last executing test programs: 2.831107192s ago: executing program 0 (id=754): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x100, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000800)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) setsockopt$inet_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r2, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0) 2.812217443s ago: executing program 0 (id=755): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) write$P9_RVERSION(r3, 0x0, 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 2.756156138s ago: executing program 0 (id=756): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="1f769a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000340)) r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x6000000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0xa392, 0x80, 0xa, 0x8}]}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 2.284601981s ago: executing program 2 (id=761): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) gettid() ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x4a16, &(0x7f0000000680)=ANY=[], 0x5, 0x325, &(0x7f00000006c0)="$eJzs3E9IG1kcwPGfMcYkrkkOyy67sPjYvWwvg6Y9l4aiUBqoqCnVQmHUSRsyTSQTLCml6qnX0ntPhR7EozehFXr20lt76aU3L4Ue6qE0JZMZ81cTozFVvx+Q+eW99zNvMi/hN0Mmu3eeP0wnLS2p58XjV/KbiMieSEQ84upzth479km1Vbk09PXDP9Ozczdj8fj4lFITsZnLUaVUaOTNoycBZ9jWoOxE7u1+iX7e+WPnr90fMw9SlkpZKpPNK13NZz/l9XnTUIspK60pNWkaumWoVMYycuX+bLk/aWaXlgpKzywOB5dyhmUpPVNQaaOg8lmVzxWUfl9PZZSmaWo4KGglsT41pcfscPjIyQtdmBC6IJeL6f0iEmjoSaz3ZEIAAKCn6ut/T6mk76j+l5Bd/5cGV+r/jX+380O3N0NO/b/la1b/X/lY/l819b9fRDqp/1/KEer/xoroYqmq/3FWjfgamvpqHpXq/6Dz/rWt3d0YtQPqfwAAAAAAAAAAAAAAAAAAAAAAzoK9YjFcLBbD7tb9q9xC4Dz29nae6I6Djv+giPhLR99dDziXpmfnxG/fuOcNiZjPlhPLifLWGbAtIqYYMiph+W6vB0cpdu88UiUReWuuOPkry4l+uyeWlJSdPyZhidTnF4sTN+LjY6rMyd+/TSlYnR+VsPzePD9am+88v0/+/68qX5OwvF+QrJiyaK/rSv7TMaWu34rX5QfscQAAAAAAnAea2tf0/F3TDuov/8rI/vl10+sD5fPr0abn597w31xTBAAAAADgVFiFx2ndNI3cIUFAWo/pPPC2N9hX1zJw2OD+qj1sdz4++/suIsfdr1dtvqo1gftFipouv9PYOv1dky53/0/seK1Wt3ikjSxv/eRHSg3quPNxLxv5DnidZbIxy3PIShg4sfX854vX307uDXJ1010BrQevdfpc/vpVZwcDp/HZAwAAAOB0VYp+t+VadXdfTyYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAF05Wf9KsLer2PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK/iZwAAAP//qvr7Ag==") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x20242, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8001}) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6}) 2.08099965s ago: executing program 2 (id=763): bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.927515174s ago: executing program 2 (id=764): socket$inet6(0xa, 0x800000000000002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in, 0x0, 0x6c}, 0x0, @in6=@dev}}, 0xe8) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="f368656e065b", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}}}}}, 0x0) 1.899850626s ago: executing program 2 (id=765): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x0, &(0x7f0000000200)={{}, {0x0, 0x989680}}, 0x0) epoll_pwait(r1, &(0x7f00000000c0)=[{}], 0x1, 0x7fffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000040)={0x11}) 1.809941855s ago: executing program 2 (id=767): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000bc0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@norecovery}, {@lazytime}, {@nodelalloc}, {@acl}, {@dioread_lock}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x7a05, 0x1700) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='ext4_ext_remove_space_done\x00', r2}, 0x10) write$cgroup_subtree(r1, 0x0, 0x32600) 1.768693068s ago: executing program 4 (id=768): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r3, 0x80487436, &(0x7f0000005280)) 1.759103319s ago: executing program 4 (id=769): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000005c0)={[{@noauto_da_alloc}, {@grpquota}, {@errors_continue}, {@noauto_da_alloc}, {@nolazytime}, {@errors_continue}, {@grpjquota}, {@errors_remount}, {@nobarrier}]}, 0x1, 0x46a, &(0x7f0000000980)="$eJzs289vFFUcAPDvzLZFQWhFFEFUFI2NP1paUDl40WjiQRMTPeCxtoUACzW0JkKIVmPwaEi8G48m/gWe9GLUk4lXvBsSolxAT2tmd6Zsl93tLpRd6H4+yTbv7bzpe9+deTNv5s0EMLD2Zn+SiPsi4mJEjNayKyp5oazctSvnZv+9cm42iUrl3b+TarmrV87NFmWL9bbkmfE0Iv0iyStZbfHM2RMz5fL86Tw/uXTyw8nFM2dfOHZy5uj80flT04cOHTww9fJL0y+uS5xZfFd3f7KwZ9eb7194e/bwhQ9+/T7Jv4+GODox3EGZvVng/1SqGpc93U1ld4GtdelkqI8NoSuliBjK9+eLMRqluL7xRuONz/vaOOC2ys5Nm1ovXq4AG1gS/W4B0B/FiT67/i0+PRp63BEuv1q7AMrivpZ/akuGIs3LDDdc366nvRFxePm/b7JP3MR9CACAbv2YjX+ebzb+S6N+jLgtnxsai4j7I2J7RDwQETsi4sGIeCgidkbEw51Ve7xINE4N3Tj+SS/daoztZOO/V/K5rdXjv2L0F2OlPLe1Gv9wcuRYeX5//puMx/CmLD/Vpo6fXv/jq1bL6sd/2Ser//CqyaX00lDDDbq5maWZjiagOnD5s4jdQ83iT1ZmApKI2BURu7v719uKxLFnv9vTqlDT+POx8JrWYZ6p8m3EM7XtvxwN8ReS9vOTk/dEeX7/ZLFX3Oi338+/06r+W4p/HWTbf/Pq/b+xyFhSP1+72H0d5//8suU1zdrxN9//R5L3qsejkfy7j2eWlk5PRYwkb9XWqv9++vq6Rb4on8U/vq95/9+er5PF/0hEZDvxoxHxWEQ8nrf9iYh4MiL2tYn/l9eeOt5l/Embf7eusvjnmh7/VprQsP27T5RO/PxDq/o72/4Hq6nx/Jvq8W8NnTbwVn47AAAAuFuk1Wfgk3RiJZ2mExO1Z/h3xOa0vLC49NyRhY9OzdWelR+L4bS40zVadz90KlnOnyaO6tX3dH6vuFh+IL9v/HXp3mp+YnahPNfn2GHQbanr/9t3Xu//mb9Kq8uuzIh4vwM2Dv0ZBldj/0/71A6g95z/YXDp/zC49H8YXM36/6cN+VKP2gL0lvM/DK61+n/P3kYCes75HwaX/g8Dqd278cnNv/Iv0d9ELN/+KtI7ItLblRjpoINs6MSNx4oh4wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAu9H8AAAD//xjg70M=") chdir(&(0x7f0000000000)='./file0\x00') open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) 1.714271803s ago: executing program 2 (id=770): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1020, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x6, {0x6, 0x0, "1a020018"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.554972968s ago: executing program 4 (id=771): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1.365255845s ago: executing program 4 (id=772): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff75257078bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661962239c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e6fff4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be3cdda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f00000000008000000000000000000000000040000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000002900)=r1, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) sendto$inet6(r2, &(0x7f0000000280)="060350031603480301020200c52cf7c25975e010b02f0800eb2b2ff0dac8897c6b118777faffffff3066100cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x802, 0x0, 0x2f) 736.450553ms ago: executing program 4 (id=773): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0) getsockopt$inet_mreqn(r2, 0x0, 0x21, 0x0, &(0x7f0000005480)) 727.693994ms ago: executing program 0 (id=776): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r4}, 0x10) ioctl$sock_bt_hci(r0, 0x800448d2, 0x0) 668.190499ms ago: executing program 0 (id=777): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ff00ff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x4bdb, &(0x7f0000000100)={0x0, 0x0, 0x400}, &(0x7f0000000000), &(0x7f0000000000)) r2 = socket$inet_tcp(0x2, 0x1, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f00000003c0)=[r2], 0x1) r3 = dup2(r1, r2) io_uring_register$IORING_UNREGISTER_FILES(r3, 0x3, 0x0, 0x0) 565.148738ms ago: executing program 0 (id=778): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x27b8, 0x1ed, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "efb9ce47"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x0}) 524.871932ms ago: executing program 4 (id=779): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x400c620e, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0x0, "6e3565c0"}, @main=@item_012={0x1, 0x0, 0xb, 'i'}]}}, 0x0}, 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGFEATURE(r1, 0xc0404807, 0x0) 187.565993ms ago: executing program 3 (id=783): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 137.738938ms ago: executing program 3 (id=784): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) time(0x0) 114.31161ms ago: executing program 3 (id=785): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8c18cffb703000008000000b704000000000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000e00)={{r3}, &(0x7f0000000d80), &(0x7f0000000dc0)=r4}, 0x20) 111.3736ms ago: executing program 1 (id=775): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000ffff0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x3, 0x0, 0x4, 0x5, 0x0, 0x1, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) 92.193941ms ago: executing program 1 (id=786): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r3, &(0x7f0000001b40)={0x0, 0x0, 0x0}, 0x0) 81.700052ms ago: executing program 3 (id=787): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, &(0x7f00000003c0)='\t', 0x1, 0x11, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 64.880924ms ago: executing program 3 (id=788): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000040)='mm_lru_insertion\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000280)='mm_lru_insertion\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0x43451) 58.224094ms ago: executing program 1 (id=789): r0 = socket(0x11, 0x800000003, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x28, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x80, 0x8f}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$VHOST_VDPA_GET_CONFIG(0xffffffffffffffff, 0x8008af73, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x28, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r4, 0x80, 0x8f}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}}, 0x0) 44.555356ms ago: executing program 1 (id=790): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8000, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 35.788127ms ago: executing program 3 (id=791): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x1b) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@inlinecrypt}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@max_batch_time}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) 11.615819ms ago: executing program 1 (id=792): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 0s ago: executing program 1 (id=793): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) write$uinput_user_dev(r2, &(0x7f0000000200)={'syz0\x00', {}, 0x2}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = syz_open_dev$evdev(&(0x7f0000000700), 0x3, 0x0) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000040)) close_range(r1, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): ting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 44.618247][ T390] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 44.627459][ T390] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 44.639630][ T390] usb 4-1: SerialNumber: syz [ 44.646151][ T1269] EXT4-fs warning (device sda1): ext4_resize_fs:1981: can't read last block, resize aborted [ 44.668979][ T1241] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 44.758268][ T292] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.769170][ T292] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.778797][ T292] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 44.787706][ T292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.796375][ T292] usb 2-1: config 0 descriptor?? [ 44.889979][ T1241] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 45.009385][ T57] lenovo 0003:17EF:6009.000C: unknown main item tag 0x0 [ 45.016207][ T57] lenovo 0003:17EF:6009.000C: global environment stack underflow [ 45.034137][ T57] lenovo 0003:17EF:6009.000C: item 0 1 1 11 parsing failed [ 45.052292][ T1267] loop4: detected capacity change from 0 to 131072 [ 45.059065][ T57] lenovo 0003:17EF:6009.000C: hid_parse failed [ 45.065069][ T57] lenovo: probe of 0003:17EF:6009.000C failed with error -22 [ 45.175669][ T1267] F2FS-fs (loop4): Found nat_bits in checkpoint [ 45.211244][ T39] usb 3-1: USB disconnect, device number 5 [ 45.229397][ T1267] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 45.256289][ T1267] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 45.279855][ T292] lg-g15 0003:046D:C222.000D: unknown main item tag 0x0 [ 45.286686][ T292] lg-g15 0003:046D:C222.000D: unknown main item tag 0x0 [ 45.303833][ T292] lg-g15 0003:046D:C222.000D: unknown main item tag 0x0 [ 45.318242][ T292] lg-g15 0003:046D:C222.000D: unknown main item tag 0x0 [ 45.325333][ T292] lg-g15 0003:046D:C222.000D: unknown main item tag 0x0 [ 45.332765][ T292] lg-g15 0003:046D:C222.000D: unknown main item tag 0x0 [ 45.348881][ T292] lg-g15 0003:046D:C222.000D: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.1-1/input0 [ 45.355155][ T390] cdc_ether 4-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.3-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 45.403605][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 45.403621][ T30] audit: type=1400 audit(1726773844.226:404): avc: denied { read } for pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 45.483075][ T292] usb 2-1: USB disconnect, device number 5 [ 45.524294][ T1289] device syzkaller0 entered promiscuous mode [ 45.569235][ T6] usb 4-1: USB disconnect, device number 5 [ 45.575505][ T6] cdc_ether 4-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.3-1, Mobile Broadband Network Device [ 45.633452][ T1300] bpf_get_probe_write_proto: 2 callbacks suppressed [ 45.633473][ T1300] syz.0.356[1300] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.641055][ T1300] syz.0.356[1300] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.665178][ T1300] loop0: detected capacity change from 0 to 512 [ 45.688094][ T1302] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 45.713855][ T1300] EXT4-fs (loop0): Ignoring removed orlov option [ 45.743982][ T1300] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 45.761153][ T1300] EXT4-fs error (device loop0): dx_probe:822: inode #2: comm syz.0.356: Attempting to read directory block (0) that is past i_size (256) [ 45.775892][ T1300] EXT4-fs (loop0): Remounting filesystem read-only [ 45.784742][ T1300] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 45.794096][ T1300] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,orlov,nogrpid,init_itable,dioread_nolock,grpjquota=.oldalloc,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 45.813592][ T30] audit: type=1400 audit(1726773844.636:405): avc: denied { mount } for pid=1298 comm="syz.0.356" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 45.834456][ T1300] EXT4-fs (loop0): shut down requested (2) [ 45.841090][ T30] audit: type=1400 audit(1726773844.666:406): avc: denied { remount } for pid=1298 comm="syz.0.356" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 45.841365][ T1300] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 45.884270][ T30] audit: type=1400 audit(1726773844.706:407): avc: denied { unmount } for pid=1008 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 46.398196][ T316] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 46.479681][ T1332] loop2: detected capacity change from 0 to 131072 [ 46.532910][ T1332] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (6747996280161764837, 6747996279205463525) [ 46.565461][ T1332] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 46.752322][ T1361] loop3: detected capacity change from 0 to 256 [ 46.808310][ T316] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12592, setting to 1024 [ 46.826559][ T316] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 46.837989][ T790] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 46.847103][ T316] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 46.860826][ T790] FAT-fs (loop3): Filesystem has been set read-only [ 46.873813][ T790] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 46.897274][ T1370] process 'syz.2.374' launched './file1' with NULL argv: empty string added [ 46.906409][ T30] audit: type=1400 audit(1726773845.726:408): avc: denied { execute_no_trans } for pid=1369 comm="syz.2.374" path="/14/file1" dev="tmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 46.963272][ T1372] loop2: detected capacity change from 0 to 