last executing test programs: 6.326672775s ago: executing program 3 (id=2151): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x1c, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0x8, 0x8, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 6.307359027s ago: executing program 3 (id=2152): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000001ec0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018010000646c6c2500000000002007007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4) sendmsg$inet(r1, &(0x7f0000000480)={0x0, 0x75, 0x0}, 0x0) 6.274006999s ago: executing program 3 (id=2166): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) clock_getres(0x6, 0x0) 6.222347343s ago: executing program 3 (id=2156): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000040)=0x1) 6.169466758s ago: executing program 3 (id=2157): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) setreuid(0xffffffffffffffff, 0xee00) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) 6.098607883s ago: executing program 3 (id=2159): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[], 0x1c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@block_validity}, {@quota}]}, 0x3, 0x43e, &(0x7f0000000340)="$eJzs27tvHEUYAPBv9+yEvLAJ4ZEHYAgIi4cdOwFS0IBAogAJiSaUxnaikEuMYiORKIKAUChRJHpEicRfQAUNAiokWuhRpAilIVAd2rtd38N3ju2cvYH7/aTNzezOZea72bmb3fEGMLDGsn+SiN0R8VtEjDSy7QXGGi83b1ya/fvGpdkkarW3/kzq5f66cWm2KFq8b1eeGU8j0k+TONil3sULF8/MVKvz5/P85NLZ9yYXL1x89vTZmVPzp+bPTR8/fuzo1AvPTz/Xlzjvydp64MOFQ/tfe/vqG7Mnrr7z0zdJEX9HHH0yttrBJ2q1PldXrj0t6WSoxIawLpWIyLpruD7+R6ISzc4biVc/KbVxwKaq5XocvlwD/seSKLsFQDmKH/rs+rfYtm72Ub7rLzUugLK4b+Zb48hQpHmZ4Y7r234ai4gTl//5Mttic+5DAAC0+S6b/zzTbf6Xxv0t5e7O14ZG87WUvRFxb0Tsi4j7IuplH4iIB9dZf+ciycr5T3ptQ4GtUTb/ezFf22qf/xWzvxit5Lk99fiHk5Onq/NH8s9kPIa3Z/mpVer4/pVfP+91rHX+l21Z/cVcMG/HtaHt7e+Zm1mauZ2YW13/OOLAULf4k+WVgCQi9kfEgQ3Wcfqprw/1Onbr+FfRh3Wm2lcRTzb6/3J0xF9IVl+fnLwrqvNHJouzYqWff7nyZq/6byv+Psj6f2fX8385/tGkdb12cf11XPn9s57XNBMbOv+bO7blrx/MLC2dn4rYlrzeaHTr/unme4t8UT6Lf/xw9/G/N5qfxMGIyE7ihyLi4Yh4JO+7RyPisYg4vEr8P778+Lu9jt0J/T/X0f+j7UU6+r+Z2Bade7onKmd++Lb9f2wm1/b9d6yeGs/3rOX7by3t2tjZDAAAAP89aUTsjiSdWE6n6cRE42/498XOtLqwuPT0yYX3z801nhEYjeG0uNM10nI/dCq/rC/y0x35o/l94y8qO+r5idmF6lzZwcOA29Vj/Gf+qJTdOmDTeV4LBpfxD4PL+IfBZfzD4Ooy/neU0Q5g63X7/f+ohHYAW69j/Fv2gwHi+h8Gl/EPg6t1/CcltgPYUos74tYPyUtIrEhEekc0oz+JZJNHwe6yA1x/ouxvJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP74NwAA//+7Iehw") mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x201c1, 0x0) ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000180)) 2.395361455s ago: executing program 0 (id=2192): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) syz_clone(0x24001100, 0x0, 0x0, 0x0, 0x0, 0x0) 2.393449585s ago: executing program 2 (id=2194): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xb3}}, &(0x7f0000000480)='GPL\x00'}, 0x80) 2.347745419s ago: executing program 2 (id=2195): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) close(0x3) 2.337529839s ago: executing program 2 (id=2196): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000002240)=ANY=[@ANYBLOB="0700000000000000221001c0"]) 2.319444841s ago: executing program 0 (id=2197): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, &(0x7f0000000e00)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x8, {0x8, 0x8, "8200279ea983"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.225214979s ago: executing program 2 (id=2200): sendto$inet(0xffffffffffffffff, &(0x7f0000000180)="01", 0x1, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000300)) 2.21372932s ago: executing program 2 (id=2202): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d}) 1.499745868s ago: executing program 2 (id=2216): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) syz_usb_control_io(r0, &(0x7f0000000e00)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x8, {0x8, 0x8, "8200279ea983"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.245105828s ago: executing program 4 (id=2211): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x0, 0x2012, r0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f0000000000)={{&(0x7f000020f000/0x3000)=nil, 0x3000}}) 1.221380231s ago: executing program 4 (id=2214): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0x2) 1.197107433s ago: executing program 4 (id=2217): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r0}, 0x10) r1 = memfd_create(&(0x7f0000000540)='\xdd#\x00\xe6Z\x00\xafq%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\xf9\xff\xff\xff\x00\x17?$^\xe1Ob\xe1Y\x03\x00\x00\x00\x00\x00\x00\x00\xce\xe5\x19THP\xf4O\xe2\x9f\xd9\xae\xcf>/\xdc\xaa<\x96\xedE>{\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\xdc\n\xcbC\x15\xfcp\x11\xdai\f{\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9\x87\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T[\xb7\xa4\xb0\bk&\xede\x8b\xc2\xb2\xcd\xef\xcf\x0fE\xc5\x86]\xc0]}\xdd^\xf6&\x16>c\x9d\x9c\xc9\x01\x04\x00\x00\xe9h\xbd\x10p\x8f\x14\x1f2\"\x1b;\xfda\x19\x8bo^\x96\x9a~Q\xce\x95\x02\xb8e\xbbG\xb0V[\xfe\x80\x94$y\x8a\\@\xa9^\x95!IJ\xcf\xf7\xafoX/qG\x97ITp\x01\xae\f\"n;%\xecT\xf6\xb6\xbf;\xde\xec\xb4z\xaa\xd9%\xa5;wy~\xcb\x9a\xd7\r\xe2\xcd\xf0C\x16\xbf0\x89\xb4\xf5\x86\xf3\x99\x9bq\xd3\x15\xe1:\x86\xe4\x14\x805K\xcf\xf6\xda\xd1A>\xf4r>\xfdyAH\x0f\x00'/426, 0x0) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000180), 0x0, 0x0, 0x0) fgetxattr(r1, &(0x7f00000000c0)=@known='trusted.overlay.origin\x00', 0x0, 0x0) 323.592994ms ago: executing program 0 (id=2218): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r1, 0x28, 0x2, 0x0, &(0x7f0000000000)) 323.405534ms ago: executing program 4 (id=2219): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000190000000c00018008000100", @ANYRES32=r1], 0x20}}, 0x0) 311.599535ms ago: executing program 4 (id=2220): syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x304001a, &(0x7f00000010c0)=ANY=[@ANYRES8=0x0, @ANYRES16], 0xf, 0x2b2, &(0x7f0000000540)="$eJzs3UGLG2UYB/Bnkkl21EOCeFEEB/Tgael69bKrVBD3pERQDxpsC5KEQgsBVzDtqZ/Ao9/Dj+DZbyB4Fby1h5WRycw0E5pNa41Z2P5+p4d55//OO++7ZE958s2bs8mN20ncf/h7ZFkSneM4jkdJDKMTjXuRBgBwdTwqivireJ5k2tn9agCAfaj+/1cuey0AwH589sWXn5ycnl7/NM+zeH3wYD5KImL2IKnHT27FdzGNm3EtBnEeUTxW1R99fHo90rw0jHdmi/loPoqYfd1v8n9GLPNHMYjh5vxRXmnlF/NRL16OPE5u9ZqlDuK1zfn3WvluVPkY9ePdt1vrP4xB/PZt3I5p3Igyu8r/eJTnHxY/Pfzhq/IxZT7pxOhged9K0d3jsQAAAAAAAAAAAAAAAAAAAAAAcMUd5nlSte9Z9u8pL9X9d7rny/HDvDFc789T5Zs+QXV/oCLqFj2LIn5u+utcy/O8qG9c5dN4I/XDAgAAAAAAAAAAAAAAAAAAAFC6+/3ZZDyd3ryzk6LpBtB8rf955zluXXkrzibj7sUTHmx7Vrb2gu1uA+Vaty4j0jR2tC1PK14q17PzmQ9W7/55VEVzMP9+wt5FqV68+kE16dlknNdDzSZPxsnTnpU1B/dLe6gf/3UTiuWfxHmxfqbZ46Wup/o72vn+KxuH/i6K4tnmef+PSCO5V25deSVZtth4tqf36mLjC5ZF9uRZ/HrxhGsfE51W3d3dpw8AAAAAAAAAAAAAAAAAANC2+tLvhsH7W6Od/21RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBnq9//b4osItavPFEs6vC2e+qiH3fuXvIrAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AL4JwAA//9GlEpb") prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100), &(0x7f0000000000)='system_u:object_r:apt_var_lib_t:s0\x00', 0x62, 0x0) 283.573687ms ago: executing program 1 (id=2222): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2f}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x32}, 0x0, @in6=@loopback}}, 0xe8) sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x0) 237.438251ms ago: executing program 1 (id=2223): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000018000000f1000040"]) 236.913771ms ago: executing program 0 (id=2234): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000003000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) setgroups(0x0, 0x0) 145.324688ms ago: executing program 1 (id=2224): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYRESOCT], 0x4c) 143.677169ms ago: executing program 0 (id=2225): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002400)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) 131.369259ms ago: executing program 0 (id=2226): r0 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f00000007c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x3ff}}], {{0x9, 0x5, 0x82, 0x2, 0x400}}, {{0x9, 0x5, 0x3, 0x2, 0x40}}}}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write(r0, 0x82, 0x3f, &(0x7f0000000100)="0000e35a4a381ff7bca0b9fed718dfba26c76f76ab67858e9ad82fd895bfd415da8a26db3a70215dc8ae4f20c41331984d20dd0fe8676698b497110dab3a62") 122.37621ms ago: executing program 1 (id=2227): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0x4, 0x6, 0x8000000, 0x8000, 0x0, [{0x6, 0x9f, 0x2}, {0xd, 0x8, 0x6, '\x00', 0x3}, {0x4, 0x66, 0xe4, '\x00', 0xfd}, {0x2, 0x0, 0x6, '\x00', 0x6}, {0x2, 0x1, 0x9, '\x00', 0x80}, {0x8, 0x0, 0xe, '\x00', 0x7f}, {0x6, 0x67, 0x9, '\x00', 0xf}, {0x3, 0xb8, 0x3, '\x00', 0x9}, {0x6, 0x2, 0xff, '\x00', 0x9}, {0x7, 0x6, 0x0, '\x00', 0xcd}, {0x8, 0x3, 0x7, '\x00', 0x10}, {0x85, 0x4, 0x1, '\x00', 0x6}, {0x5, 0x3, 0x5, '\x00', 0x1}, {0x5, 0x5, 0xc, '\x00', 0x10}, {0x5, 0x0, 0xf5, '\x00', 0xa8}, {0x3, 0x5, 0xb, '\x00', 0x6}, {0x0, 0x75, 0x9}, {0x5, 0x5, 0xf}, {0x1, 0x4, 0x4, '\x00', 0x8}, {0x7f, 0x5, 0x0, '\x00', 0x93}, {0x40, 0x4, 0x98, '\x00', 0x1}, {0xff, 0xe, 0x9, '\x00', 0xe}, {0x2, 0x10, 0x0, '\x00', 0xe}, {0x1, 0x8, 0xe, '\x00', 0x7}]}}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000140)={0x1, 0x0, @pic={0x0, 0x7, 0x0, 0x1, 0x2}}) 14.301939ms ago: executing program 1 (id=2229): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000011100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001cc0)=@base={0xa, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 13.920139ms ago: executing program 4 (id=2240): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = io_uring_setup(0x55c3, &(0x7f0000000480)) close_range(r1, 0xffffffffffffffff, 0x0) listen(r0, 0x0) accept4$tipc(r0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=2230): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) syz_emit_ethernet(0xd86, &(0x7f0000001580)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "711e8f", 0xd50, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @dev}, {[], @time_exceed={0x9, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "bede78", 0x0, 0x0, 0x0, @dev, @loopback, [@srh={0x0, 0xe, 0x4, 0x7, 0x0, 0x0, 0x0, [@mcast1, @empty, @private2, @private1, @private1, @loopback, @local]}, @dstopts={0x0, 0x193, '\x00', [@generic={0x0, 0x5f, "f0edb1af7badf7491d2500721be4cce0542133657e2d12f0ae3e134727e49fe7c04867be7426e8cbefd47520beacbe5c36083a972cb3b73de48f661a252e0b0a5a236ddf29543f29a5e18fd1c7b54248c8b03dc91385c9160f3394ff0708c8"}, @hao={0xc9, 0x10, @private1}, @jumbo, @calipso={0x7, 0x28, {0x0, 0x8, 0x0, 0x0, [0x800, 0x0, 0x0, 0x4]}}, @jumbo, @calipso={0x7, 0x28, {0x2, 0x8, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}}, @generic={0x0, 0xbc4, "dc733e56d5e0dffc92fe381f7e59a85405fcac11efe328327ba77b61d75c9b4a52ba908550849d16616e3109da0b774f1cfbd53c86c37963124edfbf35f4657de4f594b9a53ae13df8d0201e34ed6f6014a5c86e11affdf1d097c9028235c908c9afcf1d25e7d44d72162f5befed065f67599646ce098e5841d399276fb729faabc579531cc60088d025423e0ef8be5d996fedea4cffa6a8a4b0a9b639d7d5a78a298e02b16fc9810df711c725ed6344fcfea4f3601bf17f3837eb8ca45b583b120308de1f53741e81031409b3c70566d7fb088acea835476c77a3e53992ab859305fe14c882dbd019526699fcbd3c4176bb5d3ea412eeede2fa2d381317f2b3e88c528cd6a17c4b864884bc21f1a3f432387ca5a0da91480929542322a6ae494f57b4e8670f2f59906b36251800c64a2b4620d42946eff9a184005cf36d538033f43f2d7c34810245e027e5c1107d0eb79a62122def8c195b4c72358f4450ccc7cc1a58da745c47dfa0bcd3ae125b119b0817a3b3cc54fdbeacd62b1df80694e67ebd8054bae0e47b3aff499e3ed9767eff1cb1ce6853a66a1270a12ffcaa6ed846673707710018c4887d8a0b5a0a3b25b73c7eb0f08211a9f197f9886d5522b922e66fe23590123ee5f548c2ac96f068c5bb45c3aeb98e43af0e1e64d635e58f2b3b322fb037070f21baebaee9d0759818cf1423fb17dad7221b4405848e1d49a7f575524e7699dcae9d820bf21d0a80f857b0fa3568eafc4d7f1b5510a3f82948914a25c38292a34ba7700e56e54455a5f649964a4c77d345a76990d751ef82df3500e947cb90235378183bc74b84f680b716925063e908e3cd5ad965865a81f5f037f30cec1f17946cf18e379855c873de0a3c03a7d7ef5b01932f4a5caecc2b8e672750e3b56bf0b6b13794472290bcbb4344cd1df3335afa343d04bbbe6c12b8c2ecafa54b778b31a48f9e5cbf14a0b579e60563d0b08d8b00c0d462d4eaf4d46265853df427d84d86e68ecdbc7c4f68b479718dd1e5d80d6500eca741b5e218d70cc33689b386ee1d172233ce547d158832d558dbb8b8d7f3c384905a9f261b8083ed7d24d2e9ea403269c98a1ced9b569044ceaed1c83b41de642e2f0e88d676036f54e9ed115633e35b777af432d360f25b0aef0a4631e003b9db784953b9becc711a65ca3adea326cd18c8aae01eda13d735ad8b518c8c2f2e7a3410490d8eb80e9bea318c9fee4b7c59b992fe9b91128555f6486bb78e983d81e8ad7d5b451a6c5c374225801a94f69488f4ed00b8ae174985396b4ca91f8a157b17cfea3778c5cf62d35b40bb44bb137358ce25e6b179c90198eac0c0e8df6b248b2ef990ed424c43706c613a121ce6fedc0198872eb983fca1fe036a7fec23b33b39d0bc6f5956090ce521aca3d9632540d294e740606aa19c24281d19c1910c15bcb51dfa32ee1c643543e24dcebfb611dca5cc7106fe26166ae272ae878c82ad025d7e8c21560c94c610feee745496f5c9ce9924bcfd9899fc30ba09184006a6306402102a621a10c432e0cad32f74911868ddbae34cf288e57fe428b4eb616fa05571288a71115c28d3977e4d38fa2c67f908c321f99737b1a8f5ffef7583022448c0549518f841f0dcc6e57d81d68da4c6f29066e4307dea8e11f1e5e517672aeee90079a76dd8b28488706a0e0cfccee67c87dbafd846a1b61920cb159569480618f29d99e09505db4ff78135349769393593951a3c9e72ff91846fcab32a6b69c0d8116feeec57b03affc60fb470f67d148a8c4c8a63071a5fb05f97d038f9948096e6ace12dcec8b7bc7680a5acca359b235d029eaaef3503b7b0a2aaabe63e0a51aefa26fe63f1c8017b4408d216b6d6ef19f33ce4a12c10ea95b60a780da1da5d5b46b11e871947dd3de79584bcb896d868051ad2e8b7f5645b2ece9bac99eccb37071fdc7225b14df13f074f0bf6e6b5f73842d9976ab2fbac7c468302defd77170ae6a98ee48b50766969b5d5843a1b5f84223f72d1df80c0f6ca2a47639264abccae6a5b8eb5de0aad90f7860501c0352732be643eb4b7ea9e1f55095c9f8a23c6e065e69002967a85a89304da189e4893e14c4d93738c7969e2b2f3af53a2efcc5d621e8c938719f7bfa12a2417d72296a85a3901cfc5144226835a2ef5d95aef20e5a3c25f1ac4d3ef9e5edf45fa60e844cbee8eb197289a0bd4a65a22de70a0730a0b2a481f9eae7fac436d6cc4d4ab9c2502ce70b5252f7f42a2d3253046220022064dd0e94dbbf6dc0df4e23bc8fde3d546a533086f49fc5139dab3c8c7856a5016ca05c3241140aa40790af2c95e1e89bee5d339d974ec09ac8982080c03cc09e996592750437210519c03b975afa4e2d949eda4907d109919d894647e7995e771529bb3af3588e293251d75b19e5493e93fb669ca6c1d304df72d8b3146835b92fcbd01f0e5ca874e121fc084bbfd920ddb8ff10bfd87ccdbc52eadb641d5d2291479f10d4ff78678e53fb986204947f02f7e796c305fea8f1324917f8f6f5bdec1713ad4203ef46ad6b5d1883235c19bbde32b30593c38a577d2e393417e4aa73d8632cc5c32750edceeb7f8ac3ee50a9daeb7ea52d8ea1504467e33c397f4d53dcd37c4d99f76bfb65db27dd086073c65fe2f811df4f0708e8bc9e7a92ab19efe61aa8814f6c786d5fd10cb652f5a851982b665cebd26e94bcab9edf05d827a87e64f7de24602c082799cfb49e86e35fa80eedd5abc7fb22cfa5f0027ce2bfc20262b8b2502cc52afb1fd6a994c7d9f67b7f6e27ed0347c7ff0557dd07ac7b89b8da8a8d1bb282734ad24c4741f1bc544f8697e3768cd664c8a37cb6a648c76982b065b75b25d5016e18e32d98048a309943ae7d87a3fe90b4aeb85348ba5d6a50e8927fd28e5ef90d359b8b24dd49992785cd8f47548510a61d89769971b519e535eb0d8ed4112bd151a77758dccde1acaff9caf0e2524617ede84560e5d729e24c7afaaf3030f2ddb6815dc1dd0f5a503e179eb5df9a4b58fb7a19db62ac99b7fc20270bc52cfb688ebb12c7519404f95894594e99c22a9b36db13f703b84cd392065e57a019455109f6589155f50eb3d0b7efc25e8d6e6b3bfbffb6befbb05e4ceaad437c9749467c25ce4fd14d02f29957488773ca605787882d4e96248a52adb08222911ae8771bab39c5a39ac8cd4671c95db67b1a93cb928917d09b11e6c49adf047b96a6906ffe76f4d3dd5643cbc846b0fcc35e57b6007c7c0f19b3fbd446f6fbb0d640781fb89dac774e58d0fd8f5452d75dd1d1c059f3c0de0d056936941a37cc45b71cae59495fca4f6e08f5e5c38a5c906416bcb5b4d47b7e0570cd74f9436870b641b04fece9eff8df11891f80f94821633bf5af78437fc9266dfd702b8e0c7d05a8718ead75e52e7adc6b01c3fa961c9a1991b2c2f761d56c68261e67709f7781061ac1af0257bd8328524733ecf9005dad44363fc7eeb9c1d2201e41d72e59e339830904602a854b93565ec9ec4a757005e4e6b87959b1232dab1aa6a4ffe11a31644deb22f6f7cca5b90aac548125d79405faa101ed5c093db514962989bea2a46370311ffb304320d49a36970fae564c80627b59b495efb8fc8e28637617ce6e2e5f95344605952359fc240a4378c545dffcb04a180107236b8aab06e54aa8a42e17abf58d324c9c012a0aa71e211e5a89650f821723d22e7ead40e96f6e0e7cf9da4dc95ebc07591f3b0c9d320925550a139897374a59c7a408e20f48413ea8d770d4558d18e0bc3b8cb780031d131331e8281f2aff03b0b77890a80bb1fdfbc1190bafb553721c61f11f59c2e59f6eee602294d9819fdfa35cf6641dfbee142e92081cd73909fff9bed4217179a2eeb3acd4671cc43d47c38d6a9f0935ee0ec0f7be1a1d5eba8bc1f45940672a7c511c7834eedb33cb6ebc07525c6dc686d18a5e8bf706ec0fd9f594e6e4b6e829dea06336e00bbb9e800b81dda33e58f4d2625ea24ca6c798791045059c2de67f45f65bae3b68c05832d3dc1ec5252befe0e109b263d4e0ce4da524d85171ffee6436b72f8c909f290126d02e864dc4b17e490069d36f6d77adf6b56e3dbccdb5b48d66465cd302a7db901636bd737271350d97b00fe5902b5746f85bb96d1a130f02cb41a2529282274045c473d5ba29c17c7b47e26e990809a67b02ed386fc8aaa185ed871dcac43f915b3477da89274fbedb4a128db89328ff24464e857127d3c"}]}]}}}}}}}, 0x0) kernel console output (not intermixed with test programs): (loop3): Filesystem has been set read-only [ 92.065268][ T4038] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1050) [ 92.085375][ T4050] loop1: detected capacity change from 0 to 8192 [ 92.098592][ T4038] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1050) [ 92.108173][ T4050] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 92.132351][ T4050] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 92.148370][ T4050] FAT-fs (loop1): Filesystem has been set read-only [ 92.154828][ T4050] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 92.190261][ T4050] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1046) [ 92.199177][ T3529] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1050) [ 92.212120][ T4054] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 92.333877][ T4073] loop3: detected capacity change from 0 to 128 [ 92.359855][ T4073] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038 (0x7fffffff) [ 92.449373][ T4084] loop4: detected capacity change from 0 to 128 [ 92.681385][ T4068] loop1: detected capacity change from 0 to 40427 [ 92.711471][ T4068] F2FS-fs (loop1): invalid crc value [ 92.732230][ T4068] F2FS-fs (loop1): Found nat_bits in checkpoint [ 92.777256][ T4077] loop0: detected capacity change from 0 to 40427 [ 92.805976][ T4092] loop4: detected capacity change from 0 to 512 [ 92.821110][ T4077] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 92.823694][ T4086] loop3: detected capacity change from 0 to 40427 [ 92.828907][ T4092] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 92.835793][ T4077] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 92.855916][ T4086] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 92.863134][ T4086] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 92.871980][ T4068] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 92.880556][ T4086] F2FS-fs (loop3): invalid crc value [ 92.895804][ T4092] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 92.904515][ T4077] F2FS-fs (loop0): Found nat_bits in checkpoint [ 92.910951][ T4086] F2FS-fs (loop3): Found nat_bits in checkpoint [ 92.910984][ T4092] System zones: 1-12 [ 92.935797][ T4092] EXT4-fs (loop4): 1 truncate cleaned up [ 92.948398][ T4077] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 92.971661][ T4077] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 92.983507][ T4077] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 92.985471][ T1507] syz-executor: attempt to access beyond end of device [ 92.985471][ T1507] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 93.012579][ T4077] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=10, npages=16 [ 93.042987][ T4077] syz.0.1550: attempt to access beyond end of device [ 93.042987][ T4077] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 93.064740][ T4086] F2FS-fs (loop3): Start checkpoint disabled! [ 93.099033][ T4086] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 93.105899][ T4086] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 93.154194][ T4086] syz.3.1544: attempt to access beyond end of device [ 93.154194][ T4086] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 93.232207][ T4111] loop1: detected capacity change from 0 to 512 [ 93.238884][ T692] kworker/u4:5: attempt to access beyond end of device [ 93.238884][ T692] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 93.253239][ T4111] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 93.281272][ T4111] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 93.308629][ T4111] EXT4-fs (loop1): 1 truncate cleaned up [ 93.339457][ T4114] loop3: detected capacity change from 0 to 256 [ 93.345793][ T4114] exfat: Deprecated parameter 'utf8' [ 93.351955][ T4114] exfat: Deprecated parameter 'namecase' [ 93.363897][ T4114] exfat: Deprecated parameter 'utf8' [ 93.375283][ T4114] exfat: Deprecated parameter 'namecase' [ 93.382722][ T4114] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 93.418413][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 93.608396][ T314] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 93.828500][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.839375][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.848931][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.861507][ T24] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 93.870537][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.879064][ T24] usb 5-1: config 0 descriptor?? [ 93.968409][ T314] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 93.976326][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.987343][ T314] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 94.000165][ T314] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 94.009137][ T314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.028517][ T314] usb 1-1: config 0 descriptor?? [ 94.359237][ T24] prodikeys 0003:041E:2801.0030: unexpected long global item [ 94.366604][ T24] prodikeys 0003:041E:2801.0030: hid parse failed [ 94.373084][ T24] prodikeys: probe of 0003:041E:2801.0030 failed with error -22 [ 94.509246][ T314] plantronics 0003:047F:FFFF.0031: unknown main item tag 0xd [ 94.517890][ T314] plantronics 0003:047F:FFFF.0031: No inputs registered, leaving [ 94.539006][ T314] plantronics 0003:047F:FFFF.0031: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 94.569322][ T314] usb 5-1: USB disconnect, device number 20 [ 94.788822][ T314] usb 1-1: USB disconnect, device number 16 [ 95.082788][ T4135] loop3: detected capacity change from 0 to 131072 [ 95.093689][ T4135] F2FS-fs (loop3): Test dummy encryption mode enabled [ 95.119582][ T4135] F2FS-fs (loop3): invalid crc value [ 95.169226][ T4135] F2FS-fs (loop3): Found nat_bits in checkpoint [ 95.278434][ T4135] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 95.420440][ T4173] loop0: detected capacity change from 0 to 2048 [ 95.479211][ T4173] EXT4-fs mount: 33 callbacks suppressed [ 95.479229][ T4173] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 95.540830][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 95.557534][ T4161] loop1: detected capacity change from 0 to 40427 [ 95.599280][ T4161] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 95.610348][ T4161] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 95.649221][ T4161] F2FS-fs (loop1): Found nat_bits in checkpoint [ 95.721762][ T4208] loop0: detected capacity change from 0 to 512 [ 95.729193][ T4161] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 95.736055][ T4161] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 95.749174][ T4208] EXT4-fs (loop0): orphan cleanup on readonly fs [ 95.755739][ T4208] EXT4-fs error (device loop0): ext4_find_extent:936: inode #4: comm syz.0.1600: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0) [ 95.773050][ T4208] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=-117 [ 95.783252][ T4208] EXT4-fs warning (device loop0): ext4_enable_quotas:6999: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 95.798024][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.798044][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.806025][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.813726][ T4208] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 95.827872][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.827887][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.835515][ T4208] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 95.851965][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.851980][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 95.898481][ T6] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 95.914070][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 95.973786][ T4214] loop1: detected capacity change from 0 to 512 [ 95.980834][ T4214] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 95.989685][ T4214] EXT4-fs (loop1): invalid journal inode [ 95.995158][ T4214] EXT4-fs (loop1): can't get journal size [ 96.001016][ T314] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 96.009832][ T4214] EXT4-fs (loop1): 1 truncate cleaned up [ 96.015327][ T4214] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 96.032421][ T1507] EXT4-fs (loop1): unmounting filesystem. [ 96.109504][ T4222] loop1: detected capacity change from 0 to 128 [ 96.116179][ T4222] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 96.248430][ T314] usb 4-1: Using ep0 maxpacket: 16 [ 96.278437][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.289334][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.299112][ T311] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 96.306679][ T6] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 96.315761][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.333935][ T6] usb 5-1: config 0 descriptor?? [ 96.368437][ T314] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.379879][ T314] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.389697][ T314] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 96.398679][ T314] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.416804][ T314] usb 4-1: config 0 descriptor?? [ 96.438402][ T1173] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 96.658459][ T311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.670306][ T311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.680187][ T311] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 96.693008][ T311] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 96.702006][ T311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.718559][ T311] usb 1-1: config 0 descriptor?? [ 96.820114][ T6] hid-steam 0003:28DE:1142.0032: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.4-1/input0 [ 96.838457][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.849222][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.858897][ T1173] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 96.867806][ T1173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.876298][ T1173] usb 2-1: config 0 descriptor?? [ 96.899866][ T314] hid-multitouch 0003:1FD2:6007.0033: hidraw1: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 97.022240][ T314] usb 5-1: USB disconnect, device number 21 [ 97.102164][ T6] usb 4-1: USB disconnect, device number 16 [ 97.199234][ T311] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 97.206517][ T311] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 97.214153][ T311] plantronics 0003:047F:FFFF.0034: No inputs registered, leaving [ 97.222773][ T311] plantronics 0003:047F:FFFF.0034: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 97.369174][ T1173] cp2112 0003:10C4:EA90.0035: item fetching failed at offset 5/7 [ 97.376962][ T1173] cp2112 0003:10C4:EA90.0035: parse failed [ 97.382961][ T1173] cp2112: probe of 0003:10C4:EA90.0035 failed with error -22 [ 97.469184][ T1173] usb 1-1: USB disconnect, device number 17 [ 97.580382][ T1682] usb 2-1: USB disconnect, device number 20 [ 97.642091][ T4238] loop4: detected capacity change from 0 to 2048 [ 97.699471][ T4242] loop4: detected capacity change from 0 to 2048 [ 97.719862][ T4242] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 97.728274][ T4242] ext4 filesystem being mounted at /241/file0 supports timestamps until 2038 (0x7fffffff) [ 97.746325][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 97.999298][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.006708][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.014487][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.021855][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.029173][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.036396][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.043681][ T6] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 98.051168][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.058432][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.065761][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.073281][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.080720][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.087917][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.097511][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.105539][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.113261][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.120859][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.128105][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.135465][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.142839][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.153887][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.161273][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.169472][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.176673][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.184186][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.191609][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.199016][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.206223][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.213598][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.220921][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.228160][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.235462][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.242893][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.250202][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.257624][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.264962][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.272441][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.279749][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.286982][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.294701][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.302022][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 98.307035][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.314412][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.321786][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.329132][ T311] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0 [ 98.336800][ T311] hid-generic 0000:0000:0000.0036: hidraw0: HID v0.00 Device [syz0] on syz0 [ 98.418461][ T6] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.429250][ T6] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 98.438920][ T6] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 98.451950][ T6] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 98.460952][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.488468][ T4253] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 98.508751][ T6] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 98.618407][ T311] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 98.738287][ T6] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 98.744986][ T6] usb 5-1: USB disconnect, device number 22 [ 98.858494][ T311] usb 2-1: Using ep0 maxpacket: 8 [ 98.978420][ T311] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 98.989133][ T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.000062][ T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.009725][ T311] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 99.022706][ T311] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 99.031685][ T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.048553][ T311] usb 2-1: config 0 descriptor?? [ 99.297774][ T4275] netlink: 'syz.4.1616': attribute type 4 has an invalid length. [ 99.529258][ T311] hid-thrustmaster 0003:044F:B65D.0037: item fetching failed at offset 3/7 [ 99.539880][ T4285] loop0: detected capacity change from 0 to 40427 [ 99.546668][ T311] hid-thrustmaster 0003:044F:B65D.0037: parse failed with error -22 [ 99.554988][ T4285] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 99.561896][ T311] hid-thrustmaster: probe of 0003:044F:B65D.0037 failed with error -22 [ 99.570229][ T4285] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 99.579771][ T4285] F2FS-fs (loop0): invalid crc value [ 99.586024][ T4285] F2FS-fs (loop0): Found nat_bits in checkpoint [ 99.588511][ T6] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 99.624650][ T4285] F2FS-fs (loop0): Start checkpoint disabled! [ 99.631480][ T4285] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 99.638330][ T4285] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 99.714329][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.714329][ T4289] loop0: rw=2049, sector=53248, nr_sectors = 2240 limit=40427 [ 99.738481][ T1682] usb 2-1: USB disconnect, device number 21 [ 99.748918][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.748918][ T4289] loop0: rw=2049, sector=55488, nr_sectors = 1856 limit=40427 [ 99.770518][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.770518][ T4289] loop0: rw=2049, sector=49152, nr_sectors = 2112 limit=40427 [ 99.799116][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.799116][ T4289] loop0: rw=2049, sector=51264, nr_sectors = 1984 limit=40427 [ 99.813899][ T3129] EXT4-fs (loop2): unmounting filesystem. [ 99.848859][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 99.861819][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.861819][ T4289] loop0: rw=2049, sector=57344, nr_sectors = 2144 limit=40427 [ 99.895836][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.895836][ T4289] loop0: rw=2049, sector=59488, nr_sectors = 2056 limit=40427 [ 99.914922][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.914922][ T4289] loop0: rw=2049, sector=61544, nr_sectors = 2104 limit=40427 [ 99.933062][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.934116][ T4289] syz.0.1621: attempt to access beyond end of device [ 99.934116][ T4289] loop0: rw=2049, sector=63648, nr_sectors = 1768 limit=40427 [ 99.940225][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.961275][ T4291] device bridge_slave_0 entered promiscuous mode [ 99.968131][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.975250][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.987775][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.994717][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.996079][ T476] kworker/u4:4: attempt to access beyond end of device [ 99.996079][ T476] loop0: rw=1, sector=65416, nr_sectors = 4216 limit=40427 [ 100.004373][ T6] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 100.018523][ T4291] device bridge_slave_1 entered promiscuous mode [ 100.026896][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.034595][ T476] kworker/u4:4: attempt to access beyond end of device [ 100.034595][ T476] loop0: rw=1, sector=69632, nr_sectors = 8 limit=40427 [ 100.042285][ T6] usb 5-1: config 0 descriptor?? [ 