last executing test programs: 5.272462021s ago: executing program 4: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./bus\x00', 0x14542, &(0x7f0000000240)=ANY=[], 0x1, 0x1222, &(0x7f0000001580)="$eJzs3E9rHGUcB/Bf18TE1PxRa7U96INePA1NDnpRJEgKkgWldoVWEKZmosuOuyGzBLaIsSevvg7x6E0Q30AuvgZvuXjsQRzpbNLUmlbEJuufz+ew84Pn+e7zDLMMPMM8u//6V5/2NqtsMx9G68yZaG1FpNtpNqIVEVHf+XhhPRrXrq+vtttrV1K6vHp1+dWU0sKL33/w2Tcv/TA8+/63C9/NxN7Sh/s/r/y0d37vwv6vVz/pVqlbpf5gmPJ0YzAY5jfKIm10q16W0rtlkVdF6varYvt37ZvlYGtrlPL+xvzc1nZRVSnvj1KvGKXhIA23Ryn/OO/2U5ZlaX4ueKDpP+/S+fp2XdcRdT0dj0dd1/UTMRdn48mYj4X4IiKeiqfjmTgXz8b5eC6ejwtNr9OYPgAAAAAAAAAAAAAAAAAAAPx/PGz//2Is2f8PAAAAAAAAAAAAAAAAAAAAp+C9a9fXV9vttSspzUaUX+50djrj47j91mHHS7EYv0Sz+39sXF9+u712KTWW4la5e5Df3ek81sRWN6MbZRSx3PydwEF+qmk7zC+P8+koH7s7nZmYuze/Eotx7vjxV/6Qv3OcjVdeviefxWL8+FEMooyNZuyj/OfLKb31Tvu+/MWmHwAAAPwXZOmuY9fvWfag9nH+7vr6uOcDb0TE0fOB+9bXU3FxarLnTkQ1utnLy7LYrkY3W4dFL589LMp/cfHapEZvndA3t+KRT3U6/lZ85uBn9E+43IpHWjz0tpFO5ebEiTu66JOeCQAAAAAAAAAAAH/FCb9FOBXHvFn25mROFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQwUAAP//2C/Elw==") r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) timer_settime(0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000080)={0x0, 0x200002000001, 0x0, 0x0, 0x0, 0x0, 0x2401}) 5.066970243s ago: executing program 4: ioperm(0x0, 0x1, 0x8) prctl$PR_SET_MM_MAP(0x35, 0xe, 0x0, 0x9cfe2206cad4610) 5.0278057s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000007ec0000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) 4.988457175s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10) lgetxattr(0x0, 0x0, 0x0, 0x0) 4.936299554s ago: executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) dup(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x0, 0x8000}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffc, 0xffffffe0}}]}]}}}]}, 0x64}}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) bind$inet(r3, &(0x7f00000002c0)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.646158469s ago: executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x54, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x7, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "ca0c734891a263a2ef1df715fb24b095"}, @mptcp=@synack={0x1e, 0x10}, @md5sig={0x13, 0x12, "2bdd4b74a1f6aa675459bc4d77085aa8"}]}}}}}}}}, 0x0) 2.646016319s ago: executing program 2: ioperm(0x0, 0x1, 0x8) prctl$PR_SET_MM_MAP(0x35, 0xe, 0x0, 0x9cfe2206cad4610) 2.63652751s ago: executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000082505a5a4400000000101090244000101000000090400000302060000052406000005240000000d240f010000000000000000000905810320000000000905820208000000000905030208"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1}, 0x3b) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x0) 2.557862023s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000400), &(0x7f00000004c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.429454013s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000007ec0000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) 2.384896s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) ioctl$FS_IOC_RESVSP(r2, 0x4030582b, &(0x7f0000000300)={0x1100, 0x0, 0xc, 0x10004}) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000080)) 1.901151235s ago: executing program 1: ioperm(0x0, 0x1, 0x8) prctl$PR_SET_MM_MAP(0x35, 0xe, 0x0, 0x9cfe2206cad4610) 1.858810911s ago: executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) dup(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x0, 0x8000}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffc, 0xffffffe0}}]}]}}}]}, 0x64}}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) bind$inet(r3, &(0x7f00000002c0)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.837890285s ago: executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x46, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ab004e4099040210d7df010203010902340001000000000904d80002ca306f00090500000000000000080ba58b5893bb2a090500000000000000080b"], 0x0) 812.210274ms ago: executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) getrandom(&(0x7f0000000080)=""/240, 0xfffffffffffffe77, 0x0) 811.934574ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000007ec0000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) 811.581574ms ago: executing program 1: keyctl$setperm(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x52e, &(0x7f0000000a80)="$eJzs3c9vI1cdAPDvTH52mza70ANUwC5QWNBq7Y23XVW9tHsBoaoSouKAOGxD4o1C7DjETmlCJNK/ASSQOMGfwAGJA1JPHLhxROKAkMoBaYEItEECyWjGk9RNnMY0jg3x5yONZt48+33fW+/Mm3l25gUwtm5ExF5ETEfEGxExX+xPiiVe6SzZ6x7v7y4d7O8uJdFuv/7XJM/P9kXXezJPFmXORsTXvhzxreRk3Ob2ztpirVbdLNLlVn2j3Nzeub1aX1yprlTXK5V7C/fuvHj3hcrA2nq9/vNHX1p99eu/+uUn3/3t3he/l1VrrsjrbscgdZo+dRQnMxkRr15EsBGYKNbTI64HH04aER+JiM/kx/98TOT/OwGAy6zdno/2fHcaALjs0nwMLElLxVjAXKRpqdQZw3smrqS1RrN162Fja325M1Z2NabSh6u16p1rM7//Tn7FMJVk6YU8L8/P05Vj6bsRcS0ifjjzRJ4uLTVqy6O77AGAsfbksf7/HzOd/r8PPb7VAwD+b8yOugIAwNDp/wFg/Oj/AWD89NH/F1/27114XQCA4XD/DwDjR/8PAONH/w8AY+Wrr72WLe2D4vnXy29ub6013ry9XG2ulepbS6WlxuZGaaXRWMmf2VM/q7xao7Gx8HxsvVVuVZutcnN750G9sbXeepA/1/tBdWoorQIAPsi16+/8LomIvZeeyJfomstBXw2XWzrqCgAjMzHqCgAjY7YvGF/93+P/5kLrAYxOz4d5z/bcfL8f/xdB/M4I/qfc/Hj/4//meIbLxfg/jK8PN/7/8sDrAQyf8X8YX+12cnzO/+mjLADgUjrHb/zb3x/URQgwUmdN5j2Q7/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkpmLiG9HkpaKucDnIk1LpYinIuJqTCUPV2vVOxHxdFyPiKmZLL0w6koDAOeU/jkp5v+6Of/c3PHc6eSfM/k6Ir77k9d/9NZiq7W5kO3/29H+mcPpwyrvve8c8woCAAOW99+VYt11I/94f3fpcBlmfR7dj38XUxEvHezv5ksnZzIm8/Vsfi1x5e9Jke7MRfpsREwMIP7e2xHxsV7tT/KxkavFzKfd8aOI/dRQ46fvi5/meZ11dvH10QHUBcbNO/cj4pVex18aN/J17+N/Nj9Dnd+j+53CDs99B13xD89/Ez3iZ8f8jX5jPP/rr5zY2Z7v5L0d8exkr/jJUfzklPjP9Rn/D5/41A9ePiWv/dOIm9E7fnescqu+UW5u79xerS+uVFeq65XKvYV7d168+0KlnI9Rlw9Hqk/6y0u3nj6tbln7r5wSf7Zn+6eP3vu5Ptv/s3+98c1Pf0D8L3y29+f/TM/4HVmf+Pk+4y9e+cWp03dn8ZdPaf9Zn/+tPuO/+6ed5T5fCgAMQXN7Z22xVqtunmsjuwsdRDknNrIqDrTAMzb+GMOLdebG1EX9q174xuTRteJgS/5GVuKQm5MOvBXn2ng8rFijPS8BF++9g37UNQEAAAAAAAAAAAAAAE4zjD9dGnUbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLz+EwAA//+2KMyN") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)) r1 = syz_open_pts(r0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000001c0)=0x11) 811.202074ms ago: executing program 2: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1, &(0x7f00000002c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000300), 0x0, 0x0, 0x8d, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x5, 0xff, 0x0, 0x1, 0x800}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_int(r5, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendmmsg$inet6(r5, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom$inet6(r5, 0x0, 0xfffffffffffffffb, 0x40000022, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r6 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) 558.223033ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000018007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000006c0)='./file0\x00', 0x19f, &(0x7f0000000100), 0x80, 0x550, &(0x7f0000000700)="$eJzs3c9rJFkdAPBvddKz8yOznVUPuuC4uiszi073ZOPuBg/rCKKnBXG9jzHpCWE66ZDu7E7CoJm/QBBRwZNevAj+AYIMePEowoLiRVBYUUQzehBcp6SqK5mmpzvp2e3tziSfD9TUq1dV7/teTb9KV9ejKoBT67mIuB4RD9I0fTEiKkV+qZhitzNl293fu7OUTUmk6Rv/SCIp8vbLSor5hWK3sxHxta9EfDN5NG5re+fWYqNR3yyWa+21jVpre+fq6triSn2lvj4/P/fKwqsLLy9cG0k7L0bEa1/6y/e/89Mvv/bLz7715xt/u/KtrFozxfrudjyG7BBNH7ZBp+nlzrEsZDtsvodgx9V03sLCuX5bpGmaPkgrXTl3x1IzAAB6Zd9LPxQRn4qIF6MSU4d/nQUAAACeQOkXZuLdJL9DE3/8w6W0x5neDAAAAODJU8rHwCalajEWYCZKpWq1M4b3I3G+1Gi22p+52dxaX+6MlZ2NcunmaqN+rRgrPBvlJFuey9MPl1/qWZ6PiGci4nuVc/lydanZWJ70jx8AAABwSlzouf7/d6Vz/Q8AAACcMLOPZpUmUQ8AAADgg9Pn+h8AAAA4YVz/AwAAwIn21ddfz6Z0//3Xy29ub91qvnl1ud66VV3bWqouNTc3qivN5kr+zL61o8prNJsbn4v1rdu1dr3VrrW2d26sNbfW2zdW89eBAwAAABPwzCfu/T6JiN3Pn8unzJlJVwoYi+mDVFLM+/T+Pz3dmb8zpkoBYzE1xDbvPDWGigBjNz3pCgATU550BYCJS45YP3Dwzm+K+SdHWx8AAGD0Ln9s8P3/w98BsOsVAfCEe8+d+KgfDIBjr+f+f1qZVEWAscvv/w874Nc3fjhRykONAAROsvd9//9IafpYFQIAAEZuJp+SUrX4eW8mSqVqNeJi/lqAcnJztVG/FhFPR8TvKuWnsuW5fM/ELUAAAAAAAAAAAAAAAAAAAAAAAAAAGFKaJpEe5vqhawEAAIAnQETpr8mvOs/yv1x5Yab394EzyX/yVwKfiYi3fvTGD24vttubc1n+Pw/y2z8s8l/q2vHd/fIBAACAcdu/Tt+/jgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUbq/d2fp/t6d9L97d5bGGffvX4yI2YP4+dRZMx1n8/nZKEfE+X8lMd21XxIRUyOIv3s3Ij7aL36SVesgZL/45z74+DFbHIV+8S+MID6cZvey88/1vP9FbERX/yvFc/m8q/8lRceLzolhegTxB5//4uD8NzWg/18cMsazb/+8NjD+3Yhnp/uff/bjJwPiPx+loeJ/4+s7O4PWpT+OuBz943fHqrXXNmqt7Z2rq2uLK/WV+vr8/NwrC68uvLxwrXZztVEv/u0b47sf/8WDw9p/fkD82SPa/0JvYQM+EP97+/behzvJcr/4V57vE//XPym2eDR+qfjb9+kina2/vJ/e7aS7XfrZby8d1v7lh+0vP87//5VBhQ55XACAyWht79xabDTqmyc2kV2lv+9ypi6muck3ZySJ3eNRjYknvj3SArMPSNan+qy6FxHDlJPEcTgseWLSZyYAAGDUHn7pn3RNAAAAAAAAAAAAAAAAAAAA4PQax+PEemPuHqQSTwYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6N/wcAAP//eOHkIw==") 414.414486ms ago: executing program 3: ioperm(0x0, 0x1, 0x8) prctl$PR_SET_MM_MAP(0x35, 0xe, 0x0, 0x9cfe2206cad4610) 402.431507ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 395.076889ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) delete_module(0x0, 0x0) 381.976891ms ago: executing program 3: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./bus\x00', 0x14542, &(0x7f0000000240)=ANY=[], 0x1, 0x1222, &(0x7f0000001580)="$eJzs3E9rHGUcB/Bf18TE1PxRa7U96INePA1NDnpRJEgKkgWldoVWEKZmosuOuyGzBLaIsSevvg7x6E0Q30AuvgZvuXjsQRzpbNLUmlbEJuufz+ew84Pn+e7zDLMMPMM8u//6V5/2NqtsMx9G68yZaG1FpNtpNqIVEVHf+XhhPRrXrq+vtttrV1K6vHp1+dWU0sKL33/w2Tcv/TA8+/63C9/NxN7Sh/s/r/y0d37vwv6vVz/pVqlbpf5gmPJ0YzAY5jfKIm10q16W0rtlkVdF6varYvt37ZvlYGtrlPL+xvzc1nZRVSnvj1KvGKXhIA23Ryn/OO/2U5ZlaX4ueKDpP+/S+fp2XdcRdT0dj0dd1/UTMRdn48mYj4X4IiKeiqfjmTgXz8b5eC6ejwtNr9OYPgAAAAAAAAAAAAAAAAAAAPx/PGz//2Is2f8PAAAAAAAAAAAAAAAAAAAAp+C9a9fXV9vttSspzUaUX+50djrj47j91mHHS7EYv0Sz+39sXF9+u712KTWW4la5e5Df3ek81sRWN6MbZRSx3PydwEF+qmk7zC+P8+koH7s7nZmYuze/Eotx7vjxV/6Qv3OcjVdeviefxWL8+FEMooyNZuyj/OfLKb31Tvu+/MWmHwAAAPwXZOmuY9fvWfag9nH+7vr6uOcDb0TE0fOB+9bXU3FxarLnTkQ1utnLy7LYrkY3W4dFL589LMp/cfHapEZvndA3t+KRT3U6/lZ85uBn9E+43IpHWjz0tpFO5ebEiTu66JOeCQAAAAAAAAAAAH/FCb9FOBXHvFn25mROFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQwUAAP//2C/Elw==") r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) timer_settime(0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000080)={0x0, 0x200002000001, 0x0, 0x0, 0x0, 0x0, 0x2401}) 336.502398ms ago: executing program 3: syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x20, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_u}]}}) 144.680737ms ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000312"], 0x0, 0x0}, 0x0) 100.054934ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) rt_sigsuspend(0x0, 0x0) 94.401025ms ago: executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) getrandom(&(0x7f0000000080)=""/240, 0xfffffffffffffe77, 0x0) 82.750817ms ago: executing program 0: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) dup(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x0, 0x8000}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffffc, 0xffffffe0}}]}]}}}]}, 0x64}}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) bind$inet(r3, &(0x7f00000002c0)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 29.799485ms ago: executing program 2: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 0s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4}, 0x48) mkdir(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) r4 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet_udp(0x2, 0x2, 0x0) sendmmsg(r4, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000300)=ANY=[@ANYBLOB="b700000018000000bca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000061140400000000001d430000000000007a0a00fe0000001f6114000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767912d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce0900000000000000499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc682928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348de20f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97b4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b4f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb1bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb36e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b78825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e8a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffff8, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48) kernel console output (not intermixed with test programs): [ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.368627][ T344] device veth1_macvtap left promiscuous mode [ 666.374739][ T344] device veth0_vlan left promiscuous mode [ 666.496124][T21179] loop3: detected capacity change from 0 to 1024 [ 666.513004][T21149] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.520729][T21149] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.528276][T21149] device bridge_slave_1 entered promiscuous mode [ 666.553979][T21179] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 666.568335][T21174] loop0: detected capacity change from 0 to 512 [ 666.580171][T21174] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 666.580401][T20365] EXT4-fs (loop3): unmounting filesystem. [ 666.596075][T21174] EXT4-fs (loop0): 1 orphan inode deleted [ 666.601733][T21174] EXT4-fs (loop0): 1 truncate cleaned up [ 666.607451][T21174] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 666.699341][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 666.709446][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 666.729657][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 666.737911][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 666.745886][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.752729][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.774239][ T315] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 667.144949][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 667.153182][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 667.161268][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.163481][ T315] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 667.168146][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.185368][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 667.201522][T20349] EXT4-fs (loop0): unmounting filesystem. [ 667.207441][ T315] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 667.217374][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 667.224949][ T315] usb 2-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 667.224978][ T315] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.225621][ T315] usb 2-1: config 0 descriptor?? [ 667.250579][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 667.273892][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 667.289661][T21148] device veth0_vlan entered promiscuous mode [ 667.299684][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 667.308078][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 667.315431][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 667.323148][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 667.330359][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 667.342018][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 667.350164][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 667.358206][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.365062][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 667.372505][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 667.392112][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 667.400399][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 667.408480][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.415350][ T346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.422600][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 667.430762][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 667.441000][T21148] device veth1_macvtap entered promiscuous mode [ 667.457274][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 667.464892][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 667.472746][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 667.480524][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 667.488480][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 667.521347][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 667.531240][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 