last executing test programs: 9.39560828s ago: executing program 0 (id=157): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'xfrm0\x00', 0x0}) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x0, r2}, 0x14) sendto$packet(r0, &(0x7f00000002c0)="05", 0x1, 0x0, 0x0, 0x0) 9.38811833s ago: executing program 0 (id=158): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8001, 0x4) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @random="e841bca891a3", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @dev}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 9.369401613s ago: executing program 0 (id=159): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "90737f000000009cf8dc420f2b1e277fffffeb"}) r1 = dup(r0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x82fb, 0x0, "1eb4d10100"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff) 9.357514864s ago: executing program 0 (id=160): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@user_xattr}, {@nombcache}, {@minixdf}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7e}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@user_xattr}, {@errors_remount}]}, 0xfe, 0x58a, &(0x7f0000001300)="$eJzs3c9vFFUcAPDvbH9QfiglIUQ9mCYcxCBb2voDEw94NEok0Ttu2qUh3bKkuyW0kggHuXAxRKNGEuMf4J0j8R/wryBREmJIowcvNbOdLUt3t13Kwq7s55MMvLfztm/ezLw337ez7QQwsCbSf3IRr0bEN0nEwYZ1w5GtnNgot/bw6my6JLG+/tlfSSTZa/XySfb//izzSkT89nXE8VxzvZWV1YVCqVRcyvKT1cVLk5WV1RMXFgvzxfnixemZmVPvzEy//967XWvrm2f/+fHTux+dunl07ftf7x+6lcTpOJCta2zHU7jWmJmIiWyfjMTpLQWnulBZP0l6vQHsylDWz0ciHQMOxlDW64EX31cRsQ4MqET/hwFVjwPqc/suzYP/Nx58uDEBam7/8MZnIzFWmxvtW0semxml893xLtSf1nHnz9u30iW69zkEwI6uXY+Ik8PDzeNfko1/Mbrbn32ygzITW/LGP3h+7qbxz1ut4p/cZvwTLeKf/S367m7s3P9z91u8LenWp9Rp/PdBy/h386bV+FCWe6kW840k5y+UiunY9nJEHIuRPWl+u/s5p9burbdb1xj/pUtafz0WzLbj/vCex98zV6gWnqbNjR5cj3itOf4dejT+j9Vi3a3HP90fZzus40jx9uvt1u3c/mdr9JeIN1oe/yTizqNJ0jb3Jydr58Nk/axo9veNI7+3q7/X7U+P/7527d8wnjTer608eR0/j/1bbLdu+/YPtT3/R5PPa+l6cHKlUK0uTUWMJp80vz796L31fL182v5jR7cf/1qd/3sj4osO23/j8I22Rfvh+M890fF/8sS9j7/8qV39nY1/b9dSx7JXOhn/Ot3Ap9l3AAAAAAAA0G9yEXEgklx+M53L5fMb3+84HPtypXKlevx8efniXNR+V3Y8RnL1O90HG74PMZV9H7aen96Sn4mIQxHx7dDeWj4/Wy7N9brxAAAAAAAAAAAAAAAAAAAA0Cf2t/n9/9QfQ4+Xzf4i+K6fBwP0mdHNB/0Dg2jH/t+NJz0Bfcn1HwbXLvr/d89iO4Dnz/UfBtRIrzcA6CXXfxhcaf+/3uuNAHrC9R8Gl/4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXX2zJl0WV97eHU2zc9dXlleKF8+MVesLOQXl2fzs+WlS/n5cnm+VMzPlhd3+nmlcvnS1HQsX5msFivVycrK6rnF8vLF6rkLi4X54rmipw0BAAAAAAAAAAAAAAAAAABAs8rK6kKhVCouvbCJH3rZ0lxWea93wjNMDHdYeM+LvBP6LHGzC+f8loFi7DkOSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwxX8BAAD//1sHNrs=") fstatfs(0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000a00)=ANY=[@ANYRES16, @ANYRESOCT, @ANYRESOCT, @ANYRES8, @ANYRESOCT=0x0, @ANYBLOB="defdd6f24cb9acb7fe0b0dc92a093135912ebef426731ffe88138f2b03791edb32e2ba3924188f2c07da77a1d75290af3db49e3aeedbaabdfc897ff5feb67e05cb1f923278506034c99285994c8d2a07e7732f9e4666bedc57efbc75eda531e10945eab9810dce4df5cb4468fee9df15bad908ce6d2cf900c4541ebe94681428ac2202f0132ddfd00bb4d24ace8c513914431814c2", @ANYRES32, @ANYRESOCT, @ANYRES16, @ANYRESOCT], 0x0, 0x0, &(0x7f0000000000)) 9.22602631s ago: executing program 0 (id=164): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_4={0x3, 0x1, 0x2, "f7940ef7"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @global=@item_4={0x3, 0x1, 0x3, "bd6ac505"}, @local=@item_012={0x2, 0x2, 0x0, "1a70"}, @main=@item_012={0x2, 0x0, 0x8, "5294"}, @local=@item_4={0x3, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0x0, "83632df5"}]}}, 0x0}, 0x0) dup(0xffffffffffffffff) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)='B') 9.060107549s ago: executing program 0 (id=165): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@noauto_da_alloc}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==") mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') truncate(&(0x7f0000000040)='./file0\x00', 0xfdfd) 9.059955109s ago: executing program 32 (id=165): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@noauto_da_alloc}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==") mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') truncate(&(0x7f0000000040)='./file0\x00', 0xfdfd) 6.061087583s ago: executing program 4 (id=194): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x3, 0x48, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1d01000000000020961b0a0000000000000109022400010000000009040000050300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000440)={0x2c, &(0x7f0000000200)={0x40, 0x0, 0xd, {0xd, 0x7, "d0fc56ea5b3b1ccdd7ccf1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3.99975877s ago: executing program 4 (id=230): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) 3.901270171s ago: executing program 4 (id=233): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0) flock(r2, 0x5) 3.886865053s ago: executing program 4 (id=235): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1142, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000340)={0x40, 0x11, 0x5, {0x5, 0x22, "b1744d"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3.616429604s ago: executing program 2 (id=236): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000e2bac15d3b6641a215f099e26603a050337b2ccc70a9f928ba3c529bb6e7365e7e246317380f5884d79663e7fcaa89795d7b10e88378c33265a7af06040e3d0bbc6a5864dfa023c6ac1da574242785bbb4ece12b11da52496875e1e384042aad63a3094bf3bc0e40a79960f9f1610940e67e30611d9873d1e6cb9c4cce44c999c49ff52a6400192fd021d7158438d7686a6f66778022c93c544189b684754e7e0f77a4f498609e53104c8aa70632fcc58c757bbc06f6472622dce2729d7296959ce003ec84acd015e352484c42fc29e5aea62fb7977813f7254fd6f62fec638abf292e6c33925b29"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) 3.56401949s ago: executing program 3 (id=238): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000700)={[{@minixdf}, {@auto_da_alloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nodelalloc}, {@noacl}, {@abort}]}, 0x23, 0x44d, &(0x7f0000000980)="$eJzs28tvG0UYAPBv7SR9k1CVRx9AoCDKK2nSUnpAQiCQOICEBIdyDElalboNaoJEq4oWhMoRVeLEBXFE4i/gBBcEnJC4wh1VqlAvLZyM1t5NbMd2HnXsUP9+0jozu2PPfN6d9exONoC+NZq+JBE7I+KPiBiuZusLjFb/3L55afqfm5emkyiX3/47qZS7dfPSdF40f9+OPDMQUfgsif1N6p2/cPHMVKk0ez7Ljy+c/WB8/sLF506fnTo1e2r23OTx40ePTLxwbPL5jsSZxnVr38dzB/a+/u61N6dPXHvvl++SPP6GODpktN3GJ8rlDlfXW7tq0slADxvCmhSr3TQGK/1/OIqxtPOG47VPe9o4YEOVy+Xy/a03XykDd7Gkcg4ovxS9bgjQZfkPfXr9my9dGnpsCjderl4ApXHfzpbqloEoZGUGG65vO2k0Ik5c+ffrdImNuQ8BAFDnh3T882yz8V8hau8L3ZPNoYxExL0RsTsijkXEnoi4L6JS9oGIeHCN9TdOkiwf/xSuryuwVUrHfy9mc1v147989BcjxSy3qxL/YHLydGn2cPadHIrBLWl+ok0dP776+xetttWO/9IlrT8fC2btuD6wpf49M1MLU3cSc60bn0TsG2gWf7I4E5BExN6I2LfOOk4//e2BVttWjr+NDswzlb+JeLK6/69EQ/y5pP385PjWKM0eHs+PiuV+/e3qW63qv6P4OyDd/9ubHv+L8Y8ktfO182v59K+eSl+v/vl5y2ua9R7/Q8k7des+mlpYOD8RMZS8UW107frJhnKTS+XT+A8dbN7/d8fSN7E/ItKD+KGIeDgiHsna/mhEPBYRB9t8Cz+/8vj7649/Y6Xxz6xp/y8lhqJxTfNE8cxP39dVOrL04avb/0crqUPZmtWc/1bTrrUezQAAAPB/VYiInZEUxhbThcLYWPV/+PfE9kJpbn7hmZNzH56bqT4jMBKDhfxO13DN/dCJ7J5Lnp9syB/J7ht/WdxWyY9Nz5Vmeh089LkdLfp/6q9ir1sHbDjPa0H/0v+hf+n/0L/0f+hfTfr/tl60A+i+Zr//l1d+29aNaAvQXQ3937Qf9BHX/9C/1tP/nTPg7tC2Lw91rx1AV81vi5UfkpeQWJaIwqZoxiZKXN4czehQotdnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//8cB+YG") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r1, 0x12081ff) fcntl$setstatus(r0, 0x4, 0x46d00) pwritev2(r0, &(0x7f0000000900)=[{&(0x7f00000014c0)="81", 0x1}], 0x1, 0x0, 0x0, 0x0) 3.418450827s ago: executing program 3 (id=239): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 3.417829627s ago: executing program 2 (id=249): syz_read_part_table(0x106d, &(0x7f0000000000)="$eJzszrFNxUAQBNA529gQIFogpBAyMmgIiqESKvlNkCA4tHefgAqQ0HuyZHlnrN3wp7YlyZKjJc9J1mxjfHOO365rlmzrqF0lOUZQ5Zwuvnrvs3G2z7zNr48RV7v39tmXX6tf77K2x/unhyzZsu/Vu01OPz9nLmvJZT1Hvcr7OO6l7gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/+E7AAD//9KGFMI=") r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000600)=[{{&(0x7f0000000140)=@nfc_llcp, 0x0, &(0x7f0000000780)=[{&(0x7f0000000340)=""/180}, {&(0x7f0000000280)=""/122}, {&(0x7f0000000400)=""/165}, {&(0x7f00000004c0)=""/142}, {&(0x7f0000000640)=""/70}, {&(0x7f00000006c0)=""/179}], 0x0, &(0x7f0000000580)=""/70, 0x11}}], 0x40000000000029d, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 3.318270938s ago: executing program 3 (id=240): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./bus\x00', 0x1200840, &(0x7f0000000880)=ANY=[@ANYBLOB="757466383d312c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d73703836322c696f636861727365743d63703433372c73686f72746e616d653d77696e39352c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c756e695f786c6174653d302c003c24d06816418f4be78ed4fbfe47efc82f966a602a8db43ad053c978bbd3501706515140ef63c2a58653ced497550b22917b09702604bc162c57e05beec5bb0c11fc2f9238b25e4527e24bab534e9ba458d92a597c3fee89f57053a4a1535771c9877b3ab101fb26937779cff75a95a296fafddf11280fafeb9bd5f2da4a88b43f3e4d5b1a9aed1f659d88f914548fba990603b0d4f14adda86d459c62701d3d6f007c7e50da9608a03eff58"], 0x3, 0x377, &(0x7f00000002c0)="$eJzs3UFom+UbAPAn/dKm/bP924MgCsKnN0HLNgXRix2jg2EuU8LUgxjcptLUwYrB7tCsXsSj4FFP3jzowcNuXgRFdvPg1QkyFQ+628CxT77kS/KlSWqZdLP4+x3Cs/d9nvd9v+Rl+ZqSt6+uxNrZ2Th/48b1mJ+vRHXlxErcrMRSJNF3OcbNTWgDAA6Gm1kWf2Q9EV/upaSy/6sCAPZT9/3/9cOllne/3i0/8+4PAAde8fP/Qrkt2ZEzP634wr4tCwDYR6Of/0fEI2MppV/1V8fuDQCAg+eFl15+7ng94vk0nY9Yf6/daDfimWH/8fPxZrTiXByJxbgV0btRyB8q3ceTp+qrR9I07cTPS9HIK9qNiPVOu9G7UziedOtrcTQWY6moL+42sixLTn5RXz2adkXE5U53/livtBuzsVDM/8P/4lwcizTuG6uPOFVfPZYWAzTW+/WzEdvDzy3y9S/HYnz3WlyIVpyNvLZ/W1Nf3Tqapiey+qHKsL7TbtS6eT1TPwEBAAAAAAAAAAAAAAAAAAAAAIA7spwOLA3Oz8mG5/csL0/o756P06svzgfa7p0PlNWyyLLf33m88X4SI+cD7Tifp9NuVGPm3l46AAAAAAAAAAAAAAAAAAAA/GtsbM5Fs9U6d3Fj89JaOehc3NiciYi85a1vP/tqIUZzFooBRqtGgmqRUupKh1VZ0k/OkpGcIkjyySvVXsunVwYrLufUBlcxcRm16V2t1uGHf/po2PJQ0h/59jAniYnXdSnZsYxysP7/3pKmPy27BMf+JudalmXTyrdeGa+KSkR16lLvMMjy4JvrbzzwxEZ/E2Q9jz62eObah5/8utZs5TPnWq25ixu3srVm8e/Jm216kJT2T6XYbJXyTqg2n7x9+tCUkbdHW5rJ97+9+OAHV4uWmd1fpuzM1WHL2xNykt6kn+/smusF+TIHXc/mQf4cjY8zO2HzTwqein/0wt3/8UrzytaPv+y1qvSfhIM6AAAAAAAAAAAAAAAAAADgrih9V7xQfNl3dreqp0/v/8oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4O4Z/v3/QRAz2zta9hb82Yl+y5nod9XyAWOuNOPSPbxaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+q/4KAAD//1UBZGs=") sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) ftruncate(r0, 0x9) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) 3.270920674s ago: executing program 2 (id=241): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x3, 0x48, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1d01000000000020961b0a0000000000000109022400010000000009040000050300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000440)={0x2c, &(0x7f0000000200)={0x40, 0x0, 0xd, {0xd, 0x7, "d0fc56ea5b3b1ccdd7ccf1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3.109591082s ago: executing program 3 (id=242): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0xc6, 0x65, 0xcf, 0x40, 0x8dd, 0x90ff, 0x5d5a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xcd, 0xf8, 0xf3}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x40, 0x17, 0x6, @random="7f992138a7af"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.958482629s ago: executing program 5 (id=244): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) 2.86664993s ago: executing program 5 (id=245): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000001000000000000000b000000000c001462726f5d471cf258"], 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x0) 2.857927612s ago: executing program 5 (id=246): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, '\v\tt1'}]}}, 0x0}, 0x0) 2.271559438s ago: executing program 1 (id=251): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0x3, 0x4, '\x00', 0x3ff}) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000240)) 2.231715663s ago: executing program 1 (id=252): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@fscache}]}}) 2.231572773s ago: executing program 1 (id=253): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000100000000000000000000850000006d000000850000009e00000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)='0', 0x1}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) 2.231369583s ago: executing program 1 (id=254): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r2}, 0x18) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000700000035da144f"], 0x0, 0x0, 0x0, 0x0}) 1.969418623s ago: executing program 4 (id=255): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000008de28021100000000000109022400000000000009040000020300000009210000000122070009058103"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001868000000000000000000080000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002207000000036e3565c0b1"], 0x0}, 0x0) 302.642085ms ago: executing program 3 (id=256): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80a, &(0x7f00000000c0)={[{@grpquota}, {@norecovery}, {@data_err_abort}, {@noblock_validity}]}, 0x1, 