last executing test programs: 10.637291169s ago: executing program 0 (id=3026): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) fsmount(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) r5 = syz_io_uring_setup(0x1eae, &(0x7f0000000380)={0x0, 0x9d2d, 0x1, 0x2, 0x335}, &(0x7f0000000080)=0x0, &(0x7f0000001080)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r5, 0x1682, 0x0, 0xb, 0x0, 0x0) 9.368293014s ago: executing program 0 (id=3031): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@ringbuf_query, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{0x1}, &(0x7f0000000300), &(0x7f0000000340)}, 0x1c) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r3, 0x58, &(0x7f0000000340)={0x0, 0x0}}, 0x10) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r4}, 0xc) close(r5) 7.721816597s ago: executing program 0 (id=3036): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f0000000240), 0x1, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 7.506738798s ago: executing program 0 (id=3038): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x249, &(0x7f0000000800)="$eJzs3T9oJFUcB/DvzO56JrfIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyURIgJdomVjYXWKqlsgtgZLSVNsFEEq6gpYiNosDBYaLGyO4nEZDWaXXfizecDk5nJvDe/N+x8324zuwEa60KSS0laSWaSdJIUhxvcXS0X9ndXpzavJb3eEz8Vg3bVfuWg3/kkK0keSrJRFnmpnSytP7Pzy9Zj97252Ln3/fWnpyZ6kft2d7Yf33vvyhsfXX5w6YuvfrhS5FK6f7qu8SuG/K9dJLf8F8XOiKJd9wj4J66+9uHX/dzfmuSeQf47KVO9eG8t3LDRyQPv/lXft3/88vZJjhUYv16v038PXOkBjVMm6aYoZ5NU22U5O1t9hv+mNV2+PL/w6syL84tzL9Q9UwHj0k22H/3k3Mfnj+T/+1aVf+B/YPp03fr5f/Lq2rf97b3WmMcEnE13VKt+/meeW74/8g+NI//QXPIPzSX/0FzyD80l/9Bc8g/Xsc7fH5Z/aC75h+aSf2iuw/kHAJqld67uJ5CButQ9/wAAAAAAAAAAAAAAAAAAAMetTm1eO1gmVfOzd5LdR5K0h9VvDX6POLlx8Hf656Lf7A9F1W0kz9414glG9EHNT1/f9F299T+/s976y3PJyutJLrbbx++/Yv/+O72bTzjeeX7EAv9ScWT/4acmW/+o39bqrX95K/m0P/9cHDb/lLltsB4+/3RP/orlE73y64gnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGJ+DwAA//8NTG1W") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0}, 0x18) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x10, 0x0, &(0x7f0000000240)='GPL\x00', 0x4, 0x1009, &(0x7f0000000fc0)=""/4105, 0x0, 0xc}, 0x94) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) lstat(&(0x7f0000000180)='./file1\x00', 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) 7.279145781s ago: executing program 0 (id=3043): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000100)={0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000240)={0x1f, 0x3, 0x0, 0x0, 0x1000000002, 0x0, 0x0, 0x6}, 0x0, 0x0) 6.944523664s ago: executing program 0 (id=3046): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf32(r1, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x5, 0x10000, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0x7ff}, [{0x2, 0x5dbf, 0x2, 0x6, 0x8000, 0x5, 0x400, 0xb}], "", ['\x00', '\x00']}, 0x258) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB], 0xbc}, 0x1, 0x0, 0x0, 0x8040}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) sendmsg$NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x90, r2, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0xf}, @val={0x8}, @void}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0x6c, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_TCP_CONNECTION={0x68, 0xe, 0x0, 0x1, [@NL80211_WOWLAN_TCP_DATA_PAYLOAD={0x62, 0x6, "34a5e0425ae97fd2152a22d7226696b3188ea055b9730a866647a4000fdf5a051799b05d2a1c4d8abc947e41559f9061b6d0e651a446525857a872e10138c03f620b2e2da4ef0b2c02e40f10c699c9245220850336524b0a888abc6a4d9c"}]}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10000008) 6.918295087s ago: executing program 32 (id=3046): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf32(r1, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x5, 0x10000, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0x7ff}, [{0x2, 0x5dbf, 0x2, 0x6, 0x8000, 0x5, 0x400, 0xb}], "", ['\x00', '\x00']}, 0x258) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB], 0xbc}, 0x1, 0x0, 0x0, 0x8040}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) sendmsg$NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x90, r2, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0xf}, @val={0x8}, @void}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0x6c, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_TCP_CONNECTION={0x68, 0xe, 0x0, 0x1, [@NL80211_WOWLAN_TCP_DATA_PAYLOAD={0x62, 0x6, "34a5e0425ae97fd2152a22d7226696b3188ea055b9730a866647a4000fdf5a051799b05d2a1c4d8abc947e41559f9061b6d0e651a446525857a872e10138c03f620b2e2da4ef0b2c02e40f10c699c9245220850336524b0a888abc6a4d9c"}]}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10000008) 5.996454228s ago: executing program 2 (id=3051): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000080000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, &(0x7f00000002c0)=&(0x7f0000000180)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, &(0x7f0000000180)) 5.859288841s ago: executing program 1 (id=3053): r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000001c0)={0x5b, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000680)={0x0, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000d00)={0x34, &(0x7f0000000ac0)={0x40, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000340)={0x20, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.543757893s ago: executing program 4 (id=3058): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000080), 0x2000011a) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20004000}, 0x20008090) 4.86146445s ago: executing program 4 (id=3060): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000200304306000002000000109022400010000000009040000010300000009210000000122020009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 4.663341039s ago: executing program 2 (id=3063): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = socket(0x10, 0x3, 0xa) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x7fffffffffffffff) 4.66047366s ago: executing program 2 (id=3064): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000200)={0x20, 0x12, 0x6, "f0803bb547c4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 4.45454876s ago: executing program 3 (id=3067): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default '], 0x2a, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[@wr_drn={0x6e, 0x20, {0x6, 0xa}}, @out_dx={0xaa, 0x28, {0xf34e, 0x3, 0x4}}], 0x48}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000100)=0xd000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x1, 0x9, 0x7ffffffffffffffd, 0x6, 0x2, 0x7, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x9, 0x3, 0x2000000000000000, 0x1, 0x101], 0xeeee8000, 0x2010d3}) fgetxattr(r2, &(0x7f0000000140)=@known='com.apple.system.Security\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.226602122s ago: executing program 3 (id=3069): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 4.205879855s ago: executing program 3 (id=3070): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000200304306000002000000109022400010000000009040000010300000009210000000122020009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 2.295263453s ago: executing program 4 (id=3078): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@dioread_nolock}, {@noauto_da_alloc}, {@inlinecrypt}, {@i_version}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@quota}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000000000000000100000091000400"]) 2.213673051s ago: executing program 4 (id=3079): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0x45, 0x1488, 0xffffffffffffffff, 0x5}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x3}, 0x50) write$UHID_INPUT(r4, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a3f00005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006) 2.070134556s ago: executing program 5 (id=3082): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) fsmount(0xffffffffffffffff, 0x0, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$sock_SIOCGSKNS(r5, 0x894c, &(0x7f0000000000)=0x200) r6 = syz_io_uring_setup(0x1eae, &(0x7f0000000380)={0x0, 0x9d2d, 0x1, 0x2, 0x335}, &(0x7f0000000080)=0x0, &(0x7f0000001080)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r6, 0x1682, 0x0, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x110e22fff6) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000300000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x800}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) 1.980018094s ago: executing program 1 (id=3083): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000815}, 0x0) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x4a}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0xf, 0x0, &(0x7f0000000640)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x8, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@ringbuf_query, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{0x1}, &(0x7f0000000300), &(0x7f0000000340)}, 0x1c) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r4, 0x58, &(0x7f0000000340)={0x0, 0x0}}, 0x10) r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r5}, 0xc) close(r6) syz_open_procfs(r1, &(0x7f0000000680)='net/rpc\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x0, 0x0, &(0x7f0000000540)='GPL\x00', 0xb30, 0x41, &(0x7f0000000580)=""/65, 0x40f00, 0x60, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000600)={0x0, 0xc, 0x800, 0xff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cd0606000000000000006b943e8bb0ac60081e33dff8150835f7519d5f73b4f5d80e40000900ffff000000005d092392f816d0fdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd9) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) close_range(r7, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 1.901113302s ago: executing program 2 (id=3084): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) close_range(r0, 0xffffffffffffffff, 0x0) 1.724743769s ago: executing program 2 (id=3085): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x19c, r1, 0xe701ac47a3d23ecd, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0x17e, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00\x91d\xe6,\xd3@I\x17\xf3\xbeeI8bz\xdb\xb8s0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93U6\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\xacs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4\x8fK=40\xe8R\x83p,J\xca\x85\xcb\xfa:\xdb\xda\x05\xed\xc8\xad\xa2\xfc0C\x9e3\x8e*\xae\x91\xa4\xc7)\xc0\x87\x9b\xee~\xdb\xac\x03\x90\xb1\x05\x81\xb1j\xfaO`\xa7\xa0\xeb\x83\x13 \xc8\x98\xdb\v \x95\x8eD\xc3\xc6:\xcc%\x88\xc7\xa5\xe5\xfc\xccl\x96F_\x92\xa2\xc3\xea@\"\xb1\x1b`o~B\xb4W\xd8\v\xabCBL\x81A\x92D\xd5{K\xf0\xd5\x91\n\x94\x9b\xd9\xdb2E\\\xb1\x90\xf1\xfc\xc1}\x96\xf4\xba3g\xc8\xf7j\xbc\xf1\x11\xe3\x05\xean9M\xeb&\xd2\xdf\xbe\xa1\xe8[\x91\xa5\x90uX\xd0IH!\xe3\x8a9k\x94\xc8\xde\xea\xc6^\x96\xceV\xb2\xcba\x8b\xbc\xe9'}]}, 0x19c}, 0x1, 0x0, 0x0, 0x2}, 0x4000840) 1.666733776s ago: executing program 2 (id=3086): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d096471908"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCSUSAGE(r1, 0x4018480c, &(0x7f0000000a80)={0x1, 0x1, 0x80000001, 0x2, 0x4, 0x5}) 873.813774ms ago: executing program 4 (id=3087): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}]}, 0xfd, 0x269, &(0x7f0000000200)="$eJzs3b1rJGUcB/Df7EvWmBCiNja+gIhoIMRCEGy0UQhIEBFBhYiIlSRCTNqslY2FvUoqmyB2RkuxCTb3B+TuUuSaa8IVF+7grthjZnaPzWZDXvZljsznA7szz87ztrDfZyeQmQ2gtGYj4t2IqEbEXETUIyLprvBy/phtF7cmd5cjWq2P7yRZvbyc67SbiohmRLwdUesc29j5/ODe3gev/bRef/X3nc8mx/X+uh0e7H949NvSj38tvrlRab823d52v49hSvq8Vksinh3FYE+IpFb0DDifP6+nuX8uIl7J8l+PSjuyP69N/FePN37t327iaLzzBEah1aqn34HNFlA6lewcOKnMR0S+X6nMz+fn8DeqSXy7uvb93Der6ytfF71SAUOQNPO/e/ff/6fx91RP/m9X8/yfy1sjnikwEmn+P/lo+2a6f1QtejbAWLyQb9L8z325+XrIP5SO/EN5yT+Ul/zDFXDJ7Mo/lJf8Q3nJP1xh9c5Os+/hwfN/v/0fhJefIjBuM9mz738or578F3I9LlCM7vwDAOXSahR8ATJQmKLXHwAAAAAAAAAAAAAAAAAA4KStyd3lzmNcY/7/S8ThexFROz5+IztazX6POOKp7Pnpu0la7bEkbzaQL14asIMB/THkq6+XGherP3NruONf1LUXR9PvD8eLp97bbnMloplWXqjVTn7+k/bn70yn9v/MGQ3rX51vgGFJesrvfDre8Xs93C52/MW9iH/T9Weh3/pXieezbf/1Z7r7FsuX9N2DATsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgbB4FAAD//1eqcO0=") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10cd0e0, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 806.99854ms ago: executing program 3 (id=3088): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffe, 0x9}, 0x0, 0x0, 0x0) 804.84484ms ago: executing program 1 (id=3089): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001580)=ANY=[@ANYBLOB="600000000206030000000000b8791fa80000000014000780080012400000000005001500010000000500010006000000050005000200000005000400000000000900020073797a310000000012000300686173683a6e65742c706f"], 0x60}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010102}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 701.683591ms ago: executing program 1 (id=3090): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@dioread_nolock}, {@noauto_da_alloc}, {@inlinecrypt}, {@i_version}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@quota}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000000000000000100000091000400"]) 701.158111ms ago: executing program 5 (id=3091): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)=@ipv6_delrule={0x24, 0x21, 0x1, 0x70bd29, 0x25dfdbff, {0xa, 0x80, 0x80, 0xc, 0xfd, 0x0, 0x0, 0x5, 0x10}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8081}, 0xc00d) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000940)=ANY=[@ANYBLOB="3c0000001a00010025bd7000fddbdf250a102006fc02fd0500310000080003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040) 690.916572ms ago: executing program 5 (id=3092): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x30}}, 0x0) 686.175972ms ago: executing program 3 (id=3093): r0 = syz_io_uring_setup(0x1eae, &(0x7f0000000380)={0x0, 0x9d2d, 0x1, 0x2, 0x335}, &(0x7f0000000080)=0x0, &(0x7f0000001080)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x1682, 0x0, 0xb, 0x0, 0x0) 631.402568ms ago: executing program 5 (id=3094): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x140e3}, [@IFLA_GROUP={0x8}, @IFLA_PORT_SELF={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 630.641138ms ago: executing program 3 (id=3095): syz_usb_connect(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xfc, 0x574, &(0x7f0000000e40)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==") socket(0x400000000010, 0x3, 0x0) r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendfile(r0, r0, 0x0, 0x800000009) 545.148436ms ago: executing program 5 (id=3096): unshare(0x2c020400) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x4800) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x2000) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) 544.864297ms ago: executing program 4 (id=3097): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x3ec0) sendto(r1, 0x0, 0x0, 0x4, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 387.524552ms ago: executing program 1 (id=3098): r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000001540)=[{{&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000080)="6c4d2e5ad106dc8cbc347c791641f1c0449a9ce05a2d9ce280fb87a22f71741adb84c454427495a421746dcc6fe8b9cd", 0x30}], 0x1, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x37}, @empty}}}], 0x20}}], 0x1, 0x4800) 124.997418ms ago: executing program 5 (id=3099): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0) 0s ago: executing program 1 (id=3100): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in=@broadcast, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e20, 0xd, 0x4e23, 0x2, 0x2, 0x20, 0x0, 0x21}, {0x6, 0x794, 0x6, 0x80000000, 0xfffffffffffffffc, 0x1c000000, 0xfdcc, 0x5}, {0x16, 0x1ff, 0x0, 0x278}, 0x65, 0x6e6bc0, 0x0, 0x0, 0x1}, {{@in=@remote, 0x4d5, 0x3c}, 0x2, @in=@local, 0x34ff, 0x2, 0x3, 0x40, 0x2, 0x9, 0x4}}, 0xe8) syz_emit_ethernet(0x42, &(0x7f0000001480)={@link_local, @multicast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "01a600", 0xc, 0x11, 0xff, @local, @mcast2, {[], {0x4e22, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0xa, 0x0, @void}}}}}}}}, 0x0) kernel console output (not intermixed with test programs): size 515840 extends beyond EOD, truncated [ 999.031792][ T6230] usb 2-1: USB disconnect, device number 23 [ 999.041114][ T6230] usblp0: removed [ 999.461279][ T6197] udevd[6197]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 1000.072023][T12750] loop1: detected capacity change from 0 to 256 [ 1000.990231][T12754] loop1: detected capacity change from 0 to 256 [ 1001.260224][T12753] loop4: detected capacity change from 0 to 40427 [ 1001.276481][T12753] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1001.289035][T12753] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1001.298445][T12753] F2FS-fs (loop4): invalid crc value [ 1001.305682][T12753] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1001.335118][T12758] loop0: detected capacity change from 0 to 40427 [ 1001.375756][T12753] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1001.383905][T12753] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1001.388166][T12758] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1001.405205][T12758] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1001.415794][T12758] F2FS-fs (loop0): invalid crc value [ 1001.432156][T12758] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1001.480829][T12758] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1001.493786][T12758] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1001.607740][ T2121] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1002.521413][ T408] Bluetooth: hci0: command 0x1003 tx timeout [ 1002.527694][ T1112] Bluetooth: hci0: sending frame failed (-49) [ 1002.692212][ T2121] usb 4-1: Using ep0 maxpacket: 8 [ 1002.858987][ T2121] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1003.870724][T12783] netlink: 'syz.1.2540': attribute type 3 has an invalid length. [ 1003.878580][T12783] netlink: 'syz.1.2540': attribute type 3 has an invalid length. [ 1003.908821][ T2121] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1003.925609][ T2121] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1003.935133][ T2121] usb 4-1: config 250 has no interface number 0 [ 1003.942518][ T2121] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1003.961213][ T2121] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1003.980402][ T2121] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1003.993582][T12789] loop1: detected capacity change from 0 to 256 [ 1004.007194][ T2121] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1004.019010][ T2121] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1004.033483][ T2121] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1004.098829][T12791] netlink: 'syz.0.2541': attribute type 3 has an invalid length. [ 1004.106856][T12791] netlink: 'syz.0.2541': attribute type 3 has an invalid length. [ 1004.488356][T12782] loop4: detected capacity change from 0 to 40427 [ 1004.547582][ T427] Bluetooth: hci0: command 0x1001 tx timeout [ 1004.553905][ T1112] Bluetooth: hci0: sending frame failed (-49) [ 1004.563299][T12789] loop1: detected capacity change from 0 to 256 [ 1004.572658][T12782] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1004.580575][ T2121] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1004.589809][T12782] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1004.598327][ T2121] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1004.600157][T12782] F2FS-fs (loop4): invalid crc value [ 1004.614635][T12797] netlink: 'syz.3.2544': attribute type 3 has an invalid length. [ 1004.622629][T12797] netlink: 'syz.3.2544': attribute type 3 has an invalid length. [ 1004.625699][T12782] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1004.658923][ T2121] usb 4-1: can't set config #250, error -71 [ 1004.671314][ T2121] usb 4-1: USB disconnect, device number 22 [ 1004.935726][T12782] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1004.944040][T12782] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1006.618838][ T427] Bluetooth: hci0: command 0x1009 tx timeout [ 1007.204829][T12815] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 1007.212791][T12815] netlink: 'syz.0.2546': attribute type 3 has an invalid length. [ 1007.525718][T12817] loop1: detected capacity change from 0 to 40427 [ 1007.543039][T12817] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1007.559021][T12817] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1007.576834][T12817] F2FS-fs (loop1): invalid crc value [ 1007.603295][T12817] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1007.663601][T12817] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1007.678814][T12817] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1007.721060][T12820] loop0: detected capacity change from 0 to 40427 [ 1007.830238][T12820] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1007.838259][T12820] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1007.850359][T12820] F2FS-fs (loop0): invalid crc value [ 1007.905748][T12820] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1008.053167][T12820] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1008.060410][T12820] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1008.959480][T12851] netlink: 'syz.3.2555': attribute type 3 has an invalid length. [ 1008.967333][T12851] netlink: 'syz.3.2555': attribute type 3 has an invalid length. [ 1008.987944][T12854] loop4: detected capacity change from 0 to 256 [ 1009.371480][T12854] loop4: detected capacity change from 0 to 256 [ 1009.558854][ T427] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1009.609641][T12861] netlink: 'syz.4.2557': attribute type 3 has an invalid length. [ 1009.618115][T12861] netlink: 'syz.4.2557': attribute type 3 has an invalid length. [ 1010.080172][T12864] futex_wake_op: syz.3.2559 tries to shift op by 36; fix this program [ 1010.108845][ T427] usb 1-1: Using ep0 maxpacket: 8 [ 1011.835928][ T427] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 1011.844493][ T427] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 1011.853651][ T427] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1011.924710][ T427] usb 1-1: config 250 has no interface number 0 [ 1011.931275][ T427] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1011.943063][ T427] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1011.953580][ T427] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1011.963878][ T427] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1011.974266][ T427] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1011.987964][ T427] usb 1-1: config 250 interface 228 has no altsetting 0 [ 1012.397903][T12865] loop1: detected capacity change from 0 to 40427 [ 1012.427991][T12869] loop2: detected capacity change from 0 to 40427 [ 1012.438793][ T427] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1012.448144][ T427] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1012.457357][ T427] usb 1-1: Product: syz [ 1012.459245][T12865] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1012.470993][T12865] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1012.481062][ T427] usb 1-1: can't set config #250, error -71 [ 1012.488962][T12865] F2FS-fs (loop1): invalid crc value [ 1012.495257][ T427] usb 1-1: USB disconnect, device number 17 [ 1012.520206][T12869] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1012.528899][T12865] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1012.536987][T12879] loop4: detected capacity change from 0 to 40427 [ 1012.545567][T12869] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1012.560178][T12869] F2FS-fs (loop2): invalid crc value [ 1012.582925][T12879] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1012.594075][T12879] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1012.611703][T12865] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1012.615878][T12869] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1012.626184][T12879] F2FS-fs (loop4): invalid crc value [ 1012.636722][T12865] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1012.670167][T12879] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1012.708576][T12869] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1012.760309][T12869] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1012.836383][T12900] loop3: detected capacity change from 0 to 256 [ 1012.846654][T12879] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1012.854806][T12879] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1014.937624][T12900] loop3: detected capacity change from 0 to 256 [ 1014.980171][T12917] loop1: detected capacity change from 0 to 512 [ 1015.038048][T12920] loop2: detected capacity change from 0 to 512 [ 1015.056698][T12917] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.2567: casefold flag without casefold feature [ 1015.069527][T12917] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.2567: couldn't read orphan inode 15 (err -117) [ 1015.081687][T12917] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,,errors=continue. Quota mode: writeback. [ 1015.160418][T12920] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.2568: casefold flag without casefold feature [ 1015.198985][T12920] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.2568: couldn't read orphan inode 15 (err -117) [ 1015.219020][T12920] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,,errors=continue. Quota mode: writeback. [ 1016.207293][T12933] netlink: 'syz.0.2573': attribute type 3 has an invalid length. [ 1016.215321][T12933] netlink: 'syz.0.2573': attribute type 3 has an invalid length. [ 1016.281447][T12929] futex_wake_op: syz.3.2572 tries to shift op by 36; fix this program [ 1018.440655][T12954] loop1: detected capacity change from 0 to 256 [ 1018.568950][ T408] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1018.775111][T12950] loop2: detected capacity change from 0 to 40427 [ 1018.792244][T12950] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1018.800197][T12950] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1018.811552][T12950] F2FS-fs (loop2): invalid crc value [ 1018.884797][T12959] loop1: detected capacity change from 0 to 256 [ 1018.909258][ T408] usb 4-1: Using ep0 maxpacket: 8 [ 1019.133050][T12950] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1019.249273][T12950] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1019.256468][T12950] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1019.289104][ T408] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1019.298195][ T408] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1019.358791][ T408] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1019.368083][ T408] usb 4-1: config 250 has no interface number 0 [ 1019.376558][ T408] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1019.495577][T12957] loop4: detected capacity change from 0 to 40427 [ 1019.503300][ T408] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1019.513968][ T408] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1019.524559][ T408] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1019.531551][T12957] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1019.589954][T12957] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1019.617267][T12957] F2FS-fs (loop4): invalid crc value [ 1019.745104][T12957] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1019.761464][ T408] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1019.775274][ T408] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1019.828814][ T408] usb 4-1: string descriptor 0 read error: -71 [ 1019.835062][ T408] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1019.844168][ T408] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1019.844777][T12957] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1019.871928][ T408] usb 4-1: can't set config #250, error -71 [ 1019.881265][T12957] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1019.889610][ T408] usb 4-1: USB disconnect, device number 23 [ 1020.118913][T12985] overlayfs: missing 'lowerdir' [ 1020.467370][T12978] loop0: detected capacity change from 0 to 40427 [ 1020.542456][T12978] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1020.588805][T12978] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1020.639868][T12978] F2FS-fs (loop0): invalid crc value [ 1020.678187][T12978] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1020.834120][T12978] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1020.841349][T12978] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1021.140193][T12987] loop3: detected capacity change from 0 to 40427 [ 1021.160883][T12987] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 1021.167600][T12987] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 1021.366088][T12987] F2FS-fs (loop3): invalid crc value [ 1021.492931][T13002] loop2: detected capacity change from 0 to 512 [ 1021.589774][T13002] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.2590: casefold flag without casefold feature [ 1021.653289][T12987] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1021.679043][T13002] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.2590: couldn't read orphan inode 15 (err -117) [ 1021.709004][T13002] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,,errors=continue. Quota mode: writeback. [ 1021.761471][T12987] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 1021.768626][T12987] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1023.006735][T12987] attempt to access beyond end of device [ 1023.006735][T12987] loop3: rw=2049, want=55296, limit=40427 [ 1023.470788][T12987] attempt to access beyond end of device [ 1023.470788][T12987] loop3: rw=2049, want=57344, limit=40427 [ 1023.504412][T13028] attempt to access beyond end of device [ 1023.504412][T13028] loop3: rw=524288, want=53504, limit=40427 [ 1023.551471][T12987] attempt to access beyond end of device [ 1023.551471][T12987] loop3: rw=2049, want=50016, limit=40427 [ 1023.559022][T12986] attempt to access beyond end of device [ 1023.559022][T12986] loop3: rw=0, want=53256, limit=40427 [ 1023.602543][T13033] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2594'. [ 1023.619435][T13028] attempt to access beyond end of device [ 1023.619435][T13028] loop3: rw=0, want=53256, limit=40427 [ 1023.671103][T12986] attempt to access beyond end of device [ 1023.671103][T12986] loop3: rw=0, want=53256, limit=40427 [ 1023.713793][T13028] attempt to access beyond end of device [ 1023.713793][T13028] loop3: rw=0, want=53256, limit=40427 [ 1023.748426][T13028] attempt to access beyond end of device [ 1023.748426][T13028] loop3: rw=0, want=53256, limit=40427 [ 1023.778875][T13028] attempt to access beyond end of device [ 1023.778875][T13028] loop3: rw=0, want=53256, limit=40427 [ 1023.888947][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 1023.910948][T13031] loop1: detected capacity change from 0 to 40427 [ 1024.032140][T13031] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1024.045911][T13031] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1024.073518][T13031] F2FS-fs (loop1): invalid crc value [ 1024.114400][T13031] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1024.193011][T13038] loop0: detected capacity change from 0 to 40427 [ 1024.240477][T13038] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 1024.246868][T13038] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1024.255690][T13031] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1024.265470][T13031] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1024.366649][T13038] F2FS-fs (loop0): invalid crc value [ 1024.429534][T13038] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1024.534338][T13038] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 1024.555932][T13038] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1025.349597][T13057] loop3: detected capacity change from 0 to 40427 [ 1025.389818][T13057] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1025.417400][T13064] netlink: 'syz.1.2601': attribute type 3 has an invalid length. [ 1025.425543][T13064] netlink: 'syz.1.2601': attribute type 3 has an invalid length. [ 1025.514496][T13057] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1025.529708][T13057] F2FS-fs (loop3): invalid crc value [ 1025.710581][T13057] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1025.769742][T13069] 9pnet: Insufficient options for proto=fd [ 1025.817959][T13057] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1025.825196][T13057] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1025.871189][T13059] loop4: detected capacity change from 0 to 40427 [ 1025.945357][ T737] Bluetooth: hci0: command 0x1003 tx timeout [ 1025.952075][ T1112] Bluetooth: hci0: sending frame failed (-49) [ 1025.959393][T13059] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 1025.965785][T13059] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 1026.006782][T13059] F2FS-fs (loop4): invalid crc value [ 1026.384430][T13059] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1026.437014][T13071] loop1: detected capacity change from 0 to 40427 [ 1026.450030][T13071] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1026.461510][T13071] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1026.489456][T13059] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 