=0b95, idProduct=7e2b, bcdDevice=c4.04 [ 88.598145][ T457] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.606406][ T457] usb 3-1: Product: syz [ 88.610591][ T457] usb 3-1: Manufacturer: syz [ 88.615262][ T457] usb 3-1: SerialNumber: syz [ 88.621590][ T457] usb 3-1: config 0 descriptor?? [ 88.624148][ T298] usb 5-1: Using ep0 maxpacket: 16 [ 88.634163][ T298] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 88.648978][ T298] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 88.658565][ T298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.666860][ T298] usb 5-1: Product: syz [ 88.671118][ T298] usb 5-1: Manufacturer: syz [ 88.675781][ T298] usb 5-1: SerialNumber: syz [ 89.083244][ T298] usb 5-1: 0:2 : does not exist [ 89.231928][ T457] asix 3-1:0.154 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 89.242148][ T457] asix: probe of 3-1:0.154 failed with error -71 [ 89.249546][ T457] usb 3-1: USB disconnect, device number 15 [ 89.274165][ T283] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 89.454336][ T283] usb 7-1: Using ep0 maxpacket: 8 [ 89.460745][ T283] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.470895][ T283] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 89.479807][ T283] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 89.490975][ T283] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 89.494111][ T298] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 89.502276][ T283] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 89.514164][ T298] usb 5-1: USB disconnect, device number 16 [ 89.518661][ T283] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.533749][ T283] hub 7-1:1.0: bad descriptor, ignoring hub [ 89.539717][ T283] hub: probe of 7-1:1.0 failed with error -5 [ 89.545880][ T283] cdc_wdm 7-1:1.0: skipping garbage [ 89.551069][ T283] cdc_wdm 7-1:1.0: skipping garbage [ 89.556731][ T283] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 89.864177][ T283] usb 7-1: USB disconnect, device number 6 [ 90.098175][ T4991] SELinux: security_context_str_to_sid (defcontext) failed with errno=-22 [ 90.189422][ T4997] loop4: detected capacity change from 0 to 256 [ 90.198822][ T4997] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xc1fa704e, utbl_chksum : 0xe619d30d) [ 90.220908][ T28] audit: type=1400 audit(1746175839.050:1097): avc: denied { read } for pid=4996 comm="syz.4.2007" name="file1" dev="loop4" ino=1048719 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 90.222093][ T4997] syz.4.2007: attempt to access beyond end of device [ 90.222093][ T4997] loop4: rw=524288, sector=34225520824, nr_sectors = 1 limit=256 [ 90.244403][ T283] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 90.266834][ T4997] syz.4.2007: attempt to access beyond end of device [ 90.266834][ T4997] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.269083][ T28] audit: type=1400 audit(1746175839.050:1098): avc: denied { map } for pid=4996 comm="syz.4.2007" path="/426/file0/file1" dev="loop4" ino=1048719 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 90.283166][ T4996] syz.4.2007: attempt to access beyond end of device [ 90.283166][ T4996] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.318389][ T4996] syz.4.2007: attempt to access beyond end of device [ 90.318389][ T4996] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.332435][ T4996] syz.4.2007: attempt to access beyond end of device [ 90.332435][ T4996] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.346755][ T4997] syz.4.2007: attempt to access beyond end of device [ 90.346755][ T4997] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.361200][ T4997] syz.4.2007: attempt to access beyond end of device [ 90.361200][ T4997] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.375253][ T4997] syz.4.2007: attempt to access beyond end of device [ 90.375253][ T4997] loop4: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 90.389339][ T4997] syz.4.2007: attempt to access beyond end of device [ 90.389339][ T4997] loop4: rw=0, sector=34225520824, nr_sectors = 6 limit=256 [ 90.441254][ T28] audit: type=1400 audit(1746175839.270:1099): avc: denied { attach_queue } for pid=5004 comm="syz.4.2011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 90.492539][ T283] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.502830][ T283] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 90.503332][ T5011] loop4: detected capacity change from 0 to 512 [ 90.511903][ T283] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 90.529336][ T283] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 90.538539][ T283] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.548250][ T4974] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 90.556407][ T283] hub 7-1:1.0: bad descriptor, ignoring hub [ 90.556550][ T5011] ext4 filesystem being mounted at /428/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 90.562330][ T283] hub: probe of 7-1:1.0 failed with error -5 [ 90.562500][ T283] cdc_wdm 7-1:1.0: skipping garbage [ 90.587570][ T283] cdc_wdm 7-1:1.0: skipping garbage [ 90.594643][ T5011] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.2014: corrupted inode contents [ 90.598124][ T283] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 90.608557][ T5011] EXT4-fs error (device loop4): ext4_dirty_inode:6091: inode #2: comm syz.4.2014: mark_inode_dirty error [ 90.624799][ T5011] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.2014: corrupted inode contents [ 90.636948][ T5011] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.2014: mark_inode_dirty error [ 90.934154][ T298] usb 7-1: USB disconnect, device number 7 [ 91.066165][ T5049] loop2: detected capacity change from 0 to 512 [ 91.085823][ T5049] ext4 filesystem being mounted at /392/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 91.100194][ T5049] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.2028: corrupted inode contents [ 91.112269][ T5049] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #2: comm syz.2.2028: mark_inode_dirty error [ 91.123863][ T5049] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.2028: corrupted inode contents [ 91.141078][ T5049] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.2028: mark_inode_dirty error [ 91.183653][ T5063] 9pnet: p9_errstr2errno: server reported unknown error @í΂Í(ÿ0x0000000000000004 [ 91.275470][ T5073] loop4: detected capacity change from 0 to 128 [ 91.310311][ T5073] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 91.317846][ T5073] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 91.341158][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 91.354439][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 91.367299][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 91.375389][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 91.382967][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 91.392000][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.401104][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.409533][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.418795][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.433737][ T5080] tun0: tun_chr_ioctl cmd 1074025675 [ 91.439593][ T5080] tun0: persist enabled [ 91.444214][ T5080] tun0: tun_chr_ioctl cmd 1074025675 [ 91.449579][ T5080] tun0: persist enabled [ 91.495482][ T28] audit: type=1400 audit(1746175840.330:1100): avc: denied { read } for pid=5085 comm="syz.4.2044" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 91.537726][ T28] audit: type=1400 audit(1746175840.330:1101): avc: denied { open } for pid=5085 comm="syz.4.2044" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 91.562942][ T28] audit: type=1400 audit(1746175840.360:1102): avc: denied { ioctl } for pid=5085 comm="syz.4.2044" path="/dev/loop-control" dev="devtmpfs" ino=117 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 91.928507][ T28] audit: type=1400 audit(1746175840.760:1103): avc: denied { ioctl } for pid=5130 comm="syz.4.2066" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 92.089804][ T5154] loop2: detected capacity change from 0 to 2048 [ 92.134403][ T5154] loop2: p1 < > p4 [ 92.142285][ T5154] loop2: p4 size 8388608 extends beyond EOD, truncated [ 92.176216][ T28] audit: type=1400 audit(1746175841.010:1104): avc: denied { unmount } for pid=278 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 92.372543][ T5172] loop4: detected capacity change from 0 to 512 [ 92.381161][ T5172] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -13 [ 92.391289][ T5172] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 92.404083][ T5172] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 92.417248][ T5172] EXT4-fs (loop4): 1 truncate cleaned up [ 92.435310][ T5172] fscrypt (loop4, inode 2): Error -61 getting encryption context [ 92.447929][ T5178] loop2: detected capacity change from 0 to 256 [ 92.466426][ T28] audit: type=1400 audit(1746175841.300:1105): avc: denied { getopt } for pid=5179 comm="syz.3.2087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 92.518358][ T5178] FAT-fs (loop2): Directory bread(block 64) failed [ 92.525257][ T5178] FAT-fs (loop2): Directory bread(block 65) failed [ 92.539666][ T5178] FAT-fs (loop2): Directory bread(block 66) failed [ 92.546871][ T5178] FAT-fs (loop2): Directory bread(block 67) failed [ 92.553795][ T5178] FAT-fs (loop2): Directory bread(block 68) failed [ 92.560626][ T5178] FAT-fs (loop2): Directory bread(block 69) failed [ 92.567272][ T5178] FAT-fs (loop2): Directory bread(block 70) failed [ 92.574365][ T5178] FAT-fs (loop2): Directory bread(block 71) failed [ 92.581000][ T5178] FAT-fs (loop2): Directory bread(block 72) failed [ 92.587683][ T5178] FAT-fs (loop2): Directory bread(block 73) failed [ 93.412898][ T28] audit: type=1400 audit(1746175842.240:1106): avc: denied { getopt } for pid=5222 comm="syz.4.