100.116752][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.123647][ T4291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.130724][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.137490][ T4291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.169658][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.177207][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.185346][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.192762][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.212456][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.220718][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.227537][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.235064][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.243004][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.249838][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.257005][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.269932][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.277548][ T962] Bluetooth: hci0: sending frame failed (-49) [ 100.283470][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 100.284824][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 100.305160][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 100.312917][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 100.320474][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 100.328220][ T4291] device veth0_vlan entered promiscuous mode [ 100.340201][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 100.349724][ T4291] device veth1_macvtap entered promiscuous mode [ 100.359994][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 100.372845][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 100.427215][ T4313] loop0: detected capacity change from 0 to 512 [ 100.437130][ T4313] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz.0.1640: inline data xattr refers to an external xattr inode [ 100.452350][ T4313] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.1640: couldn't read orphan inode 12 (err -117) [ 100.465134][ T4313] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 100.477197][ T4313] EXT4-fs error (device loop0): __ext4_expand_extra_isize:5890: inode #18: comm syz.0.1640: bad extra_isize 10 (inode size 256) [ 100.496089][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 100.530051][ T6] hid-multitouch 0003:1FD2:6007.0038: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 100.577024][ T4314] loop2: detected capacity change from 0 to 40427 [ 100.584002][ T4314] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 100.591542][ T4314] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 100.600194][ T4314] F2FS-fs (loop2): invalid crc value [ 100.606440][ T4314] F2FS-fs (loop2): Found nat_bits in checkpoint [ 100.631746][ T4314] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 100.638708][ T4314] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 100.669238][ T692] device bridge_slave_1 left promiscuous mode [ 100.675202][ T692] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.683111][ T692] device bridge_slave_0 left promiscuous mode [ 100.689220][ T692] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.697096][ T692] device veth1_macvtap left promiscuous mode [ 100.703460][ T692] device veth0_vlan left promiscuous mode [ 100.758670][ T24] usb 5-1: USB disconnect, device number 23 [ 101.558449][ T6] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 101.648476][ T311] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 101.668458][ T314] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 101.918442][ T6] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 101.929250][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.939946][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.949567][ T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 102.008545][ T311] usb 5-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a [ 102.017429][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.025734][ T311] usb 5-1: config 0 descriptor?? [ 102.030556][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.041227][ T6] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 102.050079][ T6] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 102.057898][ T6] usb 1-1: Manufacturer: syz [ 102.062358][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.071928][ T314] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 102.084789][ T314] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 102.093864][ T6] usb 1-1: config 0 descriptor?? [ 102.098820][ T311] usb-storage 5-1:0.0: USB Mass Storage device detected [ 102.105818][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.114919][ T314] usb 3-1: config 0 descriptor?? [ 102.297615][ T311] usb 5-1: USB disconnect, device number 24 [ 102.408593][ T962] Bluetooth: hci0: command 0x1003 tx timeout [ 102.408593][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 102.579177][ T6] appleir 0003:05AC:8243.0039: unknown main item tag 0x0 [ 102.586253][ T6] appleir 0003:05AC:8243.0039: No inputs registered, leaving [ 102.594244][ T6] appleir 0003:05AC:8243.0039: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 102.605744][ T314] prodikeys 0003:041E:2801.003A: unexpected long global item [ 102.613599][ T314] prodikeys 0003:041E:2801.003A: hid parse failed [ 102.619900][ T314] prodikeys: probe of 0003:041E:2801.003A failed with error -22 [ 102.809244][ T24] usb 3-1: USB disconnect, device number 21 [ 102.859255][ T314] usb 1-1: USB disconnect, device number 18 [ 103.208468][ T1173] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 103.393972][ T4406] loop0: detected capacity change from 0 to 128 [ 103.401650][ T4406] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 103.410206][ T4406] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038 (0x7fffffff) [ 103.426507][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 103.443846][ T4412] loop0: detected capacity change from 0 to 128 [ 103.568503][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 103.579562][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 103.590812][ T1173] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 103.598397][ T314] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 103.603585][ T1173] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 103.619856][ T1173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.627985][ T1173] usb 2-1: config 0 descriptor?? [ 103.648471][ T4392] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 103.728438][ T6] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 103.878424][ T314] usb 3-1: Using ep0 maxpacket: 16 [ 103.998530][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.009287][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.018881][ T314] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 104.027719][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.036058][ T314] usb 3-1: config 0 descriptor?? [ 104.098472][ T6] usb 1-1: config 0 has an invalid interface number: 32 but max is 0 [ 104.106362][ T6] usb 1-1: config 0 has no interface number 0 [ 104.109324][ T1173] plantronics 0003:047F:FFFF.003B: No inputs registered, leaving [ 104.112477][ T6] usb 1-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.121419][ T1173] plantronics 0003:047F:FFFF.003B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 104.130843][ T6] usb 1-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.152410][ T6] usb 1-1: New USB device found, idVendor=056a, idProduct=00fa, bcdDevice= 0.00 [ 104.161254][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.169536][ T6] usb 1-1: config 0 descriptor?? [ 104.398957][ T2649] usb 2-1: USB disconnect, device number 22 [ 104.499515][ T314] hid-multitouch 0003:1FD2:6007.003C: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 104.639242][ T6] wacom 0003:056A:00FA.003D: item fetching failed at offset 0/1 [ 104.646820][ T6] wacom 0003:056A:00FA.003D: parse failed [ 104.652292][ T6] wacom: probe of 0003:056A:00FA.003D failed with error -22 [ 104.718669][ T6] usb 3-1: USB disconnect, device number 22 [ 104.856428][ T314] usb 1-1: USB disconnect, device number 19 [ 104.954595][ T4437] loop4: detected capacity change from 0 to 2048 [ 104.970452][ T4437] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 104.986925][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 105.083443][ T4452] loop1: detected capacity change from 0 to 512 [ 105.169679][ T4460] loop4: detected capacity change from 0 to 256 [ 105.221188][ T4471] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 105.243939][ T4473] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 105.349216][ T4493] tmpfs: Unknown parameter 's' [ 105.371250][ T4495] loop4: detected capacity change from 0 to 512 [ 105.381062][ T4495] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 105.389895][ T4495] ext4 filesystem being mounted at /278/file0 supports timestamps until 2038 (0x7fffffff) [ 105.407732][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 105.484015][ T4491] loop1: detected capacity change from 0 to 40427 [ 105.490740][ T4491] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 105.498260][ T4491] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 105.507383][ T4491] F2FS-fs (loop1): invalid crc value [ 105.513835][ T4491] F2FS-fs (loop1): Found nat_bits in checkpoint [ 105.537817][ T4491] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 105.544775][ T4491] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 105.566635][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.566657][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.574342][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.581802][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.589254][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.596552][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.604019][ T314] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 105.605154][ T1507] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 105.728406][ T6] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 105.919522][ T692] tipc: Disabling bearer [ 105.924778][ T692] tipc: Left network mode [ 106.008445][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.019232][ T314] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 106.032017][ T314] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 106.041600][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.049936][ T314] usb 3-1: config 0 descriptor?? [ 106.148431][ T6] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 106.158388][ T6] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 106.238626][ T6] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 106.247647][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 106.255851][ T6] usb 1-1: SerialNumber: syz [ 106.331448][ T4517] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.338291][ T4517] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.345661][ T4517] device bridge_slave_0 entered promiscuous mode [ 106.353907][ T4517] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.360794][ T4517] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.367912][ T4517] device bridge_slave_1 entered promiscuous mode [ 106.406779][ T4517] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.413649][ T4517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.431343][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.439598][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 106.446736][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.454493][ T692] device bridge_slave_1 left promiscuous mode [ 106.460505][ T692] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.467713][ T692] device bridge_slave_0 left promiscuous mode [ 106.473911][ T692] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.481576][ T692] device veth1_macvtap left promiscuous mode [ 106.487377][ T692] device veth0_vlan left promiscuous mode [ 106.509131][ T6] usb 1-1: 0:2 : does not exist [ 106.529064][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.536299][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.543605][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.550857][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.558025][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.577371][ T4517] device veth0_vlan entered promiscuous mode [ 106.583238][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.590878][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.591009][ T4517] device veth1_macvtap entered promiscuous mode [ 106.598082][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.598104][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.618716][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.625886][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.633836][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.641110][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.648257][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.655520][ T314] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 106.662890][ T314] plantronics 0003:047F:FFFF.003E: No inputs registered, leaving [ 106.676598][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.686476][ T314] plantronics 0003:047F:FFFF.003E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 106.698990][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 106.707182][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 106.716467][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 106.725308][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 106.732624][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.740090][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 106.748094][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 106.756225][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.764173][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.771015][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.778167][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.786169][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.793004][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.800206][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.807915][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.818724][ T295] usb 3-1: USB disconnect, device number 23 [ 106.926392][ T1173] usb 1-1: USB disconnect, device number 20 [ 107.456383][ T4532] loop4: detected capacity change from 0 to 40427 [ 107.463105][ T4532] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 107.470732][ T4532] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 107.480745][ T4532] F2FS-fs (loop4): Found nat_bits in checkpoint [ 107.505183][ T4532] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 107.515574][ T4532] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 107.548895][ T4551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1732'. [ 107.558058][ T4551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1732'. [ 107.578629][ T4553] netlink: 'syz.0.1720': attribute type 10 has an invalid length. [ 107.694290][ T4549] loop2: detected capacity change from 0 to 40427 [ 107.700949][ T4549] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 107.708508][ T4549] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 107.718085][ T4549] F2FS-fs (loop2): Found nat_bits in checkpoint [ 107.741755][ T4549] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 107.748697][ T4549] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 107.883171][ T4567] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.890133][ T1173] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 107.897483][ T4567] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.904400][ T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 107.904927][ T4567] device bridge_slave_0 entered promiscuous mode [ 107.918381][ T19] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 107.919390][ T4567] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.932727][ T4567] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.940216][ T4567] device bridge_slave_1 entered promiscuous mode [ 107.985089][ T4567] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.992061][ T4567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.999154][ T4567] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.005913][ T4567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.026395][ T2649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 108.034208][ T2649] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.041604][ T2649] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.050393][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 108.058833][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.065676][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.081479][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 108.089713][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.096539][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.103791][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.111613][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.123871][ T2649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 108.134348][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 108.142415][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 108.148477][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 108.150065][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 108.164038][ T4567] device veth0_vlan entered promiscuous mode [ 108.174230][ T2649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 108.183268][ T4567] device veth1_macvtap entered promiscuous mode [ 108.196859][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 