1026.498873][T13059] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1026.529041][T13071] F2FS-fs (loop1): invalid crc value [ 1026.542623][T13059] overlayfs: failed to resolve './bus': -2 [ 1026.559766][T13071] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1026.631778][T13071] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1026.654370][T13071] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1026.782165][T13091] netlink: 'syz.3.2607': attribute type 3 has an invalid length. [ 1026.790426][T13091] netlink: 'syz.3.2607': attribute type 3 has an invalid length. [ 1027.431951][T13101] netlink: 'syz.0.2610': attribute type 3 has an invalid length. [ 1027.440400][T13101] netlink: 'syz.0.2610': attribute type 3 has an invalid length. [ 1028.019593][T11117] Bluetooth: hci0: command 0x1001 tx timeout [ 1028.025948][ T9538] Bluetooth: hci0: sending frame failed (-49) [ 1028.034093][ T332] Bluetooth: hci1: Frame reassembly failed (-84) [ 1028.101705][ T332] Bluetooth: hci1: Frame reassembly failed (-84) [ 1028.601320][T13107] loop0: detected capacity change from 0 to 40427 [ 1028.619487][T13107] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1028.628578][T13107] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1028.650430][T13107] F2FS-fs (loop0): invalid crc value [ 1028.680628][T13107] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1028.729335][T13107] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1028.736642][T13107] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1028.881207][T13114] loop1: detected capacity change from 0 to 40427 [ 1030.239099][T13114] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 1030.248808][T13114] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 1030.290872][T13114] F2FS-fs (loop1): invalid crc value [ 1030.306021][T13114] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1030.333510][ T485] Bluetooth: hci1: command 0x1003 tx timeout [ 1030.340635][ T485] Bluetooth: hci0: command 0x1009 tx timeout [ 1030.340748][ T9538] Bluetooth: hci1: sending frame failed (-49) [ 1030.357147][T13114] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 1030.364428][T13114] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1031.131800][T13114] handle_bad_sector: 4742 callbacks suppressed [ 1031.131822][T13114] attempt to access beyond end of device [ 1031.131822][T13114] loop1: rw=2049, want=55416, limit=40427 [ 1031.156128][T13114] attempt to access beyond end of device [ 1031.156128][T13114] loop1: rw=2049, want=57344, limit=40427 [ 1031.184105][T13114] attempt to access beyond end of device [ 1031.184105][T13114] loop1: rw=2049, want=51224, limit=40427 [ 1031.217626][T13114] attempt to access beyond end of device [ 1031.217626][T13114] loop1: rw=2049, want=53248, limit=40427 [ 1031.235430][T13114] attempt to access beyond end of device [ 1031.235430][T13114] loop1: rw=2049, want=59392, limit=40427 [ 1031.279425][T13140] attempt to access beyond end of device [ 1031.279425][T13140] loop1: rw=524288, want=53504, limit=40427 [ 1031.279478][T13114] attempt to access beyond end of device [ 1031.279478][T13114] loop1: rw=2049, want=62328, limit=40427 [ 1031.299002][T13140] attempt to access beyond end of device [ 1031.299002][T13140] loop1: rw=0, want=53256, limit=40427 [ 1031.312207][T13114] attempt to access beyond end of device [ 1031.312207][T13114] loop1: rw=2049, want=64568, limit=40427 [ 1031.324560][T13140] attempt to access beyond end of device [ 1031.324560][T13140] loop1: rw=0, want=53256, limit=40427 [ 1032.378910][T13103] Bluetooth: hci1: command 0x1001 tx timeout [ 1032.385482][T13128] Bluetooth: hci1: sending frame failed (-49) [ 1032.432301][T13149] loop4: detected capacity change from 0 to 40427 [ 1032.504123][T13149] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1032.512075][T13149] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1032.521569][T13149] F2FS-fs (loop4): invalid crc value [ 1032.530945][T13149] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1032.561206][T13149] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1032.568447][T13149] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1033.728938][T13164] futex_wake_op: syz.1.2624 tries to shift op by 36; fix this program [ 1033.999824][T13166] loop1: detected capacity change from 0 to 40427 [ 1034.015276][T13166] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1034.023351][T13166] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1034.033679][T13166] F2FS-fs (loop1): invalid crc value [ 1034.057480][T13166] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1034.132719][T13175] netlink: 'syz.4.2625': attribute type 3 has an invalid length. [ 1034.140870][T13175] netlink: 'syz.4.2625': attribute type 3 has an invalid length. [ 1034.279455][T13166] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1034.305148][T13166] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1034.517747][ T485] Bluetooth: hci1: command 0x1009 tx timeout [ 1034.923606][T13178] loop2: detected capacity change from 0 to 40427 [ 1034.977100][T13184] loop0: detected capacity change from 0 to 40427 [ 1035.072002][T13178] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1035.144146][T13184] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1035.320133][T13178] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1035.391755][T13184] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1035.484016][T13178] F2FS-fs (loop2): invalid crc value [ 1035.544756][T13184] F2FS-fs (loop0): invalid crc value [ 1035.598768][T13184] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1036.064199][T13178] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1036.110382][T13184] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1036.122389][T13184] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1036.526552][T13178] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1036.533775][T13178] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1037.588507][T13214] netlink: 'syz.1.2634': attribute type 3 has an invalid length. [ 1037.596899][T13214] netlink: 'syz.1.2634': attribute type 3 has an invalid length. [ 1037.821148][T13218] futex_wake_op: syz.1.2637 tries to shift op by 36; fix this program [ 1038.073472][T13216] loop4: detected capacity change from 0 to 40427 [ 1038.120590][T13216] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1038.142052][T13216] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1038.152258][T13229] loop0: detected capacity change from 0 to 256 [ 1038.191694][T13216] F2FS-fs (loop4): invalid crc value [ 1038.225748][T13233] loop3: detected capacity change from 0 to 256 [ 1038.250658][T13216] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1038.490809][T13216] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1038.526286][T13216] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1038.537017][T13244] loop3: detected capacity change from 0 to 256 [ 1039.328225][T13257] netlink: 'syz.0.2647': attribute type 3 has an invalid length. [ 1039.336425][T13257] netlink: 'syz.0.2647': attribute type 3 has an invalid length. [ 1039.813552][T13261] futex_wake_op: syz.2.2650 tries to shift op by 36; fix this program [ 1040.319214][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 1040.585247][T13255] loop3: detected capacity change from 0 to 40427 [ 1040.602875][T13255] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1040.629308][T13264] loop4: detected capacity change from 0 to 40427 [ 1040.639033][T13255] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1040.648677][T13255] F2FS-fs (loop3): invalid crc value [ 1040.656065][T13255] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1040.703008][T13255] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1040.704222][T13264] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1040.719480][T13255] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1040.755141][T13264] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1040.798467][T13278] overlayfs: failed to resolve './file1': -2 [ 1040.805896][T13264] F2FS-fs (loop4): invalid crc value [ 1040.860551][T13264] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1041.263382][T13264] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1041.278770][T13264] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1042.250008][T13294] loop3: detected capacity change from 0 to 40427 [ 1042.261695][T13294] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1042.278665][T13294] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1042.308478][T13294] F2FS-fs (loop3): invalid crc value [ 1042.349486][T13294] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1042.378807][ T485] Bluetooth: hci0: command 0x1003 tx timeout [ 1042.384901][ T1080] Bluetooth: hci0: sending frame failed (-49) [ 1042.418663][T13294] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1042.426240][T13294] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1042.942130][T13303] loop4: detected capacity change from 0 to 40427 [ 1042.951560][T13303] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1042.959515][T13303] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1043.004264][T13303] F2FS-fs (loop4): invalid crc value [ 1043.340936][T13314] loop1: detected capacity change from 0 to 512 [ 1043.356744][T13303] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1043.424975][T13314] EXT4-fs (loop1): 1 orphan inode deleted [ 1043.430797][T13314] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1043.451763][T13314] ext4 filesystem being mounted at /552/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1043.472495][T13314] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.2661: iget: bad i_size value: 360287970189639690 [ 1043.485616][T13314] EXT4-fs (loop1): Remounting filesystem read-only [ 1043.502418][T13303] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1043.510868][T13303] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1044.226117][T13322] loop1: detected capacity change from 0 to 40427 [ 1044.263089][T13322] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1044.275411][T13322] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1044.285403][T13322] F2FS-fs (loop1): invalid crc value [ 1044.372375][T13322] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1044.375834][T13329] loop2: detected capacity change from 0 to 40427 [ 1044.402157][T13329] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1044.423693][T13329] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1044.458822][ T485] Bluetooth: hci0: command 0x1001 tx timeout [ 1044.521216][ T1080] Bluetooth: hci0: sending frame failed (-49) [ 1044.613268][T13322] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1044.669247][T13322] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1044.693953][T13329] F2FS-fs (loop2): invalid crc value [ 1045.004208][T13329] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1045.628408][T13329] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1045.648785][T13329] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1045.830697][T13337] loop4: detected capacity change from 0 to 40427 [ 1045.847877][T13337] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1045.857884][T13337] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1046.045902][T13337] F2FS-fs (loop4): invalid crc value [ 1046.112014][T13337] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1046.190182][T13337] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1046.197275][T13337] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1046.442236][T13363] overlayfs: failed to resolve './file1': -2 [ 1046.538779][ T485] Bluetooth: hci0: command 0x1009 tx timeout [ 1047.201662][T13376] loop3: detected capacity change from 0 to 512 [ 1047.287309][T13376] EXT4-fs (loop3): 1 orphan inode deleted [ 1047.293266][T13376] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1047.301869][T13374] loop2: detected capacity change from 0 to 40427 [ 1047.314241][T13376] ext4 filesystem being mounted at /520/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1047.337727][T13376] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.2673: iget: bad i_size value: 360287970189639690 [ 1047.358919][T13376] EXT4-fs (loop3): Remounting filesystem read-only [ 1047.412616][T13374] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1047.421754][T13374] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1047.518945][T13374] F2FS-fs (loop2): invalid crc value [ 1047.544071][T13374] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1047.656643][T13374] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1047.667227][T13374] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1047.678042][T13391] futex_wake_op: syz.4.2675 tries to shift op by 36; fix this program [ 1049.125004][T13404] loop4: detected capacity change from 0 to 40427 [ 1049.200941][T13404] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1049.212228][T13404] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1049.234090][T13404] F2FS-fs (loop4): invalid crc value [ 1049.897015][T13404] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1049.997688][T13404] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1050.006956][T13404] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1050.989660][ T2628] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1051.408818][ T2628] usb 2-1: Using ep0 maxpacket: 8 [ 1051.918919][ T2628] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1051.927234][ T2628] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1051.980488][ T2628] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1052.048788][ T2628] usb 2-1: config 250 has no interface number 0 [ 1052.075495][ T2628] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1052.150109][T13437] loop3: detected capacity change from 0 to 40427 [ 1052.156907][ T2628] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1052.171814][T13437] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1052.188786][T13437] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1052.198209][T13437] F2FS-fs (loop3): invalid crc value [ 1052.219857][ T2628] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1052.239668][T13437] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1052.268897][ T2628] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1052.294876][ T2628] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1052.319053][T13437] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1052.326202][T13437] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1052.348755][ T2628] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1052.385187][T13440] loop2: detected capacity change from 0 to 40427 [ 1052.394694][T13440] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1052.418876][T13440] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1052.439988][T13440] F2FS-fs (loop2): invalid crc value [ 1052.480691][T13440] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1052.529301][ T2628] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1052.538471][ T2628] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1052.564994][ T2628] usb 2-1: Product: syz [ 1052.611932][ T2628] usb 2-1: SerialNumber: syz [ 1052.860750][T13440] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1052.863270][ T2628] hub 2-1:250.228: bad descriptor, ignoring hub [ 1052.874310][T13440] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1052.881829][ T2628] hub: probe of 2-1:250.228 failed with error -5 [ 1052.953548][T13441] loop4: detected capacity change from 0 to 40427 [ 1053.022208][T13441] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1053.039479][ T2628] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 24 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1053.047621][T13441] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1053.071918][T13441] F2FS-fs (loop4): invalid crc value [ 1053.302113][ T2628] usb 2-1: reset high-speed USB device number 24 using dummy_hcd [ 1053.441869][T13441] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1053.559809][T13441] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1053.880213][T13441] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1054.132958][ T2628] usb 2-1: can't restore configuration #250 (error=-71) [ 1054.171070][ T2628] usb 2-1: USB disconnect, device number 24 [ 1054.182180][ T2628] usblp0: removed [ 1054.583671][T13472] loop0: detected capacity change from 0 to 256 [ 1055.451461][T13474] loop4: detected capacity change from 0 to 40427 [ 1055.462473][T13474] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 1055.492710][T13474] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 1055.511375][T13474] F2FS-fs (loop4): invalid crc