last executing test programs: 3.029264884s ago: executing program 1 (id=389): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10) r4 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 2.940863151s ago: executing program 1 (id=391): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000040), 0x3, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl") r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x4) 2.83964745s ago: executing program 1 (id=392): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8}]}}]}, 0x38}}, 0x0) 2.778013345s ago: executing program 1 (id=394): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000f5ffffff0000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x480a}}, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000001780)={0x2c, 0x0, &(0x7f00000014c0)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00031200000012033f"], 0x0, 0x0}, 0x0) 2.468532483s ago: executing program 2 (id=397): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"}) write(r0, &(0x7f00000002c0)="75a33cfa187943c188a4af529c3eb5ec3853012fc2215239fea9c75d3dfbbaa05f7989732f2356219489e03f2c556b6f8eb4e0252113fd10038458b8d7d25721dd97c475ce74153b55763b5040615a17c4f039db855a5df7b82cf80648eb0eb5240b4655e2e51b62d02424595f45b6b8fccdd6003ec1a8271348cca0cd2c550bf92a413c14e87040094ffb5ed54f26cb1b1b36c65cf0ccac2aab455243a834dbf433bd1e421744f82130b134d274b16e85ae36f50110c4f142267012bb0a", 0xbe) r1 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) r2 = syz_open_pts(r0, 0x0) r3 = dup(r2) read$FUSE(r3, &(0x7f0000005ac0)={0x2020}, 0x2020) 2.459335094s ago: executing program 2 (id=398): sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000005440), 0x28, 0x774, &(0x7f0000000a40)="$eJzs3M1rXOUaAPDnnGaSfuTeyYUL9+pChBZaKJ0kzaZdNW7cFQoFtzVMTkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzmSS2phJp03TCenvByfzvufreZ7MmzdzYM4J4KX1evEjiRiOiCsRUe6sTyNisN06GnFrY7/1hzdjIKKaRKt19ZekOCzWW+WtcyWd1xPRPiT+HxH3SxFn3/9n3HpzdX4qz7PlTn+0sbA0Wm+unptbmJrNZrPF8YmLYxcmJi6MTTyxhv/1WOupty4eu/vtm2tr333VuPPawLkkJtt1x0Zt1R5P81Q2fielmNy2fnE/gvVR0uuOg/ubBwAAuys+5x+JKD7XRynKcaTdAgAAAA6T1lALAAAAOPSS6HcGAAAAwP7a/B7A+sOb1c3lRX7/4Oc3ImJkp/gD7XuII45GKSKOryeP3ZmQbBwGe3LrdkTcm9w+/r4oRtitPZ57bFv/8Xuk3Qh9ENwr5p/JneafdGv+iR3mn4HNZyfsUff571H8I13mvys9xvj601dKXePfjnh1YKf4yVb8pEv8t3uMf2ftg7vdtrU+jzi94/+f5LFYf38+xOZfTuf5EJMzc/mujx+4/+eZB922FfUf7xY/2b3+pR7rf3f9t/luc0kR/8zJrfiDO73/O8UvxsSHnTzSiLjbeS36a9tinFz4/pvd6p+OaD3L+/9Zj/X/+OXQjR53BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLY0IoYjSStb7TStVCJORMR/43ia1+qNszO1lcXpYlvESJTSmbk8G4uI8kY/Kfrj7faj/vlt/YmI+M8PxzaCzuVZpVrLp/tdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFtORMRwJGklItKI+L2cppVKxEAPxw69gPwAAACA52Sk3wkAAAAA+871PwAAABx+z3r9nzznPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD7crly8XSWn94s1r0p683V+Zr189NZ/X5ysJKtVKtLS9VZmu12TyrVGsLTzpfXqstjV+MlRujjazeGK03V68t1FYWG9fmFqZms2tZ6YVUBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNMabi9JWomItN1O00ol4l8RMRKlZGYuz8Yi4t8R8aBcGir64/1OGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOeu3lydn8rzbPnANAY7mR2UfDQOemOgM2IOSj69NN478CO8j5MSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9U2+uzk/lebZc73cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Ff6UxIRxXK6fGp4+9bB5I9y+zUi3vnk6kc3phqN5fFi/a9b6xsfd9af70f+AAAA8FK49DQ7b16nb17HAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9KreXJ2fyvNseW+NS9FcbSVd9ul3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLP5KwAA//9wK7qy") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0}, 0x10) chdir(&(0x7f00000000c0)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000200)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x1, 0x0, &(0x7f00000002c0)="fe"}) 2.224604074s ago: executing program 2 (id=399): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000f0"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.531040255s ago: executing program 4 (id=410): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c0002800800040000000000080015"], 0x4c}}, 0x0) 1.496548358s ago: executing program 4 (id=411): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x6, 0x4) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendmsg$key(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c) 1.436212783s ago: executing program 4 (id=412): syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "ffffffffff60000000000000"}]}}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xfb, 0x0, 0x1, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='kmem_cache_free\x00'}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000bc0)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x3ff}}}}}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) sendto(r1, &(0x7f0000000040)="60dcb8c0ccf9d1f13e280365babe32aa1a812817f784366dc8aa2b433c492102968db0ee93ddb6f5", 0x28, 0x0, &(0x7f0000000080)=@caif=@dgm={0x25, 0x7}, 0x80) 1.368410909s ago: executing program 4 (id=413): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) lchown(&(0x7f0000000380)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) 1.35690633s ago: executing program 4 (id=414): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x2, 0x0, 0x0, 0x0, 0xfe}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.314371924s ago: executing program 4 (id=415): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffc4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}}) 1.086128634s ago: executing program 3 (id=421): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_INIT(r2, &(0x7f0000000380)={0x50}, 0x50) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) creat(&(0x7f00000002c0)='./file0/file0\x00', 0x0) 1.075234875s ago: executing program 3 (id=422): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) getsockopt$inet_mreqn(r0, 0x0, 0x0, 0x0, &(0x7f00000002c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) 808.584599ms ago: executing program 3 (id=423): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x0, &(0x7f0000000840)=ANY=[], 0x1, 0x37f, &(0x7f0000000440)="$eJzs3c9rI2UYwPFn0jQ/umyTgygK0ge96GVoq2e1SBeEgkt3I+4Kwux2oiFjUmZCJCK2nryKN/8BwWUPHhY8LKj/QC/e1osXT9vLgqCLiCPzK8l0p0mTZmm6+/3Abt7kfZ/M+04m5XkCeXP4/tefNOueWbc6kivdF0NE5KFIVXKSMKKbgmTYl1cv/HnvxSvXrhdFZHNb9dLG1dfWVXV55adPPy/Hw+4W5aD64eGD9T8Onj14/vC/qx83PG142mp31NIb7d871g3H1p2G1zRVLzu25dnaaHm2G/W3o/66097d7anV2rm4tOvanqdWq6dNu6edtnbcnlofWY2WmqapF5eyphsrjug7r0pTxNRubW9bG1Me8OaUcZi1f3zfH9HtuhvWgohZDt+vw2q3HvvcAADA3Enn//ptkrBXJddPKI24FiiE7XQZEOT/SXtra3Nbg2JhkP/ffumXzoX37izH+f/dQlb+//pvUXwq/w+OPvP8//sj98uzO5HzYm+SwafK/zEfVtLvyPuDij0W5P/Bu6Ff0X/5we3VsEH+DwAAAAAAAAAAAAAAAAAAAADAefDQ9yu+71eS2+Tf4CsE8f2QsT/yi8Y4d3KS/foX4x0F+tcDnkhXrl2XUvjFvfyyiPNVt9atRbdxfzJwVSryb3g9xKINJ6L9BDRQlZ+dvW5tMQ5YCP/fKIiKI7asSUWqqfiwfemdrc01jUTx4fH3ujUjvxTE16URxq9LRZ7Jjl/PjC/IKy8PxZtSkV9vSlsc2Qmv60H8F2uqb7+7dSS+HI7L8ubjfUkAAAAAAJg5U7UUl8/VdP0b1e+mqZrVH9TyMlyfP/r5QL++Xs2sz/OVF/Jnu3YAAAAAAJ4WXuGzpuU4tuv1jm2UZdyY5Pc0Rj9PdiM/yeCgcS9sLI4aszC0wpM+cyH+BY0JJi+TrdRynL+Kknkyky1cU12lU5xVy0nWf4LBpUlfAtfLTb522/VWgvnoVMsZaiQfG0WPLDxy6uTyceE/GEnUZAdNds4dN/i5b777e7p1GfGuvcNdb9wppVZ6TLhx5JH9MRftA98fO5/F7L8WP07zIzMAAAAA5kSS9Je95JG3znZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8hU63E9vJGme9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBe/B8AAP//Tuzx8g==") sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="e7ba37c852522f"], 0x14}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2c00dbf6e97158b33d4fec877f1b6d76745b686158bbcfe8875afdef00010000000029"], 0x280) 631.131274ms ago: executing program 3 (id=425): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x26, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 502.448475ms ago: executing program 0 (id=428): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x200000, &(0x7f0000000180)={[], [{@fsname={'fsname', 0x3d, '-!\xf8,'}}]}, 0xfe, 0x54b, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNF1Gk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvebNmaNGmXrZn5fOC259x70nNP7v2enpOTkACG1mT2oxDxakR8m0Qcajk2GvnByY1y6w+uzWVbEvX6Z38lkeT7muWT/Pd4nnklIn77OuJEYXO91dW1xVK5nC7n+ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dvbX3z3D8/fHrno9PfHFv//pd7h28lcSYO5sda2/EUrrdmJmMyf07G4swTBaf7UNkgSXb7BNiRkTzOxyLrAw7FSB71wP/fVxFRB4ZUIv5hSDXHAc25fZ/mwS+M+x9uTIA2tz/ZeG0k9jXmRgfWk8dmRtl8d6IP9Wd1/Prn7VvZFv17HQKgq+s3IuLU6Gjn/m/nTvVQ5sk69H/w/NzJxj9vtRv/FB6Of6LN+Ge8TezuRPf4L9zrQzUdZeO/D9qOfx8uWk2M5LmXGmO+seTCxXKa9W0vR8TxGNub5bdazzm9frfe6Vjr+C/bsvqbY8H8PO6N7n38MfOlWulp2tzq/o2I17qMf5M21z97Ps71WMfR9PbrnY51b/+zVf854o221//Rilay9frkVON+mGreFZv9ffPo753q3+32Z9f/wNbtn0ha12ur26/jp33/pp2OTSb5ouk27/89yeeN9J5839VSrbY8HbEn+WTz/plHj23mm+Wz9h8/tnX/1+7+3x8RX/TY/ptHbnYsOgjXf35b13/7ibsff/ljp/p76//ebqSO53t66f96PcGnee4AAAAAAABg0BQi4mAkheLDdKFQLG68v+NIHCiUK9XaiQuVlUvz0fis7ESMFZor3eMt74eYzt8P28zPPJGfjYjDEfHdyP5GvjhXKc/vduMBAAAAAAAAAAAAAAAAAABgQIx3+Px/5o+R3T474Jnzld8wvLrGfz++6QkYSP7/w/AS/zC8xD8ML/EPw0v8w/AS/zC8xD8ML/EPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXXu7Nlsq68/uDaX5eevrK4sVq6cnE+ri8WllbniXGX5cnGhUlkop8W5ylK3v1euVC5Pz8TK1alaWq1NVVfXzi9VVi7Vzl9cKi2k59Ox59IqAAAAAAAAAAAAAAAAAAAAeLFUV9cWS+VyuiwhsaPE6GCchkSfE7vdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI/8FAAD//wZvNao=") sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0x205, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000000c0)=0x800000, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000040)=""/25, &(0x7f0000000080)=0x19) 470.618458ms ago: executing program 3 (id=429): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = memfd_create(&(0x7f0000000b00)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x93\x1f\t\xd1Z\x05\x00\x00\x00\x00\x00\x00\x00\x00\x9f+\x8d!\x0fG\xab6i\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\xbf\x8f\xe4n\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf\x00\xb45\xa3\x84<\x94\xca\xea\xbe\xb2\xa4=N\xdb\xad\ri9_$4\x92N\xfe\x01\x96w\x8d\x92\xc4\x18b\x01\xa0\x95\xc0\x89\x1c\xd4\xed(\xf7}\xc8@\xa6\xe6\x12N>>\xadm\xb9\xd4\xb8\x01\xff`#R|\x1e=\xc9\x86g\x06b\x1a\xab\x05\xed\xe8y\x1c;\x13\xe1\x04\x89\xdf\xe0|i\xa0\xc6\xfd\xa1V\xd2,\xecN\xbfB\x87_\xeeO\x0f\xfa)\x81\xac(BsE\xcb\x82\x88\x83{X\xa2\xeb\xfb\x9d=u8\x88\xee\'\x16\xc2\x93\xf3=\xb6\xcbt\xb5\xb9\x1e\xf0\x9b\xea\xd5ox\x97\xfa\x94\"\x06U\xb7\"@\x0e\x13\xfe\x147\x8bN;~w9\x83{\xfc\xc1\x10[\xa3\xb9{b\x11\x11?\bw_\xff0\x99\x97\xa1\t\x986\x97\xa2<\x13i\x12A\x90\xd8\xa6*\xe3BJ\x16\xa7\xd0\xb1\x9e\x06*kgf\xb1\xddx\fF\x9aZ\xf7\a\xf1\x04\xab\x05\xcf*\x16\xfe\x8c\xcc\x1deV\t\xf8+\x85\x13h\xe0 \xa2\xac\x89\xfa\xd5R\xdd\x1b\b\xf1\xea\xa6\x89t\xb9~\r\xbd[\xa1<-\xb4D\xbc+\xda\xc7\xc3\xdcQ\xe4\v\x03\xbf\xff\xa3L85c\a\xab\x0e\nu\xf5\xf95\x89\xe1\xf6yf#\xa1\x96\r\xbd\xef\xe8\x878\xc1\xa6\xc3\xc6\xdc_\xa5I\xbe\xe4\xde\x9c\n\xfe\xe2n\xb8`\x9aa\xb2\xf4\x8a\xb0\x13\xd0h\x15\xeaF\x18 \xcf}=mof\x13\xcb QL\x91XA\xd5\xc3}\xe4f\xf0(\xda@\xa7H\xc6\x88\x19\xad+\xfb\x83\xc5\xf6\xa9qag\xb9\xb4\xf17\xc3\xc0\xf9\x80\xe9n\x04\x97(\xfe\xb0\v\xfa\xb5\xf2/\xfel\xb6\xe1r\xaf\xbb\x847&\x89\x8dt\x99+\x93\x8d\xaf\xbb\xb0\xa3W\x86\x95G\xb6\xf3D*\xa6\xe3\x06\xa6\xa5\xe8,kP\xc2\xff\xc3lt\xd5\xc5\x84\xa7\xc6\x10\xfc4\x88VV\x9c\xaa}*\xebn\xb3,\xff~\xa6\xd8\xfc\xfc\xf6?d\x11\xfc_\xbb\xd4&k\x1d9\xd6\x88\xdcX<\xf0\xfe\xed\x88\x84\x16z_wX\x9f\xd1<\x131\xe7\xad\xa2\xb6m\n\x95 i\x0f\xf3\r\xee\x0f\x1e\rJ\xffx\x15z\x89\x15=\xed\xc0\xc9\xde\x97\xae\x9c\xff\x83.\x19Z\x03\xe8\xf5\x85;\xc2', 0x0) fallocate(r2, 0x0, 0x400000000000000, 0x7) 289.043744ms ago: executing program 3 (id=430): syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x60a3, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x5}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x9}]}}, 0x0}, 0x0) 270.165166ms ago: executing program 0 (id=431): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) setrlimit(0x40000000000008, &(0x7f0000000000)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r2, 0xee01) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(r3, 0x0, 0x0, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) 261.137487ms ago: executing program 0 (id=432): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_mount_image$erofs(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x400, &(0x7f00000041c0)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES32, @ANYRES16, @ANYBLOB="210070a0446f6ae3f3e9d36e0709fd4185c456b7477cfbe99ceb4c9d7b7d750b04588b89a83652e31e0f6a4bc5c5116ff4c52f897fa33e34f54a6d92ae68e7b8c4152176ead31e0900830278090000bb53e0daa76b059c385c51ce07ef7fc9d2132a0285da3afb64e6e384", @ANYRESOCT, @ANYBLOB="265c375a51dd6e094f64b494527514aff73c5f8f9989ef21cc069e9749731b6d5a0b704f77d9b09077243e32ffc64966b7f8781ad3b24be8760bc71f91ba7edfec2ea21d2382804f40b80f00fc79187993087295f3cd7cf71b0d9e9188384c7b39000000f0fec0ee209e144676e71e63c3d74fc465d09040982fd6c163c833e2a0c13b5ced3d4d7684d79d50ab63ac97ad2205000000a6cd2b2716a000a9834983a3f1a768004374e58bcabab221000000fc0000000000000000000060760fff210803c9660c6600000f21c0352cd526bfdee0c1be60fa5c2f410500000000003a9f94f1efce739e8de697f02db24e35df54193438cf37f0056a83adc6027b6d3c8b5080bcd8ac875e140ebf2752d44d86df030064002f247e05008e5ddce9da8789f9b80b923f7e7c3c3fe093b770db6a8942332f5583b13bcc254f8b6dbe87a540e4be6456a47e09fe3ca5eec7236cfcb7d54ce4271d2706000000fc20159ba20d1a6977ab492465f96150fabe007d18b523acecc942fe9f525c497b189f82f7881b7e5263298277cedd5c3b36f4fb466f6672f1637f84cf8c1010cc227984b60b9b224add9b085f52d2d9653990852dd60076480e62156214fd6e599dc863942128a1f6f1983283697f719022918e0000000000000000009da739664a05b747e3b93a7b63e6cfea3f4700181ba4c87b8a815027da5fb2a39192aeb8ae42cfb919a83720e3a0f400"/531, @ANYRESOCT], 0x2, 0x1cb, &(0x7f0000000300)="$eJzsmb/v0kAYxp+7lh8SY+Li4OIgRoxS2qKGhQETdxPw1yaRStACBmoCJA7ExcXRwcTVf8DBgcnBzc1VBzUxcZDRueaOsz0LKPhdmnzfT8L1ubv33nvvgGcAEARxaPn65efnZ1dqrQsAjqKInBr/bsQxXIv/9OLR+ef1qy9ff3z1bnDs8SKZjwEIw933NwG8bRgIVD8M/1xdVM8WeKSvg+Oc0jfBcEbpO+C4obQHhttK39f08IgSvmfdHfqdez3fs0XjiMYVTTVZ33LO0AGQV/UxbX48nT1o+743SopM+Huftal9xb/ub9ngqGv3J96vW0+fzEXfUuO2dn8OOBylq2BoKl1DDpZlxVeinf+kGec3djl/GsTxcirKIJEuwZIj4gsdjZxYLt6vr/qWluL/Q0jjArA29aFwsMxZZQIbY2J/YiZwVvMnE2bkH5Wg/7Ayns7KvX6763W9getWL9sXbfuSW5FGtGr/4n956U8FLX9mS2yWZTFpB8HImQDByIn67qrVHLf5ZvhDruHS/zhKp1c5xEdFHju3eQ+mXlw+hSoZW4snCIIgCIIgCIIgCIIgCILYi1Ng8ldQ9UdVuAX3moz+FQAA///3omlJ") r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x45}], 0x1, 0x52, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 221.65213ms ago: executing program 2 (id=433): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000080)=[@window, @timestamp, @window, @window, @sack_perm, @mss, @timestamp, @sack_perm], 0x2d0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendmmsg$inet(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001780)="ce0ea2b364bc139bea0fd588226df8a288c62b8174788411707409522b4c769b3263e05606e748167459070c90e7cef6b7a64bfb0ef32a77cfdedbf9a717560ee651e75f4e4beae8", 0x48}], 0x20}}], 0x1, 0x4008095) 203.177262ms ago: executing program 2 (id=434): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x2000410, &(0x7f0000000000)={[{@commit={'commit', 0x3d, 0x5}}]}, 0x1, 0x79f, &(0x7f00000012c0)="$eJzs3ctrXFUYAPDvTl5NGk0EQesqIGigdGJrbBUUKi5EsFDQtW1IpqFmkimZSWlCwRYR3AgqLgTddO2j7sSdj63+Fy6kpWpbrLqQkTuPdtLMTDOkM1PI7wc3c869d+ac7577OJNzuRPArjWV/slE7IuID5OIidr8JCKGKqnBiKPV9W5dPz+fTkmUy2/8kVTWuXn9/Hw0vCe1t5Z5PCJ+fC9if2ZrucX1jaW5fD63WsvPlJbPzBTXNw6cXp5bzC3mVg4fnJ09dOS5I4fvX6x//bIxfvWjV5/++ui/7z52+YOfkjga47VljXHcL1MxVdsmQ+km3OSV+11YnyVtlr3Uw3rQmfTQHKge5bEvJmKgkmphtJc1AwC65Z2IKAMAu0zi+g8Au0xETEZt/Ks+9ft/Er107eWI2FONvz6+WV0yWBuz21MZBx27mWwaGUnqG26HpiLi82/f+jKdokvjkADNXLgYEScnp7ae/5Mt9yx06pl2C8sjlZepu2Y7/0HvfJ/2f55v1v/L3O7/RJP+T3r0TpXb3fWzPfc+/jNXdlxIG2n/78WGe9tuNcRfMzlQyz1U6fMNJadO53Ppue3hiJiOoZE0f7CyavPtMX3jvxutym/s//358dtfpOVvvgMnc2VwZPN7FuZKczsKusG1ixFPDDaLP7nd/kmL/u/xbZbx2gvvf9ZqWRp/Gnd9SstPX3cUVAfKlyKeatr+d9oyaXt/4kxld5ip7xRNfPPrp2Otym9s/3RKy69/F+iFtP3H2sc/mTTer1nsvIyfL0380GrZveNvvv8PJ29W0sO1eefmSqXVgxHDyetb5x+68956vr5+Gv/0k82P/3b7f/qd8OQ24x+8+vtXtY9qGn/Fhf61/0JH7d8mUb8e3LXo8q2lgVblb6/9Zyup6dqc7Zz/7lHTHezNAAAAAAAAAAAAAAAAAAAAAAAAANC5TESMR5LJ3k5nMtls9Te8H42xTL5QLO0/VVhbWYjx76rPP83UH3U50fA81PJA9Xn49fyh2Jx/NiIeiYhPRkYr+ex8Ib/Q7+ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGZvi9//T/020u/aAQBds6ffFQAAes71HwB2n86u/6NdqwcA0Dsdf/8vJ92pCADQM9u+/p/sbj0AgN4x/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECXHT92LJ3Kf18/P5/mF86ury0Vzh5YyBWXsstr89n5wuqZ7GKhsJjPZecLyy0/6EL1JV8onJmNlbVzM6VcsTRTXN84sVxYWymdOL08t5g7kRvqWWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsH3F9Y2luXw+tyrRNjH6YFSjh4nkn3brDEb/a7gbEsN9K73xLDHavxMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPu/wAAAP//wJMmNg==") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000300)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) pwritev2(r2, &(0x7f00000007c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x10001, 