last executing test programs: 17.454668655s ago: executing program 2 (id=184): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100d0000000fbdbdf252100000018000180140002007665746831"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) 17.454125006s ago: executing program 2 (id=185): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r3, &(0x7f0000000000)={&(0x7f0000000ec0)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x14040080}, 0x2000081) sendmsg$tipc(r2, &(0x7f0000000740)={&(0x7f0000000280)=@name={0x1e, 0x2, 0x0, {{0x0, 0x4}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000084}, 0x4000) 17.437966536s ago: executing program 2 (id=186): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x201000, 0x1000}, 0x20) 17.412183816s ago: executing program 2 (id=187): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x49c, &(0x7f0000000580)="$eJzs3U9rXOUaAPDnnCRN2qY36b2F+2dze9ve2wulM5lIChXEigsFLYj9ADUm0xgyyYTMpCahYPsVVLTgQkRw5UbQfRFxqxtRF+LGlSBaKiK4GDlnJmmaZpJo0wxkfj84nPOeM5nnfTOc95k8SeYNoGsdj4jrEXEgIl6IiKHW+aS1xYXmlj3uzu1rE9mWRKNx6cckv561Y93XZA63nnMgIp5/KuLF5P64teWVmfFKpbzQahfrs/PF2vLK2enZ8anyVHludGTs/FjpXKlU2rWxvvrL4N9PfHzhsbefffez9z5cWsq6Ndi6tn4cu6k59L61OJneiHjmYQTrgJ7WeA50uiP8KWlE/DUiTuT3/1D05K8mALCfNRpD0Rha3wYA9rs0r4ElaaFVCxiMNC0UmjW8Y3EorVRr9TNXqotzk81a2XD0pVemK+WRVq1wOPqSrF3Kj++2Rze0H4mIoxHxev/BvF2YqFYmO/nGBwC62OEN+f/n/mb+BwD2uYFOdwAA2HPyPwB0H/kfALqP/A8A3Uf+B4DuI/8DQPeR/wGgqzx38WK2NVY//3ry6vLiTPXq2clybaYwuzhRmKguzBemqtWp/DN7Zrd7vkq1On8u5haXivVyrV6sLa9cnq0uztUv55/rfbnctyejAgC2cvTft75OIuL6owfzLdat5SBXw/6WdroDQMf0dLoDQMdY7Qu6l5/xgU2W6L1H2z8Rurn7fQH2xul/qv9Dt1L/h+6l/g/dS/0fulejkVjzHwC6jBo/4Pf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8McN5luSFlprgQ9GmhYKEUciYjj6kivTlfJIRPwlIr7q7+vP2qVOdxoAeEDp90lr/a/TQ6cGN149kPzan+8j4uW3Lr25NF6vL5Sy8z+tna/fbJ0f7UT/AYDtrObp1Ty+6s7taxOr217254cnmouL3h+/N3rz/UD0RcShO0mr3ZS9X+nZhfjXb0TEPzaLn+S1keHWyqcb42exj+xp/PSe+Gl+rbnPvhd/24W+QLe5lc0/Fza7/9I4nu83v/8H8hnqwbWf/9K1+a+nzfx3fKdj/HTo6bbxb0T8q3fz+Wc1ftIm/qkdxv+u+s1r7a413ok4vWn+Se6JVazPzhdryytnp2fHp8pT5bnRkbHzY6VzpVKpmNeoi6uV6vs9/saXr2w1/kNt4g9sM/7/7nD8337+5Cf/2SL+/09u/vof2yJ+lhP/t8P475/86KV217L4k23Gv93rf2aH8W998cFvO3woALAHassrM+OVSnnBgQMHDtYOOj0zAQ/b3Zu+0z0BAAAAAAAAAAAAAADa2Yt/J+r0GAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANi/fg8AAP//Uunccw==") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0) r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r1, 0x0) write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x2000000000000001, 0x0, 0x0, {0xffffffffff7ffffe, 0x0, 0xffffffffbfffffff, 0x6, 0xffffffffffff592c, 0x6, 0x4, 0x6288f666, 0x0, 0xc000}}}, 0x78) 17.306591748s ago: executing program 2 (id=189): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x33) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r1, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f00000000c0)='%pS \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x1c, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) 17.1733287s ago: executing program 2 (id=190): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x10009, 0x5, 0xffffdfffffffffff, 0x5, 0x0, 0xffffffffffffffff, 0x2000007a6e, 0x4, 0xfc, 0xf, 0x4000000000008, 0xc0, 0x2, 0x8000, 0xfffffffffffffffc, 0x2], 0x8000000, 0x8340}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17.17318987s ago: executing program 32 (id=190): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x10009, 0x5, 0xffffdfffffffffff, 0x5, 0x0, 0xffffffffffffffff, 0x2000007a6e, 0x4, 0xfc, 0xf, 0x4000000000008, 0xc0, 0x2, 0x8000, 0xfffffffffffffffc, 0x2], 0x8000000, 0x8340}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.138618364s ago: executing program 3 (id=497): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000700000000000000000000000000611259f80fe0bd06958ee18a079cd369f2e1200000000000000000000000000027f068cebae487bc2a62c9d49d19d211b31b09e0b919acd1c398ae16b4d5eb40cd6efb1643f9c277678f1771748b141e5f97856c2e000000490b3a3b898abcd7d3d1c2414603e6fa40eaa63535de1f3a7e5c88d08f16b1e0a19aa47223c931e9795457a48bd8477140c6073c8523a7e982cd1df5e4b40ad33f6d85148fc8bd8fa9059f5569786eec27693a84227ee2ad4142e6a07ffd7dd977d9813ab6025b6bb340f35d9c22f00acb2d55ffec329d69271e31206a0800000073ac4b7feffc0795a828473a47b57573201ad1e6cc689aa952b3d949264d5ff7a9c9971ea922d956ffb3a24848a392aac35ee4a08fee8347eb23c2808a6b7a1cbab944458235f5066fff190b1098fdef249c73a3f490aeab559bd1ec5e087ea3d35e8b41ddb0334812fa2d1e5496e4b2e8289576a671749373545fd778d00cc4352aca042a64aa6b638ed63c4ce83aaf5df61fa188f144cf574508d0ff48e5c0e5276a3a86ccae1a241ab8889e3ff3ad422a3f6d28898854bc91b3b7f18b7fbdbc4d59376e03bc59464f799bf78e1d38614b5f5f0b399c145fe1e2a739f1d66095f0f43011225addfd26600da1d65a3d76b8881fc8c2aad7b94054c996d9de2debc38db516d5b4"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) 3.074520465s ago: executing program 3 (id=498): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad433ec50000000f00008095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x0) 3.074219905s ago: executing program 3 (id=499): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xfffffffffffffde8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffff53a2513743897e44000d0001007564703aa3"], 0x54}}, 0x0) 3.056249226s ago: executing program 3 (id=500): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x3c, 0x20, 0x98, 0x40, 0x2001, 0x1a00, 0x38f5, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x66, 0x0, 0x0, 0x54, 0xef, 0x55}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) 1.947342912s ago: executing program 0 (id=510): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x4, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0xeeee0000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x22}, {0x0, 0x2000, 0x10, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x10000, 0xffff1000, 0x3, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0xfe, 0x0, 0x2}, {0x5000, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x58, 0x8, 0x4}, {0x0, 0x4000, 0xb, 0x0, 0x2, 0xfd, 0xfc, 0x0, 0x0, 0x5}, {0xdddd1000, 0x100000, 0x4, 0x8, 0x80, 0xfb, 0x0, 0x7, 0x1a, 0x2}, {0x0, 0x4, 0x8, 0x2, 0x0, 0x54, 0x7, 0xfd, 0xff, 0x0, 0x7, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x1, 0x120, 0xc, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]}) 1.833293243s ago: executing program 5 (id=512): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 1.832753513s ago: executing program 0 (id=514): r0 = memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x3) fcntl$addseals(r0, 0x409, 0x12) mmap(&(0x7f0000586000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r0, 0x7f000) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000587000/0x4000)=nil, 0x4000}, 0x1}) 1.832571513s ago: executing program 0 (id=515): socket$xdp(0x2c, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f00000014c0)=[{{0x0, 0x0, 0x0}, 0x40}], 0x1, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) 1.508210128s ago: executing program 5 (id=520): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 992.806446ms ago: executing program 0 (id=521): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000001040)=@base={0xa, 0x4, 0x4, 0xc}, 0x50) 981.908746ms ago: executing program 0 (id=522): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000340)='sched_switch\x00', r1}, 0x18) setresuid(0x0, 0xee00, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) 901.946437ms ago: executing program 0 (id=523): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000840)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x2, 0xff, 0x5a, 0xa3, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000480)=ANY=[@ANYBLOB="008010"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000d80)={0x84, &(0x7f00000008c0)={0x0, 0x13, 0x1, "f9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 741.399879ms ago: executing program 1 (id=529): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000001c000000000000002300850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='kmem_cache_free\x00', r2}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) 740.649619ms ago: executing program 3 (id=531): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)=@x86={0x9, 0x6, 0x1, 0x0, 0x3, 0x2, 0x9, 0x32, 0x9, 0x2, 0x61, 0xff, 0x0, 0x8, 0x5, 0x5, 0xfa, 0x5, 0x0, '\x00', 0x4, 0x9}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x4e, 0x0, 0x0) 711.23367ms ago: executing program 1 (id=532): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x2004000, &(0x7f0000000040), 0xfe, 0x563, &(0x7f00000007c0)="$eJzs3c9rHFUcAPDvbHbbpK02BSnoQQI9WKndtIk/KnioR9FiQe91SaahZNMt2U1pYsH2oBcvUgQRC+If4N1j8R/wryhooUgJevASmWQ22Ta7m1/bZHU/H5j2vZnZefPmzXv5vp1dNoCBNZb9U4h4OSK+SSKOt2wrRr5xbG2/5Se3p7IliZWVT/5MIsnXNfdP8v+PNjPFiF+/jDhT2FxufXFptlKtpvN5frwxd2O8vrh09tpcZSadSa9PTE5eeGty4t133u5ZXV+//Pf3Hz/44MLXp5a/+/nRiXtJXIxj+bbWeuzBndbMWIzl16QUF5/Z8XwPCusnyUGfALsylPfzUmRjwPEYyns98P/3RUSsAANpJBL9HwZUMw5ozu035sHDBxiV7J/H769NgDbXv7j23kgMr86NjiwnT82MsvnuaA/Kz8r45Y/797Ilevc+BMCW7tyNiHPF4ubxL8nHv907t419ni3D+Af750EW/7zRLv4prMc/0Sb+Odqm7+7G1v2/8KgHxXSUxX/vtY1/1x9ajQ7luRciRkajlFy9Vk2zse3FiDgdpcNZvtvznAvLD1c6bWuN/7IlK78ZC+bn8ah4+OnXTFcalb3UudXjuxGvtI1/k/X2T9q0f3Y9Lm+zjJPp/Vc7bdu6/s/Xyk8Rr7Vt/40nWkn355Pjq/fDePOu2Oyvr07+1qn8g65/1v5Hutd/NGl9XlvfeRk/Dv+Tdtq22/v/UPLpavpQvu5WpdGYPx9xKPlo8/qJjdc28839s/qfPtV9/Gt3/49ExGfbrH+3mXQ/tP/0jtp/54mHH37+Q6fy8/qXomv7v7maOp2v2c74t90T3Mu1AwAAAAAAgH5TiIhjkRTK6+lCoVxe+3zHS3GkUK3VG2eu1hauT8fqd2VHo1RoPuk+vpZPmp9/GG3JTzyTn4yIExHx7dDIar48VatOH3TlAQAAAAAAAAAAAAAAAAAAoE8c7fD9/8zvQwd9dsBz5ye/YXBt2f978UtPQF/a7d//+R6fB7D/xP8wuPR/GFz6Pwwu/R8Gl/4Pg0v/h8Gl/wMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXb50KVtWlp/cnsry0zcXF2ZrN89Op/XZ8tzCVHmqNn+jPFOrzVTT8lRtbqvjVWu1G+cnYuHWeCOtN8bri0tX5moL1xtXrs1VZtIraWlfagUAAAAAAAAAAAAAAAAAAAD/LfXFpdlKtZrOS/RzYvg5HfnO3o9T7IfrI7HjRBLd9znokQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvwbAAD//+f9MzI=") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 652.041031ms ago: executing program 3 (id=544): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x3c, 0x20, 0x98, 0x40, 0x2001, 0x1a00, 0x38f5, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x66, 0x0, 0x0, 0x54, 0xef, 0x55}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) 520.926093ms ago: executing program 5 (id=535): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000002180)={[0xfffffffffffffff7]}, 0x8, 0x80000) rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8) r1 = getpgrp(0x0) r2 = gettid() rt_tgsigqueueinfo(r1, r2, 0xb, &(0x7f0000000300)={0x2a, 0x1, 0x13}) read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020) 445.140134ms ago: executing program 4 (id=537): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x20, 0x0, @loopback}, 0x1c) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x4, 0x0) shutdown(r0, 0x0) 385.394844ms ago: executing program 5 (id=538): creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) utime(&(0x7f0000000200)='./file0\x00', 0x0) 358.831395ms ago: executing program 4 (id=539): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000180000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) 292.010796ms ago: executing program 4 (id=540): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101901, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000005c0)={0x1, 0x0, [{0x0, 0x2, 0x0, 0x0, @adapter={0xffffffffffffffff, 0x62e98891, 0x2, 0x1, 0x5}}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 291.436546ms ago: executing program 1 (id=551): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) statfs(0x0, 0x0) 278.910056ms ago: executing program 5 (id=541): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@dioread_nolock}, {@noauto_da_alloc}, {@inlinecrypt}, {@i_version}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@quota}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20) fallocate(r1, 0x8, 0x4000, 0x4000) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x841, 0x0) 245.868727ms ago: executing program 4 (id=542): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000f40)={'pimreg\x00', 0x3c32}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x311) signalfd4(r0, 0x0, 0x0, 0x800) 207.371027ms ago: executing program 1 (id=543): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xf, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) lgetxattr(0x0, 0x0, 0x0, 0x0) timer_create(0x3, 0x0, &(0x7f0000001340)=0x0) timer_gettime(r2, &(0x7f0000001380)) 88.427479ms ago: executing program 4 (id=545): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000036000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{0x1000, 0x3000, 0x3, 0xa9, 0x3, 0xf1, 0x5, 0x7, 0x0, 0x2d, 0xd}, {0x2000, 0x2, 0x4, 0x20, 0x7, 0xc, 0x7f, 0x6, 0x29, 0x0, 0x3, 0x6}, {0x3000, 0x1, 0x3, 0x5, 0x5, 0x1, 0x2, 0x8, 0x0, 0xa7, 0xd, 0x65}, {0x80a0000, 0xdddd0000, 0x0, 0xe7, 0x5, 0x2, 0x1, 0xf8, 0x8, 0x7, 0x2}, {0x5000, 0xdddd0000, 0x8, 0x44, 0x5, 0x6, 0xa, 0x7f, 0x1, 0x0, 0xe7, 0x3}, {0x80a0000, 0x80a0000, 0x3, 0x80, 0xb1, 0x8, 0x1, 0xe, 0x80, 0xd, 0x1, 0x9}, {0xeeee8000, 0x2, 0xc, 0x1, 0x0, 0x5, 0x81, 0x3, 0x5, 0x7d, 0x3, 0x84}, {0x5000, 0x1, 0x3, 0x4, 0x5, 0x3, 0x1, 0x37, 0x2, 0x8, 0xf2, 0xa}, {0xeeef0000, 0x5}, {0x1, 0x4}, 0x80000031, 0x0, 0x10000, 0x11241e, 0xf, 0x0, 0x10000, [0x8000000000000000, 0x1, 0x15e, 0x3]}) 60.902949ms ago: executing program 1 (id=546): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000394000/0x3000)=nil, 0x3000}, 0x1}) 10.31857ms ago: executing program 4 (id=547): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095000000000000002d55715f11e961d1fde85cda4c8aae3a0c64e30cd8655910b3eb2d1451a6bf4b04dc0af703f4c87963ba1424815f140290fb3f659193ae297fdcd50b6dc8d41d9568a55e58cc6514e272e53a081168e74d7189f0e655f66e08f0e108968d80ea3cac636aa60bea16f5e27d5761f66d99ca89ad8cf4e13a2013988c4222d7cf1ff8682043d3d6f16b20de6f1ea6691dcee8e86fa2109aa7898fe15f2c973463c482db5da9926d158ee55592221796e273ccf22a74e8dd3674739087015098b80e9842e82aa484b0047773b358f02338ba5950707984fb201d101bfd1f78b0ea4f397c22d94b5a34491cf3f671af9dacdf409cc1f8d960358d99d506f9b3f52ce15d0cf72083819b4a3a6dfe62b510150dfe25ef1caf21e26954118b0c2dea8b744bed8de035a056fa2d0f7370b9df062c204e070015c5c544f5c74625ea73c563000000c1fcb5a25271"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x22}, 0x44) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) 8.42534ms ago: executing program 1 (id=558): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f00000002c0), &(0x7f0000000300)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) 0s ago: executing program 5 (id=548): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080), &(0x7f0000000180)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 7.677446][ T104] udevd (104) used greatest stack depth: 22912 bytes left [ 14.324969][ T30] kauditd_printk_skb: 48 callbacks suppressed [ 14.324983][ T30] audit: type=1400 audit(1753769023.962:59): avc: denied { transition } for pid=223 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.329484][ T30] audit: type=1400 audit(1753769023.962:60): avc: denied { noatsecure } for pid=223 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.332833][ T30] audit: type=1400 audit(1753769023.962:61): avc: denied { write } for pid=223 comm="sh" path="pipe:[14552]" dev="pipefs" ino=14552 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.336029][ T30] audit: type=1400 audit(1753769023.962:62): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.338777][ T30] audit: type=1400 audit(1753769023.962:63): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.341443][ T220] sshd-session (220) used greatest stack depth: 22240 bytes left Warning: Permanently added '10.128.1.255' (ED25519) to the list of known hosts. [ 21.061030][ T30] audit: type=1400 audit(1753769030.692:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.062220][ T273] cgroup: Unknown subsys name 'net' [ 21.083716][ T30] audit: type=1400 audit(1753769030.702:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.111015][ T30] audit: type=1400 audit(1753769030.722:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.111373][ T273] cgroup: Unknown subsys name 'devices' [ 21.282982][ T273] cgroup: Unknown subsys name 'hugetlb' [ 21.288573][ T273] cgroup: Unknown subsys name 'rlimit' [ 21.545101][ T30] audit: type=1400 audit(1753769031.182:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.568342][ T30] audit: type=1400 audit(1753769031.182:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.573845][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.593266][ T30] audit: type=1400 audit(1753769031.182:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.625176][ T30] audit: type=1400 audit(1753769031.262:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.651313][ T30] audit: type=1400 audit(1753769031.262:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.685955][ T30] audit: type=1400 audit(1753769031.322:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.686428][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.711638][ T30] audit: type=1400 audit(1753769031.322:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.183760][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.190802][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.198256][ T281] device bridge_slave_0 entered promiscuous mode [ 22.206138][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.213222][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.220500][ T281] device bridge_slave_1 entered promiscuous mode [ 22.288824][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.295901][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.303267][ T282] device bridge_slave_0 entered promiscuous mode [ 22.309975][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.317190][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.324740][ T283] device bridge_slave_0 entered promiscuous mode [ 22.332095][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.339132][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.346529][ T283] device bridge_slave_1 entered promiscuous mode [ 22.359865][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.366971][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.374370][ T282] device bridge_slave_1 entered promiscuous mode [ 22.462122][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.469173][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.476591][ T284] device bridge_slave_0 entered promiscuous mode [ 22.483416][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.490457][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.497911][ T284] device bridge_slave_1 entered promiscuous mode [ 22.520738][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.528381][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.536001][ T285] device bridge_slave_0 entered promiscuous mode [ 22.543102][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.550152][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.557594][ T285] device bridge_slave_1 entered promiscuous mode [ 22.651084][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.658157][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.665481][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.672528][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.689686][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.696739][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.704006][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.711021][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.733419][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.740462][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.747770][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.755241][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.764976][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.772030][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.779282][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.786332][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.851740][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.860077][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.868695][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.876368][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.883643][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.891058][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.899523][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.908629][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.916219][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.924651][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.933417][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.942066][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.950371][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.958932][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.966376][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.984705][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.014116][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.022510][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.030112][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.038941][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.047238][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.054808][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.062405][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.070784][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.078931][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.087202][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.094232][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.101608][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.109721][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.116764][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.124153][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.132448][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.139657][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.147687][ T282] device veth0_vlan entered promiscuous mode [ 23.162083][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.170268][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.179476][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.189090][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.196336][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.209024][ T284] device veth0_vlan entered promiscuous mode [ 23.217782][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.226170][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.234360][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.242510][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.250524][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.259332][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.268023][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.276199][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.284477][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.292327][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.300606][ T282] device veth1_macvtap entered promiscuous mode [ 23.314128][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.321989][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.330508][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.358847][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.361784][ T282] request_module fs-gadgetfs succeeded, but still no fs? [ 23.369046][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.384711][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.393201][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.401093][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.409590][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.417884][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.426050][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.434308][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.442862][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.453037][ T281] device veth0_vlan entered promiscuous mode [ 23.463399][ T283] device veth0_vlan entered promiscuous mode [ 