value [ 1055.529317][T13474] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1055.579928][T13474] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 1055.590041][T13474] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1055.718303][T13474] handle_bad_sector: 4489 callbacks suppressed [ 1055.718330][T13474] attempt to access beyond end of device [ 1055.718330][T13474] loop4: rw=2049, want=55296, limit=40427 [ 1055.744000][T13474] attempt to access beyond end of device [ 1055.744000][T13474] loop4: rw=2049, want=57344, limit=40427 [ 1055.764260][T13474] attempt to access beyond end of device [ 1055.764260][T13474] loop4: rw=2049, want=51952, limit=40427 [ 1055.814855][T13474] attempt to access beyond end of device [ 1055.814855][T13474] loop4: rw=2049, want=53248, limit=40427 [ 1055.879546][T13504] attempt to access beyond end of device [ 1055.879546][T13504] loop4: rw=524288, want=53504, limit=40427 [ 1055.881208][T13474] attempt to access beyond end of device [ 1055.881208][T13474] loop4: rw=2049, want=57848, limit=40427 [ 1055.949493][T13504] attempt to access beyond end of device [ 1055.949493][T13504] loop4: rw=0, want=53256, limit=40427 [ 1055.978867][T13473] attempt to access beyond end of device [ 1055.978867][T13473] loop4: rw=0, want=53256, limit=40427 [ 1055.988417][T13498] loop2: detected capacity change from 0 to 40427 [ 1055.997031][T13504] attempt to access beyond end of device [ 1055.997031][T13504] loop4: rw=0, want=53256, limit=40427 [ 1056.010753][T13498] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1056.018690][T13498] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1056.028205][T13473] attempt to access beyond end of device [ 1056.028205][T13473] loop4: rw=0, want=53256, limit=40427 [ 1056.040810][T13498] F2FS-fs (loop2): invalid crc value [ 1056.069706][T13498] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1056.118860][ T427] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1056.170221][T13498] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1056.177382][T13498] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1056.688744][ T427] usb 4-1: Using ep0 maxpacket: 8 [ 1056.818936][ T427] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1056.925329][ T427] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1056.962685][ T427] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1057.028813][ T427] usb 4-1: config 250 has no interface number 0 [ 1057.035178][ T427] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1057.118765][ T427] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1057.139488][ T427] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1057.168818][ T427] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1057.203289][ T427] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1057.247241][ T427] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1057.379667][ T427] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1057.408758][ T427] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1057.417064][ T427] usb 4-1: Product: syz [ 1057.435056][T13520] loop1: detected capacity change from 0 to 40427 [ 1057.437655][T13518] loop4: detected capacity change from 0 to 40427 [ 1057.458741][ T427] usb 4-1: SerialNumber: syz [ 1057.481621][T13518] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1057.489643][T13520] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1057.497465][T13520] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1057.499547][ T427] hub 4-1:250.228: bad descriptor, ignoring hub [ 1057.512123][T13518] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1057.523026][T13520] F2FS-fs (loop1): invalid crc value [ 1057.528584][T13518] F2FS-fs (loop4): invalid crc value [ 1057.542873][T13520] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1057.548814][ T427] hub: probe of 4-1:250.228 failed with error -5 [ 1057.561338][T13518] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1057.614658][T13520] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1057.621803][T13520] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1057.769550][ T427] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 24 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1057.773921][T13518] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1057.806970][T13518] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1057.937648][T13536] overlayfs: failed to resolve './file0': -2 [ 1058.024759][ T427] usb 4-1: reset high-speed USB device number 24 using dummy_hcd [ 1058.849050][ T427] usb 4-1: device descriptor read/all, error -71 [ 1060.239190][ T427] usb 4-1: USB disconnect, device number 24 [ 1060.248225][ T427] usblp0: removed [ 1062.657316][T13576] loop4: detected capacity change from 0 to 40427 [ 1062.684811][T13561] loop1: detected capacity change from 0 to 40427 [ 1062.700287][T13559] loop2: detected capacity change from 0 to 40427 [ 1062.744113][T13559] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1062.744232][T13561] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1062.751946][T13576] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1062.772042][T13559] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1062.780577][T13561] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1062.798734][T13576] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1062.811826][T13559] F2FS-fs (loop2): invalid crc value [ 1062.825236][T13561] F2FS-fs (loop1): invalid crc value [ 1062.832396][T13576] F2FS-fs (loop4): invalid crc value [ 1062.839995][T13559] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1062.840000][T13576] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1062.860639][T13561] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1062.863895][T13578] loop0: detected capacity change from 0 to 40427 [ 1062.891563][T13576] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1062.898642][T13576] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1062.942739][T13561] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1062.949965][T13578] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1062.957715][T13578] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1062.976466][T13561] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1063.003479][T13578] F2FS-fs (loop0): invalid crc value [ 1063.010592][T13578] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1063.279708][T13578] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1063.286901][T13578] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1063.386455][T13601] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2721'. [ 1064.898926][ T427] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1065.065282][T13608] loop1: detected capacity change from 0 to 40427 [ 1065.278449][T13608] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1065.318821][ T427] usb 5-1: Using ep0 maxpacket: 8 [ 1065.401947][T13608] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1065.427132][T13608] F2FS-fs (loop1): invalid crc value [ 1065.452563][T13608] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1065.478835][ T427] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 1065.497757][ T427] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 1065.517776][ T427] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1065.544403][ T427] usb 5-1: config 250 has no interface number 0 [ 1065.558400][T13608] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1065.567940][ T427] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1065.583438][T13608] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1065.601203][ T427] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1065.686194][ T427] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1065.696819][ T427] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1065.707459][ T427] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1065.721033][ T427] usb 5-1: config 250 interface 228 has no altsetting 0 [ 1065.823286][T13635] overlayfs: failed to resolve './file0': -2 [ 1065.839002][ T427] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1066.094666][ T427] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1066.124942][ T427] usb 5-1: Product: syz [ 1066.136120][ T427] usb 5-1: SerialNumber: syz [ 1066.199373][ T427] hub 5-1:250.228: bad descriptor, ignoring hub [ 1066.215832][ T427] hub: probe of 5-1:250.228 failed with error -5 [ 1066.463444][ T427] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 19 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1066.558114][T13643] overlayfs: failed to resolve './file1': -2 [ 1066.601729][T13637] loop0: detected capacity change from 0 to 40427 [ 1066.703171][T13637] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1066.703237][ T427] usb 5-1: reset high-speed USB device number 19 using dummy_hcd [ 1066.728817][T13637] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1066.760106][T13637] F2FS-fs (loop0): invalid crc value [ 1066.836575][T13637] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1067.031066][T13637] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1067.048918][T13637] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1067.787811][ T737] usb 5-1: USB disconnect, device number 19 [ 1067.862150][ T737] usblp0: removed [ 1067.945124][T13642] loop3: detected capacity change from 0 to 40427 [ 1067.970708][T13642] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1067.982183][T13642] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1068.001809][T13642] F2FS-fs (loop3): invalid crc value [ 1068.039777][T13642] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1068.119532][T13642] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1068.126802][T13642] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1068.763820][T13652] loop2: detected capacity change from 0 to 40427 [ 1068.800674][T13652] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 1068.858868][T13652] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 1068.889675][T13652] F2FS-fs (loop2): invalid crc value [ 1068.922368][T13652] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1068.999643][T13676] netlink: 'syz.1.2734': attribute type 3 has an invalid length. [ 1069.007791][T13676] netlink: 'syz.1.2734': attribute type 3 has an invalid length. [ 1069.318493][T13652] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 1069.334015][T13652] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1069.388308][T13679] loop3: detected capacity change from 0 to 512 [ 1069.463673][ T30] audit: type=1400 audit(1760753859.254:198): avc: denied { bind } for pid=13684 comm="syz.4.2736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1069.494217][T13679] EXT4-fs (loop3): 1 orphan inode deleted [ 1069.500313][T13679] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1069.521292][T13679] ext4 filesystem being mounted at /534/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1069.537740][T13679] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.2733: iget: bad i_size value: 360287970189639690 [ 1069.552893][T13679] EXT4-fs (loop3): Remounting filesystem read-only [ 1069.560026][T13671] loop0: detected capacity change from 0 to 40427 [ 1069.568903][T13671] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 1069.575337][T13671] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1069.602609][T13652] handle_bad_sector: 2693 callbacks suppressed [ 1069.602632][T13652] attempt to access beyond end of device [ 1069.602632][T13652] loop2: rw=2049, want=55320, limit=40427 [ 1069.607408][T13671] F2FS-fs (loop0): invalid crc value [ 1069.608954][ T30] audit: type=1400 audit(1760753859.394:199): avc: denied { mount } for pid=13688 comm="syz.4.2739" name="/" dev="ramfs" ino=46582 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 1069.639660][T13652] attempt to access beyond end of device [ 1069.639660][T13652] loop2: rw=2049, want=57344, limit=40427 [ 1069.667794][T13671] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 1069.683258][T13696] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 1069.702021][ T30] audit: type=1400 audit(1760753859.474:200): avc: denied { read write } for pid=13695 comm="syz.3.2738" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1069.740611][T13652] attempt to access beyond end of device [ 1069.740611][T13652] loop2: rw=2049, want=51384, limit=40427 [ 1069.758485][ T30] audit: type=1400 audit(1760753859.474:201): avc: denied { open } for pid=13695 comm="syz.3.2738" path="/dev/vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1069.760830][T13700] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 1069.789840][ T30] audit: type=1400 audit(1760753859.494:202): avc: denied { create } for pid=13697 comm="syz.4.2741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1069.819221][T13671] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 1069.826766][ T30] audit: type=1400 audit(1760753859.504:203): avc: denied { connect } for pid=13697 comm="syz.4.2741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1069.832802][T13671] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1069.854963][T13652] attempt to access beyond end of device [ 1069.854963][T13652] loop2: rw=2049, want=53248, limit=40427 [ 1069.868106][T13703] loop1: detected capacity change from 0 to 7 [ 1069.876165][T13704] attempt to access beyond end of device [ 1069.876165][T13704] loop2: rw=524288, want=53504, limit=40427 [ 1069.894988][ T30] audit: type=1400 audit(1760753859.554:204): avc: denied { read write } for pid=13699 comm="syz.4.2742" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1069.931471][T13652] attempt to access beyond end of device [ 1069.931471][T13652] loop2: rw=2049, want=62288, limit=40427 [ 1069.948979][T13704] attempt to access beyond end of device [ 1069.948979][T13704] loop2: rw=0, want=53256, limit=40427 [ 1069.966420][ T30] audit: type=1400 audit(1760753859.554:205): avc: denied { open } for pid=13699 comm="syz.4.2742" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1069.988901][T13651] attempt to access beyond end of device [ 1069.988901][T13651] loop2: rw=0, want=53256, limit=40427 [ 1069.996820][ T30] audit: type=1400 audit(1760753859.554:206): avc: denied { ioctl } for pid=13699 comm="syz.4.2742" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1070.008396][T13704] attempt to access beyond end of device [ 1070.008396][T13704] loop2: rw=0, want=53256, limit=40427 [ 1070.026571][ T30] audit: type=1400 audit(1760753859.684:207): avc: denied { connect } for pid=13705 comm="syz.3.2744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1070.056624][T13651] attempt to access beyond end of device [ 1070.056624][T13651] loop2: rw=0, want=53256, limit=40427 [ 1070.124740][T13724] loop4: detected capacity change from 0 to 16 [ 1070.190090][T13724] erofs: (device loop4): mounted with root inode @ nid 36. [ 1070.201432][T13724] erofs: (device loop4): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 1070.223842][T13724] erofs: (device loop4): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 1070.246751][T13724] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117] [ 1070.420506][T13740] loop4: detected capacity change from 0 to 512 [ 1070.483462][T13740] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.2757: iget: bogus i_mode (177401) [ 1070.496071][T13740] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.2757: couldn't read orphan inode 15 (err -117) [ 1070.516352][T13740] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1070.731355][T13759] loop2: detected capacity change from 0 to 1024 [ 1070.760985][T13759] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1070.800769][T13765] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2766'. [ 1070.810689][T13765] netlink: 6 bytes leftover after parsing attributes in process `syz.0.2766'. [ 1070.821383][T13759] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1070.885606][T13759] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3871: comm syz.2.2763: Allocating blocks 497-513 which overlap fs metadata [ 1070.907618][T13759] EXT4-fs (loop2): pa ffff8881119baf18: logic 128, phys. 385, len 8 [ 1070.915963][T13759] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1071.082196][T13780] loop6: detected capacity change from 0 to 1 [ 1071.133863][T13783] loop3: detected capacity change from 0 to 512 [ 1071.397371][T13802] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2780'. [ 1071.550375][T13832] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2794'. [ 1071.590151][T13812] IPv6: NLM_F_CREATE should be specified when creating new route [ 1071.618822][ T2121] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1071.708923][T13103] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1071.988847][ T2121] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1072.008767][ T2121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1072.025250][ T2121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1072.035122][ T2121] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1072.083860][T13903] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.091069][T13903] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.098581][T13903] device bridge_slave_0 entered promiscuous mode [ 1072.105854][T13903] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.112974][T13903] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.120213][ T2121] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1072.120981][T13903] device bridge_slave_1 entered promiscuous mode [ 1072.129407][ T2121] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1072.129432][ T2121] usb 2-1: Manufacturer: syz [ 1072.134103][ T2121] usb 2-1: config 0 descriptor?? [ 1072.196498][T13903] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.203591][T13903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1072.210951][T13903] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.217995][T13903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1072.239938][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1072.247966][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.255465][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.265379][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1072.273655][T13103] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1072.274374][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.282881][T13103] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1072.289829][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1072.307859][T13103] usb 4-1: Product: syz [ 1072.314390][T13103] usb 4-1: Manufacturer: syz [ 1072.319655][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1072.330479][T13103] usb 4-1: SerialNumber: syz [ 1072.333097][ T854] bridge0: port 2(bridge_slave_1) entered blocking state [ 1072.342221][ T854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1072.353395][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1072.381064][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1072.406846][T13903] device veth0_vlan entered promiscuous mode [ 1072.422294][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1072.431506][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1072.445282][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1072.453135][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1072.466511][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1072.496061][T13903] device veth1_macvtap entered promiscuous mode [ 1072.527800][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1072.551065][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1072.568267][T13936] loop2: detected capacity change from 0 to 1024 [ 1072.630119][ T2121] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 1072.644716][ T2121] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 1072.652623][T13936] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1072.685999][ T2121] appleir 0003:05AC:8243.0001: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 1072.698532][T13936] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1072.798282][T13936] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3871: comm syz.2.2838: Allocating blocks 497-513 which overlap fs metadata [ 1072.839598][T13936] EXT4-fs (loop2): pa ffff888134d4d930: logic 128, phys. 385, len 8 [ 1072.847745][T13936] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1073.012151][T13958] loop0: detected capacity change from 0 to 40427 [ 1073.060356][T13958] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1073.068148][T13958] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1073.077521][T13958] F2FS-fs (loop0): invalid crc value [ 1073.100931][T13958] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1073.154585][T13958] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1073.161807][T13958] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1073.251605][T13976] device syzkaller0 entered promiscuous mode [ 1073.478493][T13991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2858'. [ 1073.702185][ T6867] usb 4-1: USB disconnect, device number 25 [ 1073.968746][ T737] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1074.218907][ T737] usb 5-1: Using ep0 maxpacket: 8 [ 1075.157398][T14052] loop3: detected capacity change from 0 to 512 [ 1075.164225][T14054] loop2: detected capacity change from 0 to 2048 [ 1075.178834][ T737] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1075.190030][ T737] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1075.199579][ T737] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1075.209230][ T737] usb 5-1: config 0 descriptor?? [ 1075.216072][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 1075.216088][ T30] audit: type=1326 audit(2000000001.340:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.254070][ T30] audit: type=1326 audit(2000000001.340:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.269258][T14060] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 1075.286854][ T20] usb 2-1: USB disconnect, device number 25 [ 1075.287866][T14052] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.2883: casefold flag without casefold feature [ 1075.294367][T14054] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 1075.309526][ T30] audit: type=1326 audit(2000000001.340:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.342966][ T30] audit: type=1326 audit(2000000001.340:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.354546][T14052] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.2883: couldn't read orphan inode 15 (err -117) [ 1075.367065][ T30] audit: type=1326 audit(2000000001.340:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.402176][T14052] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1075.413537][T14060] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 1075.422398][ T30] audit: type=1326 audit(2000000001.340:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.451990][ T30] audit: type=1326 audit(2000000001.340:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.486753][ T30] audit: type=1326 audit(2000000001.340:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.523418][ T30] audit: type=1326 audit(2000000001.360:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1075.547337][ T30] audit: type=1326 audit(2000000001.360:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14062 comm="syz.0.2888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bf477fc9 code=0x7ffc0000 [ 1076.028407][T14054] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1076.043556][T14054] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 1076.056723][T14054] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1076.056723][T14054] [ 1076.068144][T14054] EXT4-fs (loop2): Total free blocks count 0 [ 1076.074342][T14054] EXT4-fs (loop2): Free/Dirty block details [ 1076.089091][T14054] EXT4-fs (loop2): free_blocks=2415919104 [ 1076.101597][T14054] EXT4-fs (loop2): dirty_blocks=7312 [ 1076.106943][T14054] EXT4-fs (loop2): Block reservation details [ 1076.116560][T14054] EXT4-fs (loop2): i_reserved_data_blocks=457 [ 1076.144549][ T1195] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 1076.157898][ T1195] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1076.157898][ T1195] [ 1076.222560][T14091] bridge0: port 2(bridge_slave_1) entered disabled state [ 1076.229885][T14091] bridge0: port 1(bridge_slave_0) entered disabled state [ 1076.305144][T14093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2898'. [ 1076.351338][T14098] raw_sendmsg: syz.3.2899 forgot to set AF_INET. Fix it! [ 1076.695737][T11117] usb 5-1: USB disconnect, device number 20 [ 1076.728764][ T20] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1076.748471][T14123] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2910'. [ 1076.799004][ T737] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1076.922535][T14140] loop4: detected capacity change from 0 to 128 [ 1077.178964][ T20] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1077.195124][ T20] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1077.213063][T14144] loop8: detected capacity change from 0 to 8 [ 1077.219674][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.243953][ T20] usb 3-1: config 0 descriptor?? [ 1077.938750][ T4760] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1077.998870][ T737] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1078.007951][ T737] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.016272][ T737] usb 4-1: Product: syz [ 1078.020486][ T737] usb 4-1: Manufacturer: syz [ 1078.025087][ T737] usb 4-1: SerialNumber: syz [ 1078.308837][ T4760] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1078.319158][ T4760] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1078.328226][ T4760] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1078.336886][ T4760] usb 5-1: config 0 descriptor?? [ 1078.558579][ T4760] usb 3-1: USB disconnect, device number 33 [ 1078.627248][T14171] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1079.198778][ T4760] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1079.288746][ T427] usb 2-1: new low-speed USB device number 26 using dummy_hcd [ 1079.334560][ T20] usb 4-1: USB disconnect, device number 26 [ 1079.558823][ T4760] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1079.568665][ T4760] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1079.581813][ T4760] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1079.591032][ T4760] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1079.603257][ T4760] usb 3-1: config 0 descriptor?? [ 1079.654760][ T20] usb 5-1: USB disconnect, device number 21 [ 1079.748827][ T427] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1079.756356][ T427] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1079.767264][ T427] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1080.132020][ T427] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1080.139535][ T427] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1080.150292][ T427] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1080.248804][ T427] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 1080.256536][ T427] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1080.267550][ T427] usb 2-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1080.301735][ T30] kauditd_printk_skb: 32 callbacks suppressed [ 1080.301752][ T30] audit: type=1400 audit(2000000006.430:284): avc: denied { create } for pid=14225 comm="syz.0.2949" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1080.329197][ T30] audit: type=1400 audit(2000000006.430:285): avc: denied { write } for pid=14225 comm="syz.0.2949" name="file0" dev="tmpfs" ino=3327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1080.340210][ T4760] kovaplus 0003:1E7D:2D50.0002: item fetching failed at offset 2/5 [ 1080.352196][ T30] audit: type=1400 audit(2000000006.430:286): avc: denied { open } for pid=14225 comm="syz.0.2949" path="/595/file0" dev="tmpfs" ino=3327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1080.361893][ T4760] kovaplus 0003:1E7D:2D50.0002: parse failed [ 1080.383536][ T30] audit: type=1400 audit(2000000006.430:287): avc: denied { ioctl } for pid=14225 comm="syz.0.2949" path="/595/file0" dev="tmpfs" ino=3327 ioctlcmd=0x5406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1080.388986][ T4760] kovaplus: probe of 0003:1E7D:2D50.0002 failed with error -22 [ 1080.414183][ T30] audit: type=1400 audit(2000000006.460:288): avc: denied { unlink } for pid=283 comm="syz-executor" name="file0" dev="tmpfs" ino=3327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1080.562462][T14237] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1080.582704][ T737] usb 3-1: USB disconnect, device number 34 [ 1080.608898][ T427] usb 2-1: string descriptor 0 read error: -22 [ 1080.618821][ T427] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1080.643206][ T427] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.833096][T14249] loop4: detected capacity change from 0 to 1024 [ 1080.868121][T14249] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1080.922812][ T4760] usb 2-1: USB disconnect, device number 26 [ 1080.943008][T14249] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1081.127035][T14250] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.172920][T14258] loop4: detected capacity change from 0 to 512 [ 1081.173828][T14260] loop2: detected capacity change from 0 to 128 [ 1081.185907][T14250] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.246983][T14250] device bridge_slave_0 entered promiscuous mode [ 1081.270106][T14250] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.277292][T14250] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.286848][T14250] device bridge_slave_1 entered promiscuous mode [ 1081.369167][T14259] handle_bad_sector: 4804 callbacks suppressed [ 1081.369213][T14259] attempt to access beyond end of device [ 1081.369213][T14259] loop2: rw=2049, want=250, limit=128 [ 1081.577187][T14269] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2964'. [ 1081.629557][T14250] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.636714][T14250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1081.644068][T14250] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.651136][T14250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1081.676448][T14269] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2964'. [ 1081.721700][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1081.732716][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.746521][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.766544][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1081.779310][ T854] bridge0: port 1(bridge_slave_0) entered blocking state [ 1081.786604][ T854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1081.812663][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1081.821548][ T854] bridge0: port 2(bridge_slave_1) entered blocking state [ 1081.828836][ T854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1081.846549][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1081.856237][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1081.865653][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1081.875611][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1081.896347][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1081.912469][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1081.915522][T14290] loop1: detected capacity change from 0 to 1024 [ 1081.935179][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1081.943549][T14290] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1081.955509][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1081.964554][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1081.972322][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1081.975447][T14290] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1081.980608][T14250] device veth0_vlan entered promiscuous mode [ 1082.030942][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1082.039537][ T854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1082.049967][T14250] device veth1_macvtap entered promiscuous mode [ 1082.067668][T14294] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2970'. [ 1082.087380][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1082.105623][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1082.114407][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1082.127854][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1082.136617][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1082.152170][T14296] device veth3 entered promiscuous mode [ 1082.352088][ T30] audit: type=1400 audit(2000000008.460:289): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=4082 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 1082.456768][ T30] audit: type=1400 audit(2000000008.470:290): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=4082 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 1082.670778][ T30] audit: type=1400 audit(2000000008.470:291): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=4082 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 1085.984470][T14325] loop2: detected capacity change from 0 to 1024 [ 1085.995453][ T30] audit: type=1400 audit(2000000012.120:292): avc: denied { bind } for pid=14326 