last executing test programs: 6.311323486s ago: executing program 2 (id=2017): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb1, 0xbd, 0x2f, 0x8, 0x47d, 0x5003, 0x2f8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x58, 0xb7}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0xc, &(0x7f0000000100)=ANY=[], 0x0}, 0x0) 5.454167627s ago: executing program 3 (id=2037): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001300290a00", @ANYRES32, @ANYBLOB="00000000020000001c00"], 0x44}}, 0x0) 5.434994568s ago: executing program 3 (id=2038): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000014001a80100004800c00"], 0x34}}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@remote, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x32}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 5.383463043s ago: executing program 3 (id=2039): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0xa, 0x1a, &(0x7f0000000240)=ANY=[@ANYBLOB="180500f1a1d739470d00"/19, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018200000", @ANYRES32, @ANYBLOB="00000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000017010000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) write$UHID_CREATE2(r0, &(0x7f00000002c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) 5.383291024s ago: executing program 3 (id=2040): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb1, 0xbd, 0x2f, 0x8, 0x47d, 0x5003, 0x2f8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x58, 0xb7}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0xc, &(0x7f0000000100)=ANY=[], 0x0}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 3.260059413s ago: executing program 2 (id=2059): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb1, 0xbd, 0x2f, 0x8, 0x47d, 0x5003, 0x2f8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x58, 0xb7}}]}}]}}, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x800000005, 0xa040) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 2.879370209s ago: executing program 4 (id=2074): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, 0x0, 0x0) 2.879330999s ago: executing program 4 (id=2075): unshare(0x60400) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, 0x0, 0x0) 2.87290598s ago: executing program 4 (id=2076): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_2GHZ={0x4}]}]}, 0x28}}, 0x0) 2.860788091s ago: executing program 4 (id=2077): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xd, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.44761329s ago: executing program 1 (id=2078): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x2c, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 2.44739104s ago: executing program 1 (id=2079): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000280)={r2, 0x6, 0x0, r2}) 2.436705491s ago: executing program 1 (id=2080): memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01090589"], 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0xc, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4}, @cipso={0x86, 0x16, 0x0, [{0x0, 0x7, "34a6caf58d"}, {0x0, 0x9, "e39335900f1156"}]}, @noop]}}}}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012"], 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 2.393895035s ago: executing program 3 (id=2081): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d34, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x18, &(0x7f0000000100)={0x0, 0x7, 0xd1, {0xd1, 0xf, "55df06e937e3a150b53bf9ba58813d14928d21c06b1ccac290961a3a6848fee36e823152576a4a2fee04d51ea59d663f6ccbc4aad424f95d2ba55e8bfdf46df73e32299c99db66228beccc3db43ad14bd1ac8163381a09c501e394a31279e9af2d44b7fd4ed6aa60e2b9397e2d62f4844e7c513baa1a43ec03034c1b85d4af57c5093a23371b9b9cf7d863039ce24d4be2d4e764a4e184ed71d69e9f6179b22a10d11c5bedf443052197433aaa891b6b5db1a5badb041271fc5af78c72db6e36f4e8bf99974263fd4a63728653e187"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 1.17232795s ago: executing program 0 (id=2089): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x58, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x58}}, 0x0) 1.088807798s ago: executing program 0 (id=2090): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006d61637365630000140002800500090000000000050008000000000008000500", @ANYRES32=r0], 0x4c}}, 0x0) 1.025733264s ago: executing program 0 (id=2091): r0 = openat$uhid(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) write$UHID_CREATE2(r0, 0x0, 0x11c) 1.025299574s ago: executing program 0 (id=2092): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x101082, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x9, 0x0) 327.39242ms ago: executing program 1 (id=2093): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10) r2 = socket$tipc(0x1e, 0x4, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)={0xcc, r5, 0x10, 0x70bd27, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40040}, 0x4000) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x38, r4, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x38}}, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x83f}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r6, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r6, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x12, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0xfffffffe, 0xfffffffffffffc89, 0x0, 0x0, 0x10, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xfecb) 291.367613ms ago: executing program 1 (id=2094): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff6ffc}]}) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0xc58, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0) io_cancel(0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) 272.991095ms ago: executing program 1 (id=2095): unshare(0x68040200) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12012000b1f203401e0903003bd7e60103010902"], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 187.559163ms ago: executing program 2 (id=2096): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x4, @loopback, 0x3}, 0x1c) 187.376103ms ago: executing program 2 (id=2097): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x9, @local, 0xfffffffd}, 0x1c) 182.315673ms ago: executing program 2 (id=2098): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, 0x0, 0x41) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 166.466335ms ago: executing program 0 (id=2099): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)={0x1c, r1, 0x5, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8}]}, 0x1c}}, 0x0) 103.485391ms ago: executing program 3 (id=2100): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000001c0)={0x40, 0x22, 0x6, "5e14071f2620"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000001040)={0x44, &(0x7f0000000e00)={0x0, 0x31, 0x1, '~'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 103.142191ms ago: executing program 2 (id=2101): r0 = syz_usb_connect(0x0, 0x188, &(0x7f0000000740)=ANY=[@ANYBLOB="1201100130b67f4010110190a9b2010203010902760101000000000904"], 0x0) syz_usb_disconnect(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 102.925531ms ago: executing program 0 (id=2102): syz_usb_connect(0x2, 0x36, &(0x7f00000007c0)={{0x12, 0x1, 0x0, 0xe9, 0x4, 0x6e, 0x20, 0x2040, 0x4902, 0xb5f2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x9, 0x6, 0x40, 0x1, [{{0x9, 0x4, 0x6d, 0x0, 0x2, 0xa0, 0xc0, 0xc9, 0xf9, [], [{{0x9, 0x5, 0x8, 0x8, 0x400, 0x0, 0x8, 0x7c}}, {{0x9, 0x5, 0x2, 0x2, 0x3ff, 0x2, 0x4, 0x8}}]}}]}}]}}, 0x0) 33.690287ms ago: executing program 4 (id=2103): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000013000100"/20, @ANYRES32=r2, @ANYBLOB="000000000000000005002700000000001c001a8018000a"], 0x44}}, 0x0) 0s ago: executing program 4 (id=2104): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000000000040b424b107000000000001090224000100000000090400000103000000092100000001220500090581030000000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000003c0)=0x70, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000900)=[{0x6, 0x0, 0x0, 0xec}]}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x52, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prlimit64(0x0, 0xe, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f00000008c0)={0x28, 0x0, 0x0, @host}, 0x10) r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0xfffd, 0x0, {0x0, 0x1}, {0x74, 0x2}, @ramp}) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) readv(r4, &(0x7f0000000880), 0x0) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000f40)={0x14, &(0x7f0000000e40)={0x40, 0xf, 0x9e, {0x9e, 0x11, "d172444f6310f7cbed21dd699ae6496d58900a11d969cba68f73704bb13f6c08c5a9ad78c55daa44aed74eba9ad8e925d22b82e6af1852325151753d7f41875b5720effe24723aa2d93830fdc761cdc6a45c692c5926943a623b5303f6f95abed441c4df1a57e1f464ab8dab28e79c08e8b1f3d4f8edbe5379b500241363351f8e68c43788cdce36aa6d1c38204488ad2dfb8d7a41ad0f66ac5b7574"}}, &(0x7f0000000f00)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001040)={0x1c, &(0x7f0000000f80)={0x40, 0xf, 0x34, "4e1ee3eca8a26900f2bf698f9b9c82494a0a0af3f5762e22f031c887cb728fc61d417a8fd231815c1f55add7459b5f737143f883"}, &(0x7f0000000fc0)={0x0, 0xa, 0x1, 0xf}, &(0x7f0000001000)={0x0, 0x8, 0x1, 0x6}}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000040)='./file2\x00', 0x10502, &(0x7f0000000300)=ANY=[], 0x1, 0x11f3, &(0x7f0000002580)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") open(&(0x7f0000000200)='./bus\x00', 0x1c507e, 0x0) r6 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$binfmt_elf64(r6, &(0x7f0000000240)=ANY=[], 0xfd14) kernel console output (not intermixed with test programs): e [ 569.110230][ T8844] device bridge_slave_0 entered promiscuous mode [ 569.116997][ T8844] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.124322][ T8844] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.131985][ T8844] device bridge_slave_1 entered promiscuous mode [ 569.244510][ T8849] loop0: detected capacity change from 0 to 512 [ 569.401365][ T8849] EXT4-fs (loop0): filesystem is read-only [ 569.443119][ T8852] loop1: detected capacity change from 0 to 128 [ 569.458238][ T8849] EXT4-fs (loop0): filesystem is read-only [ 569.463940][ T8849] EXT4-fs (loop0): orphan cleanup on readonly fs [ 569.470642][ T8849] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz.0.1843: bad orphan inode 16 [ 569.484038][ T8849] ext4_test_bit(bit=15, block=3) = 0 [ 569.489206][ T8849] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 569.556759][ T8844] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.563679][ T8844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 569.570749][ T8844] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.577517][ T8844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 569.590335][ T8852] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 569.599132][ T8852] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 569.619712][ T672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 569.709018][ T320] usb 5-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 569.720001][ T672] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.727149][ T320] usb 5-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 569.736708][ T672] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.745987][ T320] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 569.756335][ T320] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.089323][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 570.098048][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.098813][ T8127] EXT4-fs (loop0): unmounting filesystem. [ 570.105035][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.123598][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 570.132006][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 570.140378][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.143509][ T8863] loop0: detected capacity change from 0 to 512 [ 570.147244][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 570.168248][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 570.170732][ T8863] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 570.176767][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 570.185058][ T8863] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038 (0x7fffffff) [ 570.193080][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 570.210305][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 570.234461][ T8844] device veth0_vlan entered promiscuous mode [ 570.248049][ T8844] device veth1_macvtap entered promiscuous mode [ 570.286988][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 570.295983][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 570.304502][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 570.313074][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 570.321260][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 570.360914][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 570.370020][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 570.372588][ T8838] loop4: detected capacity change from 0 to 512 [ 570.379033][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 570.393178][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 570.401650][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 570.402045][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 570.402712][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 570.402991][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 570.416877][ T8838] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.1838: casefold flag without casefold feature [ 570.417157][ T8838] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.1838: missing EA_INODE flag [ 570.417362][ T8838] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1838: error while reading EA inode 12 err=-117 [ 570.417566][ T8838] EXT4-fs (loop4): 1 orphan inode deleted [ 570.417590][ T8838] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 570.589715][ T43] device bridge_slave_1 left promiscuous mode [ 570.596582][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.650370][ T43] device bridge_slave_0 left promiscuous mode [ 570.819089][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.848919][ T43] device veth1_macvtap left promiscuous mode [ 570.899925][ T43] device veth0_vlan left promiscuous mode [ 570.918381][ T8882] loop3: detected capacity change from 0 to 128 [ 570.926558][ T8882] FAT-fs (loop3): Unrecognized mount option "         000000000000000000000xffffffffffffffff18446744073709551615 " or missing value [ 570.977220][ T8882] 9pnet_fd: Insufficient options for proto=fd [ 571.386939][ T8127] EXT4-fs (loop0): unmounting filesystem. [ 571.410582][ T8885] loop0: detected capacity change from 0 to 512 [ 571.419287][ T8887] input: syz0 as /devices/virtual/input/input27 [ 571.433177][ T8885] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 571.442020][ T8885] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038 (0x7fffffff) [ 572.382697][ T672] usb 5-1: USB disconnect, device number 61 [ 572.389297][ T8767] EXT4-fs (loop4): unmounting filesystem. [ 572.401809][ T8127] EXT4-fs (loop0): unmounting filesystem. [ 572.448617][ T304] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 572.679381][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 572.680697][ T8901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1852'. [ 572.703066][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 572.717992][ T8572] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 572.731375][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 572.746104][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 572.760467][ T8572] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 572.779027][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 572.794155][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 572.814060][ T8910] loop0: detected capacity change from 0 to 128 [ 572.836314][ T8572] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 572.850080][ T8572] EXT4-fs error (device loop1): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 572.850190][ T8910] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 572.885567][ T8910] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 572.928694][ T304] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 572.948602][ T304] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 572.968646][ T304] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 573.145706][ T8572] EXT4-fs (loop1): unmounting filesystem. [ 573.408664][ T304] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 573.418863][ T304] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.426688][ T304] usb 3-1: Product: syz [ 573.430910][ T304] usb 3-1: Manufacturer: фаК [ 573.435388][ T304] usb 3-1: SerialNumber: syz [ 573.478634][ T6] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 573.496280][ T8920] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.503448][ T8920] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.504209][ T8925] loop4: detected capacity change from 0 to 512 [ 573.511230][ T8920] device bridge_slave_0 entered promiscuous mode [ 573.525931][ T8920] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.533185][ T8920] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.535132][ T8925] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 573.540837][ T8920] device bridge_slave_1 entered promiscuous mode [ 573.549353][ T8925] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038 (0x7fffffff) [ 573.643287][ T8920] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.650218][ T8920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 573.657373][ T8920] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.664181][ T8920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 573.693366][ T8127] EXT4-fs (loop0): unmounting filesystem. [ 573.700014][ T8890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.706876][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 573.710134][ T8890] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.728500][ T6244] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.738007][ T6244] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.070363][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 574.078507][ T6244] bridge0: port 1(bridge_slave_0) entered blocking state [ 574.085392][ T6244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 574.119785][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 574.127904][ T6244] bridge0: port 2(bridge_slave_1) entered blocking state [ 574.134763][ T6244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 574.142974][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 574.151009][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 574.158667][ T6] usb 4-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 574.169201][ T6] usb 4-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 574.178290][ T6] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 574.187513][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.201270][ T672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 574.212967][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 574.221208][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 574.228466][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 574.228718][ T5152] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 574.237838][ T8920] device veth0_vlan entered promiscuous mode [ 574.259441][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 574.268516][ T8920] device veth1_macvtap entered promiscuous mode [ 574.279399][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 574.287586][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 574.317761][ T8934] input: syz0 as /devices/virtual/input/input28 [ 574.327036][ T8934] loop1: detected capacity change from 0 to 128 [ 574.379492][ T8767] EXT4-fs (loop4): unmounting filesystem. [ 574.447783][ T8914] loop3: detected capacity change from 0 to 512 [ 574.456026][ T8914] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.1856: casefold flag without casefold feature [ 574.468935][ T8914] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.1856: missing EA_INODE flag [ 574.483075][ T8914] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1856: error while reading EA inode 12 err=-117 [ 574.495511][ T8914] EXT4-fs (loop3): 1 orphan inode deleted [ 574.501268][ T8914] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 574.555041][ T8937] loop4: detected capacity change from 0 to 40427 [ 574.581803][ T320] usb 4-1: USB disconnect, device number 59 [ 574.582093][ T8937] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 574.595320][ T8937] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 574.605900][ T8937] F2FS-fs (loop4): Found nat_bits in checkpoint [ 574.644361][ T8937] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 574.651371][ T8937] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 574.668995][ T5152] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.679853][ T5152] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.689623][ T5152] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 574.698482][ T5152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.707311][ T4744] device bridge_slave_1 left promiscuous mode [ 574.713712][ T4744] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.721386][ T4744] device bridge_slave_0 left promiscuous mode [ 574.727398][ T4744] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.735806][ T4744] device veth1_macvtap left promiscuous mode [ 574.741942][ T4744] device veth0_vlan left promiscuous mode [ 574.749700][ T5152] usb 1-1: config 0 descriptor?? [ 574.876958][ T8944] syz.4.1862: attempt to access beyond end of device [ 574.876958][ T8944] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 575.240254][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 575.276242][ T8767] syz-executor: attempt to access beyond end of device [ 575.276242][ T8767] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 575.410721][ T8953] loop4: detected capacity change from 0 to 128 [ 575.420963][ T8953] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 575.433065][ T8953] ext4 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 575.435145][ T8930] loop0: detected capacity change from 0 to 1024 [ 575.471704][ T8930] EXT4-fs: Ignoring removed orlov option [ 575.477269][ T8930] EXT4-fs: Ignoring removed bh option [ 575.491771][ T8930] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 576.315697][ T8964] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1866'. [ 577.028698][ T304] usb 3-1: 0:2 : does not exist [ 577.034855][ T304] usb 3-1: USB disconnect, device number 63 [ 577.222402][ T8127] EXT4-fs (loop0): unmounting filesystem. [ 577.239415][ T334] udevd[334]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 577.254995][ T5152] usb 1-1: string descriptor 0 read error: -71 [ 577.278630][ T5152] uclogic 0003:256C:006D.0019: failed retrieving string descriptor #200: -71 [ 577.287296][ T5152] uclogic 0003:256C:006D.0019: failed retrieving pen parameters: -71 [ 577.295181][ T5152] uclogic 0003:256C:006D.0019: failed probing pen v2 parameters: -71 [ 577.303388][ T5152] uclogic 0003:256C:006D.0019: failed probing parameters: -71 [ 577.310709][ T5152] uclogic: probe of 0003:256C:006D.0019 failed with error -71 [ 577.319389][ T5152] usb 1-1: USB disconnect, device number 55 [ 577.698675][ T5152] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 578.068735][ T5152] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 578.079713][ T5152] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 578.089450][ T5152] usb 1-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 578.098419][ T5152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.109232][ T5152] usb 1-1: config 0 descriptor?? [ 578.522242][ T8982] loop3: detected capacity change from 0 to 40427 [ 578.539225][ T8982] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 578.546792][ T8982] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 578.557818][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 578.558577][ T8982] F2FS-fs (loop3): Found nat_bits in checkpoint [ 578.574163][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 578.593309][ T8767] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 578.607356][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 578.622129][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 578.636897][ T8982] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 578.637044][ T8767] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 578.648627][ T8982] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 578.656963][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 578.677907][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 578.693113][ T8767] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 578.705121][ T8986] loop0: detected capacity change from 0 to 8192 [ 578.706542][ T8767] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 578.796969][ T8986] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 578.802351][ T8767] EXT4-fs (loop4): unmounting filesystem. [ 578.918225][ T8989] syz.3.1870: attempt to access beyond end of device [ 578.918225][ T8989] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 579.306728][ T8497] syz-executor: attempt to access beyond end of device [ 579.306728][ T8497] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 579.348726][ T5152] usbhid 1-1:0.0: can't add hid device: -71 [ 579.354856][ T5152] usbhid: probe of 1-1:0.0 failed with error -71 [ 579.369500][ T5152] usb 1-1: USB disconnect, device number 56 [ 579.404675][ T8991] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.411807][ T8991] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.419706][ T8991] device bridge_slave_0 entered promiscuous mode [ 579.429076][ T8991] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.435968][ T8991] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.443423][ T8991] device bridge_slave_1 entered promiscuous mode [ 579.511503][ T8991] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.518354][ T8991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.525484][ T8991] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.532268][ T8991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.556944][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 579.564401][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.571847][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.580955][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 579.589862][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.596714][ T320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.624391][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 579.632503][ T320] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.632863][ T9001] loop3: detected capacity change from 0 to 128 [ 579.639381][ T320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.661526][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 579.687007][ T8991] device veth0_vlan entered promiscuous mode [ 579.693551][ T765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 579.702724][ T765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 579.710789][ T765] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 579.718087][ T765] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 579.725681][ T765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 579.743287][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 579.752958][ T8991] device veth1_macvtap entered promiscuous mode [ 579.794244][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 579.825209][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 579.835109][ T351] device bridge_slave_1 left promiscuous mode [ 579.842141][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.845313][ T9008] loop0: detected capacity change from 0 to 512 [ 579.855982][ T351] device bridge_slave_0 left promiscuous mode [ 579.863515][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.874736][ T351] device veth1_macvtap left promiscuous mode [ 579.880875][ T351] device veth0_vlan left promiscuous mode [ 579.897275][ T9008] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 579.908677][ T9008] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038 (0x7fffffff) [ 580.288624][ T304] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 580.761757][ T8127] EXT4-fs (loop0): unmounting filesystem. [ 580.768693][ T304] usb 5-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 580.779281][ T304] usb 5-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 581.021753][ T304] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 581.030872][ T304] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.317773][ T9013] loop4: detected capacity change from 0 to 512 [ 581.338319][ T9013] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.1873: casefold flag without casefold feature [ 581.353998][ T9013] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.1873: missing EA_INODE flag [ 581.365926][ T9013] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1873: error while reading EA inode 12 err=-117 [ 581.378342][ T9013] EXT4-fs (loop4): 1 orphan inode deleted [ 581.384287][ T9013] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 581.449213][ T304] usb 5-1: USB disconnect, device number 62 [ 581.560852][ T9033] loop3: detected capacity change from 0 to 1024 [ 581.602455][ T9033] EXT4-fs error (device loop3): __ext4_fill_super:5386: inode #2: comm syz.3.1882: casefold flag without casefold feature [ 581.620717][ T9033] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 581.630734][ T9033] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 581.697127][ T9036] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.705678][ T9036] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.714538][ T9036] device bridge_slave_0 entered promiscuous mode [ 581.723443][ T9036] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.730560][ T9036] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.737971][ T9036] device bridge_slave_1 entered promiscuous mode [ 581.763564][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 581.828152][ T9036] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.835023][ T9036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 581.842225][ T9036] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.848988][ T9036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 581.936291][ T9044] loop3: detected capacity change from 0 to 512 [ 581.983522][ T4901] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.996222][ T4901] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.111113][ T9044] EXT4-fs (loop3): 1 orphan inode deleted [ 582.116722][ T9044] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 582.127578][ T9044] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038 (0x7fffffff) [ 582.279795][ T3542] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 582.309194][ T3542] EXT4-fs error (device loop3): ext4_release_dquot:6787: comm kworker/u4:7: Failed to release dquot type 1 [ 582.325324][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 582.333066][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 582.345932][ T8991] EXT4-fs (loop4): unmounting filesystem. [ 582.356052][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 582.364486][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 582.380187][ T4901] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.387091][ T4901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.394573][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 582.402812][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 582.410889][ T4901] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.417835][ T4901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.439389][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 582.447392][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 582.456633][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 582.464810][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 582.472984][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 582.481404][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 582.510201][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 582.518808][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 582.530517][ T9036] device veth0_vlan entered promiscuous mode [ 582.537284][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 582.547045][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 582.563808][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 582.572183][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 582.582949][ T9036] device veth1_macvtap entered promiscuous mode [ 582.586030][ T9056] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1884'. [ 582.596006][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 582.605920][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 582.615728][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 582.636443][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 582.662428][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 582.673467][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 582.711537][ T9060] loop2: detected capacity change from 0 to 512 [ 582.737410][ T9064] loop3: detected capacity change from 0 to 512 [ 582.751138][ T9060] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 582.762790][ T9060] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038 (0x7fffffff) [ 582.776429][ T9064] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 582.785813][ T351] device bridge_slave_1 left promiscuous mode [ 582.788721][ T5152] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 582.792744][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.814218][ T9064] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038 (0x7fffffff) [ 582.842327][ T351] device bridge_slave_0 left promiscuous mode [ 582.848393][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.856937][ T351] device veth1_macvtap left promiscuous mode [ 582.862920][ T351] device veth0_vlan left promiscuous mode [ 582.880187][ T9064] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.1888: corrupted inode contents [ 582.896039][ T9064] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz.3.1888: mark_inode_dirty error [ 582.920093][ T9064] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.1888: corrupted inode contents [ 582.956127][ T9064] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.1888: mark_inode_dirty error [ 582.984276][ T9069] input: syz0 as /devices/virtual/input/input29 [ 583.178684][ T5152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 583.198598][ T5152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 583.216441][ T5152] usb 5-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 583.233610][ T5152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.255538][ T5152] usb 5-1: config 0 descriptor?? [ 583.408600][ T6] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 583.489850][ T9074] overlayfs: failed to resolve './file1': -2 [ 583.578844][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 583.625620][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 583.768734][ T6] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 583.778874][ T6] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 583.788251][ T6] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 584.141425][ T9081] loop4: detected capacity change from 0 to 8192 [ 584.215151][ T9081] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 584.278641][ T304] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 584.318721][ T5152] usbhid 5-1:0.0: can't add hid device: -71 [ 584.324472][ T5152] usbhid: probe of 5-1:0.0 failed with error -71 [ 584.332653][ T5152] usb 5-1: USB disconnect, device number 63 [ 584.388764][ T6] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 584.397997][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.405978][ T6] usb 1-1: Product: syz [ 584.410081][ T6] usb 1-1: Manufacturer: фаК [ 584.414478][ T6] usb 1-1: SerialNumber: syz [ 584.658741][ T304] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 584.670178][ T304] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 584.679063][ T9071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 584.680435][ T304] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 584.696894][ T9071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 585.012800][ T304] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.024893][ T9089] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.031924][ T9089] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.039611][ T9089] device bridge_slave_0 entered promiscuous mode [ 585.046919][ T9089] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.054247][ T9089] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.061965][ T9089] device bridge_slave_1 entered promiscuous mode [ 585.133708][ T9089] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.140579][ T9089] bridge0: port 2(bridge_slave_1) entered forwarding state [ 585.147768][ T9089] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.154566][ T9089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.287273][ T672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 585.326433][ T672] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.349503][ T9076] loop2: detected capacity change from 0 to 512 [ 585.357192][ T672] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.461550][ T9076] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.1890: casefold flag without casefold feature [ 585.474516][ T9076] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1890: missing EA_INODE flag [ 585.493959][ T9076] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1890: error while reading EA inode 12 err=-117 [ 585.508915][ T9102] loop3: detected capacity change from 0 to 128 [ 585.510541][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 585.523079][ T9076] EXT4-fs (loop2): 1 orphan inode deleted [ 585.528771][ T9076] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 585.537302][ T5152] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.537839][ T9102] EXT4-fs (loop3): Test dummy encryption mode enabled [ 585.544181][ T5152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.559353][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 585.567980][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.574883][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 585.582925][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 585.583859][ T9102] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 585.598136][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 585.606987][ T9102] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038 (0x7fffffff) [ 585.624785][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 585.696383][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 585.704853][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 585.713808][ T9089] device veth0_vlan entered promiscuous mode [ 585.720438][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 585.728070][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 585.759154][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 585.767766][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 585.779306][ T9089] device veth1_macvtap entered promiscuous mode [ 585.791230][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 585.799676][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 585.807889][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 585.834974][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 585.849574][ T5152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 585.927480][ T9110] loop1: detected capacity change from 0 to 1024 [ 585.959769][ T9110] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz.1.1893: casefold flag without casefold feature [ 585.972659][ T328] device bridge_slave_1 left promiscuous mode [ 585.979174][ T9110] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 585.980725][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.025126][ T9110] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 586.144254][ T328] device bridge_slave_0 left promiscuous mode [ 586.160539][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.216557][ T328] device veth1_macvtap left promiscuous mode [ 586.273768][ T328] device veth0_vlan left promiscuous mode [ 586.453836][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 586.546570][ T28] audit: type=1400 audit(1728267838.655:434): avc: denied { write } for pid=9120 comm="syz.3.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 586.566542][ T28] audit: type=1400 audit(1728267838.685:435): avc: denied { accept } for pid=9120 comm="syz.3.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 586.715468][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 586.877195][ T9125] loop1: detected capacity change from 0 to 40427 [ 586.883984][ T9125] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 586.891758][ T9125] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 586.902262][ T9125] F2FS-fs (loop1): Found nat_bits in checkpoint [ 586.939153][ T9125] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 586.946174][ T9125] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 587.058618][ T2029] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 587.134080][ T9135] syz.1.1899: attempt to access beyond end of device [ 587.134080][ T9135] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 587.571079][ T320] usb 3-1: USB disconnect, device number 64 [ 587.612800][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 587.619262][ T9089] syz-executor: attempt to access beyond end of device [ 587.619262][ T9089] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 587.648983][ T2029] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 587.676173][ T2029] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 587.685866][ T2029] usb 5-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 587.694764][ T2029] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.703401][ T2029] usb 5-1: config 0 descriptor?? [ 587.878694][ T6] usb 1-1: 0:2 : does not exist [ 587.900132][ T6] usb 1-1: USB disconnect, device number 57 [ 588.228618][ T672] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 588.362214][ T9149] loop4: detected capacity change from 0 to 8192 [ 588.379163][ T9149] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 588.858821][ T672] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.875106][ T672] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.919112][ T672] usb 2-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 588.928107][ T672] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.021463][ T672] usb 2-1: config 0 descriptor?? [ 589.228796][ T2029] usbhid 5-1:0.0: can't add hid device: -71 [ 589.234693][ T2029] usbhid: probe of 5-1:0.0 failed with error -71 [ 589.242101][ T2029] usb 5-1: USB disconnect, device number 64 [ 589.707418][ T9164] loop1: detected capacity change from 0 to 8192 [ 589.724284][ T9164] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 589.758091][ T9169] loop4: detected capacity change from 0 to 1024 [ 589.774002][ T9169] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz.4.1909: casefold flag without casefold feature [ 589.790440][ T9169] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 589.803303][ T9169] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 589.988635][ T672] usbhid 2-1:0.0: can't add hid device: -71 [ 589.994470][ T672] usbhid: probe of 2-1:0.0 failed with error -71 [ 590.002351][ T672] usb 2-1: USB disconnect, device number 48 [ 590.115361][ T9178] loop3: detected capacity change from 0 to 512 [ 590.130325][ T9178] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 590.139224][ T9178] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038 (0x7fffffff) [ 590.153478][ T28] audit: type=1400 audit(1728267842.265:436): avc: denied { setattr } for pid=9177 comm="syz.3.1910" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 590.183552][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 590.592354][ T8991] EXT4-fs (loop4): unmounting filesystem. [ 590.650241][ T9193] FAULT_INJECTION: forcing a failure. [ 590.650241][ T9193] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 590.663707][ T9193] CPU: 1 PID: 9193 Comm: syz.1.1913 Not tainted 6.1.99-syzkaller-00108-gd4dab27b9d1c #0 [ 590.673254][ T9193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 590.683148][ T9193] Call Trace: [ 590.686294][ T9193] [ 590.689047][ T9193] dump_stack_lvl+0x151/0x1b7 [ 590.693560][ T9193] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 590.698853][ T9193] ? debug_smp_processor_id+0x17/0x20 [ 590.704064][ T9193] dump_stack+0x15/0x1c [ 590.708051][ T9193] should_fail_ex+0x3d0/0x520 [ 590.712570][ T9193] should_fail+0xb/0x10 [ 590.716557][ T9193] should_fail_usercopy+0x1a/0x20 [ 590.721430][ T9193] _copy_to_user+0x1e/0x90 [ 590.725671][ T9193] simple_read_from_buffer+0xc7/0x150 [ 590.730881][ T9193] proc_fail_nth_read+0x1a3/0x210 [ 590.735754][ T9193] ? proc_fault_inject_write+0x390/0x390 [ 590.741207][ T9193] ? fsnotify_perm+0x269/0x5b0 [ 590.745810][ T9193] ? security_file_permission+0x86/0xb0 [ 590.751199][ T9193] ? proc_fault_inject_write+0x390/0x390 [ 590.756658][ T9193] vfs_read+0x26c/0xae0 [ 590.760669][ T9193] ? kernel_read+0x1f0/0x1f0 [ 590.765089][ T9193] ? mutex_lock+0xb1/0x1e0 [ 590.769330][ T9193] ? bit_wait_io_timeout+0x120/0x120 [ 590.774458][ T9193] ? __fdget_pos+0x2e2/0x390 [ 590.778879][ T9193] ? ksys_read+0x77/0x2c0 [ 590.783067][ T9193] ksys_read+0x199/0x2c0 [ 590.787233][ T9193] ? __x64_sys_io_submit+0x90/0x90 [ 590.792171][ T9193] ? vfs_write+0xed0/0xed0 [ 590.796425][ T9193] ? debug_smp_processor_id+0x17/0x20 [ 590.801632][ T9193] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 590.807531][ T9193] __x64_sys_read+0x7b/0x90 [ 590.811874][ T9193] x64_sys_call+0x28/0x9a0 [ 590.816695][ T9193] do_syscall_64+0x3b/0xb0 [ 590.820943][ T9193] ? clear_bhb_loop+0x55/0xb0 [ 590.825465][ T9193] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 590.831184][ T9193] RIP: 0033:0x7f411d37ca3c [ 590.835436][ T9193] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 590.854881][ T9193] RSP: 002b:00007f411e187030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 590.863227][ T9193] RAX: ffffffffffffffda RBX: 00007f411d536058 RCX: 00007f411d37ca3c [ 590.871107][ T9193] RDX: 000000000000000f RSI: 00007f411e1870a0 RDI: 0000000000000004 [ 590.878915][ T9193] RBP: 00007f411e187090 R08: 0000000000000000 R09: 0000000000000000 [ 590.887162][ T9193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 590.894975][ T9193] R13: 0000000000000000 R14: 00007f411d536058 R15: 00007ffc03667c68 [ 