0x79b, &(0x7f0000000a40)="$eJzs3c1rXFUbAPDnTpImTfu+zQsv2LppVloonbQ1tgqCERciWCjo2jZMpiFmkimZSWlCFhYRBBG0uBB049qPunMruvZvcCMiLVXTYsWFjNz5SKb5mHw0k2mb3w9ucs6dc+ecZ+7cc8/MPcwNYM8aTP9kIo5ExIdJxKH6+iQieqqp7oiRWrl7iwu5dEmiUnn996Ra5u7iQi6atkkdqGcOR8T370Ycz6yutzQ3PzlaKORn6vmh8tTlodLc/ImJqdHx/Hh++syp4eHTZ589e2bnYv3zx/mDtz565emvR/5+54kbH/yQxEgcrD/WHMdOGYzB+mvSk76E93l5pyvrsKTTDWBb0kOzq3aUx5E4FF3VFADwOEvP/xUAYI9JnP8BYI9pfA9wd3Eh11g6+43E7rr9UkT01eJvXN+sPdJdv2bXV70O2n83ie76FdHYwetdgxHx2bdvfpku0abrkABreftaRFwcGFzd/yer5ixs1clNlBlckdf/we75Lh3/PLfW+C+zNP6JpfHPst41jt3tGIzY15xfffxnbq654Ys7UHl9/PdCbW5bGmjT+G9p0tpAVz33nzRzNCImCvm0b/tvRByLnt5LE4X8qRZ1HLvzz531Hmse//1x/a0v0vrT/8slMje7e+/fZmy0PPogMTe7fS3iye7luX33VvX/fdWx7sr9n6473+qJjy4nX33+vU/XK5bGn8bbWFbH316VzyOeirXjb0hazk8cSnf/ydrftev45udP+terv3n/p0taf+OzwG5I939/6/gHkub5mqWdrX/j+Nd+/+9L3qimG53H1dFyeeZUxL7ktdXrTy9v28g3yqfx1yJdGX+m5fs//SR4cZMxdt/67avtx7+kLVMs0/jHtrT/t564cW+ya/vxp/t/uJo6Vl+zmf5vsw18kNcOAAAAAAAAAAAAAAAAAAAAAAAAADYrExEHI8lkl9KZTDZbu4f3/6M/UyiWyscvFWenx6J6r+yB6Mk0furyUC2fNH7/dKApf3pF/pmI+F9EfNy7v5rP5oqFsU4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1B9a5/3/q195Otw4AaJu+DUvcyd+XrVQqlTa2BwBov43P/wDA46bF+X//brYDANg9Pv8DwN7j/A8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG12/ty5dKn8tbiQS/NjV+ZmJ4tXTozlS5PZqdlcNlecuZwdLxbHC/lsrji10fMVisXLwzE9e3WonC+Vh0pz8xemirPT5QsTU6Pj+Qv5nl2JCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2pjQ3PzlaKORnHovE+xHxEDSjHYkkHopmdCTxy4mfDrcqc32Dt/HIQxHFI5bodM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj4NwAA//8PbSWm") r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000073113f000000000016000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) 302.118525ms ago: executing program 5 (id=266): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0xa6, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6004f1ff00702b00fe8000000000000000000000000000bbfe8000000000000000000000000000aa"], 0x0) 301.737055ms ago: executing program 2 (id=257): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) 298.613485ms ago: executing program 1 (id=267): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000004c0)={[{@noblock_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}, {@sysvgroups}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@user_xattr}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x2, 0x56a, &(0x7f0000000a40)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) r1 = socket(0xa, 0x3, 0x6) getsockopt$nfc_llcp(r1, 0x29, 0x4a, 0x0, 0x20000011) 285.909807ms ago: executing program 5 (id=258): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f0000000000)="fc0000001a000708ab092500090007000aab0700a90100001d60519321000180fec0ffff00000000b90a000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030005000000140000270400117c22ebc205214000000000008935d0730206001720d7d5bbc91a3e3280775e9ddefd5a32e280fc83ab820d9473decc9204d287f605f7029ddef2fe082038f4f8b29d3ef3d92c83170c5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd1a6b567b4d5715587e658a1ad0a4f01731d05b0310b0041f2d48a99c03f080548deac270e33429fd3000175e63fb8d38a87041bf29e", 0xfc) 248.451921ms ago: executing program 5 (id=259): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x5, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f00000001c0)=0x7ff, 0x4) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[], 0xfffffe8a) 147.062973ms ago: executing program 2 (id=260): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) remap_file_pages(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x180000, 0x3) 42.951935ms ago: executing program 2 (id=261): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000021c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9046c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4e0664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa7666b5ded16ee7025f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b3a2327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4f4ab9e85bf8c6d71a2214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f4f5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51700eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6cd28cf28fe2ee593e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c191355391771f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18abde34ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310d69e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74df190c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f2708e09ae8268dcc15411483b8506386aa0ece2a94c320b002c77f82cb3cc96c34f7831844cc748e662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae4c697bfc674e03231c42f7eaaf5166bbc4653c71805f9448416e379cc1c40f8f866c9b319a849dd00ff9b84857436ed362c4632bfc3fa7357c24f15bbb07bd91893e61df7eb6dc5e071a9cc2faa7a32a91c4d982f5cfb725dca80b23874877a4980dbd70cda040b1ce527e7188159df77b493efbbd7bfe2680bf44e49eb68e5e33a0a5726072b2699d6244cd5c4a82bf18c668a3d43cec78c5fe1f12283d5dde6d0ea0b1b81ee7c065c938577e4ec93f22f1e6106f337625b7f7798011a60a75c35731fe44fa4fc6add59bac24d045a5780a0737b0f09e9127e9df798a1a58434b00d64ea6121afab030d1100905b6b5ecfd2991dd523098dbfaa85c0067884f987dde054a7ba1a95c1815c40a45878dd97a2721b28db7c52230dc999c4416b2af946ee708001cac72dd4ee55eae2d598cff47e4b929f3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x2) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 37.000126ms ago: executing program 1 (id=262): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000009f910000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r2, &(0x7f0000002800)=[{&(0x7f0000002500)='\f7', 0x2}], 0x1) write$cgroup_pid(r2, &(0x7f00000031c0), 0x12) 8.191909ms ago: executing program 3 (id=263): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000440)="b9e00900000f32c7442400ba000000c744240200800000c7442406000000000f011424c461796f30362e26470f6bb3a19eb0c866ba4300152e430f79c5660f3a099f0900000051440f001ac744240012000000c74424028bbed778ff1c240f30460f09", 0x63}], 0x1, 0x64, 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f0000000000)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 4 (id=264): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): [ 12.128399][ T30] audit: type=1400 audit(1730481555.504:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[13019]" dev="pipefs" ino=13019 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.132131][ T30] audit: type=1400 audit(1730481555.504:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.135108][ T30] audit: type=1400 audit(1730481555.504:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts. [ 18.745457][ T30] audit: type=1400 audit(1730481562.124:66): avc: denied { integrity } for pid=278 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 18.751514][ T30] audit: type=1400 audit(1730481562.134:67): avc: denied { mounton } for pid=278 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 18.752602][ T278] cgroup: Unknown subsys name 'net' [ 18.754955][ T30] audit: type=1400 audit(1730481562.134:68): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.760388][ T30] audit: type=1400 audit(1730481562.134:69): avc: denied { unmount } for pid=278 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.760512][ T278] cgroup: Unknown subsys name 'devices' [ 18.941045][ T278] cgroup: Unknown subsys name 'hugetlb' [ 18.946449][ T278] cgroup: Unknown subsys name 'rlimit' [ 19.196838][ T30] audit: type=1400 audit(1730481562.574:70): avc: denied { setattr } for pid=278 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.219794][ T30] audit: type=1400 audit(1730481562.574:71): avc: denied { mounton } for pid=278 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.244352][ T30] audit: type=1400 audit(1730481562.574:72): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.250246][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 19.275979][ T30] audit: type=1400 audit(1730481562.654:73): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.301185][ T30] audit: type=1400 audit(1730481562.654:74): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.331420][ T30] audit: type=1400 audit(1730481562.714:75): avc: denied { read } for pid=278 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.356826][ T278] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 19.779858][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.786717][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.794056][ T289] device bridge_slave_0 entered promiscuous mode [ 19.809844][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.816684][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.823946][ T289] device bridge_slave_1 entered promiscuous mode [ 19.843906][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.850896][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.857998][ T290] device bridge_slave_0 entered promiscuous mode [ 19.866016][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.873033][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.880258][ T290] device bridge_slave_1 entered promiscuous mode [ 19.910244][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.917091][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.924415][ T288] device bridge_slave_0 entered promiscuous mode [ 19.930943][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.937774][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.945165][ T291] device bridge_slave_0 entered promiscuous mode [ 19.955999][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.962863][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.970029][ T288] device bridge_slave_1 entered promiscuous mode [ 19.979336][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.986171][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.993436][ T291] device bridge_slave_1 entered promiscuous mode [ 20.043107][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.050073][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.057137][ T292] device bridge_slave_0 entered promiscuous mode [ 20.075930][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.082833][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.090049][ T292] device bridge_slave_1 entered promiscuous mode [ 20.228789][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.235662][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.242752][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.249536][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.259797][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.266647][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.273750][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.280543][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.292934][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.299792][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.306884][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.313687][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.328781][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.335662][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.342736][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.349532][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.376657][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.384178][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.391221][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.398157][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.405878][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.412926][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.419949][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.426947][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.433959][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.441944][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.449089][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.456391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 20.464416][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.472419][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.479350][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.486605][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 20.494733][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.502655][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.509581][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.516818][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 