comm="syz.0.2984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1086.044185][T14329] loop3: detected capacity change from 0 to 128 [ 1086.055454][ T30] audit: type=1400 audit(2000000012.140:293): avc: denied { name_bind } for pid=14326 comm="syz.0.2984" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 1086.077075][ T30] audit: type=1400 audit(2000000012.150:294): avc: denied { node_bind } for pid=14326 comm="syz.0.2984" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 1086.100085][ T30] audit: type=1400 audit(2000000012.150:295): avc: denied { connect } for pid=14326 comm="syz.0.2984" laddr=::ffff:0.0.0.0 lport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1086.122957][ T30] audit: type=1400 audit(2000000012.150:296): avc: denied { read } for pid=14326 comm="syz.0.2984" laddr=::ffff:127.0.0.1 lport=20001 faddr=::ffff:127.0.0.1 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1086.190943][T14325] EXT4-fs (loop2): Ignoring removed nobh option [ 1086.197241][T14325] EXT4-fs (loop2): Ignoring removed bh option [ 1086.228878][T14325] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1086.251417][T14336] loop3: detected capacity change from 0 to 512 [ 1086.277615][T14336] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.2986: casefold flag without casefold feature [ 1086.290685][T14325] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,data_err=abort,barrier=0x0000000000000002,dioread_lock,errors=remount-ro,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,. Quota mode: writeback. [ 1086.292698][T14336] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.2986: couldn't read orphan inode 15 (err -117) [ 1086.331584][T14336] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1086.346240][T14343] loop8: detected capacity change from 0 to 7 [ 1086.348123][ T30] audit: type=1400 audit(2000000012.470:297): avc: denied { create } for pid=14324 comm="syz.2.2982" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 1086.422607][T14334] bridge0: port 1(bridge_slave_0) entered blocking state [ 1086.429918][T14334] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.437484][T14334] device bridge_slave_0 entered promiscuous mode [ 1086.445061][T14334] bridge0: port 2(bridge_slave_1) entered blocking state [ 1086.452191][T14334] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.459911][T14334] device bridge_slave_1 entered promiscuous mode [ 1086.526020][T14334] bridge0: port 2(bridge_slave_1) entered blocking state [ 1086.533161][T14334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1086.540613][T14334] bridge0: port 1(bridge_slave_0) entered blocking state [ 1086.547675][T14334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1086.616198][ T30] audit: type=1400 audit(2000000012.740:298): avc: denied { module_load } for pid=14335 comm="syz.3.2986" path="/565/file0/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=system permissive=1 [ 1086.624206][T14355] loop2: detected capacity change from 0 to 128 [ 1086.755682][T14355] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1086.870901][T12133] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.884096][T14355] ext4 filesystem being mounted at /581/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1086.895960][T14361] loop4: detected capacity change from 0 to 128 [ 1086.922667][T12133] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.027074][ T30] audit: type=1400 audit(2000000013.150:299): avc: denied { mounton } for pid=14360 comm="syz.4.2990" path="/32/file1/file0" dev="loop4" ino=1048691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 1087.051485][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1087.060812][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1087.070821][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1087.080113][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1087.210719][ T7444] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.217785][ T7444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1087.243866][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1087.270536][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1087.288219][ T7444] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.295337][ T7444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1087.303135][ T30] audit: type=1400 audit(2000000013.390:300): avc: denied { write } for pid=14362 comm="syz.2.2991" name="ptp0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1087.348923][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1087.357407][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1087.365923][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1087.377578][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1087.395417][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1087.404284][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1087.413948][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1087.422700][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1087.432280][T14334] device veth0_vlan entered promiscuous mode [ 1087.445287][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1087.463528][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1087.505420][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1087.513969][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1087.531751][T14334] device veth1_macvtap entered promiscuous mode [ 1087.821139][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1087.829674][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1087.838122][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1087.866966][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1087.880744][T13903] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 1087.892095][T13903] FAT-fs (loop4): Filesystem has been set read-only [ 1087.903620][ T7444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1087.960671][T14372] loop4: detected capacity change from 0 to 2048 [ 1088.032415][T14372] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable=0x0000000000000001,errors=remount-ro,resgid=0x0000000000000000,barrier,bsdgroups,inode_readahead_blks=0x0000000000002000,. Quota mode: none. [ 1088.053429][T14372] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1088.240278][ T20] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1088.268504][ T30] audit: type=1400 audit(2000000014.390:301): avc: denied { setattr } for pid=14371 comm="syz.4.2993" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1088.883379][ T854] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm kworker/u4:5: bg 0: block 345: padding at end of block bitmap is not set [ 1088.883669][ T854] EXT4-fs (loop4): Remounting filesystem read-only [ 1089.068867][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1089.108993][ T20] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1089.123531][T14394] loop4: detected capacity change from 0 to 1024 [ 1089.131511][ T20] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1089.141084][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1089.146924][T14394] EXT4-fs (loop4): Ignoring removed orlov option [ 1089.150228][ T20] usb 1-1: config 0 descriptor?? [ 1089.189187][T14394] EXT4-fs (loop4): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 1089.339512][ T737] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1089.463933][T14402] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1089.594707][T14414] loop4: detected capacity change from 0 to 1024 [ 1089.708870][ T2121] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1089.729244][ T737] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1089.762940][ T737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1089.853671][ T20] kovaplus 0003:1E7D:2D50.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0 [ 1089.862403][T14414] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback. [ 1089.877572][ T737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1089.888573][ T737] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1089.958798][ T2121] usb 4-1: Using ep0 maxpacket: 16 [ 1089.978876][ T20] kovaplus 0003:1E7D:2D50.0003: couldn't init struct kovaplus_device [ 1089.987257][ T20] kovaplus 0003:1E7D:2D50.0003: couldn't install mouse [ 1089.995028][ T20] kovaplus: probe of 0003:1E7D:2D50.0003 failed with error -71 [ 1090.004334][ T20] usb 1-1: USB disconnect, device number 18 [ 1090.035593][T14422] fido_id[14422]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 1090.045310][ T737] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1090.059560][ T737] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1090.067726][ T737] usb 3-1: Manufacturer: syz [ 1090.090109][ T737] usb 3-1: config 0 descriptor?? [ 1090.505539][T14428] kvm: emulating exchange as write [ 1090.537676][T14431] loop1: detected capacity change from 0 to 1024 [ 1090.578795][ T2121] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1090.579765][T14431] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1090.598126][ T2121] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1090.607995][ T2121] usb 4-1: Product: syz [ 1090.612711][ T2121] usb 4-1: Manufacturer: syz [ 1090.617374][ T2121] usb 4-1: SerialNumber: syz [ 1090.626570][ T2121] r8152-cfgselector 4-1: config 0 descriptor?? [ 1090.631032][T14431] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1090.674174][T14431] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3871: comm syz.1.3011: Allocating blocks 497-513 which overlap fs metadata [ 1090.689855][ T737] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 1090.697121][ T737] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 1090.706010][T14431] EXT4-fs (loop1): pa ffff8881119ba888: logic 128, phys. 385, len 8 [ 1090.714093][T14431] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1090.726628][ T737] appleir 0003:05AC:8243.0004: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1090.763261][T14433] loop0: detected capacity change from 0 to 40427 [ 1090.786503][T14433] F2FS-fs (loop0): invalid crc value [ 1090.797379][T14433] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1090.838671][T14433] F2FS-fs (loop0): Start checkpoint disabled! [ 1090.845714][T14433] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 1090.853449][T14440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3013'. [ 1090.872359][T14440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3013'. [ 1090.914620][ T2121] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1090.937784][ T854] attempt to access beyond end of device [ 1090.937784][ T854] loop0: rw=2049, want=40968, limit=40427 [ 1090.949544][ T854] attempt to access beyond end of device [ 1090.949544][ T854] loop0: rw=2049, want=40992, limit=40427 [ 1091.080074][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1091.080091][ T30] audit: type=1400 audit(2000000002.470:304): avc: denied { ioctl } for pid=14447 comm="syz.0.3014" path="socket:[49494]" dev="sockfs" ino=49494 ioctlcmd=0x48e6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1091.112122][ T2121] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1091.118503][ T2121] r8152-cfgselector 4-1: bad CDC descriptors [ 1091.142522][ T30] audit: type=1400 audit(2000000002.530:305): avc: denied { ioctl } for pid=14455 comm="syz.0.3019" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1091.148912][ T2121] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1091.168618][ T30] audit: type=1400 audit(2000000002.530:306): avc: denied { set_context_mgr } for pid=14455 comm="syz.0.3019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1091.194855][ T30] audit: type=1400 audit(2000000002.530:307): avc: denied { map } for pid=14455 comm="syz.0.3019" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1091.258743][ T20] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1091.261027][ T2121] r8152-cfgselector 4-1: USB disconnect, device number 27 [ 1091.387298][ T30] audit: type=1400 audit(2000000002.770:308): avc: denied { call } for pid=14455 comm="syz.0.3019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1091.588770][ T20] usb 5-1: Using ep0 maxpacket: 32 [ 1091.662828][T14460] loop3: detected capacity change from 0 to 8192 [ 1091.718827][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1091.719288][ T6197] loop3: p1 < > p2 < > p3 p4 < > [ 1091.734750][ T6197] loop3: partition table partially beyond EOD, truncated [ 1091.741943][ T6197] loop3: p1 start 67108864 is beyond EOD, truncated [ 1091.748572][ T6197] loop3: p2 start 4278190080 is beyond EOD, truncated [ 1091.755395][ T6197] loop3: p3 start 100859904 is beyond EOD, truncated [ 1091.800447][T14460] loop3: p1 < > p2 < > p3 p4 < > [ 1091.805657][T14460] loop3: partition table partially beyond EOD, truncated [ 1091.813537][T14460] loop3: p1 start 67108864 is beyond EOD, truncated [ 1091.820674][T14460] loop3: p2 start 4278190080 is beyond EOD, truncated [ 1091.827536][T14460] loop3: p3 start 100859904 is beyond EOD, truncated [ 1091.901836][ T20] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1091.913623][ T20] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1091.922006][ T20] usb 5-1: Product: syz [ 1091.926199][ T20] usb 5-1: Manufacturer: syz [ 1091.930832][ T20] usb 5-1: SerialNumber: syz [ 1091.936010][ T20] usb 5-1: config 0 descriptor?? [ 1092.008643][T14465] loop1: detected capacity change from 0 to 1024 [ 1092.039596][T14465] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 1092.061277][T14465] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 1092.070083][T14465] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1092.077173][T14465] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.3021: Inode bitmap for bg 0 marked uninitialized [ 1092.090401][T14465] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 1092.136377][T14463] EXT4-fs (loop1): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 1092.146236][T14463] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #2: block 16: comm syz.1.3021: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 1092.166200][T14463] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #2: block 16: comm syz.1.3021: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 1092.186596][T14463] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #2: block 16: comm syz.1.3021: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 1092.187769][T13103] usb 5-1: USB disconnect, device number 22 [ 1092.266883][ T30] audit: type=1400 audit(2000000003.650:309): avc: denied { create } for pid=14472 comm="syz.0.3024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1092.301723][ T30] audit: type=1400 audit(2000000003.670:310): avc: denied { setopt } for pid=14472 comm="syz.0.3024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1092.321578][ T30] audit: type=1400 audit(2000000003.670:311): avc: denied { bind } for pid=14472 comm="syz.0.3024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1092.341092][ T30] audit: type=1400 audit(2000000003.670:312): avc: denied { node_bind } for pid=14472 comm="syz.0.3024" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 1093.530173][T14489] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1095.223401][ T4760] usb 3-1: USB disconnect, device number 35 [ 1095.271848][T14511] loop0: detected capacity change from 0 to 1024 [ 1095.280461][ T737] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1095.319813][T14511] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1095.350997][ T30] audit: type=1400 audit(2000000006.740:313): avc: denied { create } for pid=14510 comm="syz.0.3036" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1095.381570][T14511] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3871: comm syz.0.3036: Allocating blocks 497-513 which overlap fs metadata [ 1095.396069][T14511] EXT4-fs (loop0): pa ffff8881119ba498: logic 256, phys. 385, len 8 [ 1095.404147][T14511] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1095.443169][T14517] loop2: detected capacity change from 0 to 1024 [ 1095.475522][T14519] loop0: detected capacity change from 0 to 128 [ 1095.498916][ T6230] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1095.528742][ T737] usb 2-1: Using ep0 maxpacket: 16 [ 1095.536119][T14517] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1095.552042][T14519] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1095.566300][T14517] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1095.583837][T14519] ext4 filesystem being mounted at /20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1095.647306][T14517] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3871: comm syz.2.3037: Allocating blocks 497-513 which overlap fs metadata [ 1095.661521][T14519] loop_set_status: loop0 () has still dirty pages (nrpages=1) [ 1095.662384][T14517] EXT4-fs (loop2): pa ffff888134d4d690: logic 128, phys. 385, len 8 [ 1095.677247][T14517] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1095.678863][ T737] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1095.693848][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 0 [ 1095.698141][ T737] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 1095.708156][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 1095.717773][ T737] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1095.731315][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 1095.753965][T14250] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #11: comm syz-executor: Directory block failed checksum [ 1095.763286][ T737] usb 2-1: config 0 descriptor?? [ 1095.766536][ T6230] usb 4-1: Using ep0 maxpacket: 16 [ 1095.776586][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 0 [ 1095.790713][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 1095.805471][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 1095.821964][T14250] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #11: comm syz-executor: Directory block failed checksum [ 1095.833829][T14533] loop2: detected capacity change from 0 to 16 [ 1095.840968][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 0 [ 1095.854992][T14250] EXT4-fs error (device loop0): ext4_readdir:223: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 1095.890093][T14533] erofs: (device loop2): mounted with root inode @ nid 36. [ 1095.897599][T14533] SELinux: (dev loop2, type erofs) getxattr errno 117 [ 1096.078854][ T6230] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1096.088158][ T6230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.096289][ T6230] usb 4-1: Product: syz [ 1096.100700][ T6230] usb 4-1: Manufacturer: syz [ 1096.105461][ T6230] usb 4-1: SerialNumber: syz [ 1096.111596][ T6230] r8152-cfgselector 4-1: config 0 descriptor?? [ 1096.167666][T14539] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.175105][T14539] bridge0: port 1(bridge_slave_0) entered disabled state [ 1096.182885][T14539] device bridge_slave_0 entered promiscuous mode [ 1096.190278][T14539] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.197331][T14539] bridge0: port 2(bridge_slave_1) entered disabled state [ 1096.205416][T14539] device bridge_slave_1 entered promiscuous mode [ 1096.265204][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.285298][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.292323][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.299873][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.306692][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.315182][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.322142][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.329114][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.335841][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.347843][T14539] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.354947][T14539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1096.362438][T14539] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.362510][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.369521][T14539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1096.388800][ T6230] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1096.393963][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.401967][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1096.409899][ T1195] bridge0: port 1(bridge_slave_0) entered disabled state [ 1096.417127][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.424836][ T1195] bridge0: port 2(bridge_slave_1) entered disabled state [ 1096.432217][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.440598][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.448003][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1096.456780][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.464409][ T1195] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.471502][ T1195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1096.479188][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.486130][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.507166][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1096.517653][ T1195] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.519242][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.524769][ T1195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1096.544731][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.551777][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.558661][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.560996][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1096.575740][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.577188][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1096.586307][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.598075][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.599545][ T6230] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1096.605327][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.611687][ T6230] r8152-cfgselector 4-1: bad CDC descriptors [ 1096.618344][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.630814][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.637555][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.638965][ T6230] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1096.644397][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.658240][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1096.666531][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.668946][ T6230] r8152-cfgselector 4-1: USB disconnect, device number 28 [ 1096.673636][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.680868][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1096.687577][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.702072][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1096.710390][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1096.716504][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.719807][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1096.732583][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1096.740884][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.741181][ T854] device bridge_slave_1 left promiscuous mode [ 1096.747695][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.754751][ T854] bridge0: port 2(bridge_slave_1) entered disabled state [ 1096.760568][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.774476][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.774746][ T854] device bridge_slave_0 left promiscuous mode [ 1096.781322][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.788239][ T854] bridge0: port 1(bridge_slave_0) entered disabled state [ 1096.794224][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.807907][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.814707][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.815048][ T854] device veth1_macvtap left promiscuous mode [ 1096.821554][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.827829][ T854] device veth0_vlan left promiscuous mode [ 1096.834476][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.846934][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.853768][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.860705][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.867534][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.874541][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.881312][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.888029][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.894844][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.901587][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.908327][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.915142][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.927903][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.942824][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.959452][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.966475][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1096.993807][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.004468][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.011870][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.018851][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.025587][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.032747][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.039698][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.046439][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.053858][T14539] device veth0_vlan entered promiscuous mode [ 1097.074534][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1097.082849][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.089999][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1097.100021][T14539] device veth1_macvtap entered promiscuous mode [ 1097.107200][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.129055][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1097.136780][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1097.145463][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.152233][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.172354][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1097.182696][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.193949][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.210379][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1097.219560][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1097.219577][ T30] audit: type=1400 audit(2000000008.600:317): avc: denied { mount } for pid=14539 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1097.255659][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.263946][ T1195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1097.274356][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.293384][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.313304][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.327924][ T30] audit: type=1326 audit(2000000008.710:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1097.333315][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.411248][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.425355][ T30] audit: type=1326 audit(2000000008.720:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1097.440063][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.472783][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.518734][ T30] audit: type=1326 audit(2000000008.720:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1097.567997][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.574847][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.581650][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.588362][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.595156][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.602016][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.609172][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.615926][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.622832][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.637848][ T30] audit: type=1326 audit(2000000008.720:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1097.687384][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1097.965910][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.005049][ T30] audit: type=1326 audit(2000000008.720:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1098.028799][ T30] audit: type=1326 audit(2000000008.720:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1098.029332][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.052280][ T30] audit: type=1326 audit(2000000008.720:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14570 comm="syz.3.3055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4e1526fc9 code=0x7ffc0000 [ 1098.052316][ T30] audit: type=1400 audit(2000000008.850:325): avc: denied { connect } for pid=14576 comm="syz.4.3058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1098.178342][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.186244][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.193192][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.193192][T14587] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem [ 1098.222280][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.229398][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.236531][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.243629][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.255249][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.259969][T14589] loop5: detected capacity change from 0 to 1024 [ 1098.262018][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.262043][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.262065][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.278887][ T30] audit: type=1400 audit(2000000777.666:326): avc: denied { create } for pid=14590 comm="syz.2.3063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1098.283681][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.298280][T14589] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1098.316467][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.336210][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.343208][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.350272][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.357902][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.364780][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.371751][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.381000][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.389550][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.397118][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.411888][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.419164][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.426101][ T6230] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1098.434458][T14589] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1098.461659][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.468677][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.475999][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.484390][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.492779][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.499512][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.503861][T14589] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3871: comm syz.5.3062: Allocating blocks 497-513 which overlap fs metadata [ 1098.521447][T14589] EXT4-fs (loop5): pa ffff8881368a5690: logic 128, phys. 385, len 8 [ 1098.524573][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x1 [ 1098.529508][T14589] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1098.548432][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.555211][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.562415][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.569434][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.576934][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x1 [ 1098.583704][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x1 [ 1098.590678][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.597770][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.604635][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.611412][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.618220][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.625028][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.631890][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.638669][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.645416][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.652129][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.658856][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.665603][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.671633][ T6230] usb 5-1: Using ep0 maxpacket: 32 [ 1098.672341][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.684113][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.690810][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.697565][ T737] kye 0003:0458:5013.0005: unknown main item tag 0x0 [ 1098.704284][ T737] kye 0003:0458:5013.0005: unexpected long global item [ 1098.711399][ T737] kye 0003:0458:5013.0005: parse failed [ 1098.716964][ T737] kye: probe of 0003:0458:5013.0005 failed with error -22 [ 1098.732218][ T737] usb 2-1: USB disconnect, device number 27 [ 1098.805431][ T6230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1098.816719][ T6230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1098.868448][T14614] tmpfs: Unsupported parameter 'mpol' [ 1098.900692][ T6230] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1098.909790][ T6230] usb 5-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1098.918554][ T6230] usb 5-1: Manufacturer: syz [ 1098.927390][ T6230] usb 5-1: config 0 descriptor?? [ 1098.932083][T14618] loop5: detected capacity change from 0 to 8192 [ 1098.977005][ T427] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1099.084463][ T2628] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1099.092142][ T737] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1099.338524][ T2628] usb 4-1: Using ep0 maxpacket: 32 [ 1099.387845][ T427] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1099.397098][ T427] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1099.406414][ T6230] hid-generic 0003:0403:6030.0006: unknown main item tag 0x7 [ 1099.411140][ T427] usb 3-1: config 0 descriptor?? [ 1099.415907][ T6230] hid-generic 0003:0403:6030.0006: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 1099.472137][ T2628] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1099.483776][ T2628] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1099.586207][ T2628] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1099.595391][ T2628] usb 4-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 1099.605200][ T2628] usb 4-1: Manufacturer: syz [ 1099.610865][ T2628] usb 4-1: config 0 descriptor?? [ 1099.633905][ T737] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1099.643303][ T737] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1099.651361][ T737] usb 2-1: Product: syz [ 1099.656496][ T737] usb 2-1: Manufacturer: syz [ 1099.661233][ T737] usb 2-1: SerialNumber: syz [ 1099.994702][T14630] loop5: detected capacity change from 0 to 256 [ 1100.063853][ T2628] hid-generic 0003:0403:6030.0007: unknown main item tag 0x7 [ 1100.072759][ T2628] hid-generic 0003:0403:6030.0007: hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 1100.472142][ T427] usb 3-1: Cannot set autoneg [ 1100.476912][ T427] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71 [ 1100.486178][ T427] usb 3-1: USB disconnect, device number 36 [ 1100.620358][ T4760] usb 5-1: USB disconnect, device number 23 [ 1100.637093][T14638] loop4: detected capacity change from 0 to 1024 [ 1100.665799][T14638] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1100.683261][T14638] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1100.718298][T14638] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3871: comm syz.4.3078: Allocating blocks 497-513 which overlap fs metadata [ 1100.733413][T14638] EXT4-fs (loop4): pa ffff888134d4dc78: logic 128, phys. 385, len 8 [ 1100.742070][T14638] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1100.867366][ T4760] usb 2-1: USB disconnect, device number 28 [ 1102.110009][T14665] loop4: detected capacity change from 0 to 128 [ 1102.154915][ T4760] usb 4-1: USB disconnect, device number 29 [ 1102.194219][T14665] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 1102.223452][T14673] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3091'. [ 1102.229626][T14665] ext4 filesystem being mounted at /52/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1102.240271][T14675] loop1: detected capacity change from 0 to 1024 [ 1102.264883][ T617] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1102.289159][T14665] EXT4-fs error (device loop4): dx_make_map:1328: inode #2: block 63: comm syz.4.3087: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 1102.311573][T14675] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1102.340471][T14665] EXT4-fs (loop4): Remounting filesystem read-only [ 1102.348449][T14681] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1102.355009][T14665] EXT4-fs error (device loop4) in do_split:2095: Corrupt filesystem [ 1102.378921][T14665] EXT4-fs (loop4): Remounting filesystem read-only [ 1102.385742][T14683] loop3: detected capacity change from 0 to 1024 [ 1102.400575][T14675] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 1102.443789][T14675] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3871: comm syz.1.3090: Allocating blocks 497-513 which overlap fs metadata [ 1102.459045][T14675] EXT4-fs (loop1): pa ffff888111a87690: logic 128, phys. 385, len 8 [ 1102.468856][T14675] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 1 [ 1102.547048][T14683] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1102.682373][ T617] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1102.683165][T14695] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 1102.710384][T14695] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28 [ 1102.723152][T14695] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1102.723152][T14695] [ 1102.726109][ T617] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1102.733494][T14695] EXT4-fs (loop3): Total free blocks count 0 [ 1102.750308][T14695] EXT4-fs (loop3): Free/Dirty block details [ 1102.756430][T14695] EXT4-fs (loop3): free_blocks=68451041280 [ 1102.762492][ T617] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1102.771127][T14695] EXT4-fs (loop3): dirty_blocks=64 [ 1102.778367][ T617] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1102.792395][T14695] EXT4-fs (loop3): Block reservation details [ 1102.793649][ T617] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1102.802882][T14695] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 1102.839632][ T617] usb 3-1: config 0 descriptor?? [ 1102.947003][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1102.947018][ T30] audit: type=1400 audit(2000000782.568:329): avc: denied { setopt } for pid=14698 comm="syz.5.3099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1102.978971][T14700] ================================================================== [ 1102.987107][T14700] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1102.996351][T14700] Read of size 1 at addr ffff88811009a3f8 by task syz.5.3099/14700 [ 1103.004289][T14700] [ 1103.006668][T14700] CPU: 0 PID: 14700 Comm: syz.5.3099 Not tainted syzkaller #0 [ 1103.014247][T14700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1103.024429][T14700] Call Trace: [ 1103.027748][T14700] [ 1103.030708][T14700] __dump_stack+0x21/0x30 [ 1103.035078][T14700] dump_stack_lvl+0xee/0x150 [ 1103.039701][T14700] ? show_regs_print_info+0x20/0x20 [ 1103.044936][T14700] ? load_image+0x3a0/0x3a0 [ 1103.049476][T14700] ? unwind_get_return_address+0x4d/0x90 [ 1103.055161][T14700] print_address_description+0x7f/0x2c0 [ 1103.060841][T14700] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1103.067406][T14700] kasan_report+0xf1/0x140 [ 1103.071863][T14700] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1103.078413][T14700] __asan_report_load1_noabort+0x14/0x20 [ 1103.084083][T14700] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1103.090454][T14700] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 1103.096688][T14700] ? xfrm_netlink_rcv+0x72/0x90 [ 1103.101579][T14700] ? netlink_unicast+0x876/0xa40 [ 1103.106555][T14700] ? netlink_sendmsg+0x86a/0xb70 [ 1103.111531][T14700] ? ____sys_sendmsg+0x5a2/0x8c0 [ 1103.116508][T14700] ? ___sys_sendmsg+0x1f0/0x260 [ 1103.121406][T14700] ? x64_sys_call+0x4b/0x9a0 [ 1103.126043][T14700] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1103.132171][T14700] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 1103.138394][T14700] xfrm_policy_inexact_insert+0x70/0x1130 [ 1103.144164][T14700] ? __get_hash_thresh+0x10c/0x420 [ 1103.149411][T14700] ? policy_hash_bysel+0x110/0x4f0 [ 1103.154554][T14700] xfrm_policy_insert+0x126/0x9a0 [ 1103.158638][ T30] audit: type=1400 audit(2000000782.663:330): avc: denied { write } for pid=273 comm="syz-executor" path="pipe:[14044]" dev="pipefs" ino=14044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 1103.159591][T14700] ? xfrm_policy_construct+0x54f/0x1f00 [ 1103.188243][T14700] xfrm_add_policy+0x4d1/0x830 [ 1103.193060][T14700] ? xfrm_dump_sa_done+0xc0/0xc0 [ 1103.198032][T14700] xfrm_user_rcv_msg+0x45c/0x6e0 [ 1103.203002][T14700] ? xfrm_netlink_rcv+0x90/0x90 [ 1103.207895][T14700] ? avc_has_perm_noaudit+0x460/0x460 [ 1103.213295][T14700] ? x64_sys_call+0x4b/0x9a0 [ 1103.217920][T14700] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 1103.223331][T14700] netlink_rcv_skb+0x1e0/0x430 [ 1103.228136][T14700] ? xfrm_netlink_rcv+0x90/0x90 [ 1103.233020][T14700] ? netlink_ack+0xb60/0xb60 [ 1103.237669][T14700] ? wait_for_completion_killable_timeout+0x10/0x10 [ 1103.244294][T14700] ? __netlink_lookup+0x387/0x3b0 [ 1103.249359][T14700] xfrm_netlink_rcv+0x72/0x90 [ 1103.254077][T14700] netlink_unicast+0x876/0xa40 [ 1103.258875][T14700] netlink_sendmsg+0x86a/0xb70 [ 1103.263672][T14700] ? netlink_getsockopt+0x530/0x530 [ 1103.268905][T14700] ? sock_alloc_file+0xba/0x260 [ 1103.273963][T14700] ? security_socket_sendmsg+0x82/0xa0 [ 1103.279462][T14700] ? netlink_getsockopt+0x530/0x530 [ 1103.284667][T14700] ____sys_sendmsg+0x5a2/0x8c0 [ 1103.289448][T14700] ? __sys_sendmsg_sock+0x40/0x40 [ 1103.294565][T14700] ? import_iovec+0x7c/0xb0 [ 1103.299082][T14700] ___sys_sendmsg+0x1f0/0x260 [ 1103.303767][T14700] ? __sys_sendmsg+0x250/0x250 [ 1103.308541][T14700] ? __fdget+0x1a1/0x230 [ 1103.312813][T14700] __x64_sys_sendmsg+0x1e2/0x2a0 [ 1103.317761][T14700] ? ___sys_sendmsg+0x260/0x260 [ 1103.322617][T14700] ? __kasan_check_write+0x14/0x20 [ 1103.327733][T14700] ? switch_fpu_return+0x15d/0x2c0 [ 1103.332853][T14700] x64_sys_call+0x4b/0x9a0 [ 1103.337274][T14700] do_syscall_64+0x4c/0xa0 [ 1103.341695][T14700] ? clear_bhb_loop+0x50/0xa0 [ 1103.346373][T14700] ? clear_bhb_loop+0x50/0xa0 [ 1103.351053][T14700] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1103.356984][T14700] RIP: 0033:0x7fe8135defc9 [ 1103.361407][T14700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.381019][T14700] RSP: 002b:00007fe812047038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1103.389445][T14700] RAX: ffffffffffffffda RBX: 00007fe813835fa0 RCX: 00007fe8135defc9 [ 1103.397419][T14700] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 1103.405401][T14700] RBP: 00007fe813661f91 R08: 0000000000000000 R09: 0000000000000000 [ 1103.413386][T14700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1103.421383][T14700] R13: 00007fe813836038 R14: 00007fe813835fa0 R15: 00007fff49130d48 [ 1103.429381][T14700] [ 1103.432399][T14700] [ 1103.434717][T14700] Allocated by task 14700: [ 1103.439128][T14700] __kasan_kmalloc+0xda/0x110 [ 1103.443810][T14700] __kmalloc+0x13d/0x2c0 [ 1103.448050][T14700] sk_prot_alloc+0xed/0x320 [ 1103.452571][T14700] sk_alloc+0x38/0x430 [ 1103.456643][T14700] pfkey_create+0x12a/0x660 [ 1103.461147][T14700] __sock_create+0x38d/0x7a0 [ 1103.465736][T14700] __sys_socket+0xec/0x190 [ 1103.470152][T14700] __x64_sys_socket+0x7a/0x90 [ 1103.474840][T14700] x64_sys_call+0x8c5/0x9a0 [ 1103.479387][T14700] do_syscall_64+0x4c/0xa0 [ 1103.483803][T14700] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1103.489699][T14700] [ 1103.492022][T14700] The buggy address belongs to the object at ffff88811009a000 [ 1103.492022][T14700] which belongs to the cache kmalloc-1k of size 1024 [ 1103.506076][T14700] The buggy address is located 1016 bytes inside of [ 1103.506076][T14700] 1024-byte region [ffff88811009a000, ffff88811009a400) [ 1103.519529][T14700] The buggy address belongs to the page: [ 1103.525158][T14700] page:ffffea0004402600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110098 [ 1103.535392][T14700] head:ffffea0004402600 order:3 compound_mapcount:0 compound_pincount:0 [ 1103.543719][T14700] flags: 0x4000000000010200(slab|head|zone=1) [ 1103.549831][T14700] raw: 4000000000010200 ffffea0004525200 0000000500000005 ffff888100043080 [ 1103.558492][T14700] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1103.567071][T14700] page dumped because: kasan: bad access detected [ 1103.573480][T14700] page_owner tracks the page as allocated [ 1103.579186][T14700] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 101, ts 690651928921, free_ts 689259736847 [ 1103.599159][T14700] post_alloc_hook+0x192/0x1b0 [ 1103.603933][T14700] prep_new_page+0x1c/0x110 [ 1103.608444][T14700] get_page_from_freelist+0x2cc5/0x2d50 [ 1103.614012][T14700] __alloc_pages+0x18f/0x440 [ 1103.618608][T14700] new_slab+0xa1/0x4d0 [ 1103.622691][T14700] ___slab_alloc+0x381/0x810 [ 1103.627286][T14700] __slab_alloc+0x49/0x90 [ 1103.631626][T14700] __kmalloc_track_caller+0x169/0x2c0 [ 1103.637011][T14700] __alloc_skb+0x21a/0x740 [ 1103.641430][T14700] sk_stream_alloc_skb+0x21a/0xb60 [ 1103.646543][T14700] tcp_write_xmit+0xe1e/0x5df0 [ 1103.651336][T14700] __tcp_push_pending_frames+0x9c/0x2f0 [ 1103.657042][T14700] tcp_rcv_established+0x964/0x19b0 [ 1103.662244][T14700] tcp_v4_do_rcv+0x597/0x9f0 [ 1103.666841][T14700] tcp_v4_rcv+0x21cd/0x2810 [ 1103.671346][T14700] ip_protocol_deliver_rcu+0x314/0x6c0 [ 1103.676800][T14700] page last free stack trace: [ 1103.681462][T14700] free_unref_page_prepare+0x542/0x550 [ 1103.686929][T14700] free_unref_page+0xa2/0x550 [ 1103.691612][T14700] __free_pages+0x6c/0x100 [ 1103.696029][T14700] __free_slab+0xe8/0x1e0 [ 1103.700357][T14700] __unfreeze_partials+0x160/0x190 [ 1103.705473][T14700] put_cpu_partial+0xc6/0x120 [ 1103.710155][T14700] __slab_free+0x1d4/0x290 [ 1103.714748][T14700] ___cache_free+0x104/0x120 [ 1103.719442][T14700] qlink_free+0x4d/0x90 [ 1103.723595][T14700] qlist_free_all+0x5f/0xb0 [ 1103.728183][T14700] kasan_quarantine_reduce+0x14a/0x170 [ 1103.733661][T14700] __kasan_slab_alloc+0x2f/0xf0 [ 1103.738527][T14700] slab_post_alloc_hook+0x4f/0x2b0 [ 1103.743639][T14700] kmem_cache_alloc+0xf7/0x260 [ 1103.748400][T14700] getname_flags+0xb9/0x500 [ 1103.752911][T14700] __x64_sys_rename+0x5f/0x90 [ 1103.757599][T14700] [ 1103.759920][T14700] Memory state around the buggy address: [ 1103.765558][T14700] ffff88811009a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1103.773705][T14700] ffff88811009a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1103.781976][T14700] >ffff88811009a380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1103.790038][T14700] ^ [ 1103.798015][T14700] ffff88811009a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1103.806217][T14700] ffff88811009a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1103.814278][T14700] ================================================================== [ 1103.822361][T14700] Disabling lock debugging due to kernel taint [ 1103.835801][ T30] audit: type=1400 audit(2000000783.502:331): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1103.901377][ T30] audit: type=1400 audit(2000000783.502:332): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1103.922964][ T30] audit: type=1400 audit(2000000783.502:333): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1103.944589][ T30] audit: type=1400 audit(2000000783.502:334): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1103.965412][ T30] audit: type=1400 audit(2000000783.502:335): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1103.986482][ T30] audit: type=1400 audit(2000000783.502:336): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1104.009490][ T30] audit: type=1400 audit(2000000783.502:337): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1104.102255][ T617] usb 3-1: can't set config #0, error -71 [ 1104.121415][ T617] usb 3-1: USB disconnect, device number 37 [ 1104.847992][ T10] device bridge_slave_1 left promiscuous mode [ 1104.854204][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.861735][ T10] device bridge_slave_0 left promiscuous mode [ 1104.868013][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.876119][ T10] device veth1_macvtap left promiscuous mode [ 1104.882146][ T10] device veth0_vlan left promiscuous mode [ 1106.124077][ T10] device bridge_slave_1 left promiscuous mode [ 1106.130357][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1106.138004][ T10] device bridge_slave_0 left promiscuous mode [ 1106.144289][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1106.152800][ T10] device bridge_slave_1 left promiscuous mode [ 1106.158947][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1106.166681][ T10] device bridge_slave_0 left promiscuous mode [ 1106.172942][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1106.181596][ T10] device veth1_macvtap left promiscuous mode [ 1106.187662][ T10] device veth0_vlan left promiscuous mode [ 1106.193749][ T10] device veth1_macvtap left promiscuous mode [ 1106.199828][ T10] device veth0_vlan left promiscuous mode