667.541422][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 667.549645][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 667.570038][T21149] device veth0_vlan entered promiscuous mode [ 667.576369][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 667.593186][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 667.594096][T21208] loop3: detected capacity change from 0 to 512 [ 667.602279][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 667.615117][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 667.629436][T21149] device veth1_macvtap entered promiscuous mode [ 667.700886][T21208] FAT-fs (loop3): bogus logical sector size 2175 [ 667.706456][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 667.707461][T21208] FAT-fs (loop3): Can't find a valid FAT filesystem [ 667.714786][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 668.084466][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 668.121780][T12208] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 668.225536][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 668.284847][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 668.297335][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 668.305657][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 668.313930][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 668.322089][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 668.493465][ T344] device bridge_slave_1 left promiscuous mode [ 668.500563][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.510919][T12208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.521879][ T344] device bridge_slave_0 left promiscuous mode [ 668.527938][T12208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.556406][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.568113][T12208] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 668.631646][T12208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.692114][T12208] usb 5-1: config 0 descriptor?? [ 669.039091][ T344] device veth0_vlan left promiscuous mode [ 669.181860][T12208] hid-led 0003:27B8:01ED.00A3: unbalanced delimiter at end of report description [ 669.193021][T12208] hid-led: probe of 0003:27B8:01ED.00A3 failed with error -22 [ 669.315409][T21243] kvm: vcpu 0: requested 504 ns lapic timer period limited to 200000 ns [ 669.323644][T21243] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2853442732 (5706885464 ns) > initial count (200000 ns). Using initial count to start timer. [ 669.347279][T21243] kvm: pic: non byte write [ 669.384958][ T8001] usb 5-1: USB disconnect, device number 86 [ 669.411606][T21252] loop3: detected capacity change from 0 to 2048 [ 669.420725][T21252] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 669.489488][T21256] loop2: detected capacity change from 0 to 512 [ 669.495891][T21256] ext4: Unknown parameter 'dont_measure' [ 669.518334][T20111] usb 2-1: USB disconnect, device number 85 [ 669.565566][ T28] audit: type=1326 audit(1718044453.744:64974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21255 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f223867cf69 code=0x0 [ 669.667511][T21269] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. [ 669.698598][T12208] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 669.801756][T21269] device gretap0 entered promiscuous mode [ 669.811103][T21269] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 669.828631][T21273] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. [ 669.838468][T21273] 0ªX¹¦D: renamed from gretap0 [ 669.846219][T21273] device 30ªX¹¦D left promiscuous mode [ 669.870524][T21273] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 670.002799][T21277] loop4: detected capacity change from 0 to 1024 [ 670.042104][T21277] loop4: detected capacity change from 0 to 128 [ 670.097860][T12208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.113772][T12208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.126025][T12208] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 670.135396][T12208] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.159868][T12208] usb 1-1: config 0 descriptor?? [ 670.258331][T20365] EXT4-fs (loop3): unmounting filesystem. [ 670.278374][T21292] syz-executor.3[21292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 670.278421][T21292] syz-executor.3[21292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 671.605020][T20111] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 671.667853][T21295] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 671.994370][T20111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 672.014279][T20111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 672.034088][T20111] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 672.042979][T20111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.071721][T20111] usb 2-1: config 0 descriptor?? [ 672.081359][T21325] loop4: detected capacity change from 0 to 40427 [ 672.093545][T21327] loop3: detected capacity change from 0 to 40427 [ 672.100573][T21325] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 672.108800][T21325] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 672.116884][T21327] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 672.124505][T21327] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 672.142806][T21327] F2FS-fs (loop3): invalid crc value [ 672.148918][T21325] F2FS-fs (loop4): Found nat_bits in checkpoint [ 672.162759][T21327] F2FS-fs (loop3): Found nat_bits in checkpoint [ 672.171439][T21317] loop2: detected capacity change from 0 to 131072 [ 672.178716][T21317] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name [ 672.186854][T21317] F2FS-fs (loop2): invalid crc value [ 672.193331][T21317] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 672.195718][T12208] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.00A4/input/input122 [ 672.222420][T21317] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 672.241381][T21325] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 672.245629][ T28] audit: type=1400 audit(1718044456.419:64975): avc: denied { read } for pid=21316 comm="syz-executor.2" name="file0" dev="loop2" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 672.273245][T12208] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.00A4/input/input123 [ 672.292282][T12208] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.00A4/input/input124 [ 672.305072][T21327] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 672.311934][T21327] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 672.319514][T21325] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 672.326492][T21325] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 672.334461][T12208] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.00A4/input/input125 [ 672.414626][T12208] uclogic 0003:256C:006D.00A4: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 672.435879][T12208] usb 1-1: USB disconnect, device number 101 [ 672.564437][T20111] hid-led 0003:27B8:01ED.00A5: unbalanced delimiter at end of report description [ 672.573831][T20111] hid-led: probe of 0003:27B8:01ED.00A5 failed with error -22 [ 672.767129][T20111] usb 2-1: USB disconnect, device number 86 [ 672.861414][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.861437][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.869094][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.876681][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.884237][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.891747][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.899194][T21149] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 672.977796][ T344] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 672.994590][ T344] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 674.555011][T21378] loop1: detected capacity change from 0 to 40427 [ 674.572184][T21378] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 674.589588][T21378] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 674.608364][T21378] F2FS-fs (loop1): invalid crc value [ 674.613986][T20111] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 674.630786][T21378] F2FS-fs (loop1): Found nat_bits in checkpoint [ 674.704975][T21378] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 674.712402][T21376] loop2: detected capacity change from 0 to 40427 [ 674.719328][T21378] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 674.726773][T21376] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 674.744484][T21376] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 674.757139][T21376] F2FS-fs (loop2): Found nat_bits in checkpoint [ 674.792859][T21376] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 674.806070][T21376] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 674.813046][T21376] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 674.859314][T21148] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 674.859338][T21148] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 674.869312][T21148] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 675.068841][T20111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 675.096602][T20111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 675.108235][T20111] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 675.117306][T20111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.125847][T20111] usb 1-1: config 0 descriptor?? [ 675.166855][T21363] loop4: detected capacity change from 0 to 40427 [ 675.173761][T21363] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 675.181299][T21363] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 675.189760][T21363] F2FS-fs (loop4): invalid crc value [ 675.419121][T20996] syz-executor.1: attempt to access beyond end of device [ 675.419121][T20996] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 675.446191][T21401] loop3: detected capacity change from 0 to 256 [ 675.453069][T21363] F2FS-fs (loop4): Found nat_bits in checkpoint [ 675.468638][T21401] exfat: Unknown parameter '18446744073709551615' [ 675.502805][T21363] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 675.509799][T21363] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 675.548206][T21363] F2FS-fs (loop4): Unrecognized mount option "€" or missing value [ 675.847484][ T24] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 675.917240][T20111] usb 1-1: language id specifier not provided by device, defaulting to English [ 676.092856][ T28] audit: type=1326 audit(1718044460.276:64976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21419 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f223867cf69 code=0x0 [ 676.220784][T21426] loop3: detected capacity change from 0 to 40427 [ 676.227275][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 676.238086][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 676.246972][T21426] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 676.254532][T21426] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 676.262519][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.271638][ T24] usb 5-1: config 0 descriptor?? [ 676.277276][T21426] F2FS-fs (loop3): Found nat_bits in checkpoint [ 676.299152][T21426] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 676.310431][T21426] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 676.317658][ T24] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 676.324405][T21426] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 676.331672][ T24] usb 5-1: No valid video chain found. [ 676.346465][T20111] uclogic 0003:256C:006D.00A6: failed retrieving string descriptor #200: -71 [ 676.355223][T20111] uclogic 0003:256C:006D.00A6: failed retrieving pen parameters: -71 [ 676.363227][T20111] uclogic 0003:256C:006D.00A6: failed probing pen v2 parameters: -71 [ 676.396167][T20111] uclogic 0003:256C:006D.00A6: failed probing parameters: -71 [ 676.403515][T20111] uclogic: probe of 0003:256C:006D.00A6 failed with error -71 [ 676.421414][T20111] usb 1-1: USB disconnect, device number 102 [ 676.505652][T21435] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 676.515845][ T28] audit: type=1326 audit(1718044460.707:64977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.521186][ T8001] usb 5-1: USB disconnect, device number 87 [ 676.557283][ T28] audit: type=1326 audit(1718044460.707:64978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.564270][T21433] loop1: detected capacity change from 0 to 40427 [ 676.582677][ T28] audit: type=1326 audit(1718044460.707:64979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.588477][T21433] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 676.612116][ T28] audit: type=1326 audit(1718044460.707:64980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.643160][ T28] audit: type=1326 audit(1718044460.707:64981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.643171][T21433] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 676.644509][T21433] F2FS-fs (loop1): invalid crc value [ 676.667147][ T28] audit: type=1326 audit(1718044460.737:64982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.677527][T21433] F2FS-fs (loop1): Found nat_bits in checkpoint [ 676.680196][ T28] audit: type=1326 audit(1718044460.737:64983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.734393][ T28] audit: type=1326 audit(1718044460.737:64984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.758235][ T28] audit: type=1326 audit(1718044460.737:64985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21434 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f232fc7cf69 code=0x7ffc0000 [ 676.782426][T21433] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 676.789309][T21433] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 677.248184][T20996] syz-executor.1: attempt to access beyond end of device [ 677.248184][T20996] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 677.465706][T21463] syz-executor.1[21463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 677.465756][T21463] syz-executor.1[21463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 677.483937][T21465] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 677.507391][T21463] syz-executor.1[21463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 677.507465][T21463] syz-executor.1[21463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 677.519029][T21467] tap0: tun_chr_ioctl cmd 1074025677 [ 677.519334][T20111] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 677.530812][T21467] tap0: linktype set to 773 [ 678.114999][T21498] loop0: detected capacity change from 0 to 8192 [ 678.153716][T21498] loop0: p2 p3 p4 [ 678.156725][T21500] tap0: tun_chr_ioctl cmd 1074025677 [ 678.157374][T21498] loop0: p2 start 452985600 is beyond EOD, truncated [ 678.162508][T21500] tap0: linktype set to 773 [ 678.169012][T21498] loop0: p3 start 4177527808 is beyond EOD, [ 678.173425][T20111] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.181695][T21498] truncated [ 678.193022][T21498] loop0: p4 size 3599499392 extends beyond EOD, truncated [ 678.193104][T20111] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 678.209809][T20111] usb 3-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 678.218724][T20111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.231322][T20111] usb 3-1: config 0 descriptor?? [ 678.612519][T17188] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 679.056967][ T8001] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 679.100336][T20111] sony 0003:1345:3008.00A7: hiddev96,hidraw0: USB HID v80.00 Device [HID 1345:3008] on usb-dummy_hcd.2-1/input0 [ 679.112060][T20111] sony 0003:1345:3008.00A7: failed to claim input [ 679.313335][ T315] usb 3-1: USB disconnect, device number 59 [ 679.403009][T21552] loop4: detected capacity change from 0 to 40427 [ 679.410246][T21552] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 679.417827][T21552] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 679.426574][ T8001] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 679.431190][T20111] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 679.445762][T21552] F2FS-fs (loop4): invalid crc value [ 679.461907][T21552] F2FS-fs (loop4): Found nat_bits in checkpoint [ 679.494065][T21552] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 