108.205278][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 108.244763][ T28] audit: type=1326 audit(1724231735.174:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.268568][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.279767][ T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.290728][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.300562][ T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 108.310409][ T1173] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 108.319418][ T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 108.329046][ T1173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.332648][ T28] audit: type=1326 audit(1724231735.174:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.336947][ T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 166 [ 108.361457][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.370102][ T1173] usb 2-1: config 0 descriptor?? [ 108.385060][ T24] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 108.398038][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.400245][ T28] audit: type=1326 audit(1724231735.174:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.430767][ T19] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 108.430794][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.448777][ T19] usb 5-1: config 0 descriptor?? [ 108.454535][ T28] audit: type=1326 audit(1724231735.174:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.478163][ T28] audit: type=1326 audit(1724231735.204:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.501723][ T28] audit: type=1326 audit(1724231735.204:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.502178][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 108.534312][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 108.537472][ T28] audit: type=1326 audit(1724231735.204:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.567920][ T24] usb 1-1: SerialNumber: syz [ 108.572962][ T4587] loop3: detected capacity change from 0 to 128 [ 108.588594][ T4559] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 108.589219][ T28] audit: type=1326 audit(1724231735.204:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.619231][ T24] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 108.623332][ T4589] loop2: detected capacity change from 0 to 1024 [ 108.627086][ T24] cdc_acm: probe of 1-1:1.0 failed with error -12 [ 108.633939][ T4589] EXT4-fs: Ignoring removed orlov option [ 108.644726][ T28] audit: type=1326 audit(1724231735.204:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.645298][ T4589] EXT4-fs: Ignoring removed nomblk_io_submit option [ 108.668803][ T28] audit: type=1326 audit(1724231735.204:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4575 comm="syz.2.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d3179e79 code=0x7ffc0000 [ 108.676608][ T4589] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 108.706459][ T4589] System zones: 0-1, 3-36 [ 108.711966][ T4589] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 108.729460][ T692] device bridge_slave_1 left promiscuous mode [ 108.735496][ T692] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.743170][ T692] device bridge_slave_0 left promiscuous mode [ 108.744226][ T4291] EXT4-fs (loop2): unmounting filesystem. [ 108.749423][ T692] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.759751][ T4593] syz.3.1747[4593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.761600][ T4593] syz.3.1747[4593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.774071][ T692] device veth1_macvtap left promiscuous mode [ 108.792637][ T692] device veth0_vlan left promiscuous mode [ 108.873741][ T39] usb 1-1: USB disconnect, device number 21 [ 108.909226][ T1173] uclogic 0003:5543:0781.003F: item fetching failed at offset 5/7 [ 108.916987][ T1173] uclogic 0003:5543:0781.003F: parse failed [ 108.922929][ T1173] uclogic: probe of 0003:5543:0781.003F failed with error -22 [ 109.021414][ T4618] loop2: detected capacity change from 0 to 256 [ 109.027788][ T4618] exfat: Deprecated parameter 'namecase' [ 109.033542][ T19] usbhid 5-1:0.0: can't add hid device: -71 [ 109.033674][ T4618] exfat: Deprecated parameter 'namecase' [ 109.039440][ T19] usbhid: probe of 5-1:0.0 failed with error -71 [ 109.047098][ T4618] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 109.052628][ T19] usb 5-1: USB disconnect, device number 25 [ 109.123929][ T39] usb 2-1: USB disconnect, device number 23 [ 109.128000][ T4622] loop3: detected capacity change from 0 to 2048 [ 109.149731][ T4622] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 109.158116][ T4622] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038 (0x7fffffff) [ 109.175856][ T4567] EXT4-fs (loop3): unmounting filesystem. [ 109.178677][ T4633] loop2: detected capacity change from 0 to 512 [ 109.189828][ T4633] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 109.197938][ T4633] EXT4-fs (loop2): orphan cleanup on readonly fs [ 109.204735][ T4633] EXT4-fs warning (device loop2): ext4_enable_quotas:6999: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 109.219316][ T4633] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 109.225968][ T4633] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz.2.1752: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 109.243983][ T4633] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.1752: couldn't read orphan inode 13 (err -117) [ 109.255877][ T4633] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 109.269412][ T4291] EXT4-fs (loop2): unmounting filesystem. [ 109.374919][ T4638] loop2: detected capacity change from 0 to 40427 [ 109.381911][ T4638] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 109.398390][ T4638] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 109.412066][ T4638] F2FS-fs (loop2): Found nat_bits in checkpoint [ 109.451095][ T4638] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 109.457959][ T4638] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 109.461181][ T4652] loop0: detected capacity change from 0 to 2048 [ 109.471852][ T4652] EXT4-fs: Ignoring removed bh option [ 109.477049][ T4652] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.489707][ T4652] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 109.494339][ T692] bio_check_eod: 1515 callbacks suppressed [ 109.494352][ T692] kworker/u4:5: attempt to access beyond end of device [ 109.494352][ T692] loop2: rw=1, sector=45096, nr_sectors = 16 limit=40427 [ 109.501262][ T4652] EXT4-fs (loop0): shut down requested (0) [ 109.527132][ T4652] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 109.537862][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 109.578463][ T4663] loop0: detected capacity change from 0 to 256 [ 109.586758][ T4663] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 109.630466][ T4673] loop0: detected capacity change from 0 to 2048 [ 109.639666][ T4673] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 109.655379][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 109.699110][ T19] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 109.725462][ T4689] loop2: detected capacity change from 0 to 128 [ 109.732048][ T4689] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 109.747106][ T4689] syz.2.1775: attempt to access beyond end of device [ 109.747106][ T4689] loop2: rw=3, sector=6950, nr_sectors = 2 limit=128 [ 109.760399][ T4689] syz.2.1775: attempt to access beyond end of device [ 109.760399][ T4689] loop2: rw=2051, sector=6952, nr_sectors = 942 limit=128 [ 109.782206][ T4689] FAT-fs (loop2): FAT read failed (blocknr 128) [ 109.938398][ T19] usb 4-1: Using ep0 maxpacket: 32 [ 109.948491][ T314] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 110.058639][ T19] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 110.067191][ T19] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 110.076060][ T19] usb 4-1: config 1 has no interface number 1 [ 110.081991][ T19] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 110.094760][ T19] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 110.198409][ T314] usb 1-1: Using ep0 maxpacket: 16 [ 110.308504][ T19] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 110.317438][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.325239][ T19] usb 4-1: Product: syz [ 110.329258][ T19] usb 4-1: Manufacturer: syz [ 110.333596][ T19] usb 4-1: SerialNumber: syz [ 110.348459][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.359287][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.368904][ T314] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 110.384386][ T314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.398240][ T314] usb 1-1: config 0 descriptor?? [ 110.506359][ T4723] device vlan2 entered promiscuous mode [ 110.569581][ T4727] loop1: detected capacity change from 0 to 128 [ 110.577069][ T4727] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 110.585562][ T4727] ext4 filesystem being mounted at /8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 110.622161][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 110.668581][ T19] usb 4-1: 2:1 : invalid channels 0 [ 110.689570][ T19] usb 4-1: USB disconnect, device number 17 [ 110.758436][ T24] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 110.869031][ T314] cp2112 0003:10C4:EA90.0040: unexpected long global item [ 110.876086][ T314] cp2112 0003:10C4:EA90.0040: parse failed [ 110.881647][ T314] cp2112: probe of 0003:10C4:EA90.0040 failed with error -22 [ 111.071462][ T314] usb 1-1: USB disconnect, device number 22 [ 111.118766][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.128728][ T24] usb 3-1: config 0 has no interfaces? [ 111.133947][ T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice= 0.00 [ 111.142871][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.151007][ T24] usb 3-1: config 0 descriptor?? [ 111.244667][ T4744] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1808'. [ 111.275086][ T4754] syz.4.1802[4754] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.275133][ T4754] syz.4.1802[4754] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.337642][ T4764] loop1: detected capacity change from 0 to 256 [ 111.356282][ T4762] loop3: detected capacity change from 0 to 128 [ 111.358854][ T4764] FAT-fs (loop1): Directory bread(block 64) failed [ 111.369794][ T4764] FAT-fs (loop1): Directory bread(block 65) failed [ 111.377665][ T4764] FAT-fs (loop1): Directory bread(block 66) failed [ 111.384273][ T4764] FAT-fs (loop1): Directory bread(block 67) failed [ 111.395171][ T4764] FAT-fs (loop1): Directory bread(block 68) failed [ 111.407911][ T4764] FAT-fs (loop1): Directory bread(block 69) failed [ 111.414536][ T4764] FAT-fs (loop1): Directory bread(block 70) failed [ 111.422046][ T4764] FAT-fs (loop1): Directory bread(block 71) failed [ 111.428523][ T4764] FAT-fs (loop1): Directory bread(block 72) failed [ 111.435661][ T4764] FAT-fs (loop1): Directory bread(block 73) failed [ 111.445005][ T4775] loop4: detected capacity change from 0 to 256 [ 111.451543][ T4775] exfat: Deprecated parameter 'utf8' [ 111.456906][ T4775] exfat: Deprecated parameter 'namecase' [ 111.462612][ T4775] exfat: Deprecated parameter 'namecase' [ 111.468133][ T4775] exfat: Deprecated parameter 'namecase' [ 111.475644][ T4775] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 111.488594][ T24] usb 3-1: USB disconnect, device number 24 [ 111.958427][ T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 112.038418][ T39] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 112.278537][ T39] usb 2-1: Using ep0 maxpacket: 8 [ 112.318493][ T24] usb 1-1: config 0 has no interfaces? [ 112.398560][ T39] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 112.488579][ T24] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 112.497460][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.505380][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 112.514269][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 112.522170][ T24] usb 1-1: Product: syz [ 112.526117][ T24] usb 1-1: Manufacturer: syz [ 112.530584][ T39] usb 2-1: SerialNumber: syz [ 112.535169][ T24] usb 1-1: SerialNumber: syz [ 112.540125][ T24] r8152-cfgselector 1-1: config 0 descriptor?? [ 112.578757][ T39] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 112.788573][ T692] usb 1-1: config 0 descriptor?? [ 112.981343][ T4792] raw-gadget.1 gadget.1: fail, usb_ep_set_halt returned -11 [ 112.989098][ T314] usb 2-1: USB disconnect, device number 24 [ 112.995050][ T39] usb 1-1: USB disconnect, device number 23 [ 113.008490][ T692] usb 1-1: can't set config #0, error -71 [ 113.597406][ T4823] loop1: detected capacity change from 0 to 256 [ 113.606385][ T4823] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 113.618727][ T864] Bluetooth: hci0: command 0x1003 tx timeout [ 113.625928][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 113.632113][ T4823] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.768557][ T295] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 113.817272][ T4836] loop1: detected capacity change from 0 to 512 [ 113.824275][ T4836] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 113.835974][ T4836] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 113.851273][ T4836] EXT4-fs (loop1): 1 truncate cleaned up [ 113.856783][ T4836] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 113.872329][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 113.928937][ T314] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 113.950269][ T4850] loop1: detected capacity change from 0 to 512 [ 113.957432][ T4850] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e01c, mo2=0002] [ 113.965188][ T4850] System zones: 1-12 [ 113.969404][ T4850] EXT4-fs error (device loop1): dx_probe:822: inode #2: comm syz.1.1842: Directory hole found for htree index block [ 113.981722][ T4850] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -117 [ 113.990256][ T4850] EXT4-fs error (device loop1): dx_probe:822: inode #2: comm syz.1.1842: Directory hole found for htree index block [ 114.002830][ T4850] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 114.011111][ T4850] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 114.019797][ T4857] loop0: detected capacity change from 0 to 1024 [ 114.028224][ T4850] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 114.036514][ T4857] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 114.045134][ T4857] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038 (0x7fffffff) [ 114.045598][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 114.063978][ T4857] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 114.073207][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 114.087825][ T4863] loop0: detected capacity change from 0 to 512 [ 114.099933][ T4863] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2802c018, mo2=0002] [ 114.107833][ T4863] System zones: 0-2, 18-18, 34-35 [ 114.113840][ T4863] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 114.123044][ T4863] ext4 filesystem being mounted at /141/file0 supports timestamps until 2038 (0x7fffffff) [ 114.138123][ T4863] EXT4-fs (loop0): shut down requested (0) [ 114.152772][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 114.178407][ T314] usb 5-1: Using ep0 maxpacket: 8 [ 114.188445][ T295] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.198961][ T295] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 114.218549][ T295] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.228452][ T295] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.237035][ T295] usb 3-1: config 0 descriptor?? [ 114.293800][ T4891] syz.1.1861[4891] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.293870][ T4891] syz.1.1861[4891] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.305148][ T314] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.327459][ T314] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.337103][ T314] usb 5-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 114.345931][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.354161][ T314] usb 5-1: config 0 descriptor?? [ 114.445529][ T4891] loop1: detected capacity change from 0 to 40427 [ 114.452164][ T4891] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 114.459726][ T4891] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 114.468590][ T4891] F2FS-fs (loop1): invalid crc value [ 114.474814][ T4891] F2FS-fs (loop1): Found nat_bits in checkpoint [ 114.499415][ T4891] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 114.506265][ T4891] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 114.525693][ T43] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 114.534881][ T43] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 114.598802][ T4905] syz.0.1866[4905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.598879][ T4905] syz.0.1866[4905] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.617592][ T4909] loop0: detected capacity change from 0 to 512 [ 114.635847][ T4909] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 114.650074][ T4909] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 114.664739][ T4909] EXT4-fs (loop0): 1 truncate cleaned up [ 114.670267][ T4909] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 114.680402][ T4909] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.1867: corrupted xattr block 19 [ 114.684040][ T4809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.692205][ T4909] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 114.700540][ T4809] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.709029][ T4909] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.1867: corrupted xattr block 19 [ 114.725123][ T39] usb 3-1: USB disconnect, device number 25 [ 114.728547][ T4909] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 114.742940][ T4909] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.1867: corrupted xattr block 19 [ 114.754705][ T4909] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 114.849610][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.857007][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.864251][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.871559][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.878789][ T19] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 114.886230][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.893401][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.900635][ T314] playstation 0003:054C:0CE6.0041: unknown main item tag 0x0 [ 114.908456][ T314] playstation 0003:054C:0CE6.0041: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.4-1/input0 [ 115.068450][ T314] playstation 0003:054C:0CE6.0041: Failed to retrieve feature with reportID 9: -71 [ 115.077675][ T314] playstation 0003:054C:0CE6.0041: Failed to retrieve DualSense pairing info: -71 [ 115.086909][ T314] playstation 0003:054C:0CE6.0041: Failed to get MAC address from DualSense [ 115.095670][ T314] playstation 0003:054C:0CE6.0041: Failed to create dualsense. [ 115.103618][ T314] playstation: probe of 0003:054C:0CE6.0041 failed with error -71 [ 115.112228][ T314] usb 5-1: USB disconnect, device number 26 [ 115.161354][ T4909] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.1867: corrupted xattr block 19 [ 115.173313][ T4909] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 115.182149][ T4909] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.1867: corrupted xattr block 19 [ 115.198152][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 115.210042][ T4914] tipc: Started in network mode [ 115.214713][ T4914] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 115.223644][ T4914] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 115.231672][ T4914] tipc: Enabled bearer , priority 10 [ 115.261932][ T19] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.272723][ T19] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 115.283332][ T19] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 115.297428][ T4925] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1882'. [ 115.306262][ T4925] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1882'. [ 115.315691][ T4925] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1882'. [ 115.335180][ T4928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1873'. [ 115.336778][ T4929] loop0: detected capacity change from 0 to 512 [ 115.352193][ T4929] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.1874: inode #1: comm syz.0.1874: iget: illegal inode # [ 115.365536][ T4929] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1874: error while reading EA inode 1 err=-117 [ 115.379486][ T4929] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.1874: inode #1: comm syz.0.1874: iget: illegal inode # [ 115.392941][ T4929] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1874: error while reading EA inode 1 err=-117 [ 115.405541][ T4929] EXT4-fs (loop0): 1 orphan inode deleted [ 115.411126][ T4929] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 115.426058][ T3294] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 115.446426][ T3294] EXT4-fs error (device loop0): ext4_lookup:1859: inode #2: comm syz-executor: deleted inode referenced: 15 [ 115.458083][ T3294] EXT4-fs error (device loop0): ext4_lookup:1859: inode #2: comm syz-executor: deleted inode referenced: 15 [ 115.469636][ T19] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 115.478643][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.486526][ T19] usb 2-1: Product: syz [ 115.490651][ T19] usb 2-1: Manufacturer: syz [ 115.495122][ T19] usb 2-1: SerialNumber: syz [ 115.540594][ T3294] EXT4-fs (loop0): unmounting filesystem. [ 115.546905][ T692] tipc: Disabling bearer [ 115.552369][ T692] tipc: Left network mode [ 115.669670][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 115.669684][ T28] audit: type=1400 audit(1724231742.604:430): avc: denied { bind } for pid=4948 comm="syz.4.1886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 115.719035][ T4947] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.726036][ T4947] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.733561][ T4947] device bridge_slave_0 entered promiscuous mode [ 115.740618][ T4947] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.745421][ T4943] loop2: detected capacity change from 0 to 40427 [ 115.747512][ T4947] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.755072][ T4943] F2FS-fs (loop2): invalid crc value [ 115.761609][ T4947] device bridge_slave_1 entered promiscuous mode [ 115.767249][ T4943] F2FS-fs (loop2): Found nat_bits in checkpoint [ 115.811258][ T4943] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 115.856560][ T4291] syz-executor: attempt to access beyond end of device [ 115.856560][ T4291] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 115.863489][ T4965] loop4: detected capacity change from 0 to 2048 [ 115.871302][ T4947] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.883430][ T4947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.890524][ T4947] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.897287][ T4947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.911440][ T4965] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 115.922720][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.928591][ T4965] ext4 filesystem being mounted at /306/file0 supports timestamps until 2038 (0x7fffffff) [ 115.939646][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.954539][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.955361][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 115.988676][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.996762][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.003625][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.015214][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.023584][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.030466][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.048598][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.056596][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.067939][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.080611][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.088410][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.095676][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.103684][ T4947] device veth0_vlan entered promiscuous mode [ 116.113503][ T4947] device veth1_macvtap entered promiscuous mode [ 116.128399][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 116.136767][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 116.147720][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 116.157682][ T692] device bridge_slave_1 left promiscuous mode [ 116.163750][ T692] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.171400][ T692] device bridge_slave_0 left promiscuous mode [ 116.177341][ T692] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.185110][ T692] device veth0_vlan left promiscuous mode [ 116.214591][ T28] audit: type=1400 audit(1724231743.144:431): avc: denied { ioctl } for pid=4977 comm="syz.2.1895" path="socket:[37471]" dev="sockfs" ino=37471 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 116.318528][ T314] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 116.377813][ T4989] loop0: detected capacity change from 0 to 512 [ 116.464497][ T4982] loop2: detected capacity change from 0 to 40427 [ 116.471790][ T4982] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 116.484517][ T4982] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 116.498319][ T4982] F2FS-fs (loop2): invalid crc value [ 116.504701][ T4982] F2FS-fs (loop2): Found nat_bits in checkpoint [ 116.531546][ T4982] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 116.538729][ T4982] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 116.549793][ T28] audit: type=1400 audit(1724231743.484:432): avc: denied { rename } for pid=4980 comm="syz.2.1896" name="bus" dev="loop2" ino=455 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 116.571955][ T314] usb 5-1: Using ep0 maxpacket: 16 [ 116.607299][ T5006] loop0: detected capacity change from 0 to 256 [ 116.615908][ T5006] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 116.678595][ T19] cdc_ncm 2-1:1.0: bind() failure [ 116.698491][ T314] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.709413][ T19] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 116.715717][ T314] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 116.725269][ T314] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 116.738233][ T19] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 116.744600][ T314] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 116.754329][ T19] usb 2-1: USB disconnect, device number 25 [ 116.760590][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.783237][ T5022] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 116.798555][ T4971] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 116.820887][ T28] audit: type=1400 audit(1724231743.754:433): avc: denied { map } for pid=5033 comm="syz.2.1918" path="socket:[38155]" dev="sockfs" ino=38155 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 116.844063][ T314] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 116.905455][ T28] audit: type=1400 audit(1724231743.834:434): avc: denied { mount } for pid=5042 comm="syz.2.1923" name="/" dev="ramfs" ino=38164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 116.927895][ T28] audit: type=1400 audit(1724231743.834:435): avc: denied { mounton } for pid=5042 comm="syz.2.1923" path="/82/file0" dev="ramfs" ino=38164 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 116.950334][ T28] audit: type=1400 audit(1724231743.884:436): avc: denied { unmount } for pid=4291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 117.031023][ T5048] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 117.039159][ T5048] overlayfs: missing 'lowerdir' [ 117.065194][ T314] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 117.071533][ T314] usb 5-1: USB disconnect, device number 27 [ 117.098455][ T24] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 117.198754][ T5056] loop1: detected capacity change from 0 to 256 [ 117.207715][ T5056] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 117.458461][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.469254][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.478748][ T24] usb 1-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 117.487592][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.495823][ T24] usb 1-1: config 0 descriptor?? [ 117.898444][ T5078] loop4: detected capacity change from 0 to 131072 [ 117.907398][ T5078] F2FS-fs (loop4): Found nat_bits in checkpoint [ 117.932367][ T5078] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 117.979445][ T24] hid-multitouch 0003:0EEF:72D0.0042: unknown main item tag 0x0 [ 117.987094][ T24] hid-multitouch 0003:0EEF:72D0.0042: unknown main item tag 0x0 [ 117.994955][ T24] hid-multitouch 0003:0EEF:72D0.0042: unknown main item tag 0x0 [ 118.002759][ T24] hid-multitouch 0003:0EEF:72D0.0042: unknown main item tag 0x0 [ 118.010307][ T24] hid-multitouch 0003:0EEF:72D0.0042: unknown main item tag 0x0 [ 118.018148][ T24] hid-multitouch 0003:0EEF:72D0.0042: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.0-1/input0 [ 118.126480][ T5090] tipc: Started in network mode [ 118.131206][ T5090] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 118.140155][ T5090] tipc: Enabling of bearer rejected, failed to enable media [ 118.188108][ T19] usb 1-1: USB disconnect, device number 24 [ 118.368432][ T6] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 118.618429][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 118.704823][ T5097] loop4: detected capacity change from 0 to 128 [ 118.748429][ T6] usb 2-1: config 0 has no interfaces? [ 118.836533][ T5109] syz.4.1950[5109] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.836580][ T5109] syz.4.1950[5109] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.918769][ T6] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 118.938825][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.946551][ T6] usb 2-1: Product: syz [ 118.950917][ T6] usb 2-1: Manufacturer: syz [ 118.955336][ T6] usb 2-1: SerialNumber: syz [ 118.968533][ T6] r8152-cfgselector 2-1: config 0 descriptor?? [ 119.166537][ T5112] loop0: detected capacity change from 0 to 131072 [ 119.175106][ T5112] F2FS-fs (loop0): Found nat_bits in checkpoint [ 119.198660][ T5112] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 119.238452][ T6] r8152-cfgselector 2-1: Unknown version 0x0000 [ 119.440472][ T24] r8152-cfgselector 2-1: USB disconnect, device number 26 [ 119.949641][ T5126] xt_hashlimit: size too large, truncated to 1048576 [ 120.080015][ T5132] loop1: detected capacity change from 0 to 512 [ 120.100712][ T5132] EXT4-fs (loop1): 1 orphan inode deleted [ 120.106344][ T5132] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 120.115180][ T5132] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038 (0x7fffffff) [ 120.129489][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 120.180445][ T692] Bluetooth: hci0: Frame reassembly failed (-84) [ 120.278385][ T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 120.403172][ T5150] loop1: detected capacity change from 0 to 40427 [ 120.410968][ T5150] F2FS-fs (loop1): invalid crc value [ 120.411133][ T5149] loop2: detected capacity change from 0 to 40427 [ 120.417145][ T5150] F2FS-fs (loop1): Found nat_bits in checkpoint [ 120.423102][ T5149] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 120.435414][ T5149] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 120.444309][ T5149] F2FS-fs (loop2): invalid crc value [ 120.450779][ T5149] F2FS-fs (loop2): Found nat_bits in checkpoint [ 120.457977][ T5150] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 120.485262][ T4517] syz-executor: attempt to access beyond end of device [ 120.485262][ T4517] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 120.489184][ T5149] F2FS-fs (loop2): Start checkpoint disabled! [ 120.505841][ T5149] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 120.513084][ T5149] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 120.518387][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 120.535819][ T5149] syz.2.1966: attempt to access beyond end of device [ 120.535819][ T5149] loop2: rw=2049, sector=53248, nr_sectors = 128 limit=40427 [ 120.565989][ T43] kworker/u4:2: attempt to access beyond end of device [ 120.565989][ T43] loop2: rw=1, sector=53320, nr_sectors = 8 limit=40427 [ 120.579853][ T43] kworker/u4:2: attempt to access beyond end of device [ 120.579853][ T43] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 120.677235][ T5169] loop2: detected capacity change from 0 to 512 [ 120.689262][ T5169] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2802c018, mo2=0002] [ 120.697163][ T5169] System zones: 0-2, 18-18, 34-35 [ 120.702653][ T5169] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 120.711433][ T5169] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038 (0x7fffffff) [ 120.725333][ T5169] EXT4-fs (loop2): shut down requested (0) [ 120.736380][ T4291] EXT4-fs (loop2): unmounting filesystem. [ 120.752796][ T5176] loop2: detected capacity change from 0 to 512 [ 120.759956][ T5176] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e01c, mo2=0002] [ 120.767737][ T5176] System zones: 1-12 [ 120.771942][ T5176] EXT4-fs error (device loop2): dx_probe:822: inode #2: comm syz.2.1970: Directory hole found for htree index block [ 120.784373][ T5176] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 120.792610][ T5176] EXT4-fs error (device loop2): dx_probe:822: inode #2: comm syz.2.1970: Directory hole found for htree index block [ 120.804796][ T24] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 120.805114][ T5176] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 120.813700][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.813724][ T24] usb 5-1: Product: syz [ 120.813735][ T24] usb 5-1: Manufacturer: syz [ 120.813746][ T24] usb 5-1: SerialNumber: syz [ 120.814306][ T24] r8152-cfgselector 5-1: config 0 descriptor?? [ 120.822060][ T5176] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 120.864112][ T5176] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 120.874553][ T4291] EXT4-fs (loop2): unmounting filesystem. [ 121.028480][ T1173] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 121.158489][ T39] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 121.308506][ T24] r8152-cfgselector 5-1: Unknown version 0x0000 [ 121.314772][ T24] r8152-cfgselector 5-1: bad CDC descriptors [ 121.338478][ T24] r8152-cfgselector 5-1: Unknown version 0x0000 [ 121.345443][ T24] r8152-cfgselector 5-1: USB disconnect, device number 28 [ 121.388459][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.399258][ T1173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.408911][ T1173] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 121.417723][ T1173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.426093][ T1173] usb 2-1: config 0 descriptor?? [ 121.518456][ T39] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.528419][ T39] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 121.608894][ T39] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 121.617758][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 