0x0, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628) 111.87047ms ago: executing program 0 (id=435): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x1c14744, &(0x7f0000000500)={[{@bh}]}, 0xff, 0x49f, &(0x7f0000001400)="$eJzs3M9vVEUcAPDve7vlp9KK+AMksYrGxh8tLaAc9KDRxIMmGj3gsbaFIAs1tCZCiBRj8GhIvBuPJv4FnjgZ9WTixYPeDQlRYgJ4cc3bfa/trrulP3er+/kkCzP75r2Zb9/M7nRmtwH0rMHsnyTiroj4JSL669nGAoP1/27duDBx+8aFiSSq1bd+T2rlbt64MFEULc7bmWeG0oj0kySvpNHMufOnxiuVqbN5fmT29PsjM+fOP3Py9PiJqRNTZ8aOHj18aPS5Z8eONJx3ZJVxZvHd3PfR9P69r75z5fWJY1fe/f7rrL1pfnxxHOtlMAv8j2pN87HH17uyLvu7uhBnUu52a1iuUkRkt6uvNv77oxTli8Wx/njl4+62DthI2Wv21vaH56rA/1gS3W4B0B3FG332+2/+6OvQ1GNTuP5i/RegLPZb+aN+pDy/NrCRP5DBiDg299cX2SOa1iGqLdYNAADW6mo2/3m6Yf6Xzz/SuH9RuV353tBARNwTEbsj4t6I2BMR90XUyj4QEQ+usP7mraF/78Ok11YV2DJl87/n872txvlfMfuLgVKeu7sWf19y/GRl6mD+MxmKvq1ZfrTVxYtLvPzTZ+3qXzz/yx5Z/cVcML/I1eYFusnx2fH1mpRevxSxr9wq/iSKbZwkIvZGxL6VXXpXkTj55Ff72xW6c/xLWId9puqXEU/U7/9cNMVfSJbenxzZFpWpgyP1XlFqUccPP15+o139zfG3On8jZfd/R2P/byrR/2eyeL92ZuV1XP7107Z7q+U79/9r5Rb9f0vydm1Pd0v+3Ifjs7NnRyO2JK/V8g3Pjy2cW+SL8ln8Qwdaj//d+TlZ/A9FxP6In4th93B+7x6JiEcj4sAS8X/30mPvtTu2pv6/DrL4J1u+/s33/4HG+7/yROnUt9+0q785/iTPL5TI7v/hWmoof6b2+pfb3ua67ZuzLS+x2t4MAAAA/z1p7bPxSTo8n07T4eH6Z/j3xI60Mj0z+9Tx6Q/OTNY/Qz8QfWmx/tm/aD10NJnLr1jPj+VrxcXxQ/m68eel7UkSlanhienKZJdjh163s834z/zWZjH6hY62ENhQvq8Fvat5/KddagfQed7/oXcZ/9C7jH/oXcX4f3PRcxebynT6g+lAZ3j/h95l/EPvmh//l7rbDqDzvP9DT2r1Jfnibxys4Sv/a0qUl/j2/iZNFKujm6U9p5KI2NgqIt0ckbZNRP5HLDZLe5adiLlSvSPdrq7yOuUlRvdyE915PQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhv/wQAAP//m7Df+Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.swap.current\x00', 0x275a, 0x0) write$cgroup_pid(r0, &(0x7f0000000000), 0x2a979d) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f0000000140)='./bus\x00') syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 111.216879ms ago: executing program 1 (id=436): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f00000003c0)=0x8aa, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'xfrm0\x00', 0x0}) sendto$packet(r2, &(0x7f00000002c0)="05040800d3fc030000004788031c09102f28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) 48.290285ms ago: executing program 1 (id=437): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, 0x0, 0xc1) r1 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000230040120c050000000000000109022d00010000000009040081010300000009210000ff0122050009058103"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0022060000000807"], 0x0}, 0x0) sendmsg$802154_dgram(0xffffffffffffffff, 0x0, 0x0) 28.471437ms ago: executing program 0 (id=438): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x19) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) 19.919748ms ago: executing program 2 (id=439): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) write$uinput_user_dev(r2, &(0x7f0000000200)={'syz0\x00', {}, 0x50, [0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x101], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fff], [0x0, 0x0, 0x0, 0xfffffffd, 0xfffffffc, 0x0, 0xef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe61], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = syz_open_dev$evdev(&(0x7f0000000700), 0x3, 0x0) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000040)) close_range(r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=440): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r3, 0xc020660b, &(0x7f0000000180)={@desc={0x1, 0x0, @auto="e2c3cb017721575b"}}) kernel console output (not intermixed with test programs): ort 1(bridge_slave_0) entered disabled state [ 18.617330][ T287] device bridge_slave_0 entered promiscuous mode [ 18.630214][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.637076][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.644372][ T289] device bridge_slave_0 entered promiscuous mode [ 18.653946][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.660814][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.667983][ T287] device bridge_slave_1 entered promiscuous mode [ 18.680673][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.687630][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.694714][ T289] device bridge_slave_1 entered promiscuous mode [ 18.792673][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.799620][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 18.806722][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.813496][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 18.831623][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.838489][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 18.845570][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.852406][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 18.863654][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.870515][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 18.877628][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.884388][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 18.937843][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.944908][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.952079][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 18.960130][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 18.968950][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.975979][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.985158][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 18.992418][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.007157][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.014334][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.021606][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.029573][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.036395][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.044194][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.052146][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.058991][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.066145][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.088711][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.117230][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.125463][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.133505][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.146536][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.153997][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.162389][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.169244][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.176408][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.184581][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.191523][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.199079][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 19.221445][ T290] device veth0_vlan entered promiscuous mode [ 19.232690][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.241696][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.249687][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.257713][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.264981][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.272963][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.279802][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.286995][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.294884][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.301654][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.308920][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.316782][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.324443][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.332682][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.340703][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.347635][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.354776][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.362762][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.369597][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.377506][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 19.386640][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 19.394743][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.412218][ T289] device veth0_vlan entered promiscuous mode [ 19.421712][ T290] device veth1_macvtap entered promiscuous mode [ 19.431507][ T286] device veth0_vlan entered promiscuous mode [ 19.441341][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 19.449397][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.457603][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 19.465393][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.473354][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 19.481414][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.489677][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.497535][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.505196][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.513199][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.521393][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 19.528862][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.536467][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.544195][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.552382][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.560618][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.567907][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.575122][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.582600][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.596743][ T289] device veth1_macvtap entered promiscuous mode [ 19.613633][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 19.621107][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 19.629478][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.637249][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 19.645083][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.652930][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.660834][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.668826][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 19.676883][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 19.685428][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 19.693503][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 19.701667][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 19.709894][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.718636][ T286] device veth1_macvtap entered promiscuous mode [ 19.734039][ T287] device veth0_vlan entered promiscuous mode [ 19.744173][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 19.751992][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.759754][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.779231][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.788362][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.800020][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 19.808725][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 19.817345][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 19.825428][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 19.833881][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 19.842239][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.850617][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 19.859827][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 19.868221][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 19.876326][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 19.886687][ T288] device veth0_vlan entered promiscuous mode [ 19.902318][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.910978][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.919165][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.927751][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.936285][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.944465][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.958734][ T288] device veth1_macvtap entered promiscuous mode [ 19.970363][ T287] device veth1_macvtap entered promiscuous mode [ 19.993173][ T317] loop4: detected capacity change from 0 to 1024 [ 20.016929][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 20.016975][ T317] ======================================================= [ 20.016975][ T317] WARNING: The mand mount option has been deprecated and [ 20.016975][ T317] and is ignored by this kernel. Remove the mand [ 20.016975][ T317] option from the mount to silence this warning. [ 20.016975][ T317] ======================================================= [ 20.024594][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.086685][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.095017][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 20.103237][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.112107][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.112716][ T317] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 20.120757][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.132546][ T317] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038 (0x7fffffff) [ 20.138300][ T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 20.159929][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.163674][ T317] syz.4.5 (317) used greatest stack depth: 22432 bytes left [ 20.168171][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.183100][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.191487][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.199900][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.228721][ T327] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 20.363693][ T346] kvm: pic: non byte write [ 20.416553][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 20.422077][ T355] syz.3.16 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 20.470675][ T361] SELinux: security_context_str_to_sid(staff_u) failed for (dev ?, type ?) errno=-22 [ 20.481104][ T361] SELinux: security_context_str_to_sid(staff_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 20.546721][ T20] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 20.555473][ T20] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 20.566513][ T20] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 20.636557][ T60] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 20.726652][ T20] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 20.735673][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 20.743587][ T20] usb 2-1: Product: syz [ 20.747633][ T20] usb 2-1: Manufacturer: syz [ 20.751976][ T20] usb 2-1: SerialNumber: syz [ 20.806533][ T315] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 20.996632][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 21.007492][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 21.017169][ T60] usb 3-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00 [ 21.026094][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 21.036293][ T60] usb 3-1: config 0 descriptor?? [ 21.087036][ T20] usb 2-1: 0:2 : does not exist [ 21.094038][ T20] usb 2-1: USB disconnect, device number 2 [ 21.101412][ T311] udevd[311]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 21.176649][ T315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 21.187430][ T315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 21.196897][ T315] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 21.205714][ T315] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 21.217599][ T315] usb 5-1: config 0 descriptor?? [ 21.372961][ T378] loop3: detected capacity change from 0 to 128 [ 21.379288][ T60] usbhid 3-1:0.0: can't add hid device: -71 [ 21.385082][ T60] usbhid: probe of 3-1:0.0 failed with error -71 [ 21.391786][ T60] usb 3-1: USB disconnect, device number 2 [ 21.407077][ T378] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 21.419119][ T378] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 21.443972][ T45] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 21.486566][ T307] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 21.518779][ T386] process 'syz.3.30' launched './file0' with NULL argv: empty string added [ 21.639935][ T388] syz.3.31 (388) used greatest stack depth: 21536 bytes left [ 21.683619][ T400] tmpfs: Unknown parameter 'fowner>00000000000000000000' [ 21.697630][ T315] samsung 0003:0419:0600.0001: item fetching failed at offset 1/5 [ 21.717739][ T315] samsung 0003:0419:0600.0001: parse failed [ 21.723564][ T315] samsung: probe of 0003:0419:0600.0001 