20.535141][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.543362][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.550212][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.572794][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.581192][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.589089][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.595855][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.603054][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.610970][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.618861][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.625627][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.632838][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.655440][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.663824][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.671660][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.679837][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.687745][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.694493][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.712231][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.719773][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.727114][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.735167][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.742010][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.750047][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.757958][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.764707][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.771969][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.779917][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.786750][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.796002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.803998][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.813257][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 20.821462][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.829878][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.836702][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.847184][ T289] device veth0_vlan entered promiscuous mode [ 20.855088][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.862864][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.870654][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.877859][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.885774][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.893784][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.915608][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.923501][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.931379][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.939665][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.947685][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.955578][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.963303][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.971166][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.978823][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.986726][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.996347][ T291] device veth0_vlan entered promiscuous mode [ 21.007618][ T289] device veth1_macvtap entered promiscuous mode [ 21.016561][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.024267][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.032214][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.040263][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.048100][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.055573][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.063743][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.071797][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.079005][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.092912][ T291] device veth1_macvtap entered promiscuous mode [ 21.103035][ T292] device veth0_vlan entered promiscuous mode [ 21.112494][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.120763][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.128872][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.137171][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.145282][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.152908][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.160894][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.168563][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.176694][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.184912][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.193036][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.201234][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.208459][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.221949][ T288] device veth0_vlan entered promiscuous mode [ 21.231407][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.239102][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.247050][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.255176][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.263451][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.271680][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.279952][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.287188][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.300438][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.308373][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.317445][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.325571][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.337758][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.345860][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.353644][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.362137][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.370017][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.378607][ T288] device veth1_macvtap entered promiscuous mode [ 21.385926][ T290] device veth0_vlan entered promiscuous mode [ 21.396800][ T292] device veth1_macvtap entered promiscuous mode [ 21.412998][ T314] loop4: detected capacity change from 0 to 2048 [ 21.416531][ T290] device veth1_macvtap entered promiscuous mode [ 21.431302][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.438733][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.446999][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.455963][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.457212][ T314] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.464460][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.485000][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.493057][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.501058][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.515386][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.523600][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.566725][ T324] loop0: detected capacity change from 0 to 256 [ 21.578410][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.587213][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.604174][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.617386][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.626015][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.634254][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.689898][ T328] loop4: detected capacity change from 0 to 16 [ 21.719650][ T328] erofs: Unknown parameter 'ÿÿÿÿÿÿÿÿÿ18446744073709551615ÿâÓÞün§ÙÖõ&×*4c •NªÊ3iVEè»lö»?†˜¡¨lѾéνŸB¸š^š'•¥÷‡×ƒjuÂL¶¢]÷®äCíJô(©¨¸¹§Hyt ÏpdNG·°nÁ+'X [ 21.719650][ T328] ' [ 21.738842][ T336] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=336 comm=syz.0.7 [ 21.755276][ T337] process 'syz.3.4' launched './file0' with NULL argv: empty string added [ 21.855408][ T342] loop1: detected capacity change from 0 to 512 [ 21.876472][ T352] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.910634][ T342] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 21.925975][ T342] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 21.976026][ T342] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 21.984580][ T364] loop4: detected capacity change from 0 to 512 [ 21.984671][ T342] System zones: 1-12 [ 21.997011][ T342] EXT4-fs (loop1): 1 truncate cleaned up [ 21.997885][ T366] loop2: detected capacity change from 0 to 128 [ 22.003078][ T342] EXT4-fs (loop1): mounted filesystem without journal. Opts: nolazytime,init_itable=0x0000000000000006,debug,lazytime,nombcache,noload,,errors=continue. Quota mode: none. [ 22.033356][ T364] EXT4-fs (loop4): filesystem is read-only [ 22.106087][ T364] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=95 sclass=netlink_route_socket pid=364 comm=syz.4.18 [ 22.240861][ T293] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 22.351637][ T379] loop1: detected capacity change from 0 to 40427 [ 22.402730][ T379] F2FS-fs (loop1): fault_injection options not supported [ 22.410747][ T379] F2FS-fs (loop1): invalid crc value [ 22.416441][ T390] loop2: detected capacity change from 0 to 40427 [ 22.420599][ T379] F2FS-fs (loop1): Found nat_bits in checkpoint [ 22.444463][ T379] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 22.460386][ T379] F2FS-fs (loop1): access invalid blkaddr:2816 [ 22.466361][ T379] CPU: 1 PID: 379 Comm: syz.1.27 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 [ 22.469432][ T390] ======================================================= [ 22.469432][ T390] WARNING: The mand mount option has been deprecated and [ 22.469432][ T390] and is ignored by this kernel. Remove the mand [ 22.469432][ T390] option from the mount to silence this warning. [ 22.469432][ T390] ======================================================= [ 22.476067][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 22.476080][ T379] Call Trace: [ 22.476097][ T379] [ 22.519404][ T395] F2FS-fs (loop1): Found FS corruption, run fsck to fix. [ 22.520682][ T379] dump_stack_lvl+0x151/0x1c0 [ 22.537954][ T379] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.543416][ T379] ? arch_stack_walk+0xf3/0x140 [ 22.548106][ T379] dump_stack+0x15/0x20 [ 22.552097][ T379] f2fs_is_valid_blkaddr+0xcc3/0x12d0 [ 22.557392][ T379] f2fs_map_blocks+0x1622/0x3ab0 [ 22.562166][ T379] ? __stack_depot_save+0x34/0x470 [ 22.567206][ T379] ? f2fs_do_map_lock+0x70/0x70 [ 22.571886][ T379] ? debug_smp_processor_id+0x17/0x20 [ 22.577095][ T379] ? try_charge_memcg+0x213/0x1550 [ 22.582043][ T379] f2fs_mpage_readpages+0xc9a/0x21a0 [ 22.587164][ T379] ? dquot_release_reservation_block+0xa0/0xa0 [ 22.593156][ T379] ? workingset_activation+0x3f0/0x3f0 [ 22.598536][ T379] f2fs_readahead+0xfd/0x250 [ 22.602966][ T379] ? blk_start_plug+0x5a/0x170 [ 22.607560][ T379] read_pages+0x15e/0xb00 [ 22.611725][ T379] ? lru_cache_add+0x279/0x540 [ 22.616333][ T379] ? page_cache_ra_unbounded+0x920/0x920 [ 22.621796][ T379] ? add_to_page_cache_lru+0x225/0x2c0 [ 22.627091][ T379] ? add_to_page_cache_locked+0x40/0x40 [ 22.632478][ T379] page_cache_ra_unbounded+0x6cb/0x920 [ 22.637771][ T379] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 22.644106][ T379] ondemand_readahead+0x9c8/0xfa0 [ 22.648980][ T379] ? kasan_set_free_info+0x23/0x40 [ 22.653913][ T379] ? ____kasan_slab_free+0x126/0x160 [ 22.659050][ T379] ? __kasan_slab_free+0x11/0x20 [ 22.663802][ T379] ? putname+0xfa/0x150 [ 22.667797][ T379] ? page_cache_sync_ra+0x4d0/0x4d0 [ 22.672830][ T379] page_cache_sync_ra+0x2e9/0x4d0 [ 22.677692][ T379] ? force_page_cache_ra+0x420/0x420 [ 22.682831][ T379] f2fs_readdir+0x52d/0xba0 [ 22.687154][ T379] ? f2fs_fill_dentries+0xd60/0xd60 [ 22.692186][ T379] ? avc_policy_seqno+0x1b/0x70 [ 22.696871][ T379] ? __kasan_check_read+0x11/0x20 [ 22.701731][ T379] ? security_file_permission+0x86/0xb0 [ 22.707115][ T379] iterate_dir+0x265/0x600 [ 22.711367][ T379] ? f2fs_fill_dentries+0xd60/0xd60 [ 22.716401][ T379] __se_sys_getdents64+0x1c1/0x460 [ 22.721357][ T379] ? __x64_sys_getdents64+0x90/0x90 [ 22.726384][ T379] ? filldir+0x680/0x680 [ 22.730468][ T379] ? __kasan_check_write+0x14/0x20 [ 22.735406][ T379] ? switch_fpu_return+0x15f/0x2e0 [ 22.740361][ T379] __x64_sys_getdents64+0x7b/0x90 [ 22.745391][ T379] x64_sys_call+0x5ae/0x9a0 [ 22.749727][ T379] do_syscall_64+0x3b/0xb0 [ 22.753982][ T379] ? clear_bhb_loop+0x35/0x90 [ 22.758494][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 22.764226][ T379] RIP: 0033:0x7f4f64c84719 [ 22.768475][ T379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 22.787919][ T379] RSP: 002b:00007f4f638fd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 22.796167][ T379] RAX: ffffffffffffffda RBX: 00007f4f64e3bf80 RCX: 00007f4f64c84719 [ 22.803975][ T379] RDX: 0000000000000022 RSI: 0000000000000000 RDI: 0000000000000004 [ 22.811789][ T379] RBP: 00007f4f64cf732e R08: 0000000000000000 R09: 0000000000000000 [ 22.819600][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 22.827410][ T379] R13: 0000000000000000 R14: 00007f4f64e3bf80 R15: 00007ffcd0d2a298 [ 22.835225][ T379] [ 22.845163][ T379] F2FS-fs (loop1): access invalid blkaddr:2816 [ 22.853061][ T379] CPU: 0 PID: 379 Comm: syz.1.27 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 [ 22.862774][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 22.872666][ T379] Call Trace: [ 22.875786][ T379] [ 22.878565][ T379] dump_stack_lvl+0x151/0x1c0 [ 22.883078][ T379] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.888548][ T379] dump_stack+0x15/0x20 [ 22.892536][ T379] f2fs_is_valid_blkaddr+0xcc3/0x12d0 [ 22.897745][ T379] f2fs_map_blocks+0x1622/0x3ab0 [ 22.902519][ T379] ? __stack_depot_save+0x34/0x470 [ 22.907472][ T379] ? f2fs_do_map_lock+0x70/0x70 [ 22.912160][ T379] f2fs_mpage_readpages+0xc9a/0x21a0 [ 22.917278][ T379] ? dquot_release_reservation_block+0xa0/0xa0 [ 22.923262][ T379] ? workingset_activation+0x3f0/0x3f0 [ 22.928563][ T379] f2fs_readahead+0xfd/0x250 [ 22.932983][ T379] ? blk_start_plug+0x5a/0x170 [ 22.937584][ T379] read_pages+0x15e/0xb00 [ 22.941750][ T379] ? lru_cache_add+0x279/0x540 [ 22.946352][ T379] ? page_cache_ra_unbounded+0x920/0x920 [ 22.951818][ T379] ? add_to_page_cache_lru+0x225/0x2c0 [ 22.957112][ T379] ? add_to_page_cache_locked+0x40/0x40 [ 22.962496][ T379] page_cache_ra_unbounded+0x6cb/0x920 [ 22.967794][ T379] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 22.974126][ T379] ondemand_readahead+0x9c8/0xfa0 [ 22.978984][ T379] ? kasan_set_free_info+0x23/0x40 [ 22.983932][ T379] ? ____kasan_slab_free+0x126/0x160 [ 22.989052][ T379] ? __kasan_slab_free+0x11/0x20 [ 22.993827][ T379] ? putname+0xfa/0x150 [ 22.997818][ T379] ? page_cache_sync_ra+0x4d0/0x4d0 [ 23.002856][ T379] page_cache_sync_ra+0x2e9/0x4d0 [ 23.007717][ T379] ? force_page_cache_ra+0x420/0x420 [ 23.012836][ T379] f2fs_readdir+0x52d/0xba0 [ 23.017177][ T379] ? f2fs_fill_dentries+0xd60/0xd60 [ 23.022208][ T379] ? avc_policy_seqno+0x1b/0x70 [ 23.026896][ T379] ? __kasan_check_read+0x11/0x20 [ 23.031756][ T379] ? security_file_permission+0x86/0xb0 [ 23.037137][ T379] iterate_dir+0x265/0x600 [ 23.041478][ T379] ? f2fs_fill_dentries+0xd60/0xd60 [ 23.046511][ T379] __se_sys_getdents64+0x1c1/0x460 [ 23.051461][ T379] ? __x64_sys_getdents64+0x90/0x90 [ 23.056490][ T379] ? filldir+0x680/0x680 [ 23.060572][ T379] ? __kasan_check_write+0x14/0x20 [ 23.065521][ T379] ? switch_fpu_return+0x15f/0x2e0 [ 23.070468][ T379] __x64_sys_getdents64+0x7b/0x90 [ 23.075331][ T379] x64_sys_call+0x5ae/0x9a0 [ 23.079665][ T379] do_syscall_64+0x3b/0xb0 [ 23.083917][ T379] ? clear_bhb_loop+0x35/0x90 [ 23.088435][ T379] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 23.094247][ T379] RIP: 0033:0x7f4f64c84719 [ 23.098501][ T379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 23.117941][ T379] RSP: 002b:00007f4f638fd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 23.126188][ T379] RAX: ffffffffffffffda RBX: 00007f4f64e3bf80 RCX: 00007f4f64c84719 [ 23.133998][ T379] RDX: 0000000000000022 RSI: 0000000000000000 RDI: 0000000000000004 [ 23.141815][ T379] RBP: 00007f4f64cf732e R08: 0000000000000000 R09: 0000000000000000 [ 23.149622][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 23.157433][ T379] R13: 0000000000000000 R14: 00007f4f64e3bf80 R15: 00007ffcd0d2a298 [ 23.165248][ T379] [ 23.180516][ T379] attempt to access beyond end of device [ 23.180516][ T379] loop1: rw=0, want=45072, limit=40427 [ 23.192824][ T390] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 23.201731][ T401] 9pnet_virtio: no channels available for device syz [ 23.210267][ T390] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 23.220579][ T288] attempt to access beyond end of device [ 23.220579][ T288] loop1: rw=2049, want=45104, limit=40427 [ 23.234361][ T390] F2FS-fs (loop2): invalid crc value [ 23.260367][ T399] syz.0.33 (399) used greatest stack depth: 21184 bytes left [ 23.269016][ T390] F2FS-fs (loop2): Found nat_bits in checkpoint [ 23.275262][ T293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 23.289202][ T293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 23.299090][ T293] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 23.312685][ T411] loop0: detected capacity change from 0 to 256 [ 23.319213][ T293] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.335757][ T293] usb 4-1: config 0 descriptor?? [ 23.362937][ T390] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 23.369862][ T390] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 23.380531][ T411] exfat: Deprecated parameter 'namecase' [ 23.402353][ T411] exfat: Deprecated parameter 'utf8' [ 23.407490][ T411] exfat: Deprecated parameter 'namecase' [ 23.431531][ T411] exfat: Deprecated parameter 'utf8' [ 23.444025][ T411] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 23.581183][ T435] binfmt_misc: register: failed to install interpreter file ./file0 [ 23.673937][ T447] loop2: detected capacity change from 0 to 256 [ 23.687789][ T449] loop4: detected capacity change from 0 to 512 [ 23.709489][ T447] exfat: Deprecated parameter 'utf8' [ 23.721314][ T449] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.53: bg 0: block 393: padding at end of block bitmap is not set [ 23.744877][ T447] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x967df478, utbl_chksum : 0xe619d30d) [ 23.757014][ T449] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 23.770155][ T449] EXT4-fs (loop4): 2 truncates cleaned up [ 23.775738][ T449] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 23.796192][ T30] kauditd_printk_skb: 131 callbacks suppressed [ 23.796206][ T30] audit: type=1326 audit(1730481567.174:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=456 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3971e8719 code=0x7ffc0000 [ 23.825097][ T30] audit: type=1326 audit(1730481567.174:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=456 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3971e8719 code=0x7ffc0000 [ 23.847937][ T30] audit: type=1326 audit(1730481567.174:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=456 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7fd3971e8719 code=0x7ffc0000 [ 23.880259][ T30] audit: type=1326 audit(1730481567.174:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=456 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3971e8719 code=0x7ffc0000 [ 23.914244][ T30] audit: type=1326 audit(1730481567.174:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=456 comm="syz.0.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3971e8719 code=0x7ffc0000 [ 23.950024][ T293] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 23.960308][ T30] audit: type=1400 audit(1730481567.284:212): avc: denied { append } for pid=448 comm="syz.4.53" path="/15/file0/blkio.bfq.io_queued_recursive" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.975457][ T293] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0001/input/input4 [ 24.013438][ T30] audit: type=1400 audit(1730481567.324:213): avc: denied { create } for pid=458 comm="syz.0.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.039661][ T30] audit: type=1400 audit(1730481567.324:214): avc: denied { read } for pid=458 comm="syz.0.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.059747][ T30] audit: type=1400 audit(1730481567.394:215): avc: denied { read write } for pid=465 comm="syz.4.59" name="fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 24.093625][ T293] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 24.110238][ T30] audit: type=1400 audit(1730481567.394:216): avc: denied { open } for pid=465 comm="syz.4.59" path="/dev/fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 24.158815][ T453] loop1: detected capacity change from 0 to 40427 [ 24.178249][ T471] loop4: detected capacity change from 0 to 256 [ 24.194834][ T293] usb 4-1: USB disconnect, device number 2 [ 24.214703][ T453] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 24.222656][ T453] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 24.231815][ T453] F2FS-fs (loop1): invalid crc value [ 24.238101][ T453] F2FS-fs (loop1): Found nat_bits in checkpoint [ 24.263838][ T453] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 24.270864][ T453] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 24.297385][ T453] attempt to access beyond end of device [ 24.297385][ T453] loop1: rw=2049, want=45104, limit=40427 [ 24.299244][ T63] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.310045][ T453] attempt to access beyond end of device [ 24.310045][ T453] loop1: rw=2049, want=45112, limit=40427 [ 24.315777][ T20] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 24.346091][ T288] attempt to access beyond end of device [ 24.346091][ T288] loop1: rw=2051, want=45112, limit=40427 [ 24.357250][ T288] F2FS-fs (loop1): Issue discard(5637, 5637, 2) failed, ret: -5 [ 24.446086][ T484] loop1: detected capacity change from 0 to 512 [ 24.540810][ T484] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 24.551668][ T484] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038 (0x7fffffff) [ 24.559262][ T312] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 24.667343][ T493] loop1: detected capacity change from 0 to 128 [ 24.689266][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.700068][ T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.711419][ T493] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 24.720084][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.729904][ T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.730717][ T493] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000002,discard,,errors=continue. Quota mode: none. [ 24.739593][ T20] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 24.753659][ T493] ext2 filesystem being mounted at /17/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 24.762752][ T63] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 24.808150][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.818134][ T63] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.826236][ T20] usb 3-1: config 0 descriptor?? [ 24.833261][ T63] usb 1-1: config 0 descriptor?? [ 24.880101][ T507] loop3: detected capacity change from 0 to 2048 [ 24.960543][ T507] EXT4-fs error (device loop3): ext4_fill_super:4831: inode #2: comm syz.3.74: casefold flag without casefold feature [ 24.972958][ T507] EXT4-fs (loop3): get root inode failed [ 24.978410][ T507] EXT4-fs (loop3): mount failed [ 24.983325][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.994237][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.003826][ T312] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 25.016834][ T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.023889][ T514] loop1: detected capacity change from 0 to 2048 [ 25.027226][ T312] usb 5-1: config 0 descriptor?? [ 25.090396][ T514] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 25.105898][ T513] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.120877][ T513] EXT4-fs (loop1): Remounting filesystem read-only [ 25.310304][ T20] uclogic 0003:5543:0781.0002: item fetching failed at offset 5/7 [ 25.321036][ T63] input: HID 054c:03d5 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:03D5.0003/input/input5 [ 25.332350][ T20] uclogic 0003:5543:0781.0002: parse failed [ 25.338085][ T20] uclogic: probe of 0003:5543:0781.0002 failed with error -22 [ 25.346389][ T63] sony 0003:054C:03D5.0003: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.0-1/input0 [ 25.439294][ T319] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 25.459215][ T293] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.543811][ T26] usb 3-1: USB disconnect, device number 2 [ 25.550861][ T63] usb 1-1: USB disconnect, device number 2 [ 25.689177][ T319] usb 4-1: Using ep0 maxpacket: 16 [ 25.719173][ T293] usb 2-1: Using ep0 maxpacket: 16 [ 25.839428][ T293] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 25.847251][ T293] usb 2-1: config 0 has no interface number 0 [ 25.853197][ T293] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 25.862711][ T293] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 25.949269][ T312] hid-led: probe of 0003:27B8:01ED.0004 failed with error -71 [ 25.957711][ T312] usb 5-1: USB disconnect, device number 2 [ 25.999869][ T319] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 26.008836][ T293] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 26.017615][ T319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.025550][ T293] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 26.033454][ T319] usb 4-1: Product: syz [ 26.037369][ T319] usb 4-1: Manufacturer: syz [ 26.041785][ T319] usb 4-1: SerialNumber: syz [ 26.046387][ T293] usb 2-1: Product: syz [ 26.050387][ T293] usb 2-1: SerialNumber: syz [ 26.055145][ T319] usb 4-1: config 0 descriptor?? [ 26.060131][ T293] usb 2-1: config 0 descriptor?? [ 26.099992][ T319] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 26.110159][ T319] usb 4-1: Detected FT232H [ 26.142930][ T545] loop0: detected capacity change from 0 to 512 [ 26.210582][ T545] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.221437][ T545] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038 (0x7fffffff) [ 26.309242][ T319] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 26.330057][ T293] snd-usb-audio: probe of 2-1:0.2 failed with error -12 [ 26.338221][ T293] usb 2-1: USB disconnect, device number 2 [ 26.349183][ T20] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 26.520547][ T561] loop0: detected capacity change from 0 to 40427 [ 26.569347][ T319] ftdi_sio 4-1:0.0: GPIO initialisation failed: -5 [ 26.579960][ T319] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 26.587778][ T561] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 26.589166][ T20] usb 3-1: Using ep0 maxpacket: 8 [ 26.595502][ T561] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.602647][ T563] loop4: detected capacity change from 0 to 40427 [ 26.616312][ T561] F2FS-fs (loop0): Found nat_bits in checkpoint [ 26.637865][ T561] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 26.644910][ T561] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 26.647864][ T563] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 26.667923][ T563] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 26.678467][ T563] F2FS-fs (loop4): Found nat_bits in checkpoint [ 26.691409][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.691427][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.699442][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.707013][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.714721][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.715341][ T563] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 26.722515][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.730255][ T563] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 26.736380][ T20] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 26.759264][ T291] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 26.772854][ T63] usb 4-1: USB disconnect, device number 3 [ 26.788629][ T63] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 26.798642][ T63] ftdi_sio 4-1:0.0: device disconnected [ 26.800508][ T289] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 26.804004][ T289] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 26.812108][ T289] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 26.839276][ T20] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 26.855696][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 26.864048][ T20] usb 3-1: SerialNumber: syz [ 26.872450][ T20] usb 3-1: config 0 descriptor?? [ 26.910256][ T20] usb 3-1: Found UVC 0.00 device (05ac:8501) [ 26.911297][ T577] loop1: detected capacity change from 0 to 2048 [ 26.937270][ T20] uvcvideo 3-1:0.0: Entity type for entity Output 255 was not initialized! [ 26.945906][ T20] usb 3-1: Failed to create links for entity 255 [ 26.952459][ T20] usb 3-1: Failed to register entities (-22). [ 26.989842][ T577] EXT4-fs (loop1): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none. [ 27.063306][ T577] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.136627][ T63] usb 3-1: USB disconnect, device number 3 [ 27.193579][ T602] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.200623][ T602] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.211264][ T602] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.218121][ T602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.225244][ T602] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.232016][ T602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.239570][ T602] device bridge0 entered promiscuous mode [ 27.315408][ T597] loop0: detected capacity change from 0 to 40427 [ 27.340090][ T597] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 27.352007][ T597] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 27.355409][ T613] loop1: detected capacity change from 0 to 512 [ 27.370421][ T597] F2FS-fs (loop0): Found nat_bits in checkpoint [ 27.397926][ T619] syz.3.115[619] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.397995][ T619] syz.3.115[619] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.412985][ T613] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 27.452083][ T613] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2815: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 27.465870][ T613] EXT4-fs (loop1): 1 truncate cleaned up [ 27.466005][ T597] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 27.471948][ T613] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,sysvgroups,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 27.481426][ T597] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 27.582405][ T635] loop1: detected capacity change from 0 to 2048 [ 27.615113][ T637] loop0: detected capacity change from 0 to 512 [ 27.650664][ T635] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 27.669656][ T637] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.120: casefold flag without casefold feature [ 27.700013][ T637] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.120: couldn't read orphan inode 15 (err -117) [ 27.705639][ T646] loop2: detected capacity change from 0 to 128 [ 27.719217][ T637] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.779332][ T63] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 27.801249][ T646] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 27.819280][ T646] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038 (0x7fffffff) [ 27.830714][ T651] loop1: detected capacity change from 0 to 2048 [ 27.838773][ T646] syz.2.125 (pid 646) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 27.850567][ T651] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 27.880381][ T651] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 27.897770][ T657] syz.2.129[657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.902579][ T657] syz.2.129[657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.968232][ T663] loop1: detected capacity change from 0 to 256 [ 28.061876][ T663] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 28.127074][ T665] loop1: detected capacity change from 0 to 1024 [ 28.129183][ T293] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 28.169323][ T63] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 28.179511][ T63] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 28.190323][ T63] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 28.200564][ T665] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 28.200894][ T63] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 28.222892][ T319] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 28.238370][ T63] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 28.251429][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.267383][ T665] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 28.299941][ T63] usb 5-1: invalid MIDI out EP 0 [ 28.305085][ T63] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 28.399216][ T293] usb 1-1: Using ep0 maxpacket: 32 [ 28.424903][ T675] loop3: detected capacity change from 0 to 512 [ 28.499229][ T319] usb 3-1: Using ep0 maxpacket: 16 [ 28.519274][ T293] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.530403][ T675] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 28.538172][ T675] System zones: [ 28.538178][ T63] usb 5-1: USB disconnect, device number 3 [ 28.538183][ T675] 1-12 [ 28.538678][ T675] EXT4-fs (loop3): orphan cleanup on readonly fs [ 28.555928][ T293] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.565451][ T293] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 28.565817][ T675] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.136: bg 0: block 328: padding at end of block bitmap is not set [ 28.574347][ T293] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.575125][ T293] usb 1-1: config 0 descriptor?? [ 28.588582][ T675] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 28.599230][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 28.610018][ T675] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.136: invalid indirect mapped block 65280 (level 0) [ 28.629371][ T319] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.630467][ T675] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.136: attempt to clear invalid blocks 33619980 len 1 [ 28.641051][ T319] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 28.654171][ T675] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.136: invalid indirect mapped block 1819239214 (level 0) [ 28.667167][ T293] hub 1-1:0.0: USB hub found [ 28.680351][ T675] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.136: invalid indirect mapped block 1819239214 (level 1) [ 28.687928][ T319] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 28.698554][ T675] EXT4-fs (loop3): 1 orphan inode deleted [ 28.707165][ T319] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.712627][ T675] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.723747][ T319] usb 3-1: config 0 descriptor?? [ 28.864634][ T30] kauditd_printk_skb: 76 callbacks suppressed [ 28.864648][ T30] audit: type=1326 audit(1730481572.244:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 28.896473][ T30] audit: type=1326 audit(1730481572.244:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 28.919983][ T30] audit: type=1326 audit(1730481572.244:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 28.943122][ T30] audit: type=1326 audit(1730481572.244:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 28.972205][ T30] audit: type=1326 audit(1730481572.244:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 28.979946][ T293] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 29.003887][ T30] audit: type=1326 audit(1730481572.244:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 29.027345][ T30] audit: type=1326 audit(1730481572.244:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 29.050664][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.050902][ T30] audit: type=1326 audit(1730481572.244:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 29.050925][ T30] audit: type=1326 audit(1730481572.274:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 29.094242][ T688] loop4: detected capacity change from 0 to 2048 [ 29.107988][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.123793][ T39] usb 2-1: New USB device found, idVendor=6666, idProduct=8801, bcdDevice= 0.00 [ 29.134084][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.142612][ T39] usb 2-1: config 0 descriptor?? [ 29.170853][ T688] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 29.192970][ T687] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.209964][ T687] EXT4-fs (loop4): Remounting filesystem read-only [ 29.220263][ T30] audit: type=1326 audit(1730481572.604:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=689 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f01a88719 code=0x7ffc0000 [ 29.226187][ T319] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0005/input/input6 [ 29.288809][ T696] loop3: detected capacity change from 0 to 512 [ 29.304020][ T700] loop4: detected capacity change from 0 to 1024 [ 29.310324][ T293] usbhid 1-1:0.0: can't add hid device: -71 [ 29.316079][ T293] usbhid: probe of 1-1:0.0 failed with error -71 [ 29.330409][ T319] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 29.330921][ T696] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.351414][ T293] usb 1-1: USB disconnect, device number 3 [ 29.358923][ T696] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038 (0x7fffffff) [ 29.382218][ T700] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 29.413732][ T700] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 29.620038][ T39] smartjoyplus 0003:6666:8801.0006: unknown main item tag 0x0 [ 29.627474][ T39] smartjoyplus 0003:6666:8801.0006: ignoring exceeding usage max [ 29.636298][ T39] smartjoyplus 0003:6666:8801.0006: usage index exceeded [ 29.643399][ T39] smartjoyplus 0003:6666:8801.0006: item 0 0 2 0 parsing failed [ 29.651146][ T39] smartjoyplus 0003:6666:8801.0006: parse failed [ 29.657399][ T39] smartjoyplus: probe of 0003:6666:8801.0006 failed with error -22 [ 29.682981][ T39] usb 3-1: USB disconnect, device number 4 [ 29.789154][ T63] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 29.845705][ T706] loop3: detected capacity change from 0 to 131072 [ 29.852529][ T312] usb 2-1: USB disconnect, device number 3 [ 29.920788][ T706] F2FS-fs (loop3): invalid crc value [ 29.927948][ T706] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 29.947728][ T706] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 30.169389][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.180088][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.189642][ T63] usb 5-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 30.205800][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.216395][ T63] usb 5-1: config 0 descriptor?? [ 30.283983][ T737] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 30.315507][ T741] loop0: detected capacity change from 0 to 512 [ 30.379606][ T741] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 30.393900][ T741] EXT4-fs (loop0): 1 truncate cleaned up [ 30.399848][ T741] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 30.421859][ T746] loop1: detected capacity change from 0 to 512 [ 30.480789][ T746] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 30.500308][ T746] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #3: comm +}[@: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 48834(4), depth 0(0) [ 30.517462][ T746] EXT4-fs error (device loop1): ext4_quota_enable:6381: comm +}[@: Bad quota inode: 3, type: 0 [ 30.527660][ T20] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 30.528072][ T746] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 30.534971][ T312] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 30.557754][ T291] syz-executor (291) used greatest stack depth: 20688 bytes left [ 30.566812][ T746] EXT4-fs (loop1): mount failed [ 30.628833][ T753] capability: warning: `syz.1.167' uses deprecated v2 capabilities in a way that may be insecure [ 30.649803][ T750] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.655279][ T757] loop1: detected capacity change from 0 to 512 [ 30.656655][ T750] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.672127][ T750] device bridge_slave_0 entered promiscuous mode [ 30.680099][ T757] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 30.687837][ T757] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 30.687941][ T750] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.696081][ T757] System zones: 0-1, 15-15, 18-18, 34-34 [ 30.707951][ T750] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.715353][ T750] device bridge_slave_1 entered promiscuous mode [ 30.719702][ T757] EXT4-fs (loop1): orphan cleanup on readonly fs [ 30.727798][ T757] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 30.742502][ T757] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 30.749334][ T757] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz.1.168: bad orphan inode 16 [ 30.760465][ T63] cypress 0003:04B4:07B1.0007: unknown main item tag 0x6 [ 30.763307][ T757] ext4_test_bit(bit=15, block=18) = 1 [ 30.768484][ T63] cypress 0003:04B4:07B1.0007: item fetching failed at offset 4/5 [ 30.773087][ T757] is_bad_inode(inode)=0 [ 30.780488][ T20] usb 3-1: Using ep0 maxpacket: 16 [ 30.784337][ T757] NEXT_ORPHAN(inode)=0 [ 30.789244][ T312] usb 4-1: Using ep0 maxpacket: 16 [ 30.793128][ T757] max_ino=32 [ 30.801246][ T757] i_nlink=2 [ 30.802499][ T63] cypress 0003:04B4:07B1.0007: parse failed [ 30.804205][ T757] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 30.810408][ T63] cypress: probe of 0003:04B4:07B1.0007 failed with error -22 [ 30.835329][ T757] xt_hashlimit: size too large, truncated to 1048576 [ 30.880802][ T750] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.887658][ T750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.894804][ T750] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.901656][ T750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.919370][ T20] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.938324][ T20] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 30.951256][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.952391][ T20] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 30.971223][ T20] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 30.980631][ T311] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.981046][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.995577][ T311] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.008884][ T6] usb 5-1: USB disconnect, device number 4 [ 31.018962][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.019211][ T730] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 31.033985][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.040856][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.061129][ T20] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 31.071203][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.080069][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.086938][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.089284][ T312] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 31.094419][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.105304][ T312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.111739][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.118672][ T312] usb 4-1: Product: syz [ 31.130184][ T312] usb 4-1: Manufacturer: syz [ 31.135052][ T8] device bridge_slave_1 left promiscuous mode [ 31.140976][ T312] usb 4-1: SerialNumber: syz [ 31.141294][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.148187][ T312] r8152-cfgselector 4-1: config 0 descriptor?? [ 31.158402][ T8] device bridge_slave_0 left promiscuous mode [ 31.164545][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.173827][ T8] device veth1_macvtap left promiscuous mode [ 31.179807][ T8] device veth0_vlan left promiscuous mode [ 31.221984][ T765] loop1: detected capacity change from 0 to 1024 [ 31.237894][ T765] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 31.271507][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.286772][ T750] device veth0_vlan entered promiscuous mode [ 31.292899][ T20] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 31.301275][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.307774][ T20] usb 3-1: USB disconnect, device number 5 [ 31.309386][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.324409][ T769] gretap0: refused to change device tx_queue_len [ 31.330897][ T769] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 31.347900][ T750] device veth1_macvtap entered promiscuous mode [ 31.355031][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.363817][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.373876][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.382321][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.399510][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.407557][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.550845][ T777] loop5: detected capacity change from 0 to 40427 [ 31.619594][ T777] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 31.627234][ T777] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 31.635239][ T312] r8152-cfgselector 4-1: Unknown version 0x0000 [ 31.636430][ T777] F2FS-fs (loop5): invalid crc value [ 31.641380][ T312] r8152-cfgselector 4-1: bad CDC descriptors [ 31.646530][ T39] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 31.661249][ T777] F2FS-fs (loop5): Found nat_bits in checkpoint [ 31.669307][ T312] r8152-cfgselector 4-1: Unknown version 0x0000 [ 31.677732][ T312] r8152-cfgselector 4-1: USB disconnect, device number 4 [ 31.693404][ T777] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 31.700300][ T777] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 31.723276][ T777] attempt to access beyond end of device [ 31.723276][ T777] loop5: rw=2049, want=45104, limit=40427 [ 31.754484][ T750] attempt to access beyond end of device [ 31.754484][ T750] loop5: rw=2051, want=45104, limit=40427 [ 31.765771][ T750] F2FS-fs (loop5): Issue discard(5637, 5637, 1) failed, ret: -5 [ 31.809229][ T293] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 31.946820][ T792] syz.5.178 (792) used greatest stack depth: 20208 bytes left [ 32.001628][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.008944][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.016087][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.023463][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.030692][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.038023][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.045241][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.049221][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.052617][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.070595][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.073265][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.078044][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.078065][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.102218][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.102997][ T39] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 32.109436][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.109457][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.124998][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.125693][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.148495][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.148661][ T39] usb 2-1: config 0 descriptor?? [ 32.155719][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.155739][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.155756][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.186700][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.195057][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.202329][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.209210][ T293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.209716][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.227692][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.230804][ T293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.235161][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.251871][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.259058][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.264923][ T293] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 32.266423][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.285306][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.292565][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.294829][ T293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.299970][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.322983][ T293] usb 5-1: config 0 descriptor?? [ 32.325075][ T312] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 32.344146][ T312] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 32.450706][ T808] loop2: detected capacity change from 0 to 128 [ 32.490385][ T808] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 32.549070][ T810] loop2: detected capacity change from 0 to 512 [ 32.619196][ T312] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 32.639806][ T20] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 32.648314][ T810] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 32.670932][ T810] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz.2.186: iget: bad i_size value: -6917529027641081756 [ 32.684047][ T810] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.186: couldn't read orphan inode 17 (err -117) [ 32.696081][ T810] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 32.802704][ T293] input: HID 054c:03d5 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:054C:03D5.000A/input/input7 [ 32.815242][ T293] sony 0003:054C:03D5.000A: input,hidraw1: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.4-1/input0 [ 32.979237][ T312] usb 6-1: config 0 has no interfaces? [ 32.984560][ T312] usb 6-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 32.993419][ T312] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.001293][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 33.012147][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 33.018959][ T293] usb 5-1: USB disconnect, device number 5 [ 33.021882][ T312] usb 6-1: config 0 descriptor?? [ 33.032066][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 33.042832][ T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 33.050168][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 33.099369][ T39] hid-led: probe of 0003:27B8:01ED.0009 failed with error -71 [ 33.109442][ T39] usb 2-1: USB disconnect, device number 4 [ 33.219204][ T20] usb 4-1: New USB device found, idVendor=0738, idProduct=a2c5, bcdDevice=1e.ce [ 33.228115][ T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.235896][ T20] usb 4-1: Product: syz [ 33.239905][ T20] usb 4-1: Manufacturer: syz [ 33.244284][ T20] usb 4-1: SerialNumber: syz [ 33.249549][ T20] usb 4-1: config 0 descriptor?? [ 33.274852][ T312] usb 6-1: USB disconnect, device number 2 [ 33.290154][ T20] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 33.299867][ T6] usb 3-1: Using ep0 maxpacket: 32 [ 33.305151][ T20] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8 [ 33.419192][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.429986][ T6] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 33.438803][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.447565][ T6] usb 3-1: config 0 descriptor?? [ 33.493482][ T6] hub 3-1:0.0: USB hub found [ 33.498069][ T312] usb 4-1: USB disconnect, device number 5 [ 33.504015][ T312] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 33.696553][ T828] loop1: detected capacity change from 0 to 40427 [ 33.709238][ T6] hub 3-1:0.0: 2 ports detected [ 33.749576][ T828] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 33.757174][ T828] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 33.767311][ T828] F2FS-fs (loop1): Found nat_bits in checkpoint [ 33.795843][ T828] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 33.802743][ T828] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 33.852533][ T288] f2fs_fill_dentries: 4 callbacks suppressed [ 33.852548][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.858560][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.866220][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.873888][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.881443][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.890332][ T293] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 33.905136][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.905153][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 33.930841][ T30] kauditd_printk_skb: 86 callbacks suppressed [ 33.930855][ T30] audit: type=1400 audit(1730481577.314:388): avc: denied { rmdir } for pid=288 comm="syz-executor" name="work" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 33.968179][ T30] audit: type=1400 audit(1730481577.344:389): avc: denied { remove_name } for pid=288 comm="syz-executor" name="file0" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 34.051127][ T844] loop3: detected capacity change from 0 to 2048 [ 34.109847][ T844] loop3: p1 < > p4 < > [ 34.116133][ T846] loop1: detected capacity change from 0 to 2048 [ 34.171007][ T846] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,norecovery,data_err=abort,noblock_validity,,errors=continue. Quota mode: writeback. [ 34.179179][ T293] usb 5-1: Using ep0 maxpacket: 32 [ 34.189312][ T6] hub 3-1:0.0: set hub depth failed [ 34.200169][ T846] EXT4-fs error (device loop1): ext4_find_extent:929: inode #2: comm syz.1.198: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 34.204517][ T101] loop3: p1 < > p4 < > [ 34.240388][ T6] usb 3-1: USB disconnect, device number 6 [ 34.252139][ T333] udevd[333]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 34.262624][ T315] udevd[315]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 34.289257][ T30] audit: type=1400 audit(1730481577.664:390): avc: denied { execmem } for pid=853 comm="syz.1.