121.625602][ T39] usb 3-1: SerialNumber: syz [ 121.820857][ T5191] loop4: detected capacity change from 0 to 512 [ 121.849129][ T5191] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 121.857987][ T5191] ext4 filesystem being mounted at /328/bus supports timestamps until 2038 (0x7fffffff) [ 121.871134][ T28] audit: type=1400 audit(1724231748.804:437): avc: denied { rename } for pid=5190 comm="syz.4.1976" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 121.894843][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 121.909294][ T39] usb 3-1: 0:2 : does not exist [ 121.919303][ T1173] logitech-hidpp-device 0003:046D:C086.0043: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.1-1/input0 [ 121.932160][ T5194] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.932989][ T39] usb 3-1: USB disconnect, device number 26 [ 121.940781][ T5194] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.952205][ T5194] device bridge_slave_0 entered promiscuous mode [ 121.958965][ T5194] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.965988][ T5194] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.973154][ T5194] device bridge_slave_1 entered promiscuous mode [ 122.013662][ T5194] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.020568][ T5194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.027587][ T5194] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.034421][ T5194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.055132][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.062852][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.070949][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.085325][ T5204] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 122.093804][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 122.101888][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.108753][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.116103][ T1173] usb 2-1: USB disconnect, device number 27 [ 122.116362][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 122.129796][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.136614][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.143852][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.151598][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.168276][ T5194] device veth0_vlan entered promiscuous mode [ 122.174614][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 122.182843][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 122.190538][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 122.197710][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 122.211260][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 122.220129][ T5194] device veth1_macvtap entered promiscuous mode [ 122.229225][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 122.238920][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.248789][ T962] Bluetooth: hci0: command 0x1003 tx timeout [ 122.248880][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 122.353509][ T5226] loop0: detected capacity change from 0 to 512 [ 122.369925][ T5226] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 122.379031][ T5226] ext4 filesystem being mounted at /27/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 122.397875][ T5226] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz.0.1991: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 122.422407][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 122.434434][ T5231] loop0: detected capacity change from 0 to 512 [ 122.442275][ T5231] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 122.456435][ T5231] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1992: bg 0: block 144: padding at end of block bitmap is not set [ 122.476981][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 122.521569][ T28] audit: type=1400 audit(1724231749.454:438): avc: denied { getopt } for pid=5251 comm="syz.0.2002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 122.639194][ T692] device bridge_slave_1 left promiscuous mode [ 122.645312][ T692] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.653219][ T692] device bridge_slave_0 left promiscuous mode [ 122.659485][ T692] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.667480][ T692] device veth1_macvtap left promiscuous mode [ 122.673664][ T692] device veth0_vlan left promiscuous mode [ 122.679699][ T28] audit: type=1400 audit(1724231749.614:439): avc: denied { setopt } for pid=5265 comm="syz.1.2008" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 122.768484][ T1173] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 122.995478][ T5289] loop4: detected capacity change from 0 to 2048 [ 123.010270][ T5289] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 123.012202][ T5280] loop0: detected capacity change from 0 to 40427 [ 123.018658][ T1173] usb 3-1: Using ep0 maxpacket: 16 [ 123.026081][ T5280] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(262146) root(3) [ 123.037679][ T5280] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 123.047838][ T5280] F2FS-fs (loop0): Found nat_bits in checkpoint [ 123.059748][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 123.087536][ T28] audit: type=1326 audit(1724231750.014:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5302 comm="syz.4.2023" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1400579e79 code=0x0 [ 123.093739][ T5280] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 123.116989][ T5280] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 123.130544][ T4947] syz-executor: attempt to access beyond end of device [ 123.130544][ T4947] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 123.178558][ T1173] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.198679][ T1173] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 123.208252][ T1173] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 123.228398][ T1173] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 123.248376][ T1173] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.289274][ T5240] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 123.318763][ T1173] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 123.355821][ T5305] loop1: detected capacity change from 0 to 40427 [ 123.362467][ T5305] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 123.369773][ T5305] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 123.378716][ T5305] F2FS-fs (loop1): invalid crc value [ 123.384864][ T5305] F2FS-fs (loop1): Found nat_bits in checkpoint [ 123.408601][ T5305] F2FS-fs (loop1): Start checkpoint disabled! [ 123.415311][ T5305] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 123.422254][ T5305] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 123.437867][ T5305] syz.1.2025: attempt to access beyond end of device [ 123.437867][ T5305] loop1: rw=2049, sector=53248, nr_sectors = 128 limit=40427 [ 123.468512][ T692] kworker/u4:5: attempt to access beyond end of device [ 123.468512][ T692] loop1: rw=1, sector=53320, nr_sectors = 8 limit=40427 [ 123.482339][ T692] kworker/u4:5: attempt to access beyond end of device [ 123.482339][ T692] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 123.543301][ T1173] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 123.550942][ T5327] loop1: detected capacity change from 0 to 2048 [ 123.559612][ T1173] usb 3-1: USB disconnect, device number 27 [ 123.570142][ T5327] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 123.585109][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 123.600877][ T5331] loop0: detected capacity change from 0 to 2048 [ 123.610577][ T5331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 123.619683][ T5331] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038 (0x7fffffff) [ 123.637168][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 123.662721][ T28] audit: type=1400 audit(1724231750.594:441): avc: denied { setattr } for pid=5343 comm="syz.1.2038" name="/" dev="incremental-fs" ino=354 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 124.101596][ T28] audit: type=1326 audit(1724231751.034:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5315 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a7b579e79 code=0x7fc00000 [ 124.183954][ T5364] loop4: detected capacity change from 0 to 1024 [ 124.220052][ T5364] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 124.231805][ T5364] ext4 filesystem being mounted at /339/file1 supports timestamps until 2038 (0x7fffffff) [ 124.259207][ T5364] EXT4-fs (loop4): re-mounted. Quota mode: none. [ 124.288915][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 124.314199][ T5380] loop4: detected capacity change from 0 to 256 [ 124.331596][ T5380] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 124.363607][ T5356] loop0: detected capacity change from 0 to 40427 [ 124.373303][ T5356] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 124.380774][ T5356] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 124.389790][ T5356] F2FS-fs (loop0): invalid crc value [ 124.395972][ T5356] F2FS-fs (loop0): Found nat_bits in checkpoint [ 124.436564][ T5356] F2FS-fs (loop0): Start checkpoint disabled! [ 124.443443][ T5356] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 124.450536][ T5356] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 124.476595][ T5356] syz.0.2042: attempt to access beyond end of device [ 124.476595][ T5356] loop0: rw=2049, sector=53248, nr_sectors = 128 limit=40427 [ 124.502141][ T692] kworker/u4:5: attempt to access beyond end of device [ 124.502141][ T692] loop0: rw=1, sector=53320, nr_sectors = 8 limit=40427 [ 124.515977][ T692] kworker/u4:5: attempt to access beyond end of device [ 124.515977][ T692] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 124.678446][ T295] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 124.928431][ T295] usb 2-1: Using ep0 maxpacket: 32 [ 125.031701][ T5406] loop2: detected capacity change from 0 to 1024 [ 125.053764][ T5406] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 125.062129][ T5406] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038 (0x7fffffff) [ 125.085631][ T5406] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 125.109066][ T5419] loop2: detected capacity change from 0 to 256 [ 125.123611][ T5419] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 125.170262][ T5430] loop3: detected capacity change from 0 to 1024 [ 125.176670][ T5430] EXT4-fs: Ignoring removed orlov option [ 125.182386][ T5430] EXT4-fs: Ignoring removed nomblk_io_submit option [ 125.190798][ T5430] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 125.198935][ T5430] System zones: 0-1, 3-36 [ 125.208486][ T295] usb 2-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d [ 125.218521][ T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.228248][ T295] usb 2-1: Product: syz [ 125.235575][ T295] usb 2-1: Manufacturer: syz [ 125.246188][ T295] usb 2-1: SerialNumber: syz [ 125.325875][ T5434] loop0: detected capacity change from 0 to 40427 [ 125.332656][ T5434] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 125.339486][ T5434] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 125.348635][ T5434] F2FS-fs (loop0): invalid crc value [ 125.354772][ T5434] F2FS-fs (loop0): Found nat_bits in checkpoint [ 125.377842][ T5434] F2FS-fs (loop0): Start checkpoint disabled! [ 125.384740][ T5434] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 125.391677][ T5434] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 125.406898][ T5434] syz.0.2073: attempt to access beyond end of device [ 125.406898][ T5434] loop0: rw=2049, sector=53248, nr_sectors = 128 limit=40427 [ 125.420838][ T1173] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 125.439683][ T476] kworker/u4:4: attempt to access beyond end of device [ 125.439683][ T476] loop0: rw=1, sector=53320, nr_sectors = 8 limit=40427 [ 125.453485][ T476] kworker/u4:4: attempt to access beyond end of device [ 125.453485][ T476] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 125.518525][ T295] aqc111: probe of 2-1:1.0 failed with error -22 [ 125.658437][ T1173] usb 3-1: Using ep0 maxpacket: 16 [ 125.719345][ T295] usb 2-1: USB disconnect, device number 28 [ 125.778480][ T1173] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.789238][ T1173] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 125.801830][ T1173] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 125.810626][ T1173] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.818891][ T1173] usb 3-1: config 0 descriptor?? [ 126.234506][ T5452] loop1: detected capacity change from 0 to 512 [ 126.250253][ T5452] EXT4-fs mount: 3 callbacks suppressed [ 126.250269][ T5452] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 126.264639][ T5452] ext4 filesystem being mounted at /69/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 126.281557][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.288973][ T5450] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 126.289575][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.305601][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.311727][ T5452] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz.1.2075: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 126.313005][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.342296][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.350082][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 126.350128][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.363206][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.384466][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.388881][ T5465] loop1: detected capacity change from 0 to 1024 [ 126.395641][ T5467] loop3: detected capacity change from 0 to 512 [ 126.403672][ T5469] loop0: detected capacity change from 0 to 256 [ 126.403841][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.416923][ T1173] microsoft 0003:045E:07DA.0044: unknown main item tag 0x0 [ 126.416999][ T5467] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 126.419468][ T5469] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 126.446029][ T5465] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 126.449435][ T1173] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0044/input/input16 [ 126.457879][ T5465] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038 (0x7fffffff) [ 126.467668][ T5467] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 126.482569][ T5426] loop2: detected capacity change from 0 to 256 [ 126.496010][ T5467] EXT4-fs (loop3): 1 truncate cleaned up [ 126.501802][ T5465] EXT4-fs (loop1): re-mounted. Quota mode: none. [ 126.506146][ T5467] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 126.522228][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 126.525785][ T5426] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 126.540213][ T5467] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.2079: corrupted xattr block 19 [ 126.552746][ T1173] microsoft 0003:045E:07DA.0044: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 126.553489][ T5467] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 126.573456][ T5467] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.2079: corrupted xattr block 19 [ 126.585854][ T5467] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 126.605783][ T5467] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.2079: corrupted xattr block 19 [ 126.617742][ T5467] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 126.774906][ T6] usb 3-1: USB disconnect, device number 28 [ 126.808316][ T5482] loop1: detected capacity change from 0 to 40427 [ 126.815097][ T5482] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 126.822866][ T24] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 126.830632][ T5482] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 126.840774][ T5482] F2FS-fs (loop1): Found nat_bits in checkpoint [ 126.878567][ T5482] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 126.891151][ T5482] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 126.898157][ T5482] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 127.078765][ T28] audit: type=1400 audit(1724231754.014:443): avc: denied { write } for pid=5491 comm="syz.4.2092" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 127.112556][ T28] audit: type=1400 audit(1724231754.034:444): avc: denied { open } for pid=5491 comm="syz.4.2092" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 127.141058][ T5494] loop4: detected capacity change from 0 to 512 [ 127.149256][ T5494] EXT4-fs (loop4): 1 truncate cleaned up [ 127.154769][ T5494] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 127.169943][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 127.238462][ T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 127.248008][ T5467] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.2079: corrupted xattr block 19 [ 127.248612][ T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 127.261649][ T5467] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 127.277746][ T5467] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.2079: corrupted xattr block 19 [ 127.308394][ T295] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 127.320100][ T5194] EXT4-fs (loop3): unmounting filesystem. [ 127.368937][ T24] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 127.378391][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 127.386344][ T24] usb 1-1: SerialNumber: syz [ 127.547763][ T28] audit: type=1400 audit(1724231754.474:445): avc: denied { setattr } for pid=5542 comm="syz.3.2114" name="" dev="pipefs" ino=39784 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 127.572309][ T5545] loop4: detected capacity change from 0 to 128 [ 