failed with error -22 [ 21.775734][ T408] tipc: Failed to remove unknown binding: 66,1,1/0:1235850104/1235850106 [ 21.777311][ T409] loop3: detected capacity change from 0 to 512 [ 21.784103][ T408] tipc: Failed to remove unknown binding: 66,1,1/0:1235850104/1235850106 [ 21.837819][ T415] loop1: detected capacity change from 0 to 1024 [ 21.844846][ T409] EXT4-fs (loop3): orphan cleanup on readonly fs [ 21.852957][ T409] EXT4-fs (loop3): 1 orphan inode deleted [ 21.859098][ T307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 21.859427][ T409] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 21.871426][ T307] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 21.894249][ T307] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 21.898162][ T415] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.903310][ T307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 21.921680][ T6] usb 5-1: USB disconnect, device number 2 [ 21.922118][ T307] usb 1-1: config 0 descriptor?? [ 21.962983][ T415] EXT4-fs error (device loop1): ext4_xattr_ibody_get:603: inode #18: comm syz.1.43: corrupted in-inode xattr [ 21.993135][ T415] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #18: comm syz.1.43: corrupted in-inode xattr [ 22.010498][ T290] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /8/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 22.056872][ T409] syz.3.40 (409) used greatest stack depth: 21136 bytes left [ 22.102828][ T433] loop3: detected capacity change from 0 to 1024 [ 22.118534][ T290] syz-executor (290) used greatest stack depth: 20880 bytes left [ 22.158021][ T433] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.184888][ T45] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 22.200165][ T45] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 22.212264][ T45] EXT4-fs (loop3): This should not happen!! Data will be lost [ 22.212264][ T45] [ 22.221732][ T45] EXT4-fs (loop3): Total free blocks count 0 [ 22.227987][ T45] EXT4-fs (loop3): Free/Dirty block details [ 22.233939][ T45] EXT4-fs (loop3): free_blocks=68451041280 [ 22.239810][ T45] EXT4-fs (loop3): dirty_blocks=64 [ 22.240216][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.244907][ T45] EXT4-fs (loop3): Block reservation details [ 22.251773][ T440] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.258292][ T45] EXT4-fs (loop3): i_reserved_data_blocks=4 [ 22.265164][ T440] device bridge_slave_0 entered promiscuous mode [ 22.279022][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.285915][ T440] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.293386][ T440] device bridge_slave_1 entered promiscuous mode [ 22.357605][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.364580][ T440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.371693][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.378453][ T440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.397882][ T307] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 22.411383][ T307] plantronics 0003:047F:FFFF.0002: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 22.445373][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.447980][ T450] syz.4.57[450] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 22.452460][ T450] syz.4.57[450] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 22.453789][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.483175][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.507371][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.515679][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.523866][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.535657][ T440] device veth0_vlan entered promiscuous mode [ 22.545943][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.551492][ T448] loop3: detected capacity change from 0 to 40427 [ 22.554263][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.561091][ T30] kauditd_printk_skb: 99 callbacks suppressed [ 22.561103][ T30] audit: type=1400 audit(1725960987.351:175): avc: denied { connect } for pid=449 comm="syz.4.57" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 22.567163][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.608660][ T448] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 22.612615][ T452] loop4: detected capacity change from 0 to 512 [ 22.616611][ T448] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 22.644928][ T448] F2FS-fs (loop3): invalid crc value [ 22.645811][ T440] device veth1_macvtap entered promiscuous mode [ 22.658210][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.662517][ T448] F2FS-fs (loop3): Found nat_bits in checkpoint [ 22.676667][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.689624][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.704109][ T452] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 22.709884][ T448] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 22.716762][ T452] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038 (0x7fffffff) [ 22.722238][ T448] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 22.752418][ T30] audit: type=1400 audit(1725960987.531:176): avc: denied { mounton } for pid=451 comm="syz.4.58" path="/10/file0/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.761281][ T460] loop1: detected capacity change from 0 to 512 [ 22.784017][ T30] audit: type=1400 audit(1725960987.571:177): avc: denied { create } for pid=451 comm="syz.4.58" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 22.804385][ T30] audit: type=1400 audit(1725960987.571:178): avc: denied { mounton } for pid=451 comm="syz.4.58" path="/10/file0/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 22.812430][ T448] attempt to access beyond end of device [ 22.812430][ T448] loop3: rw=2049, want=45104, limit=40427 [ 22.827626][ T30] audit: type=1400 audit(1725960987.571:179): avc: denied { write } for pid=451 comm="syz.4.58" name="bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 22.858754][ T30] audit: type=1400 audit(1725960987.571:180): avc: denied { add_name } for pid=451 comm="syz.4.58" name="work" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 22.863157][ T460] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none. [ 22.878815][ T30] audit: type=1400 audit(1725960987.571:181): avc: denied { setattr } for pid=451 comm="syz.4.58" name="work" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 22.911483][ T30] audit: type=1400 audit(1725960987.571:182): avc: denied { remove_name } for pid=451 comm="syz.4.58" name="#1" dev="loop4" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 22.930793][ T440] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor: invalid indirect mapped block 1280 (level 0) [ 22.933964][ T30] audit: type=1400 audit(1725960987.571:183): avc: denied { rename } for pid=451 comm="syz.4.58" name="#1" dev="loop4" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.968549][ T30] audit: type=1400 audit(1725960987.571:184): avc: denied { unlink } for pid=451 comm="syz.4.58" name="#1" dev="loop4" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 22.991451][ T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 22.994242][ T440] EXT4-fs error (device loop1): ext4_lookup:1855: inode #14: comm syz-executor: unexpected EA_INODE flag [ 23.000458][ T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 23.025415][ T464] loop2: detected capacity change from 0 to 2048 [ 23.033260][ T440] EXT4-fs error (device loop1): ext4_lookup:1855: inode #14: comm syz-executor: unexpected EA_INODE flag [ 23.070567][ T10] device bridge_slave_1 left promiscuous mode [ 23.083579][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.093206][ T10] device bridge_slave_0 left promiscuous mode [ 23.094407][ T464] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.099238][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.118549][ T10] device veth1_macvtap left promiscuous mode [ 23.124385][ T10] device veth0_vlan left promiscuous mode [ 23.125961][ T464] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 23.149009][ T6] usb 1-1: USB disconnect, device number 2 [ 23.156734][ T464] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28 [ 23.196972][ T464] EXT4-fs (loop2): This should not happen!! Data will be lost [ 23.196972][ T464] [ 23.214096][ T464] EXT4-fs (loop2): Total free blocks count 0 [ 23.226554][ T464] EXT4-fs (loop2): Free/Dirty block details [ 23.237916][ T464] EXT4-fs (loop2): free_blocks=2415919504 [ 23.243477][ T464] EXT4-fs (loop2): dirty_blocks=16 [ 23.248587][ T464] EXT4-fs (loop2): Block reservation details [ 23.254381][ T464] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 23.302686][ T476] loop3: detected capacity change from 0 to 512 [ 23.346876][ T20] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 23.380456][ T476] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.64: inode #1: comm syz.3.64: iget: illegal inode # [ 23.393309][ T476] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.64: error while reading EA inode 1 err=-117 [ 23.405511][ T476] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 23.418443][ T476] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.64: inode #1: comm syz.3.64: iget: illegal inode # [ 23.432231][ T476] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.64: error while reading EA inode 1 err=-117 [ 23.444818][ T476] EXT4-fs (loop3): 1 orphan inode deleted [ 23.445205][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.457649][ T480] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.464868][ T480] device bridge_slave_0 entered promiscuous mode [ 23.466528][ T476] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 23.507785][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.514735][ T480] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.522373][ T480] device bridge_slave_1 entered promiscuous mode [ 23.565851][ T480] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.572748][ T480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.579968][ T480] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.586726][ T480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.606600][ T315] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 23.607375][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.621503][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.628641][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.639149][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.647192][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.654013][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.673471][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.681582][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.688558][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.695788][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.703867][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.712283][ T486] netlink: 'syz.0.67': attribute type 27 has an invalid length. [ 23.728726][ T486] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.735722][ T486] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.762796][ T488] netlink: 40 bytes leftover after parsing attributes in process `syz.0.67'. [ 23.775041][ T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 23.788296][ T20] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 23.793429][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.797373][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.806520][ T60] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 23.813846][ T20] usb 5-1: config 0 descriptor?? [ 23.826841][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.848992][ T486] device veth0_vlan left promiscuous mode [ 23.854780][ T486] device veth0_vlan entered promiscuous mode [ 23.862241][ T486] device veth1_macvtap left promiscuous mode [ 23.869182][ T486] device veth1_macvtap entered promiscuous mode [ 23.876860][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.884139][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.891681][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.899914][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.906873][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.914258][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.918348][ T486] syz.0.67 (486) used greatest stack depth: 19680 bytes left [ 23.930827][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.939034][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.945890][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.953418][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.962390][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 23.972898][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 23.981114][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 23.989468][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 23.989819][ T494] SELinux: failed to load policy [ 23.998113][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 24.009933][ T315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.020889][ T315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.031091][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 24.039203][ T315] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 24.048597][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 24.056607][ T315] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.064484][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 24.066598][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 24.072963][ T315] usb 3-1: config 0 descriptor?? [ 24.084537][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.092839][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.101135][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.109212][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.117512][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.125268][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.133847][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.141678][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.149555][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.157784][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.165928][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.173955][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.181706][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.189024][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.196307][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.204310][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.212278][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.224168][ T480] device veth0_vlan entered promiscuous mode [ 24.233202][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.240912][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.248618][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.256589][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.263852][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.278766][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.286768][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.295751][ T480] device veth1_macvtap entered promiscuous mode [ 24.307899][ T20] arvo 0003:1E7D:30D4.0003: unknown main item tag 0x0 [ 24.314578][ T20] arvo 0003:1E7D:30D4.0003: item fetching failed at offset 6/7 [ 24.322008][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.329706][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.337681][ T20] arvo 0003:1E7D:30D4.0003: parse failed [ 24.343128][ T20] arvo: probe of 0003:1E7D:30D4.0003 failed with error -22 [ 24.350699][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.359050][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.366590][ T60] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 24.368753][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.379263][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.391954][ T60] usb 4-1: Product: syz [ 24.405851][ T60] usb 4-1: Manufacturer: syz [ 24.416220][ T503] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 24.421308][ T60] usb 4-1: SerialNumber: syz [ 24.435921][ T60] usb 4-1: config 0 descriptor?? [ 24.435938][ T505] loop1: detected capacity change from 0 to 512 [ 24.454695][ T505] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 24.477865][ T60] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 24.482717][ T505] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #17: comm syz.1.66: iget: bad i_size value: -6917529027641081756 [ 24.486917][ T60] usb 4-1: Detected FT232H [ 24.499135][ T505] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.66: couldn't read orphan