1024 [ 46.978455][ T316] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 46.987433][ T316] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 46.995212][ T316] usb 2-1: SerialNumber: syz [ 47.013551][ T1372] EXT4-fs (loop2): test_dummy_encryption requires encrypt feature [ 47.021527][ T1341] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 47.098276][ T292] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 47.110896][ T1375] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.120045][ T1375] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.127499][ T1375] device bridge_slave_0 entered promiscuous mode [ 47.134710][ T1375] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.141922][ T1375] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.149638][ T1375] device bridge_slave_1 entered promiscuous mode [ 47.159291][ T1380] loop2: detected capacity change from 0 to 512 [ 47.208660][ T1375] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.215786][ T1375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.223103][ T1375] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.230550][ T1375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.239395][ T1341] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 47.240796][ T1380] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #16: comm syz.2.381: iget: bad extended attribute block 128 [ 47.261361][ T1380] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.381: couldn't read orphan inode 16 (err -117) [ 47.273790][ T1380] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 47.274303][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.284868][ T1380] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038 (0x7fffffff) [ 47.301458][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.309881][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.324065][ T1380] EXT4-fs error (device loop2): ext4_lookup:1855: inode #16: comm syz.2.381: iget: bad extended attribute block 128 [ 47.338603][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.346971][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.353891][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.361292][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.369555][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.376476][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.395003][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.402827][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.415949][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.437047][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.445886][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.454256][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.463288][ T1375] device veth0_vlan entered promiscuous mode [ 47.486726][ T1375] device veth1_macvtap entered promiscuous mode [ 47.495283][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.503550][ T292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.516559][ T292] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.524839][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.527081][ T292] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 47.544292][ T292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.554324][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.563680][ T292] usb 1-1: config 0 descriptor?? [ 47.700158][ T316] cdc_ether 2-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.1-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 47.718263][ T315] Bluetooth: hci0: command 0x1003 tx timeout [ 47.724167][ T394] Bluetooth: hci0: sending frame failed (-49) [ 47.889128][ T20] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 47.902669][ T57] usb 2-1: USB disconnect, device number 6 [ 47.915528][ T57] cdc_ether 2-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.1-1, Mobile Broadband Network Device [ 47.940892][ T1406] loop2: detected capacity change from 0 to 512 [ 47.971126][ T1406] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.383: bg 0: block 248: padding at end of block bitmap is not set [ 47.990704][ T1406] Quota error (device loop2): write_blk: dquota write failed [ 47.999902][ T1406] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 48.012895][ T1406] EXT4-fs error (device loop2): ext4_acquire_dquot:6187: comm syz.2.383: Failed to acquire dquot type 1 [ 48.024363][ T1366] UDC core: couldn't find an available UDC or it's busy: -16 [ 48.033815][ T1366] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 48.042040][ T1406] EXT4-fs (loop2): 1 truncate cleaned up [ 48.047675][ T1406] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,nodelalloc,abort,noload,noload,,errors=continue. Quota mode: writeback. [ 48.068074][ T292] hid (null): bogus close delimiter [ 48.068104][ T1406] ext4 filesystem being mounted at /18/bus supports timestamps until 2038 (0x7fffffff) [ 48.087984][ T1406] EXT4-fs error (device loop2): ext4_remount:5845: comm syz.2.383: Abort forced by user [ 48.098299][ T1406] EXT4-fs (loop2): Remounting filesystem read-only [ 48.105348][ T1406] syz.2.383 (1406) used greatest stack depth: 19624 bytes left [ 48.128276][ T20] usb 4-1: Using ep0 maxpacket: 16 [ 48.171258][ T1426] loop2: detected capacity change from 0 to 2048 [ 48.258319][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 48.260408][ T1426] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 48.269406][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.289340][ T292] usb 1-1: language id specifier not provided by device, defaulting to English [ 48.298284][ T20] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 48.311153][ T20] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 48.320123][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.333041][ T20] usb 4-1: config 0 descriptor?? [ 48.455991][ T30] audit: type=1326 audit(1726773847.276:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.1.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e92890ef9 code=0x7ffc0000 [ 48.480221][ T30] audit: type=1326 audit(1726773847.276:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.1.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f5e9288f797 code=0x7ffc0000 [ 48.506971][ T30] audit: type=1326 audit(1726773847.276:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1432 comm="syz.1.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e92890ef9 code=0x7ffc0000 [ 48.553373][ T1437] loop1: detected capacity change from 0 to 1024 [ 48.639172][ T1437] EXT4-fs (loop1): Ignoring removed orlov option [ 48.649328][ T1437] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 48.658296][ T1437] System zones: 0-1, 3-12 [ 48.662885][ T1437] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,abort,barrier=0x0000000000000001,orlov,debug_want_extra_isize=0x0000000000000080,nouid32,sysvgroups,grpjquota=,debug,,errors=continue. Quota mode: none. [ 48.699154][ T1437] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2739: inode #14: comm syz.1.389: corrupted in-inode xattr [ 48.761936][ T292] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000E/input/input8 [ 48.776113][ T292] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000E/input/input9 [ 48.790311][ T292] uclogic 0003:256C:006D.000E: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 48.805791][ T20] koneplus 0003:1E7D:2E22.000F: unknown main item tag 0x0 [ 48.820186][ T20] koneplus 0003:1E7D:2E22.000F: hidraw1: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.3-1/input0 [ 48.961195][ T57] usb 1-1: USB disconnect, device number 3 [ 49.210617][ T20] usb 4-1: USB disconnect, device number 6 [ 49.738873][ T20] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 49.788323][ T315] Bluetooth: hci0: command 0x1001 tx timeout [ 49.794361][ T394] Bluetooth: hci0: sending frame failed (-49) [ 49.988298][ T20] usb 1-1: Using ep0 maxpacket: 8 [ 50.109305][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.120317][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.129830][ T20] usb 1-1: New USB device found, idVendor=056a, idProduct=0303, bcdDevice= 0.00 [ 50.138644][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.147072][ T20] usb 1-1: config 0 descriptor?? [ 50.189175][ T20] usbhid 1-1:0.0: can't add hid device: -22 [ 50.195110][ T20] usbhid: probe of 1-1:0.0 failed with error -22 [ 50.394370][ T20] usb 1-1: USB disconnect, device number 4 [ 51.868367][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 55.595881][ T1457] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.603654][ T1457] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.621510][ T1457] device bridge_slave_0 entered promiscuous mode [ 55.634537][ T1457] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.641865][ T1457] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.650213][ T1457] device bridge_slave_1 entered promiscuous mode [ 55.705874][ T1457] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.713055][ T1457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.720258][ T1457] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.727199][ T1457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.750671][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.758512][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.765931][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.773637][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.789954][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.798371][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.805528][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.805823][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.821994][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.829010][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.836364][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.850001][ T390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.867991][ T1457] device veth0_vlan entered promiscuous mode [ 55.876035][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.886156][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.894395][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.902042][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.915176][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.925044][ T1457] device veth1_macvtap entered promiscuous mode [ 55.935871][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.950960][ T390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.073062][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 56.073079][ T30] audit: type=1326 audit(1726773854.896:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.125552][ T30] audit: type=1326 audit(1726773854.896:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.152827][ T30] audit: type=1326 audit(1726773854.896:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.185244][ T30] audit: type=1326 audit(1726773854.896:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.241986][ T30] audit: type=1326 audit(1726773854.896:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.279076][ T30] audit: type=1326 audit(1726773854.896:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.304051][ T30] audit: type=1326 audit(1726773854.896:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.338227][ T57] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 56.338381][ T30] audit: type=1326 audit(1726773854.896:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1474 comm="syz.3.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2da3cc7ef9 code=0x7ffc0000 [ 56.385777][ T30] audit: type=1326 audit(1726773855.096:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1487 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 56.410187][ T30] audit: type=1326 audit(1726773855.096:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1487 comm="syz.2.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 56.453725][ T1491] loop2: detected capacity change from 0 to 128 [ 56.544493][ T446] device bridge_slave_1 left promiscuous mode [ 56.556239][ T1491] attempt to access beyond end of device [ 56.556239][ T1491] loop2: rw=0, want=241, limit=128 [ 56.558304][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.581064][ T446] device bridge_slave_0 left promiscuous mode [ 56.581365][ T8] attempt to access beyond end of device [ 56.581365][ T8] loop2: rw=1, want=1041, limit=128 [ 56.587055][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.608880][ T446] device veth1_macvtap left promiscuous mode [ 56.679095][ T1493] loop2: detected capacity change from 0 to 1024 [ 56.728867][ T1493] EXT4-fs (loop2): Ignoring removed bh option [ 56.739876][ T1493] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c118, mo2=0002] [ 56.748538][ T1493] System zones: 0-1, 3-12 [ 56.754373][ T1493] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,nobarrier,barrier=0x0000000000000000,norecovery,bh,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none. [ 56.808671][ T57] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12592, setting to 1024 [ 56.825398][ T57] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 56.835348][ T57] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 56.847260][ T1501] loop2: detected capacity change from 0 to 128 [ 56.928274][ T57] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 56.937706][ T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 56.946237][ T57] usb 1-1: SerialNumber: syz [ 56.952274][ T1501] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none. [ 56.965676][ T1501] ext4 filesystem being mounted at /29/mnt supports timestamps until 2038 (0x7fffffff) [ 56.978249][ T1472] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 57.209088][ T1472] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 57.217510][ T1515] loop2: detected capacity change from 0 to 128 [ 57.292999][ T1515] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none. [ 57.305812][ T1515] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038 (0x7fffffff) [ 57.421384][ T1523] device syzkaller0 entered promiscuous mode [ 57.670254][ T57] cdc_ether 1-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.0-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 57.872418][ T39] usb 1-1: USB disconnect, device number 5 [ 57.881196][ T39] cdc_ether 1-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.0-1, Mobile Broadband Network Device [ 57.983279][ T1556] fuse: Unknown parameter '0xffffffffffffffff' [ 58.411187][ T1576] loop0: detected capacity change from 0 to 512 [ 58.469244][ T1576] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 58.500353][ T1576] EXT4-fs (loop0): 1 truncate cleaned up [ 58.507109][ T1576] EXT4-fs (loop0): mounted filesystem without journal. Opts: auto_da_alloc,nobarrier,debug_want_extra_isize=0x0000000000000068,nodelalloc,sb=0x0000000000000003,max_batch_time=0x0000000000000007,,errors=continue. Quota mode: none. [ 58.538488][ T1579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.427'. [ 58.752431][ T1589] loop3: detected capacity change from 0 to 4096 [ 58.811220][ T1589] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 58.968183][ T316] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 58.985425][ T1595] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 58.996476][ T1604] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 59.007494][ T1595] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 59.083053][ T1598] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.094583][ T1598] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.102447][ T1598] device bridge_slave_0 entered promiscuous mode [ 59.109599][ T1615] tipc: Started in network mode [ 59.114470][ T1615] tipc: Node identity ac1414aa, cluster identity 4711 [ 59.122284][ T1615] tipc: New replicast peer: 100.1.1.1 [ 59.127854][ T1615] tipc: Enabled bearer , priority 10 [ 59.138243][ T1598] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.145673][ T1598] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.153712][ T1598] device bridge_slave_1 entered promiscuous mode [ 59.218178][ T316] usb 1-1: Using ep0 maxpacket: 16 [ 59.226547][ T1627] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.233607][ T1627] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.251721][ T1627] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.258646][ T1627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.265745][ T1627] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.272516][ T1627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.280002][ T1627] device bridge0 entered promiscuous mode [ 59.343685][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.354624][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.362678][ T316] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 59.373204][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.380104][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.387715][ T316] usb 1-1: config 0 has no interfaces? [ 59.395214][ T1631] loop3: detected capacity change from 0 to 2048 [ 59.408608][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.419985][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.430576][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.437536][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.447246][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.459891][ T1631] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 59.474627][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.491152][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.508692][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.517215][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.524711][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.533509][ T1598] device veth0_vlan entered promiscuous mode [ 59.545220][ T1598] device veth1_macvtap entered promiscuous mode [ 59.551506][ T316] usb 1-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f [ 59.568627][ T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.577199][ T316] usb 1-1: Product: syz [ 59.582219][ T316] usb 1-1: Manufacturer: syz [ 59.587083][ T316] usb 1-1: SerialNumber: syz [ 59.593862][ T316] usb 1-1: config 0 descriptor?? [ 59.601028][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.610346][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.620240][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.841760][ T446] device bridge_slave_1 left promiscuous mode [ 59.972396][ T26] usb 1-1: USB disconnect, device number 6 [ 60.165920][ T310] tipc: Node number set to 2886997162 [ 60.214053][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.317351][ T446] device bridge_slave_0 left promiscuous mode [ 60.363315][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.458463][ T446] device veth1_macvtap left promiscuous mode [ 60.473378][ T446] device veth0_vlan left promiscuous mode [ 60.482283][ T1650] loop3: detected capacity change from 0 to 512 [ 60.483987][ T1645] incfs_lookup_dentry err:-14 [ 60.494349][ T1645] incfs: Can't find or create .incomplete dir in ./file0 [ 60.503288][ T1645] incfs: mount failed -14 [ 60.571847][ T1650] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.454: bg 0: block 393: padding at end of block bitmap is not set [ 60.587547][ T1650] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6186: Corrupt filesystem [ 60.596913][ T1650] EXT4-fs (loop3): 2 truncates cleaned up [ 60.608217][ T1642] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 60.608447][ T1650] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 60.678667][ T1663] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=1663 comm=syz.2.459 [ 60.859816][ T1677] loop0: detected capacity change from 0 to 40427 [ 60.894674][ T1686] loop3: detected capacity change from 0 to 512 [ 60.902787][ T1677] F2FS-fs (loop0): invalid crc value [ 60.918942][ T1677] F2FS-fs (loop0): Found nat_bits in checkpoint [ 60.927944][ T1686] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none. [ 60.939434][ T310] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 60.964451][ T1375] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 1280 (level 0) [ 60.972480][ T1677] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1 [ 60.979031][ T1375] EXT4-fs error (device loop3): ext4_lookup:1855: inode #14: comm syz-executor: unexpected EA_INODE flag [ 60.984675][ T1642] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 60.996888][ T1375] EXT4-fs error (device loop3): ext4_lookup:1855: inode #14: comm syz-executor: unexpected EA_INODE flag [ 61.005324][ T1642] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.023886][ T26] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 61.033471][ T1677] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 61.036104][ T1642] usb 2-1: config 0 descriptor?? [ 61.067377][ T1008] attempt to access beyond end of device [ 61.067377][ T1008] loop0: rw=524288, want=45072, limit=40427 [ 61.080529][ T1008] attempt to access beyond end of device [ 61.080529][ T1008] loop0: rw=0, want=45072, limit=40427 [ 61.109936][ T8] attempt to access beyond end of device [ 61.109936][ T8] loop0: rw=2049, want=45120, limit=40427 [ 61.276346][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 61.276363][ T30] audit: type=1400 audit(1726773860.096:496): avc: denied { read } for pid=1693 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 61.304595][ T30] audit: type=1400 audit(1726773860.096:497): avc: denied { open } for pid=1693 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 61.338278][ T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.360673][ T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.371263][ T310] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 61.383678][ T1693] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.390947][ T1693] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.398181][ T310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.407396][ T1693] device bridge_slave_0 entered promiscuous mode [ 61.413780][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.429681][ T310] usb 5-1: config 0 descriptor?? [ 61.434581][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.435697][ T1693] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.451747][ T1693] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.458253][ T26] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 61.459911][ T1693] device bridge_slave_1 entered promiscuous mode [ 61.467815][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.476748][ T26] usb 3-1: config 0 descriptor?? [ 61.531940][ T1643] capability: warning: `syz.1.432' uses deprecated v2 capabilities in a way that may be insecure [ 61.596689][ T1698] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.603611][ T1698] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.611231][ T1698] device bridge_slave_0 entered promiscuous mode [ 61.620044][ T1698] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.627101][ T1698] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.635050][ T1698] device bridge_slave_1 entered promiscuous mode [ 61.683468][ T1693] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.690392][ T1693] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.697494][ T1693] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.704505][ T1693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.747934][ T1698] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.754962][ T1698] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.762466][ T1698] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.769413][ T1698] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.778801][ T446] device bridge_slave_1 left promiscuous mode [ 61.785064][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.793362][ T446] device bridge_slave_0 left promiscuous mode [ 61.799987][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.808446][ T446] device veth1_macvtap left promiscuous mode [ 61.814461][ T446] device veth0_vlan left promiscuous mode [ 61.908789][ T310] hid (null): bogus close delimiter [ 61.919146][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.927500][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.935983][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.945108][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.954802][ T26] isku 0003:1E7D:319C.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0 [ 61.984845][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.992287][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.005680][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.013762][ T1642] usb 2-1: Cannot set autoneg [ 62.019320][ T1642] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 62.029515][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.046986][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.058977][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.068267][ T1642] usb 2-1: USB disconnect, device number 7 [ 62.076980][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.085936][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.094309][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.101493][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.108799][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.116396][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.128262][ T310] usb 5-1: string descriptor 0 read error: -22 [ 62.134779][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.144098][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.153533][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.160708][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.168467][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.177847][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.186126][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.195208][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.206870][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.215715][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.225224][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.228473][ T26] isku 0003:1E7D:319C.0011: couldn't init struct isku_device [ 62.232461][ T322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.240315][ T26] isku 0003:1E7D:319C.0011: couldn't install keyboard [ 62.258892][ T26] isku: probe of 0003:1E7D:319C.0011 failed with error -5 [ 62.269994][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.277941][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.286198][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.295288][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.312791][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.321559][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.331176][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.339678][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.347954][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.355652][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.364807][ T1693] device veth0_vlan entered promiscuous mode [ 62.379392][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.388016][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.388344][ T310] uclogic 0003:256C:006D.0010: interface is invalid, ignoring [ 62.406160][ T1698] device veth0_vlan entered promiscuous mode [ 62.416070][ T1693] device veth1_macvtap entered promiscuous mode [ 62.424157][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 62.433681][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.442896][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.451642][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.459975][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.476619][ T1698] device veth1_macvtap entered promiscuous mode [ 62.484212][ T292] usb 3-1: USB disconnect, device number 6 [ 62.498851][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.506255][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.514800][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.522954][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.532096][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 62.539920][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.549880][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.558553][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.566797][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.575502][ T39] usb 5-1: USB disconnect, device number 6 [ 62.592402][ T446] tipc: Disabling bearer [ 62.598081][ T446] tipc: Left network mode [ 62.602019][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.611004][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.625368][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.633875][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.647419][ T30] audit: type=1400 audit(1726773861.466:498): avc: denied { append } for pid=1707 comm="syz.1.477" name="ppp" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 62.733800][ T1717] loop1: detected capacity change from 0 to 512 [ 62.779080][ T1717] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 62.790547][ T1717] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038 (0x7fffffff) [ 62.996521][ T30] audit: type=1326 audit(1726773861.816:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.030879][ T30] audit: type=1326 audit(1726773861.816:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.057114][ T30] audit: type=1326 audit(1726773861.846:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.077647][ T1734] syz.0.483[1734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.080631][ T1734] syz.0.483[1734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.082510][ T30] audit: type=1326 audit(1726773861.846:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.128163][ T30] audit: type=1326 audit(1726773861.846:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.154213][ T30] audit: type=1326 audit(1726773861.856:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.177729][ T30] audit: type=1326 audit(1726773861.856:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1729 comm="syz.2.