127.598458][ T6] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 127.636891][ T5557] can0: slcan on ptm0. [ 127.688667][ T295] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 127.698977][ T24] usb 1-1: 0:2 : does not exist [ 127.699869][ T295] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 127.714696][ T5551] loop4: detected capacity change from 0 to 40427 [ 127.715768][ T295] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 127.723085][ T24] usb 1-1: USB disconnect, device number 25 [ 127.734763][ T295] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 127.749138][ T5551] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 127.749147][ T295] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.759664][ T295] usb 2-1: config 0 descriptor?? [ 127.764990][ T5551] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 127.779703][ T5551] F2FS-fs (loop4): Found nat_bits in checkpoint [ 127.788480][ T5488] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 127.806525][ T5551] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 127.813457][ T5551] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 127.848406][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 127.908516][ T60] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 127.968462][ T6] usb 3-1: config 0 has no interfaces? [ 128.128496][ T6] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 128.137366][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.145195][ T6] usb 3-1: Product: syz [ 128.148410][ T1173] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 128.149181][ T6] usb 3-1: Manufacturer: syz [ 128.161076][ T6] usb 3-1: SerialNumber: syz [ 128.165912][ T6] r8152-cfgselector 3-1: config 0 descriptor?? [ 128.168398][ T60] usb 4-1: Using ep0 maxpacket: 32 [ 128.249220][ T295] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 128.256445][ T295] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 128.263809][ T295] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 128.271225][ T295] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 128.278520][ T295] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 128.285676][ T295] plantronics 0003:047F:FFFF.0045: unknown main item tag 0x0 [ 128.294467][ T295] plantronics 0003:047F:FFFF.0045: No inputs registered, leaving [ 128.302550][ T295] plantronics 0003:047F:FFFF.0045: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 128.308473][ T60] usb 4-1: config 0 has no interfaces? [ 128.408486][ T1173] usb 5-1: Using ep0 maxpacket: 8 [ 128.428445][ T6] r8152-cfgselector 3-1: Unknown version 0x0000 [ 128.498553][ T60] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 128.507460][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.515251][ T60] usb 4-1: Product: syz [ 128.519304][ T60] usb 4-1: Manufacturer: syz [ 128.523625][ T60] usb 4-1: SerialNumber: syz [ 128.528222][ T6] usb 2-1: USB disconnect, device number 29 [ 128.534323][ T60] usb 4-1: config 0 descriptor?? [ 128.539168][ T1173] usb 5-1: config 0 has no interfaces? [ 128.630847][ T314] r8152-cfgselector 3-1: USB disconnect, device number 29 [ 128.728455][ T1173] usb 5-1: New USB device found, idVendor=8086, idProduct=0b03, bcdDevice=f4.28 [ 128.737441][ T1173] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.745169][ T1173] usb 5-1: Product: syz [ 128.749162][ T1173] usb 5-1: Manufacturer: syz [ 128.753556][ T1173] usb 5-1: SerialNumber: syz [ 128.758500][ T1173] usb 5-1: config 0 descriptor?? [ 128.802443][ T1173] usb 4-1: USB disconnect, device number 18 [ 128.838477][ T5557] can0 (unregistered): slcan off ptm0. [ 128.999477][ T314] usb 5-1: USB disconnect, device number 29 [ 129.024050][ T28] audit: type=1400 audit(1724231755.954:446): avc: denied { nlmsg_write } for pid=5568 comm="syz.0.2124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 129.057356][ T5574] loop1: detected capacity change from 0 to 256 [ 129.190614][ T5588] loop1: detected capacity change from 0 to 512 [ 129.237721][ T5588] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 129.258557][ T5588] EXT4-fs (loop1): 1 truncate cleaned up [ 129.264025][ T5588] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 129.309764][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 129.362164][ T5586] loop0: detected capacity change from 0 to 40427 [ 129.369087][ T5586] F2FS-fs (loop0): Image doesn't support compression [ 129.377213][ T5586] F2FS-fs (loop0): Found nat_bits in checkpoint [ 129.417734][ T5586] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 129.443944][ T476] bio_check_eod: 1 callbacks suppressed [ 129.443962][ T476] kworker/u4:4: attempt to access beyond end of device [ 129.443962][ T476] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 129.463468][ T476] kworker/u4:4: attempt to access beyond end of device [ 129.463468][ T476] loop0: rw=2049, sector=40984, nr_sectors = 8 limit=40427 [ 129.477699][ T5586] VFS:Filesystem freeze failed [ 129.511075][ T5601] loop4: detected capacity change from 0 to 512 [ 129.527667][ T5601] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 129.560144][ T5601] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 129.598179][ T5601] EXT4-fs (loop4): 1 truncate cleaned up [ 129.608557][ T5601] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 129.653391][ T1168] EXT4-fs (loop4): unmounting filesystem. [ 129.778178][ T5599] loop3: detected capacity change from 0 to 40427 [ 129.784962][ T5599] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(262146) root(3) [ 129.793209][ T5599] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 129.803496][ T5599] F2FS-fs (loop3): Found nat_bits in checkpoint [ 129.841505][ T5599] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 129.848461][ T5599] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 129.867468][ T5582] loop2: detected capacity change from 0 to 131072 [ 129.874469][ T5194] syz-executor: attempt to access beyond end of device [ 129.874469][ T5194] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 129.874763][ T5582] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name [ 129.896751][ T5582] F2FS-fs (loop2): invalid crc value [ 129.903303][ T5582] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 129.933842][ T5582] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 130.029025][ T5631] incfs: Options parsing error. -22 [ 130.034353][ T5631] incfs: mount failed -22 [ 130.135715][ T5651] loop2: detected capacity change from 0 to 512 [ 130.144932][ T5655] xt_hashlimit: size too large, truncated to 1048576 [ 130.152830][ T5651] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 130.161678][ T5651] ext4 filesystem being mounted at /111/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 130.185592][ T5651] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz.2.2136: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 130.193247][ T5661] loop0: detected capacity change from 0 to 512 [ 130.232128][ T4291] EXT4-fs (loop2): unmounting filesystem. [ 130.251858][ T5664] loop3: detected capacity change from 0 to 512 [ 130.274382][ T5664] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 130.283516][ T5664] ext4 filesystem being mounted at /37/bus supports timestamps until 2038 (0x7fffffff) [ 130.296587][ T5661] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 130.309730][ T5661] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038 (0x7fffffff) [ 130.328296][ T5194] EXT4-fs error (device loop3): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /37/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 130.328383][ T314] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 130.362814][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 130.456626][ T5680] input: syz0 as /devices/virtual/input/input17 [ 130.628360][ T314] usb 5-1: Using ep0 maxpacket: 8 [ 130.748424][ T314] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.838455][ T314] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 130.850607][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 130.867289][ T314] usb 5-1: SerialNumber: syz [ 130.877300][ T314] usb 5-1: config 0 descriptor?? [ 130.918889][ T314] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 130.924020][ T5673] loop2: detected capacity change from 0 to 131072 [ 130.927788][ T314] usb 5-1: No valid video chain found. [ 130.939039][ T5673] F2FS-fs (loop2): invalid crc value [ 130.945367][ T5673] F2FS-fs (loop2): Found nat_bits in checkpoint [ 130.986595][ T5673] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 131.087574][ T5690] loop0: detected capacity change from 0 to 512 [ 131.120848][ T314] usb 5-1: USB disconnect, device number 30 [ 131.159407][ T5690] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 131.178503][ T5690] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038 (0x7fffffff) [ 131.211359][ T5690] EXT4-fs error (device loop0): ext4_empty_dir:3093: inode #12: comm syz.0.2167: Directory hole found for htree leaf block [ 131.268453][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 131.528391][ T60] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 131.694838][ T5724] loop1: detected capacity change from 0 to 512 [ 131.702136][ T5724] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 131.710463][ T5724] EXT4-fs (loop1): orphan cleanup on readonly fs [ 131.716999][ T5724] EXT4-fs warning (device loop1): ext4_enable_quotas:6999: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 131.731861][ T5724] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 131.738433][ T5724] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #13: comm syz.1.2180: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 131.756606][ T5724] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.2180: couldn't read orphan inode 13 (err -117) [ 131.768560][ T5724] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 131.784037][ T4517] EXT4-fs (loop1): unmounting filesystem. [ 131.888427][ T60] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 131.897901][ T60] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 131.907647][ T60] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 131.920354][ T1173] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 131.958371][ T314] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 132.078429][ T60] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 132.087377][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.095188][ T60] usb 3-1: Product: syz [ 132.099399][ T60] usb 3-1: Manufacturer: syz [ 132.103798][ T60] usb 3-1: SerialNumber: syz [ 132.148691][ T60] hub 3-1:1.0: bad descriptor, ignoring hub [ 132.154483][ T60] hub: probe of 3-1:1.0 failed with error -5 [ 132.160282][ T1173] usb 5-1: Using ep0 maxpacket: 16 [ 132.278424][ T1173] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.289261][ T1173] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 132.299016][ T1173] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 132.309295][ T1173] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 166 [ 132.319194][ T1173] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 132.359017][ T60] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 132.398453][ T314] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 132.408449][ T1173] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 132.409685][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.417904][ T1173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 132.428694][ T314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.446174][ T314] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 132.458404][ T1173] usb 5-1: SerialNumber: syz [ 132.478510][ T5718] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 132.498720][ T1173] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 132.506605][ T1173] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 132.558401][ T314] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 132.567265][ T314] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 132.575204][ T314] usb 1-1: Manufacturer: syz [ 132.588545][ T314] usb 1-1: config 0 descriptor?? [ 132.688647][ T1173] usb 3-1: USB disconnect, device number 30 [ 132.695000][ T1173] usblp0: removed [ 132.717555][ T1173] usb 5-1: USB disconnect, device number 31 [ 133.059146][ T314] appleir 0003:05AC:8243.0046: unknown main item tag 0x0 [ 133.066198][ T314] appleir 0003:05AC:8243.0046: No inputs registered, leaving [ 133.088831][ T314] appleir 0003:05AC:8243.0046: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 133.241001][ T5741] loop4: detected capacity change from 0 to 1024 [ 133.247768][ T5741] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 133.267674][ T5741] EXT4-fs (loop4): invalid journal inode [ 133.359347][ T60] usb 1-1: USB disconnect, device number 26 [ 133.428369][ T19] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 133.818431][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.829223][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.840080][ T19] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 133.852904][ T19] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 133.868485][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.886648][ T19] usb 2-1: config 0 descriptor?? [ 134.103526][ T5767] syz.4.2198[5767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.103622][ T5767] syz.4.2198[5767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 134.359538][ T19] kye 0003:0458:5013.0047: item fetching failed at offset 4/5 [ 134.378000][ T6] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 134.398427][ T19] kye 0003:0458:5013.0047: parse failed [ 134.403906][ T19] kye: probe of 0003:0458:5013.0047 failed with error -22 [ 134.473381][ T5779] loop4: detected capacity change from 0 to 40427 [ 134.480671][ T5779] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 134.487481][ T5779] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 134.496495][ T5779] F2FS-fs (loop4): invalid crc value [ 134.502809][ T5779] F2FS-fs (loop4): Found nat_bits in checkpoint [ 134.543162][ T5779] F2FS-fs (loop4): Start checkpoint disabled! [ 134.549889][ T5779] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 134.556731][ T5779] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 134.568166][ T19] usb 2-1: USB disconnect, device number 30 [ 134.638390][ T6] usb 1-1: Using ep0 maxpacket: 16 [ 134.654148][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.654148][ T5784] loop4: rw=2049, sector=53248, nr_sectors = 2112 limit=40427 [ 134.681914][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.681914][ T5784] loop4: rw=2049, sector=55360, nr_sectors = 1984 limit=40427 [ 134.711263][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.711263][ T5784] loop4: rw=2049, sector=49152, nr_sectors = 2048 limit=40427 [ 134.740130][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.740130][ T5784] loop4: rw=2049, sector=51200, nr_sectors = 2048 limit=40427 [ 134.783321][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.783321][ T5784] loop4: rw=2049, sector=57344, nr_sectors = 2056 limit=40427 [ 134.798432][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.810554][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.810554][ T5784] loop4: rw=2049, sector=59400, nr_sectors = 2240 limit=40427 [ 134.818358][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.836493][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.836493][ T5784] loop4: rw=2049, sector=61640, nr_sectors = 5304 limit=40427 [ 134.848366][ T6] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 134.855637][ T5784] syz.4.2204: attempt to access beyond end of device [ 134.855637][ T5784] loop4: rw=2049, sector=66944, nr_sectors = 1952 limit=40427 [ 134.868350][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.882786][ T6] usb 1-1: config 0 descriptor?? [ 134.924460][ T43] kworker/u4:2: attempt to access beyond end of device [ 134.924460][ T43] loop4: rw=1, sector=68896, nr_sectors = 736 limit=40427 [ 134.938532][ T43] kworker/u4:2: attempt to access beyond end of device [ 134.938532][ T43] loop4: rw=1, sector=69632, nr_sectors = 8 limit=40427 [ 135.178444][ T1173] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 135.194422][ T5802] SELinux: failed to load policy [ 135.359590][ T6] hid-multitouch 0003:1FD2:6007.0048: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 135.438384][ T1173] usb 3-1: Using ep0 maxpacket: 16 [ 135.569855][ T6] usb 1-1: USB disconnect, device number 27 [ 135.578597][ T1173] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.589496][ T1173] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.600064][ T1173] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 135.609150][ T1173] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.617533][ T1173] usb 3-1: config 0 descriptor?? [ 136.113215][ T5817] loop4: detected capacity change from 0 to 256 [ 136.130004][ T1173] hid-multitouch 0003:1FD2:6007.0049: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 136.335890][ T6] usb 3-1: USB disconnect, device number 31 [ 136.414221][ T5843] ================================================================== [ 136.422121][ T5843] BUG: KASAN: use-after-free in cpu_map_generic_redirect+0x1c7/0x780 [ 136.430015][ T5843] Read of size 8 at addr ffff88812ac26b18 by task syz.1.2230/5843 [ 136.437653][ T5843] [ 136.439836][ T5843] CPU: 1 PID: 5843 Comm: syz.1.2230 Not tainted 6.1.90-syzkaller-00023-gedca080b95df #0 [ 136.449372][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 136.459439][ T5843] Call Trace: [ 136.462563][ T5843] [ 136.465342][ T5843] dump_stack_lvl+0x151/0x1b7 [ 136.469855][ T5843] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 136.475147][ T5843] ? _printk+0xd1/0x111 [ 136.479142][ T5843] ? __virt_addr_valid+0x242/0x2f0 [ 136.484092][ T5843] print_report+0x158/0x4e0 [ 136.488427][ T5843] ? __virt_addr_valid+0x242/0x2f0 [ 136.493378][ T5843] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 136.499451][ T5843] ? cpu_map_generic_redirect+0x1c7/0x780 [ 136.505004][ T5843] kasan_report+0x13c/0x170 [ 136.509347][ T5843] ? cpu_map_generic_redirect+0x1c7/0x780 [ 136.514987][ T5843] ? kfree+0x7a/0xf0 [ 136.518718][ T5843] __asan_report_load8_noabort+0x14/0x20 [ 136.524185][ T5843] cpu_map_generic_redirect+0x1c7/0x780 [ 136.529571][ T5843] ? cpu_map_enqueue+0x370/0x370 [ 136.534440][ T5843] xdp_do_generic_redirect+0x3b5/0xad0 [ 136.539733][ T5843] do_xdp_generic+0x53e/0x800 [ 136.544236][ T5843] ? generic_xdp_tx+0x560/0x560 [ 136.548424][ T19] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 136.548928][ T5843] ? tun_get_user+0x2340/0x3a90 [ 136.560993][ T5843] tun_get_user+0x238a/0x3a90 [ 136.565590][ T5843] ? cpu_curr_snapshot+0x90/0x90 [ 136.570371][ T5843] ? tun_do_read+0x2000/0x2000 [ 136.574962][ T5843] ? ref_tracker_alloc+0x31d/0x450 [ 136.579909][ T5843] ? ref_tracker_dir_print+0x160/0x160 [ 136.585206][ T5843] ? avc_policy_seqno+0x1b/0x70 [ 136.589895][ T5843] ? tun_get+0xe9/0x120 [ 136.593892][ T5843] tun_chr_write_iter+0x129/0x210 [ 136.598745][ T5843] vfs_write+0x902/0xeb0 [ 136.602827][ T5843] ? file_end_write+0x1c0/0x1c0 [ 136.607514][ T5843] ? do_futex+0x501/0x9a0 [ 136.611676][ T5843] ? __fget_files+0x2cb/0x330 [ 136.616192][ T5843] ? __fdget_pos+0x204/0x390 [ 136.620613][ T5843] ? ksys_write+0x77/0x2c0 [ 136.624877][ T5843] ksys_write+0x199/0x2c0 [ 136.629035][ T5843] ? save_fpregs_to_fpstate+0x220/0x220 [ 136.634415][ T5843] ? __ia32_sys_read+0x90/0x90 [ 136.639018][ T5843] ? fpregs_restore_userregs+0x130/0x290 [ 136.644487][ T5843] __x64_sys_write+0x7b/0x90 [ 136.648921][ T5843] x64_sys_call+0x2f/0x9a0 [ 136.653170][ T5843] do_syscall_64+0x3b/0xb0 [ 136.657415][ T5843] ? clear_bhb_loop+0x55/0xb0 [ 136.661932][ T5843] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.667667][ T5843] RIP: 0033:0x7fd78257895f [ 136.671909][ T5843] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 136.691402][ T5843] RSP: 002b:00007fd7832f7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 136.699596][ T5843] RAX: ffffffffffffffda RBX: 00007fd782715f80 RCX: 00007fd78257895f [ 136.707407][ T5843] RDX: 0000000000000d86 RSI: 0000000020001580 RDI: 00000000000000c8 [ 136.715220][ T5843] RBP: 00007fd7825e7916 R08: 0000000000000000 R09: 0000000000000000 [ 136.723029][ T5843] R10: 0000000000000d86 R11: 0000000000000293 R12: 0000000000000000 [ 136.730843][ T5843] R13: 0000000000000000 R14: 00007fd782715f80 R15: 00007ffef5fb70f8 [ 136.738661][ T5843] [ 136.741524][ T5843] [ 136.743687][ T5843] Allocated by task 5617: [ 136.747899][ T5843] kasan_set_track+0x4b/0x70 [ 136.752280][ T5843] kasan_save_alloc_info+0x1f/0x30 [ 136.757227][ T5843] __kasan_kmalloc+0x9c/0xb0 [ 136.761654][ T5843] __kmalloc_node+0xb4/0x1e0 [ 136.766079][ T5843] bpf_map_kmalloc_node+0xd0/0x2c0 [ 136.771028][ T5843] cpu_map_update_elem+0x28f/0xf50 [ 136.775973][ T5843] bpf_map_update_value+0x1a3/0x410 [ 136.781008][ T5843] map_update_elem+0x500/0x680 [ 136.785627][ T5843] __sys_bpf+0x460/0x7f0 [ 136.789686][ T5843] __x64_sys_bpf+0x7c/0x90 [ 136.793938][ T5843] x64_sys_call+0x87f/0x9a0 [ 136.798279][ T5843] do_syscall_64+0x3b/0xb0 [ 136.798364][ T19] usb 1-1: Using ep0 maxpacket: 32 [ 136.802532][ T5843] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.802561][ T5843] [ 136.802565][ T5843] Freed by task 5621: [ 136.802573][ T5843] kasan_set_track+0x4b/0x70 [ 136.823717][ T5843] kasan_save_free_info+0x2b/0x40 [ 136.828570][ T5843] ____kasan_slab_free+0x131/0x180 [ 136.833518][ T5843] __kasan_slab_free+0x11/0x20 [ 136.838118][ T5843] __kmem_cache_free+0x218/0x3b0 [ 136.842893][ T5843] kfree+0x7a/0xf0 [ 136.846451][ T5843] put_cpu_map_entry+0x6e2/0x760 [ 136.851222][ T5843] cpu_map_kthread_run+0x2463/0x2520 [ 136.856427][ T5843] kthread+0x26d/0x300 [ 136.860345][ T5843] ret_from_fork+0x1f/0x30 [ 136.864587][ T5843] [ 136.866760][ T5843] Last potentially related work creation: [ 136.872319][ T5843] kasan_save_stack+0x3b/0x60 [ 136.876834][ T5843] __kasan_record_aux_stack+0xb4/0xc0 [ 136.882042][ T5843] kasan_record_aux_stack_noalloc+0xb/0x10 [ 136.887682][ T5843] insert_work+0x56/0x310 [ 136.891842][ T5843] __queue_work+0x9b6/0xd70 [ 136.896183][ T5843] queue_work_on+0x105/0x170 [ 136.900614][ T5843] cpu_map_free+0x1e7/0x2c0 [ 136.904951][ T5843] bpf_map_free_deferred+0xf7/0x1b0 [ 136.909980][ T5843] process_one_work+0x73d/0xcb0 [ 136.914667][ T5843] worker_thread+0xa60/0x1260 [ 136.919268][ T5843] kthread+0x26d/0x300 [ 136.923173][ T5843] ret_from_fork+0x1f/0x30 [ 136.927612][ T5843] [ 136.929769][ T5843] Second to last potentially related work creation: [ 136.936198][ T5843] kasan_save_stack+0x3b/0x60 [ 136.940707][ T5843] __kasan_record_aux_stack+0xb4/0xc0 [ 136.945914][ T5843] kasan_record_aux_stack_noalloc+0xb/0x10 [ 136.951556][ T5843] call_rcu+0xee/0x1340 [ 136.955568][ T5843] cpu_map_free+0x109/0x2c0 [ 136.960067][ T5843] bpf_map_free_deferred+0xf7/0x1b0 [ 136.965094][ T5843] process_one_work+0x73d/0xcb0 [ 136.970566][ T5843] worker_thread+0xa60/0x1260 [ 136.975081][ T5843] kthread+0x26d/0x300 [ 136.978983][ T5843] ret_from_fork+0x1f/0x30 [ 136.983236][ T5843] [ 136.985406][ T5843] The buggy address belongs to the object at ffff88812ac26b00 [ 136.985406][ T5843] which belongs to the cache kmalloc-192 of size 192 [ 136.999295][ T5843] The buggy address is located 24 bytes inside of [ 136.999295][ T5843] 192-byte region [ffff88812ac26b00, ffff88812ac26bc0) [ 137.012311][ T5843] [ 137.014487][ T5843] The buggy address belongs to the physical page: [ 137.020742][ T5843] page:ffffea0004ab0980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12ac26 [ 137.030799][ T5843] flags: 0x4000000000000200(slab|zone=1) [ 137.036274][ T5843] raw: 4000000000000200 ffffea00044f1d40 dead000000000004 ffff888100042c00 [ 137.044692][ T5843] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 137.053103][ T5843] page dumped because: kasan: bad access detected [ 137.059364][ T5843] page_owner tracks the page as allocated [ 137.064907][ T5843] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 289, tgid 289 (syz-executor), ts 20188714172, free_ts 0 [ 137.082010][ T5843] post_alloc_hook+0x213/0x220 [ 137.086606][ T5843] prep_new_page+0x1b/0x110 [ 137.090948][ T5843] get_page_from_freelist+0x27ea/0x2870 [ 137.096327][ T5843] __alloc_pages+0x3a1/0x780 [ 137.100753][ T5843] alloc_slab_page+0x6c/0xf0 [ 137.105180][ T5843] new_slab+0x90/0x3e0 [ 137.109086][ T5843] ___slab_alloc+0x6f9/0xb80 [ 137.113511][ T5843] __slab_alloc+0x5d/0xa0 [ 137.117678][ T5843] __kmem_cache_alloc_node+0x1af/0x250 [ 137.122974][ T5843] __kmalloc_node_track_caller+0xa2/0x1e0 [ 137.128527][ T5843] kmemdup+0x29/0x60 [ 137.132259][ T5843] fib_rules_register+0x2e/0x420 [ 137.137033][ T5843] fib4_rules_init+0x22/0x170 [ 137.141550][ T5843] fib_net_init+0x127/0x2d0 [ 137.145885][ T5843] ops_init+0x1cf/0x490 [ 137.149879][ T5843] setup_net+0x4ca/0xd60 [ 137.153958][ T5843] page_owner free stack trace missing [ 137.159169][ T5843] [ 137.161335][ T5843] Memory state around the buggy address: [ 137.166807][ T5843] ffff88812ac26a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.174707][ T5843] ffff88812ac26a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 137.182603][ T5843] >ffff88812ac26b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.190506][ T5843] ^ [ 137.195188][ T5843] ffff88812ac26b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 137.203087][ T5843] ffff88812ac26c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.210982][ T5843] ================================================================== [ 137.218952][ T5843] Disabling lock debugging due to kernel taint [ 137.224887][ T5843] ================================================================================ [ 137.234024][ T5843] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 137.242116][ T5843] index 16382 is out of range for type 'unsigned long[8]' [ 137.249024][ T5843] CPU: 1 PID: 5843 Comm: syz.1.2230 Tainted: G B 6.1.90-syzkaller-00023-gedca080b95df #0 [ 137.260026][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 137.269920][ T5843] Call Trace: [ 137.273043][ T5843] [ 137.275821][ T5843] dump_stack_lvl+0x151/0x1b7 [ 137.278425][ T19] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.280332][ T5843] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 137.296395][ T5843] dump_stack+0x15/0x1c [ 137.298355][ T19] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 137.300380][ T5843] __ubsan_handle_out_of_bounds+0x13a/0x160 [ 137.315924][ T5843] __pv_queued_spin_lock_slowpath+0xb96/0xda0 [ 137.321826][ T5843] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 137.321956][ T19] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 137.328074][ T5843] ? kasan_check_range+0x294/0x2a0 [ 137.342569][ T5843] _raw_spin_lock+0x139/0x1b0 [ 137.347077][ T5843] ? _raw_spin_trylock_bh+0x190/0x190 [ 137.352300][ T5843] cpu_map_generic_redirect+0x1f4/0x780 [ 137.357667][ T5843] ? cpu_map_enqueue+0x370/0x370 [ 137.357871][ T19] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 137.362441][ T5843] xdp_do_generic_redirect+0x3b5/0xad0 [ 137.362477][ T5843] do_xdp_generic+0x53e/0x800 [ 137.385012][ T5843] ? generic_xdp_tx+0x560/0x560 [ 137.389702][ T5843] ? tun_get_user+0x2340/0x3a90 [ 137.394383][ T5843] tun_get_user+0x238a/0x3a90 [ 137.398897][ T5843] ? cpu_curr_snapshot+0x90/0x90 [ 137.403669][ T5843] ? tun_do_read+0x2000/0x2000 [ 137.408267][ T5843] ? ref_tracker_alloc+0x31d/0x450 [ 137.413215][ T5843] ? ref_tracker_dir_print+0x160/0x160 [ 137.418537][ T5843] ? avc_policy_seqno+0x1b/0x70 [ 137.423197][ T5843] ? tun_get+0xe9/0x120 [ 137.427189][ T5843] tun_chr_write_iter+0x129/0x210 [ 137.432049][ T5843] vfs_write+0x902/0xeb0 [ 137.436132][ T5843] ? file_end_write+0x1c0/0x1c0 [ 137.440813][ T5843] ? do_futex+0x501/0x9a0 [ 137.444981][ T5843] ? __fget_files+0x2cb/0x330 [ 137.449496][ T5843] ? __fdget_pos+0x204/0x390 [ 137.453919][ T5843] ? ksys_write+0x77/0x2c0 [ 137.458174][ T5843] ksys_write+0x199/0x2c0 [ 137.462339][ T5843] ? save_fpregs_to_fpstate+0x220/0x220 [ 137.467721][ T5843] ? __ia32_sys_read+0x90/0x90 [ 137.472322][ T5843] ? fpregs_restore_userregs+0x130/0x290 [ 137.477791][ T5843] __x64_sys_write+0x7b/0x90 [ 137.478423][ T19] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 137.482216][ T5843] x64_sys_call+0x2f/0x9a0 [ 137.482242][ T5843] do_syscall_64+0x3b/0xb0 [ 137.499583][ T5843] ? clear_bhb_loop+0x55/0xb0 [ 137.504096][ T5843] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.508363][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 137.509813][ T5843] RIP: 0033:0x7fd78257895f [ 137.509949][ T5843] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 137.517814][ T19] usb 1-1: SerialNumber: syz [ 137.521982][ T5843] RSP: 002b:00007fd7832f7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 137.522008][ T5843] RAX: ffffffffffffffda RBX: 00007fd782715f80 RCX: 00007fd78257895f [ 137.522021][ T5843] RDX: 0000000000000d86 RSI: 0000000020001580 RDI: 00000000000000c8 [ 137.522031][ T5843] RBP: 00007fd7825e7916 R08: 0000000000000000 R09: 0000000000000000 [ 137.522044][ T5843] R10: 0000000000000d86 R11: 0000000000000293 R12: 0000000000000000 [ 137.585339][ T5843] R13: 0000000000000000 R14: 00007fd782715f80 R15: 00007ffef5fb70f8 [ 137.593163][ T5843] [ 137.596146][ T5843] ================================================================================ [ 137.605292][ T5843] general protection fault, probably for non-canonical address 0xe012953f9f5ba219: 0000 [#1] PREEMPT SMP KASAN [ 137.616761][ T5843] KASAN: maybe wild-memory-access in range [0x0094c9fcfadd10c8-0x0094c9fcfadd10cf] [ 137.625876][ T5843] CPU: 1 PID: 5843 Comm: syz.1.2230 Tainted: G B 6.1.90-syzkaller-00023-gedca080b95df #0 [ 137.636894][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 137.638427][ T5833] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 137.646879][ T5843] RIP: 0010:__pv_queued_spin_lock_slowpath+0x2f5/0xda0 [ 137.660503][ T5843] Code: 4c 89 e8 48 c1 e8 03 80 3c 10 00 74 12 4c 89 ef e8 20 35 9d fc 48 ba 00 00 00 00 00 fc ff df 49 03 5d 00 48 89 d8 48 c1 e8 03 <80> 3c 10 00 74 12 48 89 df e8 9d 35 9d fc 48 ba 00 00 00 00 00 fc [ 137.668387][ T5833] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 137.679948][ T5843] RSP: 0018:ffffc9000367f580 EFLAGS: 00010202 [ 137.692789][ T5843] RAX: 0012993f9f5ba219 RBX: 0094c9fcfadd10cb RCX: 0000000000040000 [ 137.700599][ T5843] RDX: dffffc0000000000 RSI: 000000000003ffff RDI: 0000000000040000 [ 137.708412][ T5843] RBP: ffffc9000367f670 R08: ffffffff8144920b R09: 0000000000000003 [ 137.716222][ T5843] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff11021dbcf20 [ 137.724035][ T5843] R13: ffffffff86561870 R14: 1ffff1103ee27179 R15: ffff88810ede7904 [ 137.731845][ T5843] FS: 00007fd7832f76c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 137.740613][ T5843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.747034][ T5843] CR2: 0000000020002000 CR3: 0000000129c1d000 CR4: 00000000003506a0 [ 137.754847][ T5843] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 137.762657][ T5843] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 137.770465][ T5843] Call Trace: [ 137.773592][ T5843] [ 137.776369][ T5843] ? __die_body+0x62/0xb0 [ 137.780534][ T5843] ? die_addr+0x9f/0xd0 [ 137.784527][ T5843] ? exc_general_protection+0x317/0x4c0 [ 137.789913][ T5843] ? asm_exc_general_protection+0x27/0x30 [ 137.795462][ T5843] ? check_panic_on_warn+0x5b/0xb0 [ 137.800410][ T5843] ? __pv_queued_spin_lock_slowpath+0x2f5/0xda0 [ 137.806487][ T5843] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 137.812734][ T5843] ? kasan_check_range+0x294/0x2a0 [ 137.817681][ T5843] _raw_spin_lock+0x139/0x1b0 [ 137.822195][ T5843] ? _raw_spin_trylock_bh+0x190/0x190 [ 137.827432][ T5843] cpu_map_generic_redirect+0x1f4/0x780 [ 137.832912][ T5843] ? cpu_map_enqueue+0x370/0x370 [ 137.837677][ T5843] xdp_do_generic_redirect+0x3b5/0xad0 [ 137.842970][ T5843] do_xdp_generic+0x53e/0x800 [ 137.847481][ T5843] ? generic_xdp_tx+0x560/0x560 [ 137.852171][ T5843] ? tun_get_user+0x2340/0x3a90 [ 137.856853][ T5843] tun_get_user+0x238a/0x3a90 [ 137.861374][ T5843] ? cpu_curr_snapshot+0x90/0x90 [ 137.866141][ T5843] ? tun_do_read+0x2000/0x2000 [ 137.870741][ T5843] ? ref_tracker_alloc+0x31d/0x450 [ 137.875687][ T5843] ? ref_tracker_dir_print+0x160/0x160 [ 137.880985][ T5843] ? avc_policy_seqno+0x1b/0x70 [ 137.885669][ T5843] ? tun_get+0xe9/0x120 [ 137.889661][ T5843] tun_chr_write_iter+0x129/0x210 [ 137.894525][ T5843] vfs_write+0x902/0xeb0 [ 137.898604][ T5843] ? file_end_write+0x1c0/0x1c0 [ 137.903288][ T5843] ? do_futex+0x501/0x9a0 [ 137.907455][ T5843] ? __fget_files+0x2cb/0x330 [ 137.911967][ T5843] ? __fdget_pos+0x204/0x390 [ 137.916392][ T5843] ? ksys_write+0x77/0x2c0 [ 137.920649][ T5843] ksys_write+0x199/0x2c0 [ 137.924812][ T5843] ? save_fpregs_to_fpstate+0x220/0x220 [ 137.930194][ T5843] ? __ia32_sys_read+0x90/0x90 [ 137.934798][ T5843] ? fpregs_restore_userregs+0x130/0x290 [ 137.940264][ T5843] __x64_sys_write+0x7b/0x90 [ 137.944690][ T5843] x64_sys_call+0x2f/0x9a0 [ 137.948941][ T5843] do_syscall_64+0x3b/0xb0 [ 137.953193][ T5843] ? clear_bhb_loop+0x55/0xb0 [ 137.957708][ T5843] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.963435][ T5843] RIP: 0033:0x7fd78257895f [ 137.967690][ T5843] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 137.987131][ T5843] RSP: 002b:00007fd7832f7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 137.995376][ T5843] RAX: ffffffffffffffda RBX: 00007fd782715f80 RCX: 00007fd78257895f [ 138.003187][ T5843] RDX: 0000000000000d86 RSI: 0000000020001580 RDI: 00000000000000c8 [ 138.010997][ T5843] RBP: 00007fd7825e7916 R08: 0000000000000000 R09: 0000000000000000 [ 138.018810][ T5843] R10: 0000000000000d86 R11: 0000000000000293 R12: 0000000000000000 [ 138.026622][ T5843] R13: 0000000000000000 R14: 00007fd782715f80 R15: 00007ffef5fb70f8 [ 138.034438][ T5843] [ 138.037311][ T5843] Modules linked in: [ 138.041083][ T5843] ---[ end trace 0000000000000000 ]--- [ 138.046328][ T5843] RIP: 0010:__pv_queued_spin_lock_slowpath+0x2f5/0xda0 [ 138.053038][ T5843] Code: 4c 89 e8 48 c1 e8 03 80 3c 10 00 74 12 4c 89 ef e8 20 35 9d fc 48 ba 00 00 00 00 00 fc ff df 49 03 5d 00 48 89 d8 48 c1 e8 03 <80> 3c 10 00 74 12 48 89 df e8 9d 35 9d fc 48 ba 00 00 00 00 00 fc [ 138.072467][ T5843] RSP: 0018:ffffc9000367f580 EFLAGS: 00010202 [ 138.078363][ T5843] RAX: 0012993f9f5ba219 RBX: 0094c9fcfadd10cb RCX: 0000000000040000 [ 138.086165][ T5843] RDX: dffffc0000000000 RSI: 000000000003ffff RDI: 0000000000040000 [ 138.093987][ T5843] RBP: ffffc9000367f670 R08: ffffffff8144920b R09: 0000000000000003 [ 138.101819][ T5843] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff11021dbcf20 [ 138.109631][ T5843] R13: ffffffff86561870 R14: 1ffff1103ee27179 R15: ffff88810ede7904 [ 138.117416][ T5843] FS: 00007fd7832f76c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 138.118543][ T5833] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 138.126222][ T5843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.139560][ T5843] CR2: 0000000020002000 CR3: 0000000129c1d000 CR4: 00000000003506a0 [ 138.143521][ T5833] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 138.147353][ T5843] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 138.162126][ T5843] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 138.169947][ T5843] Kernel panic - not syncing: Fatal exception in interrupt [ 138.177158][ T5843] Kernel Offset: disabled [ 138.181278][ T5843] Rebooting in 86400 seconds..