inode 17 (err -117) [ 24.514137][ T505] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 24.528988][ T6] usb 5-1: USB disconnect, device number 3 [ 24.545588][ T505] EXT4-fs error (device loop1): ext4_readdir:260: inode #12: block 13: comm syz.1.66: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0 [ 24.569817][ T315] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 24.577305][ T10] device bridge_slave_1 left promiscuous mode [ 24.578968][ T315] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 24.583420][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.590332][ T315] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 24.603955][ T315] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 24.613687][ T315] lg-g15 0003:046D:C222.0004: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.2-1/input0 [ 24.614919][ T10] device bridge_slave_0 left promiscuous mode [ 24.630837][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.638471][ T10] device veth1_macvtap left promiscuous mode [ 24.644272][ T10] device veth0_vlan left promiscuous mode [ 24.691112][ T516] loop1: detected capacity change from 0 to 128 [ 24.697322][ T60] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 24.782780][ T6] usb 3-1: USB disconnect, device number 3 [ 24.956634][ T60] ftdi_sio 4-1:0.0: GPIO initialisation failed: -5 [ 24.964536][ T60] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 25.000918][ T534] device pim6reg1 entered promiscuous mode [ 25.068184][ T539] input: syz1 as /devices/virtual/input/input4 [ 25.193764][ T60] usb 4-1: USB disconnect, device number 2 [ 25.203781][ T60] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 25.214275][ T60] ftdi_sio 4-1:0.0: device disconnected [ 25.345210][ T563] loop2: detected capacity change from 0 to 1024 [ 25.357375][ T563] EXT4-fs (loop2): Ignoring removed orlov option [ 25.363903][ T560] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 25.371567][ T563] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 25.398791][ T563] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 25.456250][ T576] loop2: detected capacity change from 0 to 1024 [ 25.463579][ T576] EXT4-fs (loop2): Ignoring removed bh option [ 25.477695][ T576] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,errors=remount-ro,norecovery,debug_want_extra_isize=0x0000000000000080,bh,nodelalloc,usrquota,noauto_da_alloc,. Quota mode: writeback. [ 25.500639][ T26] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 25.523616][ T576] EXT4-fs error (device loop2): ext4_ind_map_blocks:604: inode #20: comm syz.2.102: Can't allocate blocks for non-extent mapped inodes with bigalloc [ 25.538993][ T576] EXT4-fs (loop2): Remounting filesystem read-only [ 25.545509][ T576] EXT4-fs error (device loop2) in ext4_evict_inode:258: Readonly filesystem [ 25.554376][ T576] EXT4-fs error (device loop2): ext4_xattr_block_set:2191: inode #12: comm syz.2.102: bad block 0 [ 25.570259][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.586033][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 0 [ 25.601029][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.616760][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 1024 [ 25.632125][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.648002][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 2048 [ 25.663065][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.678707][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 3072 [ 25.693953][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.709655][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 4096 [ 25.724593][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.740152][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 5120 [ 25.755212][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.771174][ T287] EXT4-fs error (device loop2): ext4_readdir:220: inode #11: comm syz-executor: path /12/file1/lost+found: directory fails checksum at offset 6144 [ 25.786103][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.801865][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.817935][ T287] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 25.887138][ T592] KVM: debugfs: duplicate directory 592-5 [ 25.896591][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.915945][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.926280][ T26] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 25.935342][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.943148][ T6] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 25.963985][ T26] usb 5-1: config 0 descriptor?? [ 25.984177][ T600] loop3: detected capacity change from 0 to 512 [ 26.020447][ T600] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.031523][ T600] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038 (0x7fffffff) [ 26.144859][ T613] loop3: detected capacity change from 0 to 1024 [ 26.192015][ T620] loop2: detected capacity change from 0 to 256 [ 26.200338][ T613] EXT4-fs (loop3): test_dummy_encryption requires encrypt feature [ 26.219438][ T620] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 26.239068][ T620] exFAT-fs (loop2): hint_cluster is invalid (17) [ 26.266123][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.277763][ T620] exFAT-fs (loop2): Filesystem has been set read-only [ 26.284357][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 8, err : -5) [ 26.304211][ T628] loop3: detected capacity change from 0 to 512 [ 26.312323][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.318383][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.329403][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 8, err : -5) [ 26.339522][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.352579][ T6] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 26.361573][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.367407][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.375500][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 9, err : -5) [ 26.390070][ T628] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 26.391110][ T6] usb 1-1: config 0 descriptor?? [ 26.409223][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.415212][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 10, err : -5) [ 26.418138][ T628] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 26.426593][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.440649][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 11, err : -5) [ 26.447366][ T26] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0 [ 26.452125][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.462863][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 12, err : -5) [ 26.463003][ T26] arvo 0003:1E7D:30D4.0005: unknown main item tag 0x0 [ 26.475041][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.485540][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 13, err : -5) [ 26.495785][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.500292][ T26] arvo 0003:1E7D:30D4.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.4-1/input0 [ 26.504342][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 14, err : -5) [ 26.512542][ T628] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.121: invalid indirect mapped block 83886080 (level 1) [ 26.522283][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.541666][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 15, err : -5) [ 26.545080][ T626] loop1: detected capacity change from 0 to 40427 [ 26.551616][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.551630][ T620] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811b898520 iblock : 8, err : -5) [ 26.551652][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.551664][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.551674][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.551686][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.596989][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.598258][ T628] EXT4-fs (loop3): 1 orphan inode deleted [ 26.602792][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.602807][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.613488][ T626] F2FS-fs (loop1): invalid crc value [ 26.614169][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.620436][ T628] EXT4-fs (loop3): 1 truncate cleaned up [ 26.625097][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.625113][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.631969][ T628] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 26.637381][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.664352][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.665091][ T626] F2FS-fs (loop1): Found nat_bits in checkpoint [ 26.670221][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.684377][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.690924][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.706734][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.716140][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.721607][ T626] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0 [ 26.722233][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.734373][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.740206][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.740830][ T626] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 26.745964][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.759298][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.765096][ T620] exFAT-fs (loop2): error, broken FAT chain. [ 26.784710][ T480] attempt to access beyond end of device [ 26.784710][ T480] loop1: rw=524288, want=45072, limit=40427 [ 26.796117][ T480] attempt to access beyond end of device [ 26.796117][ T480] loop1: rw=0, want=45072, limit=40427 [ 26.818169][ T480] attempt to access beyond end of device [ 26.818169][ T480] loop1: rw=2049, want=45104, limit=40427 [ 26.901947][ T60] usb 5-1: USB disconnect, device number 4 [ 26.913170][ T642] loop2: detected capacity change from 0 to 2048 [ 26.937619][ T6] lg-g15 0003:046D:C222.0006: unknown main item tag 0x0 [ 26.945948][ T6] lg-g15 0003:046D:C222.0006: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.0-1/input0 [ 26.977883][ T642] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 27.064077][ T646] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.071190][ T646] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.072730][ T642] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.125: bg 0: block 234: padding at end of block bitmap is not set [ 27.078503][ T646] device bridge_slave_0 entered promiscuous mode [ 27.092885][ T642] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 27.098909][ T646] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.117318][ T642] EXT4-fs (loop2): This should not happen!! Data will be lost [ 27.117318][ T642] [ 27.117538][ T646] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.127503][ T642] EXT4-fs (loop2): Total free blocks count 0 [ 27.134054][ T646] device bridge_slave_1 entered promiscuous mode [ 27.139792][ T642] EXT4-fs (loop2): Free/Dirty block details [ 27.153736][ T642] EXT4-fs (loop2): free_blocks=0 [ 27.158554][ T642] EXT4-fs (loop2): dirty_blocks=3008 [ 27.163750][ T642] EXT4-fs (loop2): Block reservation details [ 27.169712][ T642] EXT4-fs (loop2): i_reserved_data_blocks=188 [ 27.183015][ T60] usb 1-1: USB disconnect, device number 3 [ 27.199415][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 946 with error 28 [ 27.214497][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost [ 27.214497][ T10] [ 27.252101][ T646] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.258987][ T646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.266032][ T646] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.272855][ T646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.291320][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.298978][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.306064][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.314933][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.323286][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.330147][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.347548][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.355474][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.362342][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.369549][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.377757][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.392601][ T646] device veth0_vlan entered promiscuous mode [ 27.398920][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.407492][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.415216][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.422541][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.443083][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.452777][ T646] device veth1_macvtap entered promiscuous mode [ 27.468771][ T655] loop4: detected capacity change from 0 to 128 [ 27.470408][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.488435][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.522240][ T655] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 27.533092][ T655] ext4 filesystem being mounted at /17/mnt supports timestamps until 2038 (0x7fffffff) [ 27.569767][ T655] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 27.581542][ T655] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 27.595826][ T441] device bridge_slave_1 left promiscuous mode [ 27.602998][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.611233][ T441] device bridge_slave_0 left promiscuous mode [ 27.617634][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.632029][ T441] device veth1_macvtap left promiscuous mode [ 27.637948][ T441] device veth0_vlan left promiscuous mode [ 27.837476][ T687] syz.2.141[687] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.837555][ T687] syz.2.141[687] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.907907][ T677] loop0: detected capacity change from 0 to 40427 [ 27.935013][ T696] loop1: detected capacity change from 0 to 128 [ 27.970423][ T677] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 27.979149][ T677] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 27.989018][ T696] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.000923][ T696] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038 (0x7fffffff) [ 28.005073][ T677] F2FS-fs (loop0): invalid crc value [ 28.028211][ T677] F2FS-fs (loop0): Found nat_bits in checkpoint [ 28.043987][ T706] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=706 comm=syz.2.149 [ 28.076060][ T677] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 28.083103][ T677] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 28.096549][ T20] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 28.112241][ T677] attempt to access beyond end of device [ 28.112241][ T677] loop0: rw=2049, want=45208, limit=40427 [ 28.126663][ T710] loop2: detected capacity change from 0 to 1024 [ 28.132281][ T713] loop1: detected capacity change from 0 to 2048 [ 28.183300][ T710] EXT4-fs (loop2): test_dummy_encryption requires encrypt feature [ 28.192397][ T713] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.312894][ T713] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.148: bg 0: block 234: padding at end of block bitmap is not set [ 28.327422][ T713] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 28.340973][ T713] EXT4-fs (loop1): This should not happen!! Data will be lost [ 28.340973][ T713] [ 28.341024][ T721] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 28.350808][ T713] EXT4-fs (loop1): Total free blocks count 0 [ 28.363980][ T713] EXT4-fs (loop1): Free/Dirty block details [ 28.369933][ T713] EXT4-fs (loop1): free_blocks=0 [ 28.374820][ T713] EXT4-fs (loop1): dirty_blocks=3888 [ 28.375895][ T725] loop0: detected capacity change from 0 to 1024 [ 28.380261][ T713] EXT4-fs (loop1): Block reservation details [ 28.392802][ T713] EXT4-fs (loop1): i_reserved_data_blocks=243 [ 28.411736][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1830 with error 28 [ 28.425391][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 28.425391][ T10] [ 28.452261][ T725] EXT4-fs error (device loop0): ext4_fill_super:4831: inode #2: comm syz.0.153: casefold flag without casefold feature [ 28.465423][ T725] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 28.479920][ T725] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.516625][ T20] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 28.526306][ T20] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 28.626613][ T20] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40 [ 28.635541][ T20] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 28.643613][ T20] usb 5-1: Manufacturer: syz [ 28.694500][ T30] kauditd_printk_skb: 67 callbacks suppressed [ 28.694514][ T30] audit: type=1326 audit(1725960993.471:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62cc96bef9 code=0x7ffc0000 [ 28.696983][ T20] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 28.700917][ T30] audit: type=1326 audit(1725960993.471:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62cc96bef9 code=0x7ffc0000 [ 28.753510][ T30] audit: type=1326 audit(1725960993.511:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f62cc96bef9 code=0x7ffc0000 [ 28.776910][ T30] audit: type=1326 audit(1725960993.511:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62cc96bef9 code=0x7ffc0000 [ 28.800216][ T30] audit: type=1326 audit(1725960993.511:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62cc96bef9 code=0x7ffc0000 [ 28.823334][ T60] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 28.859279][ T746] device pim6reg1 entered promiscuous mode [ 28.904509][ T20] usb 5-1: USB disconnect, device number 5 [ 28.971007][ T30] audit: type=1400 audit(1725960993.751:257): avc: denied { name_bind } for pid=764 comm="syz.1.162" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 29.029400][ T767] loop1: detected capacity change from 0 to 1024 [ 29.058536][ T767] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 29.084177][ T30] audit: type=1400 audit(1725960993.861:258): avc: denied { write } for pid=766 comm="syz.1.164" name="/" dev="overlay" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.089106][ T767] EXT4-fs (loop1): shut down requested (2) [ 29.106062][ T30] audit: type=1400 audit(1725960993.861:259): avc: denied { remove_name } for pid=766 comm="syz.1.164" name="file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.120860][ T767] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=14 [ 29.134585][ T30] audit: type=1400 audit(1725960993.861:260): avc: denied { rename } for pid=766 comm="syz.1.164" name="file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 29.142719][ T767] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=14 [ 29.164819][ T30] audit: type=1400 audit(1725960993.861:261): avc: denied { add_name } for pid=766 comm="syz.1.164" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.173607][ T767] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=14 [ 29.225031][ T767] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=14 [ 29.235311][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.236549][ T767] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=14 [ 29.246035][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.264188][ T60] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 29.273061][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.281516][ T60] usb 1-1: config 0 descriptor?? [ 29.434319][ T781] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.441347][ T781] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.448614][ T781] device bridge_slave_0 entered promiscuous mode [ 29.457302][ T781] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.464141][ T781] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.471499][ T781] device bridge_slave_1 entered promiscuous mode [ 29.511630][ T781] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.518497][ T781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.525543][ T781] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.532386][ T781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.549826][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.557382][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.564444][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.576548][ T20] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 29.588031][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.596980][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.604889][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.611644][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.619307][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.627334][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.634148][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.641354][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.649076][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.659816][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.668120][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.675360][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.683632][ T781] device veth0_vlan entered promiscuous mode [ 29.693467][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.704022][ T781] device veth1_macvtap entered promiscuous mode [ 29.713147][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.724423][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.847431][ T441] device bridge_slave_1 left promiscuous mode [ 29.853545][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.853589][ T796] loop4: detected capacity change from 0 to 2048 [ 29.867191][ T441] device bridge_slave_0 left promiscuous mode [ 29.873219][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.880912][ T441] device veth1_macvtap left promiscuous mode [ 29.886822][ T441] device veth0_vlan left promiscuous mode [ 29.956652][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.969446][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.979634][ T20] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 29.989907][ T796] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 30.021951][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.029080][ T804] loop1: detected capacity change from 0 to 512 [ 30.038087][ T20] usb 3-1: config 0 descriptor?? [ 30.089231][ T804] EXT4-fs error (device loop1): __ext4_iget:4892: inode #11: block 1: comm syz.1.175: invalid block [ 30.100301][ T792] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.173: bg 0: block 234: padding at end of block bitmap is not set [ 30.104543][ T804] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.175: couldn't read orphan inode 11 (err -117) [ 30.126405][ T804] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,minixdf,max_dir_size_kb=0x0000000000000009,data_err=abort,grpquota,noinit_itable,inode_readahead_blks=0x0000000000400000,i_version,acl,,errors=continue. Quota mode: writeback. [ 30.168014][ T792] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 30.182684][ T792] EXT4-fs (loop4): This should not happen!! Data will be lost [ 30.182684][ T792] [ 30.193190][ T792] EXT4-fs (loop4): Total free blocks count 0 [ 30.199481][ T792] EXT4-fs (loop4): Free/Dirty block details [ 30.200012][ T60] hid-led 0003:27B8:01ED.0007: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0 [ 30.205299][ T792] EXT4-fs (loop4): free_blocks=0 [ 30.221010][ T792] EXT4-fs (loop4): dirty_blocks=3504 [ 30.226356][ T792] EXT4-fs (loop4): Block reservation details [ 30.233420][ T792] EXT4-fs (loop4): i_reserved_data_blocks=219 [ 30.263202][ T60] hid-led 0003:27B8:01ED.0007: ThingM blink(1) initialized [ 30.271016][ T804] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm syz.1.175: Invalid inode table block 4097309278 in block_group 0 [ 30.285394][ T10] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1446 with error 28 [ 30.319019][ T10] EXT4-fs (loop4): This should not happen!! Data will be lost [ 30.319019][ T10] [ 30.328637][ T781] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 4097309278 in block_group 0 [ 30.357767][ T781] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 30.368037][ T781] EXT4-fs error (device loop1): __ext4_unlink:3281: inode #2: comm syz-executor: mark_inode_dirty error [ 30.417403][ T781] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 4097309278 in block_group 0 [ 30.431546][ T781] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 30.441453][ T60] usb 1-1: USB disconnect, device number 4 [ 30.442062][ T781] EXT4-fs error (device loop1): ext4_dirty_inode:6024: inode #2: comm syz-executor: mark_inode_dirty error [ 30.461184][ T441] EXT4-fs error (device loop1): __ext4_get_inode_loc:4340: comm kworker/u4:4: Invalid inode table block 4097309278 in block_group 0 [ 30.526753][ T20] hid (null): bogus close delimiter [ 30.599401][ T822] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.606251][ T822] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.613600][ T822] device bridge_slave_0 entered promiscuous mode [ 30.616521][ T307] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 30.620526][ T822] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.634405][ T822] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.641852][ T822] device bridge_slave_1 entered promiscuous mode [ 30.742020][ T822] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.748894][ T822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.756001][ T822] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.762874][ T822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.800786][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.808833][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.816405][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.840830][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.848947][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.855794][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.864130][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.872194][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.879047][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.887226][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.895023][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.914082][ T822] device veth0_vlan entered promiscuous mode [ 30.921859][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.930513][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.938499][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.945764][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.954506][ T811] device bridge_slave_1 left promiscuous mode [ 30.963120][ T811] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.981204][ T811] device bridge_slave_0 left promiscuous mode [ 30.987287][ T811] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.996625][ T307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.010708][ T811] device veth1_macvtap left promiscuous mode [ 31.017860][ T307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.027518][ T811] device veth0_vlan left promiscuous mode [ 31.036680][ T20] uclogic 0003:256C:006D.0008: failed retrieving Huion firmware version: -71 [ 31.037608][ T307] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 31.045290][ T20] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 31.067202][ T20] uclogic: probe of 0003:256C:006D.0008 failed with error -71 [ 31.074486][ T307] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.085450][ T837] syz.0.190[837] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.085523][ T837] syz.0.190[837] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.097106][ T20] usb 3-1: USB disconnect, device number 4 [ 31.097863][ T307] usb 4-1: config 0 descriptor?? [ 31.193720][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 31.212834][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.233311][ T822] device veth1_macvtap entered promiscuous mode [ 31.283366][ T851] loop0: detected capacity change from 0 to 512 [ 31.290515][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 31.306830][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.315018][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.323258][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.331756][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.357453][ T851] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.375636][ T851] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.195: invalid block [ 31.389359][ T851] EXT4-fs (loop0): Remounting filesystem read-only [ 31.395696][ T851] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.195: invalid indirect mapped block 4294967295 (level 1) [ 31.409971][ T851] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.195: invalid indirect mapped block 4294967295 (level 1) [ 31.424315][ T851] EXT4-fs (loop0): 2 truncates cleaned up [ 31.430097][ T851] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 31.440738][ T845] loop4: detected capacity change from 0 to 40427 [ 31.456672][ T845] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 31.468796][ T845] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 31.479788][ T845] F2FS-fs (loop4): Found nat_bits in checkpoint [ 31.509441][ T845] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 31.516328][ T845] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 31.544267][ T863] loop0: detected capacity change from 0 to 1024 [ 31.597533][ T869] netem: change failed [ 31.607380][ T307] hid-multitouch 0003:1FD2:6007.0009: item fetching failed at offset 3/5 [ 31.627671][ T871] syz.2.201[871] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.627741][ T871] syz.2.201[871] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.632070][ T307] hid-multitouch: probe of 0003:1FD2:6007.0009 failed with error -22 [ 31.692180][ T863] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 31.729830][ T878] syz.1.203[878] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.729896][ T878] syz.1.203[878] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.746371][ T863] EXT4-fs (loop0): shut down requested (2) [ 31.747493][ T863] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=14 [ 31.747548][ T863] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=14 [ 31.747573][ T863] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=14 [ 31.747722][ T863] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=14 [ 31.747742][ T863] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=14 [ 31.766141][ T289] attempt to access beyond end of device [ 31.766141][ T289] loop4: rw=2051, want=77824, limit=40427 [ 31.766191][ T289] attempt to access beyond end of device [ 31.766191][ T289] loop4: rw=2051, want=90112, limit=40427 [ 31.766325][ T289] F2FS-fs (loop4): Issue discard(7168, 7168, 2560) failed, ret: -5 [ 31.766352][ T289] F2FS-fs (loop4): Issue discard(10240, 10240, 1024) failed, ret: -5 [ 31.881470][ T315] usb 4-1: USB disconnect, device number 3 [ 32.011920][ T891] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.018995][ T891] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.026109][ T891] device bridge_slave_0 entered promiscuous mode [ 32.033354][ T891] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.040487][ T891] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.048837][ T891] device bridge_slave_1 entered promiscuous mode [ 32.056632][ T6] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 32.133984][ T891] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.141155][ T891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.148288][ T891] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.155124][ T891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.181552][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.189475][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.199364][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.217270][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.226913][ T903] capability: warning: `syz.4.214' uses deprecated v2 capabilities in a way that may be insecure [ 32.228082][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.251947][ T291] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 32.260637][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.266856][ T907] loop4: detected capacity change from 0 to 2048 [ 32.267510][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.280888][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.289024][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.297203][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.304025][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.311258][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.319420][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.330839][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.338752][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.352231][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 32.360549][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.373208][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 