23.471229][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.479382][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.488246][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.496323][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.507920][ T284] device veth1_macvtap entered promiscuous mode [ 23.528280][ T285] device veth0_vlan entered promiscuous mode [ 23.539142][ T281] device veth1_macvtap entered promiscuous mode [ 23.546142][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.554018][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.562247][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.569944][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.577743][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.586105][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.594629][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.602635][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.610981][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.619598][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.628466][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.636808][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.645177][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.649180][ T343] loop1: detected capacity change from 0 to 2048 [ 23.653498][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.667554][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.675104][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.695293][ T285] device veth1_macvtap entered promiscuous mode [ 23.706796][ T283] device veth1_macvtap entered promiscuous mode [ 23.721315][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.729580][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.742697][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.751408][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.751696][ T343] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.759841][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.779053][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.787695][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.803204][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.805529][ T343] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.7: bg 0: block 120: padding at end of block bitmap is not set [ 23.811852][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.833961][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.842064][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.850408][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.858841][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.867718][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.921966][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.937561][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.946583][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.955332][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.964771][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.973726][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.983335][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.987494][ T350] process 'syz.4.5' launched '/dev/fd/3' with NULL argv: empty string added [ 23.991976][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.211358][ T374] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.340160][ T396] loop1: detected capacity change from 0 to 512 [ 24.347173][ T394] SELinux: failed to load policy [ 24.353577][ T398] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=258 sclass=netlink_xfrm_socket pid=398 comm=syz.3.19 [ 24.370733][ T400] SELinux: failed to load policy [ 24.413137][ T406] overlayfs: failed to set xattr on upper [ 24.462527][ T396] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,noinit_itable,barrier=0x0000000000000040,grpjquota=,errors=remount-ro,init_itable,. Quota mode: writeback. [ 24.499951][ T396] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.582570][ T430] loop0: detected capacity change from 0 to 128 [ 24.696312][ T337] attempt to access beyond end of device [ 24.696312][ T337] loop0: rw=1, want=1041, limit=128 [ 24.726515][ T443] loop3: detected capacity change from 0 to 256 [ 24.748567][ T443] ======================================================= [ 24.748567][ T443] WARNING: The mand mount option has been deprecated and [ 24.748567][ T443] and is ignored by this kernel. Remove the mand [ 24.748567][ T443] option from the mount to silence this warning. [ 24.748567][ T443] ======================================================= [ 24.868243][ T443] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 24.894173][ T452] loop0: detected capacity change from 0 to 512 [ 25.053725][ T452] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 25.128001][ T452] EXT4-fs (loop0): 1 orphan inode deleted [ 25.133824][ T470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.53'. [ 25.141226][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.154535][ T452] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 25.216048][ T452] syz.0.46 (452) used greatest stack depth: 21344 bytes left [ 25.236195][ T478] syz.1.57[478] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.236274][ T478] syz.1.57[478] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.333264][ T489] syz.3.61[489] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.347483][ T489] syz.3.61[489] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.520955][ T497] loop3: detected capacity change from 0 to 40427 [ 25.541610][ T497] F2FS-fs (loop3): invalid crc value [ 25.548761][ T497] F2FS-fs (loop3): Found nat_bits in checkpoint [ 25.570740][ T497] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 25.604128][ T285] attempt to access beyond end of device [ 25.604128][ T285] loop3: rw=2049, want=45104, limit=40427 [ 25.771203][ T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.991877][ T542] bridge: RTM_NEWNEIGH with invalid ether address [ 26.011216][ T20] usb 2-1: Using ep0 maxpacket: 32 [ 26.041744][ T548] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 26.079990][ T30] kauditd_printk_skb: 139 callbacks suppressed [ 26.080003][ T30] audit: type=1400 audit(1753769035.712:213): avc: denied { name_bind } for pid=556 comm="syz.3.90" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 26.107971][ T30] audit: type=1400 audit(1753769035.712:214): avc: denied { node_bind } for pid=556 comm="syz.3.90" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 26.108193][ T557] syz.3.90 (557) used greatest stack depth: 20800 bytes left [ 26.141321][ T20] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 26.160162][ T20] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 26.180905][ T20] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 26.190412][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 26.200380][ T20] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 26.210584][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 26.220854][ T20] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 26.232286][ T20] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 26.245531][ T20] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 26.260092][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.268963][ T20] usb 2-1: config 0 descriptor?? [ 26.376555][ T30] audit: type=1400 audit(1753769036.012:215): avc: denied { watch_reads } for pid=585 comm="syz.3.102" path="/30" dev="tmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 26.446571][ T30] audit: type=1326 audit(1753769036.082:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.478252][ T30] audit: type=1326 audit(1753769036.082:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.516035][ T30] audit: type=1326 audit(1753769036.082:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.539901][ T20] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 26.552151][ T30] audit: type=1326 audit(1753769036.082:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.554535][ T20] usb 2-1: USB disconnect, device number 2 [ 26.576213][ T30] audit: type=1326 audit(1753769036.082:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.590797][ T20] usblp0: removed [ 26.617588][ T30] audit: type=1326 audit(1753769036.082:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.641744][ T30] audit: type=1326 audit(1753769036.102:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=595 comm="syz.3.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f682f2529a9 code=0x7ffc0000 [ 26.781249][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.947991][ T620] loop4: detected capacity change from 0 to 512 [ 26.970219][ T620] EXT4-fs (loop4): 1 orphan inode deleted [ 26.976413][ T620] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.989487][ T620] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 26.995243][ T626] kvm [625]: vcpu2, guest rIP: 0x9131 ignored wrmsr: 0x11e data 0x0 [ 27.074769][ T635] loop4: detected capacity change from 0 to 2048 [ 27.109405][ T644] 9pnet: p9_errstr2errno: server reported unknown error  [ 27.111172][ T20] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 27.124806][ T635] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 27.134801][ T635] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 27.147572][ T635] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 1)! [ 27.157855][ T635] EXT4-fs (loop4): group descriptors corrupted! [ 27.181257][ T6] usb 1-1: unable to get BOS descriptor or descriptor too short [ 27.261319][ T6] usb 1-1: config 6 has an invalid interface number: 200 but max is 0 [ 27.269594][ T6] usb 1-1: config 6 has no interface number 0 [ 27.282621][ T6] usb 1-1: config 6 interface 200 has no altsetting 0 [ 27.353721][ T661] loop2: detected capacity change from 0 to 512 [ 27.361817][ T20] usb 2-1: Using ep0 maxpacket: 32 [ 27.384949][ T661] EXT4-fs (loop2): 1 orphan inode deleted [ 27.390700][ T661] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.401885][ T661] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 27.441277][ T6] usb 1-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 27.450467][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.458847][ T6] usb 1-1: Product: syz [ 27.463406][ T6] usb 1-1: Manufacturer: syz [ 27.468012][ T6] usb 1-1: SerialNumber: syz [ 27.491220][ T20] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 27.500070][ T20] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 27.520249][ T20] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 27.542239][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 27.552440][ T20] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 27.564244][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 27.574223][ T20] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 27.584240][ T20] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 27.597254][ T20] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 27.606377][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.615060][ T680] netlink: 'syz.4.140': attribute type 13 has an invalid length. [ 27.615548][ T20] usb 2-1: config 0 descriptor?? [ 27.629556][ T680] netlink: 'syz.4.140': attribute type 17 has an invalid length. [ 27.641034][ T682] binder: 681:682 ioctl c0306201 200000000040 returned -14 [ 27.725264][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 27.741958][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 27.750814][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 27.759573][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 27.768368][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 27.777130][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 27.788665][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 27.797494][ T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 27.822170][ T698] loop4: detected capacity change from 0 to 128 [ 27.881936][ T20] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 27.917224][ T20] usb 2-1: USB disconnect, device number 3 [ 27.937394][ T20] usblp0: removed [ 28.084351][ T731] loop4: detected capacity change from 0 to 512 [ 28.130283][ T731] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 28.138873][ T731] System zones: 0-2, 18-18, 