590.902795][ T9193] [ 590.958940][ T9192] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1915'. [ 591.048748][ T672] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 591.199343][ T9198] loop1: detected capacity change from 0 to 40427 [ 591.206124][ T9198] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 591.216728][ T9198] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 591.229522][ T9198] F2FS-fs (loop1): Found nat_bits in checkpoint [ 591.279235][ T9198] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 591.286178][ T9198] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 591.448889][ T672] usb 5-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 591.459431][ T672] usb 5-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 591.468391][ T672] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 591.479305][ T672] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.491787][ T9207] syz.1.1916: attempt to access beyond end of device [ 591.491787][ T9207] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 592.133371][ T9190] loop4: detected capacity change from 0 to 512 [ 592.139896][ T9089] syz-executor: attempt to access beyond end of device [ 592.139896][ T9089] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 592.199329][ T9190] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.1914: casefold flag without casefold feature [ 592.248897][ T9190] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.1914: missing EA_INODE flag [ 592.290950][ T9190] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1914: error while reading EA inode 12 err=-117 [ 592.291906][ T9211] loop3: detected capacity change from 0 to 40427 [ 592.312865][ T9211] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 592.319476][ T9211] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 592.327720][ T9190] EXT4-fs (loop4): 1 orphan inode deleted [ 592.333587][ T9190] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 592.427194][ T9211] F2FS-fs (loop3): Found nat_bits in checkpoint [ 592.484361][ T9211] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 592.491405][ T9211] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 592.666027][ T8497] syz-executor: attempt to access beyond end of device [ 592.666027][ T8497] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 594.088118][ T9235] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.095105][ T9235] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.102596][ T9235] device bridge_slave_0 entered promiscuous mode [ 594.109707][ T9235] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.117343][ T9235] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.124909][ T9235] device bridge_slave_1 entered promiscuous mode [ 594.208718][ T672] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 594.308050][ T9247] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1923'. [ 594.477785][ T9235] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.484735][ T9235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 594.491821][ T9235] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.498686][ T9235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 594.540739][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 594.550341][ T320] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.557780][ T320] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.576858][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 594.585938][ T4901] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.592927][ T4901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 594.601375][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 594.609501][ T4901] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.616385][ T4901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 594.623981][ T672] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.635060][ T672] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.649943][ T672] usb 2-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 594.659250][ T672] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.675603][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 594.684007][ T672] usb 2-1: config 0 descriptor?? [ 594.689158][ T4901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 594.707643][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 594.721297][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 594.729678][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 594.737051][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 594.746201][ T9235] device veth0_vlan entered promiscuous mode [ 594.761656][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 594.771325][ T9235] device veth1_macvtap entered promiscuous mode [ 594.784400][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 594.798035][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 594.811105][ T328] device bridge_slave_1 left promiscuous mode [ 594.817274][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.826689][ T328] device bridge_slave_0 left promiscuous mode [ 594.835251][ T9252] loop0: detected capacity change from 0 to 256 [ 594.839243][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.852673][ T328] device veth1_macvtap left promiscuous mode [ 594.858960][ T328] device veth0_vlan left promiscuous mode [ 594.981135][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1925'. [ 595.041880][ T4901] usb 5-1: USB disconnect, device number 65 [ 595.075519][ T9257] FAULT_INJECTION: forcing a failure. [ 595.075519][ T9257] name failslab, interval 1, probability 0, space 0, times 0 [ 595.089147][ T9257] CPU: 1 PID: 9257 Comm: syz.3.1926 Not tainted 6.1.99-syzkaller-00108-gd4dab27b9d1c #0 [ 595.097105][ T8991] EXT4-fs (loop4): unmounting filesystem. [ 595.098700][ T9257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 595.098716][ T9257] Call Trace: [ 595.098722][ T9257] [ 595.098731][ T9257] dump_stack_lvl+0x151/0x1b7 [ 595.098760][ T9257] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 595.098782][ T9257] ? release_sock+0x163/0x1b0 [ 595.098804][ T9257] dump_stack+0x15/0x1c [ 595.139067][ T9257] should_fail_ex+0x3d0/0x520 [ 595.143572][ T9257] ? __alloc_skb+0xcc/0x2d0 [ 595.147914][ T9257] __should_failslab+0xaf/0xf0 [ 595.152514][ T9257] should_failslab+0x9/0x20 [ 595.156862][ T9257] kmem_cache_alloc_node+0x3e/0x2d0 [ 595.162418][ T9257] __alloc_skb+0xcc/0x2d0 [ 595.166672][ T9257] netlink_sendmsg+0x7a6/0xd30 [ 595.171359][ T9257] ? netlink_getsockopt+0x540/0x540 [ 595.176479][ T9257] ? security_socket_sendmsg+0x82/0xb0 [ 595.181769][ T9257] ? netlink_getsockopt+0x540/0x540 [ 595.186803][ T9257] ____sys_sendmsg+0x5d3/0x9a0 [ 595.191545][ T9257] ? __sys_sendmsg_sock+0x40/0x40 [ 595.196387][ T9257] __sys_sendmsg+0x2a9/0x390 [ 595.201104][ T9257] ? ____sys_sendmsg+0x9a0/0x9a0 [ 595.205854][ T9257] ? __kasan_check_write+0x14/0x20 [ 595.210793][ T9257] ? mutex_unlock+0xb2/0x260 [ 595.215394][ T9257] ? __kasan_check_write+0x14/0x20 [ 595.220356][ T9257] ? __ia32_sys_read+0x90/0x90 [ 595.224935][ T9257] ? debug_smp_processor_id+0x17/0x20 [ 595.230229][ T9257] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 595.236132][ T9257] __x64_sys_sendmsg+0x7f/0x90 [ 595.240915][ T9257] x64_sys_call+0x16a/0x9a0 [ 595.245256][ T9257] do_syscall_64+0x3b/0xb0 [ 595.249527][ T9257] ? clear_bhb_loop+0x55/0xb0 [ 595.254020][ T9257] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 595.259749][ T9257] RIP: 0033:0x7f4439f7dff9 [ 595.264100][ T9257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.283531][ T9257] RSP: 002b:00007f443addd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 595.291811][ T9257] RAX: ffffffffffffffda RBX: 00007f443a135f80 RCX: 00007f4439f7dff9 [ 595.299627][ T9257] RDX: 00000000000088c0 RSI: 0000000020000340 RDI: 0000000000000003 [ 595.307532][ T9257] RBP: 00007f443addd090 R08: 0000000000000000 R09: 0000000000000000 [ 595.315870][ T9257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 595.323798][ T9257] R13: 0000000000000000 R14: 00007f443a135f80 R15: 00007fffdb4e1b18 [ 595.331591][ T9257] [ 595.372210][ T9262] loop4: detected capacity change from 0 to 512 [ 595.407065][ T28] audit: type=1400 audit(1728267847.515:437): avc: denied { ioctl } for pid=9260 comm="syz.3.1928" path="socket:[57033]" dev="sockfs" ino=57033 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 595.477907][ T9262] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 595.497165][ T9262] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038 (0x7fffffff) [ 595.651427][ T9265] loop1: detected capacity change from 0 to 8192 [ 595.742544][ T9265] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 595.798679][ T2029] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 596.128654][ T672] usbhid 2-1:0.0: can't add hid device: -71 [ 596.134830][ T672] usbhid: probe of 2-1:0.0 failed with error -71 [ 596.170690][ T672] usb 2-1: USB disconnect, device number 49 [ 596.188666][ T2029] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.224465][ T2029] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.244651][ T2029] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 596.274928][ T2029] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.298823][ T2029] usb 4-1: config 0 descriptor?? [ 596.472747][ T9277] loop2: detected capacity change from 0 to 40427 [ 596.489559][ T9277] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 596.499731][ T9277] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 596.511484][ T8991] EXT4-fs (loop4): unmounting filesystem. [ 596.530953][ T9277] F2FS-fs (loop2): Found nat_bits in checkpoint [ 596.593623][ T9277] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 596.601022][ T9277] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 597.236199][ T9295] syz.2.1931: attempt to access beyond end of device [ 597.236199][ T9295] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 597.554911][ T2029] hid (null): bogus close delimiter [ 597.564125][ T9036] syz-executor: attempt to access beyond end of device [ 597.564125][ T9036] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 597.618739][ T2029] usb 4-1: language id specifier not provided by device, defaulting to English [ 597.628599][ T6244] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 597.901017][ T2029] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input30 [ 597.914378][ T9310] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1938'. [ 597.915506][ T2029] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input31 [ 597.935783][ T9312] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1935'. [ 597.947403][ T2029] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input32 [ 597.961529][ T2029] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input33 [ 597.976719][ T2029] uclogic 0003:256C:006D.001A: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 598.038641][ T6244] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.051518][ T6244] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.078730][ T6244] usb 2-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 598.087673][ T6244] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.096308][ T6244] usb 2-1: config 0 descriptor?? [ 598.168762][ T2029] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 598.479543][ T9292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 598.490212][ T9292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 598.548729][ T2029] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 598.559436][ T2029] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 598.568477][ T2029] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 598.577495][ T2029] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.794128][ T9320] loop1: detected capacity change from 0 to 8192 [ 598.806808][ T9320] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 598.918576][ T672] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 599.028634][ C0] uclogic 0003:256C:006D.001A: usb_submit_urb(ctrl) failed: -1 [ 599.033652][ T9309] loop2: detected capacity change from 0 to 512 [ 599.044991][ T9309] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.1936: casefold flag without casefold feature [ 599.057757][ T9309] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1936: missing EA_INODE flag [ 599.069654][ T9309] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1936: error while reading EA inode 12 err=-117 [ 599.079665][ T6244] usbhid 2-1:0.0: can't add hid device: -71 [ 599.082413][ T9309] EXT4-fs (loop2): 1 orphan inode deleted [ 599.087474][ T6244] usbhid: probe of 2-1:0.0 failed with error -71 [ 599.093319][ T9309] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 599.103423][ T6244] usb 2-1: USB disconnect, device number 50 [ 599.481981][ T672] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 599.492653][ T672] usb 1-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 599.501748][ T672] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 599.509280][ T9326] loop4: detected capacity change from 0 to 128 [ 599.511189][ T672] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.529763][ T9326] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 599.538396][ T9326] ext4 filesystem being mounted at /13/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 599.948803][ T4901] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 600.004252][ T28] audit: type=1400 audit(1728267852.065:438): avc: denied { mount } for pid=9333 comm="syz.3.1943" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 600.023254][ T9319] loop0: detected capacity change from 0 to 512 [ 600.027934][ T2029] usb 4-1: USB disconnect, device number 60 [ 600.041935][ T9319] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz.0.1940: casefold flag without casefold feature [ 600.055036][ T9319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.1940: missing EA_INODE flag [ 600.066778][ T9319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1940: error while reading EA inode 12 err=-117 [ 600.079271][ T9319] EXT4-fs (loop0): 1 orphan inode deleted [ 600.084892][ T9319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 600.225624][ T9339] tipc: Started in network mode [ 600.230504][ T9339] tipc: Node identity 00000500000000000000000000000001, cluster identity 4711 [ 600.239339][ T9339] tipc: Enabling of bearer rejected, failed to enable media [ 600.473979][ T4901] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 600.484252][ T4901] usb 2-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 600.493347][ T4901] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 600.502450][ T4901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.751965][ T9329] loop1: detected capacity change from 0 to 512 [ 600.761139][ T9329] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.1942: casefold flag without casefold feature [ 600.774385][ T9329] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.1942: missing EA_INODE flag [ 600.786082][ T9329] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1942: error while reading EA inode 12 err=-117 [ 600.798548][ T9329] EXT4-fs (loop1): 1 orphan inode deleted [ 600.804153][ T9329] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 600.889879][ T627] usb 3-1: USB disconnect, device number 65 [ 600.891880][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 600.998615][ T2029] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 601.298644][ T2029] usb 4-1: device descriptor read/64, error -71 [ 601.718615][ T2029] usb 4-1: device descriptor read/64, error -71 [ 601.829608][ T4901] usb 1-1: USB disconnect, device number 58 [ 601.857390][ T9235] EXT4-fs (loop0): unmounting filesystem. [ 601.985461][ T9354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1947'. [ 602.198604][ T2029] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 602.477487][ T9362] syz.0.1948[9362] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 602.477544][ T9362] syz.0.1948[9362] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 602.498642][ T2029] usb 4-1: device descriptor read/64, error -71 [ 602.665685][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 602.688799][ T4901] usb 2-1: USB disconnect, device number 51 [ 602.690887][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 602.718043][ T8991] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 602.731487][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 602.731714][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 602.746077][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 602.764900][ T8991] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 602.779401][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 602.817460][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192 [ 602.831760][ T8991] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 602.848930][ T8991] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024 [ 602.851591][ T9371] loop2: detected capacity change from 0 to 512 [ 602.890622][ T9371] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 602.918769][ T9371] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038 (0x7fffffff) [ 602.964151][ T9375] loop1: detected capacity change from 0 to 128 [ 602.973392][ T9375] FAT-fs (loop1): Unrecognized mount option "         000000000000000000000xffffffffffffffff18446744073709551615 " or missing value [ 603.041223][ T9375] 9pnet_fd: Insufficient options for proto=fd [ 603.155842][ T2029] usb 4-1: device descriptor read/64, error -71 [ 603.203707][ T8991] EXT4-fs (loop4): unmounting filesystem. [ 603.279536][ T2029] usb usb4-port1: attempt power cycle [ 603.508193][ T9382] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.530664][ T9382] bridge0: port 1(bridge_slave_0) entered disabled state [ 603.538806][ T9382] device bridge_slave_0 entered promiscuous mode [ 603.548072][ T9382] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.555122][ T9382] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.563136][ T9382] device bridge_slave_1 entered promiscuous mode [ 603.645969][ T9382] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.652878][ T9382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.659987][ T9382] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.666830][ T9382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 603.698944][ T2029] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 603.713291][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 603.727525][ T6244] bridge0: port 1(bridge_slave_0) entered disabled state [ 603.768269][ T6244] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.800066][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 603.808104][ T6244] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.815015][ T6244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 603.825753][ T2029] usb 4-1: device descriptor read/8, error -71 [ 603.868706][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 603.876851][ T6244] bridge0: port 2(bridge_slave_1) entered blocking state [ 603.883801][ T6244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 603.892207][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 604.116577][ T9397] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1957'. [ 604.180578][ T6244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 604.229680][ T351] device bridge_slave_1 left promiscuous mode [ 604.236265][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 604.242982][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.278217][ T351] device bridge_slave_0 left promiscuous mode [ 604.305146][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.317532][ T9407] loop2: detected capacity change from 0 to 1024 [ 604.323872][ T2029] usb 4-1: device descriptor read/8, error -71 [ 604.347489][ T9407] EXT4-fs error (device loop2): __ext4_fill_super:5386: inode #2: comm syz.2.1960: casefold flag without casefold feature [ 604.369712][ T9407] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 604.392665][ T9407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 604.405208][ T351] device veth1_macvtap left promiscuous mode [ 604.414227][ T351] device veth0_vlan left promiscuous mode [ 604.688219][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 604.792323][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 604.802683][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 604.833340][ T9382] device veth0_vlan entered promiscuous mode [ 604.846131][ T627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 604.856099][ T627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 604.878864][ T9382] device veth1_macvtap entered promiscuous mode [ 604.891632][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 604.899403][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 604.968032][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 604.976374][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 604.984776][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 604.995946][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 605.007634][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 605.021184][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 605.029476][ T627] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 605.039883][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 605.384438][ T9428] bridge: RTM_NEWNEIGH with invalid ether address [ 605.611335][ T9434] loop1: detected capacity change from 0 to 128 [ 605.617829][ T9434] FAT-fs (loop1): Unrecognized mount option "         000000000000000000000xffffffffffffffff18446744073709551615 " or missing value [ 605.667202][ T9434] 9pnet_fd: Insufficient options for proto=fd [ 605.714348][ T627] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 605.725013][ T334] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 605.797336][ T627] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 605.935134][ T627] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 605.955236][ T627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.081238][ T9440] loop3: detected capacity change from 0 to 512 [ 606.111805][ T9440] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 606.120867][ T9440] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038 (0x7fffffff) [ 606.126907][ T9430] loop4: detected capacity change from 0 to 40427 [ 606.139320][ T9430] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 606.150783][ T9430] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 606.221789][ T9416] loop2: detected capacity change from 0 to 512 [ 606.238114][ T9430] F2FS-fs (loop4): Found nat_bits in checkpoint [ 606.239404][ T9416] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.1963: casefold flag without casefold feature [ 606.260478][ T9416] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1963: missing EA_INODE flag [ 606.318416][ T9450] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1969'. [ 606.354052][ T9416] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1963: error while reading EA inode 12 err=-117 [ 606.371763][ T9454] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1969'. [ 606.441047][ T9416] EXT4-fs (loop2): 1 orphan inode deleted [ 606.457544][ T9416] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 606.467122][ T9430] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 606.477175][ T9430] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 606.593135][ T627] usb 3-1: USB disconnect, device number 66 [ 606.708440][ T9460] syz.4.1955: attempt to access beyond end of device [ 606.708440][ T9460] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 606.795869][ T9462] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1971'. [ 606.992294][ T9382] syz-executor: attempt to access beyond end of device [ 606.992294][ T9382] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 607.136865][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 607.236604][ T8497] EXT4-fs (loop3): unmounting filesystem. [ 607.259985][ T9468] loop2: detected capacity change from 0 to 1024 [ 607.521202][ T9468] EXT4-fs error (device loop2): __ext4_fill_super:5386: inode #2: comm syz.2.1974: casefold flag without casefold feature [ 607.603937][ T9468] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 607.629351][ T9468] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 607.758401][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 607.765404][ T9477] loop4: detected capacity change from 0 to 1024 [ 607.797671][ T9480] loop1: detected capacity change from 0 to 512 [ 607.811863][ T9477] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz.4.1972: casefold flag without casefold feature [ 607.825831][ T9480] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 607.831757][ T9477] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 607.846112][ T9480] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038 (0x7fffffff) [ 607.862431][ T9477] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 608.897077][ T9382] EXT4-fs (loop4): unmounting filesystem. [ 608.906725][ T9495] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1975'. [ 608.922919][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 608.942355][ T9489] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1975'. [ 608.958852][ T6] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 608.959909][ T9499] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1976'. [ 609.208649][ T39] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 609.578636][ T39] usb 5-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 609.597109][ T39] usb 5-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 609.610292][ T39] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 609.620633][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.628777][ T6] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 609.648100][ T6] usb 1-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 609.657771][ T6] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 609.666806][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.911404][ T9498] loop4: detected capacity change from 0 to 512 [ 609.912966][ T9491] loop0: detected capacity change from 0 to 512 [ 609.944299][ T9491] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz.0.1978: casefold flag without casefold feature [ 609.962473][ T9491] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.1978: missing EA_INODE flag [ 609.974230][ T9491] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1978: error while reading EA inode 12 err=-117 [ 609.986943][ T9498] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.1980: casefold flag without casefold feature [ 609.987278][ T9491] EXT4-fs (loop0): 1 orphan inode deleted [ 610.006168][ T9518] bridge: RTM_NEWNEIGH with invalid ether address [ 610.012669][ T9498] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.1980: missing EA_INODE flag [ 610.013163][ T9491] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 610.035543][ T9498] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1980: error while reading EA inode 12 err=-117 [ 610.048848][ T9498] EXT4-fs (loop4): 1 orphan inode deleted [ 610.054448][ T9498] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 610.218608][ T39] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 610.533676][ T2029] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 610.588627][ T39] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 610.606165][ T39] usb 2-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 610.629256][ T39] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 610.651501][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.911988][ T9511] loop1: detected capacity change from 0 to 512 [ 610.920783][ T9511] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.1983: casefold flag without casefold feature [ 610.933648][ T9511] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.1983: missing EA_INODE flag [ 610.945247][ T2029] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 610.945641][ T9511] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1983: error while reading EA inode 12 err=-117 [ 610.955722][ T2029] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 610.968369][ T9511] EXT4-fs (loop1): 1 orphan inode deleted [ 610.976832][ T2029] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 610.984031][ T9511] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 610.990975][ T2029] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.018627][ T6] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 611.066043][ T2029] usb 2-1: USB disconnect, device number 52 [ 611.253984][ T9517] loop2: detected capacity change from 0 to 512 [ 611.262814][ T9517] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.1984: casefold flag without casefold feature [ 611.268581][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 611.278346][ T9517] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1984: missing EA_INODE flag [ 611.292380][ T9517] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1984: error while reading EA inode 12 err=-117 [ 611.304773][ T9517] EXT4-fs (loop2): 1 orphan inode deleted [ 611.310837][ T9517] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 611.375285][ T2029] usb 3-1: USB disconnect, device number 67 [ 611.418679][ T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 611.427554][ T6] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 611.437036][ T6] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 611.446700][ T6] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 611.456471][ T6] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 611.466005][ T6] usb 4-1: config 1 interface 0 has no altsetting 0 [ 611.472424][ T6] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 611.481363][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.539432][ T6] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 611.602287][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 611.663830][ T9535] loop1: detected capacity change from 0 to 1024 [ 611.679479][ T9535] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz.1.1987: casefold flag without casefold feature [ 611.692398][ T9535] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 611.702424][ T9535] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 611.796995][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 611.810956][ T39] usb 1-1: USB disconnect, device number 59 [ 611.906019][ T9235] EXT4-fs (loop0): unmounting filesystem. [ 612.190019][ T4901] usb 5-1: USB disconnect, device number 66 [ 612.205200][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 612.205574][ T9382] EXT4-fs (loop4): unmounting filesystem. [ 612.218657][ T6] scsi host1: usb-storage 4-1:1.0 [ 612.247301][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1990'. [ 612.304292][ T9555] loop2: detected capacity change from 0 to 16 [ 612.314489][ T9555] erofs: (device loop2): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 613.102487][ T4901] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 613.301261][ T9574] loop4: detected capacity change from 0 to 128 [ 613.309064][ T9574] FAT-fs (loop4): Unrecognized mount option "         000000000000000000000xffffffffffffffff18446744073709551615 " or missing value [ 613.381435][ T9574] 9pnet_fd: Insufficient options for proto=fd [ 613.458714][ T4901] usb 2-1: Using ep0 maxpacket: 16 [ 613.537293][ T9577] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1996'. [ 613.549430][ T2029] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 613.578640][ T4901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.589589][ T4901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.599462][ T4901] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 613.608391][ T4901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.620579][ T4901] usb 2-1: config 0 descriptor?? [ 613.784608][ T320] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 614.168697][ T9547] usb 4-1: reset high-speed USB device number 65 using dummy_hcd [ 614.208655][ T320] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 614.219124][ T320] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 614.227986][ T320] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 614.229190][ T9547] usb 4-1: device reset changed ep0 maxpacket size! [ 614.237614][ T320] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.251510][ T24] usb 4-1: USB disconnect, device number 65 [ 614.278864][ T351] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=0x07 driverbyte=DRIVER_OK [ 614.288652][ T351] sd 1:0:0:0: [sdb] Sense not available. [ 614.288666][ T5152] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 614.294181][ T351] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 614.313879][ T351] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 614.319703][ T351] sd 1:0:0:0: [sdb] Write Protect is off [ 614.325136][ T351] sd 1:0:0:0: [sdb] Asking for cache data failed [ 614.331287][ T351] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 614.340738][ T351] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 614.511485][ T9576] loop2: detected capacity change from 0 to 512 [ 614.520496][ T9576] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.1997: casefold flag without casefold feature [ 614.533406][ T9576] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1997: missing EA_INODE flag [ 614.545123][ T9576] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1997: error while reading EA inode 12 err=-117 [ 614.557577][ T9576] EXT4-fs (loop2): 1 orphan inode deleted [ 614.563365][ T9576] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 614.622826][ T24] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 614.633019][ T2029] usb 3-1: USB disconnect, device number 68 [ 614.678654][ T5152] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 614.689194][ T5152] usb 1-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 614.698074][ T5152] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 614.706966][ T5152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.856632][ T9593] loop4: detected capacity change from 0 to 512 [ 614.870724][ T9593] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 614.879997][ T9593] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038 (0x7fffffff) [ 614.962280][ T9585] loop0: detected capacity change from 0 to 512 [ 614.971508][ T9585] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz.0.2001: casefold flag without casefold feature [ 614.984290][ T9585] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.2001: missing EA_INODE flag [ 614.996090][ T9585] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.2001: error while reading EA inode 12 err=-117 [ 615.008934][ T9585] EXT4-fs (loop0): 1 orphan inode deleted [ 615.014710][ T9585] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 615.024017][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.041212][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.052742][ T24] usb 4-1: New USB device found, idVendor=24b4, idProduct=07b1, bcdDevice= 0.00 [ 615.230150][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.239244][ T24] usb 4-1: config 0 descriptor?? [ 615.248890][ T320] usb 1-1: USB disconnect, device number 60 [ 615.277809][ T9036] EXT4-fs (loop2): unmounting filesystem. [ 615.295478][ T9601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2003'. [ 615.740325][ T9382] EXT4-fs (loop4): unmounting filesystem. [ 615.785565][ T9235] EXT4-fs (loop0): unmounting filesystem. [ 615.880079][ T9616] loop1: detected capacity change from 0 to 1024 [ 615.905271][ T28] audit: type=1400 audit(1728267868.015:439): avc: denied { read } for pid=9609 comm="syz.0.2006" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 615.938617][ T4901] usbhid 2-1:0.0: can't add hid device: -71 [ 615.939197][ T28] audit: type=1400 audit(1728267868.045:440): avc: denied { open } for pid=9609 comm="syz.0.2006" path="/dev/ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 615.944549][ T4901] usbhid: probe of 2-1:0.0 failed with error -71 [ 615.968171][ T28] audit: type=1400 audit(1728267868.045:441): avc: denied { setopt } for pid=9609 comm="syz.0.2006" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 615.987592][ T9606] loop3: detected capacity change from 0 to 8192 [ 615.996200][ T9616] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz.1.2008: casefold flag without casefold feature [ 616.001173][ T4901] usb 2-1: USB disconnect, device number 53 [ 616.121474][ T9616] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 616.205506][ T9606] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 616.299057][ T9616] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 616.604707][ T9628] loop2: detected capacity change from 0 to 256 [ 616.827772][ T9628] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 616.902854][ T28] audit: type=1400 audit(1728267868.995:442): avc: denied { remove_name } for pid=9622 comm="syz.2.2009" name="file0" dev="loop2" ino=1048964 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 616.926329][ T9630] loop0: detected capacity change from 0 to 128 [ 616.934296][ T9630] FAT-fs (loop0): Unrecognized mount option "         000000000000000000000xffffffffffffffff18446744073709551615 " or missing value [ 616.969192][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 617.006319][ T9630] 9pnet_fd: Insufficient options for proto=fd [ 617.121126][ T28] audit: type=1400 audit(1728267868.995:443): avc: denied { rename } for pid=9622 comm="syz.2.2009" name="file0" dev="loop2" ino=1048964 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 617.138073][ T9634] loop1: detected capacity change from 0 to 128 [ 617.187698][ T9634] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 617.204491][ T9634] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 617.217036][ T9640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2013'. [ 617.244550][ T24] usbhid 4-1:0.0: can't add hid device: -71 [ 617.287608][ T9642] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2014'. [ 617.381891][ T24] usbhid: probe of 4-1:0.0 failed with error -71 [ 617.391077][ T24] usb 4-1: USB disconnect, device number 66 [ 617.424139][ T335] udevd[335]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 617.767846][ T9638] udevd[9638]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 617.825339][ T9669] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2024'. [ 617.908658][ T5152] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 617.998465][ T9089] EXT4-fs (loop1): unmounting filesystem. [ 618.012973][ T9678] loop2: detected capacity change from 0 to 7 [ 618.028804][ T6244] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 618.168627][ T5152] usb 3-1: Using ep0 maxpacket: 8 [ 618.229188][ T9699] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2037'. [ 618.278627][ T6244] usb 5-1: Using ep0 maxpacket: 8 [ 618.408655][ T6244] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 618.418642][ T6244] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 618.448594][ T24] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 618.478677][ T5152] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 618.487676][ T5152] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.495511][ T5152] usb 3-1: Product: syz [ 618.499565][ T5152] usb 3-1: Manufacturer: syz [ 618.503892][ T5152] usb 3-1: SerialNumber: syz [ 618.511479][ T5152] usb 3-1: config 0 descriptor?? [ 618.524211][ T9708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2041'. [ 618.548726][ T2029] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 618.578627][ T6244] usb 5-1: New USB device found, idVendor=087d, idProduct=5704, bcdDevice=be.0e [ 618.587510][ T6244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.595774][ T6244] usb 5-1: Product: syz [ 618.599790][ T6244] usb 5-1: Manufacturer: syz [ 618.604178][ T6244] usb 5-1: SerialNumber: syz [ 618.609518][ T6244] usb 5-1: config 0 descriptor?? [ 618.688628][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 618.788599][ T2029] usb 4-1: Using ep0 maxpacket: 8 [ 618.789613][ T9718] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2045'. [ 618.808641][ T24] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 618.825437][ T28] audit: type=1400 audit(1728267870.935:444): avc: denied { bind } for pid=9721 comm="syz.0.2047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 618.862115][ T28] audit: type=1400 audit(1728267870.975:445): avc: denied { write } for pid=9725 comm="syz.0.2049" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 618.862207][ T9726] random: crng reseeded on system resumption [ 618.885368][ T28] audit: type=1400 audit(1728267870.975:446): avc: denied { open } for pid=9725 comm="syz.0.2049" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 618.978660][ T24] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 618.987589][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.995352][ T24] usb 2-1: Product: syz [ 618.999370][ T24] usb 2-1: Manufacturer: syz [ 619.003735][ T24] usb 2-1: SerialNumber: syz [ 619.009105][ T24] usb 2-1: config 0 descriptor?? [ 619.138636][ T2029] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 619.147858][ T2029] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.155631][ T2029] usb 4-1: Product: syz [ 619.159639][ T2029] usb 4-1: Manufacturer: syz [ 619.164195][ T2029] usb 4-1: SerialNumber: syz [ 619.169625][ T2029] usb 4-1: config 0 descriptor?? [ 619.772501][ T28] audit: type=1400 audit(1728267871.885:447): avc: denied { create } for pid=9734 comm="syz.0.2052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 620.343347][ T9746] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 620.383457][ T28] audit: type=1400 audit(1728267872.495:448): avc: denied { bind } for pid=9749 comm="syz.0.2058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 620.386743][ T4901] usb 3-1: USB disconnect, device number 69 [ 620.403851][ T9750] tipc: Failed to remove unknown binding: 66,1,1/0:341456262/341456264 [ 620.422148][ T9750] tipc: Failed to remove unknown binding: 66,1,1/0:341456262/341456264 [ 620.776859][ T765] usb 5-1: USB disconnect, device number 67 [ 620.809111][ T4901] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 621.048575][ T4901] usb 3-1: Using ep0 maxpacket: 8 [ 621.048579][ T2029] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 621.187643][ T24] usb 2-1: USB disconnect, device number 54 [ 621.193962][ T765] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 621.276896][ T320] usb 4-1: USB disconnect, device number 67 [ 621.328748][ T2029] usb 1-1: Using ep0 maxpacket: 8 [ 621.338673][ T4901] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 621.347543][ T4901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.355446][ T4901] usb 3-1: Product: syz [ 621.359481][ T4901] usb 3-1: Manufacturer: syz [ 621.363854][ T4901] usb 3-1: SerialNumber: syz [ 621.369253][ T4901] usb 3-1: config 0 descriptor?? [ 621.468732][ T2029] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 621.476925][ T2029] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 621.487080][ T2029] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 621.496768][ T2029] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 621.506328][ T2029] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 621.518978][ T2029] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 621.527775][ T2029] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.558630][ T765] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.608655][ T24] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 621.613938][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 621.613954][ T28] audit: type=1400 audit(1728267873.725:451): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1945 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 621.643549][ T28] audit: type=1400 audit(1728267873.725:452): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1945 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 621.666032][ T28] audit: type=1400 audit(1728267873.725:453): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1945 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 621.688590][ T320] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 621.738654][ T765] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 621.747531][ T765] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.755526][ T765] usb 5-1: Product: syz [ 621.759525][ T765] usb 5-1: Manufacturer: syz [ 621.763923][ T765] usb 5-1: SerialNumber: syz [ 621.780879][ T4901] usb 1-1: USB disconnect, device number 61 [ 621.868616][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 621.928657][ T320] usb 4-1: Using ep0 maxpacket: 16 [ 621.988685][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 622.000012][ T24] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 622.009135][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.017478][ T24] usb 2-1: config 0 descriptor?? [ 622.048791][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 622.060201][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 622.069776][ T320] usb 4-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 622.078615][ T320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.087018][ T320] usb 4-1: config 0 descriptor?? [ 622.469063][ T9818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2086'. [ 622.512229][ T9824] device erspan0 entered promiscuous mode [ 622.517788][ T9824] device vlan2 entered promiscuous mode [ 622.524354][ T9824] device erspan0 left promiscuous mode [ 622.539197][ T9800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 622.547551][ T9800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 622.570017][ T320] hid-led 0003:1D34:0004.001B: unknown main item tag 0xd [ 622.580603][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x1 [ 622.588048][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x1 [ 622.597602][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.604888][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.612404][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.620663][ T28] audit: type=1400 audit(1728267874.735:454): avc: denied { read write } for pid=9827 comm="syz.0.2091" name="uhid" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 622.621763][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.651716][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.659248][ T28] audit: type=1400 audit(1728267874.765:455): avc: denied { open } for pid=9827 comm="syz.0.2091" path="/dev/uhid" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 622.663232][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.684717][ T28] audit: type=1400 audit(1728267874.805:456): avc: denied { write } for pid=9829 comm="syz.0.2092" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 