679.500906][T21552] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 679.517018][T21552] F2FS-fs (loop4): Unrecognized mount option "€" or missing value [ 679.590972][ T8001] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 679.600076][ T8001] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.608006][ T8001] usb 4-1: Product: syz [ 679.612021][ T8001] usb 4-1: Manufacturer: syz [ 679.616368][ T8001] usb 4-1: SerialNumber: syz [ 679.790521][ T24] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 679.830463][T12208] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 679.870483][T20111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 679.881334][T20111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 679.890970][T20111] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 679.899905][T20111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.908146][T20111] usb 2-1: config 0 descriptor?? [ 680.100051][ T346] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 680.149990][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 680.160009][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 680.168839][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.177175][ T24] usb 5-1: config 0 descriptor?? [ 680.189864][T12208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 680.200770][T12208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 680.210372][T12208] usb 1-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 680.219266][T12208] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.227341][ T24] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 680.234273][ T24] usb 5-1: No valid video chain found. [ 680.239845][T12208] usb 1-1: config 0 descriptor?? [ 680.400157][T20111] hid-thrustmaster 0003:044F:B65D.00A8: unbalanced collection at end of report description [ 680.410234][T20111] hid-thrustmaster 0003:044F:B65D.00A8: parse failed with error -22 [ 680.418024][T20111] hid-thrustmaster: probe of 0003:044F:B65D.00A8 failed with error -22 [ 680.429530][T20455] Bluetooth: hci0: Frame reassembly failed (-84) [ 680.432463][ T24] usb 5-1: USB disconnect, device number 88 [ 680.509389][ T346] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 680.520200][ T346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 680.530986][ T346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 680.540520][ T346] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 680.553300][ T346] usb 3-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00 [ 680.562146][ T346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.570510][ T346] usb 3-1: config 0 descriptor?? [ 680.605629][T20111] usb 2-1: USB disconnect, device number 87 [ 680.719572][T12208] logitech 0003:046D:C295.00A9: unknown main item tag 0x0 [ 680.727077][T12208] logitech 0003:046D:C295.00A9: hidraw0: USB HID v0.00 Device [HID 046d:c295] on usb-dummy_hcd.0-1/input0 [ 680.738377][T12208] logitech 0003:046D:C295.00A9: no inputs found [ 680.758905][ T8001] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 680.765239][ T8001] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 680.772653][ T8001] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 680.919510][T12208] usb 1-1: USB disconnect, device number 103 [ 680.988568][ T8001] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 680.994878][ T8001] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 681.006860][ T8001] usb 4-1: USB disconnect, device number 78 [ 681.012785][ T8001] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 681.038988][ T346] thrustmaster 0003:044F:B653.00AA: unbalanced delimiter at end of report description [ 681.048562][ T346] thrustmaster 0003:044F:B653.00AA: parse failed [ 681.054701][ T346] thrustmaster: probe of 0003:044F:B653.00AA failed with error -22 [ 681.415883][ T24] usb 3-1: USB disconnect, device number 60 [ 681.515486][T21573] xt_bpf: check failed: parse error [ 681.668239][T21582] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 682.042258][T21596] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 682.061391][T21600] xt_bpf: check failed: parse error [ 682.266356][T12208] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 682.306333][ T346] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 682.335853][T21606] loop3: detected capacity change from 0 to 131072 [ 682.344891][T21606] F2FS-fs (loop3): Found nat_bits in checkpoint [ 682.368905][T21606] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 682.451894][T17188] Bluetooth: hci0: command 0x1003 tx timeout [ 682.457899][ T463] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 682.666062][T12208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 682.731273][T12208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.776266][T12208] usb 2-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 682.803892][T12208] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.820472][T12208] usb 2-1: config 0 descriptor?? [ 682.915889][ T346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 682.926843][ T346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.936618][ T346] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 682.945742][ T346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.961942][ T346] usb 3-1: config 0 descriptor?? [ 683.316130][T12208] sony 0003:1345:3008.00AB: hiddev96,hidraw0: USB HID v80.00 Device [HID 1345:3008] on usb-dummy_hcd.1-1/input0 [ 683.327901][T12208] sony 0003:1345:3008.00AB: failed to claim input [ 683.384602][ T24] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 683.436786][T21632] loop0: detected capacity change from 0 to 512 [ 683.446829][ T8001] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 683.496271][T21632] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 683.526880][ T346] logitech 0003:046D:C295.00AC: unknown main item tag 0x0 [ 683.534412][T12208] usb 2-1: USB disconnect, device number 88 [ 683.534911][ T346] logitech 0003:046D:C295.00AC: hidraw0: USB HID v0.00 Device [HID 046d:c295] on usb-dummy_hcd.2-1/input0 [ 683.551533][ T346] logitech 0003:046D:C295.00AC: no inputs found [ 683.557998][T21632] EXT4-fs (loop0): 1 truncate cleaned up [ 683.563450][T21632] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 683.701687][ T346] usb 3-1: USB disconnect, device number 61 [ 683.704031][ T8001] usb 4-1: Using ep0 maxpacket: 16 [ 683.773953][ T24] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 683.784754][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 683.795491][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 683.805071][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 683.817804][ T24] usb 5-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00 [ 683.826658][ T8001] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 135, changing to 11 [ 683.837583][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.845363][ T8001] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 8634, setting to 1024 [ 683.856448][ T8001] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 683.865450][ T24] usb 5-1: config 0 descriptor?? [ 683.870281][ T8001] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.878500][ T8001] usb 4-1: config 0 descriptor?? [ 684.053903][T21636] xt_bpf: check failed: parse error [ 684.125444][T20349] EXT4-fs (loop0): unmounting filesystem. [ 684.137101][T21644] random: crng reseeded on system resumption [ 684.220157][T21646] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 684.567780][ T24] thrustmaster 0003:044F:B653.00AD: unbalanced delimiter at end of report description [ 684.641606][T21648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 684.676453][ T24] thrustmaster 0003:044F:B653.00AD: parse failed [ 684.709806][T21648] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 684.716180][T21652] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 684.717457][ T28] kauditd_printk_skb: 3362 callbacks suppressed [ 684.717471][ T28] audit: type=1400 audit(1718044468.910:68348): avc: denied { setopt } for pid=21651 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 684.753783][ T24] thrustmaster: probe of 0003:044F:B653.00AD failed with error -22 [ 684.770316][ T24] usb 5-1: USB disconnect, device number 89 [ 684.772792][T21658] serio: Serial port pts0 [ 684.776467][ T8001] hid (null): unknown global tag 0xd [ 684.786480][ T8001] hid (null): report_id 4222 is invalid [ 684.793230][ T8001] hid (null): unknown global tag 0xe4 [ 684.798857][ T8001] hid (null): unknown global tag 0x52 [ 684.804108][ T8001] hid (null): unknown global tag 0xe [ 684.810112][ T8001] hid-generic 0003:0158:0100.00AE: unknown global tag 0xd [ 684.817119][ T8001] hid-generic 0003:0158:0100.00AE: item 0 4 1 13 parsing failed [ 684.824852][ T8001] hid-generic: probe of 0003:0158:0100.00AE failed with error -22 [ 684.977648][ T8001] usb 4-1: USB disconnect, device number 79 [ 685.022281][T21666] loop1: detected capacity change from 0 to 40427 [ 685.029141][T21666] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 685.036669][T21666] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 685.045243][T21666] F2FS-fs (loop1): invalid crc value [ 685.051585][T21666] F2FS-fs (loop1): Found nat_bits in checkpoint [ 685.074625][T21666] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 685.081546][T21666] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 685.092216][T21666] F2FS-fs (loop1): Unrecognized mount option "€" or missing value [ 685.131748][ T346] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 685.181684][T20111] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 685.361419][ T24] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 685.392233][T21673] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.399074][T21673] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.406390][T21673] device bridge_slave_0 entered promiscuous mode [ 685.413167][T21673] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.420056][T21673] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.427469][T21673] device bridge_slave_1 entered promiscuous mode [ 685.468262][T21673] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.475133][T21673] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.482213][T21673] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.488995][T21673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.516474][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 685.524248][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.531238][ T346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 685.542181][ T346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 685.552771][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.559811][ T346] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 685.568937][ T346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.577577][ T346] usb 3-1: config 0 descriptor?? [ 685.582416][T20111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 685.593143][T20111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 685.602749][T20111] usb 1-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 685.611732][T20111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.620279][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 685.620625][T20111] usb 1-1: config 0 descriptor?? [ 685.628589][T12208] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.639737][T12208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 685.654088][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 685.662420][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.669249][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.676446][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 685.693809][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 685.702271][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 685.711899][T21673] device veth0_vlan entered promiscuous mode [ 685.721434][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 685.729424][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 685.737264][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 685.744511][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 685.754725][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 685.761763][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 685.770893][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.780460][ T24] usb 2-1: config 0 descriptor?? [ 685.780992][T21673] device veth1_macvtap entered promiscuous mode [ 685.796403][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 685.800819][ T8001] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 685.804782][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 685.821483][ T24] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 685.828283][ T24] usb 2-1: No valid video chain found. [ 686.001098][ T344] device bridge_slave_1 left promiscuous mode [ 686.007070][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.015182][ T344] device bridge_slave_0 left promiscuous mode [ 686.022741][ T4375] usb 2-1: USB disconnect, device number 89 [ 686.029168][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.037707][ T344] device veth1_macvtap left promiscuous mode [ 686.044850][ T344] device veth0_vlan left promiscuous mode [ 686.051412][ T346] hid-thrustmaster 0003:044F:B65D.00AF: unbalanced collection at end of report description [ 686.064830][ T346] hid-thrustmaster 0003:044F:B65D.00AF: parse failed with error -22 [ 686.075029][ T346] hid-thrustmaster: probe of 0003:044F:B65D.00AF failed with error -22 [ 686.112375][T20111] sony 0003:1345:3008.00B0: hiddev96,hidraw0: USB HID v80.00 Device [HID 1345:3008] on usb-dummy_hcd.0-1/input0 [ 686.127990][T20111] sony 0003:1345:3008.00B0: failed to claim input [ 686.170199][ T8001] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.190105][ T8001] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.209815][ T8001] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 686.228803][ T8001] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.247407][ T8001] usb 4-1: config 0 descriptor?? [ 686.254046][T21681] usb 3-1: USB disconnect, device number 62 [ 686.295660][T21683] loop4: detected capacity change from 0 to 131072 [ 686.303450][T21683] F2FS-fs (loop4): invalid crc value [ 686.310160][T21683] F2FS-fs (loop4): Found nat_bits in checkpoint [ 686.319913][ T4375] usb 1-1: USB disconnect, device number 104 [ 686.338233][T21683] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 686.571928][T21700] loop1: detected capacity change from 0 to 512 [ 686.580944][T21700] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 686.590145][T21700] ext4 filesystem being mounted at /root/syzkaller-testdir1840244304/syzkaller.19o3al/54/file0 supports timestamps until 2038 (0x7fffffff) [ 686.611317][T20996] EXT4-fs (loop1): unmounting filesystem. [ 686.658224][T21706] loop1: detected capacity change from 0 to 256 [ 686.667030][T21706] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 686.729374][T21706] loop1: detected capacity change from 256 to 0 [ 686.736102][T20087] loop: Write error at byte offset 9223372036854858239, length 512. [ 686.744012][ C0] I/O error, dev loop1, sector 161 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 686.753459][ C0] Buffer I/O error on dev loop1, logical block 161, lost sync page write [ 686.762269][ C0] I/O error, dev loop1, sector 161 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 686.781963][ C0] I/O error, dev loop1, sector 161 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 686.791355][ C0] I/O error, dev loop1, sector 161 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 686.800878][ T344] loop: Write error at byte offset 9223372036854857727, length 512. [ 686.808722][ C0] I/O error, dev loop1, sector 160 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 686.818078][ C0] Buffer I/O error on dev loop1, logical block 160, lost sync page write [ 686.826503][ C0] I/O error, dev loop1, sector 160 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 686.836739][T20996] exFAT-fs (loop1): failed to exfat_remove_entries : err(-5) [ 686.957061][ T345] loop: Write error at byte offset 9223372036854775807, length 512. [ 686.965065][ C0] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 686.974296][ C0] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 686.983469][ C0] Buffer I/O error on dev loop1, logical block 