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 34.300771][ T315] udevd[315]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 34.340584][ T333] udevd[333]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 34.349247][ T293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.369178][ T293] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 34.380677][ T293] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 34.393811][ T293] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 34.418640][ T293] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.427339][ T293] usb 5-1: config 0 descriptor?? [ 34.473102][ T30] audit: type=1400 audit(1730481577.854:391): avc: denied { create } for pid=866 comm="syz.1.205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 34.492341][ T30] audit: type=1400 audit(1730481577.854:392): avc: denied { setopt } for pid=866 comm="syz.1.205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 34.521272][ T30] audit: type=1326 audit(1730481577.904:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=868 comm="syz.1.206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f64c84719 code=0x0 [ 34.579366][ T30] audit: type=1326 audit(1730481577.954:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=870 comm="syz.1.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64c84719 code=0x7ffc0000 [ 34.602408][ T30] audit: type=1326 audit(1730481577.964:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=870 comm="syz.1.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64c84719 code=0x7ffc0000 [ 34.627288][ T30] audit: type=1326 audit(1730481577.964:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=870 comm="syz.1.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4f64c84719 code=0x7ffc0000 [ 34.629244][ T39] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 34.659810][ T30] audit: type=1326 audit(1730481577.964:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=870 comm="syz.1.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f64c84719 code=0x7ffc0000 [ 34.729839][ T6] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 34.772454][ T882] loop2: detected capacity change from 0 to 2048 [ 34.821521][ T882] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,norecovery,data_err=abort,noblock_validity,,errors=continue. Quota mode: writeback. [ 34.840384][ T882] EXT4-fs error (device loop2): ext4_find_extent:929: inode #2: comm syz.2.212: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 34.900092][ T293] ntrig 0003:1B96:000A.000B: unknown main item tag 0xd [ 34.906802][ T293] ntrig 0003:1B96:000A.000B: item fetching failed at offset 3/5 [ 34.914400][ T39] usb 4-1: Using ep0 maxpacket: 32 [ 34.929338][ T293] ntrig 0003:1B96:000A.000B: parse failed [ 34.939393][ T293] ntrig: probe of 0003:1B96:000A.000B failed with error -22 [ 34.949663][ T888] loop1: detected capacity change from 0 to 40427 [ 34.992356][ T888] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 35.000094][ T888] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 35.011720][ T888] F2FS-fs (loop1): Found nat_bits in checkpoint [ 35.049258][ T888] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 35.056190][ T888] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 35.089222][ T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.106117][ T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.118679][ T293] usb 5-1: USB disconnect, device number 6 [ 35.125982][ T6] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 35.136479][ T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.137543][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 35.144876][ T6] usb 6-1: config 0 descriptor?? [ 35.159954][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 35.159971][ T288] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 35.229341][ T39] usb 4-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f [ 35.259221][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.267029][ T39] usb 4-1: Product: syz [ 35.281713][ T39] usb 4-1: Manufacturer: syz [ 35.286141][ T39] usb 4-1: SerialNumber: syz [ 35.302417][ T39] usb 4-1: config 0 descriptor?? [ 35.339612][ T39] ums-onetouch 4-1:0.0: USB Mass Storage device detected [ 35.492242][ T921] input: syz0 as /devices/virtual/input/input9 [ 35.507189][ T315] udevd[315]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory [ 35.570807][ T39] usb 4-1: USB disconnect, device number 6 [ 35.799157][ T293] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 35.877981][ T943] loop2: detected capacity change from 0 to 40427 [ 35.970389][ T943] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 35.977951][ T943] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 35.987062][ T943] F2FS-fs (loop2): invalid crc value [ 35.993505][ T943] F2FS-fs (loop2): Found nat_bits in checkpoint [ 36.015654][ T943] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 36.022605][ T943] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 36.039204][ T293] usb 2-1: Using ep0 maxpacket: 16 [ 36.059212][ T319] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 36.069333][ T6] hid-led: probe of 0003:27B8:01ED.000C failed with error -71 [ 36.080700][ T6] usb 6-1: USB disconnect, device number 3 [ 36.108985][ T953] loop3: detected capacity change from 0 to 512 [ 36.149826][ T953] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 36.149826][ T953] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 36.149826][ T953] [ 36.160645][ T293] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 36.171165][ T953] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 36.178469][ T293] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 36.186732][ T953] EXT4-fs (loop3): 1 truncate cleaned up [ 36.199003][ T293] usb 2-1: config 0 has no interface number 0 [ 36.200538][ T953] EXT4-fs (loop3): mounted filesystem without journal. Opts: minixdf,auto_da_alloc,debug_want_extra_isize=0x0000000000000068,nodelalloc,noacl,abort,,errors=continue. Quota mode: none. [ 36.223921][ T293] usb 2-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 36.268761][ T958] loop2: detected capacity change from 0 to 8192 [ 36.352647][ T963] loop3: detected capacity change from 0 to 256 [ 36.359206][ T293] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 36.368107][ T293] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 36.376013][ T293] usb 2-1: Product: syz [ 36.380009][ T293] usb 2-1: SerialNumber: syz [ 36.385666][ T293] usb 2-1: config 0 descriptor?? [ 36.429326][ T319] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.440330][ T963] FAT-fs (loop3): Directory bread(block 64) failed [ 36.440447][ T319] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.446744][ T963] FAT-fs (loop3): Directory bread(block 65) failed [ 36.456261][ T319] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 36.471429][ T319] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.480252][ T319] usb 5-1: config 0 descriptor?? [ 36.485198][ T963] FAT-fs (loop3): Directory bread(block 66) failed [ 36.492764][ T963] FAT-fs (loop3): Directory bread(block 67) failed [ 36.499375][ T963] FAT-fs (loop3): Directory bread(block 68) failed [ 36.505789][ T963] FAT-fs (loop3): Directory bread(block 69) failed [ 36.512100][ T963] FAT-fs (loop3): Directory bread(block 70) failed [ 36.518423][ T963] FAT-fs (loop3): Directory bread(block 71) failed [ 36.524899][ T963] FAT-fs (loop3): Directory bread(block 72) failed [ 36.531277][ T963] FAT-fs (loop3): Directory bread(block 73) failed [ 36.557021][ T8] attempt to access beyond end of device [ 36.557021][ T8] loop3: rw=1, want=1228, limit=256 [ 36.594365][ T968] loop5: detected capacity change from 0 to 2048 [ 36.639629][ T293] snd-usb-audio: probe of 2-1:0.2 failed with error -2 [ 36.670354][ T968] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,norecovery,data_err=abort,noblock_validity,,errors=continue. Quota mode: writeback. [ 36.688738][ T968] EXT4-fs error (device loop5): ext4_find_extent:929: inode #2: comm syz.5.243: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 36.769198][ T26] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 36.850550][ T293] usb 2-1: USB disconnect, device number 5 [ 36.879284][ T6] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 36.960410][ T319] hid-steam 0003:28DE:1142.000D: item fetching failed at offset 4/5 [ 36.968462][ T319] hid-steam 0003:28DE:1142.000D: steam_probe:parse of hid interface failed [ 36.976895][ T319] hid-steam: probe of 0003:28DE:1142.000D failed with error -22 [ 37.009159][ T26] usb 3-1: Using ep0 maxpacket: 32 [ 37.079157][ T531] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 37.129205][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.139933][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.149436][ T26] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 37.162061][ T26] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 37.170904][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.178907][ T20] usb 5-1: USB disconnect, device number 7 [ 37.179396][ T26] usb 3-1: config 0 descriptor?? [ 37.439540][ T531] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.450334][ T531] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.459801][ T531] usb 6-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 37.468628][ T531] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.477332][ T531] usb 6-1: config 0 descriptor?? [ 37.489208][ T6] usb 4-1: New USB device found, idVendor=08dd, idProduct=90ff, bcdDevice=5d.5a [ 37.498111][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.506022][ T6] usb 4-1: Product: syz [ 37.510038][ T6] usb 4-1: Manufacturer: syz [ 37.514408][ T6] usb 4-1: SerialNumber: syz [ 37.519708][ T6] usb 4-1: config 0 descriptor?? [ 37.669897][ T26] ntrig 0003:1B96:000A.000E: unknown main item tag 0xd [ 37.676600][ T26] ntrig 0003:1B96:000A.000E: item fetching failed at offset 3/5 [ 37.684215][ T26] ntrig 0003:1B96:000A.000E: parse failed [ 37.689782][ T26] ntrig: probe of 0003:1B96:000A.000E failed with error -22 [ 37.719405][ T20] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 37.875379][ T293] usb 3-1: USB disconnect, device number 7 [ 37.959204][ T20] usb 2-1: Using ep0 maxpacket: 16 [ 37.962224][ T531] input: HID 054c:03d5 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:054C:03D5.000F/input/input10 [ 37.977081][ T531] sony 0003:054C:03D5.000F: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.5-1/input0 [ 37.989456][ T312] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 38.170765][ T531] usb 6-1: USB disconnect, device number 4 [ 38.269235][ T312] usb 5-1: Using ep0 maxpacket: 8 [ 38.309223][ T20] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 38.318158][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.325910][ T20] usb 2-1: Product: syz [ 38.329974][ T20] usb 2-1: Manufacturer: syz [ 38.334286][ T20] usb 2-1: SerialNumber: syz [ 38.339238][ T20] r8152-cfgselector 2-1: config 0 descriptor?? [ 38.389212][ T312] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 38.397516][ T312] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 38.406333][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.417249][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.426794][ T312] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 38.439469][ T312] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 38.448203][ T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.456644][ T312] usb 5-1: config 0 descriptor?? [ 38.649210][ T6] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 