34-34 [ 28.147761][ T731] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.164: bg 0: block 248: padding at end of block bitmap is not set [ 28.163129][ T731] EXT4-fs error (device loop4): ext4_acquire_dquot:6198: comm syz.4.164: Failed to acquire dquot type 1 [ 28.179601][ T731] EXT4-fs (loop4): 1 truncate cleaned up [ 28.185666][ T731] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 28.197044][ T731] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.371185][ T60] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.571207][ T332] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.611217][ T60] usb 3-1: Using ep0 maxpacket: 16 [ 28.731230][ T621] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 28.741307][ T60] usb 3-1: config 0 has no interfaces? [ 28.831411][ T60] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 28.840979][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 28.849495][ T60] usb 3-1: SerialNumber: syz [ 28.855460][ T60] usb 3-1: config 0 descriptor?? [ 28.941650][ T332] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 28.953177][ T332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.963840][ T332] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 28.979125][ T332] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 28.988979][ T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.991186][ T621] usb 2-1: Using ep0 maxpacket: 32 [ 28.999980][ T332] usb 4-1: config 0 descriptor?? [ 29.093540][ T60] usb 3-1: USB disconnect, device number 2 [ 29.121285][ T621] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.133370][ T621] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.148389][ T621] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 29.161107][ T621] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.171837][ T621] usb 2-1: config 0 descriptor?? [ 29.211627][ T621] hub 2-1:0.0: USB hub found [ 29.482077][ T332] holtek_kbd 0003:04D9:A055.0001: unbalanced delimiter at end of report description [ 29.491636][ T332] holtek_kbd: probe of 0003:04D9:A055.0001 failed with error -22 [ 29.521293][ T621] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 29.532342][ T332] usb 1-1: USB disconnect, device number 2 [ 29.666152][ T786] loop2: detected capacity change from 0 to 512 [ 29.691239][ T6] usb 4-1: USB disconnect, device number 2 [ 29.713406][ T786] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.724547][ T786] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.742216][ T786] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #18: comm syz.2.187: corrupted xattr block 20 [ 29.759415][ T283] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid [ 29.771032][ T283] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid [ 29.941260][ T20] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 29.949467][ T792] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.952424][ T621] hid-generic 0003:046D:C31C.0002: item fetching failed at offset 0/1 [ 29.957338][ T792] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.965083][ T621] hid-generic: probe of 0003:046D:C31C.0002 failed with error -22 [ 29.972281][ T792] device bridge_slave_0 entered promiscuous mode [ 29.990053][ T792] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.997832][ T792] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.005203][ T792] device bridge_slave_1 entered promiscuous mode [ 30.047183][ T792] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.054233][ T792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.062005][ T792] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.069040][ T792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.090818][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.098498][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.106757][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.115857][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.124631][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.131681][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.140867][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.150106][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.157238][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.175814][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.189568][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.203127][ T20] usb 5-1: Using ep0 maxpacket: 16 [ 30.209238][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.218320][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.226726][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.235144][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.246420][ T792] device veth0_vlan entered promiscuous mode [ 30.258452][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.272982][ T792] device veth1_macvtap entered promiscuous mode [ 30.287086][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.300760][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.301367][ T332] usb 2-1: USB disconnect, device number 4 [ 30.341247][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.364636][ T446] device bridge_slave_1 left promiscuous mode [ 30.373710][ T20] usb 5-1: New USB device found, idVendor=046d, idProduct=c53f, bcdDevice= 0.00 [ 30.388432][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.398202][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.409799][ T20] usb 5-1: config 0 descriptor?? [ 30.419924][ T446] device bridge_slave_0 left promiscuous mode [ 30.445813][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.456910][ T446] device veth1_macvtap left promiscuous mode [ 30.477067][ T446] device veth0_vlan left promiscuous mode [ 30.530680][ T824] loop3: detected capacity change from 0 to 1024 [ 30.555133][ T824] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 2: comm syz.3.201: lblock 2 mapped to illegal pblock 2 (length 1) [ 30.569268][ T824] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 48: comm syz.3.201: lblock 0 mapped to illegal pblock 48 (length 1) [ 30.584247][ T824] EXT4-fs error (device loop3): ext4_acquire_dquot:6198: comm syz.3.201: Failed to acquire dquot type 0 [ 30.595902][ T824] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 30.606421][ T824] EXT4-fs error (device loop3): ext4_evict_inode:283: inode #11: comm syz.3.201: mark_inode_dirty error [ 30.617862][ T824] EXT4-fs warning (device loop3): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 30.628552][ T824] EXT4-fs (loop3): 1 orphan inode deleted [ 30.634666][ T824] EXT4-fs (loop3): mounted filesystem without journal. Opts: auto_da_alloc,noblock_validity,init_itable,max_batch_time=0x00000000000008c9,nodiscard,inlinecrypt,i_version,,errors=continue. Quota mode: none. [ 30.671436][ T45] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 30.694723][ T45] EXT4-fs error (device loop3): ext4_release_dquot:6234: comm kworker/u4:2: Failed to release dquot type 0 [ 30.706338][ T824] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #2: block 16: comm syz.3.201: lblock 0 mapped to illegal pblock 16 (length 1) [ 30.728012][ T833] loop5: detected capacity change from 0 to 128 [ 30.739700][ T285] EXT4-fs error (device loop3): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 30.753477][ T285] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 30.771082][ T285] EXT4-fs error (device loop3): ext4_quota_off:6504: inode #3: comm syz-executor: mark_inode_dirty error [ 30.847873][ T839] SELinux: unknown common [ 30.853380][ T839] SELinux: failed to load policy [ 30.931188][ T20] usbhid 5-1:0.0: can't add hid device: -71 [ 30.937297][ T20] usbhid: probe of 5-1:0.0 failed with error -71 [ 30.952780][ T20] usb 5-1: USB disconnect, device number 2 [ 30.985326][ T860] syz.3.216[860] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.985396][ T860] syz.3.216[860] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.082651][ T30] kauditd_printk_skb: 119 callbacks suppressed [ 31.082663][ T30] audit: type=1400 audit(1753769040.722:337): avc: denied { mount } for pid=874 comm="syz.1.223" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 31.142254][ T30] audit: type=1400 audit(1753769040.782:338): avc: denied { validate_trans } for pid=878 comm="syz.5.225" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 31.282363][ T900] loop0: detected capacity change from 0 to 1024 [ 31.336336][ T900] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.423574][ T913] loop4: detected capacity change from 0 to 1024 [ 31.452632][ T900] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,norecovery,resgid=0x0000000000000000,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,grpid,auto_da_alloc=0x0000000000000343,grpid,barrier=0x0000000000000007,nombcache,. Quota mode: none. [ 31.491752][ T913] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 31.504684][ T913] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 31.518014][ T913] JBD2: no valid journal superblock found [ 31.528932][ T913] EXT4-fs (loop4): error loading journal [ 31.544890][ T900] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 31.555443][ T927] tipc: Started in network mode [ 31.560341][ T927] tipc: Node identity ac14140f, cluster identity 4711 [ 31.567877][ T927] tipc: New replicast peer: 255.255.255.83 [ 31.574422][ T927] tipc: Enabled bearer , priority 10 [ 31.632538][ T932] syz.5.248 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 31.648160][ T30] audit: type=1326 audit(1753769041.282:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=933 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 31.662957][ T936] loop4: detected capacity change from 0 to 8192 [ 31.696243][ T938] SELinux: Context system_u:object_r:memory_device_t:s0 is not valid (left unmapped). [ 31.707117][ T30] audit: type=1326 audit(1753769041.322:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=933 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 31.751423][ T60] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 31.752713][ T30] audit: type=1326 audit(1753769041.332:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=933 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 31.784305][ T30] audit: type=1326 audit(1753769041.332:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=933 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 31.797288][ T934] SELinux: Context system_u:object_r:netcontrol_device_t:s0 is not valid (left unmapped). [ 31.808494][ T30] audit: type=1326 audit(1753769041.332:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=933 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 31.845183][ T936] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.888184][ T30] audit: type=1326 audit(1753769041.332:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=933 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 31.931022][ T30] audit: type=1400 audit(1753769041.332:345): avc: denied { relabelfrom } for pid=937 comm="syz.0.249" name="" dev="pipefs" ino=18913 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 31.971086][ T30] audit: type=1400 audit(1753769041.372:346): avc: denied { relabelto } for pid=937 comm="syz.0.249" name="" dev="pipefs" ino=18913 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:memory_device_t:s0" [ 32.005031][ T957] loop0: detected capacity change from 0 to 128 [ 32.112441][ T965] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=965 comm=syz.4.263 [ 32.139571][ T965] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=965 comm=syz.4.263 [ 32.155167][ T969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.265'. [ 32.243618][ T983] 9pnet: p9_errstr2errno: server reported unknown error 0000000000,group_id=00000000000000000000, [ 32.341231][ T60] usb 4-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 32.369554][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.381359][ T60] usb 4-1: Product: syz [ 32.385828][ T60] usb 4-1: Manufacturer: syz [ 32.390978][ T60] usb 4-1: SerialNumber: syz [ 32.396691][ T60] usb 4-1: config 0 descriptor?? [ 32.512637][ T1030] loop4: detected capacity change from 0 to 512 [ 32.534678][ T1030] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 32.552817][ T1030] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,stripe=0x0000000000000002,jqfmt=vfsold,,errors=continue. Quota mode: writeback. [ 32.572065][ T6] tipc: Node number set to 2886997007 [ 32.572215][ T1030] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.741179][ T42] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 32.771178][ T621] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 33.031193][ T621] usb 6-1: Using ep0 maxpacket: 32 [ 33.111204][ T42] usb 2-1: config 0 has an invalid interface number: 102 but max is 0 [ 33.119545][ T42] usb 2-1: config 0 has no interface number 0 [ 33.125676][ T42] usb 2-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 33.134819][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.143586][ T42] usb 2-1: config 0 descriptor?? [ 33.171210][ T621] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 33.179522][ T621] usb 6-1: config 0 has no interface number 0 [ 33.185688][ T621] usb 6-1: config 0 interface 184 has no altsetting 0 [ 33.216009][ T1036] loop0: detected capacity change from 0 to 8192 [ 33.227018][ T1036] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.371214][ T621] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 33.380568][ T621] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.388884][ T621] usb 6-1: Product: syz [ 33.393448][ T621] usb 6-1: Manufacturer: syz [ 33.398272][ T621] usb 6-1: SerialNumber: syz [ 33.404167][ T621] usb 6-1: config 0 descriptor?? [ 33.461615][ T621] smsc75xx v1.0.0 [ 33.469327][ T1052] loop0: detected capacity change from 0 to 4096 [ 33.478453][ T1052] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 33.714945][ T1085] loop0: detected capacity change from 0 to 1024 [ 33.732776][ T1085] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 33.748884][ T1085] EXT4-fs error (device loop0): ext4_free_inode:355: comm syz.0.316: bit already cleared for inode 15 [ 33.760126][ T60] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 33.770626][ T60] asix 4-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 33.781015][ T60] asix: probe of 4-1:0.0 failed with error -71 [ 33.787961][ T60] usb 4-1: USB disconnect, device number 3 [ 33.827778][ T1089] loop0: detected capacity change from 0 to 128 [ 33.875388][ T1089] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 33.883375][ T1089] FAT-fs (loop0): Filesystem has been set read-only [ 33.890585][ T1089] attempt to access beyond end of device [ 33.890585][ T1089] loop0: rw=524288, want=2073, limit=128 [ 33.902291][ T1089] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 33.910218][ T1089] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 33.918496][ T1089] attempt to access beyond end of device [ 33.918496][ T1089] loop0: rw=0, want=2073, limit=128 [ 33.929617][ T1089] attempt to access beyond end of device [ 33.929617][ T1089] loop0: rw=0, want=2073, limit=128 [ 33.929713][ T1090] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 33.940825][ T1089] attempt to access beyond end of device [ 33.940825][ T1089] loop0: rw=0, want=2073, limit=128 [ 33.948716][ T1090] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 33.967768][ T1089] attempt to access beyond end of device [ 33.967768][ T1089] loop0: rw=0, want=2073, limit=128 [ 33.967869][ T1090] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 33.979459][ T1089] attempt to access beyond end of device [ 33.979459][ T1089] loop0: rw=0, want=2073, limit=128 [ 33.998946][ T1090] attempt to access beyond end of device [ 33.998946][ T1090] loop0: rw=0, want=2073, limit=128 [ 34.009857][ T1088] attempt to access beyond end of device [ 34.009857][ T1088] loop0: rw=0, want=2073, limit=128 [ 34.021376][ T1088] attempt to access beyond end of device [ 34.021376][ T1088] loop0: rw=0, want=2073, limit=128 [ 34.032644][ T1089] attempt to access beyond end of device [ 34.032644][ T1089] loop0: rw=0, want=2073, limit=128 [ 34.271208][ T42] asix 2-1:0.102 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 34.292212][ T42] asix: probe of 2-1:0.102 failed with error -71 [ 34.305160][ T42] usb 2-1: USB disconnect, device number 5 [ 34.494809][ T1115] loop3: detected capacity change from 0 to 512 [ 34.521772][ T1115] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 34.530851][ T1115] EXT4-fs (loop3): invalid journal inode [ 34.537318][ T1115] EXT4-fs (loop3): can't get journal size [ 34.548166][ T1115] EXT4-fs (loop3): 1 truncate cleaned up [ 34.554385][ T1115] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 34.672229][ T1119] loop3: detected capacity change from 0 to 8192 [ 34.721192][ T20] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 34.751223][ T621] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 34.762911][ T621] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 34.794751][ T1125] netlink: 'syz.1.333': attribute type 4 has an invalid length. [ 34.796228][ T621] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 34.816660][ T1125] netlink: 'syz.1.333': attribute type 4 has an invalid length. [ 34.839023][ T621] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 34.865863][ T621] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 34.886801][ T621] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 34.909459][ T621] smsc75xx: probe of 6-1:0.184 failed with error -71 [ 34.932405][ T621] usb 6-1: USB disconnect, device number 2 [ 34.971207][ T20] usb 5-1: Using ep0 maxpacket: 16 [ 35.034433][ T1121] loop0: detected capacity change from 0 to 40427 [ 35.046233][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 35.051523][ T1121] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 35.069191][ T1121] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.069611][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 35.088068][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 35.091892][ T20] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 35.097902][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 35.107726][ T1121] F2FS-fs (loop0): Found nat_bits in checkpoint [ 35.114426][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.120877][ T20] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 35.139087][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 35.149027][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.157875][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 35.166669][ T20] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 35.181893][ T1121] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.189040][ T20] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 35.199173][ T1121] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 35.211662][ T20] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 35.231177][ T20] usb 5-1: config 1 interface 0 has no altsetting 0 [ 35.248383][ T20] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 35.265053][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.321650][ T20] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 35.342067][ T1157] loop3: detected capacity change from 0 to 8192 [ 35.352733][ T1160] loop5: detected capacity change from 0 to 512 [ 35.412245][ T1160] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 35.428730][ T1160] EXT4-fs (loop5): invalid journal inode [ 35.439477][ T1157] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.492095][ T1160] EXT4-fs (loop5): can't get journal size [ 35.511670][ T1160] EXT4-fs (loop5): 1 truncate cleaned up [ 35.518009][ T1160] EXT4-fs (loop5): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 35.558767][ T20] scsi host1: usb-storage 5-1:1.0 [ 35.691188][ T623] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 35.788675][ T20] usb 5-1: USB disconnect, device number 3 [ 35.942722][ T1195] loop1: detected capacity change from 0 to 4096 [ 35.993510][ T1195] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 36.052897][ T623] usb 1-1: config 0 has an invalid interface number: 102 but max is 0 [ 36.063361][ T1198] loop1: detected capacity change from 0 to 512 [ 36.069761][ T623] usb 1-1: config 0 has no interface number 0 [ 36.076000][ T623] usb 1-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 36.085152][ T623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.094764][ T623] usb 1-1: config 0 descriptor?? [ 36.142108][ T1198] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 36.150518][ T1198] EXT4-fs (loop1): invalid journal inode [ 36.156283][ T1198] EXT4-fs (loop1): can't get journal size [ 36.163083][ T1198] EXT4-fs (loop1): 1 truncate cleaned up [ 36.168788][ T1198] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,,errors=continue. Quota mode: none. [ 36.211216][ T60] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 36.292590][ T1207] loop1: detected capacity change from 0 to 1024 [ 36.315615][ T30] kauditd_printk_skb: 2684 callbacks suppressed [ 36.315630][ T30] audit: type=1400 audit(1753769045.952:3031): avc: denied { ioctl } for pid=1208 comm="syz.4.364" path="socket:[20122]" dev="sockfs" ino=20122 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.322622][ T1207] EXT4-fs (loop1): Ignoring removed orlov option [ 36.370191][ T1212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.365'. [ 36.371698][ T1207] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 36.379732][ T1212] netlink: 24 bytes leftover after parsing attributes in process `syz.4.365'. [ 36.521711][ T30] audit: type=1326 audit(1753769046.162:3032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd233712b89 code=0x7ffc0000 [ 36.581258][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.606276][ T1224] loop3: detected capacity change from 0 to 4096 [ 36.613002][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.624731][ T30] audit: type=1326 audit(1753769046.192:3033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd233712b89 code=0x7ffc0000 [ 36.671305][ T60] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 36.691632][ T1224] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 36.704490][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.734906][ T30] audit: type=1326 audit(1753769046.192:3034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 36.770278][ T60] usb 6-1: config 0 descriptor?? [ 36.801590][ T30] audit: type=1326 audit(1753769046.192:3035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd233712b89 code=0x7ffc0000 [ 36.859331][ T1227] loop3: detected capacity change from 0 to 1024 [ 36.868788][ T30] audit: type=1326 audit(1753769046.192:3036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 36.894876][ T30] audit: type=1326 audit(1753769046.192:3037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd233712b89 code=0x7ffc0000 [ 36.919087][ T30] audit: type=1326 audit(1753769046.192:3038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd233712b89 code=0x7ffc0000 [ 36.948863][ T30] audit: type=1326 audit(1753769046.192:3039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 36.978397][ T1227] EXT4-fs (loop3): Ignoring removed oldalloc option [ 36.978777][ T30] audit: type=1326 audit(1753769046.192:3040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1220 comm="syz.4.369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd233712b89 code=0x7ffc0000 [ 37.019258][ T1227] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x0000000000000003,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,oldalloc,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 37.179704][ T1248] loop1: detected capacity change from 0 to 1024 [ 37.231264][ T623] asix 1-1:0.102 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 37.241472][ T623] asix: probe of 1-1:0.102 failed with error -71 [ 37.249918][ T623] usb 1-1: USB disconnect, device number 3 [ 37.261908][ T1248] EXT4-fs (loop1): Ignoring removed orlov option [ 37.272486][ T1248] EXT4-fs (loop1): mounted filesystem without journal. Opts: acl,barrier,barrier=0x0000000000000000,sysvgroups,debug_want_extra_isize=0x0000000000000080,orlov,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none. [ 37.299838][ T1248] EXT4-fs (loop1): Ignoring removed orlov option [ 37.307133][ T1248] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 37.314898][ T1248] EXT4-fs (loop1): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,sb=0x0000000000000064,orlov,quota,data_err=abort,nomblk_io_submit,. Quota mode: writeback. [ 37.389205][ T1253] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.396565][ T1253] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.405768][ T1253] device bridge_slave_1 left promiscuous mode [ 37.412039][ T1253] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.419443][ T1253] device bridge_slave_0 left promiscuous mode [ 37.421207][ T42] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 37.426110][ T1253] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.511236][ T60] usb 6-1: string descriptor 0 read error: -22 [ 37.671181][ T42] usb 4-1: Using ep0 maxpacket: 16 [ 37.740485][ T1265] loop0: detected capacity change from 0 to 1024 [ 37.747601][ T1267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.387'. [ 37.771345][ T60] uclogic 0003:256C:006D.0003: interface is invalid, ignoring [ 37.783603][ T1265] EXT4-fs (loop0): Ignoring removed orlov option [ 37.791208][ T42] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 37.802151][ T42] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 37.812115][ T42] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 37.814819][ T1269] SELinux: ebitmap: truncated map [ 37.821858][ T42] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 37.828357][ T1265] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 37.837234][ T42] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 37.857953][ T1269] SELinux: failed to load policy [ 37.861568][ T42] usb 4-1: config 1 interface 0 has no altsetting 0 [ 37.879269][ T42] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 37.888372][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.931597][ T42] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 37.986772][ T623] usb 6-1: USB disconnect, device number 3 [ 38.088047][ T1291] syz.0.397[1291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.088096][ T1291] syz.0.397[1291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.100586][ T1291] syz.0.397[1291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.112245][ T1291] syz.0.397[1291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.151489][ T1295] tipc: Started in network mode [ 38.152228][ T42] scsi host1: usb-storage 4-1:1.0 [ 38.162889][ T1295] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 38.182099][ T1295] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 38.190337][ T1295] tipc: Enabled bearer , priority 10 [ 38.316145][ T1312] loop0: detected capacity change from 0 to 2048 [ 38.341335][ T621] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 38.380548][ T623] usb 4-1: USB disconnect, device number 4 [ 38.386880][ T20] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 38.388125][ T1312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 38.414332][ T1312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.408: bg 0: block 120: padding at end of block bitmap is not set [ 38.517393][ T1316] loop5: detected capacity change from 0 to 1024 [ 38.537644][ T1316] EXT4-fs (loop5): Ignoring removed orlov option [ 38.547477][ T1316] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 38.711278][ T621] usb 5-1: config 0 has an invalid interface number: 102 but max is 0 [ 38.719797][ T621] usb 5-1: config 0 has no interface number 0 [ 38.726178][ T621] usb 5-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 38.735538][ T621] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.744544][ T621] usb 5-1: config 0 descriptor?? [ 38.752706][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.763742][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.776606][ T20] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 38.786143][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.801442][ T20] usb 2-1: config 0 descriptor?? [ 38.816719][ T1347] 9pnet: p9_errstr2errno: server reported unknown error @pA;KZ44/@q [ 38.968917][ T1365] loop3: detected capacity change from 0 to 1024 [ 39.009226][ T1365] EXT4-fs (loop3): Ignoring removed orlov option [ 39.026524][ T1365] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 39.041950][ T1067] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 39.311279][ T60] tipc: Node number set to 1 [ 39.411268][ T1067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.422664][ T1067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.433054][ T1067] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 39.442334][ T1067] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.464167][ T1067] usb 1-1: config 0 descriptor?? [ 39.471269][ T42] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 39.661616][ T60] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 39.711192][ T42] usb 6-1: Using ep0 maxpacket: 16 [ 39.831310][ T42] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 39.843040][ T42] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 39.855267][ T42] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 39.867069][ T42] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 39.871331][ T621] asix 5-1:0.102 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 39.877707][ T42] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 39.888245][ T621] asix: probe of 5-1:0.102 failed with error -71 [ 39.898791][ T42] usb 6-1: config 1 interface 0 has no altsetting 0 [ 39.907552][ T621] usb 5-1: USB disconnect, device number 4 [ 39.918229][ T42] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 39.927671][ T42] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.942551][ T20] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0004/input/input4 [ 39.957630][ T20] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0004/input/input5 [ 39.971731][ T42] ums-sddr09 6-1:1.0: USB Mass Storage device detected [ 39.974554][ T20] uclogic 0003:256C:006D.0004: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 40.031339][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 40.042540][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.052693][ T60] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 40.061769][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.070270][ T60] usb 4-1: config 0 descriptor?? [ 40.144734][ T20] usb 2-1: USB disconnect, device number 6 [ 40.151370][ T1067] usb 1-1: string descriptor 0 read error: -22 [ 40.191873][ T42] scsi host1: usb-storage 6-1:1.0 [ 40.401273][ T1067] uclogic 0003:256C:006D.0005: interface is invalid, ignoring [ 40.428498][ T42] usb 6-1: USB disconnect, device number 4 [ 40.531975][ T60] elo 0003:04E7:0030.0006: item fetching failed at offset 0/3 [ 40.539700][ T60] elo 0003:04E7:0030.0006: parse failed [ 40.545832][ T60] elo: probe of 0003:04E7:0030.0006 failed with error -22 [ 40.617340][ T20] usb 1-1: USB disconnect, device number 4 [ 40.701952][ T1401] xt_hashlimit: max too large, truncated to 1048576 [ 40.735931][ T60] usb 4-1: USB disconnect, device number 5 [ 40.970608][ T1416] loop4: detected capacity change from 0 to 1024 [ 41.044107][ T1416] EXT4-fs (loop4): Ignoring removed orlov option [ 41.052653][ T1416] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 41.231178][ T60] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 41.256557][ T1439] loop3: detected capacity change from 0 to 512 [ 41.335426][ T1439] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback. [ 41.349534][ T1439] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.364468][ T30] kauditd_printk_skb: 863 callbacks suppressed [ 41.364481][ T30] audit: type=1400 audit(1753769051.002:3904): avc: denied { read write } for pid=1438 comm="syz.3.460" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 41.394342][ T30] audit: type=1400 audit(1753769051.002:3905): avc: denied { open } for pid=1438 comm="syz.3.460" path="/95/file0/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 41.417348][ T30] audit: type=1400 audit(1753769051.012:3906): avc: denied { ioctl } for pid=1438 comm="syz.3.460" path="/95/file0/file1" dev="loop3" ino=15 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 41.511213][ T42] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 41.601179][ T20] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 41.621258][ T60] usb 6-1: config 0 has an invalid interface number: 102 but max is 0 [ 41.629456][ T60] usb 6-1: config 0 has no interface number 0 [ 41.635689][ T60] usb 6-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 41.644954][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.653820][ T60] usb 6-1: config 0 descriptor?? [ 41.761162][ T42] usb 1-1: Using ep0 maxpacket: 16 [ 41.791176][ T623] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 41.825976][ T1452] incfs: Options parsing error. -22 [ 41.831265][ T1452] incfs: mount failed -22 [ 41.841699][ T20] usb 5-1: Using ep0 maxpacket: 32 [ 41.881279][ T42] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 41.891502][ T42] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 41.901480][ T42] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 41.911337][ T42] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 41.921090][ T42] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 41.930952][ T42] usb 1-1: config 1 interface 0 has no altsetting 0 [ 41.939870][ T42] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 41.949043][ T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.961198][ T20] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 41.969731][ T20] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 41.978896][ T20] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 41.988473][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 41.991623][ T42] ums-sddr09 1-1:1.0: USB Mass Storage device detected [ 41.998885][ T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 42.015564][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 42.025403][ T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 42.035157][ T20] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 42.048294][ T20] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 42.057387][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.069100][ T20] usb 5-1: config 0 descriptor?? [ 42.078122][ T1460] SELinux: ebitmap: truncated map [ 42.083232][ T1460] SELinux: failed to load policy [ 42.122995][ T30] audit: type=1400 audit(1753769051.762:3907): avc: denied { write } for pid=1465 comm="syz.1.471" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 42.168055][ T1469] loop1: detected capacity change from 0 to 1024 [ 42.181378][ T623] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.192369][ T623] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.202047][ T42] scsi host1: usb-storage 1-1:1.0 [ 42.203196][ T623] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 42.217406][ T1469] EXT4-fs (loop1): Ignoring removed orlov option [ 42.224135][ T623] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.233125][ T623] usb 4-1: config 0 descriptor?? [ 42.239471][ T1469] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 42.322001][ T20] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 42.340616][ T20] usb 5-1: USB disconnect, device number 5 [ 42.348811][ T20] usblp0: removed [ 42.418868][ T42] usb 1-1: USB disconnect, device number 5 [ 42.593023][ T1483] loop1: detected capacity change from 0 to 1024 [ 42.654489][ T1483] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 42.761202][ T60] asix 6-1:0.102 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 42.781613][ T60] asix: probe of 6-1:0.102 failed with error -71 [ 42.788833][ T60] usb 6-1: USB disconnect, device number 5 [ 42.861216][ T1496] loop1: detected capacity change from 0 to 40427 [ 42.911298][ T623] usb 4-1: string descriptor 0 read error: -22 [ 42.917699][ T1496] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 42.924899][ T20] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 42.932541][ T1496] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 42.948126][ T1496] F2FS-fs (loop1): Found nat_bits in checkpoint [ 42.969045][ T1502] loop0: detected capacity change from 0 to 1024 [ 42.976810][ T1502] EXT4-fs (loop0): Ignoring removed orlov option [ 42.986556][ T1502] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 42.992835][ T1496] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 43.009234][ T1496] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 43.080209][ T30] audit: type=1400 audit(1753769052.712:3908): avc: denied { append } for pid=1495 comm="syz.1.482" path="/104/file2/memory.events" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 43.104808][ T30] audit: type=1400 audit(1753769052.742:3909): avc: denied { ioctl } for pid=1495 comm="syz.1.482" path="/104/file2/memory.events" dev="loop1" ino=10 ioctlcmd=0xf50b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 43.161251][ T623] uclogic 0003:256C:006D.0007: interface is invalid, ignoring [ 43.181909][ T20] usb 5-1: Using ep0 maxpacket: 32 [ 43.278368][ T1516] netlink: 'syz.5.489': attribute type 4 has an invalid length. [ 43.293728][ T1518] SELinux: failed to load policy [ 43.312651][ T20] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 43.322663][ T20] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 43.337132][ T20] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 43.346827][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 43.357311][ T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 43.367248][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 43.377620][ T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 43.387890][ T20] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 43.391225][ T60] usb 4-1: USB disconnect, device number 6 [ 43.400904][ T20] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 43.415881][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.425027][ T30] audit: type=1400 audit(1753769053.062:3910): avc: denied { nlmsg_read } for pid=1523 comm="syz.5.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 43.445958][ T20] usb 5-1: config 0 descriptor?? [ 43.451274][ T30] audit: type=1400 audit(1753769053.062:3911): avc: denied { audit_write } for pid=1523 comm="syz.5.493" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 43.472848][ T30] audit: type=1107 audit(1753769053.062:3912): pid=1523 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 43.693285][ T282] handle_bad_sector: 38724 callbacks suppressed [ 43.693302][ T282] attempt to access beyond end of device [ 43.693302][ T282] loop1: rw=2049, want=45104, limit=40427 [ 43.713104][ T20] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 43.721261][ T332] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 43.802591][ T1531] loop1: detected capacity change from 0 to 1024 [ 43.862733][ T1531] EXT4-fs (loop1): Ignoring removed orlov option [ 43.871598][ T1531] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 43.914666][ T60] usb 5-1: USB disconnect, device number 6 [ 43.930672][ T60] usblp0: removed [ 43.971166][ T332] usb 6-1: Using ep0 maxpacket: 16 [ 43.978322][ T1539] tipc: Started in network mode [ 43.983408][ T1539] tipc: Node identity ac14140f, cluster identity 4711 [ 43.990675][ T1539] tipc: New replicast peer: 255.255.255.83 [ 43.997089][ T1539] tipc: Enabled bearer , priority 10 [ 44.091388][ T332] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 44.100399][ T332] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 44.110191][ T332] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 44.120178][ T332] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 44.130731][ T332] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 44.141581][ T332] usb 6-1: config 1 interface 0 has no altsetting 0 [ 44.148229][ T332] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 44.158408][ T332] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.171310][ T30] audit: type=1326 audit(1753769053.812:3913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1542 comm="syz.1.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1db5139a9 code=0x7fc00000 [ 44.201695][ T332] ums-sddr09 6-1:1.0: USB Mass Storage device detected [ 44.301202][ T20] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 44.411823][ T332] scsi host1: usb-storage 6-1:1.0 [ 44.623646][ T332] usb 6-1: USB disconnect, device number 6 [ 44.671220][ T20] usb 4-1: config 0 has an invalid interface number: 102 but max is 0 [ 44.680033][ T20] usb 4-1: config 0 has no interface number 0 [ 44.687367][ T20] usb 4-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 44.699161][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.713655][ T20] usb 4-1: config 0 descriptor?? [ 45.077650][ T1561] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.085504][ T1561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.121191][ T623] tipc: Node number set to 2886997007 [ 45.206782][ T1572] loop5: detected capacity change from 0 to 1024 [ 45.285156][ T1572] EXT4-fs (loop5): Ignoring removed orlov option [ 45.298119][ T1572] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 45.309070][ T1582] loop4: detected capacity change from 0 to 128 [ 45.370273][ T1588] loop4: detected capacity change from 0 to 1024 [ 45.406401][ T1588] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none. [ 45.420083][ T1588] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.440434][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:740: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 13) [ 45.455251][ T1588] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 45.468082][ T1588] EXT4-fs (loop4): This should not happen!! Data will be lost [ 45.468082][ T1588] [ 45.479382][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.494213][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.509221][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.524495][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.540471][ T1587] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.556059][ T1587] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.571217][ T1587] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.588738][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.611978][ T1588] EXT4-fs error (device loop4): ext4_map_blocks:630: inode #15: block 3: comm syz.4.519: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.615089][ T1593] loop5: detected capacity change from 0 to 1024 [ 45.642259][ T1593] EXT4-fs (loop5): Ignoring removed orlov option [ 45.651645][ T1593] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 45.831256][ T20] asix 4-1:0.102 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 45.841534][ T20] asix: probe of 4-1:0.102 failed with error -71 [ 45.852063][ T20] usb 4-1: USB disconnect, device number 7 [ 46.374873][ T1622] loop1: detected capacity change from 0 to 1024 [ 46.414304][ T20] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 46.424940][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 46.424956][ T30] audit: type=1326 audit(1753769056.062:3956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.464879][ T30] audit: type=1326 audit(1753769056.062:3957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.490410][ T30] audit: type=1326 audit(1753769056.062:3958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.514263][ T30] audit: type=1326 audit(1753769056.062:3959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.538854][ T30] audit: type=1326 audit(1753769056.062:3960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.568676][ T30] audit: type=1326 audit(1753769056.062:3961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.594386][ T1622] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 46.631022][ T30] audit: type=1326 audit(1753769056.152:3962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.638217][ T1622] EXT4-fs error (device loop1): ext4_free_inode:355: comm syz.1.532: bit already cleared for inode 15 [ 46.673047][ T30] audit: type=1326 audit(1753769056.152:3963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1626 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2337769a9 code=0x7ffc0000 [ 46.698165][ T30] audit: type=1326 audit(1753769056.272:3964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1621 comm="syz.1.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 46.722345][ T30] audit: type=1326 audit(1753769056.272:3965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1621 comm="syz.1.532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1db5139a9 code=0x7ffc0000 [ 46.724784][ T20] usb 1-1: Using ep0 maxpacket: 16 [ 46.746126][ T332] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 46.810909][ T1649] loop5: detected capacity change from 0 to 1024 [ 46.841732][ T1649] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 46.865549][ T1649] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 46.907395][ T1649] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3876: comm syz.5.541: Allocating blocks 497-513 which overlap fs metadata [ 46.921845][ T20] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 46.930040][ T20] usb 1-1: config 1 has no interface number 0 [ 46.936433][ T20] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 46.946966][ T1649] EXT4-fs (loop5): pa ffff888129223690: logic 128, phys. 385, len 8 [ 46.955112][ T1649] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1 [ 46.965563][ T20] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 46.976327][ T20] usb 1-1: config 1 interface 105 has no altsetting 0 [ 47.063905][ T337] ================================================================== [ 47.071998][ T337] BUG: KASAN: slab-out-of-bounds in ext4_find_extent+0xbeb/0xe20 [ 47.079813][ T337] Read of size 4 at addr ffff888132a3b018 by task kworker/u4:3/337 [ 47.087775][ T337] [ 47.090181][ T337] CPU: 1 PID: 337 Comm: kworker/u4:3 Not tainted 5.15.189-syzkaller-00079-ga71626bd56a5 #0 [ 47.100135][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.110184][ T337] Workqueue: writeback wb_workfn (flush-7:5) [ 47.116273][ T337] Call Trace: [ 47.119545][ T337] [ 47.122462][ T337] __dump_stack+0x21/0x30 [ 47.126786][ T337] dump_stack_lvl+0xee/0x150 [ 47.131358][ T337] ? show_regs_print_info+0x20/0x20 [ 47.136538][ T337] ? load_image+0x3a0/0x3a0 [ 47.141027][ T337] print_address_description+0x7f/0x2c0 [ 47.146561][ T337] ? ext4_find_extent+0xbeb/0xe20 [ 47.151571][ T337] kasan_report+0xf1/0x140 [ 47.155974][ T337] ? __read_extent_tree_block+0x1e8/0x790 [ 47.161994][ T337] ? ext4_find_extent+0xbeb/0xe20 [ 47.167203][ T337] __asan_report_load4_noabort+0x14/0x20 [ 47.172926][ T337] ext4_find_extent+0xbeb/0xe20 [ 47.178451][ T337] ext4_ext_map_blocks+0x1de/0x6280 [ 47.183916][ T337] ? __stack_depot_save+0x34/0x480 [ 47.189643][ T337] ? __mem_cgroup_uncharge_list+0x39/0xc0 [ 47.195365][ T337] ? __kasan_slab_alloc+0xcf/0xf0 [ 47.200902][ T337] ? __kasan_slab_alloc+0xbd/0xf0 [ 47.206173][ T337] ? slab_post_alloc_hook+0x4f/0x2b0 [ 47.211446][ T337] ? kmem_cache_alloc+0xf7/0x260 [ 47.216480][ T337] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 47.221849][ T337] ? ext4_writepages+0xec8/0x2f90 [ 47.226872][ T337] ? do_writepages+0x48a/0x6c0 [ 47.231636][ T337] ? wb_workfn+0x38f/0xe20 [ 47.236574][ T337] ? process_one_work+0x6be/0xba0 [ 47.241699][ T337] ? worker_thread+0xa59/0x1200 [ 47.246535][ T337] ? ext4_ext_release+0x10/0x10 [ 47.251370][ T337] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 47.257013][ T337] ext4_map_blocks+0x97b/0x1b20 [ 47.261964][ T337] ? slab_post_alloc_hook+0x6d/0x2b0 [ 47.267245][ T337] ? should_failslab+0x9/0x20 [ 47.272010][ T337] ? ext4_issue_zeroout+0x250/0x250 [ 47.277731][ T337] ? ext4_inode_journal_mode+0x19a/0x480 [ 47.283664][ T337] ext4_writepages+0x11e7/0x2f90 [ 47.288697][ T337] ? ext4_readpage+0x220/0x220 [ 47.293460][ T337] ? update_curr+0x2f3/0x5b0 [ 47.298232][ T337] ? enqueue_task_fair+0xaa7/0x2120 [ 47.303684][ T337] ? sched_group_set_idle+0x5f0/0x5f0 [ 47.309056][ T337] ? resched_curr+0x102/0x310 [ 47.313720][ T337] ? psi_task_change+0x212/0x370 [ 47.318785][ T337] ? wake_up_process+0x20/0x20 [ 47.323549][ T337] ? ext4_readpage+0x220/0x220 [ 