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 93.434182][ T1897] Bluetooth: hci0: command 0x1003 tx timeout [ 93.440239][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 93.543390][ T5236] loop4: detected capacity change from 0 to 4096 [ 93.593552][ T5244] loop4: detected capacity change from 0 to 512 [ 93.614932][ T5244] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 93.622929][ T5244] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e028, mo2=0002] [ 93.632551][ T5244] System zones: 0-1, 15-15, 18-18, 34-34 [ 93.639322][ T5244] EXT4-fs (loop4): orphan cleanup on readonly fs [ 93.645958][ T5244] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 93.655533][ T5244] EXT4-fs warning (device loop4): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 93.670158][ T5244] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 93.677076][ T5244] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.2117: bad orphan inode 16 [ 93.687381][ T5244] EXT4-fs (loop4): Remounting filesystem read-only [ 93.694057][ T5244] ext4_test_bit(bit=15, block=18) = 1 [ 93.699444][ T5244] is_bad_inode(inode)=0 [ 93.703700][ T5244] NEXT_ORPHAN(inode)=0 [ 93.707855][ T5244] max_ino=32 [ 93.711076][ T5244] i_nlink=2 [ 93.717449][ T28] audit: type=1400 audit(1746175842.550:1107): avc: denied { mounton } for pid=5243 comm="syz.4.2117" path="/467/file2/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 93.718494][ T5244] fscrypt (loop4, inode 16): Error -61 getting encryption context [ 93.752954][ T5244] fscrypt (loop4, inode 16): Error -61 getting encryption context [ 93.774251][ T279] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic f300, entries 1, max 4(0), depth 0(0) [ 93.794202][ T279] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic f300, entries 1, max 4(0), depth 0(0) [ 93.844177][ T28] audit: type=1400 audit(1746175842.680:1108): avc: denied { connect } for pid=5256 comm="syz.3.2123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 93.894071][ T298] usb 7-1: new full-speed USB device number 8 using dummy_hcd [ 94.075006][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.082078][ T5269] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.089700][ T298] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 94.089845][ T5269] device bridge_slave_0 entered promiscuous mode [ 94.106297][ T298] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.117427][ T298] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 94.126680][ T298] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.128292][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.135563][ T298] usb 7-1: config 0 descriptor?? [ 94.145180][ T5269] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.154469][ T5269] device bridge_slave_1 entered promiscuous mode [ 94.162933][ T5281] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2133'. [ 94.188190][ T5283] loop2: detected capacity change from 0 to 512 [ 94.196569][ T5283] EXT4-fs (loop2): orphan cleanup on readonly fs [ 94.203450][ T5283] EXT4-fs error (device loop2): ext4_quota_enable:6976: comm syz.2.2134: Bad quota inum: 11, type: 1 [ 94.215147][ T5283] EXT4-fs warning (device loop2): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 94.230234][ T5283] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 94.236997][ T5283] EXT4-fs mount: 28 callbacks suppressed [ 94.237014][ T5283] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 94.258838][ T5283] EXT4-fs (loop2): shut down requested (1) [ 94.265506][ T5283] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 94.284502][ T5283] EXT4-fs warning (device loop2): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 94.308968][ T278] EXT4-fs (loop2): unmounting filesystem. [ 94.326373][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.333462][ T5269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.340798][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.347867][ T5269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.385309][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.393347][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.403559][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.422565][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.431121][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.438329][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.446435][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.454824][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.461884][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.475954][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.486525][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.503781][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.520314][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.529320][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.538044][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.549258][ T5269] device veth0_vlan entered promiscuous mode [ 94.559273][ T298] hid-generic 0003:04F3:0755.0025: failed to start in urb: -90 [ 94.559810][ T298] hid-generic 0003:04F3:0755.0025: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0 [ 94.584082][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.597311][ T5269] device veth1_macvtap entered promiscuous mode [ 94.608088][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 94.618429][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 94.707519][ T5306] xt_hashlimit: size too large, truncated to 1048576 [ 94.784928][ T5246] hid-generic 0003:04F3:0755.0025: pid 5246 passed too short report [ 94.795119][ T10] device bridge_slave_1 left promiscuous mode [ 94.801494][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.824944][ T24] usb 7-1: USB disconnect, device number 8 [ 94.834100][ T10] device bridge_slave_0 left promiscuous mode [ 94.840659][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.858245][ T5313] loop7: detected capacity change from 0 to 4096 [ 94.865073][ T10] device veth1_macvtap left promiscuous mode [ 94.871180][ T10] device veth0_vlan left promiscuous mode [ 94.891639][ T5313] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 94.912896][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 94.924209][ T298] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 94.946285][ T5321] loop7: detected capacity change from 0 to 512 [ 94.994084][ T5321] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 95.029314][ T5321] EXT4-fs (loop7): 1 truncate cleaned up [ 95.040257][ T5321] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 95.109824][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 95.125131][ T298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.139927][ T298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.150903][ T298] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 95.160890][ T298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.169713][ T298] usb 3-1: config 0 descriptor?? [ 95.362599][ T5333] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2152'. [ 95.402888][ T5341] loop0: detected capacity change from 0 to 512 [ 95.431494][ T5341] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 95.441249][ T5341] ext4 filesystem being mounted at /369/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.463403][ T5341] EXT4-fs (loop0): shut down requested (1) [ 95.496040][ T276] EXT4-fs (loop0): unmounting filesystem. [ 95.526215][ T5358] overlayfs: failed to clone upperpath [ 95.532781][ T5357] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 95.730667][ T5386] loop7: detected capacity change from 0 to 1024 [ 95.737776][ T5386] EXT4-fs: Ignoring removed orlov option [ 95.743497][ T5386] EXT4-fs: Ignoring removed i_version option [ 95.751239][ T5386] EXT4-fs (loop7): Test dummy encryption mode enabled [ 95.760451][ T5386] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 95.787764][ T298] usbhid 3-1:0.0: can't add hid device: -71 [ 95.794713][ T298] usbhid: probe of 3-1:0.0 failed with error -71 [ 95.802509][ T298] usb 3-1: USB disconnect, device number 16 [ 95.812753][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 96.344454][ T5445] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2204'. [ 96.426834][ T5459] loop2: detected capacity change from 0 to 512 [ 96.445868][ T5459] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 96.454948][ T5459] ext4 filesystem being mounted at /438/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 96.477636][ T278] EXT4-fs (loop2): unmounting filesystem. [ 96.624627][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 96.624643][ T28] audit: type=1400 audit(1746175845.460:1134): avc: denied { shutdown } for pid=5478 comm="syz.6.2219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 96.651007][ T28] audit: type=1400 audit(1746175845.490:1135): avc: denied { write } for pid=5478 comm="syz.6.2219" path="socket:[37554]" dev="sockfs" ino=37554 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 96.721442][ T5490] loop6: detected capacity change from 0 to 256 [ 96.728574][ T5491] tmpfs: Unknown parameter 'n' [ 96.808193][ T28] audit: type=1400 audit(1746175845.640:1136): avc: denied { mount } for pid=5500 comm="syz.6.2229" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 96.830591][ T28] audit: type=1400 audit(1746175845.640:1137): avc: denied { mounton } for pid=5500 comm="syz.6.2229" path="/50/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 96.871519][ T5505] loop7: detected capacity change from 0 to 128 [ 96.899603][ T5505] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 96.907003][ T5505] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 96.925361][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 96.934505][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.943298][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 96.952294][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.960984][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.969722][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.978640][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.988756][ T297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.044178][ T6] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 97.136084][ T5525] device ip6tnl1 entered promiscuous mode [ 97.245508][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 97.256783][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 97.269153][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 97.279160][ T6] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 97.288563][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.297674][ T6] usb 3-1: config 0 descriptor?? [ 97.309543][ T6] usb 3-1: MIDIStreaming interface descriptor not found [ 97.510812][ T24] usb 3-1: USB disconnect, device number 17 [ 97.719028][ T5560] syz.6.2257[5560] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 97.719092][ T5560] syz.6.2257[5560] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 97.784462][ T5566] loop6: detected capacity change from 0 to 2048 [ 97.805499][ T5566] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 97.821248][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 97.855008][ T5572] loop6: detected capacity change from 0 to 16 [ 97.861433][ T5572] erofs: Unknown parameter 'ÿÿÿÿ' [ 97.901337][ T5574] loop6: detected capacity change from 0 to 2048 [ 97.944476][ T5574] loop6: p1 < > p4 [ 97.948789][ T5574] loop6: p4 size 8388608 extends beyond EOD, truncated [ 98.120639][ T28] audit: type=1400 audit(1746175846.950:1138): avc: denied { map } for pid=5592 comm="syz.6.2282" path="socket:[37757]" dev="sockfs" ino=37757 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 98.123182][ T5595] loop2: detected capacity change from 0 to 256 [ 98.203006][ T5599] incfs: Options parsing error. -22 [ 98.214862][ T5599] incfs: mount failed -22 [ 98.334548][ T5610] loop2: detected capacity change from 0 to 512 [ 98.361704][ T5610] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 98.392658][ T5610] EXT4-fs (loop2): 1 truncate cleaned up [ 98.399072][ T5610] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 98.425425][ T5610] EXT4-fs error (device loop2): __ext4_iget:5057: inode #12: block 2: comm syz.2.2279: invalid block [ 98.444243][ T5610] EXT4-fs (loop2): Remounting filesystem read-only [ 98.459670][ T5610] EXT4-fs error (device loop2): mb_free_blocks:1815: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 98.494198][ T5610] EXT4-fs (loop2): Remounting filesystem read-only [ 98.500828][ T5610] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.2279: invalid indirect mapped block 3489660928 (level 0) [ 98.534237][ T5610] EXT4-fs (loop2): Remounting filesystem read-only [ 98.567654][ T278] EXT4-fs (loop2): unmounting filesystem. [ 98.603339][ T5619] fuse: Invalid group_id [ 98.695497][ T5625] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ' [ 100.660489][ T5627] loop7: detected capacity change from 0 to 256 [ 100.808156][ T5647] loop2: detected capacity change from 0 to 512 [ 100.843661][ T5647] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 100.851876][ T5647] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e028, mo2=0002] [ 100.859994][ T5647] System zones: 0-1, 15-15, 18-18, 34-34 [ 100.866546][ T5647] EXT4-fs (loop2): orphan cleanup on readonly fs [ 100.873165][ T5647] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 100.882680][ T5647] EXT4-fs warning (device loop2): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 100.898360][ T5647] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 100.905267][ T5647] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.2295: bad orphan inode 16 [ 100.915639][ T5647] EXT4-fs (loop2): Remounting filesystem read-only [ 100.922169][ T5647] ext4_test_bit(bit=15, block=18) = 1 [ 100.927751][ T5647] is_bad_inode(inode)=0 [ 100.931931][ T5647] NEXT_ORPHAN(inode)=0 [ 100.936263][ T5647] max_ino=32 [ 100.939583][ T5647] i_nlink=2 [ 100.942743][ T5647] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 100.988582][ T5647] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 101.012938][ T5647] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 101.014768][ T5664] syz.3.2303[5664] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.020960][ T5664] syz.3.2303[5664] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.074058][ T278] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic f300, entries 1, max 4(0), depth 0(0) [ 101.109725][ T278] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic f300, entries 1, max 4(0), depth 0(0) [ 101.174670][ T2647] EXT4-fs (loop2): unmounting filesystem. [ 101.542082][ T5700] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.555327][ T5700] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.570141][ T5700] device bridge_slave_0 entered promiscuous mode [ 101.587605][ T5700] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.604050][ T5700] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.611415][ T5719] loop0: detected capacity change from 0 to 128 [ 101.611631][ T5700] device bridge_slave_1 entered promiscuous mode [ 101.638164][ T5719] EXT4-fs (loop0): Test dummy encryption mode enabled [ 101.675504][ T5719] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 101.685119][ T5719] ext4 filesystem being mounted at /374/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 101.736352][ T28] audit: type=1400 audit(1746175850.570:1139): avc: denied { create } for pid=5717 comm="syz.0.2327" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 101.762587][ T5719] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 101.778044][ T5719] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 101.804663][ T276] EXT4-fs (loop0): unmounting filesystem. [ 101.819527][ T28] audit: type=1400 audit(1746175850.630:1140): avc: denied { create } for pid=5717 comm="syz.0.2327" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 101.852627][ T5700] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.859751][ T5700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.867104][ T5700] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.874168][ T5700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.943212][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.952171][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.961245][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.984389][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.999755][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.007390][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.024110][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.037638][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.044742][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.073925][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.086988][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.104757][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.125330][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.141784][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.154362][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.169686][ T5700] device veth0_vlan entered promiscuous mode [ 102.197253][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 102.206173][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 102.212435][ T5747] loop7: detected capacity change from 0 to 512 [ 102.216509][ T5700] device veth1_macvtap entered promiscuous mode [ 102.227479][ T5747] EXT4-fs warning (device loop7): ext4_multi_mount_protect:298: Invalid MMP block in superblock [ 102.232188][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.246186][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.254614][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.267310][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.275860][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.340479][ T28] audit: type=1400 audit(1746175851.170:1141): avc: denied { mount } for pid=5756 comm="syz.7.2342" name="/" dev="ramfs" ino=39497 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 102.342739][ T5755] loop8: detected capacity change from 0 to 1024 [ 102.372914][ T28] audit: type=1400 audit(1746175851.200:1142): avc: denied { unmount } for pid=5269 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 102.397598][ T5755] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 102.406487][ T5755] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.421920][ T28] audit: type=1400 audit(1746175851.260:1143): avc: denied { map } for pid=5754 comm="syz.8.2341" path="/2/file1/file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 102.445198][ T43] device bridge_slave_1 left promiscuous mode [ 102.454146][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.461775][ T28] audit: type=1400 audit(1746175851.260:1144): avc: denied { execute } for pid=5754 comm="syz.8.2341" path="/2/file1/file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 102.491834][ T43] device bridge_slave_0 left promiscuous mode [ 102.499449][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.512825][ T43] device veth1_macvtap left promiscuous mode [ 102.516131][ T5755] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 102.522187][ T28] audit: type=1400 audit(1746175851.350:1145): avc: denied { mount } for pid=5765 comm="syz.7.2345" name="/" dev="configfs" ino=14535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 102.534329][ T5755] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 102.556597][ T43] device veth0_vlan left promiscuous mode [ 102.569137][ T5755] EXT4-fs (loop8): This should not happen!! Data will be lost [ 102.569137][ T5755] [ 102.574628][ T28] audit: type=1400 audit(1746175851.350:1146): avc: denied { search } for pid=5765 comm="syz.7.2345" name="/" dev="configfs" ino=14535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 102.587859][ T5755] EXT4-fs (loop8): Total free blocks count 0 [ 102.606984][ T28] audit: type=1400 audit(1746175851.350:1147): avc: denied { mounton } for pid=5765 comm="syz.7.2345" path="/" dev="configfs" ino=14535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 102.613308][ T5755] EXT4-fs (loop8): Free/Dirty block details [ 102.641468][ T28] audit: type=1400 audit(1746175851.480:1148): avc: denied { unmount } for pid=5269 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 102.662631][ T5755] EXT4-fs (loop8): free_blocks=4293918720 [ 102.668796][ T5755] EXT4-fs (loop8): dirty_blocks=16 [ 102.673936][ T5755] EXT4-fs (loop8): Block reservation details [ 102.688718][ T5755] EXT4-fs (loop8): i_reserved_data_blocks=1 [ 102.764628][ T24] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 102.801771][ T24] hid-generic 0000:0000:0000.0026: hidraw0: HID v0.00 Device [syz1] on syz0 [ 102.855020][ T10] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 102.933279][ T5794] netlink: 'syz.8.2355': attribute type 1 has an invalid length. [ 102.949568][ T5794] netlink: 'syz.8.2355': attribute type 2 has an invalid length. [ 102.967164][ T5794] netlink: 'syz.8.2355': attribute type 1 has an invalid length. [ 102.975660][ T5794] netlink: 'syz.8.2355': attribute type 2 has an invalid length. [ 103.102530][ T5825] loop7: detected capacity change from 0 to 512 [ 103.126554][ T5825] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 103.142023][ T5825] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 103.167520][ T5825] EXT4-fs (loop7): warning: checktime reached, running e2fsck is recommended [ 103.178642][ T5825] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 103.186974][ T5825] System zones: 0-2, 18-18, 34-34 [ 103.193692][ T5825] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 103.222767][ T5825] EXT4-fs (loop7): 1 truncate cleaned up [ 103.248882][ T5825] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 103.319975][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 103.510611][ T5865] loop6: detected capacity change from 0 to 512 [ 103.512110][ T5867] netlink: 104 bytes leftover after parsing attributes in process `syz.7.2392'. [ 103.548150][ T5865] EXT4-fs (loop6): orphan cleanup on readonly fs [ 103.566226][ T5865] EXT4-fs error (device loop6): ext4_orphan_get:1426: comm syz.6.2391: bad orphan inode 13 [ 103.582483][ T5865] ext4_test_bit(bit=12, block=18) = 1 [ 103.610756][ T5865] is_bad_inode(inode)=0 [ 103.618318][ T5865] NEXT_ORPHAN(inode)=2130706432 [ 103.627116][ T5865] max_ino=32 [ 103.634085][ T5865] i_nlink=1 [ 103.640050][ T5865] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 103.660805][ T5865] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended [ 103.702634][ T5865] EXT4-fs (loop6): re-mounted. Quota mode: writeback. [ 103.729161][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 103.771220][ T5899] syz.3.2405[5899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 103.771301][ T5899] syz.3.2405[5899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 103.925957][ T5925] loop6: detected capacity change from 0 to 256 [ 104.013573][ T5925] FAT-fs (loop6): Directory bread(block 64) failed [ 104.024097][ T5925] FAT-fs (loop6): Directory bread(block 65) failed [ 104.034996][ T5925] FAT-fs (loop6): Directory bread(block 66) failed [ 104.041863][ T5925] FAT-fs (loop6): Directory bread(block 67) failed [ 104.061445][ T5925] FAT-fs (loop6): Directory bread(block 68) failed [ 104.069029][ T5939] loop8: detected capacity change from 0 to 512 [ 104.090684][ T5925] FAT-fs (loop6): Directory bread(block 69) failed [ 104.115651][ T5925] FAT-fs (loop6): Directory bread(block 70) failed [ 104.143804][ T5925] FAT-fs (loop6): Directory bread(block 71) failed [ 104.164068][ T5925] FAT-fs (loop6): Directory bread(block 72) failed [ 104.170634][ T5925] FAT-fs (loop6): Directory bread(block 73) failed [ 104.186721][ T5955] loop8: detected capacity change from 0 to 128 [ 104.225417][ T5955] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 104.252221][ T5955] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.318703][ T5700] EXT4-fs (loop8): unmounting filesystem. [ 104.488511][ T5966] loop0: detected capacity change from 0 to 8192 [ 104.537560][ T5966] loop0: p1 p2 < > p3 p4 < p5 > [ 104.542548][ T5966] loop0: partition table partially beyond EOD, truncated [ 104.555371][ T5966] loop0: p1 size 100663296 extends beyond EOD, truncated [ 104.571303][ T5966] loop0: p2 start 591104 is beyond EOD, truncated [ 104.586652][ T5966] loop0: p3 start 33572980 is beyond EOD, truncated [ 104.602888][ T5966] loop0: p5 size 100663296 extends beyond EOD, truncated [ 104.646558][ T5984] fuse: Bad value for 'fd' [ 104.658878][ T5970] loop8: detected capacity change from 0 to 40427 [ 104.674369][ T5970] F2FS-fs (loop8): Wrong segment_count / block_count (64 > 16384) [ 104.682234][ T5970] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 104.724818][ T5970] F2FS-fs (loop8): Found nat_bits in checkpoint [ 104.784445][ T5970] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 104.791690][ T5970] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 104.830387][ T6004] loop0: detected capacity change from 0 to 128 [ 104.856753][ T5700] syz-executor: attempt to access beyond end of device [ 104.856753][ T5700] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 105.165075][ T6021] loop7: detected capacity change from 0 to 40427 [ 105.172024][ T6021] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12 [ 105.179935][ T6021] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 105.215245][ T6021] F2FS-fs (loop7): Found nat_bits in checkpoint [ 105.254199][ T6021] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 105.261271][ T6021] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 105.457657][ T6035] loop8: detected capacity change from 0 to 512 [ 105.489540][ T6035] EXT4-fs error (device loop8): ext4_do_update_inode:5226: inode #16: comm syz.8.2463: corrupted inode contents [ 105.504267][ T6035] EXT4-fs error (device loop8): ext4_dirty_inode:6091: inode #16: comm syz.8.2463: mark_inode_dirty error [ 105.516006][ T6035] EXT4-fs error (device loop8): ext4_do_update_inode:5226: inode #16: comm syz.8.2463: corrupted inode contents [ 105.528804][ T6035] EXT4-fs error (device loop8): __ext4_ext_dirty:202: inode #16: comm syz.8.2463: mark_inode_dirty error [ 105.540365][ T6035] EXT4-fs error (device loop8): ext4_do_update_inode:5226: inode #16: comm syz.8.2463: corrupted inode contents [ 105.552816][ T6035] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem [ 105.561600][ T6035] EXT4-fs