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 63.201810][ T1736] input: syz0 as /devices/virtual/input/input10 [ 63.322362][ T1745] loop4: detected capacity change from 0 to 512 [ 63.379219][ T1745] EXT4-fs error (device loop4): __ext4_iget:4892: inode #11: block 1: comm syz.4.488: invalid block [ 63.398929][ T446] device bridge_slave_1 left promiscuous mode [ 63.408927][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.420694][ T1745] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.488: couldn't read orphan inode 11 (err -117) [ 63.432850][ T446] device bridge_slave_0 left promiscuous mode [ 63.448260][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.455511][ T1745] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,minixdf,max_dir_size_kb=0x0000000000000009,data_err=abort,grpquota,noinit_itable,inode_readahead_blks=0x0000000000400000,i_version,acl,,errors=continue. Quota mode: writeback. [ 63.481338][ T446] device veth0_vlan left promiscuous mode [ 63.517071][ T1751] loop2: detected capacity change from 0 to 256 [ 63.574638][ T1751] exFAT-fs (loop2): failed to load upcase table (idx : 0x00003798, chksum : 0xe8cdb6a2, utbl_chksum : 0xe619d30d) [ 63.634195][ T1745] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz.4.488: Invalid inode table block 4097309278 in block_group 0 [ 63.667469][ T1742] loop1: detected capacity change from 0 to 40427 [ 63.678619][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.689066][ T1457] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 4097309278 in block_group 0 [ 63.689231][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.726769][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.727600][ T1457] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 63.734178][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.752540][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.762164][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.769557][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.769640][ T1457] EXT4-fs error (device loop4): __ext4_unlink:3281: inode #2: comm syz-executor: mark_inode_dirty error [ 63.776825][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.795377][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.803848][ T1742] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 63.811115][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.818561][ T1742] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 63.826974][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.836095][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.843813][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.851493][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.860315][ T1742] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 63.871508][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.884403][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.899365][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.909153][ T1457] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 4097309278 in block_group 0 [ 63.916913][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.932456][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.940064][ T1457] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 63.940326][ T1742] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 63.956707][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.958206][ T1457] EXT4-fs error (device loop4): ext4_dirty_inode:6024: inode #2: comm syz-executor: mark_inode_dirty error [ 63.964174][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 63.982886][ T1742] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 63.995247][ T344] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm kworker/u4:3: Invalid inode table block 4097309278 in block_group 0 [ 64.010843][ T1742] attempt to access beyond end of device [ 64.010843][ T1742] loop1: rw=2049, want=53256, limit=40427 [ 64.022175][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.030782][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.041315][ T1742] attempt to access beyond end of device [ 64.041315][ T1742] loop1: rw=2049, want=53264, limit=40427 [ 64.053251][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.061719][ T1742] attempt to access beyond end of device [ 64.061719][ T1742] loop1: rw=2049, want=53328, limit=40427 [ 64.073296][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.080861][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.089298][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.101764][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.109542][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.116942][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.116954][ T1598] attempt to access beyond end of device [ 64.116954][ T1598] loop1: rw=2049, want=45104, limit=40427 [ 64.135800][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.143612][ T292] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 64.161775][ T292] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz0] on syz0 [ 64.353747][ T1773] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.361035][ T1773] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.369407][ T1773] device bridge_slave_0 entered promiscuous mode [ 64.385681][ T1773] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.393298][ T1773] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.401087][ T1773] device bridge_slave_1 entered promiscuous mode [ 64.461053][ T1773] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.467940][ T1773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.475194][ T1773] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.482063][ T1773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.489440][ T322] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 64.511218][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.519354][ T1640] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.526711][ T1640] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.539002][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.547356][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.554331][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.562345][ T39] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 64.579611][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.589091][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.596328][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.619012][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.626953][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.646621][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.665234][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.673768][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.683984][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.697322][ T1773] device veth0_vlan entered promiscuous mode [ 64.712661][ T1773] device veth1_macvtap entered promiscuous mode [ 64.722580][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.731862][ T446] device bridge_slave_1 left promiscuous mode [ 64.737906][ T446] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.745424][ T446] device bridge_slave_0 left promiscuous mode [ 64.751950][ T322] usb 1-1: Using ep0 maxpacket: 32 [ 64.757058][ T446] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.765383][ T446] device veth1_macvtap left promiscuous mode [ 64.771365][ T446] device veth0_vlan left promiscuous mode [ 64.808202][ T39] usb 2-1: Using ep0 maxpacket: 32 [ 64.888289][ T322] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.900182][ T322] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.911708][ T322] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 64.911730][ T1798] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.911933][ T1798] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.920868][ T322] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.926064][ T322] usb 1-1: config 0 descriptor?? [ 64.928622][ T39] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 64.939364][ T1799] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.946945][ T39] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.947575][ T1799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.982107][ T1799] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.989152][ T1799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.996930][ T1799] device bridge0 entered promiscuous mode [ 65.003541][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.012142][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.020736][ T322] hub 1-1:0.0: USB hub found [ 65.096083][ T1807] loop2: detected capacity change from 0 to 1024 [ 65.108744][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 65.117764][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.125808][ T39] usb 2-1: Product: syz [ 65.130260][ T39] usb 2-1: Manufacturer: syz [ 65.134684][ T39] usb 2-1: SerialNumber: syz [ 65.172406][ T1807] EXT4-fs (loop2): Ignoring removed bh option [ 65.190748][ T1807] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,errors=remount-ro,norecovery,debug_want_extra_isize=0x0000000000000080,bh,nodelalloc,usrquota,noauto_da_alloc,. Quota mode: writeback. [ 65.213376][ T1801] loop4: detected capacity change from 0 to 40427 [ 65.235758][ T1807] EXT4-fs error (device loop2): ext4_map_blocks:602: inode #18: block 115: comm syz.2.512: lblock 3 mapped to illegal pblock 115 (length 1) [ 65.250183][ T1807] EXT4-fs (loop2): Remounting filesystem read-only [ 65.264699][ T1801] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 65.272754][ T1801] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 65.285046][ T1801] F2FS-fs (loop4): invalid crc value [ 65.290430][ T322] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 65.293110][ T1801] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 65.310647][ T1801] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 65.331918][ T1801] F2FS-fs (loop4): recover fsync data on readonly fs [ 65.338917][ T1801] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30 [ 65.346405][ T1801] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 65.378786][ T1816] loop2: detected capacity change from 0 to 256 [ 65.598277][ T322] usbhid 1-1:0.0: can't add hid device: -71 [ 65.604129][ T322] usbhid: probe of 1-1:0.0 failed with error -71 [ 65.633174][ T1831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.519'. [ 65.642538][ T322] usb 1-1: USB disconnect, device number 7 [ 65.699514][ T1835] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 65.707384][ T1835] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 65.798188][ T310] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 66.038176][ T310] usb 4-1: Using ep0 maxpacket: 8 [ 66.044643][ T1850] loop4: detected capacity change from 0 to 40427 [ 66.070518][ T1859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.532'. [ 66.088580][ T1850] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 66.110426][ T1850] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 66.130535][ T1850] F2FS-fs (loop4): invalid crc value [ 66.137125][ T1850] F2FS-fs (loop4): Found nat_bits in checkpoint [ 66.158267][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.169477][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.186823][ T310] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 66.213711][ T310] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 66.229991][ T310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.240369][ T310] usb 4-1: config 0 descriptor?? [ 66.249372][ T1850] F2FS-fs (loop4): Start checkpoint disabled! [ 66.256746][ T1850] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 66.266275][ T39] cdc_ncm 2-1:1.0: bind() failure [ 66.272786][ T39] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 66.280652][ T1850] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 66.288233][ T39] cdc_ncm 2-1:1.1: bind() failure [ 66.314087][ T39] usb 2-1: USB disconnect, device number 8 [ 66.325320][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 66.325336][ T30] audit: type=1326 audit(1726773865.146:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 66.357946][ T1884] loop2: detected capacity change from 0 to 512 [ 66.367244][ T30] audit: type=1326 audit(1726773865.176:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6f494c1ef9 code=0x7ffc0000 [ 66.392753][ T30] audit: type=1326 audit(1726773865.176:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6f494c1f33 code=0x7ffc0000 [ 66.419368][ T30] audit: type=1326 audit(1726773865.176:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6f494c09df code=0x7ffc0000 [ 66.443268][ T30] audit: type=1326 audit(1726773865.176:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f6f494c1f87 code=0x7ffc0000 [ 66.480077][ T30] audit: type=1326 audit(1726773865.176:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f494c0890 code=0x7ffc0000 [ 66.490621][ T1888] overlayfs: statfs failed on './file0' [ 66.509222][ T30] audit: type=1326 audit(1726773865.176:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6f494c1afb code=0x7ffc0000 [ 66.511845][ T1884] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.541: Invalid inode bitmap blk 4 in block_group 0 [ 66.533030][ T30] audit: type=1326 audit(1726773865.226:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6f494c0b8a code=0x7ffc0000 [ 66.567966][ T30] audit: type=1326 audit(1726773865.226:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6f494c0b8a code=0x7ffc0000 [ 66.593809][ T30] audit: type=1326 audit(1726773865.276:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1882 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f6f494c0797 code=0x7ffc0000 [ 66.601853][ T10] attempt to access beyond end of device [ 66.601853][ T10] loop4: rw=2049, want=40968, limit=40427 [ 66.628835][ T1884] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,resuid=0x0000000000000000,data_err=abort,noload,nobarrier,lazytime,,errors=continue. Quota mode: none. [ 66.669286][ T1884] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.541: Invalid inode bitmap blk 4 in block_group 0 [ 66.683663][ T1884] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 66.729990][ T310] hid-steam 0003:28DE:1102.0013: unknown main item tag 0x0 [ 66.747843][ T310] hid-steam 0003:28DE:1102.0013: : USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0 [ 66.789254][ T310] hid-steam 0003:28DE:1102.0014: unknown main item tag 0x0 [ 66.807640][ T310] hid-steam 0003:28DE:1102.0014: hidraw0: USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0 [ 66.867988][ T1900] loop4: detected capacity change from 0 to 2048 [ 66.908788][ T310] hid-steam 0003:28DE:1102.0013: Steam Controller 'XXXXXXXXXX' connected [ 66.927963][ T310] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.0013/input/input11 [ 66.940520][ T1826] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.0013/input/input12 [ 66.975133][ T310] usb 4-1: USB disconnect, device number 7 [ 67.003985][ T310] hid-steam 0003:28DE:1102.0013: Steam Controller 'XXXXXXXXXX' disconnected [ 67.039394][ T1900] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.065114][ T1900] EXT4-fs (loop4): shut down requested (0) [ 67.338198][ T292] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 67.405786][ T1894] loop1: detected capacity change from 0 to 131072 [ 67.418405][ T26] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 67.482994][ T1918] loop3: detected capacity change from 0 to 512 [ 67.501176][ T1894] F2FS-fs (loop1): invalid crc value [ 67.510017][ T1894] F2FS-fs (loop1): Found nat_bits in checkpoint [ 67.539531][ T1918] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2802c018, mo2=0002] [ 67.547614][ T1918] System zones: 0-2, 18-18, 34-35 [ 67.553613][ T1894] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 67.554053][ T1918] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable,noinit_itable,debug,,errors=continue. Quota mode: writeback. [ 67.576657][ T1918] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038 (0x7fffffff) [ 67.580274][ T1894] F2FS-fs (loop1): Corrupted max_depth of 3: 16842753 [ 67.586666][ T310] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 67.618212][ T292] usb 3-1: Using ep0 maxpacket: 16 [ 67.630416][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 67.651783][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 67.673029][ T26] usb 5-1: Using ep0 maxpacket: 8 [ 67.675591][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 67.699853][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 67.723141][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 67.746708][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 67.768258][ T1693] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /12/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 67.789462][ T1693] EXT4-fs error (device loop3): ext4_map_blocks:602: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 67.798414][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.815183][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.818284][ T292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.825252][ T26] usb 5-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 67.844748][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.854334][ T292] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 67.858833][ T26] usb 5-1: config 0 descriptor?? [ 67.878564][ T292] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 67.887558][ T292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.899996][ T292] usb 3-1: config 0 descriptor?? [ 67.934609][ T1926] device pim6reg1 entered promiscuous mode [ 67.988295][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.999350][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.009149][ T310] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 