0, lost sync page write [ 687.148810][T21681] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 687.183107][T21722] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.190412][T21722] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.197737][T21722] device bridge_slave_0 entered promiscuous mode [ 687.204697][T21722] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.212069][T21722] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.219445][T21722] device bridge_slave_1 entered promiscuous mode [ 687.288775][T21722] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.295656][T21722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 687.302754][T21722] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.309545][T21722] bridge0: port 1(bridge_slave_0) entered forwarding state [ 687.338954][ T4375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 687.346624][ T4375] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.354244][ T4375] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.373455][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 687.382123][T20111] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.388988][T20111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 687.396672][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 687.405024][T20111] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.411890][T20111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 687.430758][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 687.439170][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 687.447018][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 687.454950][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 687.468301][T21722] device veth0_vlan entered promiscuous mode [ 687.476376][ T4375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 687.485119][ T4375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 687.493392][ T4375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 687.501644][ T4375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 687.509958][ T344] device bridge_slave_1 left promiscuous mode [ 687.517045][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.526444][ T344] device bridge_slave_0 left promiscuous mode [ 687.532616][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.539758][T21681] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 687.551059][T21681] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 687.551810][ T344] device veth1_macvtap left promiscuous mode [ 687.567558][ T344] device veth0_vlan left promiscuous mode [ 687.647926][T21681] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 687.656800][T21681] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 687.657853][ T8001] usb 4-1: string descriptor 0 read error: -71 [ 687.671886][T21681] usb 1-1: Product: syz [ 687.676095][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 687.683531][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 687.687798][ T8001] uclogic 0003:256C:006D.00B1: failed retrieving string descriptor #200: -71 [ 687.691279][T21681] usb 1-1: config 0 descriptor?? [ 687.699383][ T8001] uclogic 0003:256C:006D.00B1: failed retrieving pen parameters: -71 [ 687.712236][ T8001] uclogic 0003:256C:006D.00B1: failed probing pen v2 parameters: -71 [ 687.714275][T21722] device veth1_macvtap entered promiscuous mode [ 687.720206][ T8001] uclogic 0003:256C:006D.00B1: failed probing parameters: -71 [ 687.727112][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 687.733636][ T8001] uclogic: probe of 0003:256C:006D.00B1 failed with error -71 [ 687.734900][ T8001] usb 4-1: USB disconnect, device number 80 [ 687.764958][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 687.785414][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 687.818991][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 687.826094][T21732] loop2: detected capacity change from 0 to 256 [ 687.827315][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 687.841295][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 687.849457][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 688.077290][T12208] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 688.257748][T21681] konepure 0003:1E7D:2DB4.00B2: unknown main item tag 0x0 [ 688.264723][T21681] konepure 0003:1E7D:2DB4.00B2: collection stack underflow [ 688.286793][T21681] konepure 0003:1E7D:2DB4.00B2: item 0 2 0 12 parsing failed [ 688.294162][T21681] konepure 0003:1E7D:2DB4.00B2: parse failed [ 688.306726][T21681] konepure: probe of 0003:1E7D:2DB4.00B2 failed with error -22 [ 688.356684][T12208] usb 5-1: Using ep0 maxpacket: 16 [ 688.469528][ T8001] usb 1-1: USB disconnect, device number 105 [ 688.476544][T12208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.493439][T12208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.513505][T12208] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 688.531674][T12208] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.549409][T12208] usb 5-1: config 0 descriptor?? [ 688.668968][T21738] loop1: detected capacity change from 0 to 131072 [ 688.731640][T21738] F2FS-fs (loop1): Found nat_bits in checkpoint [ 688.758199][T21740] loop3: detected capacity change from 0 to 131072 [ 688.779905][T21738] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 688.795735][T21740] F2FS-fs (loop3): Found nat_bits in checkpoint [ 688.855829][T21740] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 689.078144][T12208] cp2112 0003:10C4:EA90.00B3: unknown main item tag 0x0 [ 689.084943][T12208] cp2112 0003:10C4:EA90.00B3: unknown main item tag 0x0 [ 689.102103][T12208] cp2112 0003:10C4:EA90.00B3: unknown main item tag 0x0 [ 689.115723][T12208] cp2112 0003:10C4:EA90.00B3: unknown main item tag 0x0 [ 689.132671][T12208] cp2112 0003:10C4:EA90.00B3: unknown main item tag 0x0 [ 689.145289][T12208] cp2112 0003:10C4:EA90.00B3: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 689.220667][T21759] loop0: detected capacity change from 0 to 512 [ 689.316631][T21759] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 689.335363][T12208] cp2112 0003:10C4:EA90.00B3: Part Number: 0x00 Device Version: 0x00 [ 689.382918][T21759] EXT4-fs (loop0): 1 truncate cleaned up [ 689.388650][T21759] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 689.717674][T21746] loop2: detected capacity change from 0 to 131072 [ 689.724964][T21746] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name [ 689.733121][T21746] F2FS-fs (loop2): invalid crc value [ 689.739717][T21746] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 689.802892][T21746] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 691.488233][T20349] EXT4-fs (loop0): unmounting filesystem. [ 691.531989][T12208] cp2112 0003:10C4:EA90.00B3: error setting SMBus config [ 691.613287][T21790] loop4: detected capacity change from 0 to 1024 [ 691.619995][T12208] cp2112: probe of 0003:10C4:EA90.00B3 failed with error -71 [ 691.628024][T12208] usb 5-1: USB disconnect, device number 90 [ 691.634441][T21790] EXT4-fs: Ignoring removed oldalloc option [ 691.652615][T21790] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 691.733352][T21799] loop2: detected capacity change from 0 to 256 [ 693.061490][T21681] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 693.223915][T21790] EXT4-fs error (device loop4): __ext4_remount:6412: comm syz-executor.4: Abort forced by user [ 693.270255][T21673] EXT4-fs (loop4): unmounting filesystem. [ 693.369222][ T4375] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 693.439112][T21681] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 693.464157][T21681] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 693.482851][T21814] loop4: detected capacity change from 0 to 40427 [ 693.489849][T21814] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 693.493990][T21681] usb 2-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 693.497394][T21814] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 693.515450][T21681] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.536014][T21814] F2FS-fs (loop4): invalid crc value [ 693.536455][T21681] usb 2-1: config 0 descriptor?? [ 693.561893][T21814] F2FS-fs (loop4): Found nat_bits in checkpoint [ 693.618922][ T4375] usb 3-1: Using ep0 maxpacket: 16 [ 693.649062][T21814] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 693.655929][T21814] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 693.684310][T21818] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.691272][T21818] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.698478][T21818] device bridge_slave_0 entered promiscuous mode [ 693.705546][T21818] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.712443][T21818] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.719902][T21818] device bridge_slave_1 entered promiscuous mode [ 693.758732][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 135, changing to 11 [ 693.776132][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 8634, setting to 1024 [ 693.787733][ T4375] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 693.796722][ T4375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.815073][ T4375] usb 3-1: config 0 descriptor?? [ 693.827857][T21818] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.834758][T21818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.841424][T21812] loop0: detected capacity change from 0 to 131072 [ 693.841841][T21818] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.849035][T21812] F2FS-fs (loop0): QUOTA feature is enabled, so ignore qf_name [ 693.854963][T21818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.863829][T21812] F2FS-fs (loop0): invalid crc value [ 693.875844][T21812] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 693.887233][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 693.894993][T12208] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.903016][T12208] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.904295][T21812] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 693.930929][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 693.939341][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.946209][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.953477][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 693.961644][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.968509][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 693.976227][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 693.988383][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 694.006678][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 694.019272][T21681] logitech 0003:046D:C295.00B4: unknown main item tag 0x0 [ 694.029162][T21818] device veth0_vlan entered promiscuous mode [ 694.037006][T21681] logitech 0003:046D:C295.00B4: hidraw0: USB HID v0.00 Device [HID 046d:c295] on usb-dummy_hcd.1-1/input0 [ 694.037147][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 694.055657][T21681] logitech 0003:046D:C295.00B4: no inputs found [ 694.056889][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 694.069170][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 694.077273][ T345] device bridge_slave_1 left promiscuous mode [ 694.084880][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.092323][ T345] device bridge_slave_0 left promiscuous mode [ 694.098414][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.106424][ T345] device veth1_macvtap left promiscuous mode [ 694.112348][ T345] device veth0_vlan left promiscuous mode [ 694.135539][T21673] syz-executor.4: attempt to access beyond end of device [ 694.135539][T21673] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 694.236462][T21681] usb 2-1: USB disconnect, device number 90 [ 694.266965][T21818] device veth1_macvtap entered promiscuous mode [ 694.273801][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 694.285623][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 694.374319][T21806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.382773][T21806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.407997][ T4375] hid (null): unknown global tag 0xd [ 694.413366][ T4375] hid (null): report_id 4222 is invalid [ 694.420254][ T4375] hid (null): unknown global tag 0xe4 [ 694.425965][ T4375] hid (null): unknown global tag 0x52 [ 694.431397][ T4375] hid (null): unknown global tag 0xe [ 694.437450][ T4375] hid-generic 0003:0158:0100.00B5: unknown global tag 0xd [ 694.444573][ T4375] hid-generic 0003:0158:0100.00B5: item 0 4 1 13 parsing failed [ 694.452359][ T4375] hid-generic: probe of 0003:0158:0100.00B5 failed with error -22 [ 694.627711][ T4375] usb 3-1: USB disconnect, device number 63 [ 694.784835][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 695.394306][T21850] loop2: detected capacity change from 0 to 40427 [ 695.402122][T21850] F2FS-fs (loop2): invalid crc value [ 695.408569][T21850] F2FS-fs (loop2): Found nat_bits in checkpoint [ 695.447461][T21850] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 696.157513][T21148] syz-executor.2: attempt to access beyond end of device [ 696.157513][T21148] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 696.694363][ T24] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 696.704371][T21681] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 696.964283][T21681] usb 3-1: Using ep0 maxpacket: 16 [ 697.290742][T21890] input: syz1 as /devices/virtual/input/input127 [ 697.343541][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 697.343660][T21681] usb 3-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 697.357458][T21681] usb 3-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 697.365469][T21681] usb 3-1: Product: syz [ 697.369430][T21681] usb 3-1: Manufacturer: syz [ 697.373898][T21681] usb 3-1: SerialNumber: syz [ 697.378710][T21681] usb 3-1: config 0 descriptor?? [ 697.423883][T21681] usb 3-1: selecting invalid altsetting 1 [ 697.430401][T21681] snd-usb-audio: probe of 3-1:0.0 failed with error -22 [ 697.463375][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 135, changing to 11 [ 697.474413][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 8634, setting to 1024 [ 697.485568][ T24] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 697.494348][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.502617][ T24] usb 5-1: config 0 descriptor?? [ 697.583146][ T346] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 697.632630][T21681] usb 3-1: USB disconnect, device number 64 [ 697.832785][ T346] usb 2-1: Using ep0 maxpacket: 16 [ 697.912656][T12208] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 697.952644][ T346] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 697.963412][ T346] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 697.972908][ T346] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 697.981777][ T346] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.990159][ T346] usb 2-1: config 0 descriptor?? [ 698.028418][T21900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 698.036777][T21900] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 698.062620][ T24] hid (null): unknown global tag 0xd [ 698.067778][ T24] hid (null): report_id 4222 is invalid [ 698.073683][ T24] hid (null): unknown global tag 0xe4 [ 698.079145][ T24] hid (null): unknown global tag 0x52 [ 698.084335][ T24] hid (null): unknown global tag 0xe [ 698.090001][ T24] hid-generic 0003:0158:0100.00B6: unknown global tag 0xd [ 698.096925][ T24] hid-generic 0003:0158:0100.00B6: item 0 4 1 13 parsing failed [ 698.104540][ T24] hid-generic: probe of 0003:0158:0100.00B6 failed with error -22 [ 698.148920][T21902] syz-executor.2[21902] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.148967][T21902] syz-executor.2[21902] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 698.152383][T12208] usb 4-1: Using ep0 maxpacket: 32 [ 698.287248][ T24] usb 5-1: USB disconnect, device number 91 [ 698.293117][T12208] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 698.301264][T12208] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 698.311269][T12208] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 698.320130][T12208] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 698.324453][T21906] loop2: detected capacity change from 0 to 40427 [ 