error (device loop8): ext4_do_update_inode:5226: inode #16: comm syz.8.2463: corrupted inode contents [ 105.584401][ T6035] EXT4-fs error (device loop8): ext4_truncate:4313: inode #16: comm syz.8.2463: mark_inode_dirty error [ 105.607805][ T6035] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem [ 105.622663][ T6035] EXT4-fs (loop8): 1 truncate cleaned up [ 105.630172][ T6035] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 105.640066][ T297] EXT4-fs error (device loop8): ext4_release_dquot:6812: comm kworker/u4:3: Failed to release dquot type 1 [ 105.651954][ T6035] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.680226][ T6035] EXT4-fs error (device loop8): ext4_acquire_dquot:6789: comm syz.8.2463: Failed to acquire dquot type 1 [ 105.693423][ T6035] EXT4-fs error (device loop8): ext4_acquire_dquot:6789: comm syz.8.2463: Failed to acquire dquot type 1 [ 105.713868][ T5700] EXT4-fs (loop8): unmounting filesystem. [ 105.808460][ T6082] loop6: detected capacity change from 0 to 1024 [ 105.831974][ T6082] EXT4-fs: Ignoring removed i_version option [ 105.839307][ T6080] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 105.841312][ T6082] EXT4-fs (loop6): Test dummy encryption mode enabled [ 105.886091][ T6082] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 105.975167][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 106.069171][ T6100] loop8: detected capacity change from 0 to 512 [ 106.107212][ T6102] loop7: detected capacity change from 0 to 256 [ 106.133264][ T6100] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 106.164064][ T6102] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 106.184112][ T6102] exFAT-fs (loop7): Medium has reported failures. Some data may be lost. [ 106.216580][ T6102] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 106.251959][ T6100] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 106.291474][ T6100] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 106.585130][ T6123] loop7: detected capacity change from 0 to 2048 [ 106.635044][ T6123] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 106.684099][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 106.726469][ T6127] netlink: 'syz.7.2502': attribute type 3 has an invalid length. [ 106.744031][ T6127] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2502'. [ 107.062772][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 107.062789][ T28] audit: type=1400 audit(1746175855.890:1167): avc: denied { setopt } for pid=6148 comm="syz.7.2511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 107.212114][ T6164] device vlan0 entered promiscuous mode [ 107.218816][ T6163] device vlan0 left promiscuous mode [ 107.293516][ T6168] loop6: detected capacity change from 0 to 512 [ 107.300237][ T6170] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2522'. [ 107.336592][ T6168] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.2521: corrupted inode contents [ 107.374143][ T6168] EXT4-fs error (device loop6): ext4_dirty_inode:6091: inode #16: comm syz.6.2521: mark_inode_dirty error [ 107.385624][ T28] audit: type=1400 audit(1746175856.210:1168): avc: denied { relabelfrom } for pid=6174 comm="syz.7.2523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 107.420745][ T6168] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.2521: corrupted inode contents [ 107.433797][ T28] audit: type=1400 audit(1746175856.210:1169): avc: denied { relabelto } for pid=6174 comm="syz.7.2523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 107.469919][ T6168] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #16: comm syz.6.2521: mark_inode_dirty error [ 107.490506][ T6168] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.2521: corrupted inode contents [ 107.524519][ T6168] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 107.544160][ T6168] EXT4-fs error (device loop6): ext4_do_update_inode:5226: inode #16: comm syz.6.2521: corrupted inode contents [ 107.556790][ T6168] EXT4-fs error (device loop6): ext4_truncate:4313: inode #16: comm syz.6.2521: mark_inode_dirty error [ 107.568918][ T6168] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 107.579142][ T6168] EXT4-fs (loop6): 1 truncate cleaned up [ 107.586352][ T6168] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 107.597487][ T6168] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.608961][ T297] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 107.618915][ T297] EXT4-fs error (device loop6): ext4_release_dquot:6812: comm kworker/u4:3: Failed to release dquot type 1 [ 107.638999][ T5700] EXT4-fs (loop8): unmounting filesystem. [ 107.661974][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 107.728170][ T6201] device veth0 entered promiscuous mode [ 107.735853][ T6199] device veth0 left promiscuous mode [ 107.737950][ T28] audit: type=1400 audit(1746175856.570:1170): avc: denied { bind } for pid=6202 comm="syz.7.2537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 107.760468][ T6205] loop7: detected capacity change from 0 to 1024 [ 107.773511][ T6205] EXT4-fs: Ignoring removed i_version option [ 107.784869][ T6205] EXT4-fs (loop7): Test dummy encryption mode enabled [ 107.811781][ T6205] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 107.839685][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 107.846146][ T6220] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2545'. [ 108.011130][ T28] audit: type=1400 audit(1746175856.840:1171): avc: denied { write } for pid=6260 comm="syz.7.2562" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 108.111448][ T6277] loop8: detected capacity change from 0 to 256 [ 108.282803][ T6294] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2577'. [ 108.407754][ T6307] loop8: detected capacity change from 0 to 2048 [ 108.435625][ T6307] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 108.444217][ T6307] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.463661][ T5700] EXT4-fs (loop8): unmounting filesystem. [ 108.561698][ T6314] loop8: detected capacity change from 0 to 512 [ 108.568476][ T6314] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 108.580155][ T6314] EXT4-fs (loop8): 1 truncate cleaned up [ 108.585920][ T6314] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 108.595776][ T6314] EXT4-fs (loop8): unmounting filesystem. [ 108.855602][ T6320] loop7: detected capacity change from 0 to 512 [ 108.862174][ T6320] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 108.906946][ T6320] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2587'. [ 108.928290][ T6322] loop7: detected capacity change from 0 to 512 [ 108.935291][ T6322] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 108.955845][ T6322] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 108.965288][ T6322] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.989952][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 109.008213][ T6330] loop7: detected capacity change from 0 to 512 [ 109.015190][ T6330] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 109.027349][ T6330] EXT4-fs (loop7): 1 truncate cleaned up [ 109.033142][ T6330] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 109.044526][ T6335] netlink: 'syz.3.2593': attribute type 11 has an invalid length. [ 109.056478][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 109.074083][ T6339] loop7: detected capacity change from 0 to 256 [ 109.111144][ T6347] netlink: 'syz.3.2599': attribute type 3 has an invalid length. [ 109.119103][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2599'. [ 109.439757][ T6408] syz.0.2627 uses obsolete (PF_INET,SOCK_PACKET) [ 109.562312][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 109.630838][ T28] audit: type=1400 audit(1746175858.460:1172): avc: denied { bind } for pid=6429 comm="syz.7.2637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 109.704513][ T6436] SELinux: Context system_u:object_r:systemd_logind_var_run_t:s0 is not valid (left unmapped). [ 109.719337][ T28] audit: type=1400 audit(1746175858.550:1173): avc: denied { relabelto } for pid=6435 comm="syz.0.2641" name="" dev="pipefs" ino=42203 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:systemd_logind_var_run_t:s0" [ 109.941405][ T6471] loop0: detected capacity change from 0 to 512 [ 109.948565][ T6471] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 110.008922][ T6471] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 110.025707][ T6471] ext4 filesystem being mounted at /419/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.040997][ T6487] loop7: detected capacity change from 0 to 512 [ 110.075863][ T6487] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 110.078446][ T276] EXT4-fs (loop0): unmounting filesystem. [ 110.120199][ T6487] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 110.162036][ T6487] ext4 filesystem being mounted at /135/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 110.270804][ T28] audit: type=1400 audit(1746175859.100:1174): avc: denied { ioctl } for pid=6508 comm="syz.6.2672" path="socket:[42491]" dev="sockfs" ino=42491 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 