47.328395][ T337] do_writepages+0x48a/0x6c0 [ 47.333011][ T337] ? yield_to_task_fair+0x1a0/0x1a0 [ 47.338197][ T337] ? sched_clock_cpu+0x18/0x3c0 [ 47.343462][ T337] ? __writepage+0x130/0x130 [ 47.348646][ T337] ? __kasan_check_write+0x14/0x20 [ 47.355059][ T337] ? _raw_spin_lock+0x8e/0xe0 [ 47.360786][ T337] __writeback_single_inode+0xd5/0x9c0 [ 47.368357][ T337] ? wbc_attach_and_unlock_inode+0x194/0x5f0 [ 47.376426][ T337] writeback_sb_inodes+0x9c0/0x1590 [ 47.382287][ T337] ? __switch_to_asm+0x3a/0x60 [ 47.387601][ T337] ? queue_io+0x4c0/0x4c0 [ 47.392290][ T337] ? __kasan_check_read+0x11/0x20 [ 47.397519][ T337] ? queue_io+0x382/0x4c0 [ 47.401863][ T337] wb_writeback+0x3f1/0x980 [ 47.406446][ T337] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 47.412756][ T337] ? set_worker_desc+0x155/0x1c0 [ 47.417770][ T337] ? __kasan_check_write+0x14/0x20 [ 47.422953][ T337] wb_workfn+0x38f/0xe20 [ 47.427275][ T337] ? inode_wait_for_writeback+0x200/0x200 [ 47.433004][ T337] ? compat_start_thread+0x20/0x20 [ 47.438153][ T337] ? _raw_spin_unlock+0x4d/0x70 [ 47.443000][ T337] ? finish_task_switch+0x16b/0x780 [ 47.448553][ T337] ? __switch_to_asm+0x3a/0x60 [ 47.453389][ T337] ? __schedule+0xb76/0x14c0 [ 47.457970][ T337] process_one_work+0x6be/0xba0 [ 47.463210][ T337] worker_thread+0xa59/0x1200 [ 47.468046][ T337] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 47.473846][ T337] kthread+0x411/0x500 [ 47.478087][ T337] ? worker_clr_flags+0x190/0x190 [ 47.483429][ T337] ? kthread_blkcg+0xd0/0xd0 [ 47.488365][ T337] ret_from_fork+0x1f/0x30 [ 47.492782][ T337] [ 47.495783][ T337] [ 47.498171][ T337] Allocated by task 1479: [ 47.502495][ T337] __kasan_kmalloc+0xda/0x110 [ 47.507331][ T337] kmem_cache_alloc_trace+0x119/0x270 [ 47.512699][ T337] kvm_uevent_notify_change+0x228/0x3b0 [ 47.518350][ T337] kvm_put_kvm+0xa1/0x11c0 [ 47.522937][ T337] kvm_vm_release+0x46/0x50 [ 47.527454][ T337] __fput+0x20b/0x8b0 [ 47.531423][ T337] ____fput+0x15/0x20 [ 47.535403][ T337] task_work_run+0x127/0x190 [ 47.539986][ T337] exit_to_user_mode_loop+0xd0/0xe0 [ 47.545257][ T337] exit_to_user_mode_prepare+0x5a/0xa0 [ 47.550700][ T337] syscall_exit_to_user_mode+0x1a/0x30 [ 47.556236][ T337] do_syscall_64+0x58/0xa0 [ 47.560642][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.566535][ T337] [ 47.568841][ T337] Freed by task 1479: [ 47.572796][ T337] kasan_set_track+0x4a/0x70 [ 47.577371][ T337] kasan_set_free_info+0x23/0x40 [ 47.582378][ T337] ____kasan_slab_free+0x125/0x160 [ 47.587469][ T337] __kasan_slab_free+0x11/0x20 [ 47.592214][ T337] slab_free_freelist_hook+0xc2/0x190 [ 47.597571][ T337] kfree+0xc4/0x270 [ 47.601369][ T337] kvm_uevent_notify_change+0x288/0x3b0 [ 47.606912][ T337] kvm_put_kvm+0xa1/0x11c0 [ 47.611315][ T337] kvm_vm_release+0x46/0x50 [ 47.615803][ T337] __fput+0x20b/0x8b0 [ 47.619771][ T337] ____fput+0x15/0x20 [ 47.623764][ T337] task_work_run+0x127/0x190 [ 47.628351][ T337] exit_to_user_mode_loop+0xd0/0xe0 [ 47.633537][ T337] exit_to_user_mode_prepare+0x5a/0xa0 [ 47.639026][ T337] syscall_exit_to_user_mode+0x1a/0x30 [ 47.644492][ T337] do_syscall_64+0x58/0xa0 [ 47.648893][ T337] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.654875][ T337] [ 47.657189][ T337] The buggy address belongs to the object at ffff888132a3a000 [ 47.657189][ T337] which belongs to the cache kmalloc-4k of size 4096 [ 47.671268][ T337] The buggy address is located 24 bytes to the right of [ 47.671268][ T337] 4096-byte region [ffff888132a3a000, ffff888132a3b000) [ 47.685156][ T337] The buggy address belongs to the page: [ 47.690855][ T337] page:ffffea0004ca8e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x132a38 [ 47.701079][ T337] head:ffffea0004ca8e00 order:3 compound_mapcount:0 compound_pincount:0 [ 47.709388][ T337] flags: 0x4000000000010200(slab|head|zone=1) [ 47.715526][ T337] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380 [ 47.724091][ T337] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 47.732647][ T337] page dumped because: kasan: bad access detected [ 47.739044][ T337] page_owner tracks the page as allocated [ 47.744740][ T337] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 418, ts 42577552745, free_ts 42570997894 [ 47.767051][ T337] post_alloc_hook+0x192/0x1b0 [ 47.771829][ T337] prep_new_page+0x1c/0x110 [ 47.776314][ T337] get_page_from_freelist+0x2cc5/0x2d50 [ 47.781940][ T337] __alloc_pages+0x18f/0x440 [ 47.786513][ T337] new_slab+0xa1/0x4d0 [ 47.790561][ T337] ___slab_alloc+0x381/0x810 [ 47.795217][ T337] __slab_alloc+0x49/0x90 [ 47.799528][ T337] kmem_cache_alloc_trace+0x146/0x270 [ 47.804878][ T337] uevent_show+0x160/0x330 [ 47.809276][ T337] dev_attr_show+0x56/0xd0 [ 47.813674][ T337] sysfs_kf_seq_show+0x266/0x3d0 [ 47.818611][ T337] kernfs_seq_show+0x119/0x160 [ 47.823362][ T337] seq_read_iter+0x490/0xd30 [ 47.827953][ T337] kernfs_fop_read_iter+0x147/0x470 [ 47.833397][ T337] vfs_read+0x68b/0xbe0 [ 47.837536][ T337] ksys_read+0x140/0x240 [ 47.841851][ T337] page last free stack trace: [ 47.846958][ T337] free_unref_page_prepare+0x542/0x550 [ 47.852494][ T337] free_unref_page+0xa2/0x550 [ 47.857154][ T337] __free_pages+0x6c/0x100 [ 47.861722][ T337] __free_slab+0xe8/0x1e0 [ 47.866123][ T337] __unfreeze_partials+0x160/0x190 [ 47.871420][ T337] put_cpu_partial+0xc6/0x120 [ 47.876090][ T337] __slab_free+0x1d4/0x290 [ 47.880487][ T337] ___cache_free+0x104/0x120 [ 47.885070][ T337] qlink_free+0x4d/0x90 [ 47.889208][ T337] qlist_free_all+0x5f/0xb0 [ 47.893693][ T337] kasan_quarantine_reduce+0x14a/0x170 [ 47.899142][ T337] __kasan_slab_alloc+0x2f/0xf0 [ 47.904093][ T337] slab_post_alloc_hook+0x4f/0x2b0 [ 47.909189][ T337] kmem_cache_alloc+0xf7/0x260 [ 47.914030][ T337] getname_flags+0xb9/0x500 [ 47.918781][ T337] getname+0x19/0x20 [ 47.922849][ T337] [ 47.925160][ T337] Memory state around the buggy address: [ 47.930784][ T337] ffff888132a3af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.939560][ T337] ffff888132a3af80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.948401][ T337] >ffff888132a3b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.956719][ T337] ^ [ 47.961648][ T337] ffff888132a3b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.969701][ T337] ffff888132a3b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.978108][ T337] ================================================================== [ 47.986683][ T337] Disabling lock debugging due to kernel taint [ 47.995831][ T337] ------------[ cut here ]------------ [ 48.001493][ T337] kernel BUG at fs/ext4/inode.c:2433! [ 48.007078][ T337] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 48.013144][ T337] CPU: 0 PID: 337 Comm: kworker/u4:3 Tainted: G B 5.15.189-syzkaller-00079-ga71626bd56a5 #0 [ 48.024537][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.034846][ T337] Workqueue: writeback wb_workfn (flush-7:5) [ 48.040822][ T337] RIP: 0010:ext4_writepages+0x2eed/0x2f90 [ 48.046530][ T337] Code: 00 74 08 48 89 df e8 22 01 ce ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 30 44 89 e9 45 89 f0 e8 6a 9b 07 00 eb 51 e8 a3 88 8f ff <0f> 0b e8 9c 88 8f ff eb 2f e8 95 88 8f ff eb 5f e8 8e 88 8f ff 31 [ 48.066214][ T337] RSP: 0018:ffffc900079e7100 EFLAGS: 00010293 [ 48.072363][ T337] RAX: ffffffff81d9272d RBX: ffff888129380158 RCX: ffff88810d3693c0 [ 48.080821][ T337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.089356][ T337] RBP: ffffc900079e7470 R08: dffffc0000000000 R09: ffffed1025270024 [ 48.097603][ T337] R10: ffffed1025270024 R11: 1ffff11025270023 R12: dffffc0000000000 [ 48.105665][ T337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.113707][ T337] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 48.123409][ T337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.130969][ T337] CR2: 0000200000b63fe4 CR3: 0000000126ebe000 CR4: 00000000003506b0 [ 48.138945][ T337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.146997][ T337] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.155734][ T337] Call Trace: [ 48.159008][ T337] [ 48.162205][ T337] ? ext4_readpage+0x220/0x220 [ 48.167201][ T337] ? update_curr+0x2f3/0x5b0 [ 48.172001][ T337] ? enqueue_task_fair+0xaa7/0x2120 [ 48.177785][ T337] ? sched_group_set_idle+0x5f0/0x5f0 [ 48.183689][ T337] ? resched_curr+0x102/0x310 [ 48.189097][ T337] ? psi_task_change+0x212/0x370 [ 48.194469][ T337] ? wake_up_process+0x20/0x20 [ 48.201295][ T337] ? ext4_readpage+0x220/0x220 [ 48.206420][ T337] do_writepages+0x48a/0x6c0 [ 48.211105][ T337] ? yield_to_task_fair+0x1a0/0x1a0 [ 48.216490][ T337] ? sched_clock_cpu+0x18/0x3c0 [ 48.221955][ T337] ? __writepage+0x130/0x130 [ 48.227070][ T337] ? __kasan_check_write+0x14/0x20 [ 48.232792][ T337] ? _raw_spin_lock+0x8e/0xe0 [ 48.237753][ T337] __writeback_single_inode+0xd5/0x9c0 [ 48.244059][ T337] ? wbc_attach_and_unlock_inode+0x194/0x5f0 [ 48.251080][ T337] writeback_sb_inodes+0x9c0/0x1590 [ 48.257249][ T337] ? __switch_to_asm+0x3a/0x60 [ 48.262894][ T337] ? queue_io+0x4c0/0x4c0 [ 48.268369][ T337] ? __kasan_check_read+0x11/0x20 [ 48.275287][ T337] ? queue_io+0x382/0x4c0 [ 48.280789][ T337] wb_writeback+0x3f1/0x980 [ 48.286639][ T337] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 48.293767][ T337] ? set_worker_desc+0x155/0x1c0 [ 48.299583][ T337] ? __kasan_check_write+0x14/0x20 [ 48.305849][ T337] wb_workfn+0x38f/0xe20 [ 48.310780][ T337] ? inode_wait_for_writeback+0x200/0x200 [ 48.317277][ T337] ? compat_start_thread+0x20/0x20 [ 48.322758][ T337] ? _raw_spin_unlock+0x4d/0x70 [ 48.327703][ T337] ? finish_task_switch+0x16b/0x780 [ 48.333559][ T337] ? __switch_to_asm+0x3a/0x60 [ 48.338611][ T337] ? __schedule+0xb76/0x14c0 [ 48.343394][ T337] process_one_work+0x6be/0xba0 [ 48.348426][ T337] worker_thread+0xa59/0x1200 [ 48.353363][ T337] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 48.359486][ T337] kthread+0x411/0x500 [ 48.363761][ T337] ? worker_clr_flags+0x190/0x190 [ 48.369339][ T337] ? kthread_blkcg+0xd0/0xd0 [ 48.374114][ T337] ret_from_fork+0x1f/0x30 [ 48.378632][ T337] [ 48.382457][ T337] Modules linked in: [ 48.390476][ T337] ---[ end trace 72d409c2fcf3566e ]--- [ 48.396748][ T337] RIP: 0010:ext4_writepages+0x2eed/0x2f90 [ 48.401276][ T20] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 48.403436][ T337] Code: 00 74 08 48 89 df e8 22 01 ce ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 30 44 89 e9 45 89 f0 e8 6a 9b 07 00 eb 51 e8 a3 88 8f ff <0f> 0b e8 9c 88 8f ff eb 2f e8 95 88 8f ff eb 5f e8 8e 88 8f ff 31 [ 48.422335][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.433496][ T332] usb 4-1: config 0 has an invalid interface number: 102 but max is 0 [ 48.452652][ T20] usb 1-1: Product: syz [ 48.456140][ T337] RSP: 0018:ffffc900079e7100 EFLAGS: 00010293 [ 48.457330][ T20] usb 1-1: Manufacturer: syz [ 48.463884][ T332] usb 4-1: config 0 has no interface number 0 [ 48.469337][ T20] usb 1-1: SerialNumber: syz [ 48.475337][ T337] RAX: ffffffff81d9272d RBX: ffff888129380158 RCX: ffff88810d3693c0 [ 48.475354][ T337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.475363][ T337] RBP: ffffc900079e7470 R08: dffffc0000000000 R09: ffffed1025270024 [ 48.475377][ T337] R10: ffffed1025270024 R11: 1ffff11025270023 R12: dffffc0000000000 [ 48.501330][ T1602] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 48.523381][ T332] usb 4-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5 [ 48.526909][ T1602] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 48.540303][ T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.540589][ T337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.552225][ T332] usb 4-1: config 0 descriptor?? [ 48.563083][ T337] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 48.573022][ T337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.580176][ T337] CR2: 00007fd23396b178 CR3: 000000011dcd4000 CR4: 00000000003506b0 [ 48.588818][ T337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.597514][ T337] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.606973][ T337] Kernel panic - not syncing: Fatal exception [ 48.614392][ T337] Kernel Offset: disabled [ 48.619139][ T337] Rebooting in 86400 seconds..