32.381291][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.382224][ T907] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,,errors=continue. Quota mode: none. [ 32.389629][ T487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.407653][ T487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.416054][ T891] device veth0_vlan entered promiscuous mode [ 32.439417][ T912] loop3: detected capacity change from 0 to 1024 [ 32.442801][ T891] device veth1_macvtap entered promiscuous mode [ 32.452272][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 32.460553][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.468499][ T6] usb 2-1: config 0 has an invalid interface number: 32 but max is 0 [ 32.476390][ T6] usb 2-1: config 0 has no interface number 0 [ 32.483375][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 32.490734][ T6] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.491239][ T907] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 16: comm syz.4.216: lblock 0 mapped to illegal pblock 16 (length 1) [ 32.506525][ T291] usb 3-1: Using ep0 maxpacket: 16 [ 32.517836][ T912] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 32.520905][ T6] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.567362][ T6] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 32.567959][ T289] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 32.578007][ T916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.210'. [ 32.599228][ T289] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 32.602840][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.617352][ T289] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 32.626191][ T916] netlink: 12 bytes leftover after parsing attributes in process `syz.0.210'. [ 32.639396][ T289] EXT4-fs error (device loop4): ext4_dirty_inode:6024: inode #2: comm syz-executor: mark_inode_dirty error [ 32.643126][ T6] usb 2-1: config 0 descriptor?? [ 32.658677][ T811] device bridge_slave_1 left promiscuous mode [ 32.659763][ T912] EXT4-fs (loop3): shut down requested (2) [ 32.664630][ T811] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.676816][ T912] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=14 [ 32.685818][ T912] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=14 [ 32.685973][ T8] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 32.695049][ T912] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=14 [ 32.707871][ T8] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 32.715955][ T811] device bridge_slave_0 left promiscuous mode [ 32.730053][ T912] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=14 [ 32.736353][ T811] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.749812][ T912] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=14 [ 32.759054][ T811] device veth1_macvtap left promiscuous mode [ 32.764920][ T811] device veth0_vlan left promiscuous mode [ 32.811863][ T487] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 32.820001][ T487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.828250][ T487] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 32.836233][ T487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.866613][ T291] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 32.875645][ T291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.886330][ T291] usb 3-1: Product: syz [ 32.890392][ T291] usb 3-1: Manufacturer: syz [ 32.894750][ T291] usb 3-1: SerialNumber: syz [ 32.899824][ T291] r8152-cfgselector 3-1: config 0 descriptor?? [ 32.972743][ T921] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.979687][ T921] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.986919][ T921] device bridge_slave_0 entered promiscuous mode [ 32.993695][ T921] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.000755][ T921] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.008021][ T921] device bridge_slave_1 entered promiscuous mode [ 33.088702][ T926] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.095802][ T926] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.103061][ T926] device bridge_slave_0 entered promiscuous mode [ 33.110021][ T926] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.116952][ T926] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.124077][ T926] device bridge_slave_1 entered promiscuous mode [ 33.136527][ T487] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 33.167364][ T6] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x6 [ 33.177715][ T6] logitech-djreceiver 0003:046D:C71B.000A: hidraw0: USB HID v0.00 Device [HID 046d:c71b] on usb-dummy_hcd.1-1/input32 [ 33.179877][ T921] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.196734][ T921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.203918][ T921] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.210726][ T921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.231371][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.238472][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.282947][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.290442][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.303729][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.311926][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.319878][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.326720][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.337499][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.345770][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.353894][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.360834][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.381092][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.389444][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.396614][ T291] r8152-cfgselector 3-1: Unknown version 0x0000 [ 33.397441][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.403204][ T291] r8152-cfgselector 3-1: bad CDC descriptors [ 33.411424][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.416918][ T487] usb 1-1: Using ep0 maxpacket: 8 [ 33.436918][ T20] usb 2-1: USB disconnect, device number 3 [ 33.443354][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.450730][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.456653][ T291] r8152-cfgselector 3-1: Unknown version 0x0000 [ 33.458317][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.466454][ T291] r8152-cfgselector 3-1: USB disconnect, device number 5 [ 33.486922][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.494972][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.501980][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.509484][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.517797][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.525718][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.532462][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.539941][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 33.555597][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.563417][ T487] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.574417][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.582368][ T487] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 33.592186][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 33.600092][ T487] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 33.612963][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.621265][ T487] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 33.625191][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 33.630214][ T487] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.638614][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.654290][ T921] device veth0_vlan entered promiscuous mode [ 33.655364][ T487] usb 1-1: config 0 descriptor?? [ 33.668819][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.676248][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.683530][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.691494][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.708824][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.717083][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.724867][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.732189][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.745320][ T926] device veth0_vlan entered promiscuous mode [ 33.754424][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.762448][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.772318][ T921] device veth1_macvtap entered promiscuous mode [ 33.784380][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.791945][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.800223][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.811458][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.819766][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.831204][ T811] device bridge_slave_1 left promiscuous mode [ 33.837397][ T811] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.844956][ T811] device bridge_slave_0 left promiscuous mode [ 33.851121][ T811] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.858897][ T811] device bridge_slave_1 left promiscuous mode [ 33.864837][ T811] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.872399][ T811] device bridge_slave_0 left promiscuous mode [ 33.878354][ T811] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.886297][ T811] device veth1_macvtap left promiscuous mode [ 33.892393][ T811] device veth0_vlan left promiscuous mode [ 33.898226][ T811] device veth1_macvtap left promiscuous mode [ 33.904042][ T811] device veth0_vlan left promiscuous mode [ 34.038073][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.050854][ T936] device veth0_vlan left promiscuous mode [ 34.057342][ T936] device veth0_vlan entered promiscuous mode [ 34.077721][ T926] device veth1_macvtap entered promiscuous mode [ 34.124575][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.135543][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.158124][ T487] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0 [ 34.165464][ T487] hid-steam 0003:28DE:1102.000B: : USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0 [ 34.191554][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.209920][ T487] hid-steam 0003:28DE:1102.000C: unknown main item tag 0x0 [ 34.217951][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.227249][ T487] hid-steam 0003:28DE:1102.000C: hidraw0: USB HID v0.00 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0 [ 34.241418][ T956] device pim6reg1 entered promiscuous mode [ 34.264368][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 34.264383][ T30] audit: type=1326 audit(1725960999.041:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=960 comm="syz.1.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4dc49ef9 code=0x7ffc0000 [ 34.295475][ T30] audit: type=1326 audit(1725960999.051:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=960 comm="syz.1.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fdc4dc49ef9 code=0x7ffc0000 [ 34.319245][ T487] hid-steam 0003:28DE:1102.000B: Steam Controller 'XXXXXXXXXX' connected [ 34.331019][ T30] audit: type=1326 audit(1725960999.051:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=960 comm="syz.1.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4dc49ef9 code=0x7ffc0000 [ 34.355441][ T487] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.000B/input/input5 [ 34.358559][ T918] input: Steam Controller as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28DE:1102.000B/input/input6 [ 34.417851][ T315] usb 1-1: USB disconnect, device number 5 [ 34.429994][ T315] hid-steam 0003:28DE:1102.000B: Steam Controller 'XXXXXXXXXX' disconnected [ 34.451864][ T972] syz.4.240[972] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.451951][ T972] syz.4.240[972] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.463532][ T30] audit: type=1326 audit(1725960999.051:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=960 comm="syz.1.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4dc49ef9 code=0x7ffc0000 [ 34.600786][ T30] audit: type=1400 audit(1725960999.381:281): avc: denied { bind } for pid=986 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.639727][ T30] audit: type=1326 audit(1725960999.421:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=993 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 34.667071][ T30] audit: type=1326 audit(1725960999.421:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=993 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 34.690321][ T30] audit: type=1326 audit(1725960999.421:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=993 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 34.715267][ T30] audit: type=1326 audit(1725960999.421:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=993 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 34.776536][ T30] audit: type=1326 audit(1725960999.421:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=993 comm="syz.3.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 34.836853][ T966] loop1: detected capacity change from 0 to 40427 [ 34.860888][ T1000] loop3: detected capacity change from 0 to 4096 [ 34.908757][ T966] F2FS-fs (loop1): invalid crc value [ 34.918386][ T966] F2FS-fs (loop1): Found nat_bits in checkpoint [ 34.921049][ T1000] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 34.952240][ T966] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 34.969843][ T966] attempt to access beyond end of device [ 34.969843][ T966] loop1: rw=2049, want=45104, limit=40427 [ 34.985826][ T822] attempt to access beyond end of device [ 34.985826][ T822] loop1: rw=2049, want=45120, limit=40427 [ 35.079288][ T1012] loop3: detected capacity change from 0 to 128 [ 35.116589][ T487] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 35.185273][ T1021] loop3: detected capacity change from 0 to 128 [ 35.249849][ T1021] attempt to access beyond end of device [ 35.249849][ T1021] loop3: rw=0, want=240, limit=128 [ 35.291471][ T1019] loop0: detected capacity change from 0 to 40427 [ 35.329585][ T1028] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.336636][ T1028] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.350195][ T1028] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.350462][ T811] attempt to access beyond end of device [ 35.350462][ T811] loop3: rw=1, want=1041, limit=128 [ 35.357106][ T1028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.357214][ T1028] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.357228][ T1028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.364377][ T1028] device bridge0 entered promiscuous mode [ 35.376530][ T487] usb 3-1: Using ep0 maxpacket: 32 [ 35.382618][ T1019] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 35.407885][ T1019] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.417237][ T1019] F2FS-fs (loop0): invalid crc value [ 35.426334][ T1019] F2FS-fs (loop0): Found nat_bits in checkpoint [ 35.478742][ T1019] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.498837][ T1019] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 35.522334][ T487] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 35.564492][ T1019] attempt to access beyond end of device [ 35.564492][ T1019] loop0: rw=2049, want=77960, limit=40427 [ 35.578042][ T1048] loop4: detected capacity change from 0 to 2048 [ 35.617019][ T1052] tipc: Started in network mode [ 35.622031][ T1052] tipc: Node identity 104, cluster identity 4711 [ 35.634346][ T1052] tipc: Node number set to 260 [ 35.649972][ T1048] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.747031][ T487] usb 3-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.40 [ 35.773842][ T487] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.808552][ T487] usb 3-1: Product: syz [ 35.817356][ T487] usb 3-1: Manufacturer: syz [ 35.827172][ T487] usb 3-1: SerialNumber: syz [ 35.877885][ T487] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 36.094671][ T487] usb 3-1: USB disconnect, device number 6 [ 36.161451][ T1096] loop4: detected capacity change from 0 to 256 [ 36.251175][ T921] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 36.262179][ T921] FAT-fs (loop4): Filesystem has been set read-only [ 36.266572][ T26] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 36.276359][ T921] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 36.449579][ T1115] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 36.457597][ T1115] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 