698.329565][T12208] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 698.337199][T21906] F2FS-fs (loop2): invalid crc value [ 698.345319][T12208] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 698.351532][T21906] F2FS-fs (loop2): Found nat_bits in checkpoint [ 698.360019][T12208] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 698.375625][T12208] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 698.388432][T12208] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 698.396486][T21906] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 698.397248][T12208] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.414345][T12208] usb 4-1: config 0 descriptor?? [ 698.482502][ T346] cp2112 0003:10C4:EA90.00B7: unknown main item tag 0x0 [ 698.489289][ T346] cp2112 0003:10C4:EA90.00B7: unknown main item tag 0x0 [ 698.496057][ T346] cp2112 0003:10C4:EA90.00B7: unknown main item tag 0x0 [ 698.502832][ T346] cp2112 0003:10C4:EA90.00B7: unknown main item tag 0x0 [ 698.509843][ T346] cp2112 0003:10C4:EA90.00B7: unknown main item tag 0x0 [ 698.722048][ T346] cp2112 0003:10C4:EA90.00B7: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 698.741975][T12208] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 81 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 698.753482][T12208] usb 4-1: USB disconnect, device number 81 [ 698.759710][T12208] usblp0: removed [ 698.841457][ T346] cp2112 0003:10C4:EA90.00B7: Part Number: 0x00 Device Version: 0x00 [ 699.090274][T21148] syz-executor.2: attempt to access beyond end of device [ 699.090274][T21148] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 699.280838][ T346] cp2112 0003:10C4:EA90.00B7: error setting SMBus config [ 699.288197][ T346] cp2112: probe of 0003:10C4:EA90.00B7 failed with error -71 [ 699.296516][ T346] usb 2-1: USB disconnect, device number 91 [ 699.583405][T21935] loop2: detected capacity change from 0 to 131072 [ 699.592643][T21935] F2FS-fs (loop2): Found nat_bits in checkpoint [ 699.631412][T21935] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 699.870806][T21948] syz-executor.4[21948] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 699.870874][T21948] syz-executor.4[21948] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 699.891191][T21948] syz-executor.4[21948] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 699.919985][T21948] syz-executor.4[21948] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 699.965837][T21950] Invalid ELF header magic: != ELF [ 699.990766][T21937] loop3: detected capacity change from 0 to 131072 [ 700.019671][T21957] loop4: detected capacity change from 0 to 256 [ 700.026645][T21937] F2FS-fs (loop3): Found nat_bits in checkpoint [ 700.049708][ T24] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 700.073190][T21959] tipc: Failed to remove unknown binding: 66,1,1/0:1108275547/1108275549 [ 700.090129][T21959] tipc: Failed to remove unknown binding: 66,1,1/0:1108275547/1108275549 [ 700.104126][T21959] tipc: Failed to remove unknown binding: 66,1,1/0:1108275547/1108275549 [ 700.119805][T21937] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 700.299404][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 700.358364][ T28] audit: type=1400 audit(1718044484.583:68349): avc: denied { setopt } for pid=21971 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 700.392597][T21976] syz-executor.2[21976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 700.392670][T21976] syz-executor.2[21976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 700.405307][T21976] syz-executor.2[21976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 700.417113][T21976] syz-executor.2[21976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 700.428692][T12208] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 700.429298][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 700.478962][T21978] Invalid ELF header magic: != ELF [ 700.488624][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.498367][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 700.511057][ T24] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 700.521360][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.530468][T21983] loop2: detected capacity change from 0 to 256 [ 700.547126][ T24] usb 2-1: config 0 descriptor?? [ 700.618202][T21988] tipc: Failed to remove unknown binding: 66,1,1/0:4093460678/4093460680 [ 700.627289][T21988] tipc: Failed to remove unknown binding: 66,1,1/0:4093460678/4093460680 [ 700.635587][T21988] tipc: Failed to remove unknown binding: 66,1,1/0:4093460678/4093460680 [ 700.667911][T21992] loop2: detected capacity change from 0 to 256 [ 700.778761][T12208] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 700.796144][T12208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 700.816969][T12208] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.837095][T12208] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 700.938554][T12208] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 700.952406][T12208] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 700.968320][T12208] usb 5-1: Manufacturer: syz [ 700.978165][T12208] usb 5-1: config 0 descriptor?? [ 701.029533][ T24] microsoft 0003:045E:07DA.00B8: unknown main item tag 0xd [ 701.046396][ T24] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.00B8/input/input128 [ 701.139145][ T24] microsoft 0003:045E:07DA.00B8: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 701.236994][T20111] usb 2-1: USB disconnect, device number 92 [ 701.458440][T12208] appleir 0003:05AC:8243.00B9: item fetching failed at offset 0/1 [ 701.466199][T12208] appleir 0003:05AC:8243.00B9: parse failed [ 701.471968][T12208] appleir: probe of 0003:05AC:8243.00B9 failed with error -22 [ 701.547696][ T24] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 701.622353][T22010] loop2: detected capacity change from 0 to 256 [ 701.671057][ T330] usb 5-1: USB disconnect, device number 92 [ 701.816175][T22014] input: syz1 as /devices/virtual/input/input129 [ 701.946570][T22016] loop1: detected capacity change from 0 to 2048 [ 701.949807][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.963533][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.973158][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 701.983552][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.021429][ T24] usb 4-1: config 0 descriptor?? [ 703.823128][T22023] overlayfs: missing 'lowerdir' [ 703.835351][ T24] lg-g15 0003:046D:C222.00BA: unknown main item tag 0x0 [ 703.842199][ T24] lg-g15 0003:046D:C222.00BA: unknown main item tag 0x0 [ 703.854100][ T24] lg-g15 0003:046D:C222.00BA: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0 [ 703.887240][T22041] loop2: detected capacity change from 0 to 512 [ 703.893893][T22041] ext4: Unknown parameter 'dont_measure' [ 703.974871][ T28] audit: type=1326 audit(1718044488.178:68350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22040 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f223867cf69 code=0x0 [ 704.046556][ T24] usb 4-1: USB disconnect, device number 82 [ 704.051314][T22050] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. [ 704.061813][T22050] device 30ªX¹¦D entered promiscuous mode [ 704.068107][T22050] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 704.090242][T22052] IPv6: sit1: Disabled Multicast RS [ 704.110114][T22050] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. [ 704.137320][T22050] 1ªX¹¦D: renamed from 30ªX¹¦D [ 704.149091][T22050] device 31ªX¹¦D left promiscuous mode [ 704.160808][T22050] A link change request failed with some changes committed already. Interface 31ªX¹¦D may have been left with an inconsistent configuration, please check. [ 704.358647][T22055] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 706.040379][T22079] overlayfs: missing 'lowerdir' [ 706.237922][T22086] IPv6: sit1: Disabled Multicast RS [ 706.511488][T22093] loop2: detected capacity change from 0 to 16 [ 706.518290][T22093] erofs: (device loop2): mounted with root inode @ nid 36. [ 707.894728][T22102] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 708.076363][T22116] loop3: detected capacity change from 0 to 128 [ 708.175460][T22120] syz-executor.2[22120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 708.175758][T22120] syz-executor.2[22120] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 708.369253][ T24] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 708.423243][T22126] loop4: detected capacity change from 0 to 16 [ 708.430585][T22126] erofs: (device loop4): mounted with root inode @ nid 36. [ 708.471405][T22128] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 708.638486][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 709.059517][T22137] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'. [ 710.142136][T22132] overlayfs: missing 'lowerdir' [ 710.234169][T22145] syz-executor.2[22145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 710.234216][T22145] syz-executor.2[22145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 710.246567][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 710.266855][T22145] syz-executor.2[22145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 710.268038][T22145] syz-executor.2[22145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 710.458985][ T24] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 710.479664][ T24] usb 4-1: config 1 has no interface number 1 [ 710.485708][ T24] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 710.594772][T22153] loop2: detected capacity change from 0 to 2048 [ 710.605005][T22155] loop4: detected capacity change from 0 to 128 [ 710.617640][T22153] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 710.678335][T22162] loop4: detected capacity change from 0 to 16 [ 710.684835][T22162] erofs: (device loop4): mounted with root inode @ nid 36. [ 710.696021][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 710.715070][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 710.726246][ T24] usb 4-1: Product: syz [ 710.744252][ T24] usb 4-1: Manufacturer: syz [ 710.764760][ T24] usb 4-1: SerialNumber: syz [ 711.051872][T22168] loop1: detected capacity change from 0 to 256 [ 711.060840][T22168] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 711.078348][T22164] loop4: detected capacity change from 0 to 40427 [ 711.085628][T22164] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 711.093089][T22164] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 711.106430][T22164] F2FS-fs (loop4): invalid crc value [ 711.123939][T22164] F2FS-fs (loop4): Found nat_bits in checkpoint [ 711.152646][T22164] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 711.159559][T22164] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 711.185431][ T24] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 711.193443][T22164] F2FS-fs (loop4): Unrecognized mount option "€" or missing value [ 711.201192][ T24] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 711.266673][ T24] usb 4-1: USB disconnect, device number 83 [ 711.296181][T22182] loop1: detected capacity change from 0 to 1024 [ 711.303224][T22182] EXT4-fs (loop1): invalid inodes per group: 0 [ 711.303224][T22182] [ 711.451378][T21148] EXT4-fs (loop2): unmounting filesystem. [ 711.485010][ T330] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 711.576149][T22192] loop2: detected capacity change from 0 to 512 [ 711.582539][T22192] ext4: Unknown parameter 'dont_measure' [ 711.615914][ T28] audit: type=1326 audit(1718044495.858:68351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22191 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f223867cf69 code=0x0 [ 711.654758][ T8001] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 711.718145][T22193] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. [ 711.727578][T22193] device 31ªX¹¦D entered promiscuous mode [ 711.734064][T22193] A link change request failed with some changes committed already. Interface 31ªX¹¦D may have been left with an inconsistent configuration, please check. [ 711.751043][T22193] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. [ 711.760111][T22193] 0ªX¹¦D: renamed from 31ªX¹¦D [ 711.765373][T22193] device 30ªX¹¦D left promiscuous mode [ 711.771452][T22193] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 711.844573][ T330] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 711.854701][ T330] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 711.863611][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.872254][ T330] usb 5-1: config 0 descriptor?? [ 711.904441][ T8001] usb 2-1: Using ep0 maxpacket: 32 [ 711.914799][ T330] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 711.921864][ T330] usb 5-1: No valid video chain found. [ 712.024359][ T8001] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 712.034830][ T8001] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 712.047732][ T8001] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 712.420041][T22200] loop2: detected capacity change from 0 to 512 [ 712.428506][T22200] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 712.441580][T22200] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: casefold flag without casefold feature [ 712.455352][T22200] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: ea_inode with extended attributes [ 712.468321][T22200] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 712.480995][T22200] EXT4-fs (loop2): 1 orphan inode deleted [ 712.486569][T22200] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 712.503222][T21148] EXT4-fs (loop2): unmounting filesystem. [ 712.516891][T22203] loop2: detected capacity change from 0 to 256 [ 712.525749][T22203] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 712.672683][T22209] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 712.681795][T22209] FAT-fs (loop5): unable to read boot sector [ 712.860345][T22213] syz-executor.2[22213] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 712.861319][T22213] syz-executor.2[22213] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 713.992251][ T4375] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 714.241640][ T4375] usb 3-1: Using ep0 maxpacket: 16 [ 714.361524][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 714.372295][ T4375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 714.381771][ T4375] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 714.401440][ T4375] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 714.421336][ T4375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.437497][ T4375] usb 3-1: config 0 descriptor?? [ 714.469801][T22219] loop1: detected capacity change from 0 to 8192 [ 714.477282][T22219] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 714.684658][T22225] loop1: detected capacity change from 0 to 512 [ 714.691299][ T28] audit: type=1400 audit(1718044498.932:68352): avc: denied { mounton } for pid=22224 comm="syz-executor.1" path="/root/syzkaller-testdir4183937986/syzkaller.kuxoDj/36/bus/file0" dev="overlay" ino=1977 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 714.732721][T22225] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 714.741880][T22225] ext4 filesystem being mounted at /root/syzkaller-testdir4183937986/syzkaller.kuxoDj/36/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 714.756852][T22225] EXT4-fs (loop1): unmounting filesystem. [ 714.807819][ T8001] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.820169][ T8001] usb 2-1: config 0 descriptor?? [ 714.828915][ T24] usb 5-1: USB disconnect, device number 93 [ 714.841032][ T8001] usb 2-1: can't set config #0, error -71 [ 714.846928][ T8001] usb 2-1: USB disconnect, device number 93 [ 714.914997][T22234] bridge0: port 3(syz_tun) entered blocking state [ 714.921662][T22234] bridge0: port 3(syz_tun) entered disabled state [ 714.928415][T22234] device syz_tun entered promiscuous mode [ 714.934261][T22234] bridge0: port 3(syz_tun) entered blocking state [ 714.940512][T22234] bridge0: port 3(syz_tun) entered forwarding state [ 714.951869][ T4375] microsoft 0003:045E:07DA.00BB: unknown main item tag 0xd [ 714.964527][ T4375] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.00BB/input/input130 [ 714.972069][T22240] loop1: detected capacity change from 0 to 256 [ 715.041526][ T4375] microsoft 0003:045E:07DA.00BB: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 