110.367260][ T6521] netlink: 'syz.0.2678': attribute type 3 has an invalid length. [ 110.375644][ T6521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2678'. [ 110.604079][ T19] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 110.795181][ T19] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.810718][ T19] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.826968][ T19] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 110.840086][ T19] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 110.849225][ T19] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.858188][ T19] usb 7-1: config 0 descriptor?? [ 111.210146][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 111.222757][ T6551] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2693'. [ 111.262764][ T28] audit: type=1400 audit(1746175860.090:1175): avc: denied { nlmsg_write } for pid=6559 comm="syz.3.2697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 111.286347][ T19] plantronics 0003:047F:FFFF.0027: unknown main item tag 0xd [ 111.301046][ T19] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving [ 111.311716][ T19] plantronics 0003:047F:FFFF.0027: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 111.486924][ T6573] loop7: detected capacity change from 0 to 40427 [ 111.494620][ T6573] F2FS-fs (loop7): invalid crc value [ 111.505071][ T6573] F2FS-fs (loop7): Found nat_bits in checkpoint [ 111.543719][ T6573] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 111.565262][ T24] usb 7-1: USB disconnect, device number 9 [ 111.577366][ T6573] syz.7.2704: attempt to access beyond end of device [ 111.577366][ T6573] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 111.591190][ T1897] Bluetooth: hci0: command 0x1003 tx timeout [ 111.591242][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 111.591349][ T6420] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 111.796867][ T6600] loop7: detected capacity change from 0 to 256 [ 111.815963][ T6600] FAT-fs (loop7): Directory bread(block 64) failed [ 111.825824][ T6600] FAT-fs (loop7): Directory bread(block 65) failed [ 111.832518][ T6600] FAT-fs (loop7): Directory bread(block 66) failed [ 111.839851][ T6600] FAT-fs (loop7): Directory bread(block 67) failed [ 111.846709][ T6600] FAT-fs (loop7): Directory bread(block 68) failed [ 111.853488][ T6600] FAT-fs (loop7): Directory bread(block 69) failed [ 111.860365][ T6600] FAT-fs (loop7): Directory bread(block 70) failed [ 111.879955][ T6600] FAT-fs (loop7): Directory bread(block 71) failed [ 111.886810][ T6600] FAT-fs (loop7): Directory bread(block 72) failed [ 111.893487][ T6600] FAT-fs (loop7): Directory bread(block 73) failed [ 111.931629][ T6606] loop8: detected capacity change from 0 to 256 [ 111.938282][ T6606] exfat: Deprecated parameter 'utf8' [ 112.094541][ T28] kauditd_printk_skb: 56 callbacks suppressed [ 112.094560][ T28] audit: type=1400 audit(1746175860.930:1232): avc: denied { create } for pid=6619 comm="syz.6.2723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 112.131299][ T28] audit: type=1400 audit(1746175860.960:1233): avc: denied { write } for pid=6619 comm="syz.6.2723" path="socket:[43142]" dev="sockfs" ino=43142 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 112.306409][ T6634] fuse: Bad value for 'fd' [ 112.394126][ T6646] loop8: detected capacity change from 0 to 512 [ 112.411233][ T6646] EXT4-fs error (device loop8): ext4_orphan_get:1400: inode #15: comm syz.8.2737: casefold flag without casefold feature [ 112.424243][ T6646] EXT4-fs error (device loop8): ext4_orphan_get:1405: comm syz.8.2737: couldn't read orphan inode 15 (err -117) [ 112.436463][ T6646] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 112.495188][ T5700] EXT4-fs (loop8): unmounting filesystem. [ 112.536458][ T6661] syz.6.2741[6661] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.536539][ T6661] syz.6.2741[6661] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.606922][ T6666] loop6: detected capacity change from 0 to 512 [ 112.628350][ T6666] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 112.651911][ T6666] EXT4-fs (loop6): orphan cleanup on readonly fs [ 112.660876][ T6666] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.2743: bg 0: block 248: padding at end of block bitmap is not set [ 112.675781][ T6666] Quota error (device loop6): write_blk: dquota write failed [ 112.683217][ T6666] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 112.693333][ T6666] EXT4-fs error (device loop6): ext4_acquire_dquot:6789: comm syz.6.2743: Failed to acquire dquot type 1 [ 112.707215][ T6666] EXT4-fs (loop6): 1 truncate cleaned up [ 112.713261][ T6666] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 112.775525][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 112.849423][ T6681] loop6: detected capacity change from 0 to 2048 [ 112.904676][ T6681] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 112.935524][ T6681] EXT4-fs error (device loop6): ext4_ext_precache:645: inode #2: comm syz.6.2752: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 112.955589][ T28] audit: type=1400 audit(1746175861.790:1234): avc: denied { setopt } for pid=6688 comm="syz.3.2755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 112.984116][ T6681] EXT4-fs (loop6): Remounting filesystem read-only [ 113.013434][ T6681] EXT4-fs error (device loop6): ext4_find_extent:936: inode #2: comm syz.6.2752: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 113.067685][ T6681] EXT4-fs (loop6): Remounting filesystem read-only [ 113.098199][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 113.373422][ T6722] loop7: detected capacity change from 0 to 1024 [ 113.382277][ T6722] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 113.452167][ T5269] EXT4-fs (loop7): unmounting filesystem. [ 113.469119][ T6727] SELinux: policydb magic number 0x18 does not match expected magic number 0xf97cff8c [ 113.478916][ T6727] SELinux: failed to load policy [ 113.635156][ T6752] incfs: Options parsing error. -22 [ 113.640480][ T6752] incfs: mount failed -22 [ 113.684686][ T6762] loop6: detected capacity change from 0 to 512 [ 113.696763][ T6762] EXT4-fs (loop6): Test dummy encryption mode enabled [ 113.704058][ T6762] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 113.721322][ T6762] EXT4-fs error (device loop6): ext4_orphan_get:1426: comm syz.6.2789: bad orphan inode 131083 [ 113.732709][ T6762] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 113.745196][ T6762] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 13: comm syz.6.2789: path /165/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 113.773863][ T4283] EXT4-fs (loop6): unmounting filesystem. [ 113.807319][ T6779] device batadv_slave_0 entered promiscuous mode [ 113.815773][ T6783] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2799'. [ 113.818258][ T6784] loop8: detected capacity change from 0 to 512 [ 113.831638][ T6778] device batadv_slave_0 left promiscuous mode [ 113.855839][ T6784] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 113.865080][ T6784] ext4 filesystem being mounted at /63/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 113.894110][ T5700] EXT4-fs (loop8): unmounting filesystem. [ 113.940334][ T6805] loop8: detected capacity change from 0 to 256 [ 113.975950][ T28] audit: type=1400 audit(1746175862.810:1235): avc: denied { sys_module } for pid=6809 comm="syz.8.2810" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 114.361160][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 115.014667][ T6854] loop6: detected capacity change from 0 to 40427 [ 115.022285][ T6854] F2FS-fs (loop6): invalid crc value [ 115.029113][ T6854] F2FS-fs (loop6): Found nat_bits in checkpoint [ 115.058760][ T6854] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 115.096267][ T6854] syz.6.2831: attempt to access beyond end of device [ 115.096267][ T6854] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.111209][ T6854] syz.6.2831: attempt to access beyond end of device [ 115.111209][ T6854] loop6: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 115.131344][ T4283] syz-executor: attempt to access beyond end of device [ 115.131344][ T4283] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 115.246933][ T6880] loop0: detected capacity change from 0 to 4096 [ 115.260397][ T6880] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.2843: corrupted inode contents [ 115.273502][ T6880] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #15: comm syz.0.2843: mark_inode_dirty error [ 115.285240][ T6880] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.2843: corrupted inode contents [ 115.297532][ T6880] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #15: comm syz.0.2843: mark_inode_dirty error [ 115.309190][ T6880] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.2843: corrupted inode contents [ 115.321913][ T6880] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #15: comm syz.0.2843: mark_inode_dirty error [ 115.333579][ T6880] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.2843: corrupted