36.470834][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.477835][ T1113] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.485090][ T1113] device bridge_slave_0 entered promiscuous mode [ 36.491970][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.498945][ T1113] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.508342][ T1113] device bridge_slave_1 entered promiscuous mode [ 36.536153][ T1121] kvm: emulating exchange as write [ 36.581307][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.588187][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.595247][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.602068][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.617747][ T487] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 36.629238][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.636637][ T26] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 36.647296][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 36.647387][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.665170][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.686404][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.686801][ T1132] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 36.694700][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.711760][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.719615][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.727836][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.734678][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.746661][ T26] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 36.759543][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 36.767828][ T26] usb 4-1: SerialNumber: syz [ 36.767958][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.782225][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.791819][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.804153][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.812695][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.820374][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.828359][ T1113] device veth0_vlan entered promiscuous mode [ 36.836603][ T60] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 36.839116][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.854305][ T1113] device veth1_macvtap entered promiscuous mode [ 36.863397][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.871426][ T487] usb 2-1: Using ep0 maxpacket: 16 [ 36.878423][ T441] device bridge_slave_1 left promiscuous mode [ 36.884326][ T441] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.891696][ T441] device bridge_slave_0 left promiscuous mode [ 36.897717][ T441] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.905268][ T441] device veth1_macvtap left promiscuous mode [ 36.911256][ T441] device veth0_vlan left promiscuous mode [ 36.963047][ T849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.996600][ T487] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.008677][ T487] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 37.023398][ T487] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 37.033254][ T487] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.042021][ T487] usb 2-1: config 0 descriptor?? [ 37.057708][ T26] usb 4-1: 0:2 : does not exist [ 37.065105][ T26] usb 4-1: USB disconnect, device number 4 [ 37.070847][ T307] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 37.196617][ T60] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.326632][ T307] usb 3-1: Using ep0 maxpacket: 8 [ 37.366616][ T60] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 37.375771][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.383514][ T60] usb 1-1: Product: syz [ 37.387536][ T60] usb 1-1: Manufacturer: syz [ 37.391867][ T60] usb 1-1: SerialNumber: syz [ 37.397283][ T60] usb 1-1: config 0 descriptor?? [ 37.446597][ T307] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.517643][ T487] microsoft 0003:045E:07DA.000D: No inputs registered, leaving [ 37.525591][ T487] microsoft 0003:045E:07DA.000D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 37.537152][ T487] microsoft 0003:045E:07DA.000D: no inputs found [ 37.543577][ T487] microsoft 0003:045E:07DA.000D: could not initialize ff, continuing anyway [ 37.616608][ T307] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 37.625666][ T307] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.633972][ T307] usb 3-1: Product: syz [ 37.641531][ T307] usb 3-1: Manufacturer: syz [ 37.646063][ T307] usb 3-1: SerialNumber: syz [ 37.656617][ T60] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 37.671998][ T60] usb 1-1: USB disconnect, device number 6 [ 37.769968][ T1168] UDC core: couldn't find an available UDC or it's busy: -16 [ 37.777266][ T1168] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 37.956580][ T487] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 37.988219][ T60] usb 2-1: USB disconnect, device number 4 [ 38.169175][ T1172] device pim6reg1 entered promiscuous mode [ 38.356629][ T487] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.367473][ T487] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.377380][ T487] usb 4-1: New USB device found, idVendor=1b96, idProduct=0003, bcdDevice= 0.00 [ 38.386234][ T487] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.395040][ T487] usb 4-1: config 0 descriptor?? [ 38.617875][ T6] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 38.636532][ T60] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 38.806620][ T307] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 38.812885][ T307] cdc_ncm 3-1:1.0: setting tx_max = 184 [ 38.857231][ T1167] syz.3.315[1167] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.857292][ T1167] syz.3.315[1167] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.887353][ T487] ntrig 0003:1B96:0003.000E: unknown main item tag 0x0 [ 38.905907][ T487] ntrig 0003:1B96:0003.000E: hidraw0: USB HID v0.00 Device [HID 1b96:0003] on usb-dummy_hcd.3-1/input0 [ 38.966720][ T26] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 38.986635][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.996623][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.997460][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.008403][ T60] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 39.017847][ T6] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 39.030799][ T60] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 39.039393][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.048357][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.056519][ T6] usb 1-1: config 0 descriptor?? [ 39.069852][ T60] usb 5-1: config 0 descriptor?? [ 39.236581][ T26] usb 2-1: device descriptor read/64, error -71 [ 39.278107][ T307] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42 [ 39.291653][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 39.291668][ T30] audit: type=1400 audit(1725961004.071:312): avc: denied { read } for pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 39.321619][ T487] usb 4-1: USB disconnect, device number 5 [ 39.477724][ T20] usb 3-1: USB disconnect, device number 7 [ 39.496668][ T20] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM [ 39.547451][ T60] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0 [ 39.554923][ T60] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 39.565867][ T60] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 39.568985][ T6] hid-multitouch 0003:1FD2:6007.0010: item fetching failed at offset 3/5 [ 39.586731][ T6] hid-multitouch: probe of 0003:1FD2:6007.0010 failed with error -22 [ 39.626552][ T26] usb 2-1: device descriptor read/64, error -71 [ 39.786865][ T60] usb 5-1: USB disconnect, device number 6 [ 39.809031][ T1137] usb 1-1: USB disconnect, device number 7 [ 39.896577][ T26] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 39.931669][ T1228] loop3: detected capacity change from 0 to 40427 [ 40.020476][ T1228] F2FS-fs (loop3): invalid crc value [ 40.037571][ T1228] F2FS-fs (loop3): Found nat_bits in checkpoint [ 40.060996][ T1228] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 40.068838][ T30] audit: type=1400 audit(1725961004.851:313): avc: denied { mount } for pid=1227 comm="syz.3.328" name="/" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.083836][ T1228] attempt to access beyond end of device [ 40.083836][ T1228] loop3: rw=2049, want=45104, limit=40427 [ 40.110601][ T30] audit: type=1400 audit(1725961004.891:314): avc: denied { unmount } for pid=926 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.110936][ T926] attempt to access beyond end of device [ 40.110936][ T926] loop3: rw=2049, want=45120, limit=40427 [ 40.166557][ T26] usb 2-1: device descriptor read/64, error -71 [ 40.264879][ T1239] loop3: detected capacity change from 0 to 128 [ 40.312015][ T1242] device syzkaller0 entered promiscuous mode [ 40.339603][ T30] audit: type=1326 audit(1725961005.121:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.397234][ T1239] attempt to access beyond end of device [ 40.397234][ T1239] loop3: rw=0, want=241, limit=128 [ 40.406533][ T30] audit: type=1326 audit(1725961005.121:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.431368][ T1249] loop2: detected capacity change from 0 to 2048 [ 40.436248][ T30] audit: type=1326 audit(1725961005.121:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.462037][ T30] audit: type=1326 audit(1725961005.121:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.486230][ T30] audit: type=1326 audit(1725961005.121:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.486306][ T45] attempt to access beyond end of device [ 40.486306][ T45] loop3: rw=1, want=1041, limit=128 [ 40.509754][ T30] audit: type=1326 audit(1725961005.121:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.544027][ T30] audit: type=1326 audit(1725961005.121:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1243 comm="syz.0.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72717f8ef9 code=0x7ffc0000 [ 40.586543][ T26] usb 2-1: device descriptor read/64, error -71 [ 40.609275][ T1249] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.336: bad orphan inode 8192 [ 40.619637][ T1249] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 40.711610][ T26] usb usb2-port1: attempt power cycle [ 40.980240][ T1303] loop4: detected capacity change from 0 to 512 [ 41.011036][ T1303] EXT4-fs (loop4): Test dummy encryption mode enabled [ 41.020577][ T1273] loop3: detected capacity change from 0 to 40427 [ 41.036840][ T1303] EXT4-fs error (device loop4): ext4_fill_super:4831: inode #2: comm syz.4.360: casefold flag without casefold feature [ 41.057617][ T1303] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 41.067451][ T1303] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,test_dummy_encryption,,errors=continue. Quota mode: none. [ 41.081732][ T1273] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 41.095548][ T1273] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 41.108149][ T1273] F2FS-fs (loop3): Found nat_bits in checkpoint [ 41.126563][ T26] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 41.166231][ T1273] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 41.174334][ T1273] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 41.306625][ T26] usb 2-1: device descriptor read/8, error -71 [ 41.358520][ T926] attempt to access beyond end of device [ 41.358520][ T926] loop3: rw=2051, want=77824, limit=40427 [ 41.374298][ T926] attempt to access beyond end of device [ 41.374298][ T926] loop3: rw=2051, want=90112, limit=40427 [ 41.385950][ T926] F2FS-fs (loop3): Issue discard(7168, 7168, 2560) failed, ret: -5 [ 41.385979][ T926] F2FS-fs (loop3): Issue discard(10240, 10240, 1024) failed, ret: -5 [ 41.576629][ T26] usb 2-1: device descriptor read/8, error -71 [ 41.665393][ T1333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.369'. [ 41.674166][ T1333] device bridge_slave_1 left promiscuous mode [ 41.680901][ T1333] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.688416][ T1333] device bridge_slave_0 left promiscuous mode [ 41.694360][ T1333] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.822291][ T1345] loop3: detected capacity change from 0 to 512 [ 41.907129][ T1345] EXT4-fs (loop3): Ignoring removed nobh option [ 41.918879][ T1345] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2 [ 42.196564][ T487] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 42.436516][ T487] usb 1-1: Using ep0 maxpacket: 16 [ 42.556595][ T487] usb 1-1: config 0 has no interfaces? [ 42.562037][ T487] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 42.571158][ T487] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.582530][ T487] usb 1-1: config 0 descriptor?? [ 42.830246][ T487] usb 1-1: USB disconnect, device number 8 [ 42.833258][ T1367] loop3: detected capacity change from 0 to 512 [ 42.883683][ T1367] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 42.894871][ T1367] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038 (0x7fffffff) [ 43.246511][ T20] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 43.368100][ T1387] loop1: detected capacity change from 0 to 1024 [ 43.419930][ T1387] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 43.496603][ T20] usb 4-1: Using ep0 maxpacket: 16 [ 43.616571][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.627458][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.637335][ T20] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 43.652837][ T20] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 43.662063][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.677914][ T20] usb 4-1: config 0 descriptor?? [ 43.691006][ T1397] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 43.746554][ T26] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 43.816506][ T487] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 43.902040][ T1404] loop2: detected capacity change from 0 to 2048 [ 43.967768][ T1404] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 43.978344][ T1404] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038 (0x7fffffff) [ 44.006553][ T26] usb 1-1: Using ep0 maxpacket: 16 [ 44.020086][ T1403] fs-verity: sha512 using implementation "sha512-avx2" [ 44.027430][ T1403] fs-verity (loop2, inode 13): fs-verity keyring is empty, rejecting signed file! [ 44.165763][ T1399] loop4: detected capacity change from 0 to 131072 [ 44.167446][ T20] koneplus 0003:1E7D:2E22.0011: unknown main item tag 0x0 [ 44.173007][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.181291][ T20] koneplus 0003:1E7D:2E22.