715.165622][ T8001] usb 3-1: USB disconnect, device number 65 [ 715.194680][T22254] loop3: detected capacity change from 0 to 256 [ 715.203574][T22254] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 715.249651][T22252] loop1: detected capacity change from 0 to 40427 [ 715.256779][T22252] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 715.264396][T22252] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 715.273064][T22252] F2FS-fs (loop1): invalid crc value [ 715.279389][T22252] F2FS-fs (loop1): Found nat_bits in checkpoint [ 715.316513][T22252] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 715.323458][T22252] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 715.334895][T22252] F2FS-fs (loop1): Unrecognized mount option "€" or missing value [ 715.399661][T22266] loop1: detected capacity change from 0 to 512 [ 715.408042][T22266] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 715.421119][T22266] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: casefold flag without casefold feature [ 715.435228][T22266] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: ea_inode with extended attributes [ 715.448219][T22266] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117 [ 715.461109][T22266] EXT4-fs (loop1): 1 orphan inode deleted [ 715.466660][T22266] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 715.486150][T21722] EXT4-fs (loop1): unmounting filesystem. [ 715.749978][T22268] syz-executor.3[22268] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 715.750029][T22268] syz-executor.3[22268] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 715.914950][T22276] loop2: detected capacity change from 0 to 40427 [ 716.186516][T22276] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 716.194056][T22276] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 716.203929][T22276] F2FS-fs (loop2): invalid crc value [ 716.210530][T22276] F2FS-fs (loop2): Found nat_bits in checkpoint [ 716.246663][T22276] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 716.253649][T22276] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 716.278897][T21148] syz-executor.2: attempt to access beyond end of device [ 716.278897][T21148] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 716.505271][T22312] loop3: detected capacity change from 0 to 256 [ 716.528939][ T24] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 716.613212][ T28] audit: type=1400 audit(1718044500.864:68353): avc: denied { map } for pid=22309 comm="syz-executor.2" path="pipe:[119057]" dev="pipefs" ino=119057 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 716.710990][T22324] loop1: detected capacity change from 0 to 128 [ 716.721407][T22324] incfs: ino conflict with backing FS 1 [ 716.815215][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 717.346883][T22345] loop1: detected capacity change from 0 to 256 [ 717.358203][ T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 717.369929][ T24] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 717.379686][ T24] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 717.392891][T22349] loop2: detected capacity change from 0 to 128 [ 717.400348][T22351] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 717.403716][T22349] incfs: ino conflict with backing FS 1 [ 717.409520][T22351] FAT-fs (loop3): unable to read boot sector [ 717.438969][T22356] syz-executor.1[22356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 717.439040][T22356] syz-executor.1[22356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 717.494730][ T24] usb 5-1: New USB device found, idVendor=0001, idProduct=8000, bcdDevice= 0.00 [ 717.515625][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 717.523489][ T24] usb 5-1: SerialNumber: syz [ 717.547792][T22293] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 717.569036][ T24] hub 5-1:1.0: bad descriptor, ignoring hub [ 717.575109][ T24] hub: probe of 5-1:1.0 failed with error -5 [ 717.821484][T22293] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 717.839782][T22363] loop2: detected capacity change from 0 to 512 [ 717.848823][T22363] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 717.857748][T22363] ext4 filesystem being mounted at /root/syzkaller-testdir1377910912/syzkaller.FwQwYm/106/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 717.872473][T22363] EXT4-fs (loop2): unmounting filesystem. [ 717.891444][T22378] loop3: detected capacity change from 0 to 256 [ 717.915499][T22382] loop3: detected capacity change from 0 to 128 [ 717.925259][T22382] incfs: ino conflict with backing FS 1 [ 718.359489][T21722] ------------[ cut here ]------------ [ 718.364800][T21722] WARNING: CPU: 0 PID: 21722 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0 [ 718.374093][T21722] Modules linked in: [ 718.377926][T21722] CPU: 0 PID: 21722 Comm: syz-executor.1 Tainted: G W 6.1.78-syzkaller-00164-gac9706483e98 #0 [ 718.389397][T21722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 718.399359][T21722] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 718.404813][T21722] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 45 56 ff <0f> 0b e9 06 ff ff ff e8 8f 45 56 ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 718.424281][T21722] RSP: 0018:ffffc90000757ae0 EFLAGS: 00010293 [ 718.430167][T21722] RAX: ffffffff821f2e65 RBX: 0000000000000000 RCX: ffff888123ee3cc0 [ 718.437997][T21722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 718.445779][T21722] RBP: ffffc90000757b10 R08: ffffffff821f2d64 R09: ffffed10242d83c1 [ 718.453604][T21722] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813600aee0 [ 718.461414][T21722] R13: ffff88813600af10 R14: 1ffff11026c015e2 R15: ffff8881216c1d60 [ 718.469224][T21722] FS: 00005555558b7480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 718.477992][T21722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 718.484401][T21722] CR2: 00005555558c0818 CR3: 000000011245b000 CR4: 00000000003506b0 [ 718.492233][T21722] Call Trace: [ 718.495339][T21722] [ 718.498129][T21722] ? show_regs+0x58/0x60 [ 718.502195][T21722] ? __warn+0x160/0x3d0 [ 718.506206][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.511070][T21722] ? report_bug+0x4d5/0x7d0 [ 718.515389][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.520260][T21722] ? handle_bug+0x41/0x70 [ 718.524412][T21722] ? exc_invalid_op+0x1b/0x50 [ 718.528942][T21722] ? asm_exc_invalid_op+0x1b/0x20 [ 718.533787][T21722] ? ovl_dir_modified+0xa4/0x1e0 [ 718.538602][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.543425][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.548295][T21722] ovl_do_remove+0x7fc/0xbf0 [ 718.552717][T21722] ? ovl_set_redirect+0x670/0x670 [ 718.557584][T21722] ? selinux_inode_rmdir+0x22/0x30 [ 718.562693][T21722] ovl_rmdir+0x1a/0x20 [ 718.566614][T21722] vfs_rmdir+0x398/0x500 [ 718.570678][T21722] incfs_kill_sb+0x113/0x230 [ 718.575102][T21722] deactivate_locked_super+0xad/0x110 [ 718.580325][T21722] deactivate_super+0xbe/0xf0 [ 718.584821][T21722] cleanup_mnt+0x485/0x510 [ 718.589086][T21722] ? user_path_at_empty+0x14e/0x1a0 [ 718.594111][T21722] __cleanup_mnt+0x19/0x20 [ 718.598474][T21722] task_work_run+0x24d/0x2e0 [ 718.602896][T21722] ? task_work_cancel+0x2b0/0x2b0 [ 718.607772][T21722] ? __x64_sys_umount+0x122/0x170 [ 718.612622][T21722] exit_to_user_mode_loop+0x94/0xa0 [ 718.617670][T21722] exit_to_user_mode_prepare+0x5a/0xa0 [ 718.622944][T21722] syscall_exit_to_user_mode+0x26/0x140 [ 718.628340][T21722] do_syscall_64+0x49/0xb0 [ 718.632580][T21722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 718.638340][T21722] RIP: 0033:0x7fb96567e297 [ 718.642562][T21722] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 718.662042][T21722] RSP: 002b:00007fffd2184e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 718.670269][T21722] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb96567e297 [ 718.678073][T21722] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd2184ed0 [ 718.685869][T21722] RBP: 00007fffd2184ed0 R08: 0000000000000000 R09: 0000000000000000 [ 718.693698][T21722] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffd2185f80 [ 718.701593][T21722] R13: 00007fb9656d9636 R14: 00000000000af4f8 R15: 0000000000000016 [ 718.710039][T21722] [ 718.712871][T21722] ---[ end trace 0000000000000000 ]--- [ 718.719077][T21722] ------------[ cut here ]------------ [ 718.724371][T21722] WARNING: CPU: 0 PID: 21722 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0 [ 718.733756][T21722] Modules linked in: [ 718.737681][T21722] CPU: 0 PID: 21722 Comm: syz-executor.1 Tainted: G W 6.1.78-syzkaller-00164-gac9706483e98 #0 [ 718.749209][T21722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 718.759191][T21722] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 718.764576][T21722] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 45 56 ff <0f> 0b e9 06 ff ff ff e8 8f 45 56 ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 718.784109][T21722] RSP: 0018:ffffc90000757ae0 EFLAGS: 00010293 [ 718.790002][T21722] RAX: ffffffff821f2e65 RBX: 0000000000000000 RCX: ffff888123ee3cc0 [ 718.797746][T21722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 718.805544][T21722] RBP: ffffc90000757b10 R08: ffffffff821f2d64 R09: ffffed10242d83c1 [ 718.813374][T21722] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813600aee0 [ 718.821180][T21722] R13: ffff88813600af10 R14: 1ffff11026c015e2 R15: ffff8881216c1d60 [ 718.828993][T21722] FS: 00005555558b7480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 718.837769][T21722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 718.844161][T21722] CR2: 00005555558c0818 CR3: 000000011245b000 CR4: 00000000003506b0 [ 718.852001][T21722] Call Trace: [ 718.855096][T21722] [ 718.857894][T21722] ? show_regs+0x58/0x60 [ 718.861955][T21722] ? __warn+0x160/0x3d0 [ 718.865954][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.870864][T21722] ? report_bug+0x4d5/0x7d0 [ 718.875149][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.880034][T21722] ? handle_bug+0x41/0x70 [ 718.884258][T21722] ? exc_invalid_op+0x1b/0x50 [ 718.888795][T21722] ? asm_exc_invalid_op+0x1b/0x20 [ 718.893751][T21722] ? ovl_dir_modified+0xa4/0x1e0 [ 718.898549][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.903376][T21722] ? ovl_dir_modified+0x1a5/0x1e0 [ 718.908254][T21722] ovl_do_remove+0x7fc/0xbf0 [ 718.912661][T21722] ? ovl_set_redirect+0x670/0x670 [ 718.917537][T21722] ? selinux_inode_rmdir+0x22/0x30 [ 718.922505][T21722] ovl_rmdir+0x1a/0x20 [ 718.926388][T21722] vfs_rmdir+0x398/0x500 [ 718.930457][T21722] incfs_kill_sb+0x1b4/0x230 [ 718.934877][T21722] deactivate_locked_super+0xad/0x110 [ 718.940142][T21722] deactivate_super+0xbe/0xf0 [ 718.944597][T21722] cleanup_mnt+0x485/0x510 [ 718.948868][T21722] ? user_path_at_empty+0x14e/0x1a0 [ 718.953885][T21722] __cleanup_mnt+0x19/0x20 [ 718.956650][T22405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 718.958153][T21722] task_work_run+0x24d/0x2e0 [ 718.970726][T21722] ? task_work_cancel+0x2b0/0x2b0 [ 718.970844][T22405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 718.975579][T21722] ? __x64_sys_umount+0x122/0x170 [ 718.987407][T22410] loop2: detected capacity change from 0 to 128 [ 718.988015][T21722] exit_to_user_mode_loop+0x94/0xa0 [ 718.999131][T21722] exit_to_user_mode_prepare+0x5a/0xa0 [ 719.004396][T21722] syscall_exit_to_user_mode+0x26/0x140 [ 719.009804][T21722] do_syscall_64+0x49/0xb0 [ 719.010911][T22410] incfs: ino conflict with backing FS 1 [ 719.014178][T21722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 719.025236][T21722] RIP: 0033:0x7fb96567e297 [ 719.029512][T21722] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 719.048958][T21722] RSP: 002b:00007fffd2184e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 719.057186][T21722] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb96567e297 [ 719.064977][T21722] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd2184ed0 [ 719.072816][T21722] RBP: 00007fffd2184ed0 R08: 0000000000000000 R09: 0000000000000000 [ 719.080622][T21722] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffd2185f80 [ 719.088433][T21722] R13: 00007fb9656d9636 R14: 00000000000af4f8 R15: 0000000000000016 [ 719.096247][T21722] [ 719.099091][T21722] ---[ end trace 0000000000000000 ]--- [ 719.183884][T22415] loop2: detected capacity change from 0 to 512 [ 719.197361][T22415] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 719.206236][T22415] ext4 filesystem being mounted at /root/syzkaller-testdir1377910912/syzkaller.FwQwYm/115/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 719.221394][T22415] EXT4-fs (loop2): unmounting filesystem. [ 719.331676][T22425] 9pnet_fd: Insufficient options for proto=fd [ 719.340210][T22425] overlayfs: failed to resolve './file1': -2 [ 719.407134][T22434] syz-executor.3[22434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 719.407204][T22434] syz-executor.3[22434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 719.427486][T22436] loop2: detected capacity change from 0 to 512 [ 719.466392][T22427] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.480555][T22427] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.495097][T22427] device bridge_slave_0 entered promiscuous mode [ 719.512481][T22427] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.523242][T22436] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 719.537007][T22427] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.546722][T22436] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 425: padding at end of block bitmap is not set [ 719.565886][T22427] device bridge_slave_1 entered promiscuous mode [ 719.606174][T21148] EXT4-fs error (device loop2): ext4_lookup:1855: inode #11: comm syz-executor.2: iget: bad extended attribute block 11042816 [ 719.647683][T21148] EXT4-fs error (device loop2): ext4_lookup:1855: inode #11: comm syz-executor.2: iget: bad extended attribute block 11042816 [ 719.742586][T22427] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.749493][T22427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.756569][T22427] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.763346][T22427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 719.797004][T21148] EXT4-fs (loop2): unmounting filesystem. [ 719.836035][ T345] device bridge_slave_1 left promiscuous mode [ 719.842101][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.875213][ T345] device bridge_slave_0 left promiscuous mode [ 719.881170][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.903668][ T345] device veth1_macvtap left promiscuous mode [ 719.912586][ T345] device veth0_vlan left promiscuous mode [ 720.063480][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 720.072093][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 720.080374][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 720.111208][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 720.119065][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 720.148306][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 720.157662][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 720.170099][T22427] device veth0_vlan entered promiscuous mode [ 720.182106][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 720.190272][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 720.194439][T22450] loop1: detected capacity change from 0 to 8192 [ 720.205195][T22450] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 720.205639][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 720.222799][ T8001] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 720.246353][T22427] device veth1_macvtap entered promiscuous mode [ 720.259848][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 720.267915][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 720.276058][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 720.287441][T22442] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.294318][T22442] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.310432][T22442] device bridge_slave_0 entered promiscuous mode [ 720.318207][T22456] loop3: detected capacity change from 0 to 512 [ 720.338017][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 720.346575][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 