38.829201][ T20] r8152-cfgselector 2-1: Unknown version 0x0000 [ 38.835316][ T20] r8152-cfgselector 2-1: bad CDC descriptors [ 38.859231][ T6] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 38.868931][ T6] asix 4-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 38.878982][ T20] r8152-cfgselector 2-1: Unknown version 0x0000 [ 38.885544][ T20] r8152-cfgselector 2-1: USB disconnect, device number 6 [ 38.892488][ T6] asix: probe of 4-1:0.0 failed with error -71 [ 38.899304][ T6] usb 4-1: USB disconnect, device number 7 [ 38.919956][ T312] hid-steam 0003:28DE:1102.0010: unknown main item tag 0x0 [ 38.927155][ T312] hid-steam 0003:28DE:1102.0010: : USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0 [ 38.938786][ T312] hid-steam 0003:28DE:1102.0011: unknown main item tag 0x0 [ 38.946357][ T312] hid-steam 0003:28DE:1102.0011: hidraw0: USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0 [ 39.019181][ T312] hid-steam 0003:28DE:1102.0010: Steam Controller 'XXXXXXXXXX' connected [ 39.027888][ T312] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0010/input/input11 [ 39.123915][ T6] usb 5-1: USB disconnect, device number 8 [ 39.133506][ T6] hid-steam 0003:28DE:1102.0010: Steam Controller 'XXXXXXXXXX' disconnected [ 39.388863][ T1011] loop1: detected capacity change from 0 to 1024 [ 39.399889][ T1014] netlink: 'syz.5.258': attribute type 3 has an invalid length. [ 39.408504][ T1012] loop3: detected capacity change from 0 to 2048 [ 39.422724][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 39.422737][ T30] audit: type=1400 audit(1730481582.804:454): avc: denied { name_bind } for pid=1015 comm="syz.5.259" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.451562][ T30] audit: type=1400 audit(1730481582.834:455): avc: denied { node_bind } for pid=1015 comm="syz.5.259" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 39.474163][ T1011] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 39.493601][ T1011] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,max_dir_size_kb=0x0000000000000003,sysvgroups,grpquota,debug_want_extra_isize=0x0000000000000080,user_xattr,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: writeback. [ 39.522204][ T1012] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,norecovery,data_err=abort,noblock_validity,,errors=continue. Quota mode: writeback. [ 39.530021][ T30] audit: type=1400 audit(1730481582.904:456): avc: denied { append } for pid=1010 comm="syz.1.267" path="/71/file1/blkio.bfq.avg_queue_size" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.561754][ T30] audit: type=1400 audit(1730481582.924:457): avc: denied { map } for pid=1010 comm="syz.1.267" path="/71/file1/blkio.bfq.avg_queue_size" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.587462][ T1027] mmap: syz.2.260 (1027) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 39.595346][ T30] audit: type=1400 audit(1730481582.964:458): avc: denied { getopt } for pid=1010 comm="syz.1.267" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 39.632924][ T1029] serio: Serial port ptm0 [ 39.638495][ T1012] EXT4-fs error (device loop3): ext4_find_extent:929: inode #2: comm syz.3.256: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 39.672456][ T30] audit: type=1400 audit(1730481583.054:459): avc: denied { read } for pid=1031 comm="syz.4.264" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 39.702245][ T30] audit: type=1400 audit(1730481583.084:460): avc: denied { open } for pid=1031 comm="syz.4.264" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 39.704857][ T319] ================================================================== [ 39.732112][ T30] audit: type=1400 audit(1730481583.084:461): avc: denied { ioctl } for pid=1031 comm="syz.4.264" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 39.733565][ T319] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120 [ 39.758580][ T30] audit: type=1400 audit(1730481583.084:462): avc: denied { set_context_mgr } for pid=1031 comm="syz.4.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 39.766111][ T319] Read of size 8 at addr ffff88812565db08 by task kworker/1:3/319 [ 39.766127][ T319] [ 39.766133][ T319] CPU: 1 PID: 319 Comm: kworker/1:3 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 [ 39.805346][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 39.815414][ T319] Workqueue: events binder_deferred_func [ 39.820878][ T319] Call Trace: [ 39.824005][ T319] [ 39.826791][ T319] dump_stack_lvl+0x151/0x1c0 [ 39.831297][ T319] ? io_uring_drop_tctx_refs+0x190/0x190 [ 39.836765][ T319] ? panic+0x760/0x760 [ 39.840669][ T319] ? kasan_quarantine_put+0x34/0x1a0 [ 39.845791][ T319] print_address_description+0x87/0x3b0 [ 39.851173][ T319] kasan_report+0x179/0x1c0 [ 39.855512][ T319] ? _raw_spin_lock+0xa4/0x1b0 [ 39.860116][ T319] ? __list_del_entry_valid+0x2f/0x120 [ 39.865407][ T319] ? __list_del_entry_valid+0x2f/0x120 [ 39.870701][ T319] __asan_report_load8_noabort+0x14/0x20 [ 39.876168][ T319] __list_del_entry_valid+0x2f/0x120 [ 39.881293][ T319] binder_release_work+0xcd/0x680 [ 39.886151][ T319] binder_deferred_func+0x1847/0x1bc0 [ 39.891367][ T319] ? read_word_at_a_time+0x12/0x20 [ 39.896307][ T319] process_one_work+0x6bb/0xc10 [ 39.900997][ T319] worker_thread+0xad5/0x12a0 [ 39.905506][ T319] ? _raw_spin_lock+0x1b0/0x1b0 [ 39.910193][ T319] kthread+0x421/0x510 [ 39.914098][ T319] ? worker_clr_flags+0x180/0x180 [ 39.918959][ T319] ? kthread_blkcg+0xd0/0xd0 [ 39.923385][ T319] ret_from_fork+0x1f/0x30 [ 39.927640][ T319] [ 39.930502][ T319] [ 39.932680][ T319] Allocated by task 1033: [ 39.936837][ T319] ____kasan_kmalloc+0xdb/0x110 [ 39.941525][ T319] __kasan_kmalloc+0x9/0x10 [ 39.945863][ T319] kmem_cache_alloc_trace+0x115/0x210 [ 39.951072][ T319] binder_thread_write+0x9f5/0x6ec0 [ 39.956106][ T319] binder_ioctl_write_read+0x205/0x7300 [ 39.961485][ T319] binder_ioctl+0x371/0x2640 [ 39.965911][ T319] __se_sys_ioctl+0x114/0x190 [ 39.970432][ T319] __x64_sys_ioctl+0x7b/0x90 [ 39.974852][ T319] x64_sys_call+0x98/0x9a0 [ 39.979105][ T319] do_syscall_64+0x3b/0xb0 [ 39.983358][ T319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 39.989090][ T319] [ 39.991258][ T319] Freed by task 319: [ 39.994992][ T319] kasan_set_track+0x4b/0x70 [ 39.999414][ T319] kasan_set_free_info+0x23/0x40 [ 40.004187][ T319] ____kasan_slab_free+0x126/0x160 [ 40.009135][ T319] __kasan_slab_free+0x11/0x20 [ 40.013736][ T319] slab_free_freelist_hook+0xbd/0x190 [ 40.018943][ T319] kfree+0xc8/0x220 [ 40.022590][ T319] binder_free_ref+0x128/0x260 [ 40.027188][ T319] binder_deferred_func+0x171c/0x1bc0 [ 40.032395][ T319] process_one_work+0x6bb/0xc10 [ 40.037082][ T319] worker_thread+0xad5/0x12a0 [ 40.041596][ T319] kthread+0x421/0x510 [ 40.045501][ T319] ret_from_fork+0x1f/0x30 [ 40.049754][ T319] [ 40.051926][ T319] The buggy address belongs to the object at ffff88812565db00 [ 40.051926][ T319] which belongs to the cache kmalloc-64 of size 64 [ 40.065639][ T319] The buggy address is located 8 bytes inside of [ 40.065639][ T319] 64-byte region [ffff88812565db00, ffff88812565db40) [ 40.078484][ T319] The buggy address belongs to the page: [ 40.083966][ T319] page:ffffea0004959740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12565d [ 40.094030][ T319] flags: 0x4000000000000200(slab|zone=1) [ 40.099495][ T319] raw: 4000000000000200 ffffea0004364500 0000000800000008 ffff888100042780 [ 40.107914][ T319] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 40.116327][ T319] page dumped because: kasan: bad access detected [ 40.122583][ T319] page_owner tracks the page as allocated [ 40.128130][ T319] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 291, ts 20527373112, free_ts 0 [ 40.143062][ T319] post_alloc_hook+0x1a3/0x1b0 [ 40.147658][ T319] prep_new_page+0x1b/0x110 [ 40.152036][ T319] get_page_from_freelist+0x3550/0x35d0 [ 40.157383][ T319] __alloc_pages+0x27e/0x8f0 [ 40.161807][ T319] new_slab+0x9a/0x4e0 [ 40.165711][ T319] ___slab_alloc+0x39e/0x830 [ 40.170140][ T319] __slab_alloc+0x4a/0x90 [ 40.174304][ T319] kmem_cache_alloc_trace+0x142/0x210 [ 40.179515][ T319] fib_insert_alias+0x4c5/0x1060 [ 40.184285][ T319] fib_table_insert+0xa2c/0x20c0 [ 40.189063][ T319] fib_add_ifaddr+0x43f/0x15e0 [ 40.193663][ T319] fib_inetaddr_event+0x159/0x310 [ 40.198521][ T319] blocking_notifier_call_chain+0xbb/0x140 [ 40.204161][ T319] __inet_insert_ifa+0x906/0xb50 [ 40.208934][ T319] inet_rtm_newaddr+0x8fd/0x16e0 [ 40.213709][ T319] rtnetlink_rcv_msg+0x951/0xc40 [ 40.218485][ T319] page_owner free stack trace missing [ 40.223691][ T319] [ 40.225862][ T319] Memory state around the buggy address: [ 40.231334][ T319] ffff88812565da00: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc [ 40.239231][ T319] ffff88812565da80: 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc fc [ 40.247127][ T319] >ffff88812565db00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 40.255040][ T319] ^ [ 40.259192][ T319] ffff88812565db80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 40.267091][ T319] ffff88812565dc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 40.274985][ T319] ================================================================== [ 40.282886][ T319] Disabling lock debugging due to kernel taint [ 40.289243][ T319] general protection fault, probably for non-canonical address 0xf0c7fc3d40000027: 0000 [#1] PREEMPT SMP KASAN [ 40.300761][ T319] KASAN: maybe wild-memory-access in range [0x864001ea00000138-0x864001ea0000013f] [ 40.309875][ T319] CPU: 1 PID: 319 Comm: kworker/1:3 Tainted: G B 5.15.167-syzkaller-android13-5.15.167_r00 #0 [ 40.321242][ T319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 40.331147][ T319] Workqueue: events binder_deferred_func [ 40.336605][ T319] RIP: 0010:__list_del_entry_valid+0x75/0x120 [ 40.342509][ T319] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75 [ 40.361952][ T319] RSP: 0018:ffffc900055a7c00 EFLAGS: 00010a07 [ 40.367852][ T319] RAX: 10c8003d40000027 RBX: ffff88810498b700 RCX: ffffffff826a1859 [ 40.375663][ T319] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88812565db00 [ 40.383473][ T319] RBP: ffffc900055a7c20 R08: ffffffff8141997b R09: 0000000000000003 [ 40.391285][ T319] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000 [ 40.399096][ T319] R13: ffff88812565db00 R14: ffff88812565db00 R15: 864001ea0000013f [ 40.406909][ T319] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 40.415675][ T319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.422099][ T319] CR2: 000000110c2abb91 CR3: 0000000006a0f000 CR4: 00000000003506a0 [ 40.429912][ T319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.437721][ T319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.445531][ T319] Call Trace: [ 40.448660][ T319] [ 40.451435][ T319] ? __die_body+0x62/0xb0 [ 40.455602][ T319] ? die_addr+0x9f/0xd0 [ 40.459595][ T319] ? exc_general_protection+0x311/0x4b0 [ 40.464977][ T319] ? check_panic_on_warn+0x65/0xb0 [ 40.469920][ T319] ? asm_exc_general_protection+0x27/0x30 [ 40.475479][ T319] ? check_panic_on_warn+0x5b/0xb0 [ 40.480424][ T319] ? __list_del_entry_valid+0x49/0x120 [ 40.485717][ T319] ? __list_del_entry_valid+0x75/0x120 [ 40.491017][ T319] binder_release_work+0xcd/0x680 [ 40.495873][ T319] binder_deferred_func+0x1847/0x1bc0 [ 40.501084][ T319] ? read_word_at_a_time+0x12/0x20 [ 40.506031][ T319] process_one_work+0x6bb/0xc10 [ 40.510726][ T319] worker_thread+0xad5/0x12a0 [ 40.515240][ T319] ? _raw_spin_lock+0x1b0/0x1b0 [ 40.519919][ T319] kthread+0x421/0x510 [ 40.523822][ T319] ? worker_clr_flags+0x180/0x180 [ 40.528683][ T319] ? kthread_blkcg+0xd0/0xd0 [ 40.533110][ T319] ret_from_fork+0x1f/0x30 [ 40.537361][ T319] [ 40.540226][ T319] Modules linked in: [ 40.544538][ T319] ---[ end trace c2060c8d69fe3d55 ]--- [ 40.549893][ T319] RIP: 0010:__list_del_entry_valid+0x75/0x120 [ 40.551590][ T30] audit: type=1404 audit(1730481583.924:463): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 40.555705][ T319] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75 [ 40.555721][ T319] RSP: 0018:ffffc900055a7c00 EFLAGS: 00010a07 [ 40.555736][ T319] RAX: 10c8003d40000027 RBX: ffff88810498b700 RCX: ffffffff826a1859 [ 40.603615][ T319] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88812565db00 [ 40.611426][ T319] RBP: ffffc900055a7c20 R08: ffffffff8141997b R09: 0000000000000003 [ 40.619251][ T319] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000 [ 40.627013][ T319] R13: ffff88812565db00 R14: ffff88812565db00 R15: 864001ea0000013f [ 40.634867][ T319] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 40.643655][ T319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.650057][ T319] CR2: 000000110c2abb91 CR3: 0000000006a0f000 CR4: 00000000003506a0 [ 40.657795][ T319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.665673][ T319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.665702][ T319] Kernel panic - not syncing: Fatal exception [ 40.665885][ T319] Kernel Offset: disabled [ 40.683718][ T319] Rebooting in 86400 seconds..