inode contents [ 115.346095][ T6880] EXT4-fs error (device loop0): ext4_truncate:4313: inode #15: comm syz.0.2843: mark_inode_dirty error [ 115.357777][ T6880] EXT4-fs error (device loop0) in ext4_setattr:5630: Corrupt filesystem [ 115.392985][ T6880] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.2843: corrupted inode contents [ 115.488922][ T6885] loop6: detected capacity change from 0 to 40427 [ 115.495962][ T6885] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 115.503720][ T6885] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 115.512994][ T6885] F2FS-fs (loop6): invalid crc value [ 115.520898][ T6885] F2FS-fs (loop6): Found nat_bits in checkpoint [ 115.561755][ T6885] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 115.568946][ T6885] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 115.831376][ T6934] loop6: detected capacity change from 0 to 2048 [ 115.872175][ T6938] loop6: detected capacity change from 0 to 256 [ 116.123146][ T6955] loop6: detected capacity change from 0 to 40427 [ 116.131781][ T28] audit: type=1400 audit(1746176377.963:1236): avc: denied { create } for pid=6964 comm="syz.8.2877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 116.161973][ T6955] F2FS-fs (loop6): Invalid SB checksum offset: 0 [ 116.171844][ T6955] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock [ 116.188972][ T6955] F2FS-fs (loop6): invalid crc value [ 116.201323][ T6972] overlayfs: missing 'lowerdir' [ 116.205293][ T6955] F2FS-fs (loop6): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 116.244583][ T6955] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0 [ 116.251774][ T6955] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 116.282641][ T6955] syz.6.2872: attempt to access beyond end of device [ 116.282641][ T6955] loop6: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 116.306222][ T4283] syz-executor: attempt to access beyond end of device [ 116.306222][ T4283] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 116.394055][ T1893] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 116.394093][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 116.406863][ T6845] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 117.119070][ T7000] incfs: Options parsing error. -22 [ 117.132639][ T7000] incfs: mount failed -22 [ 117.395666][ T7027] loop8: detected capacity change from 0 to 256 [ 117.402539][ T7027] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 117.447474][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2906'. [ 117.457380][ T7035] overlayfs: failed to clone upperpath [ 117.478180][ T7039] syz.3.2909[7039] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.478274][ T7039] syz.3.2909[7039] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.488238][ T7041] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 117.515998][ T7041] overlayfs: filesystem on './bus' not supported as upperdir [ 117.640283][ T7059] loop8: detected capacity change from 0 to 512 [ 117.640352][ T7061] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2919'. [ 117.656676][ T7059] EXT4-fs (loop8): can't read group descriptor 0 [ 117.705459][ T28] audit: type=1326 audit(1746176379.543:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7068 comm="syz.3.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a0858e969 code=0x7ffc0000 [ 117.730555][ T28] audit: type=1326 audit(1746176379.573:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7068 comm="syz.3.2924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a0858e969 code=0x7ffc0000 [ 117.789022][ T28] audit: type=1400 audit(1746176379.623:1239): avc: denied { create } for pid=7078 comm="syz.6.2929" name="file7" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 117.817724][ T7083] syz.6.2931[7083] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.817801][ T7083] syz.6.2931[7083] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.860566][ T7087] overlayfs: conflicting lowerdir path [ 117.974993][ T28] audit: type=1326 audit(1746176379.813:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7097 comm="syz.8.2939" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f203078e969 code=0x0 [ 118.011615][ T28] audit: type=1400 audit(1746176379.843:1241): avc: denied { getopt } for pid=7103 comm="syz.0.2941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 118.209407][ T7115] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 118.216720][ T7115] IPv6: NLM_F_CREATE should be set when creating new route [ 118.223997][ T7115] IPv6: NLM_F_CREATE should be set when creating new route [ 118.464055][ C0] ================================================================== [ 118.472590][ C0] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0 [ 118.479623][ C0] Write of size 8 at addr ffff88810da78a00 by task swapper/0/0 [ 118.487305][ C0] [ 118.489636][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.1.134-syzkaller-00033-g0c1a07d9c284 #0 [ 118.500736][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 118.510785][ C0] Call Trace: [ 118.514193][ C0] [ 118.517032][ C0] __dump_stack+0x21/0x24 [ 118.521367][ C0] dump_stack_lvl+0xee/0x150 [ 118.525949][ C0] ? __cfi_dump_stack_lvl+0x8/0x8 [ 118.531052][ C0] ? update_rq_clock+0x536/0x5c0 [ 118.535987][ C0] ? __run_timers+0x32b/0x9a0 [ 118.540654][ C0] print_address_description+0x71/0x210 [ 118.546194][ C0] print_report+0x4a/0x60 [ 118.550515][ C0] kasan_report+0x122/0x150 [ 118.555011][ C0] ? __run_timers+0x32b/0x9a0 [ 118.559689][ C0] __asan_report_store8_noabort+0x17/0x20 [ 118.565513][ C0] __run_timers+0x32b/0x9a0 [ 118.570201][ C0] ? sched_clock+0x9/0x10 [ 118.574720][ C0] ? sched_clock_cpu+0x6e/0x250 [ 118.579859][ C0] ? calc_index+0x200/0x200 [ 118.584469][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 118.589724][ C0] run_timer_softirq+0x6a/0xf0 [ 118.594485][ C0] handle_softirqs+0x1d7/0x600 [ 118.599337][ C0] ? irqtime_account_irq+0xc4/0x240 [ 118.604529][ C0] __irq_exit_rcu+0x52/0xf0 [ 118.609024][ C0] irq_exit_rcu+0x9/0x10 [ 118.613254][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 118.618880][ C0] [ 118.621797][ C0] [ 118.624711][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 118.630754][ C0] RIP: 0010:default_idle+0xf/0x20 [ 118.635889][ C0] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 83 ca 56 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 118.655502][ C0] RSP: 0018:ffffffff86e07d58 EFLAGS: 00000257 [ 118.661575][ C0] RAX: ffff8881f7000000 RBX: ffffffff86e1c500 RCX: 921e6390191ef200 [ 118.670066][ C0] RDX: 0000000000000001 RSI: ffffffff85a9f7c0 RDI: ffffffff85a9f780 [ 118.678039][ C0] RBP: ffffffff86e07d58 R08: dffffc0000000000 R09: ffffed103ee068ff [ 118.686113][ C0] R10: 0000000000000000 R11: ffffffff84ef6b70 R12: 0000000000000000 [ 118.694076][ C0] R13: 0000000000000000 R14: ffffffff86e1c500 R15: dffffc0000000000 [ 118.702066][ C0] ? __cfi_default_idle+0x10/0x10 [ 118.707181][ C0] arch_cpu_idle+0x1c/0x20 [ 118.711799][ C0] default_idle_call+0x71/0x1d0 [ 118.718658][ C0] do_idle+0x1a7/0x520 [ 118.722732][ C0] ? irqentry_exit+0x30/0x40 [ 118.727317][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 118.732505][ C0] ? schedule_idle+0x5b/0x90 [ 118.737091][ C0] ? do_idle+0x6/0x520 [ 118.741153][ C0] cpu_startup_entry+0x43/0x60 [ 118.745971][ C0] rest_init+0x10a/0x130 [ 118.750218][ C0] ? __cfi_x86_late_time_init+0x8/0x8 [ 118.755636][ C0] arch_call_rest_init+0xe/0x10 [ 118.760486][ C0] start_kernel+0x47d/0x4eb [ 118.765006][ C0] x86_64_start_reservations+0x2a/0x2c [ 118.770464][ C0] x86_64_start_kernel+0x7c/0x81 [ 118.775668][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 118.781684][ C0] [ 118.784706][ C0] [ 118.787045][ C0] Allocated by task 6845: [ 118.791488][ C0] kasan_set_track+0x4b/0x70 [ 118.796079][ C0] kasan_save_alloc_info+0x25/0x30 [ 118.801190][ C0] __kasan_kmalloc+0x95/0xb0 [ 118.805793][ C0] __kmalloc+0xb1/0x1e0 [ 118.810029][ C0] hci_alloc_dev_priv+0x27/0x1bd0 [ 118.815225][ C0] hci_uart_tty_ioctl+0x3c8/0xa00 [ 118.820248][ C0] tty_ioctl+0x8ef/0xc60 [ 118.824474][ C0] __se_sys_ioctl+0x12f/0x1b0 [ 118.829167][ C0] __x64_sys_ioctl+0x7b/0x90 [ 118.833760][ C0] x64_sys_call+0x58b/0x9a0 [ 118.838362][ C0] do_syscall_64+0x4c/0xa0 [ 118.842810][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 118.848704][ C0] [ 118.851105][ C0] Freed by task 6845: [ 118.855075][ C0] kasan_set_track+0x4b/0x70 [ 118.859672][ C0] kasan_save_free_info+0x31/0x50 [ 118.864703][ C0] ____kasan_slab_free+0x132/0x180 [ 118.869815][ C0] __kasan_slab_free+0x11/0x20 [ 118.874578][ C0] slab_free_freelist_hook+0xc2/0x190 [ 118.879976][ C0] __kmem_cache_free+0xb7/0x1b0 [ 118.884832][ C0] kfree+0x6f/0xf0 [ 118.888554][ C0] hci_release_dev+0x13ad/0x1500 [ 118.893485][ C0] bt_host_release+0x82/0x90 [ 118.898100][ C0] device_release+0xa4/0x1d0 [ 118.902763][ C0] kobject_put+0x19d/0x280 [ 118.907205][ C0] put_device+0x1f/0x30 [ 118.911547][ C0] hci_dev_cmd+0x265/0x720 [ 118.916564][ C0] hci_sock_ioctl+0x41e/0x7f0 [ 118.921251][ C0] sock_do_ioctl+0x101/0x310 [ 118.925840][ C0] sock_ioctl+0x4d8/0x6e0 [ 118.930181][ C0] __se_sys_ioctl+0x12f/0x1b0 [ 118.934947][ C0] __x64_sys_ioctl+0x7b/0x90 [ 118.939631][ C0] x64_sys_call+0x58b/0x9a0 [ 118.944136][ C0] do_syscall_64+0x4c/0xa0 [ 118.948733][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 118.954627][ C0] [ 118.956961][ C0] Last potentially related work creation: [ 118.962755][ C0] kasan_save_stack+0x3a/0x60 [ 118.967431][ C0] __kasan_record_aux_stack+0xb6/0xc0 [ 118.972806][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 118.978616][ C0] insert_work+0x51/0x300 [ 118.982967][ C0] __queue_work+0x9b1/0xd30 [ 118.987467][ C0] queue_work_on+0xd2/0x140 [ 118.991972][ C0] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 118.996999][ C0] hci_cmd_sync_status+0x53/0x120 [ 119.002026][ C0] hci_dev_cmd+0x628/0x720 [ 119.006525][ C0] hci_sock_ioctl+0x41e/0x7f0 [ 119.011302][ C0] sock_do_ioctl+0x101/0x310 [ 119.015897][ C0] sock_ioctl+0x4d8/0x6e0 [ 119.020226][ C0] __se_sys_ioctl+0x12f/0x1b0 [ 119.024898][ C0] __x64_sys_ioctl+0x7b/0x90 [ 119.029480][ C0] x64_sys_call+0x58b/0x9a0 [ 119.033970][ C0] do_syscall_64+0x4c/0xa0 [ 119.038385][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 119.044274][ C0] [ 119.046584][ C0] Second to last potentially related work creation: [ 119.053148][ C0] kasan_save_stack+0x3a/0x60 [ 119.057815][ C0] __kasan_record_aux_stack+0xb6/0xc0 [ 119.063196][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 119.069001][ C0] insert_work+0x51/0x300 [ 119.073349][ C0] __queue_work+0x9b1/0xd30 [ 119.077937][ C0] queue_work_on+0xd2/0x140 [ 119.082435][ C0] hci_cmd_timeout+0x191/0x200 [ 119.087370][ C0] process_one_work+0x71f/0xc40 [ 119.092208][ C0] worker_thread+0xa29/0x11f0 [ 119.096961][ C0] kthread+0x281/0x320 [ 119.101020][ C0] ret_from_fork+0x1f/0x30 [ 119.105429][ C0] [ 119.107742][ C0] The buggy address belongs to the object at ffff88810da78000 [ 119.107742][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 119.121884][ C0] The buggy address is located 2560 bytes inside of [ 119.121884][ C0] 8192-byte region [ffff88810da78000, ffff88810da7a000) [ 119.135322][ C0] [ 119.137638][ C0] The buggy address belongs to the physical page: [ 119.144048][ C0] page:ffffea0004369e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10da78 [ 119.154282][ C0] head:ffffea0004369e00 order:3 compound_mapcount:0 compound_pincount:0 [ 119.162600][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 119.168680][ C0] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043500 [ 119.177258][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 119.185826][ C0] page dumped because: kasan: bad access detected [ 119.192238][ C0] page_owner tracks the page as allocated [ 119.197949][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2422309926, free_ts 0 [ 119.216025][ C0] post_alloc_hook+0x1f5/0x210 [ 119.220789][ C0] prep_new_page+0x1c/0x110 [ 119.225282][ C0] get_page_from_freelist+0x2c6e/0x2ce0 [ 119.230817][ C0] __alloc_pages+0x19e/0x3a0 [ 119.235393][ C0] alloc_slab_page+0x6e/0xf0 [ 119.239971][ C0] new_slab+0x98/0x3d0 [ 119.244027][ C0] ___slab_alloc+0x6f6/0xb50 [ 119.248605][ C0] __slab_alloc+0x5e/0xa0 [ 119.252936][ C0] __kmem_cache_alloc_node+0x203/0x2c0 [ 119.258379][ C0] __kmalloc_node+0xa1/0x1e0 [ 119.262982][ C0] kvmalloc_node+0x294/0x480 [ 119.267564][ C0] sbitmap_init_node+0x43b/0x580 [ 119.272575][ C0] scsi_realloc_sdev_budget_map+0x24e/0x3a0 [ 119.278461][ C0] scsi_alloc_sdev+0x7ee/0xac0 [ 119.283217][ C0] scsi_probe_and_add_lun+0x192/0x3bb0 [ 119.288839][ C0] __scsi_scan_target+0x1e8/0xbb0 [ 119.293858][ C0] page_owner free stack trace missing [ 119.299207][ C0] [ 119.301535][ C0] Memory state around the buggy address: [ 119.307171][ C0] ffff88810da78900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.315241][ C0] ffff88810da78980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.323295][ C0] >ffff88810da78a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.331452][ C0] ^ [ 119.335607][ C0] ffff88810da78a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.343751][ C0] ffff88810da78b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.351798][ C0] ================================================================== [ 119.359836][ C0] Disabling lock debugging due to kernel taint [ 119.366064][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 119.377787][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 119.386217][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B W 6.1.134-syzkaller-00033-g0c1a07d9c284 #0 [ 119.397169][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 119.407217][ C0] RIP: 0010:__queue_work+0x575/0xd30 [ 119.412508][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 90 7d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 1f 6d 00 49 8b 7d 00 e8 73 79 [ 119.432283][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046 [ 119.438354][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c500 [ 119.446319][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 119.454285][ C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007 [ 119.462250][ C0] R10: ffffed1021b4f139 R11: 1ffff11021b4f139 R12: dffffc0000000000 [ 119.470214][ C0] R13: 0000000000000000 R14: ffff88810da789c8 R15: 0000000000000008 [ 119.478189][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 119.487138][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.493715][ C0] CR2: 0000001b2d017ff8 CR3: 000000013b7dd000 CR4: 00000000003506b0 [ 119.501772][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.509843][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 119.517841][ C0] Call Trace: [ 119.521120][ C0] [ 119.523962][ C0] delayed_work_timer_fn+0x61/0x80 [ 119.529094][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 119.534902][ C0] call_timer_fn+0x46/0x2a0 [ 119.539406][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 119.545299][ C0] __run_timers+0x667/0x9a0 [ 119.549806][ C0] ? calc_index+0x200/0x200 [ 119.554306][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 119.559511][ C0] run_timer_softirq+0x6a/0xf0 [ 119.564271][ C0] handle_softirqs+0x1d7/0x600 [ 119.569028][ C0] ? irqtime_account_irq+0xc4/0x240 [ 119.574257][ C0] __irq_exit_rcu+0x52/0xf0 [ 119.578864][ C0] irq_exit_rcu+0x9/0x10 [ 119.583141][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 119.588772][ C0] [ 119.591694][ C0] [ 119.594621][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 119.600703][ C0] RIP: 0010:default_idle+0xf/0x20 [ 119.605756][ C0] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 83 ca 56 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 119.625468][ C0] RSP: 0018:ffffffff86e07d58 EFLAGS: 00000257 [ 119.631532][ C0] RAX: ffff8881f7000000 RBX: ffffffff86e1c500 RCX: 921e6390191ef200 [ 119.639597][ C0] RDX: 0000000000000001 RSI: ffffffff85a9f7c0 RDI: ffffffff85a9f780 [ 119.647586][ C0] RBP: ffffffff86e07d58 R08: dffffc0000000000 R09: ffffed103ee068ff [ 119.655691][ C0] R10: 0000000000000000 R11: ffffffff84ef6b70 R12: 0000000000000000 [ 119.663669][ C0] R13: 0000000000000000 R14: ffffffff86e1c500 R15: dffffc0000000000 [ 119.671693][ C0] ? __cfi_default_idle+0x10/0x10 [ 119.676725][ C0] arch_cpu_idle+0x1c/0x20 [ 119.681152][ C0] default_idle_call+0x71/0x1d0 [ 119.686005][ C0] do_idle+0x1a7/0x520 [ 119.690073][ C0] ? irqentry_exit+0x30/0x40 [ 119.694662][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 119.699877][ C0] ? schedule_idle+0x5b/0x90 [ 119.704487][ C0] ? do_idle+0x6/0x520 [ 119.708658][ C0] cpu_startup_entry+0x43/0x60 [ 119.713420][ C0] rest_init+0x10a/0x130 [ 119.717663][ C0] ? __cfi_x86_late_time_init+0x8/0x8 [ 119.723062][ C0] arch_call_rest_init+0xe/0x10 [ 119.727926][ C0] start_kernel+0x47d/0x4eb [ 119.732446][ C0] x86_64_start_reservations+0x2a/0x2c [ 119.738004][ C0] x86_64_start_kernel+0x7c/0x81 [ 119.743051][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 119.749042][ C0] [ 119.752119][ C0] Modules linked in: [ 119.756025][ C0] ---[ end trace 0000000000000000 ]--- [ 119.761493][ C0] RIP: 0010:__queue_work+0x575/0xd30 [ 119.766819][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 90 7d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 1f 6d 00 49 8b 7d 00 e8 73 79 [ 119.786614][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046 [ 119.792681][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c500 [ 119.800651][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 119.808707][ C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007 [ 119.816693][ C0] R10: ffffed1021b4f139 R11: 1ffff11021b4f139 R12: dffffc0000000000 [ 119.824662][ C0] R13: 0000000000000000 R14: ffff88810da789c8 R15: 0000000000000008 [ 119.832636][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 119.841560][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.848253][ C0] CR2: 0000001b2d017ff8 CR3: 000000013b7dd000 CR4: 00000000003506b0 [ 119.856236][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.864307][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 119.872458][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 119.879914][ C0] Kernel Offset: disabled [ 119.884231][ C0] Rebooting in 86400 seconds..