720.355347][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 720.363615][T22456] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 720.372532][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 720.380541][T22456] ext4 filesystem being mounted at /root/syzkaller-testdir2126857711/syzkaller.NRGCi4/49/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 720.395743][T22442] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.402905][T22442] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.410091][T22442] device bridge_slave_1 entered promiscuous mode [ 720.416589][T22456] EXT4-fs (loop3): unmounting filesystem. [ 720.503425][T22442] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.510307][T22442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 720.517445][T22442] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.520397][T22466] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 720.524331][T22442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 720.560737][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 720.568076][ T28] audit: type=1326 audit(1718044504.818:68354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22468 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f67e6c7cf69 code=0x0 [ 720.593064][T20111] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.600933][T20111] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.608001][T22471] loop1: detected capacity change from 0 to 512 [ 720.619763][T22471] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 720.642253][T22471] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 425: padding at end of block bitmap is not set [ 720.675797][T21722] EXT4-fs error (device loop1): ext4_lookup:1855: inode #11: comm syz-executor.1: iget: bad extended attribute block 11042816 [ 720.689821][T21722] EXT4-fs error (device loop1): ext4_lookup:1855: inode #11: comm syz-executor.1: iget: bad extended attribute block 11042816 [ 720.809857][T21722] bridge0: port 3(syz_tun) entered disabled state [ 720.816943][T21722] device syz_tun left promiscuous mode [ 720.822253][T21722] bridge0: port 3(syz_tun) entered disabled state [ 720.835596][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 720.844672][T12208] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.851514][T12208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 720.859918][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 720.868073][T21681] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.868675][T21722] EXT4-fs (loop1): unmounting filesystem. [ 720.874932][T21681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 720.889389][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 720.897174][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 720.912134][T12208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 720.927626][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 720.936107][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 720.943607][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 720.959982][T22442] device veth0_vlan entered promiscuous mode [ 720.980471][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 720.992999][T22442] device veth1_macvtap entered promiscuous mode [ 720.999266][ T24] cdc_ether: probe of 5-1:1.0 failed with error -71 [ 721.020253][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 721.033986][ T24] usb 5-1: USB disconnect, device number 94 [ 721.041133][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 721.126776][T22479] bridge0: port 1(bridge_slave_0) entered blocking state [ 721.140229][T22479] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.155280][T22479] device bridge_slave_0 entered promiscuous mode [ 721.171718][T22479] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.186178][T22479] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.201126][T22479] device bridge_slave_1 entered promiscuous mode [ 721.214195][T22478] loop4: detected capacity change from 0 to 40427 [ 721.231548][T22478] F2FS-fs (loop4): journaled quota format not specified [ 721.248200][T22491] syz-executor.2[22491] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 721.248269][T22491] syz-executor.2[22491] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 721.324887][ T345] device bridge_slave_1 left promiscuous mode [ 721.342518][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.350074][ T345] device bridge_slave_0 left promiscuous mode [ 721.362275][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.371029][ T345] device veth1_macvtap left promiscuous mode [ 721.377032][ T345] device veth0_vlan left promiscuous mode [ 721.397757][T22501] loop2: detected capacity change from 0 to 256 [ 721.427839][T22501] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 721.440017][T22501] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 721.676547][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 721.683670][T20111] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 721.692042][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 721.702592][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 721.711127][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 721.737393][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 721.744283][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 721.764016][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 721.771469][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 721.780163][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 721.788249][ T857] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.795123][ T857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 721.802390][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 721.811616][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 721.834273][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 721.850476][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 721.858664][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 721.866457][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 721.874718][T22479] device veth0_vlan entered promiscuous mode [ 721.889774][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 721.899281][T22479] device veth1_macvtap entered promiscuous mode [ 721.911921][ T857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 721.929997][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 721.942765][T20111] usb 1-1: Using ep0 maxpacket: 32 [ 722.032302][T22524] syz-executor.1[22524] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 722.032376][T22524] syz-executor.1[22524] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 722.044414][ T330] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 722.073147][T20111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 722.102472][T20111] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 722.112389][T20111] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 722.122857][T20111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.131321][T20111] usb 1-1: config 0 descriptor?? [ 722.173415][T20111] hub 1-1:0.0: USB hub found [ 722.319085][ T28] audit: type=1326 audit(1718044506.570:68355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9ae887cf69 code=0x0 [ 722.422361][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 722.432271][T20111] hub 1-1:0.0: 2 ports detected [ 722.433664][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 722.447459][ T330] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 722.447707][ T345] device bridge_slave_1 left promiscuous mode [ 722.456367][ T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.462790][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.477671][ T345] device bridge_slave_0 left promiscuous mode [ 722.477679][ T330] usb 4-1: config 0 descriptor?? [ 722.488451][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 722.496050][ T345] device veth1_macvtap left promiscuous mode [ 722.501922][ T345] device veth0_vlan left promiscuous mode [ 722.652011][T20111] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 722.658215][T20111] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 722.782544][T20111] usbhid 1-1:0.0: can't add hid device: -71 [ 722.788321][T20111] usbhid: probe of 1-1:0.0 failed with error -71 [ 722.832134][T20111] usb 1-1: USB disconnect, device number 106 [ 722.951797][ T330] hid (null): bogus close delimiter [ 723.087550][T22540] loop1: detected capacity change from 0 to 40427 [ 723.094734][T22540] F2FS-fs (loop1): journaled quota format not specified [ 723.171469][ T330] usb 4-1: language id specifier not provided by device, defaulting to English [ 724.578890][T22552] 9pnet_fd: Insufficient options for proto=fd [ 724.585448][T22552] overlayfs: failed to resolve './file1': -2 [ 725.429253][ T330] uclogic 0003:256C:006D.00BC: failed retrieving Huion firmware version: -71 [ 725.449503][T22550] device veth1_macvtap left promiscuous mode [ 725.556976][ T330] uclogic 0003:256C:006D.00BC: failed probing parameters: -71 [ 725.565073][ T330] uclogic: probe of 0003:256C:006D.00BC failed with error -71 [ 725.592185][ T330] usb 4-1: USB disconnect, device number 84 [ 726.947479][ T857] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 727.147136][ T330] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 727.189780][ T857] usb 1-1: Using ep0 maxpacket: 8 [ 727.322243][ T857] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 727.361430][ T857] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.380502][ T857] usb 1-1: config 0 descriptor?? [ 727.406830][ T330] usb 5-1: Using ep0 maxpacket: 32 [ 727.577238][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 727.589518][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.599749][ T330] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 727.608837][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.617417][ T330] usb 5-1: config 0 descriptor?? [ 727.666847][ T330] hub 5-1:0.0: USB hub found [ 727.753182][T22639] loop1: detected capacity change from 0 to 512 [ 727.760989][T22639] EXT4-fs (loop1): orphan cleanup on readonly fs [ 727.767215][T22639] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #3: comm syz-executor.1: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 727.785565][T22639] EXT4-fs error (device loop1): ext4_quota_enable:6946: comm syz-executor.1: Bad quota inode: 3, type: 0 [ 727.796967][T22639] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 727.811592][T22639] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 727.818204][T22639] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 727.833228][T22479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor.1: path /root/syzkaller-testdir2378370461/syzkaller.XTxXep/16/file1: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=83886096, rec_len=0, size=4096 fake=0 [ 727.907549][T22479] EXT4-fs (loop1): unmounting filesystem. [ 727.916382][ T330] hub 5-1:0.0: 2 ports detected [ 728.016780][T22642] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.023682][T22642] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.030977][T22642] device bridge_slave_0 entered promiscuous mode [ 728.040467][T22642] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.047704][T22642] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.055217][T22642] device bridge_slave_1 entered promiscuous mode [ 728.114349][T22642] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.121249][T22642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 728.128340][T22642] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.135197][T22642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.183598][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 728.191845][T20111] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.199115][T20111] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.219227][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 728.231086][T21681] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.237988][T21681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.243914][ T330] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 728.245215][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 728.251327][ T330] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 728.267450][T21681] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.274313][T21681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 728.281493][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 728.289304][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 728.319919][T22660] loop2: detected capacity change from 0 to 256 [ 728.684064][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 728.694108][T22642] device veth0_vlan entered promiscuous mode [ 728.700348][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 728.708737][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 728.716359][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 728.730138][T22642] device veth1_macvtap entered promiscuous mode [ 728.735486][ T330] usbhid 5-1:0.0: can't add hid device: -71 [ 728.737276][T20111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 728.742106][ T330] usbhid: probe of 5-1:0.0 failed with error -71 [ 728.757919][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 728.766442][T21681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 728.786513][ T330] usb 5-1: USB disconnect, device number 95 [ 728.875782][ T345] device bridge_slave_1 left promiscuous mode [ 728.881748][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.889344][ T345] device bridge_slave_0 left promiscuous mode [ 728.895600][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.904858][ T345] device veth1_macvtap left promiscuous mode [ 728.910947][ T345] device veth0_vlan left promiscuous mode [ 728.956836][T22669] 9pnet_fd: Insufficient options for proto=fd [ 728.963469][T22669] overlayfs: failed to resolve './file1': -2 [ 729.187333][T22700] syz-executor.2[22700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 729.187384][T22700] syz-executor.2[22700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 729.961333][T22714] loop4: detected capacity change from 0 to 8192 [ 730.040255][T22714] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 730.143458][T22729] loop3: detected capacity change from 0 to 256 [ 730.166839][T22731] syz-executor.4[22731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 730.166923][T22731] syz-executor.4[22731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 730.186209][T22729] FAT-fs (loop3): Directory bread(block 64) failed [ 730.221971][T22729] FAT-fs (loop3): Directory bread(block 65) failed [ 730.225108][T22735] loop2: detected capacity change from 0 to 1024 [ 730.228496][T22729] FAT-fs (loop3): Directory bread(block 66) failed [ 730.241192][T22729] FAT-fs (loop3): Directory bread(block 67) failed [ 730.248339][T22729] FAT-fs (loop3): Directory bread(block 68) failed [ 730.255047][T22729] FAT-fs (loop3): Directory bread(block 69) failed [ 730.262288][T22729] FAT-fs (loop3): Directory bread(block 70) failed [ 730.268885][T22729] FAT-fs (loop3): Directory bread(block 71) failed [ 730.275751][T22729] FAT-fs (loop3): Directory bread(block 72) failed [ 730.282372][T22735] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 730.282426][T22729] FAT-fs (loop3): Directory bread(block 73) failed [ 730.319246][T22442] EXT4-fs (loop2): unmounting filesystem. [ 730.351641][T22729] syz-executor.3: attempt to access beyond end of device [ 730.351641][T22729] loop3: rw=2051, sector=1160, nr_sectors = 32 limit=256 [ 730.367538][ T857] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 730.377801][ T857] asix: probe of 1-1:0.0 failed with error -71 [ 730.384576][ T857] usb 1-1: USB disconnect, device number 107 [ 730.388744][T22739] device syzkaller0 entered promiscuous mode [ 730.708404][T22751] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 732.720353][ T28] audit: type=1326 audit(1718044516.981:68356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67e6c7cf69 code=0x7ffc0000 [ 732.784829][ T28] audit: type=1326 audit(1718044516.981:68357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67e6c7cf69 code=0x7ffc0000 [ 732.811199][T20111] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 732.851291][ T28] audit: type=1326 audit(1718044516.981:68358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67e6c7cf69 