68.018037][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.038535][ T310] usb 1-1: config 0 descriptor?? [ 68.092580][ T1928] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.099951][ T1928] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.107351][ T1928] device bridge_slave_0 entered promiscuous mode [ 68.117670][ T1928] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.124716][ T1928] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.132177][ T1928] device bridge_slave_1 entered promiscuous mode [ 68.218033][ T1928] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.225103][ T1928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.232301][ T1928] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.239317][ T1928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.274772][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.283954][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.292016][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.314610][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.323629][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.330524][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.342895][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.350402][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.352845][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.361966][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.365753][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.373399][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.387867][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.395389][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.402970][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.411896][ T26] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0 [ 68.418321][ T292] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0016/input/input13 [ 68.432287][ T26] playstation 0003:054C:0CE6.0015: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.4-1/input0 [ 68.445035][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.453118][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.469720][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.484767][ T1928] device veth0_vlan entered promiscuous mode [ 68.492731][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.502069][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.510401][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.520542][ T8] device bridge_slave_1 left promiscuous mode [ 68.526599][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.534519][ T8] device bridge_slave_0 left promiscuous mode [ 68.541110][ T292] microsoft 0003:045E:07DA.0016: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 68.542044][ T310] lg-g15 0003:046D:C222.0017: unknown main item tag 0x0 [ 68.559712][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.568945][ T310] lg-g15 0003:046D:C222.0017: hidraw2: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.0-1/input0 [ 68.584348][ T8] device veth1_macvtap left promiscuous mode [ 68.588453][ T26] playstation 0003:054C:0CE6.0015: Invalid byte count transferred, expected 20 got 0 [ 68.590764][ T8] device veth0_vlan left promiscuous mode [ 68.599905][ T26] playstation 0003:054C:0CE6.0015: Failed to retrieve DualSense pairing info: -22 [ 68.614434][ T26] playstation 0003:054C:0CE6.0015: Failed to get MAC address from DualSense [ 68.623172][ T26] playstation 0003:054C:0CE6.0015: Failed to create dualsense. [ 68.630617][ T39] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 68.639891][ T26] playstation: probe of 0003:054C:0CE6.0015 failed with error -22 [ 68.716653][ T1928] device veth1_macvtap entered promiscuous mode [ 68.723530][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.738606][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.747004][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.780331][ T26] usb 1-1: USB disconnect, device number 8 [ 68.809981][ T316] usb 5-1: USB disconnect, device number 7 [ 68.817085][ T292] usb 3-1: USB disconnect, device number 7 [ 68.988432][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.000084][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.010303][ T39] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 69.019955][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.029220][ T39] usb 2-1: config 0 descriptor?? [ 69.381838][ T1955] loop3: detected capacity change from 0 to 512 [ 69.425736][ T1955] EXT4-fs error (device loop3): ext4_acquire_dquot:6187: comm syz.3.565: Failed to acquire dquot type 1 [ 69.437742][ T1955] EXT4-fs (loop3): 1 truncate cleaned up [ 69.443889][ T1955] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 69.455765][ T1955] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038 (0x7fffffff) [ 69.508670][ T39] hid (null): bogus close delimiter [ 69.628531][ T57] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 69.638623][ T1968] loop3: detected capacity change from 0 to 1024 [ 69.721167][ T1968] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c119, mo2=0002] [ 69.729656][ T1968] System zones: 0-1, 3-12 [ 69.730649][ T39] usb 2-1: language id specifier not provided by device, defaulting to English [ 69.734489][ T1968] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,barrier=0xfffffffffffffff8,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,nombcache,nodelalloc,acl,debug,,errors=continue. Quota mode: none. [ 69.888498][ T57] usb 3-1: Using ep0 maxpacket: 16 [ 70.018277][ T57] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.030722][ T57] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.043287][ T57] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 70.056808][ T57] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 70.068247][ T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.084231][ T57] usb 3-1: config 0 descriptor?? [ 70.198353][ T39] uclogic 0003:256C:006D.0018: interface is invalid, ignoring [ 70.401331][ T39] usb 2-1: USB disconnect, device number 9 [ 70.569486][ T57] koneplus 0003:1E7D:2E22.0019: unknown main item tag 0x0 [ 70.583525][ T57] koneplus 0003:1E7D:2E22.0019: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input0 [ 70.668452][ T1640] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 70.938181][ T1640] usb 1-1: Using ep0 maxpacket: 32 [ 71.002284][ T316] usb 3-1: USB disconnect, device number 8 [ 71.078376][ T1640] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.092474][ T1640] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.113710][ T1640] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 71.128307][ T1640] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.144105][ T1640] usb 1-1: config 0 descriptor?? [ 71.188915][ T1640] hub 1-1:0.0: USB hub found [ 71.350603][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 71.350624][ T30] audit: type=1326 audit(1726773870.176:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.401195][ T30] audit: type=1326 audit(1726773870.176:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.428266][ T1640] hub 1-1:0.0: 1 port detected [ 71.452507][ T30] audit: type=1326 audit(1726773870.206:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.498593][ T30] audit: type=1326 audit(1726773870.216:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.538235][ T30] audit: type=1326 audit(1726773870.226:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.562402][ T30] audit: type=1326 audit(1726773870.226:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.599504][ T30] audit: type=1326 audit(1726773870.226:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.635572][ T30] audit: type=1326 audit(1726773870.226:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.670133][ T30] audit: type=1326 audit(1726773870.226:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.710071][ T30] audit: type=1326 audit(1726773870.226:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2008 comm="syz.1.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fc7654ef9 code=0x7ffc0000 [ 71.767503][ T2023] input: syz0 as /devices/virtual/input/input14 [ 71.928463][ T2018] loop2: detected capacity change from 0 to 40427 [ 72.012642][ T2018] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 72.020740][ T2018] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 72.039419][ T2018] F2FS-fs (loop2): invalid crc value [ 72.059045][ T2018] F2FS-fs (loop2): Found nat_bits in checkpoint [ 72.098234][ T1640] hub 1-1:0.0: activate --> -90 [ 72.141370][ T2018] F2FS-fs (loop2): Start checkpoint disabled! [ 72.158653][ T2018] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 72.165603][ T2018] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 72.455941][ T45] attempt to access beyond end of device [ 72.455941][ T45] loop2: rw=2049, want=40968, limit=40427 [ 72.610533][ T2029] loop3: detected capacity change from 0 to 40427 [ 72.627816][ T2029] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 72.637042][ T2029] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 72.664179][ T2029] F2FS-fs (loop3): invalid crc value [ 72.671790][ T2029] F2FS-fs (loop3): Found nat_bits in checkpoint [ 72.729979][ T57] usb 1-1: USB disconnect, device number 9 [ 72.738304][ T1640] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 72.750980][ T2029] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 72.761336][ T2029] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 72.804722][ T2029] attempt to access beyond end of device [ 72.804722][ T2029] loop3: rw=2049, want=77960, limit=40427 [ 72.828935][ T10] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 72.838318][ T10] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 73.277285][ T2071] input: syz0 as /devices/virtual/input/input15 [ 73.348241][ T57] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 73.508233][ T316] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 73.598268][ T57] usb 4-1: Using ep0 maxpacket: 16 [ 73.718276][ T57] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.738650][ T57] usb 4-1: config 0 has no interfaces? [ 73.881814][ T2092] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 73.889044][ T2092] IPv6: NLM_F_CREATE should be set when creating new route [ 73.898361][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 73.898369][ T57] usb 4-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f [ 73.898399][ T57] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.911024][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 73.918456][ T57] usb 4-1: Product: syz [ 73.925954][ T316] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 73.935954][ T57] usb 4-1: Manufacturer: syz [ 73.939445][ T316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.954009][ T57] usb 4-1: SerialNumber: syz [ 73.976238][ T316] usb 5-1: config 0 descriptor?? [ 73.983978][ T57] usb 4-1: config 0 descriptor?? [ 74.216947][ T2106] loop2: detected capacity change from 0 to 512 [ 74.321366][ T2106] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 74.340762][ T57] usb 4-1: USB disconnect, device number 8 [ 74.371337][ T2106] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038 (0x7fffffff) [ 74.459671][ T316] hid-led 0003:1D34:000A.001A: unknown main item tag 0x0 [ 74.469218][ T316] hid-led 0003:1D34:000A.001A: unknown main item tag 0x0 [ 74.476130][ T316] hid-led 0003:1D34:000A.001A: unknown main item tag 0x0 [ 74.477705][ T2106] syz.2.623 (2106) used greatest stack depth: 19472 bytes left [ 74.483344][ T316] hid-led 0003:1D34:000A.001A: unknown main item tag 0x0 [ 74.497774][ T316] hid-led 0003:1D34:000A.001A: unknown main item tag 0x0 [ 74.562925][ T2122] loop2: detected capacity change from 0 to 1024 [ 74.639086][ T2122] EXT4-fs error (device loop2): ext4_fill_super:4831: inode #2: comm syz.2.627: casefold flag without casefold feature [ 74.652134][ T2122] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 74.662723][ T2122] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 74.682677][ T316] hid-led 0003:1D34:000A.001A: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0 [ 74.699873][ T316] hid-led 0003:1D34:000A.001A: Dream Cheeky Webmail Notifier initialized [ 74.891729][ T1642] usb 5-1: USB disconnect, device number 8 [ 75.028172][ T322] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 75.228210][ T1640] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 75.408308][ T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.419266][ T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.439036][ T2154] loop0: detected capacity change from 0 to 2048 [ 75.445400][ T322] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 75.456461][ T322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.474894][ T322] usb 2-1: config 0 descriptor?? [ 75.551834][ T2154] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 75.598314][ T1640] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 75.619120][ T1640] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 75.620417][ T2154] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 75.646899][ T1640] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 75.680946][ T1640] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 75.702551][ T1640] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.707430][ T2154] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 75.726817][ T2154] EXT4-fs (loop0): This should not happen!! Data will be lost [ 75.726817][ T2154] [ 75.732877][ T1640] usb 4-1: config 0 descriptor?? [ 75.736456][ T2154] EXT4-fs (loop0): Total free blocks count 0 [ 75.748584][ T2154] EXT4-fs (loop0): Free/Dirty block details [ 75.754325][ T2154] EXT4-fs (loop0): free_blocks=2415919104 [ 75.768239][ T2154] EXT4-fs (loop0): dirty_blocks=16 [ 75.773473][ T2154] EXT4-fs (loop0): Block reservation details [ 75.779781][ T2154] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 75.788319][ T2142] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 75.813743][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 75.836064][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 75.836064][ T10] [ 75.843579][ T2156] loop4: detected capacity change from 0 to 40427 [ 75.866638][ T2163] loop2: detected capacity change from 0 to 4096 [ 75.873841][ T2156] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 75.881747][ T2156] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 75.890849][ T2156] F2FS-fs (loop4): invalid crc value [ 75.897627][ T2156] F2FS-fs (loop4): Found nat_bits in checkpoint [ 75.908892][ T2168] loop0: detected capacity change from 0 to 2048 [ 75.934123][ T2163] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 75.939797][ T2156] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 75.952135][ T322] hid (null): bogus close delimiter [ 75.958316][ T2156] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 75.992661][ T2168] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 75.995538][ T2156] attempt to access beyond end of device [ 75.995538][ T2156] loop4: rw=2049, want=77960, limit=40427 [ 76.028458][ T45] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 76.029843][ T2168] EXT4-fs (loop0): shut down requested (0) [ 76.037984][ T45] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 76.158321][ T322] usb 2-1: string descriptor 0 read error: -22 [ 76.271992][ T2181] loop4: detected capacity change from 0 to 128 [ 76.287399][ T2176] loop2: detected capacity change from 0 to 40427 [ 76.319431][ T1640] plantronics 0003:047F:FFFF.001C: unknown main item tag 0xd [ 76.328800][ T1640] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 76.329644][ T2181] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 76.338037][ T1640] plantronics 0003:047F:FFFF.001C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 76.348644][ T2176] F2FS-fs (loop2): invalid crc value [ 76.366033][ T2181] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 76.408384][ T2176] F2FS-fs (loop2): Found nat_bits in checkpoint [ 76.418463][ T322] uclogic 0003:256C:006D.001B: interface is invalid, ignoring [ 76.449550][ T2176] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 76.478800][ T30] kauditd_printk_skb: 61 callbacks suppressed [ 76.478818][ T30] audit: type=1400 audit(1726773875.306:660): avc: denied { unlink } for pid=2175 comm="syz.2.647" name="file1" dev="overlay" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.507661][ T30] audit: type=1400 audit(1726773875.306:661): avc: denied { read } for pid=2175 comm="syz.2.647" name="file1" dev="loop2" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.509099][ T1212] attempt to access beyond end of device [ 76.509099][ T1212] loop2: rw=524288, want=45072, limit=40427 [ 76.531914][ T30] audit: type=1400 audit(1726773875.306:662): avc: denied { setattr } for pid=2175 comm="syz.2.647" name="#29" dev="loop2" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.547112][ T1212] attempt to access beyond end of device [ 76.547112][ T1212] loop2: rw=0, want=45072, limit=40427 [ 76.565301][ T30] audit: type=1400 audit(1726773875.306:663): avc: denied { rename } for pid=2175 comm="syz.2.647" name="#29" dev="loop2" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.597734][ T30] audit: type=1400 audit(1726773875.306:664): avc: denied { link } for pid=2175 comm="syz.2.647" name="00fb1d0001922c762335ee4af3bdd707040bb1b7db21000000160b75dd" dev="loop2" ino=35 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.647828][ T26] usb 2-1: USB disconnect, device number 10 [ 76.650460][ T8] attempt to access beyond end of device [ 76.650460][ T8] loop2: rw=2049, want=41104, limit=40427 [ 76.699770][ T1642] usb 4-1: USB disconnect, device number 9 [ 76.735605][ T2194] loop0: detected capacity change from 0 to 2048 [ 76.769316][ T2194] Alternate GPT is invalid, using primary GPT. [ 76.775592][ T2194] loop0: p1 p2 p3 [ 76.982047][ T2198] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.989361][ T2198] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.996793][ T2198] device bridge_slave_0 entered promiscuous mode [ 77.004520][ T2198] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.011448][ T2198] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.018970][ T2198] device bridge_slave_1 entered promiscuous mode [ 77.100852][ T2198] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.107729][ T2198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.114943][ T2198] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.121824][ T2198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.153744][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.176511][ T1640] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.185804][ T1640] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.208757][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.216899][ T1642] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.223793][ T1642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.243290][ T2190] loop4: detected capacity change from 0 to 131072 [ 77.273458][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.285452][ T2190] F2FS-fs (loop4): invalid crc value [ 77.288712][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.297469][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.326619][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.327883][ T2190] F2FS-fs (loop4): Found nat_bits in checkpoint [ 77.334935][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.349379][ T10] device bridge_slave_1 left promiscuous mode [ 77.355378][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.379839][ T10] device bridge_slave_0 left promiscuous mode [ 77.386076][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.396125][ T2217] loop0: detected capacity change from 0 to 512 [ 77.399096][ T10] device veth1_macvtap left promiscuous mode [ 77.407379][ T2190] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 77.408779][ T10] device veth0_vlan left promiscuous mode [ 77.430065][ T2190] F2FS-fs (loop4): Corrupted max_depth of 3: 16842753 [ 77.474988][ T2217] EXT4-fs (loop0): Ignoring removed nobh option [ 77.484603][ T2217] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 77.504469][ T2217] EXT4-fs (loop0): 1 truncate cleaned up [ 77.510627][ T2217] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 77.626517][ T2227] loop0: detected capacity change from 0 to 1024 [ 77.637280][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.653289][ T2198] device veth0_vlan entered promiscuous mode [ 77.684474][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.698242][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.705678][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.719424][ T2227] EXT4-fs (loop0): Ignoring removed orlov option [ 77.728860][ T2198] device veth1_macvtap entered promiscuous mode [ 77.736836][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.745188][ T2227] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 77.752786][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.761623][ T1642] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.770577][ T2227] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 77.787117][ T2227] System zones: 0-1, 3-36 [ 77.793108][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.801653][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.810658][ T2227] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,orlov,nomblk_io_submit,block_validity,debug_want_extra_isize=0x0000000000000006,resuid=0x0000000000000000,usrquota,usrquota,,errors=continue. Quota mode: writeback. [ 77.833323][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.842158][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.906099][ T2238] loop4: detected capacity change from 0 to 512 [ 77.958999][ T2238] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.658: casefold flag without casefold feature [ 77.984086][ T2238] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.658: missing EA_INODE flag [ 77.995983][ T2238] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.658: error while reading EA inode 12 err=-117 [ 78.011608][ T2238] EXT4-fs (loop4): 1 orphan inode deleted [ 78.017405][ T2238] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 78.057084][ T30] audit: type=1326 audit(1726773876.876:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2247 comm="syz.3.670" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90f396ef9 code=0x0 [ 78.089028][ T2253] loop2: detected capacity change from 0 to 256 [ 78.132017][ T2253] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 78.173677][ T2260] loop0: detected capacity change from 0 to 128 [ 78.448265][ T1640] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 78.808272][ T1640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.819049][ T1640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 78.828982][ T1640] usb 5-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 78.838179][ T1640] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.855685][ T1640] usb 5-1: config 0 descriptor?? [ 78.857597][ T2269] loop0: detected capacity change from 0 to 512 [ 78.873934][ T2271] loop3: detected capacity change from 0 to 512 [ 78.885943][ T2273] syz.2.679[2273] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.886030][ T2273] syz.2.679[2273] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.900731][ T2271] EXT4-fs (loop3): Ignoring removed nobh option [ 78.909287][ T2273] device pim6reg1 entered promiscuous mode [ 78.920072][ T2271] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 78.936785][ T2269] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 78.938697][ T2271] EXT4-fs (loop3): 1 truncate cleaned up [ 78.948576][ T2269] ext4 filesystem being mounted at /45/bus supports timestamps until 2038 (0x7fffffff) [ 78.953163][ T2271] EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 79.012400][ T1698] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 3: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4289961423, rec_len=65023, size=2048 fake=0 [ 79.228381][ T315] Bluetooth: hci0: command 0x1003 tx timeout [ 79.235158][ T394] Bluetooth: hci0: sending frame failed (-49) [ 79.267763][ T2285] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.274877][ T2285] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.282456][ T2285] device bridge_slave_0 entered promiscuous mode [ 79.289772][ T2285] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.296637][ T2285] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.304791][ T2285] device bridge_slave_1 entered promiscuous mode [ 79.313832][ T1640] cypress 0003:04B4:07B1.001D: unknown main item tag 0x6 [ 79.324114][ T1640] cypress 0003:04B4:07B1.001D: item fetching failed at offset 4/5 [ 79.337741][ T1640] cypress 0003:04B4:07B1.001D: parse failed [ 79.344263][ T1640] cypress: probe of 0003:04B4:07B1.001D failed with error -22 [ 79.358262][ T26] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 79.426454][ T2285] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.433620][ T2285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.441001][ T2285] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.448031][ T2285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.471529][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.479419][ T1640] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.486714][ T1640] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.509242][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.516758][ T39] usb 5-1: USB disconnect, device number 9 [ 79.517356][ T1640] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.529767][ T1640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.537954][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.546355][ T1640] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.553305][ T1640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.561211][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.569247][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.585896][ T2285] device veth0_vlan entered promiscuous mode [ 79.592502][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.601119][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.609127][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.616487][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.632305][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.641635][ T2285] device veth1_macvtap entered promiscuous mode [ 79.654940][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.663438][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.692802][ T2300] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.699894][ T2300] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.712091][ T2300] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.719017][ T2300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.726138][ T2300] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.733053][ T2300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.740656][ T2300] device bridge0 entered promiscuous mode [ 79.759274][ T26] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 79.775361][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.786341][ T26] usb 3-1: config 0 descriptor?? [ 79.791990][ T924] device bridge_slave_1 left promiscuous mode [ 79.797947][ T924] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.806806][ T924] device bridge_slave_0 left promiscuous mode [ 79.813553][ T924] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.823536][ T924] device veth1_macvtap left promiscuous mode [ 79.830046][ T924] device veth0_vlan left promiscuous mode [ 80.069331][ T2310] syz.0.693[2310] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.069415][ T2310] syz.0.693[2310] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.074190][ T2311] loop4: detected capacity change from 0 to 512 [ 80.099099][ T2309] loop3: detected capacity change from 0 to 128 [ 80.113690][ T2310] device pim6reg1 entered promiscuous mode [ 80.150606][ T2309] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 80.161388][ T2309] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038 (0x7fffffff) [ 80.175056][ T2311] EXT4-fs (loop4): Ignoring removed nobh option [ 80.181280][ T2311] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 80.202766][ T2311] EXT4-fs (loop4): 1 truncate cleaned up [ 80.208362][ T2311] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nobh,data_err=ignore,nolazytime,init_itable=0x0000000000000004,acl,,errors=continue. Quota mode: none. [ 80.261460][ T2321] incfs: mount failed -22 [ 80.321555][ T30] audit: type=1400 audit(1726773879.146:666): avc: denied { mount } for pid=2325 comm="syz.4.700" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 80.358209][ T30] audit: type=1400 audit(1726773879.166:667): avc: denied { unmount } for pid=1773 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 80.408193][ T30] audit: type=1326 audit(1726773879.226:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2328 comm="syz.4.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f8eefef9 code=0x7ffc0000 [ 80.432659][ T30] audit: type=1326 audit(1726773879.226:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2328 comm="syz.4.701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f87f8eefef9 code=0x7ffc0000 [ 80.456237][ T315] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 80.708322][ T26] usb 3-1: Cannot set autoneg [ 80.712929][ T26] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71 [ 80.724985][ T26] usb 3-1: USB disconnect, device number 9 [ 80.818340][ T315] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.838157][ T315] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.858014][ T315] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 80.869335][ T315] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.880061][ T315] usb 1-1: config 0 descriptor?? [ 81.057518][ T2365] loop3: detected capacity change from 0 to 2048 [ 81.179182][ T2365] Alternate GPT is invalid, using primary GPT. [ 81.185236][ T2365] loop3: p1 p2 p3 [ 81.316081][ T1640] Bluetooth: hci0: command 0x1001 tx timeout [ 81.323028][ T394] Bluetooth: hci0: sending frame failed (-49) [ 81.368037][ T1462] udevd[1462]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 81.378781][ T1656] udevd[1656]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 81.379027][ T1654] udevd[1654]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 81.404004][ T2375] loop3: detected capacity change from 0 to 512 [ 81.422330][ T1462] udevd[1462]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 81.435244][ T1656] udevd[1656]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 81.446601][ T1503] udevd[1503]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 81.469340][ T2375] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 81.484727][ T2375] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038 (0x7fffffff) [ 82.009898][ T315] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.001E/input/input17 [ 82.064451][ T315] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.001E/input/input18 [ 82.097284][ T315] uclogic 0003:256C:006D.001E: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 82.214967][ T315] usb 1-1: USB disconnect, device number 10 [ 82.603969][ T2386] loop3: detected capacity change from 0 to 131072 [ 82.670687][ T2386] F2FS-fs (loop3): invalid crc value [ 82.709447][ T2386] F2FS-fs (loop3): Found nat_bits in checkpoint [ 82.725120][ T2390] loop2: detected capacity change from 0 to 131072 [ 82.767127][ T2386] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2 [ 82.776863][ T2386] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 82.813824][ T2390] F2FS-fs (loop2): Found nat_bits in checkpoint [ 82.858452][ T2390] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 83.018185][ T1640] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 83.173542][ T2419] loop2: detected capacity change from 0 to 2048 [ 83.199592][ T2419] Alternate GPT is invalid, using primary GPT. [ 83.206111][ T2419] loop2: p1 p2 p3 [ 83.296522][ T1654] udevd[1654]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 83.298616][ T1462] udevd[1462]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 83.308800][ T1656] udevd[1656]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 83.388322][ T315] Bluetooth: hci0: command 0x1009 tx timeout [ 83.418308][ T1640] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 83.427379][ T1640] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.436618][ T1640] usb 5-1: config 0 descriptor?? [ 83.808313][ T2425] loop2: detected capacity change from 0 to 256 [ 83.848522][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.856824][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.865305][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.873582][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.881604][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.896133][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.905456][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.913575][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.921890][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.929936][ T2425] netlink: 'syz.2.730': attribute type 28 has an invalid length. [ 83.944013][ T2425] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 202) [ 83.952738][ T2425] FAT-fs (loop2): Filesystem has been set read-only [ 83.956333][ T2427] loop0: detected capacity change from 0 to 40427 [ 83.960073][ T2425] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 202) [ 83.974001][ T2425] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 202) [ 84.010288][ T2427] F2FS-fs (loop0): invalid crc value [ 84.017485][ T2427] F2FS-fs (loop0): Found nat_bits in checkpoint [ 84.070178][ T2427] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 84.120794][ T2439] loop2: detected capacity change from 0 to 512 [ 84.123267][ T2285] attempt to access beyond end of device [ 84.123267][ T2285] loop0: rw=524288, want=45072, limit=40427 [ 84.147975][ T2285] attempt to access beyond end of device [ 84.147975][ T2285] loop0: rw=0, want=45072, limit=40427 [ 84.168096][ T2439] EXT4-fs (loop2): 1 truncate cleaned up [ 84.173754][ T2439] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,,errors=continue. Quota mode: none. [ 84.181691][ T2233] attempt to access beyond end of device [ 84.181691][ T2233] loop0: rw=2049, want=41104, limit=40427 [ 84.202067][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 84.202084][ T30] audit: type=1400 audit(1726773883.026:678): avc: denied { reparent } for pid=2438 comm="syz.2.744" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 84.348205][ T1640] usb 5-1: Cannot set autoneg [ 84.352829][ T1640] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71 [ 84.381001][ T1640] usb 5-1: USB disconnect, device number 10 [ 84.386026][ T2452] loop2: detected capacity change from 0 to 1024 [ 84.413160][ T30] audit: type=1400 audit(1726773883.236:679): avc: denied { create } for pid=2454 comm="syz.3.741" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 84.435548][ T2452] EXT4-fs (loop2): Unrecognized mount option "fsname=-!ø" or missing value [ 84.466888][ T2459] loop3: detected capacity change from 0 to 128 [ 84.500548][ T2456] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.507531][ T2456] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.515606][ T2456] device bridge_slave_0 entered promiscuous mode [ 84.524707][ T2456] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.534098][ T2456] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.543786][ T2456] device bridge_slave_1 entered promiscuous mode [ 84.617691][ T2456] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.624610][ T2456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.631836][ T2456] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.639032][ T2456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.666712][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.674927][ T1640] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.682252][ T1640] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.691781][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.699981][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.706834][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.718605][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.726943][ T1640] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.733875][ T1640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.749614][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.757416][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.773390][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.785369][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.793430][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.801011][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.809287][ T2233] device bridge_slave_1 left promiscuous mode [ 84.815300][ T2233] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.823356][ T2233] device bridge_slave_0 left promiscuous mode [ 84.829891][ T2233] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.837789][ T2233] device veth1_macvtap left promiscuous mode [ 84.844056][ T2233] device veth0_vlan left promiscuous mode [ 84.875763][ T2468] loop4: detected capacity change from 0 to 512 [ 84.905626][ T30] audit: type=1326 audit(1726773883.726:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2470 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90f396ef9 code=0x7ffc0000 [ 84.942610][ T30] audit: type=1326 audit(1726773883.756:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2470 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fe90f396ef9 code=0x7ffc0000 [ 84.966881][ T30] audit: type=1326 audit(1726773883.756:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2470 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90f396ef9 code=0x7ffc0000 [ 85.000240][ T2468] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 85.012128][ T2468] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038 (0x7fffffff) [ 85.061436][ T2456] device veth0_vlan entered promiscuous mode [ 85.086497][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.097467][ T2456] device veth1_macvtap entered promiscuous mode [ 85.116773][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.125558][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.177523][ T2481] loop0: detected capacity change from 0 to 128 [ 85.184362][ T30] audit: type=1400 audit(1726773884.006:683): avc: denied { create } for pid=2479 comm="syz.4.748" dev="anon_inodefs" ino=26443 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 85.238959][ T30] audit: type=1400 audit(1726773884.026:684): avc: denied { ioctl } for pid=2479 comm="syz.4.748" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=26443 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 85.283141][ T2481] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 85.288243][ T310] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 85.294420][ T2481] ext4 filesystem being mounted at /0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 85.409075][ T30] audit: type=1326 audit(1726773884.236:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2490 comm="syz.0.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc568dcef9 code=0x7ffc0000 [ 85.434011][ T30] audit: type=1326 audit(1726773884.236:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2490 comm="syz.0.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fdc568dcef9 code=0x7ffc0000 [ 85.459036][ T30] audit: type=1326 audit(1726773884.236:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2490 comm="syz.0.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc568dcef9 code=0x7ffc0000 [ 85.538205][ T310] usb 4-1: Using ep0 maxpacket: 16 [ 85.550297][ T2502] loop2: detected capacity change from 0 to 2048 [ 85.628913][ T2502] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 85.639039][ T2502] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 85.650120][ T2502] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 1)! [ 85.658344][ T310] usb 4-1: config 0 has no interfaces? [ 85.660656][ T2502] EXT4-fs (loop2): group descriptors corrupted! [ 85.798201][ T316] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 85.818313][ T310] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 85.830258][ T310] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.838103][ T310] usb 4-1: Product: syz [ 85.842690][ T310] usb 4-1: Manufacturer: syz [ 85.847166][ T310] usb 4-1: SerialNumber: syz [ 85.871878][ T2509] syz.2.759[2509] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.871961][ T2509] syz.2.759[2509] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.873486][ T310] usb 4-1: config 0 descriptor?? [ 85.905837][ T2509] loop2: detected capacity change from 0 to 512 [ 85.921221][ T2509] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.759: inode #1: comm syz.2.759: iget: illegal inode # [ 85.934753][ T2509] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.759: error while reading EA inode 1 err=-117 [ 85.948818][ T2509] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.759: inode #1: comm syz.2.759: iget: illegal inode # [ 85.962418][ T2509] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.759: error while reading EA inode 1 err=-117 [ 85.975738][ T2509] EXT4-fs (loop2): 1 orphan inode deleted [ 85.981322][ T2509] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 86.010910][ T2509] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.759: invalid indirect mapped block 234881024 (level 0) [ 86.067346][ T2514] loop2: detected capacity change from 0 to 128 [ 86.168225][ T316] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 86.177720][ T316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.186615][ T316] usb 1-1: config 0 descriptor?? [ 86.528434][ T2530] loop2: detected capacity change from 0 to 1024 [ 86.544766][ T315] usb 4-1: USB disconnect, device number 10 [ 86.570544][ T2530] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,norecovery,lazytime,nodelalloc,acl,dioread_lock,,errors=continue. Quota mode: none. [ 86.574407][ T2537] loop4: detected capacity change from 0 to 512 [ 86.690966][ T2537] EXT4-fs (loop4): 1 truncate cleaned up [ 86.697211][ T2537] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,grpquota,errors=continue,noauto_da_alloc,nolazytime,errors=continue,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback. [ 86.724575][ T2537] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz.4.769: corrupt xattr in inline inode [ 86.737753][ T2537] EXT4-fs (loop4): Remounting filesystem read-only [ 86.744283][ T2537] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz.4.769: corrupted in-inode xattr [ 86.760964][ T1773] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 86.782332][ T1773] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 86.799821][ T1773] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 86.928240][ T310] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 86.995247][ T2543] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.002497][ T2543] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.010149][ T2543] device bridge_slave_0 entered promiscuous mode [ 87.019744][ T2543] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.026590][ T2543] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.034006][ T2543] device bridge_slave_1 entered promiscuous mode [ 87.088897][ T316] usb 1-1: Cannot set autoneg [ 87.094438][ T316] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 87.115343][ T316] usb 1-1: USB disconnect, device number 11 [ 87.140705][ T2543] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.147708][ T2543] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.154843][ T2543] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.161704][ T2543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.200597][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 87.208831][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.216207][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.228877][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.237339][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.244312][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.258730][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.266863][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.273757][ T322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.281418][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.292988][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.308474][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.322539][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.330298][ T310] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.341668][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.348750][ T310] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.358583][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.368913][ T310] usb 3-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 87.377941][ T310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.390440][ T2543] device veth0_vlan entered promiscuous mode [ 87.392542][ T310] usb 3-1: config 0 descriptor?? [ 87.404023][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.413663][ T2543] device veth1_macvtap entered promiscuous mode [ 87.423766][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.433804][ T2233] device bridge_slave_1 left promiscuous mode [ 87.439816][ T2233] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.447243][ T2233] device bridge_slave_0 left promiscuous mode [ 87.453552][ T2233] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.461961][ T2233] device veth1_macvtap left promiscuous mode [ 87.467855][ T2233] device veth0_vlan left promiscuous mode [ 87.556153][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.703205][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.710315][ T2557] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.717768][ T2557] device bridge_slave_0 entered promiscuous mode [ 87.739570][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.750873][ T2557] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.759098][ T2557] device bridge_slave_1 entered promiscuous mode [ 87.866605][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 87.874793][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 87.898848][ T310] belkin 0003:1020:0006.001F: item fetching failed at offset 3/5 [ 87.910833][ T310] belkin 0003:1020:0006.001F: parse failed [ 87.917706][ T310] belkin: probe of 0003:1020:0006.001F failed with error -22 [ 87.919395][ T2557] device veth0_vlan entered promiscuous mode [ 87.933404][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.950103][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.958464][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.966209][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.973904][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.982334][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.994797][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.001718][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.009342][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.017548][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.025660][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.032534][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.039873][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 88.047795][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 88.055885][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 88.064080][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 88.072424][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 88.080177][ T1642] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 88.088256][ T315] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 88.103042][ T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 88.111821][ T39] usb 3-1: USB disconnect, device number 10 [ 88.133524][ T2557] device veth1_macvtap entered promiscuous mode [ 88.155900][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 88.164996][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.181248][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 88.189550][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.301340][ T2595] loop3: detected capacity change from 0 to 1024 [ 88.328211][ T315] usb 5-1: Using ep0 maxpacket: 8 [ 88.334082][ T2599] input: syz0 as /devices/virtual/input/input19 [ 88.342281][ T2599] ================================================================== [ 88.350283][ T2599] BUG: KASAN: use-after-free in mutex_lock+0xa9/0x1e0 [ 88.356878][ T2599] Write of size 8 at addr ffff8881236d0450 by task syz.1.793/2599 [ 88.364516][ T2599] [ 88.366694][ T2599] CPU: 0 PID: 2599 Comm: syz.1.793 Not tainted 5.15.161-syzkaller-00425-gb92c0d35d015 #0 [ 88.376338][ T2599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 88.386347][ T2599] Call Trace: [ 88.389430][ T2599] [ 88.392210][ T2599] dump_stack_lvl+0x151/0x1c0 [ 88.396717][ T2599] ? io_uring_drop_tctx_refs+0x190/0x190 [ 88.404541][ T2599] ? __wake_up_klogd+0xd5/0x110 [ 88.409203][ T2599] ? panic+0x760/0x760 [ 88.413112][ T2599] ? vfs_open+0x73/0x80 [ 88.417101][ T2599] print_address_description+0x87/0x3b0 [ 88.422482][ T2599] kasan_report+0x179/0x1c0 [ 88.426822][ T2599] ? mutex_lock+0xa9/0x1e0 [ 88.431076][ T2599] ? mutex_lock+0xa9/0x1e0 [ 88.435553][ T2599] kasan_check_range+0x293/0x2a0 [ 88.440314][ T2599] __kasan_check_write+0x14/0x20 [ 88.445094][ T2599] mutex_lock+0xa9/0x1e0 [ 88.449268][ T2599] ? wait_for_completion_killable_timeout+0x10/0x10 [ 88.455711][ T2599] steam_input_open+0x91/0x1a0 [ 88.460292][ T2599] ? steam_input_register+0xa70/0xa70 [ 88.465492][ T2599] ? __kasan_check_write+0x14/0x20 [ 88.470629][ T2599] ? mutex_lock_interruptible+0xb6/0x1e0 [ 88.476078][ T2599] ? __kasan_check_write+0x14/0x20 [ 88.481027][ T2599] input_open_device+0x1a5/0x310 [ 88.485802][ T2599] ? kobject_get_unless_zero+0x229/0x320 [ 88.491267][ T2599] evdev_open+0x3df/0x620 [ 88.495435][ T2599] chrdev_open+0x4f7/0x620 [ 88.499688][ T2599] ? cd_forget+0x170/0x170 [ 88.504140][ T2599] ? fsnotify_perm+0x4ba/0x5d0 [ 88.508763][ T2599] ? cd_forget+0x170/0x170 [ 88.513004][ T2599] do_dentry_open+0x81c/0xfd0 [ 88.517760][ T2599] vfs_open+0x73/0x80 [ 88.521560][ T2599] path_openat+0x26f0/0x2f40 [ 88.525984][ T2599] ? __kasan_slab_free+0x11/0x20 [ 88.530768][ T2599] ? __kasan_slab_alloc+0xb1/0xe0 [ 88.535631][ T2599] ? kmem_cache_alloc+0xf5/0x200 [ 88.540397][ T2599] ? getname_flags+0xba/0x520 [ 88.544996][ T2599] ? __x64_sys_openat+0x243/0x290 [ 88.549971][ T2599] ? do_filp_open+0x460/0x460 [ 88.554637][ T2599] do_filp_open+0x21c/0x460 [ 88.559274][ T2599] ? vfs_tmpfile+0x2c0/0x2c0 [ 88.564374][ T2599] do_sys_openat2+0x13f/0x830 [ 88.569050][ T2599] ? selinux_file_ioctl+0x3cc/0x540 [ 88.574233][ T2599] ? do_sys_open+0x220/0x220 [ 88.578813][ T2599] __x64_sys_openat+0x243/0x290 [ 88.583483][ T2599] ? __ia32_sys_open+0x270/0x270 [ 88.588402][ T2599] ? __kasan_check_read+0x11/0x20 [ 88.593265][ T2599] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 88.598725][ T2599] x64_sys_call+0x6bf/0x9a0 [ 88.603629][ T2599] do_syscall_64+0x3b/0xb0 [ 88.607882][ T2599] ? clear_bhb_loop+0x35/0x90 [ 88.612388][ T2599] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.618122][ T2599] RIP: 0033:0x7f96be5a9890 [ 88.622367][ T2599] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 88.641963][ T2599] RSP: 002b:00007f96bd223b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 88.650208][ T2599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96be5a9890 [ 88.658020][ T2599] RDX: 0000000000000000 RSI: 00007f96bd223c10 RDI: 00000000ffffff9c [ 88.666031][ T2599] RBP: 00007f96bd223c10 R08: 0000000000000000 R09: 0000000000000000 [ 88.673852][ T2599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 88.681914][ T2599] R13: 0000000000000000 R14: 00007f96be762f80 R15: 00007fffbd2c2408 [ 88.689739][ T2599] [ 88.692677][ T2599] [ 88.694838][ T2599] Allocated by task 2543: [ 88.699015][ T2599] ____kasan_kmalloc+0xdb/0x110 [ 88.703698][ T2599] __kasan_kmalloc+0x9/0x10 [ 88.708143][ T2599] __kmalloc+0x13a/0x270 [ 88.712224][ T2599] fib6_info_alloc+0x33/0xe0 [ 88.716643][ T2599] ip6_route_info_create+0x50b/0x14c0 [ 88.721851][ T2599] addrconf_f6i_alloc+0x215/0x4c0 [ 88.726709][ T2599] ipv6_add_addr+0x44e/0xd40 [ 88.731137][ T2599] inet6_addr_add+0x45a/0x9b0 [ 88.735649][ T2599] inet6_rtm_newaddr+0x98d/0x26b0 [ 88.740508][ T2599] rtnetlink_rcv_msg+0x951/0xc40 [ 88.745282][ T2599] netlink_rcv_skb+0x1cf/0x410 [ 88.749889][ T2599] rtnetlink_rcv+0x1c/0x20 [ 88.754137][ T2599] netlink_unicast+0x8df/0xac0 [ 88.758908][ T2599] netlink_sendmsg+0xa0a/0xd20 [ 88.763503][ T2599] __sys_sendto+0x564/0x720 [ 88.767845][ T2599] __x64_sys_sendto+0xe5/0x100 [ 88.772450][ T2599] x64_sys_call+0x15c/0x9a0 [ 88.776788][ T2599] do_syscall_64+0x3b/0xb0 [ 88.781036][ T2599] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.786771][ T2599] [ 88.788928][ T2599] Freed by task 13: [ 88.792577][ T2599] kasan_set_track+0x4b/0x70 [ 88.797002][ T2599] kasan_set_free_info+0x23/0x40 [ 88.801773][ T2599] ____kasan_slab_free+0x126/0x160 [ 88.806723][ T2599] __kasan_slab_free+0x11/0x20 [ 88.811449][ T2599] slab_free_freelist_hook+0xbd/0x190 [ 88.816655][ T2599] kfree+0xc8/0x220 [ 88.820291][ T2599] fib6_info_destroy_rcu+0x168/0x1b0 [ 88.825412][ T2599] rcu_do_batch+0x57a/0xc10 [ 88.829842][ T2599] rcu_core+0x517/0x1020 [ 88.833927][ T2599] rcu_core_si+0x9/0x10 [ 88.837931][ T2599] handle_softirqs+0x25e/0x5c0 [ 88.842530][ T2599] run_ksoftirqd+0x28/0x40 [ 88.846850][ T2599] smpboot_thread_fn+0x466/0x8d0 [ 88.851625][ T2599] kthread+0x421/0x510 [ 88.855527][ T2599] ret_from_fork+0x1f/0x30 [ 88.859789][ T2599] [ 88.861952][ T2599] Last potentially related work creation: [ 88.867508][ T2599] kasan_save_stack+0x3b/0x60 [ 88.872020][ T2599] __kasan_record_aux_stack+0xd3/0xf0 [ 88.877240][ T2599] kasan_record_aux_stack_noalloc+0xb/0x10 [ 88.882872][ T2599] call_rcu+0x135/0x1310 [ 88.886961][ T2599] addrconf_permanent_addr+0x376/0xba0 [ 88.892283][ T2599] addrconf_notify+0x762/0xdd0 [ 88.896846][ T2599] raw_notifier_call_chain+0x8c/0xf0 [ 88.901965][ T2599] __dev_notify_flags+0x304/0x610 [ 88.906824][ T2599] dev_change_flags+0xf0/0x1a0 [ 88.911428][ T2599] do_setlink+0xcd1/0x3b00 [ 88.915675][ T2599] rtnl_newlink+0x1779/0x2050 [ 88.920191][ T2599] rtnetlink_rcv_msg+0x951/0xc40 [ 88.924963][ T2599] netlink_rcv_skb+0x1cf/0x410 [ 88.929565][ T2599] rtnetlink_rcv+0x1c/0x20 [ 88.933814][ T2599] netlink_unicast+0x8df/0xac0 [ 88.938415][ T2599] netlink_sendmsg+0xa0a/0xd20 [ 88.943016][ T2599] __sys_sendto+0x564/0x720 [ 88.947355][ T2599] __x64_sys_sendto+0xe5/0x100 [ 88.952022][ T2599] x64_sys_call+0x15c/0x9a0 [ 88.956296][ T2599] do_syscall_64+0x3b/0xb0 [ 88.960548][ T2599] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.966277][ T2599] [ 88.968446][ T2599] The buggy address belongs to the object at ffff8881236d0400 [ 88.968446][ T2599] which belongs to the cache kmalloc-512 of size 512 [ 88.982335][ T2599] The buggy address is located 80 bytes inside of [ 88.982335][ T2599] 512-byte region [ffff8881236d0400, ffff8881236d0600) [ 88.995356][ T2599] The buggy address belongs to the page: [ 89.000835][ T2599] page:ffffea00048db400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1236d0 [ 89.010888][ T2599] head:ffffea00048db400 order:2 compound_mapcount:0 compound_pincount:0 [ 89.019046][ T2599] flags: 0x4000000000010200(slab|head|zone=1) [ 89.024958][ T2599] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 89.033376][ T2599] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 89.041787][ T2599] page dumped because: kasan: bad access detected [ 89.048129][ T2599] page_owner tracks the page as allocated [ 89.053683][ T2599] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 289, ts 21332374914, free_ts 0 [ 89.071822][ T2599] post_alloc_hook+0x1a3/0x1b0 [ 89.076551][ T2599] prep_new_page+0x1b/0x110 [ 89.081170][ T2599] get_page_from_freelist+0x3550/0x35d0 [ 89.086936][ T2599] __alloc_pages+0x27e/0x8f0 [ 89.091361][ T2599] new_slab+0x9a/0x4e0 [ 89.095520][ T2599] ___slab_alloc+0x39e/0x830 [ 89.099989][ T2599] __slab_alloc+0x4a/0x90 [ 89.104456][ T2599] __kmalloc+0x16d/0x270 [ 89.108533][ T2599] __register_sysctl_table+0x9de/0x1240 [ 89.113941][ T2599] register_net_sysctl+0x21e/0x230 [ 89.119037][ T2599] neigh_sysctl_register+0x454/0x530 [ 89.124155][ T2599] addrconf_sysctl_register+0xae/0x1a0 [ 89.129463][ T2599] ipv6_add_dev+0xc84/0x1140 [ 89.133878][ T2599] addrconf_notify+0x593/0xdd0 [ 89.138477][ T2599] raw_notifier_call_chain+0x8c/0xf0 [ 89.143608][ T2599] call_netdevice_notifiers+0x145/0x1b0 [ 89.148981][ T2599] page_owner free stack trace missing [ 89.154227][ T2599] [ 89.156358][ T2599] Memory state around the buggy address: [ 89.161832][ T2599] ffff8881236d0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.169726][ T2599] ffff8881236d0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.177728][ T2599] >ffff8881236d0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.185725][ T2599] ^ [ 89.192245][ T2599] ffff8881236d0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 89.200138][ T2599] ffff8881236d0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.208026][ T2599] ================================================================== [ 89.216020][ T2599] Disabling lock debugging due to kernel taint [ 89.236960][ T2599] general protection fault, probably for non-canonical address 0xf003fc0020000016: 0000 [#1] PREEMPT SMP KASAN [ 89.248531][ T2599] KASAN: maybe wild-memory-access in range [0x80200001000000b0-0x80200001000000b7] [ 89.257635][ T2599] CPU: 0 PID: 2599 Comm: syz.1.793 Tainted: G B 5.15.161-syzkaller-00425-gb92c0d35d015 #0 [ 89.268651][ T2599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 89.278549][ T2599] RIP: 0010:__mutex_lock+0x279/0x1870 [ 89.283754][ T2599] Code: 31 ce fc 4c 8b 3b 49 83 e7 f8 0f 84 ba 00 00 00 4c 89 6c 24 20 4d 8d 6f 34 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 8f 0f 00 00 41 83 7d 00 00 74 67 49 83 c7 [ 89.303200][ T2599] RSP: 0018:ffffc90000a972e0 EFLAGS: 00010a03 [ 89.309099][ T2599] RAX: 1004000020000016 RBX: ffff8881236d0450 RCX: dffffc0000000000 [ 89.316911][ T2599] RDX: 0000000000000000 RSI: 0000000000000286 RDI: ffff8881236d0450 [ 89.324726][ T2599] RBP: ffffc90000a97500 R08: dffffc0000000000 R09: 0000000000000007 [ 89.332539][ T2599] R10: ffffed10246da08a R11: dffffc0000000001 R12: 1ffff110229ecc58 [ 89.340345][ T2599] R13: 80200001000000b4 R14: 1ffff92000152e6c R15: 8020000100000080 [ 89.348156][ T2599] FS: 00007f96bd2246c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 89.356932][ T2599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.363605][ T2599] CR2: 00007f96bd203d58 CR3: 000000012055c000 CR4: 00000000003506b0 [ 89.371421][ T2599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.379310][ T2599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.387127][ T2599] Call Trace: [ 89.390346][ T2599] [ 89.393125][ T2599] ? __die_body+0x62/0xb0 [ 89.397546][ T2599] ? die_addr+0x9f/0xd0 [ 89.401775][ T2599] ? exc_general_protection+0x311/0x4b0 [ 89.407341][ T2599] ? asm_exc_general_protection+0x27/0x30 [ 89.412892][ T2599] ? __mutex_lock+0x279/0x1870 [ 89.417486][ T2599] ? __kasan_check_read+0x11/0x20 [ 89.422348][ T2599] ? preempt_schedule+0xd9/0xe0 [ 89.427171][ T2599] ? schedule_preempt_disabled+0x20/0x20 [ 89.432645][ T2599] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 89.438280][ T2599] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 89.444877][ T2599] ? preempt_schedule_thunk+0x16/0x18 [ 89.450081][ T2599] ? __kasan_check_write+0x14/0x20 [ 89.455025][ T2599] ? check_panic_on_warn+0x65/0xb0 [ 89.459973][ T2599] ? end_report+0x5b/0xc0 [ 89.464146][ T2599] ? mutex_lock+0xa9/0x1e0 [ 89.468393][ T2599] ? mutex_lock+0xa9/0x1e0 [ 89.472653][ T2599] ? kasan_check_range+0x293/0x2a0 [ 89.477947][ T2599] __mutex_lock_slowpath+0xe/0x10 [ 89.482805][ T2599] mutex_lock+0x135/0x1e0 [ 89.486978][ T2599] ? wait_for_completion_killable_timeout+0x10/0x10 [ 89.493395][ T2599] steam_input_open+0x91/0x1a0 [ 89.497989][ T2599] ? steam_input_register+0xa70/0xa70 [ 89.503195][ T2599] ? __kasan_check_write+0x14/0x20 [ 89.508145][ T2599] ? mutex_lock_interruptible+0xb6/0x1e0 [ 89.513612][ T2599] ? __kasan_check_write+0x14/0x20 [ 89.518562][ T2599] input_open_device+0x1a5/0x310 [ 89.523338][ T2599] ? kobject_get_unless_zero+0x229/0x320 [ 89.528801][ T2599] evdev_open+0x3df/0x620 [ 89.532967][ T2599] chrdev_open+0x4f7/0x620 [ 89.537229][ T2599] ? cd_forget+0x170/0x170 [ 89.541483][ T2599] ? fsnotify_perm+0x4ba/0x5d0 [ 89.546079][ T2599] ? cd_forget+0x170/0x170 [ 89.550327][ T2599] do_dentry_open+0x81c/0xfd0 [ 89.555057][ T2599] vfs_open+0x73/0x80 [ 89.558858][ T2599] path_openat+0x26f0/0x2f40 [ 89.563284][ T2599] ? __kasan_slab_free+0x11/0x20 [ 89.568052][ T2599] ? __kasan_slab_alloc+0xb1/0xe0 [ 89.572913][ T2599] ? kmem_cache_alloc+0xf5/0x200 [ 89.577945][ T2599] ? getname_flags+0xba/0x520 [ 89.582456][ T2599] ? __x64_sys_openat+0x243/0x290 [ 89.587323][ T2599] ? do_filp_open+0x460/0x460 [ 89.591846][ T2599] do_filp_open+0x21c/0x460 [ 89.596174][ T2599] ? vfs_tmpfile+0x2c0/0x2c0 [ 89.600621][ T2599] do_sys_openat2+0x13f/0x830 [ 89.605444][ T2599] ? selinux_file_ioctl+0x3cc/0x540 [ 89.610472][ T2599] ? do_sys_open+0x220/0x220 [ 89.614903][ T2599] __x64_sys_openat+0x243/0x290 [ 89.619600][ T2599] ? __ia32_sys_open+0x270/0x270 [ 89.624360][ T2599] ? __kasan_check_read+0x11/0x20 [ 89.629210][ T2599] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 89.634679][ T2599] x64_sys_call+0x6bf/0x9a0 [ 89.639031][ T2599] do_syscall_64+0x3b/0xb0 [ 89.643290][ T2599] ? clear_bhb_loop+0x35/0x90 [ 89.647933][ T2599] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.653623][ T2599] RIP: 0033:0x7f96be5a9890 [ 89.657908][ T2599] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 89.677325][ T2599] RSP: 002b:00007f96bd223b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 89.685563][ T2599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96be5a9890 [ 89.693371][ T2599] RDX: 0000000000000000 RSI: 00007f96bd223c10 RDI: 00000000ffffff9c [ 89.701185][ T2599] RBP: 00007f96bd223c10 R08: 0000000000000000 R09: 0000000000000000 [ 89.708996][ T2599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 89.716807][ T2599] R13: 0000000000000000 R14: 00007f96be762f80 R15: 00007fffbd2c2408 [ 89.724625][ T2599] [ 89.727485][ T2599] Modules linked in: [ 89.734628][ T2599] ---[ end trace 91d8c629ec949190 ]--- [ 89.740959][ T2599] RIP: 0010:__mutex_lock+0x279/0x1870 [ 89.746220][ T2599] Code: 31 ce fc 4c 8b 3b 49 83 e7 f8 0f 84 ba 00 00 00 4c 89 6c 24 20 4d 8d 6f 34 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 8f 0f 00 00 41 83 7d 00 00 74 67 49 83 c7 [ 89.765845][ T2599] RSP: 0018:ffffc90000a972e0 EFLAGS: 00010a03 [ 89.771778][ T2599] RAX: 1004000020000016 RBX: ffff8881236d0450 RCX: dffffc0000000000 [ 89.779583][ T2599] RDX: 0000000000000000 RSI: 0000000000000286 RDI: ffff8881236d0450 [ 89.787358][ T2599] RBP: ffffc90000a97500 R08: dffffc0000000000 R09: 0000000000000007 [ 89.795308][ T2599] R10: ffffed10246da08a R11: dffffc0000000001 R12: 1ffff110229ecc58 [ 89.803210][ T2599] R13: 80200001000000b4 R14: 1ffff92000152e6c R15: 8020000100000080 [ 89.810944][ T2599] FS: 00007f96bd2246c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 89.819717][ T2599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.826099][ T2599] CR2: 00007f96bd203d58 CR3: 000000012055c000 CR4: 00000000003506b0 [ 89.833948][ T2599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.841778][ T2599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.849575][ T2599] Kernel panic - not syncing: Fatal exception [ 89.855713][ T2599] Kernel Offset: disabled [ 89.859845][ T2599] Rebooting in 86400 seconds..