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.3-1/input0 [ 44.193199][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.202002][ T487] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.211110][ T26] usb 1-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 44.211136][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.222544][ T487] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.231423][ T26] usb 1-1: config 0 descriptor?? [ 44.238605][ T487] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 44.252390][ T1399] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name [ 44.252828][ T487] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.276799][ T1399] F2FS-fs (loop4): invalid crc value [ 44.277661][ T487] usb 2-1: config 0 descriptor?? [ 44.285662][ T1399] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 44.307453][ T1399] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 44.426630][ T315] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 44.549708][ T1426] device veth0_vlan left promiscuous mode [ 44.555463][ T1426] device veth0_vlan entered promiscuous mode [ 44.562394][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.570593][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.578521][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.597218][ T1428] loop4: detected capacity change from 0 to 512 [ 44.603561][ T1137] usb 4-1: USB disconnect, device number 6 [ 44.611179][ T1428] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 44.621661][ T1428] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 44.629768][ T1428] System zones: 1-12 [ 44.635824][ T1428] EXT4-fs (loop4): 1 truncate cleaned up [ 44.641340][ T1428] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback. [ 44.727383][ T26] saitek 0003:06A3:0621.0012: item fetching failed at offset 2/5 [ 44.737253][ T26] saitek 0003:06A3:0621.0012: parse failed [ 44.742891][ T26] saitek: probe of 0003:06A3:0621.0012 failed with error -22 [ 44.766828][ T487] hid (null): bogus close delimiter [ 44.772887][ T1437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.410'. [ 44.787778][ T315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.800970][ T315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.810589][ T315] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 44.823701][ T315] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 44.832633][ T315] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.845581][ T315] usb 3-1: config 0 descriptor?? [ 44.947579][ T20] usb 1-1: USB disconnect, device number 9 [ 45.256517][ T1137] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 45.327443][ T315] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 45.334716][ T315] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 45.343482][ T315] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 45.350804][ T315] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 45.358325][ T315] prodikeys 0003:041E:2801.0014: unknown main item tag 0x0 [ 45.368755][ T315] prodikeys 0003:041E:2801.0014: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input0 [ 45.429511][ T487] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0013/input/input8 [ 45.447102][ T30] kauditd_printk_skb: 76 callbacks suppressed [ 45.447116][ T30] audit: type=1400 audit(1725961010.231:398): avc: denied { read } for pid=85 comm="acpid" name="event4" dev="devtmpfs" ino=559 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.466190][ T487] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0013/input/input9 [ 45.486040][ T1468] loop3: detected capacity change from 0 to 128 [ 45.492929][ T30] audit: type=1400 audit(1725961010.231:399): avc: denied { open } for pid=85 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=559 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.516665][ T1137] usb 5-1: Using ep0 maxpacket: 16 [ 45.518805][ T487] uclogic 0003:256C:006D.0013: input,hidraw1: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 45.536329][ T849] usb 3-1: USB disconnect, device number 8 [ 45.540608][ T30] audit: type=1400 audit(1725961010.301:400): avc: denied { ioctl } for pid=85 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=559 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.621182][ T30] audit: type=1400 audit(1725961010.401:401): avc: denied { map } for pid=1469 comm="syz.0.424" path="socket:[22900]" dev="sockfs" ino=22900 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 45.657076][ T26] usb 2-1: USB disconnect, device number 9 [ 45.666695][ T1137] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 45.687769][ T1137] usb 5-1: config 0 has no interfaces? [ 45.693515][ T1137] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 45.718026][ T30] audit: type=1400 audit(1725961010.501:402): avc: denied { read } for pid=1475 comm="syz.0.426" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 45.720399][ T1137] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.743827][ T30] audit: type=1400 audit(1725961010.531:403): avc: denied { open } for pid=1475 comm="syz.0.426" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 45.752152][ T1137] usb 5-1: config 0 descriptor?? [ 45.833770][ T30] audit: type=1326 audit(1725961010.611:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1482 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 45.840019][ T1481] loop0: detected capacity change from 0 to 1024 [ 45.858664][ T1483] syz.3.429[1483] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.863102][ T1483] syz.3.429[1483] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.874559][ T30] audit: type=1326 audit(1725961010.641:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1482 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 45.909365][ T30] audit: type=1326 audit(1725961010.641:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1482 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 45.933713][ T1481] EXT4-fs (loop0): Unrecognized mount option "fsname=-!ø" or missing value [ 45.942199][ T30] audit: type=1326 audit(1725961010.641:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1482 comm="syz.3.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686761cef9 code=0x7ffc0000 [ 46.048058][ T1489] loop0: detected capacity change from 0 to 16 [ 46.064478][ T6] usb 5-1: USB disconnect, device number 7 [ 46.078384][ T1489] erofs: Unknown parameter 'ÿÿÿÿ' [ 46.115222][ T1489] kvm: pic: non byte write [ 46.129022][ T1494] loop2: detected capacity change from 0 to 2048 [ 46.143380][ T1496] loop0: detected capacity change from 0 to 512 [ 46.177164][ T1496] EXT4-fs (loop0): Ignoring removed bh option [ 46.185153][ T1496] EXT4-fs error (device loop0): __ext4_iget:4892: inode #12: block 2: comm syz.0.435: invalid block [ 46.196654][ T1496] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.435: couldn't read orphan inode 12 (err -117) [ 46.209589][ T1496] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none. [ 46.226402][ T1494] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none. [ 46.239312][ T487] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 46.305410][ T1508] input: syz0 as /devices/virtual/input/input10 [ 46.324297][ T1508] ================================================================== [ 46.332185][ T1508] BUG: KASAN: use-after-free in mutex_lock+0xa9/0x1e0 [ 46.338779][ T1508] Write of size 8 at addr ffff88811840d050 by task syz.2.439/1508 [ 46.346421][ T1508] [ 46.348589][ T1508] CPU: 0 PID: 1508 Comm: syz.2.439 Not tainted 5.15.159-syzkaller-01152-g99ada58989e6 #0 [ 46.358220][ T1508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 46.368132][ T1508] Call Trace: [ 46.371243][ T1508] [ 46.374018][ T1508] dump_stack_lvl+0x151/0x1c0 [ 46.378532][ T1508] ? io_uring_drop_tctx_refs+0x190/0x190 [ 46.384002][ T1508] ? __wake_up_klogd+0xd5/0x110 [ 46.388685][ T1508] ? panic+0x760/0x760 [ 46.392589][ T1508] ? vfs_open+0x73/0x80 [ 46.396585][ T1508] print_address_description+0x87/0x3b0 [ 46.401964][ T1508] kasan_report+0x179/0x1c0 [ 46.406316][ T1508] ? mutex_lock+0xa9/0x1e0 [ 46.410557][ T1508] ? mutex_lock+0xa9/0x1e0 [ 46.414823][ T1508] kasan_check_range+0x293/0x2a0 [ 46.419582][ T1508] __kasan_check_write+0x14/0x20 [ 46.424360][ T1508] mutex_lock+0xa9/0x1e0 [ 46.428433][ T1508] ? wait_for_completion_killable_timeout+0x10/0x10 [ 46.434955][ T1508] steam_input_open+0x91/0x1a0 [ 46.439551][ T1508] ? steam_input_register+0xa70/0xa70 [ 46.444751][ T1508] ? __kasan_check_write+0x14/0x20 [ 46.449699][ T1508] ? mutex_lock_interruptible+0xb6/0x1e0 [ 46.455166][ T1508] ? __kasan_check_write+0x14/0x20 [ 46.460115][ T1508] input_open_device+0x1a5/0x310 [ 46.464886][ T1508] ? kobject_get_unless_zero+0x229/0x320 [ 46.470362][ T1508] evdev_open+0x3df/0x620 [ 46.474634][ T1508] chrdev_open+0x4f7/0x620 [ 46.479000][ T1508] ? cd_forget+0x170/0x170 [ 46.483336][ T1508] ? fsnotify_perm+0x4ba/0x5d0 [ 46.487974][ T1508] ? cd_forget+0x170/0x170 [ 46.492275][ T1508] do_dentry_open+0x81c/0xfd0 [ 46.496794][ T1508] vfs_open+0x73/0x80 [ 46.500609][ T1508] path_openat+0x26f0/0x2f40 [ 46.505035][ T1508] ? __kasan_slab_free+0x11/0x20 [ 46.509810][ T1508] ? __kasan_slab_alloc+0xb1/0xe0 [ 46.514672][ T1508] ? kmem_cache_alloc+0xf5/0x200 [ 46.519442][ T1508] ? getname_flags+0xba/0x520 [ 46.523958][ T1508] ? __x64_sys_openat+0x243/0x290 [ 46.528817][ T1508] ? do_filp_open+0x460/0x460 [ 46.533332][ T1508] do_filp_open+0x21c/0x460 [ 46.537669][ T1508] ? vfs_tmpfile+0x2c0/0x2c0 [ 46.542101][ T1508] do_sys_openat2+0x13f/0x830 [ 46.546696][ T1508] ? selinux_file_ioctl+0x3cc/0x540 [ 46.551729][ T1508] ? do_sys_open+0x220/0x220 [ 46.556158][ T1508] __x64_sys_openat+0x243/0x290 [ 46.560846][ T1508] ? __ia32_sys_open+0x270/0x270 [ 46.565620][ T1508] ? __kasan_check_read+0x11/0x20 [ 46.570478][ T1508] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 46.575945][ T1508] x64_sys_call+0x6bf/0x9a0 [ 46.580287][ T1508] do_syscall_64+0x3b/0xb0 [ 46.584536][ T1508] ? clear_bhb_loop+0x35/0x90 [ 46.589050][ T1508] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.594809][ T1508] RIP: 0033:0x7f62cc96a890 [ 46.599033][ T1508] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 46.618479][ T1508] RSP: 002b:00007f62cb5e4b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 46.626811][ T1508] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62cc96a890 [ 46.634615][ T1508] RDX: 0000000000000000 RSI: 00007f62cb5e4c10 RDI: 00000000ffffff9c [ 46.642429][ T1508] RBP: 00007f62cb5e4c10 R08: 0000000000000000 R09: 0000000000000000 [ 46.650237][ T1508] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 46.658050][ T1508] R13: 0000000000000000 R14: 00007f62ccb23f80 R15: 00007ffeddc0b088 [ 46.665867][ T1508] [ 46.668726][ T1508] [ 46.670893][ T1508] Allocated by task 487: [ 46.674976][ T1508] ____kasan_kmalloc+0xdb/0x110 [ 46.679660][ T1508] __kasan_kmalloc+0x9/0x10 [ 46.683999][ T1508] __kmalloc_track_caller+0x139/0x260 [ 46.689213][ T1508] devm_kmalloc+0x4f/0x160 [ 46.693462][ T1508] steam_probe+0x11d/0xa80 [ 46.697712][ T1508] hid_device_probe+0x261/0x390 [ 46.702568][ T1508] really_probe+0x28d/0x970 [ 46.706916][ T1508] __driver_probe_device+0x1a0/0x310 [ 46.712033][ T1508] driver_probe_device+0x54/0x3d0 [ 46.716897][ T1508] __device_attach_driver+0x2c5/0x470 [ 46.722101][ T1508] bus_for_each_drv+0x183/0x200 [ 46.726789][ T1508] __device_attach+0x312/0x510 [ 46.731390][ T1508] device_initial_probe+0x1a/0x20 [ 46.736283][ T1508] bus_probe_device+0xbe/0x1e0 [ 46.740869][ T1508] device_add+0xb60/0xf10 [ 46.745016][ T1508] hid_add_device+0x39c/0x4e0 [ 46.749529][ T1508] usbhid_probe+0xb0e/0xea0 [ 46.753867][ T1508] usb_probe_interface+0x5b6/0xa90 [ 46.758820][ T1508] really_probe+0x28d/0x970 [ 46.763155][ T1508] __driver_probe_device+0x1a0/0x310 [ 46.768278][ T1508] driver_probe_device+0x54/0x3d0 [ 46.773138][ T1508] __device_attach_driver+0x2c5/0x470 [ 46.778691][ T1508] bus_for_each_drv+0x183/0x200 [ 46.783381][ T1508] __device_attach+0x312/0x510 [ 46.788157][ T1508] device_initial_probe+0x1a/0x20 [ 46.793099][ T1508] bus_probe_device+0xbe/0x1e0 [ 46.797704][ T1508] device_add+0xb60/0xf10 [ 46.801865][ T1508] usb_set_configuration+0x190f/0x1e80 [ 46.807162][ T1508] usb_generic_driver_probe+0x8b/0x150 [ 46.812454][ T1508] usb_probe_device+0x144/0x260 [ 46.817144][ T1508] really_probe+0x28d/0x970 [ 46.821481][ T1508] __driver_probe_device+0x1a0/0x310 [ 46.826602][ T1508] driver_probe_device+0x54/0x3d0 [ 46.831549][ T1508] __device_attach_driver+0x2c5/0x470 [ 46.836756][ T1508] bus_for_each_drv+0x183/0x200 [ 46.841443][ T1508] __device_attach+0x312/0x510 [ 46.846042][ T1508] device_initial_probe+0x1a/0x20 [ 46.850908][ T1508] bus_probe_device+0xbe/0x1e0 [ 46.855501][ T1508] device_add+0xb60/0xf10 [ 46.859676][ T1508] usb_new_device+0x1038/0x1c00 [ 46.864356][ T1508] hub_event+0x2def/0x4770 [ 46.868608][ T1508] process_one_work+0x6bb/0xc10 [ 46.873298][ T1508] worker_thread+0xad5/0x12a0 [ 46.877809][ T1508] kthread+0x421/0x510 [ 46.881732][ T1508] ret_from_fork+0x1f/0x30 [ 46.885968][ T1508] [ 46.888139][ T1508] The buggy address belongs to the object at ffff88811840d000 [ 46.888139][ T1508] which belongs to the cache kmalloc-512 of size 512 [ 46.902027][ T1508] The buggy address is located 80 bytes inside of [ 46.902027][ T1508] 512-byte region [ffff88811840d000, ffff88811840d200) [ 46.915049][ T1508] The buggy address belongs to the page: [ 46.920530][ T1508] page:ffffea0004610300 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88811840d000 pfn:0x11840c [ 46.931882][ T1508] head:ffffea0004610300 order:2 compound_mapcount:0 compound_pincount:0 [ 46.940038][ T1508] flags: 0x4000000000010200(slab|head|zone=1) [ 46.945951][ T1508] raw: 4000000000010200 ffffea0004a43d08 ffffea00045ed308 ffff888100042f00 [ 46.954364][ T1508] raw: ffff88811840d000 000000000010000f 00000001ffffffff 0000000000000000 [ 46.962780][ T1508] page dumped because: kasan: bad access detected [ 46.969044][ T1508] page_owner tracks the page as allocated [ 46.974599][ T1508] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 926, ts 34153604875, free_ts 24679904566 [ 46.994816][ T1508] post_alloc_hook+0x1a3/0x1b0 [ 46.999406][ T1508] prep_new_page+0x1b/0x110 [ 47.003746][ T1508] get_page_from_freelist+0x3550/0x35d0 [ 47.009214][ T1508] __alloc_pages+0x27e/0x8f0 [ 47.013637][ T1508] new_slab+0x9a/0x4e0 [ 47.017544][ T1508] ___slab_alloc+0x39e/0x830 [ 47.021972][ T1508] __slab_alloc+0x4a/0x90 [ 47.026138][ T1508] __kmalloc_track_caller+0x16c/0x260 [ 47.031343][ T1508] __alloc_skb+0x10c/0x550 [ 47.035597][ T1508] netlink_ack+0x33c/0xb10 [ 47.039870][ T1508] netlink_rcv_skb+0x24c/0x410 [ 47.044448][ T1508] rtnetlink_rcv+0x1c/0x20 [ 47.048703][ T1508] netlink_unicast+0x8df/0xac0 [ 47.053304][ T1508] netlink_sendmsg+0xa0a/0xd20 [ 47.057907][ T1508] __sys_sendto+0x564/0x720 [ 47.062246][ T1508] __x64_sys_sendto+0xe5/0x100 [ 47.066845][ T1508] page last free stack trace: [ 47.071362][ T1508] free_unref_page_prepare+0x7c8/0x7d0 [ 47.076742][ T1508] free_unref_page+0xe8/0x750 [ 47.081253][ T1508] __free_pages+0x61/0xf0 [ 47.085417][ T1508] __free_slab+0xec/0x1d0 [ 47.089582][ T1508] __unfreeze_partials+0x165/0x1a0 [ 47.094616][ T1508] put_cpu_partial+0xc4/0x120 [ 47.099131][ T1508] __slab_free+0x1c8/0x290 [ 47.103382][ T1508] ___cache_free+0x109/0x120 [ 47.107808][ T1508] qlink_free+0x4d/0x90 [ 47.111801][ T1508] qlist_free_all+0x44/0xb0 [ 47.116143][ T1508] kasan_quarantine_reduce+0x15a/0x180 [ 47.121435][ T1508] __kasan_slab_alloc+0x2f/0xe0 [ 47.126122][ T1508] slab_post_alloc_hook+0x53/0x2c0 [ 47.131081][ T1508] kmem_cache_alloc_trace+0xf9/0x210 [ 47.136199][ T1508] virtio_transport_alloc_pkt+0x6a/0xa10 [ 47.141661][ T1508] virtio_transport_send_pkt_info+0x2c8/0x630 [ 47.147562][ T1508] [ 47.149731][ T1508] Memory state around the buggy address: [ 47.155202][ T1508] ffff88811840cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.163099][ T1508] ffff88811840cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.170997][ T1508] >ffff88811840d000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.178892][ T1508] ^ [ 47.185405][ T1508] ffff88811840d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.193304][ T1508] ffff88811840d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.201198][ T1508] ================================================================== [ 47.209096][ T1508] Disabling lock debugging due to kernel taint [ 47.230196][ T1508] hid 0003:28DE:1102.000B: No HID_FEATURE_REPORT submitted - nothing to read [ 47.239231][ T1508] hid 0003:28DE:1102.000B: No HID_FEATURE_REPORT submitted - nothing to read [ 47.259723][ T1508] hid 0003:28DE:1102.000B: No HID_FEATURE_REPORT submitted - nothing to read [ 47.268804][ T1508] hid 0003:28DE:1102.000B: No HID_FEATURE_REPORT submitted - nothing to read [ 47.276616][ T1513] loop0: detected capacity change from 0 to 40427 [ 47.277886][ T1508] hid 0003:28DE:1102.000B: No HID_FEATURE_REPORT submitted - nothing to read [ 47.292850][ T1513] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 47.300738][ T1513] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 47.311302][ T1513] F2FS-fs (loop0): Found nat_bits in checkpoint [ 47.336556][ T487] usb 4-1: Using ep0 maxpacket: 16 [ 47.344080][ T1513] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 47.351744][ T1513] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 47.366590][ T20] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 47.456702][ T487] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.471352][ T487] usb 4-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 47.480520][ T487] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.492757][ T487] usb 4-1: config 0 descriptor?? [ 47.726621][ T20] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 47.736593][ T20] usb 2-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.747594][ T20] usb 2-1: config 0 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.757461][ T20] usb 2-1: config 0 interface 0 has no altsetting 0 [ 47.763904][ T20] usb 2-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 47.772755][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.781364][ T20] usb 2-1: config 0 descriptor?? [ 47.978329][ T487] lenovo 0003:17EF:60A3.0015: hidraw0: USB HID v0.00 Device [HID 17ef:60a3] on usb-dummy_hcd.3-1/input0 [ 48.179614][ T487] usb 4-1: USB disconnect, device number 7 [ 48.257259][ T20] zeroplus 0003:0C12:0005.0016: item fetching failed at offset 1/5 [ 48.265177][ T20] zeroplus 0003:0C12:0005.0016: parse failed [ 48.270924][ T20] zeroplus: probe of 0003:0C12:0005.0016 failed with error -22 [ 48.459955][ T20] usb 2-1: USB disconnect, device number 10