code=0x7ffc0000 [ 732.895454][ T28] audit: type=1326 audit(1718044517.012:68359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67e6c7cf69 code=0x7ffc0000 [ 732.931207][ T28] audit: type=1326 audit(1718044517.012:68360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67e6c7cf69 code=0x7ffc0000 [ 732.973715][ T28] audit: type=1326 audit(1718044517.012:68361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67e6c7a6e7 code=0x7ffc0000 [ 733.017826][ T28] audit: type=1326 audit(1718044517.012:68362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67e6c403d9 code=0x7ffc0000 [ 733.050949][ T857] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 733.060080][ T28] audit: type=1326 audit(1718044517.012:68363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f67e6c7cf69 code=0x7ffc0000 [ 733.085202][ T28] audit: type=1326 audit(1718044517.012:68364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67e6c7a6e7 code=0x7ffc0000 [ 733.109168][ T28] audit: type=1326 audit(1718044517.012:68365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22772 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67e6c403d9 code=0x7ffc0000 [ 733.135491][T20111] usb 3-1: Using ep0 maxpacket: 8 [ 733.250903][T20111] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 733.263543][T20111] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 733.283008][T20111] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 733.384259][T22781] loop3: detected capacity change from 0 to 131072 [ 733.390704][T20111] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 733.393354][T22781] F2FS-fs (loop3): Found nat_bits in checkpoint [ 733.399652][T20111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 733.413986][T20111] usb 3-1: SerialNumber: syz [ 733.420668][ T857] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 733.440307][T22781] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 733.440715][T22760] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 733.454706][T22760] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 733.592222][ T857] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 733.610195][ T857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.620373][ T331] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 733.628070][ T857] usb 5-1: Product: syz [ 733.636596][ T857] usb 5-1: Manufacturer: syz [ 733.641193][ T857] usb 5-1: SerialNumber: syz [ 733.712126][T22806] loop3: detected capacity change from 0 to 1024 [ 733.718935][T22806] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 733.729504][T22806] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 733.739961][T22806] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 733.740340][T20111] cdc_ether: probe of 3-1:1.0 failed with error -71 [ 733.755793][T20111] usb-storage 3-1:1.0: USB Mass Storage device detected [ 733.763368][T20111] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 733.771294][T20111] scsi host1: usb-storage 3-1:1.0 [ 733.778097][T20111] usb 3-1: USB disconnect, device number 66 [ 734.000032][ T331] usb 1-1: config 0 has an invalid interface number: 216 but max is 0 [ 734.008160][ T331] usb 1-1: config 0 has no interface number 0 [ 734.014147][ T331] usb 1-1: config 0 interface 216 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 734.024769][ T331] usb 1-1: config 0 interface 216 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 734.164761][T22818] loop1: detected capacity change from 0 to 512 [ 734.181888][T22818] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 734.190710][T22818] ext4 filesystem being mounted at /root/syzkaller-testdir2502650217/syzkaller.ogN0yb/15/file0 supports timestamps until 2038 (0x7fffffff) [ 734.220425][ T331] usb 1-1: New USB device found, idVendor=0499, idProduct=1002, bcdDevice=df.d7 [ 734.235428][ T331] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 734.272993][ T331] usb 1-1: Product: syz [ 734.281696][ T331] usb 1-1: Manufacturer: syz [ 734.286138][ T331] usb 1-1: SerialNumber: syz [ 734.291634][ T331] usb 1-1: config 0 descriptor?? [ 734.341478][ T331] snd-usb-audio: probe of 1-1:0.216 failed with error -2 [ 734.540624][ T331] usb 1-1: USB disconnect, device number 108 [ 734.589305][T21818] EXT4-fs (loop3): unmounting filesystem. [ 734.626860][T22827] loop3: detected capacity change from 0 to 512 [ 734.634591][T22827] EXT4-fs (loop3): orphan cleanup on readonly fs [ 734.641192][T22827] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 734.679431][T22827] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 734.686119][T22827] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 734.704834][T22827] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 13 (err -117) [ 734.717201][T22827] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 734.729459][T21818] EXT4-fs (loop3): unmounting filesystem. [ 734.781077][T22836] loop3: detected capacity change from 0 to 8192 [ 734.788450][T22836] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 734.998469][T22642] EXT4-fs (loop1): unmounting filesystem. [ 735.078986][ T8001] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 735.238970][ T857] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 735.245592][ T857] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 735.310854][T22766] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 735.318548][ T857] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 735.358727][ T8001] usb 4-1: Using ep0 maxpacket: 16 [ 735.458661][ T857] cdc_ncm 5-1:1.0: setting tx_max = 184 [ 735.464990][ T857] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 735.476658][ T857] usb 5-1: USB disconnect, device number 96 [ 735.482557][ T8001] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 735.491626][ T857] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 735.500599][ T8001] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 735.510122][ T8001] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 735.519671][ T8001] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 735.530227][ T8001] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 735.539729][ T8001] usb 4-1: config 1 interface 0 has no altsetting 0 [ 735.549097][ T8001] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 735.558024][ T8001] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 735.567292][ T24] ================================================================== [ 735.575177][ T24] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 735.582805][ T24] Read of size 8 at addr ffff88811466ccf0 by task kworker/1:0/24 [ 735.590356][ T24] [ 735.592528][ T24] CPU: 1 PID: 24 Comm: kworker/1:0 Tainted: G W 6.1.78-syzkaller-00164-gac9706483e98 #0 [ 735.603548][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 735.613619][ T24] Workqueue: events linkwatch_event [ 735.618655][ T24] Call Trace: [ 735.621777][ T24] [ 735.624562][ T24] dump_stack_lvl+0x151/0x1b7 [ 735.629068][ T24] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 735.634364][ T24] ? _printk+0xd1/0x111 [ 735.638364][ T24] ? __virt_addr_valid+0x242/0x2f0 [ 735.643307][ T24] print_report+0x158/0x4e0 [ 735.647641][ T24] ? __virt_addr_valid+0x242/0x2f0 [ 735.652683][ T24] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 735.658759][ T24] ? __list_del_entry_valid+0xa6/0x130 [ 735.664055][ T24] kasan_report+0x13c/0x170 [ 735.668398][ T24] ? __list_del_entry_valid+0xa6/0x130 [ 735.673689][ T24] __asan_report_load8_noabort+0x14/0x20 [ 735.679164][ T24] __list_del_entry_valid+0xa6/0x130 [ 735.684284][ T24] process_one_work+0x4d7/0xcb0 [ 735.688976][ T24] worker_thread+0xa60/0x1260 [ 735.693479][ T24] kthread+0x26d/0x300 [ 735.697386][ T24] ? worker_clr_flags+0x1a0/0x1a0 [ 735.702243][ T24] ? kthread_blkcg+0xd0/0xd0 [ 735.706666][ T24] ret_from_fork+0x1f/0x30 [ 735.710922][ T24] [ 735.713793][ T24] [ 735.715954][ T24] Allocated by task 857: [ 735.720036][ T24] kasan_set_track+0x4b/0x70 [ 735.724459][ T24] kasan_save_alloc_info+0x1f/0x30 [ 735.729415][ T24] __kasan_kmalloc+0x9c/0xb0 [ 735.733832][ T24] __kmalloc_node+0xb4/0x1e0 [ 735.738301][ T24] kvmalloc_node+0x221/0x640 [ 735.742686][ T24] alloc_netdev_mqs+0x8c/0xf90 [ 735.747286][ T24] alloc_etherdev_mqs+0x36/0x40 [ 735.751972][ T24] usbnet_probe+0x207/0x27c0 [ 735.756401][ T24] usb_probe_interface+0x5b6/0xa90 [ 735.761347][ T24] really_probe+0x2b8/0x920 [ 735.765687][ T24] __driver_probe_device+0x1a0/0x310 [ 735.770808][ T24] driver_probe_device+0x54/0x3d0 [ 735.775670][ T24] __device_attach_driver+0x2e3/0x490 [ 735.780890][ T24] bus_for_each_drv+0x183/0x200 [ 735.785563][ T24] __device_attach+0x312/0x510 [ 735.790262][ T24] device_initial_probe+0x1a/0x20 [ 735.795111][ T24] bus_probe_device+0xbe/0x1e0 [ 735.799710][ T24] device_add+0xb60/0xf10 [ 735.803875][ T24] usb_set_configuration+0x190f/0x1e80 [ 735.809168][ T24] usb_generic_driver_probe+0x8b/0x150 [ 735.814482][ T24] usb_probe_device+0x144/0x260 [ 735.819155][ T24] really_probe+0x2b8/0x920 [ 735.823492][ T24] __driver_probe_device+0x1a0/0x310 [ 735.828612][ T24] driver_probe_device+0x54/0x3d0 [ 735.833471][ T24] __device_attach_driver+0x2e3/0x490 [ 735.838681][ T24] bus_for_each_drv+0x183/0x200 [ 735.843367][ T24] __device_attach+0x312/0x510 [ 735.847969][ T24] device_initial_probe+0x1a/0x20 [ 735.852826][ T24] bus_probe_device+0xbe/0x1e0 [ 735.857426][ T24] device_add+0xb60/0xf10 [ 735.861592][ T24] usb_new_device+0xf32/0x1810 [ 735.866193][ T24] hub_event+0x2db1/0x4830 [ 735.870447][ T24] process_one_work+0x73d/0xcb0 [ 735.875133][ T24] worker_thread+0xa60/0x1260 [ 735.879646][ T24] kthread+0x26d/0x300 [ 735.883552][ T24] ret_from_fork+0x1f/0x30 [ 735.887805][ T24] [ 735.889974][ T24] Freed by task 857: [ 735.893706][ T24] kasan_set_track+0x4b/0x70 [ 735.898139][ T24] kasan_save_free_info+0x2b/0x40 [ 735.902995][ T24] ____kasan_slab_free+0x131/0x180 [ 735.907941][ T24] __kasan_slab_free+0x11/0x20 [ 735.912541][ T24] __kmem_cache_free+0x218/0x3b0 [ 735.917316][ T24] kfree+0x7a/0xf0 [ 735.920874][ T24] kvfree+0x35/0x40 [ 735.924517][ T24] netdev_freemem+0x3f/0x60 [ 735.928860][ T24] netdev_release+0x7f/0xb0 [ 735.933199][ T24] device_release+0x95/0x1c0 [ 735.937625][ T24] kobject_put+0x178/0x260 [ 735.941879][ T24] put_device+0x1f/0x30 [ 735.945870][ T24] free_netdev+0x393/0x480 [ 735.950125][ T24] usbnet_disconnect+0x245/0x390 [ 735.954988][ T24] usb_unbind_interface+0x1fa/0x8c0 [ 735.960021][ T24] device_release_driver_internal+0x53e/0x870 [ 735.965919][ T24] device_release_driver+0x19/0x20 [ 735.970954][ T24] bus_remove_device+0x2fa/0x360 [ 735.975821][ T24] device_del+0x663/0xe90 [ 735.979979][ T24] usb_disable_device+0x380/0x720 [ 735.984841][ T24] usb_disconnect+0x32a/0x890 [ 735.989354][ T24] hub_event+0x1ed8/0x4830 [ 735.993683][ T24] process_one_work+0x73d/0xcb0 [ 735.998382][ T24] worker_thread+0xd71/0x1260 [ 736.002893][ T24] kthread+0x26d/0x300 [ 736.006799][ T24] ret_from_fork+0x1f/0x30 [ 736.011077][ T24] [ 736.013232][ T24] Last potentially related work creation: [ 736.018778][ T24] kasan_save_stack+0x3b/0x60 [ 736.023291][ T24] __kasan_record_aux_stack+0xb4/0xc0 [ 736.028497][ T24] kasan_record_aux_stack_noalloc+0xb/0x10 [ 736.034140][ T24] insert_work+0x56/0x310 [ 736.038307][ T24] __queue_work+0x9b6/0xd70 [ 736.042646][ T24] queue_work_on+0x105/0x170 [ 736.047071][ T24] usbnet_link_change+0xeb/0x100 [ 736.051847][ T24] usbnet_probe+0x1dbe/0x27c0 [ 736.056359][ T24] usb_probe_interface+0x5b6/0xa90 [ 736.061305][ T24] really_probe+0x2b8/0x920 [ 736.065652][ T24] __driver_probe_device+0x1a0/0x310 [ 736.070765][ T24] driver_probe_device+0x54/0x3d0 [ 736.075627][ T24] __device_attach_driver+0x2e3/0x490 [ 736.080834][ T24] bus_for_each_drv+0x183/0x200 [ 736.085699][ T24] __device_attach+0x312/0x510 [ 736.090299][ T24] device_initial_probe+0x1a/0x20 [ 736.095156][ T24] bus_probe_device+0xbe/0x1e0 [ 736.099757][ T24] device_add+0xb60/0xf10 [ 736.103922][ T24] usb_set_configuration+0x190f/0x1e80 [ 736.109219][ T24] usb_generic_driver_probe+0x8b/0x150 [ 736.114600][ T24] usb_probe_device+0x144/0x260 [ 736.119290][ T24] really_probe+0x2b8/0x920 [ 736.123625][ T24] __driver_probe_device+0x1a0/0x310 [ 736.128745][ T24] driver_probe_device+0x54/0x3d0 [ 736.133617][ T24] __device_attach_driver+0x2e3/0x490 [ 736.138813][ T24] bus_for_each_drv+0x183/0x200 [ 736.143500][ T24] __device_attach+0x312/0x510 [ 736.148101][ T24] device_initial_probe+0x1a/0x20 [ 736.152962][ T24] bus_probe_device+0xbe/0x1e0 [ 736.157563][ T24] device_add+0xb60/0xf10 [ 736.161729][ T24] usb_new_device+0xf32/0x1810 [ 736.166328][ T24] hub_event+0x2db1/0x4830 [ 736.170583][ T24] process_one_work+0x73d/0xcb0 [ 736.175276][ T24] worker_thread+0xa60/0x1260 [ 736.179779][ T24] kthread+0x26d/0x300 [ 736.183685][ T24] ret_from_fork+0x1f/0x30 [ 736.187938][ T24] [ 736.190109][ T24] The buggy address belongs to the object at ffff88811466c000 [ 736.190109][ T24] which belongs to the cache kmalloc-4k of size 4096 [ 736.203996][ T24] The buggy address is located 3312 bytes inside of [ 736.203996][ T24] 4096-byte region [ffff88811466c000, ffff88811466d000) [ 736.217275][ T24] [ 736.219444][ T24] The buggy address belongs to the physical page: [ 736.225714][ T24] page:ffffea0004519a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114668 [ 736.235767][ T24] head:ffffea0004519a00 order:3 compound_mapcount:0 compound_pincount:0 [ 736.243921][ T24] flags: 0x4000000000010200(slab|head|zone=1) [ 736.249829][ T24] raw: 4000000000010200 ffffea000453a400 dead000000000002 ffff888100043380 [ 736.258246][ T24] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 736.266661][ T24] page dumped because: kasan: bad access detected [ 736.272920][ T24] page_owner tracks the page as allocated [ 736.278463][ T24] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 22205, tgid 22204 (syz-executor.2), ts 712560425282, free_ts 711771090464 [ 736.301554][ T24] post_alloc_hook+0x213/0x220 [ 736.306151][ T24] prep_new_page+0x1b/0x110 [ 736.310491][ T24] get_page_from_freelist+0x27ea/0x2870 [ 736.315872][ T24] __alloc_pages+0x3a1/0x780 [ 736.320299][ T24] alloc_slab_page+0x6c/0xf0 [ 736.324725][ T24] new_slab+0x90/0x3e0 [ 736.328630][ T24] ___slab_alloc+0x6f9/0xb80 [ 736.333058][ T24] __slab_alloc+0x5d/0xa0 [ 736.337223][ T24] __kmem_cache_alloc_node+0x1af/0x250 [ 736.342518][ T24] kmalloc_trace+0x2a/0xa0 [ 736.346771][ T24] kvm_uevent_notify_change+0x22b/0x3c0 [ 736.352152][ T24] kvm_dev_ioctl+0xf6a/0x10d0 [ 736.356668][ T24] __se_sys_ioctl+0x114/0x190 [ 736.361179][ T24] __x64_sys_ioctl+0x7b/0x90 [ 736.365606][ T24] do_syscall_64+0x3d/0xb0 [ 736.369945][ T24] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 736.375674][ T24] page last free stack trace: [ 736.380188][ T24] free_unref_page_prepare+0x83d/0x850 [ 736.385492][ T24] free_unref_page+0xb2/0x5c0 [ 736.389994][ T24] __free_pages+0x61/0xf0 [ 736.394159][ T24] __free_slab+0xce/0x1a0 [ 736.398326][ T24] __unfreeze_partials+0x165/0x1a0 [ 736.403284][ T24] put_cpu_partial+0xa9/0x100 [ 736.407788][ T24] __slab_free+0x1c8/0x280 [ 736.412041][ T24] ___cache_free+0xc6/0xd0 [ 736.416380][ T24] qlist_free_all+0xc5/0x140 [ 736.420806][ T24] kasan_quarantine_reduce+0x15a/0x180 [ 736.426101][ T24] __kasan_slab_alloc+0x24/0x80 [ 736.430788][ T24] slab_post_alloc_hook+0x53/0x2c0 [ 736.435757][ T24] __kmem_cache_alloc_node+0x191/0x250 [ 736.441030][ T24] kmalloc_trace+0x2a/0xa0 [ 736.445282][ T24] ipv6_add_addr+0x41b/0xdf0 [ 736.449706][ T24] addrconf_add_linklocal+0x326/0x9e0 [ 736.454918][ T24] [ 736.457090][ T24] Memory state around the buggy address: [ 736.462558][ T24] ffff88811466cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.470455][ T24] ffff88811466cc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.478353][ T24] >ffff88811466cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.486249][ T24] ^ [ 736.493800][ T24] ffff88811466cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 736.501701][ T24] ffff88811466cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2024/06/10 18:35:20 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 736.509595][ T24] ================================================================== [ 736.517497][ T24] Disabling lock debugging due to kernel taint [ 736.687387][ T8001] usb 4-1: can't set config #1, error -71 [ 736.695023][ T8001] usb 4-1: USB disconnect, device number 85 [