622.689971][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.719973][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.727133][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.734383][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.741881][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.749132][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.756292][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.763541][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.770714][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.777905][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.785577][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.792979][ T320] hid-led 0003:1D34:0004.001B: hidraw0: USB HID v0.00 Device [HID 1d34:0004] on usb-dummy_hcd.3-1/input0 [ 622.805047][ T320] hid-led 0003:1D34:0004.001B: Dream Cheeky Webmail Notifier initialized [ 622.813347][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.820558][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.827703][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.835962][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.843255][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.850420][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.857596][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.864824][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.872007][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.879235][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.886489][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.893839][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.901147][ T765] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 622.907402][ T765] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 622.914839][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.922037][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.929221][ T765] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 622.934718][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.941918][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.949202][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.956456][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.963729][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.970894][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.978070][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.985357][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 622.987988][ T2029] usb 4-1: USB disconnect, device number 68 [ 622.992534][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.005458][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.012651][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.019853][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.027023][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.034403][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.041565][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.048783][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.055953][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.063188][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.070380][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.077561][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.084801][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.091987][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.099196][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.106387][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.113663][ T765] cdc_ncm 5-1:1.0: setting tx_max = 88 [ 623.120309][ T765] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 623.131055][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.138198][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.149187][ T765] usb 5-1: USB disconnect, device number 68 [ 623.154945][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.159141][ T28] audit: type=1400 audit(1728267875.275:457): avc: denied { read } for pid=140 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 623.162433][ T765] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 623.191766][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.194887][ T28] audit: type=1400 audit(1728267875.305:458): avc: denied { search } for pid=140 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 623.204575][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.221764][ T28] audit: type=1400 audit(1728267875.305:459): avc: denied { read } for pid=140 comm="dhcpcd" name="n15" dev="tmpfs" ino=19370 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 623.235596][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.249564][ T28] audit: type=1400 audit(1728267875.305:460): avc: denied { open } for pid=140 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=19370 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 623.256423][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.287584][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.301631][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.317303][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.324790][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.333543][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.341345][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.355099][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.367337][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.376522][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.386473][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.402073][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.411303][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.421422][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.430695][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.431627][ T2029] usb 3-1: USB disconnect, device number 70 [ 623.437913][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.437940][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.465648][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.475646][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.485553][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.498497][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.506280][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.521266][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.534115][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.547463][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.565992][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.579780][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.587098][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.595253][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.602753][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.610159][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.617550][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.625018][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.632985][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.647835][ T9874] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2103'. [ 623.656698][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.664071][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.676523][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.689755][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.698382][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.706077][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.713731][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.721141][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.728418][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.735594][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.742805][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.750004][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.757252][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.764515][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.771695][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.778895][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.786194][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.793426][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.800618][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.807799][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.815050][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.822212][ T6244] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 623.822253][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.836802][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.844033][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.848643][ T5152] usb 1-1: new full-speed USB device number 62 using dummy_hcd [ 623.851224][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.865878][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.873115][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.880414][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.887597][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.894873][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.902024][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.909230][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.916409][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.923642][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.928627][ T2029] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 623.930844][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.945433][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.952625][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.959840][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.967023][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.974281][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.981439][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.988647][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 623.995835][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.003065][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.010449][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.017615][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.025277][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.032506][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.039709][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.046882][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.054123][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.061303][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.068488][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.075746][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.082914][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.090131][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.097309][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.104552][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.111924][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.119131][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.126310][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.133551][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.140768][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.147922][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.155156][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.162349][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.169561][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.176739][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.183982][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.188716][ T6244] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 624.191271][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.201248][ T6244] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 624.207992][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.218662][ T5152] usb 1-1: config 9 has an invalid interface number: 109 but max is 0 [ 624.224852][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.233333][ T5152] usb 1-1: config 9 has no interface number 0 [ 624.240127][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.246386][ T5152] usb 1-1: config 9 interface 109 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 624.253242][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.253266][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.253287][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.264674][ T5152] usb 1-1: config 9 interface 109 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 624.271280][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.298654][ T2029] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 624.303658][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.320751][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.327930][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.335165][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.342404][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.349569][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.356852][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.364180][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.371352][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.378564][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.385738][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.388671][ T6244] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 624.393056][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x2 [ 624.402606][ T6244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.409195][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.417367][ T6244] usb 4-1: Product: syz [ 624.424460][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.428616][ T6244] usb 4-1: Manufacturer: syz [ 624.436720][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.440670][ T5152] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=b5.f2 [ 624.447290][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.456625][ T6244] usb 4-1: SerialNumber: syz [ 624.463368][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.463395][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.463417][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.468281][ T5152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.475011][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.482561][ T2029] usb 3-1: New USB device found, idVendor=1110, idProduct=9001, bcdDevice=b2.a9 [ 624.489546][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.502451][ T6244] usb 4-1: config 0 descriptor?? [ 624.504943][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.513923][ T5152] usb 1-1: Product: syz [ 624.521364][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.527158][ T2029] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.533129][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.537297][ T2029] usb 3-1: Product: syz [ 624.544319][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.552084][ T9861] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 624.559465][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.563203][ T5152] usb 1-1: Manufacturer: syz [ 624.570573][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.577335][ T9861] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 624.584742][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.588918][ T2029] usb 3-1: Manufacturer: syz [ 624.596414][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.603131][ T5152] usb 1-1: SerialNumber: syz [ 624.610667][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.614832][ T2029] usb 3-1: SerialNumber: syz [ 624.622390][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.637048][ T2029] usb 3-1: config 0 descriptor?? [ 624.638493][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.648710][ T9866] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 624.650346][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.672208][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.679514][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.686849][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.694198][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.701537][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.708728][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.715903][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.723177][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.730346][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.737519][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.745100][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.752322][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.759471][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.766652][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.773887][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.781073][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.788262][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.795489][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.802690][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.809897][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.817081][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.824325][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.831529][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.831934][ T9861] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 624.838739][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.846282][ T9861] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 624.852963][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.867087][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.874406][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.881604][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.888902][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.892037][ T2029] usb 3-1: USB disconnect, device number 71 [ 624.896148][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.896176][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.916344][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.923578][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.930801][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.938314][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.945642][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x7 [ 624.945948][ T5152] usb 1-1: USB disconnect, device number 62 [ 624.952896][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x3 [ 624.952925][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.973038][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.980597][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.988152][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 624.995472][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.002665][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.010067][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.017234][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.024563][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.031757][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.039060][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.046229][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.053463][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.060667][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.067836][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.075167][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.082547][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.089744][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.097085][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.104302][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.111522][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.118712][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.125887][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.133150][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.140828][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.148011][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.155255][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x3 [ 625.162447][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.169647][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.177613][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.184858][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.192035][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.199243][ T24] hid-generic 0003:0158:0100.001C: unknown main item tag 0x0 [ 625.206415][ T24] hid-generic 0003:0158:0100.001C: collection stack underflow [ 625.213734][ T24] hid-generic 0003:0158:0100.001C: item 0 4 0 12 parsing failed [ 625.221319][ T24] hid-generic: probe of 0003:0158:0100.001C failed with error -22 [ 625.231683][ T24] usb 2-1: USB disconnect, device number 55 [ 625.238846][ T765] ================================================================== [ 625.246722][ T765] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 625.254358][ T765] Read of size 8 at addr ffff88813caa8cf0 by task kworker/1:7/765 [ 625.262003][ T765] [ 625.264195][ T765] CPU: 1 PID: 765 Comm: kworker/1:7 Not tainted 6.1.99-syzkaller-00108-gd4dab27b9d1c #0 [ 625.273711][ T765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 625.283623][ T765] Workqueue: mm_percpu_wq vmstat_update [ 625.288989][ T765] Call Trace: [ 625.292113][ T765] [ 625.294890][ T765] dump_stack_lvl+0x151/0x1b7 [ 625.299410][ T765] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 625.304713][ T765] ? _printk+0xd1/0x111 [ 625.308716][ T765] ? __virt_addr_valid+0x242/0x2f0 [ 625.313638][ T765] print_report+0x158/0x4e0 [ 625.317973][ T765] ? __virt_addr_valid+0x242/0x2f0 [ 625.322923][ T765] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 625.328999][ T765] ? __list_del_entry_valid+0xa6/0x130 [ 625.334291][ T765] kasan_report+0x13c/0x170 [ 625.338737][ T765] ? __list_del_entry_valid+0xa6/0x130 [ 625.344019][ T765] __asan_report_load8_noabort+0x14/0x20 [ 625.349483][ T765] __list_del_entry_valid+0xa6/0x130 [ 625.354604][ T765] process_one_work+0x4d7/0xcb0 [ 625.359380][ T765] worker_thread+0xa60/0x1260 [ 625.363892][ T765] kthread+0x26d/0x300 [ 625.367796][ T765] ? worker_clr_flags+0x1a0/0x1a0 [ 625.372654][ T765] ? kthread_blkcg+0xd0/0xd0 [ 625.377079][ T765] ret_from_fork+0x1f/0x30 [ 625.381337][ T765] [ 625.384208][ T765] [ 625.386418][ T765] Allocated by task 765: [ 625.390467][ T765] kasan_set_track+0x4b/0x70 [ 625.394876][ T765] kasan_save_alloc_info+0x1f/0x30 [ 625.399822][ T765] __kasan_kmalloc+0x9c/0xb0 [ 625.404354][ T765] __kmalloc_node+0xb4/0x1e0 [ 625.408768][ T765] kvmalloc_node+0x221/0x640 [ 625.413184][ T765] alloc_netdev_mqs+0x8c/0xf90 [ 625.417901][ T765] alloc_etherdev_mqs+0x36/0x40 [ 625.422593][ T765] usbnet_probe+0x207/0x27c0 [ 625.427009][ T765] usb_probe_interface+0x5b6/0xa90 [ 625.431961][ T765] really_probe+0x2b8/0x920 [ 625.436296][ T765] __driver_probe_device+0x1a0/0x310 [ 625.441415][ T765] driver_probe_device+0x54/0x3d0 [ 625.446276][ T765] __device_attach_driver+0x2e3/0x490 [ 625.451484][ T765] bus_for_each_drv+0x183/0x200 [ 625.456172][ T765] __device_attach+0x312/0x510 [ 625.460777][ T765] device_initial_probe+0x1a/0x20 [ 625.465636][ T765] bus_probe_device+0xbe/0x1e0 [ 625.470238][ T765] device_add+0xb60/0xf10 [ 625.474393][ T765] usb_set_configuration+0x190f/0x1e80 [ 625.479689][ T765] usb_generic_driver_probe+0x8b/0x150 [ 625.484986][ T765] usb_probe_device+0x144/0x260 [ 625.489676][ T765] really_probe+0x2b8/0x920 [ 625.494011][ T765] __driver_probe_device+0x1a0/0x310 [ 625.499131][ T765] driver_probe_device+0x54/0x3d0 [ 625.503991][ T765] __device_attach_driver+0x2e3/0x490 [ 625.509207][ T765] bus_for_each_drv+0x183/0x200 [ 625.513886][ T765] __device_attach+0x312/0x510 [ 625.518484][ T765] device_initial_probe+0x1a/0x20 [ 625.523346][ T765] bus_probe_device+0xbe/0x1e0 [ 625.527951][ T765] device_add+0xb60/0xf10 [ 625.532112][ T765] usb_new_device+0xf2f/0x1820 [ 625.536712][ T765] hub_event+0x2db1/0x4830 [ 625.541059][ T765] process_one_work+0x73d/0xcb0 [ 625.545746][ T765] worker_thread+0xa60/0x1260 [ 625.550257][ T765] kthread+0x26d/0x300 [ 625.554165][ T765] ret_from_fork+0x1f/0x30 [ 625.558672][ T765] [ 625.560847][ T765] Freed by task 765: [ 625.564588][ T765] kasan_set_track+0x4b/0x70 [ 625.569006][ T765] kasan_save_free_info+0x2b/0x40 [ 625.573878][ T765] ____kasan_slab_free+0x131/0x180 [ 625.578827][ T765] __kasan_slab_free+0x11/0x20 [ 625.583416][ T765] __kmem_cache_free+0x218/0x3b0 [ 625.588189][ T765] kfree+0x7a/0xf0 [ 625.591749][ T765] kvfree+0x35/0x40 [ 625.595390][ T765] netdev_freemem+0x3f/0x60 [ 625.599732][ T765] netdev_release+0x7f/0xb0 [ 625.604069][ T765] device_release+0x95/0x1c0 [ 625.608495][ T765] kobject_put+0x178/0x260 [ 625.612748][ T765] put_device+0x1f/0x30 [ 625.616752][ T765] free_netdev+0x393/0x480 [ 625.620995][ T765] usbnet_disconnect+0x245/0x390 [ 625.625768][ T765] usb_unbind_interface+0x1fa/0x8c0 [ 625.630800][ T765] device_release_driver_internal+0x53e/0x870 [ 625.636701][ T765] device_release_driver+0x19/0x20 [ 625.641653][ T765] bus_remove_device+0x2fa/0x360 [ 625.646424][ T765] device_del+0x663/0xe90 [ 625.650589][ T765] usb_disable_device+0x380/0x720 [ 625.655450][ T765] usb_disconnect+0x32a/0x890 [ 625.659962][ T765] hub_event+0x1ed8/0x4830 [ 625.664215][ T765] process_one_work+0x73d/0xcb0 [ 625.668902][ T765] worker_thread+0xd71/0x1260 [ 625.673417][ T765] kthread+0x26d/0x300 [ 625.677321][ T765] ret_from_fork+0x1f/0x30 [ 625.681576][ T765] [ 625.683746][ T765] Last potentially related work creation: [ 625.689298][ T765] kasan_save_stack+0x3b/0x60 [ 625.693816][ T765] __kasan_record_aux_stack+0xb4/0xc0 [ 625.699020][ T765] kasan_record_aux_stack_noalloc+0xb/0x10 [ 625.704664][ T765] insert_work+0x56/0x310 [ 625.708826][ T765] __queue_work+0x9b6/0xd70 [ 625.713165][ T765] queue_work_on+0x105/0x170 [ 625.717592][ T765] usbnet_link_change+0xeb/0x100 [ 625.722368][ T765] usbnet_probe+0x1dbe/0x27c0 [ 625.726886][ T765] usb_probe_interface+0x5b6/0xa90 [ 625.731832][ T765] really_probe+0x2b8/0x920 [ 625.736169][ T765] __driver_probe_device+0x1a0/0x310 [ 625.741287][ T765] driver_probe_device+0x54/0x3d0 [ 625.746385][ T765] __device_attach_driver+0x2e3/0x490 [ 625.751588][ T765] bus_for_each_drv+0x183/0x200 [ 625.756287][ T765] __device_attach+0x312/0x510 [ 625.760890][ T765] device_initial_probe+0x1a/0x20 [ 625.765740][ T765] bus_probe_device+0xbe/0x1e0 [ 625.770335][ T765] device_add+0xb60/0xf10 [ 625.774503][ T765] usb_set_configuration+0x190f/0x1e80 [ 625.779797][ T765] usb_generic_driver_probe+0x8b/0x150 [ 625.785088][ T765] usb_probe_device+0x144/0x260 [ 625.789775][ T765] really_probe+0x2b8/0x920 [ 625.794115][ T765] __driver_probe_device+0x1a0/0x310 [ 625.799236][ T765] driver_probe_device+0x54/0x3d0 [ 625.804094][ T765] __device_attach_driver+0x2e3/0x490 [ 625.809304][ T765] bus_for_each_drv+0x183/0x200 [ 625.813989][ T765] __device_attach+0x312/0x510 [ 625.818590][ T765] device_initial_probe+0x1a/0x20 [ 625.823450][ T765] bus_probe_device+0xbe/0x1e0 [ 625.828049][ T765] device_add+0xb60/0xf10 [ 625.832217][ T765] usb_new_device+0xf2f/0x1820 [ 625.836817][ T765] hub_event+0x2db1/0x4830 [ 625.841070][ T765] process_one_work+0x73d/0xcb0 [ 625.845755][ T765] worker_thread+0xa60/0x1260 [ 625.850272][ T765] kthread+0x26d/0x300 [ 625.854175][ T765] ret_from_fork+0x1f/0x30 [ 625.858430][ T765] [ 625.860596][ T765] The buggy address belongs to the object at ffff88813caa8000 [ 625.860596][ T765] which belongs to the cache kmalloc-4k of size 4096 [ 625.874569][ T765] The buggy address is located 3312 bytes inside of [ 625.874569][ T765] 4096-byte region [ffff88813caa8000, ffff88813caa9000) [ 625.887851][ T765] [ 625.890020][ T765] The buggy address belongs to the physical page: [ 625.896278][ T765] page:ffffea0004f2aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88813caaa000 pfn:0x13caa8 [ 625.907735][ T765] head:ffffea0004f2aa00 order:3 compound_mapcount:0 compound_pincount:0 [ 625.915886][ T765] flags: 0x4000000000010200(slab|head|zone=1) [ 625.921797][ T765] raw: 4000000000010200 ffffea0004511a08 ffffea0004a96a08 ffff888100043380 [ 625.930212][ T765] raw: ffff88813caaa000 0000000000040002 00000001ffffffff 0000000000000000 [ 625.938625][ T765] page dumped because: kasan: bad access detected [ 625.944909][ T765] page_owner tracks the page as allocated [ 625.950428][ T765] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8991, tgid 8991 (syz-executor), ts 579496404028, free_ts 579032109454 [ 625.973170][ T765] post_alloc_hook+0x213/0x220 [ 625.977766][ T765] prep_new_page+0x1b/0x110 [ 625.982107][ T765] get_page_from_freelist+0x27ea/0x2870 [ 625.987489][ T765] __alloc_pages+0x3a1/0x780 [ 625.991915][ T765] alloc_slab_page+0x6c/0xf0 [ 625.996341][ T765] new_slab+0x90/0x3e0 [ 626.000246][ T765] ___slab_alloc+0x6f9/0xb80 [ 626.004670][ T765] __slab_alloc+0x5d/0xa0 [ 626.008838][ T765] __kmem_cache_alloc_node+0x1af/0x250 [ 626.014148][ T765] kmalloc_trace+0x2a/0xa0 [ 626.018574][ T765] kobject_uevent_env+0x262/0x720 [ 626.023690][ T765] kobject_uevent+0x1f/0x30 [ 626.028021][ T765] __kobject_del+0xee/0x300 [ 626.032364][ T765] kobject_put+0x1cc/0x260 [ 626.036612][ T765] net_rx_queue_update_kobjects+0x42a/0x4a0 [ 626.042343][ T765] netif_set_real_num_rx_queues+0x105/0x1e0 [ 626.048086][ T765] page last free stack trace: [ 626.052586][ T765] free_unref_page_prepare+0x83d/0x850 [ 626.058041][ T765] free_unref_page+0xb2/0x5c0 [ 626.062551][ T765] __free_pages+0x61/0xf0 [ 626.066725][ T765] __vunmap+0x9f3/0xb60 [ 626.070706][ T765] vfree+0x5c/0x80 [ 626.074264][ T765] kcov_close+0x2b/0x50 [ 626.078257][ T765] __fput+0x1e5/0x870 [ 626.082073][ T765] ____fput+0x15/0x20 [ 626.085893][ T765] task_work_run+0x24d/0x2e0 [ 626.090324][ T765] do_exit+0xbd5/0x2b80 [ 626.094310][ T765] do_group_exit+0x21a/0x2d0 [ 626.098911][ T765] __x64_sys_exit_group+0x3f/0x40 [ 626.103773][ T765] x64_sys_call+0x610/0x9a0 [ 626.108144][ T765] do_syscall_64+0x3b/0xb0 [ 626.112364][ T765] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 626.118095][ T765] [ 626.120260][ T765] Memory state around the buggy address: [ 626.125733][ T765] ffff88813caa8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 626.133631][ T765] ffff88813caa8c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 626.141617][ T765] >ffff88813caa8c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 626.149509][ T765] ^ [ 626.157065][ T765] ffff88813caa8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 626.164963][ T765] ffff88813caa8d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 626.172854][ T765] ================================================================== [ 626.180757][ T765] Disabling lock debugging due to kernel taint [ 626.558602][ T765] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 627.238636][ T765] usb 5-1: device not accepting address 69, error -71 [ 627.918700][ T6244] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 627.929615][ T6244] dm9601 4-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet, 5e:14:07:1f:26:20 [ 627.944950][ T6244] usb 4-1: USB disconnect, device number 69 [ 627.951073][ T6244] dm9601 4-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet