last executing test programs: 6.892608725s ago: executing program 3 (id=3646): socket$packet(0x11, 0x2, 0x300) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet(0x2b, 0x801, 0x0) pipe(&(0x7f0000000080)) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000101010100000000000000000a000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) 6.781716906s ago: executing program 3 (id=3647): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)) 6.573470295s ago: executing program 3 (id=3654): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000800000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000780)={0x24, 0x0, 0x0, &(0x7f0000000700)={0x0, 0x22, 0x5, {[@main=@item_012={0x1, 0x0, 0xc, "9f"}, @global=@item_012={0x2, 0x1, 0x0, "16c2"}]}}, 0x0}, 0x0) 5.001599792s ago: executing program 0 (id=3667): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000005c0), 0x12) 4.891745443s ago: executing program 0 (id=3668): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) close(0xffffffffffffffff) 4.840366897s ago: executing program 0 (id=3669): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a000090400000103010100092100080001220300090581", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000940)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b40)={0x2c, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 4.575889482s ago: executing program 3 (id=3673): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000c00)={{0x12, 0x1, 0x0, 0x11, 0xe6, 0x0, 0x10, 0x114b, 0x110, 0x5587, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0x1, 0x50}}]}}]}}, 0x0) 3.808227363s ago: executing program 2 (id=3675): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) syz_emit_ethernet(0x88, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60dd690b00522f0000000000000000000000ffff00000000ff02000000000000000000000000000124208100000e0000a4fe7c66b445aab04df086dd08"], 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000fa271185413b1a2be45bd9376b4603e76dcf1eb42021e76f2531ea77844d903b7c56524575579b8712832cdd1693b8d4ccdffb91a41fa4e1f80266c74b6b121976aa42e99b23"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) signalfd(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x3, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) socket$inet6(0xa, 0x0, 0x8000000003c) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(r8) 3.146841015s ago: executing program 1 (id=3678): unshare(0x22020600) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) fgetxattr(r1, &(0x7f0000000000)=ANY=[], 0x0, 0x0) 3.093010841s ago: executing program 1 (id=3679): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x54, &(0x7f0000000100)={[{@bh}, {@errors_continue}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@delalloc}, {@jqfmt_vfsv0}, {@usrjquota}]}, 0x1, 0x477, &(0x7f00000002c0)="$eJzs209sFNUfAPDvzG4LP/hBK6IIolbR2Ki0tKBy8KLRxIMmJnrAi0ltC0EWamhNhBCtxuDRkHhXjyYm3jx4Ug9GPZl41bshIcoF9FQzuzPLdrv9s7TdUvbzSaZ5b+ZN3/vuzJt5M283gK41kP1JIv4fEb9HRF8tWzeXF8rKXb96YfyfqxfGk5ibe/WvpFru2tUL40XZYr/teWYwjUg/SvJK5ps+d/7UWKUyeTbPD8+cfnt4+tz5gydPj52YPDF5ZvTo0SOHR55+avTJdkPa2mplFt+1fe9N7d/74uuXXh4/dunNn79K8vXRFMdK9KygzEAW+N9zVc3bHmmnsk1gR0M6KTduKXe+MaxYKT9CPdX+3xelhuPVFy98uGCHtMMNBNZNdm/asvjm2TngNpbERrcA2BjFjT57/i2WDg09bglXnq09AGVxX8+X2pZy/VGnp+n5di0NRMSx2X8/y5a4ifcQAADt+i4b/zzRavyXRuMYcWc+N9QfEXdExK6IuDMidkfEXRFxd0TsiYh72qy/eWpo4fgnvbya+JaTjf+eyee25o//6i+6+0t5bkc1/p7k+MnK5KH8MxmMni1ZfmSJOr5//rdPFtvWOP7Llqz+Y/Mml9LL5aYXdBNjM2PZoPSNgzcfd+HKBxH7yq3iT+ozAUlE7I2Ife39651F4uRjX+5frFDL+POx8LLWYGpp7ouIR2vHfzaa4i8kS89PDm+NyuSh4eKsWOiXXy++slj9q4p/DWTHf9v887+5SH/SOF873X4dF//4eNFnmuXjb33+9yavVa9Hvfm6d8dmZs6ORPQmL9X2alw/emPfIl+Uz+IfPNC6/+/K98nivzcispP4voi4PyIeyNv+YEQ8FBEHloj/p+cefuvm419fWfwTLa9/9fO/6fi3nyid+vHbxeqvxv/Nzoglj/+RamowX1O9/i2jMrCyBq7mswMAAIDNIq1+Bz5Jh+rpNB0aqn2Hf3dsSytT0zOPH59658xE7bvy/dGTFm+6+hreh44ks/l/rOVH83fFxfbD+XvjT0v/q+aHxqcqExscO3S77Q39f9eeG/0/82epXuzrHxpnRPykA24f+jN0r+b+7zd+0D3c/6F76f/QvfR/6F6t+v/7TflSh9oCdJb7P3Qv/R+6l/4P3Uv/h660mt/1dyzxefmWaIZEkUinz52PdMObsZ6J3s3UQdYjsfBaUTZOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANqH/AgAA//89t/CN") 3.032030496s ago: executing program 1 (id=3680): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 3.010112759s ago: executing program 1 (id=3681): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1000}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000030301"], 0x20}}, 0x0) 2.99331764s ago: executing program 1 (id=3682): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000208500000073000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x0, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000000000000000009500000000000be9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setscheduler(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x50, 0xffffffffffffffff, 0x5738d000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$watch_queue(0x0, 0x80) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000800)={0x0, 0x10}, 0x18) execveat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x800) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@nobh}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@resuid, 0x32}]}, 0x1b, 0x4f0, &(0x7f0000000a40)="$eJzs3V1rW+cdAPD/ObaSOHFmh+0iCywLS4Ydtkh2vCRmF1k2xnYV2JZdL/Ns2RjLlrHkJDZhc9gHGIyxDQaDXvWm0A9QKPkIpRBo70tbWkqbtBe5aKOit7w4kq0Q2Qr27wfH53nOi///R0JHes55OCeAfetURJyOiEeVSuVsRAw1lqeN6Uq1slHf7sH929PVKYlK5drnSURSX1bdZPSp/3mkvksciog//DbiL8nzcUtr6wtThUJ+pVHPlReXc6W19XPzi1Nz+bn80sTE+MXJS5MXJse60s7BiLj864///Y/Xf3P57Z/e/OD6p6N/TRrLI560o9vqTc/UXoum/ohY2YlgPdDXaE+m14kAANCR5u/8H0XE2RiKvtqvOQAAAGAvqfxiML5OIioAAADAnpXWxsAmabYxDmAw0jSbrY/h/V4cTgvFUvkns8XVpZn6WNnhyKSz84X8WGOs8HBkkmp9vFZ+Uj+/qT4REcci4l9DA7V6drpYmOn1yQ8AAADYJ45s6v9/NVTv/wMAAAB7zHCvEwAAAAB2nP4/AAAA7H36/wAAALCn/e7q1epUaT7/eubG2upC8ca5mXxpIbu4Op2dLq4sZ+eKxbnaPfsWt/t/hWJx+WextHorV86XyrnS2vr1xeLqUvn6/DOPwAYAAAB20bEf3n0/iYiNnw/UpqoDvU4K2BX9L7LxRzuXB7D7+nqdANAzL/T9D+wpmV4nAPRcEhH/32J928E77+xMPgAAQPeNfL/19f9k23MDG+kupQjsEOf/YP9y/R/2L9f/Yf/KRF903pEf2NFcgN5Itln/8tf/K5UXSggAAOi6wdqUpNmI2nmAwUjTbDbiaO2xAJlkdr6QH4uI70TEe0OZg9X6eG3PZNs+AwAAAAAAAAAAAAAAAAAAAAAAAABQV6kkUQEAAAD2tIj0k6Tx/K+RoTODm88PHEgeDtXmEXHzf9f+c2uqXF4Zry7/4vHy8n8by8/34gwGAAAAsFmzn97sxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABANz24f3u6Oe1m3M9+GRHDreL3x6Ha/FBkIuLwl0n0P7VfEhF9XYi/cScifvWnFvGTalox3MiiVfyBbsU/3qr9W8dPI+JIF+LDfna3evy50urzl8ap2nzz5+/g4337uxC//fEvfXz862tz/DnaYYwT997MtY1/J+JEf+vjTzN+0ib+6Q7j//mP6+vt1lVeixhp+f2TPBMrV15czpXW1s/NL07N5efySxMT4xcnL01emBzLzc4X8o2/LWP88wdvPdqq/YfbxB/epv1nOmz/N/du3f9uvZhpFX/0dOv3/3ib+Gnju+/HjXJ1/UizvFEvP+3kG++e3Kr9M23av937P9ph+8/+/u8fdrgpALALSmvrC1OFQn5lXxde6tWo/izqbOO0EeZVaLJCfqX0t1cjjVey0PxMPOzJcQkAAOi+5/vAAAAAAAAAAAAAAAAAAAAAwG7rzj3DmvfE3vruek0b9dlz90IGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOilbwMAAP//lRTPYg==") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) read$FUSE(r3, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2058) write$FUSE_INIT(r3, &(0x7f0000002200)={0x50, 0x0, r4, {0x7, 0x27, 0x0, 0x1dd880}}, 0x50) read$FUSE(r3, &(0x7f0000000100)={0x2020}, 0x2020) 2.950353864s ago: executing program 2 (id=3683): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r0}, 0x10) 2.867991412s ago: executing program 2 (id=3685): r0 = gettid() r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0xfffffffffffffcf7, 0x0) r7 = dup(r5) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x4, 0x0, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x91446000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r10 = io_uring_setup(0x48b0, &(0x7f00000000c0)) timer_create(0x6, &(0x7f0000000000)={0x0, 0x27, 0x0, @tid=r4}, &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r10, 0xf, &(0x7f0000000540)={0x1000, 0x0, 0x0, 0x0}, 0x20) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000200)={0xa000000a}) finit_module(r1, 0x0, 0x0) tkill(r0, 0x7) 1.908240161s ago: executing program 2 (id=3689): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvfrom(r0, &(0x7f0000000480)=""/191, 0xbf, 0x40, 0x0, 0x0) 660.521938ms ago: executing program 0 (id=3693): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000380)={{r0}, &(0x7f00000003c0), &(0x7f0000000340)='%ps \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) unshare(0x62040200) 652.651009ms ago: executing program 1 (id=3694): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) syz_emit_ethernet(0x88, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60dd690b00522f0000000000000000000000ffff00000000ff02000000000000000000000000000124208100000e0000a4fe7c66b445aab04df086dd08"], 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) signalfd(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x3, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r6, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) socket$inet6(0xa, 0x0, 0x8000000003c) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(r7) 648.251849ms ago: executing program 2 (id=3695): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10) 632.454181ms ago: executing program 2 (id=3696): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000407d1eb42d000000090001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="40004f0000004f0ed1abc63f6e866bbc4d"], 0x0, 0x0, 0x0}, 0x0) open(0x0, 0x141042, 0x0) 608.662043ms ago: executing program 0 (id=3697): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x24, 0x68, 0xa898cf170ab9f9b9, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x1, 0x12}, @NHA_FDB={0x4}]}, 0x24}}, 0x0) 602.991554ms ago: executing program 0 (id=3698): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000ffff04850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000d40)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x1, 0x8, "ef3a3e5ff1c12cbb"}, 0x0}) 272.849514ms ago: executing program 3 (id=3701): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x19, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000008000000850000007b00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000640)='percpu_alloc_percpu\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 266.276315ms ago: executing program 3 (id=3703): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect(0x0, 0x4d, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000735aca105e042107c4900102030109023b00010000000009040000000e010000052406000105240300000d240f0100000000000000000006"], 0x0) syz_usb_control_io(r2, &(0x7f0000000540)={0x2c, 0x0, &(0x7f0000000400)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000001a80)={0x24, 0x0, &(0x7f00000008c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 102.09828ms ago: executing program 4 (id=3712): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='mm_page_alloc\x00', r2}, 0x10) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) 93.747891ms ago: executing program 4 (id=3713): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54da0e13047e9f62fbb85ccc774b3ec4c81a1a985232d16d0d934460e920a59172e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9ae"], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x104) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r1, 0x10e, 0xc, 0x0, &(0x7f0000000040)) 54.673995ms ago: executing program 4 (id=3714): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x509, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x0, 0x0, 0x0, {@ip4=@broadcast}}}]}, 0x38}}, 0x0) 54.333935ms ago: executing program 4 (id=3715): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000019006c798af8ff0000000100a200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010001000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000000000bb70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xa) 54.019785ms ago: executing program 4 (id=3716): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000800000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10) setitimer(0x2, 0x0, 0x0) 0s ago: executing program 4 (id=3717): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) syz_emit_ethernet(0xd86, &(0x7f0000002340)=ANY=[], 0x0) kernel console output (not intermixed with test programs): ejected, already enabled [ 654.687916][ T424] hid (null): usage index exceeded [ 654.695712][ T39] usb 4-1: Using ep0 maxpacket: 16 [ 654.698967][ T424] hid-generic 0003:045E:05DA.002A: ignoring exceeding usage max [ 654.708741][ T424] hid-generic 0003:045E:05DA.002A: usage index exceeded [ 654.715473][ T424] hid-generic 0003:045E:05DA.002A: item 0 4 2 0 parsing failed [ 654.723028][ T424] hid-generic: probe of 0003:045E:05DA.002A failed with error -22 [ 654.755631][ T4904] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 654.808564][ T424] usb 5-1: USB disconnect, device number 29 [ 654.985745][ T877] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 655.025700][ T39] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 655.034693][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.042535][ T39] usb 4-1: Product: syz [ 655.046684][ T39] usb 4-1: Manufacturer: syz [ 655.051103][ T39] usb 4-1: SerialNumber: syz [ 655.056509][ T39] r8152-cfgselector 4-1: config 0 descriptor?? [ 655.115665][ T4904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 655.126408][ T4904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 655.135906][ T4904] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 655.144742][ T4904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.153117][ T4904] usb 2-1: config 0 descriptor?? [ 655.225662][ T877] usb 3-1: Using ep0 maxpacket: 16 [ 655.355757][ T877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 655.366729][ T877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 655.376667][ T877] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 655.389424][ T877] usb 3-1: New USB device found, idVendor=045e, idProduct=0001, bcdDevice= 0.00 [ 655.398462][ T877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.410012][T12444] loop4: detected capacity change from 0 to 512 [ 655.417359][ T877] usb 3-1: config 0 descriptor?? [ 655.425931][T12444] EXT4-fs: Ignoring removed nobh option [ 655.432078][T12444] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 655.447218][T12444] EXT4-fs (loop4): orphan cleanup on readonly fs [ 655.454038][T12444] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3845: comm syz.4.3099: Allocating blocks 41-42 which overlap fs metadata [ 655.469482][T12444] EXT4-fs (loop4): Remounting filesystem read-only [ 655.476184][T12444] Quota error (device loop4): write_blk: dquota write failed [ 655.483542][T12444] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 655.493774][T12444] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.3099: Failed to acquire dquot type 0 [ 655.506913][T12444] EXT4-fs (loop4): 1 truncate cleaned up [ 655.512510][T12444] EXT4-fs (loop4): pa ffff88811d05ddc8: logic 1, phys. 41, len 23 [ 655.520154][T12444] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 655.530070][ T39] r8152-cfgselector 4-1: Unknown version 0x0000 [ 655.536166][ T39] r8152-cfgselector 4-1: bad CDC descriptors [ 655.542470][T12444] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 655.555625][ T39] r8152-cfgselector 4-1: Unknown version 0x0000 [ 655.563404][ T39] r8152-cfgselector 4-1: USB disconnect, device number 34 [ 655.571594][T12444] fuse: Bad value for 'fd' [ 655.636120][ T4904] hid (null): global environment stack underflow [ 655.644874][ T4904] uclogic 0003:5543:0522.002B: global environment stack underflow [ 655.652647][ T4904] uclogic 0003:5543:0522.002B: item 0 1 1 11 parsing failed [ 655.660289][ T4904] uclogic 0003:5543:0522.002B: parse failed [ 655.666205][ T4904] uclogic: probe of 0003:5543:0522.002B failed with error -22 [ 655.745439][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 655.765734][ T424] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 655.812608][T12456] loop4: detected capacity change from 0 to 512 [ 655.819797][T12456] EXT4-fs: Ignoring removed nobh option [ 655.826750][T12456] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 655.838343][T12456] EXT4-fs (loop4): orphan cleanup on readonly fs [ 655.850830][ T4904] usb 2-1: USB disconnect, device number 37 [ 655.855913][T12456] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3845: comm syz.4.3104: Allocating blocks 41-42 which overlap fs metadata [ 655.870394][T12456] EXT4-fs (loop4): Remounting filesystem read-only [ 655.877093][T12456] Quota error (device loop4): write_blk: dquota write failed [ 655.884326][T12456] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 655.895920][ T877] hid-generic 0003:045E:0001.002C: unknown main item tag 0x0 [ 655.903124][ T877] hid-generic 0003:045E:0001.002C: ignoring exceeding usage max [ 655.910684][T12456] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.3104: Failed to acquire dquot type 0 [ 655.925237][ T877] hid-generic 0003:045E:0001.002C: unknown main item tag 0x0 [ 655.932534][ T877] hid-generic 0003:045E:0001.002C: unbalanced collection at end of report description [ 655.942445][T12456] EXT4-fs (loop4): 1 truncate cleaned up [ 655.948510][T12456] EXT4-fs (loop4): pa ffff88811d05d888: logic 1, phys. 41, len 23 [ 655.956169][T12456] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 655.966126][ T877] hid-generic: probe of 0003:045E:0001.002C failed with error -22 [ 655.977730][T12456] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 655.993306][T12456] fuse: Bad value for 'fd' [ 656.005770][ T424] usb 1-1: Using ep0 maxpacket: 16 [ 656.114916][ T4904] usb 3-1: USB disconnect, device number 34 [ 656.125814][ T424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 656.275638][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 656.356192][ T424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 656.365775][ T424] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 656.378367][ T424] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 656.387210][ T424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.395466][ T424] usb 1-1: config 0 descriptor?? [ 656.561231][T12470] tipc: Enabling of bearer rejected, already enabled [ 656.775688][ T877] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 656.866924][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.876862][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.883940][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.891162][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.898362][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.905487][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.912791][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.920010][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.927326][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.934405][ T424] microsoft 0003:045E:07DA.002D: unknown main item tag 0x0 [ 656.944187][ T424] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.002D/input/input55 [ 657.025411][ T424] microsoft 0003:045E:07DA.002D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 657.073514][ T424] usb 1-1: USB disconnect, device number 38 [ 657.115683][ T60] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 657.165708][ T877] usb 2-1: config 0 has an invalid interface number: 186 but max is 0 [ 657.173789][ T877] usb 2-1: config 0 has no interface number 0 [ 657.179627][ T877] usb 2-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 657.190040][ T877] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 657.205618][ T39] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 657.365701][ T877] usb 2-1: New USB device found, idVendor=05ac, idProduct=8600, bcdDevice=d0.28 [ 657.374617][ T877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.382646][ T877] usb 2-1: Product: syz [ 657.386739][ T877] usb 2-1: Manufacturer: syz [ 657.391134][ T877] usb 2-1: SerialNumber: syz [ 657.396178][ T877] usb 2-1: config 0 descriptor?? [ 657.515675][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 657.526410][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.535924][ T60] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 657.544747][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.553186][ T60] usb 3-1: config 0 descriptor?? [ 657.555685][ T424] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 657.596393][ T39] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 657.606485][ T39] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 657.663013][T12491] fuse: Bad value for 'fd' [ 657.675675][ T877] usb 2-1: Found UVC 0.00 device syz (05ac:8600) [ 657.681845][ T877] usb 2-1: No valid video chain found. [ 657.689541][ T877] usb 2-1: USB disconnect, device number 38 [ 657.705672][ T39] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 657.714631][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 657.722510][ T39] usb 4-1: SerialNumber: syz [ 657.915695][ T424] usb 5-1: config 0 has an invalid interface number: 42 but max is 0 [ 657.923640][ T424] usb 5-1: config 0 has no interface number 0 [ 658.036552][ T60] hid-generic 0003:05AC:4262.002E: unbalanced delimiter at end of report description [ 658.046193][ T60] hid-generic: probe of 0003:05AC:4262.002E failed with error -22 [ 658.085701][ T424] usb 5-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=38.98 [ 658.094618][ T424] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.102405][ T424] usb 5-1: Product: syz [ 658.106363][ T424] usb 5-1: Manufacturer: syz [ 658.110766][ T424] usb 5-1: SerialNumber: syz [ 658.115921][ T424] usb 5-1: config 0 descriptor?? [ 658.146013][T12496] syz.1.3119[12496] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 658.146062][T12496] syz.1.3119[12496] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 658.156372][ T424] usb 5-1: Found UVC 0.00 device syz (1bcf:0b40) [ 658.174600][ T424] usb 5-1: Forcing UVC version to 1.0a [ 658.180119][ T424] usb 5-1: No valid video chain found. [ 658.201820][T12498] xt_hashlimit: size too large, truncated to 1048576 [ 658.226379][ T39] usb 4-1: USB disconnect, device number 35 [ 658.237859][ T424] usb 3-1: USB disconnect, device number 35 [ 658.295613][ T877] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 658.364995][ T60] usb 5-1: USB disconnect, device number 30 [ 658.625652][ T326] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 658.655653][ T877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 658.666390][ T877] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 658.675174][ T877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.683625][ T877] usb 1-1: config 0 descriptor?? [ 658.879876][T12519] TCP: tcp_parse_options: Illegal window scaling value 247 > 14 received [ 658.975645][ T60] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 658.985724][ T326] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 658.995788][ T326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.006645][ T326] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 659.019977][ T326] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 659.025755][ T295] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 659.029080][ T326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.036542][ T877] usbhid 1-1:0.0: can't add hid device: -71 [ 659.050200][ T877] usbhid: probe of 1-1:0.0 failed with error -71 [ 659.057601][ T877] usb 1-1: USB disconnect, device number 39 [ 659.075766][ T326] usb 2-1: config 0 descriptor?? [ 659.247772][T12526] loop4: detected capacity change from 0 to 131072 [ 659.254836][T12526] F2FS-fs (loop4): Test dummy encryption mode enabled [ 659.257612][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 659.262206][T12526] F2FS-fs (loop4): invalid crc value [ 659.271596][T12526] F2FS-fs (loop4): Ignore s_resuid=0, s_resgid=3 w/o reserve_root [ 659.280292][T12526] F2FS-fs (loop4): Found nat_bits in checkpoint [ 659.295685][ T295] usb 3-1: Using ep0 maxpacket: 32 [ 659.305040][T12526] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 659.397395][ T60] usb 4-1: config 0 has no interfaces? [ 659.408099][T12535] loop4: detected capacity change from 0 to 512 [ 659.415694][ T295] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.426523][ T295] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.436401][ T295] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 659.449316][ T295] usb 3-1: New USB device found, idVendor=056a, idProduct=0116, bcdDevice= 0.00 [ 659.466123][ T295] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.477216][ T295] usb 3-1: config 0 descriptor?? [ 659.557935][ T326] elecom 0003:056E:00FB.002F: report_id 22043 is invalid [ 659.565697][ T60] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 659.566981][ T326] elecom 0003:056E:00FB.002F: item 0 2 1 8 parsing failed [ 659.584667][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.594742][ T60] usb 4-1: Product: syz [ 659.596667][ T326] elecom: probe of 0003:056E:00FB.002F failed with error -22 [ 659.598958][ T60] usb 4-1: Manufacturer: syz [ 659.625615][ T60] usb 4-1: SerialNumber: syz [ 659.634077][T12537] loop4: detected capacity change from 0 to 40427 [ 659.643684][ T60] usb 4-1: config 0 descriptor?? [ 659.659985][T12537] F2FS-fs (loop4): Found nat_bits in checkpoint [ 659.699820][T12537] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 659.718284][ T9256] syz-executor: attempt to access beyond end of device [ 659.718284][ T9256] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 659.802838][ T326] usb 2-1: USB disconnect, device number 39 [ 661.017341][ T295] wacom 0003:056A:0116.0030: hidraw0: USB HID v0.00 Device [HID 056a:0116] on usb-dummy_hcd.2-1/input0 [ 661.112086][T12558] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 661.121627][T12558] SELinux: failed to load policy [ 661.207319][T12565] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 661.409715][ T4904] usb 3-1: USB disconnect, device number 36 [ 661.482641][T12573] loop1: detected capacity change from 0 to 128 [ 661.675651][ T326] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 661.685625][ T60] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 661.915637][ T326] usb 5-1: Using ep0 maxpacket: 32 [ 661.925611][ T60] usb 1-1: Using ep0 maxpacket: 16 [ 661.933402][T12588] loop2: detected capacity change from 0 to 2048 [ 661.947016][T12588] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 661.956271][ T4904] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 661.964706][T12178] EXT4-fs (loop2): unmounting filesystem. [ 661.982226][T12593] loop2: detected capacity change from 0 to 2048 [ 661.996908][T12593] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 662.005232][T12593] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff) [ 662.018912][T12593] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.3158: bg 0: block 288: padding at end of block bitmap is not set [ 662.033308][T12593] fs-verity (loop2, inode 13): ext4_end_enable_verity() failed with err -117 [ 662.036179][ T326] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 662.052321][ T326] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 662.052353][T12178] EXT4-fs (loop2): unmounting filesystem. [ 662.061296][ T326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.074967][ T326] usb 5-1: config 0 descriptor?? [ 662.205621][ T4904] usb 2-1: Using ep0 maxpacket: 32 [ 662.225667][ T60] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 662.234582][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.242345][ T60] usb 1-1: Product: syz [ 662.246359][ T60] usb 1-1: Manufacturer: syz [ 662.250740][ T60] usb 1-1: SerialNumber: syz [ 662.255756][ T60] r8152-cfgselector 1-1: config 0 descriptor?? [ 662.325678][ T4904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 662.336501][ T4904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 662.346088][ T4904] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 662.354901][ T4904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.363402][ T4904] usb 2-1: config 0 descriptor?? [ 662.423833][ T424] usb 4-1: USB disconnect, device number 36 [ 662.490932][T12612] loop3: detected capacity change from 0 to 1024 [ 662.505806][ T60] r8152-cfgselector 1-1: Unknown version 0x0000 [ 662.506872][T12612] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 662.524255][ T28] audit: type=1400 audit(2000008744.683:1010): avc: denied { create } for pid=12611 comm="syz.3.3165" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 662.546383][ T28] audit: type=1400 audit(2000008744.703:1011): avc: denied { append open } for pid=12611 comm="syz.3.3165" path="/194/bus/cgroup.controllers" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 662.572174][ T326] magicmouse 0003:05AC:0265.0031: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.4-1/input0 [ 662.584607][T10267] EXT4-fs (loop3): unmounting filesystem. [ 662.775762][ T60] r8152-cfgselector 1-1: Unknown version 0x0000 [ 662.861177][ T60] r8152-cfgselector 1-1: USB disconnect, device number 40 [ 662.886479][ T4904] greenasia 0003:0E8F:0012.0032: unknown main item tag 0x0 [ 662.893532][ T4904] greenasia 0003:0E8F:0012.0032: unknown main item tag 0x0 [ 662.900080][ T39] usb 5-1: USB disconnect, device number 31 [ 662.900605][ T4904] greenasia 0003:0E8F:0012.0032: unknown main item tag 0x0 [ 662.916159][ T4904] greenasia 0003:0E8F:0012.0032: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.1-1/input0 [ 662.927432][ T4904] greenasia 0003:0E8F:0012.0032: no inputs found [ 663.067351][T12631] loop2: detected capacity change from 0 to 1024 [ 663.077105][T12631] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 663.097222][ T4904] usb 2-1: USB disconnect, device number 40 [ 663.103926][T12178] EXT4-fs (loop2): unmounting filesystem. [ 663.116658][T12634] loop2: detected capacity change from 0 to 256 [ 663.122937][T12634] exfat: Deprecated parameter 'utf8' [ 663.128549][T12634] exfat: Deprecated parameter 'namecase' [ 663.134067][T12634] exfat: Deprecated parameter 'namecase' [ 663.139764][T12634] exfat: Deprecated parameter 'utf8' [ 663.147600][T12634] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0x822ffc2e, utbl_chksum : 0xe619d30d) [ 663.320781][T12644] netlink: 'syz.0.3177': attribute type 25 has an invalid length. [ 663.328566][T12644] netlink: 184 bytes leftover after parsing attributes in process `syz.0.3177'. [ 663.465514][ T39] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 663.517757][T12657] fuse: Bad value for 'fd' [ 663.619872][T12672] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 663.641329][T12676] loop1: detected capacity change from 0 to 128 [ 663.649471][T12676] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 663.658183][T12676] ext4 filesystem being mounted at /249/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 663.717023][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 663.745673][ T39] usb 3-1: Using ep0 maxpacket: 16 [ 663.821910][T12684] loop1: detected capacity change from 0 to 256 [ 663.859190][T12684] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 663.979480][ T39] usb 3-1: config 0 has no interfaces? [ 664.277932][T12707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3201'. [ 664.350090][ T39] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 664.359560][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.367479][ T39] usb 3-1: Product: syz [ 664.371589][ T39] usb 3-1: Manufacturer: syz [ 664.376041][ T39] usb 3-1: SerialNumber: syz [ 664.381319][ T39] usb 3-1: config 0 descriptor?? [ 664.857185][T12722] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 665.317594][ T326] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 665.329209][T12717] fuse: Bad value for 'fd' [ 665.352396][T12734] proc: Unknown parameter 'gidST [ 665.352396][T12734] /24 link UNICAST [ 665.352396][T12734] /24 link UNICAST [ 665.352396][T12734] /24 link UNICAST [ 665.352396][T12734] Local: [ 665.352396][T12734] +-- 0.0.0.0/0 2 0 2 [ 665.352396][T12734] +-- 127.0.0.0/8 2 0 2 [ 665.352396][T12734] +-- 127.0.0.0/31 1 0 0 [ 665.352396][T12734] |-- 127.0.0.0 [ 665.352396][T12734] /8 host LOCAL [ 665.352396][T12734] |-- 127.0.0.1 [ 665.352396][T12734] /32 host LOCAL [ 665.352396][T12734] |-- 127.255.255.255 [ 665.352396][T12734] /32 link BROADCAST [ 665.352396][T12734] +-- 172.20.20.0/24 3 2 3 [ 665.352396][T12734] +-- 172.20.20.0/27 5 0 11 [ 665.352396][T12734] |-- 172.20.20.0 [ 665.352396][T12734] /24 host LOCAL [ 665.352396][T12734] |-- 172.20.20.10 [ 665.352396][T12734] /32 host LOCAL [ 665.505662][ T424] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 665.533389][T12740] loop1: detected capacity change from 0 to 40427 [ 665.540316][T12740] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 665.547934][T12740] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 665.556640][T12740] F2FS-fs (loop1): invalid crc value [ 665.562906][T12740] F2FS-fs (loop1): Found nat_bits in checkpoint [ 665.586268][T12740] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 665.593162][T12740] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 665.611835][ T28] audit: type=1400 audit(2000008747.763:1012): avc: denied { read } for pid=12739 comm="syz.1.3213" name="file0" dev="loop1" ino=455 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 665.635663][ T602] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 665.644691][ T602] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 665.716171][ T4904] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 665.755732][ T326] usb 5-1: config 0 has no interfaces? [ 665.871452][ T424] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 665.933552][ T424] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 665.944507][ T424] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 665.973883][ T326] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 665.986879][ T326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.999880][ T326] usb 5-1: Product: syz [ 666.004975][ T326] usb 5-1: Manufacturer: syz [ 666.009423][ T326] usb 5-1: SerialNumber: syz [ 666.131490][ T424] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 666.157853][ T4904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 666.217915][ T326] r8152-cfgselector 5-1: config 0 descriptor?? [ 666.224943][ T424] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 666.232784][ T4904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 666.245418][ T424] usb 4-1: Product: syz [ 666.250444][ T4904] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 666.264111][ T424] usb 4-1: Manufacturer: syz [ 666.269558][ T424] usb 4-1: SerialNumber: syz [ 666.276683][ T4904] usb 1-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 666.285821][ T4904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.294093][ T4904] usb 1-1: config 0 descriptor?? [ 666.345652][ T39] usb 3-1: USB disconnect, device number 37 [ 666.495792][ T602] usb 5-1: config 0 descriptor?? [ 666.697641][ T60] usb 5-1: USB disconnect, device number 32 [ 666.725663][ T602] usb 5-1: can't set config #0, error -71 [ 666.765737][ T424] usb 4-1: 0:2 : does not exist [ 666.775628][ T39] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 666.776366][ T4904] holtek_mouse 0003:04D9:A070.0033: item fetching failed at offset 1/5 [ 666.791429][ T4904] holtek_mouse 0003:04D9:A070.0033: hid parse failed: -22 [ 666.798411][ T4904] holtek_mouse: probe of 0003:04D9:A070.0033 failed with error -22 [ 666.968551][ T4904] usb 4-1: USB disconnect, device number 37 [ 666.984525][ T60] usb 1-1: USB disconnect, device number 41 [ 667.025632][ T39] usb 3-1: Using ep0 maxpacket: 16 [ 667.165667][ T39] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 667.175694][ T39] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 667.296160][T12763] loop4: detected capacity change from 0 to 40427 [ 667.304903][T12763] F2FS-fs (loop4): Found nat_bits in checkpoint [ 667.328085][T12763] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 667.345147][ T28] audit: type=1400 audit(2000008749.493:1013): avc: denied { read } for pid=12762 comm="syz.4.3220" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 667.366891][ T28] audit: type=1400 audit(2000008749.493:1014): avc: denied { ioctl } for pid=12762 comm="syz.4.3220" path="/287/file2/file0" dev="loop4" ino=10 ioctlcmd=0x9432 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 667.375707][ T39] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 667.400192][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.408190][ T9256] syz-executor: attempt to access beyond end of device [ 667.408190][ T9256] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 667.422050][ T39] usb 3-1: Product: syz [ 667.430573][ T39] usb 3-1: Manufacturer: syz [ 667.435107][ T39] usb 3-1: SerialNumber: syz [ 667.469421][T12773] Invalid ELF header magic: != ELF [ 667.508829][T12778] loop1: detected capacity change from 0 to 1024 [ 667.532678][ T28] audit: type=1400 audit(2000008749.683:1015): avc: denied { accept } for pid=12780 comm="syz.4.3221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 667.556136][T12778] EXT4-fs: Ignoring removed orlov option [ 667.569626][T12778] EXT4-fs (loop1): Test dummy encryption mode enabled [ 667.593230][T12778] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 667.595359][T12792] loop4: detected capacity change from 0 to 512 [ 667.623784][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 667.661224][T12792] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.3231: attempt to clear invalid blocks 2 len 1 [ 667.684842][T12792] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 667.700652][T12792] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3231: invalid indirect mapped block 1819239214 (level 0) [ 667.714688][T12792] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3231: invalid indirect mapped block 1819239214 (level 1) [ 667.729594][T12792] EXT4-fs (loop4): 1 truncate cleaned up [ 667.735092][T12792] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 667.765792][ T39] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 667.775766][T12792] EXT4-fs (loop4): shut down requested (2) [ 667.778616][ T39] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 667.793585][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 667.829355][ T316] udevd[316]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 667.847195][ T39] usb 3-1: USB disconnect, device number 38 [ 667.942623][T12813] IPv6: NLM_F_REPLACE set, but no existing node found! [ 668.065701][T12826] tipc: Enabling of bearer rejected, already enabled [ 668.296906][T12831] loop3: detected capacity change from 0 to 128 [ 668.308007][T12832] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3248'. [ 668.318984][T12831] FAT-fs (loop3): error, invalid FAT chain (i_pos 548, last_block 8) [ 668.327623][T12831] FAT-fs (loop3): Filesystem has been set read-only [ 668.352137][T12831] FAT-fs (loop3): error, corrupted file size (i_pos 548, 522) [ 668.356845][T12845] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3252'. [ 668.370174][T12845] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.377615][T12845] device bridge_slave_0 left promiscuous mode [ 668.383708][T12845] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.404240][T12847] loop2: detected capacity change from 0 to 256 [ 668.418964][T12847] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xba7df490, utbl_chksum : 0xe619d30d) [ 668.431864][T12850] SELinux: failed to load policy [ 668.448919][ T28] audit: type=1400 audit(2000008750.603:1016): avc: denied { watch } for pid=12851 comm="syz.3.3257" path="/213/file0" dev="tmpfs" ino=1114 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 668.795099][T12860] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3262'. [ 668.824777][T12864] loop4: detected capacity change from 0 to 256 [ 668.831201][T12864] exfat: Deprecated parameter 'namecase' [ 668.955625][ T39] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 668.971069][T12864] exfat: Deprecated parameter 'namecase' [ 668.979306][T12864] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 669.013220][T12865] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.022300][T12865] bridge0: port 1(bridge_slave_0) entered disabled state [ 669.030359][T12865] device bridge_slave_0 entered promiscuous mode [ 669.037502][T12865] bridge0: port 2(bridge_slave_1) entered blocking state [ 669.044401][T12865] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.051967][T12865] device bridge_slave_1 entered promiscuous mode [ 669.104626][T12877] loop4: detected capacity change from 0 to 1024 [ 669.111714][T12877] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 669.122351][T12877] EXT4-fs (loop4): invalid journal inode [ 669.128002][T12877] EXT4-fs (loop4): can't get journal size [ 669.141182][T12877] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 669.171742][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 669.224854][T12872] loop3: detected capacity change from 0 to 40427 [ 669.231718][T12872] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 669.239788][T12872] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 669.253322][T12865] bridge0: port 2(bridge_slave_1) entered blocking state [ 669.253856][T12872] F2FS-fs (loop3): invalid crc value [ 669.260190][T12865] bridge0: port 2(bridge_slave_1) entered forwarding state [ 669.260270][T12865] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.278597][T12872] F2FS-fs (loop3): Found nat_bits in checkpoint [ 669.279197][T12865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 669.307172][ T10] device bridge_slave_1 left promiscuous mode [ 669.313110][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 669.320369][T12872] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 669.327423][T12872] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 669.334803][ T10] device veth1_macvtap left promiscuous mode [ 669.345677][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 669.345991][ T10] device veth0_vlan left promiscuous mode [ 669.358746][ T39] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 669.370948][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.386312][ T39] usb 2-1: config 0 descriptor?? [ 669.465606][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 669.472971][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 669.481426][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 669.493312][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 669.502939][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 669.537741][ T4904] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 669.540794][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 669.555939][ T60] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 669.565582][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 669.607544][T12895] tipc: Enabling of bearer rejected, already enabled [ 669.642158][T12865] device veth0_vlan entered promiscuous mode [ 669.661593][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 669.671489][ T877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 669.706740][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 669.714128][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 669.721523][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 669.729361][ T39] usbhid 2-1:0.0: can't add hid device: -71 [ 669.735686][ T39] usbhid: probe of 2-1:0.0 failed with error -71 [ 669.743874][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 669.752141][ T39] usb 2-1: USB disconnect, device number 41 [ 669.762444][T12865] device veth1_macvtap entered promiscuous mode [ 669.771652][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 669.779076][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 669.787144][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 669.798118][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 669.806011][ T60] usb 1-1: Using ep0 maxpacket: 16 [ 669.811346][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 669.825631][ T4904] usb 5-1: Using ep0 maxpacket: 16 [ 669.836132][ T28] audit: type=1400 audit(2000008751.993:1017): avc: denied { compute_member } for pid=12897 comm="syz.2.3261" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 669.884462][T12902] loop2: detected capacity change from 0 to 256 [ 669.890895][T12902] exfat: Deprecated parameter 'utf8' [ 669.898979][T12902] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 669.945673][ T4904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 669.956484][ T4904] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 669.969175][ T4904] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 669.977979][ T4904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.986702][ T4904] usb 5-1: config 0 descriptor?? [ 670.081385][T12904] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.088442][T12904] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.095662][T12904] device bridge_slave_0 entered promiscuous mode [ 670.103604][T12904] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.110491][T12904] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.117920][T12904] device bridge_slave_1 entered promiscuous mode [ 670.125707][ T60] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= a.13 [ 670.139880][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.154864][ T60] usb 1-1: Product: syz [ 670.167453][ T60] usb 1-1: Manufacturer: syz [ 670.207786][T12904] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.219101][T12904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.226293][T12904] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.226509][ T60] usb 1-1: SerialNumber: syz [ 670.233055][T12904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 670.241042][ T60] usb 1-1: config 0 descriptor?? [ 670.261865][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 670.276772][ T326] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.283979][ T326] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.296439][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 670.313516][ T60] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 670.342558][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.349433][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 670.382800][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 670.391566][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.398415][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.481815][ T4904] HID 045e:07da: Invalid code 65791 type 1 [ 670.496292][ T4904] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0034/input/input59 [ 670.519225][T12904] device veth0_vlan entered promiscuous mode [ 670.527738][ T4904] microsoft 0003:045E:07DA.0034: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 670.539853][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 670.548785][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 670.557720][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 670.565641][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 670.573435][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 670.581571][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 670.589722][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 670.592316][ T39] usb 1-1: USB disconnect, device number 42 [ 670.597487][ T424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 670.611261][ T4904] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 670.618603][ T4904] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 670.634492][T12904] device veth1_macvtap entered promiscuous mode [ 670.642395][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 670.650847][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 670.659187][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 670.689083][ T4904] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 670.697223][ T4904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 670.705256][ T4904] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 670.713650][ T4904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 670.724416][ T10] device bridge_slave_1 left promiscuous mode [ 670.730899][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.738553][ T10] device bridge_slave_0 left promiscuous mode [ 670.744577][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.752404][ T10] device veth1_macvtap left promiscuous mode [ 670.758786][ T10] device veth0_vlan left promiscuous mode [ 670.841189][T12927] loop2: detected capacity change from 0 to 16 [ 670.847695][T12927] erofs: (device loop2): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 670.880933][ T4904] usb 5-1: USB disconnect, device number 33 [ 671.030141][ T424] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 671.081019][T12941] loop2: detected capacity change from 0 to 40427 [ 671.083870][T12949] random: crng reseeded on system resumption [ 671.087745][T12941] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 671.101197][T12941] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 671.110044][T12941] F2FS-fs (loop2): invalid crc value [ 671.120994][T12949] Restarting kernel threads ... done. [ 671.121778][T12941] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 671.171486][T12941] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 671.178471][T12941] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 671.251376][T12963] loop1: detected capacity change from 0 to 512 [ 671.263996][T12963] EXT4-fs: Ignoring removed nobh option [ 671.270964][T12963] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 671.294631][T12963] EXT4-fs (loop1): orphan cleanup on readonly fs [ 671.341476][T12974] device macsec1 entered promiscuous mode [ 671.366457][T12963] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3845: comm syz.1.3299: Allocating blocks 41-42 which overlap fs metadata [ 671.395716][ T424] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 671.404555][T12963] EXT4-fs (loop1): Remounting filesystem read-only [ 671.409269][ T424] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 671.496184][T12963] Quota error (device loop1): write_blk: dquota write failed [ 671.515332][T12963] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 671.834827][ T424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.845813][T12963] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.3299: Failed to acquire dquot type 0 [ 671.863292][T12963] EXT4-fs (loop1): 1 truncate cleaned up [ 671.869215][T12963] EXT4-fs (loop1): pa ffff88811d05d540: logic 1, phys. 41, len 23 [ 671.876945][T12963] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 671.889284][T12963] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 671.893098][ T424] snd-usb-audio: probe of 4-1:27.0 failed with error -2 [ 671.934072][T12963] fuse: Bad value for 'fd' [ 672.000499][ T10] device bridge_slave_1 left promiscuous mode [ 672.006539][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.014112][ T10] device bridge_slave_0 left promiscuous mode [ 672.020230][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.028916][ T10] device veth1_macvtap left promiscuous mode [ 672.034836][ T10] device veth0_vlan left promiscuous mode [ 672.122873][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 672.190829][ T797] usb 4-1: USB disconnect, device number 38 [ 672.249036][T13002] loop1: detected capacity change from 0 to 512 [ 672.275018][T13001] kvm [12999]: vcpu0, guest rIP: 0xfff0 Hyper-V unhandled wrmsr: 0x40000004 data 0x0 [ 672.285628][ T326] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 672.298805][T13002] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 672.307622][T13002] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038 (0x7fffffff) [ 672.342220][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 672.424396][T13008] loop4: detected capacity change from 0 to 40427 [ 672.445692][T13008] F2FS-fs (loop4): invalid crc value [ 672.451926][T13008] F2FS-fs (loop4): Found nat_bits in checkpoint [ 672.474729][T13008] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 672.672529][T13030] loop4: detected capacity change from 0 to 128 [ 672.686528][T13030] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 672.694911][T13030] ext4 filesystem being mounted at /308/mnt supports timestamps until 2038 (0x7fffffff) [ 672.718496][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 672.769635][T13039] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 672.789753][ T326] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 672.804339][ T326] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 672.814150][ T326] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 672.825034][ T326] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.833327][T13043] loop3: detected capacity change from 0 to 4096 [ 672.833743][ T326] usb 3-1: config 0 descriptor?? [ 672.839906][T13043] EXT4-fs: Ignoring removed nobh option [ 672.849867][T13043] EXT4-fs: Ignoring removed i_version option [ 673.251861][T13043] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 673.458759][T10267] EXT4-fs (loop3): unmounting filesystem. [ 673.483161][T13062] loop3: detected capacity change from 0 to 256 [ 673.494422][T13062] FAT-fs (loop3): Directory bread(block 64) failed [ 673.501071][T13062] FAT-fs (loop3): Directory bread(block 65) failed [ 673.507903][T13062] FAT-fs (loop3): Directory bread(block 66) failed [ 673.514448][T13062] FAT-fs (loop3): Directory bread(block 67) failed [ 673.521040][T13062] FAT-fs (loop3): Directory bread(block 68) failed [ 673.527611][T13062] FAT-fs (loop3): Directory bread(block 69) failed [ 673.534163][T13062] FAT-fs (loop3): Directory bread(block 70) failed [ 673.543660][T13062] FAT-fs (loop3): Directory bread(block 71) failed [ 673.550472][T13062] FAT-fs (loop3): Directory bread(block 72) failed [ 673.557025][T13062] FAT-fs (loop3): Directory bread(block 73) failed [ 673.648351][T13074] loop3: detected capacity change from 0 to 512 [ 673.655497][T13074] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 673.666965][T13074] EXT4-fs (loop3): orphan cleanup on readonly fs [ 673.674311][T13074] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #16: comm syz.3.3340: iget: immutable or append flags not allowed on symlinks [ 673.690378][T13074] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.3340: couldn't read orphan inode 16 (err -117) [ 673.704023][T13074] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 673.757088][T10267] EXT4-fs (loop3): unmounting filesystem. [ 673.943958][T13095] SELinux: failed to load policy [ 673.965613][ T424] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 674.317111][ T326] hid-led: probe of 0003:27B8:01ED.0035 failed with error -71 [ 674.325538][ T326] usb 3-1: USB disconnect, device number 39 [ 674.487641][T13107] loop4: detected capacity change from 0 to 2048 [ 674.519484][T13107] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 674.527853][T13107] ext4 filesystem being mounted at /317/file0 supports timestamps until 2038 (0x7fffffff) [ 674.551135][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 674.552152][T13089] loop1: detected capacity change from 0 to 131072 [ 674.563927][T13089] F2FS-fs (loop1): Test dummy encryption mode enabled [ 674.576583][T13089] F2FS-fs (loop1): invalid crc value [ 674.586591][T13089] F2FS-fs (loop1): Found nat_bits in checkpoint [ 674.627665][T13089] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 674.642737][ T424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 674.654101][ T424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 674.674387][ T424] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 674.689730][ T424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.701265][ T424] usb 1-1: config 0 descriptor?? [ 674.805645][T13119] loop4: detected capacity change from 0 to 40427 [ 674.825042][T13119] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 674.844769][T13119] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 674.855607][T13119] F2FS-fs (loop4): invalid crc value [ 674.886283][T13119] F2FS-fs (loop4): Found nat_bits in checkpoint [ 674.975826][T13119] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 674.985594][T13119] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 675.048540][T13126] loop2: detected capacity change from 0 to 40427 [ 675.071258][T13126] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 675.082409][T13126] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 675.091281][T13126] F2FS-fs (loop2): invalid crc value [ 675.115541][T13124] loop3: detected capacity change from 0 to 40427 [ 675.125723][T13124] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 675.130820][T13126] F2FS-fs (loop2): Found nat_bits in checkpoint [ 675.138353][T13124] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 675.194037][T13126] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 675.201058][T13126] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 675.222105][ T28] audit: type=1400 audit(2000008757.373:1018): avc: denied { write } for pid=13125 comm="syz.2.3358" path="/14/bus/file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 675.266754][T13124] F2FS-fs (loop3): Found nat_bits in checkpoint [ 675.297204][ T424] samsung 0003:0419:0600.0036: item fetching failed at offset 1/5 [ 675.333056][ T424] samsung 0003:0419:0600.0036: parse failed [ 675.338840][ T424] samsung: probe of 0003:0419:0600.0036 failed with error -22 [ 675.351379][T13124] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 675.361696][T13124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 675.386985][ T28] audit: type=1400 audit(2000008757.543:1019): avc: denied { setattr } for pid=13122 comm="syz.3.3357" name="cgroup.controllers" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 675.413207][ T295] usb 1-1: USB disconnect, device number 43 [ 675.420694][T10267] syz-executor: attempt to access beyond end of device [ 675.420694][T10267] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 675.525625][ T39] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 675.534029][T13157] loop2: detected capacity change from 0 to 2048 [ 675.544571][T13159] loop3: detected capacity change from 0 to 512 [ 675.552952][T13159] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.3362: Invalid inode bitmap blk 4 in block_group 0 [ 675.565980][T13159] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 675.567324][T13157] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 675.587221][T13157] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038 (0x7fffffff) [ 675.597591][T10267] EXT4-fs (loop3): unmounting filesystem. [ 675.615492][T13157] EXT4-fs (loop2): shut down requested (2) [ 675.629839][T12904] EXT4-fs (loop2): unmounting filesystem. [ 675.660018][T13170] loop2: detected capacity change from 0 to 1024 [ 675.680903][T13170] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 675.700836][T12904] EXT4-fs (loop2): unmounting filesystem. [ 675.817318][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 675.937048][ T28] audit: type=1400 audit(2000008758.093:1020): avc: denied { attach_queue } for pid=13198 comm="syz.0.3383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 675.957033][ T39] usb 5-1: config 0 has no interfaces? [ 675.981117][T13200] loop3: detected capacity change from 0 to 512 [ 675.988230][T13200] EXT4-fs: Ignoring removed nobh option [ 675.994769][T13200] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 676.006381][T13200] EXT4-fs (loop3): orphan cleanup on readonly fs [ 676.014046][T13200] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3845: comm syz.3.3381: Allocating blocks 41-42 which overlap fs metadata [ 676.030284][T13200] EXT4-fs (loop3): Remounting filesystem read-only [ 676.036775][T13200] Quota error (device loop3): write_blk: dquota write failed [ 676.044001][T13200] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 676.053908][T13200] EXT4-fs error (device loop3): ext4_acquire_dquot:6764: comm syz.3.3381: Failed to acquire dquot type 0 [ 676.065402][T13200] EXT4-fs (loop3): 1 truncate cleaned up [ 676.071238][T13200] EXT4-fs (loop3): pa ffff88811d05d2a0: logic 1, phys. 41, len 23 [ 676.078907][T13200] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 676.089712][T13200] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 676.107295][T13200] fuse: Bad value for 'fd' [ 676.135762][ T5985] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 676.165714][ T39] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 676.174727][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.182649][ T39] usb 5-1: Product: syz [ 676.186829][ T39] usb 5-1: Manufacturer: syz [ 676.191200][ T39] usb 5-1: SerialNumber: syz [ 676.197875][ T39] usb 5-1: config 0 descriptor?? [ 676.366123][T10267] EXT4-fs (loop3): unmounting filesystem. [ 676.390552][T13213] loop1: detected capacity change from 0 to 512 [ 676.407832][T13213] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #3: comm syz.1.3389: corrupted inode contents [ 676.419698][T13213] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #3: comm syz.1.3389: mark_inode_dirty error [ 676.497825][T13213] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #3: comm syz.1.3389: corrupted inode contents [ 676.513519][T13213] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.3389: mark_inode_dirty error [ 676.534179][T13213] Quota error (device loop1): write_blk: dquota write failed [ 676.543348][T13213] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 676.683414][T13213] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.3389: Failed to acquire dquot type 0 [ 676.696363][T13213] EXT4-fs (loop1): 1 orphan inode deleted [ 676.701953][T13213] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 676.711001][T13213] ext4 filesystem being mounted at /294/file1 supports timestamps until 2038 (0x7fffffff) [ 676.805173][T13233] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 677.128003][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 677.186138][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 677.205119][T13249] loop3: detected capacity change from 0 to 512 [ 677.210225][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 677.221821][T13249] EXT4-fs: Ignoring removed nobh option [ 677.228659][T13249] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 677.246573][T13249] EXT4-fs (loop3): orphan cleanup on readonly fs [ 677.275229][T13249] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3845: comm syz.3.3399: Allocating blocks 41-42 which overlap fs metadata [ 677.361457][T13249] EXT4-fs (loop3): Remounting filesystem read-only [ 677.396505][T13249] Quota error (device loop3): write_blk: dquota write failed [ 677.422265][T13249] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 677.452548][T13249] EXT4-fs error (device loop3): ext4_acquire_dquot:6764: comm syz.3.3399: Failed to acquire dquot type 0 [ 677.489140][T13249] EXT4-fs (loop3): 1 truncate cleaned up [ 677.494991][T13249] EXT4-fs (loop3): pa ffff88811d05d738: logic 1, phys. 41, len 23 [ 677.502664][T13249] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 677.513443][T13249] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 677.540701][T13249] fuse: Bad value for 'fd' [ 677.594722][T10267] EXT4-fs (loop3): unmounting filesystem. [ 677.605648][ T5985] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 677.617647][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.626201][T13256] loop3: detected capacity change from 0 to 512 [ 677.633624][ T5985] usb 3-1: Product: syz [ 677.641756][ T5985] usb 3-1: Manufacturer: syz [ 677.646235][ T5985] usb 3-1: SerialNumber: syz [ 677.651237][ T5985] usb 3-1: config 0 descriptor?? [ 677.657524][T13256] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 677.666669][T13256] ext4 filesystem being mounted at /244/bus supports timestamps until 2038 (0x7fffffff) [ 677.696447][ T5985] snd-usb-audio: probe of 3-1:0.0 failed with error -90 [ 677.704577][T10267] EXT4-fs (loop3): unmounting filesystem. [ 677.861135][T13273] loop1: detected capacity change from 0 to 512 [ 677.868263][T13273] EXT4-fs: Ignoring removed nobh option [ 677.875218][T13273] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 677.885884][T13273] EXT4-fs (loop1): orphan cleanup on readonly fs [ 677.893393][T13273] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3845: comm syz.1.3409: Allocating blocks 41-42 which overlap fs metadata [ 677.900308][ T4904] usb 3-1: USB disconnect, device number 40 [ 677.907231][T13273] EXT4-fs (loop1): Remounting filesystem read-only [ 677.919213][T13273] Quota error (device loop1): write_blk: dquota write failed [ 677.926607][T13273] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.3409: Failed to acquire dquot type 0 [ 677.938159][T13273] EXT4-fs (loop1): 1 truncate cleaned up [ 677.943958][T13273] EXT4-fs (loop1): pa ffff88811d05df18: logic 1, phys. 41, len 23 [ 677.951628][T13273] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 677.962055][T13273] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 677.994766][T13273] fuse: Bad value for 'fd' [ 678.085679][ T5985] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 678.271141][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 678.327107][ T4904] usb 5-1: USB disconnect, device number 34 [ 678.360261][T13292] loop1: detected capacity change from 0 to 128 [ 678.371476][T13292] syz.1.3413: attempt to access beyond end of device [ 678.371476][T13292] loop1: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 678.386612][T13292] syz.1.3413: attempt to access beyond end of device [ 678.386612][T13292] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 678.395505][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.400100][T13292] syz.1.3413: attempt to access beyond end of device [ 678.400100][T13292] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 678.408705][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.430842][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.438636][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.446312][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.459266][T13300] loop4: detected capacity change from 0 to 512 [ 678.518149][T13300] EXT4-fs: Ignoring removed nobh option [ 678.524807][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.524863][T13300] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 678.535715][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.552301][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.560155][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.565635][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 678.567699][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.589313][T13300] EXT4-fs (loop4): orphan cleanup on readonly fs [ 678.621900][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.652659][T13300] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3845: comm syz.4.3417: Allocating blocks 41-42 which overlap fs metadata [ 678.679687][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.690307][T13300] EXT4-fs (loop4): Remounting filesystem read-only [ 678.709171][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.717972][T13300] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.3417: Failed to acquire dquot type 0 [ 678.744179][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.749297][ T5985] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 678.768535][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.776875][T13300] EXT4-fs (loop4): 1 truncate cleaned up [ 678.797402][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.798319][ T5985] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.821187][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.824758][ T5985] usb 4-1: config 0 descriptor?? [ 678.846840][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.863588][T13314] loop1: detected capacity change from 0 to 2048 [ 678.870206][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.879789][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.888469][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.896605][T13314] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 678.905071][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.914837][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.928229][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 678.934070][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.957027][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.970484][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.978938][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 678.985626][ T4904] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 678.986767][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 679.001363][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 679.010384][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 679.018090][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 679.025406][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 679.033015][ T797] hid-generic 0000:04AD:0000.0037: unknown main item tag 0x0 [ 679.042747][ T797] hid-generic 0000:04AD:0000.0037: hidraw0: HID v0.00 Device [syz0] on syz0 [ 679.052310][T13300] EXT4-fs (loop4): pa ffff88811d05d150: logic 1, phys. 41, len 23 [ 679.059963][T13300] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 679.082628][T13300] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 679.114343][T13300] fuse: Bad value for 'fd' [ 679.136199][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 679.232756][T13326] loop4: detected capacity change from 0 to 2048 [ 679.277839][T13326] Alternate GPT is invalid, using primary GPT. [ 679.284017][T13326] loop4: p2 p3 p7 [ 679.309098][ T5985] hid-multitouch 0003:1FD2:6007.0038: hidraw1: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 679.345672][ T4904] usb 1-1: config 0 has no interfaces? [ 679.351143][ T4904] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 679.364087][ T4904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.373911][ T424] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 679.382706][T13333] syz.4.3432[13333] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 679.382780][T13333] syz.4.3432[13333] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 679.395406][ T4904] usb 1-1: config 0 descriptor?? [ 679.423660][T13336] loop4: detected capacity change from 0 to 512 [ 679.442957][T13336] EXT4-fs: Ignoring removed i_version option [ 679.449787][T13336] EXT4-fs: Ignoring removed nobh option [ 679.455531][T13336] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 679.467461][T13336] EXT4-fs (loop4): 1 truncate cleaned up [ 679.472970][T13336] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 679.495673][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 679.521911][ T4904] usb 4-1: USB disconnect, device number 39 [ 679.530878][T13343] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 679.540410][T13343] SELinux: failed to load policy [ 679.560031][T13344] loop2: detected capacity change from 0 to 512 [ 679.565695][T13346] loop4: detected capacity change from 0 to 128 [ 679.566393][T13344] EXT4-fs: Ignoring removed nobh option [ 679.579256][T13344] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 679.591637][T13344] EXT4-fs (loop2): orphan cleanup on readonly fs [ 679.593958][T13346] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 679.606232][T13344] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3845: comm syz.2.3434: Allocating blocks 41-42 which overlap fs metadata [ 679.606766][T13346] ext4 filesystem being mounted at /329/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 679.620071][T13344] EXT4-fs (loop2): Remounting filesystem read-only [ 679.663753][ T5985] usb 1-1: USB disconnect, device number 44 [ 679.675312][T13344] EXT4-fs error (device loop2): ext4_acquire_dquot:6764: comm syz.2.3434: Failed to acquire dquot type 0 [ 679.687059][T13344] EXT4-fs (loop2): 1 truncate cleaned up [ 679.687586][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 679.698458][T13344] EXT4-fs (loop2): pa ffff88811d05d888: logic 1, phys. 41, len 23 [ 679.706128][T13344] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 679.719216][T13344] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 679.776747][ T424] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 679.789050][ T424] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 679.791256][T13344] fuse: Bad value for 'fd' [ 679.798663][ T424] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 679.812944][ T424] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.815543][T13351] loop4: detected capacity change from 0 to 512 [ 679.823890][ T424] usb 2-1: config 0 descriptor?? [ 679.827202][T13351] EXT4-fs: Ignoring removed nobh option [ 679.850348][T13351] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 679.873335][T13351] EXT4-fs (loop4): orphan cleanup on readonly fs [ 679.893895][T13351] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3845: comm syz.4.3437: Allocating blocks 41-42 which overlap fs metadata [ 679.913370][T13351] EXT4-fs (loop4): Remounting filesystem read-only [ 679.924230][T13351] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.3437: Failed to acquire dquot type 0 [ 679.941442][T13351] EXT4-fs (loop4): 1 truncate cleaned up [ 679.947322][T13351] EXT4-fs (loop4): pa ffff88811d05dd20: logic 1, phys. 41, len 23 [ 679.954951][T13351] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 679.968030][T13351] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 679.977438][T12904] EXT4-fs (loop2): unmounting filesystem. [ 679.999821][T13351] fuse: Bad value for 'fd' [ 680.048098][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 680.255663][ T5985] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 680.269467][T13363] fuse: Bad value for 'fd' [ 680.326848][ T424] cp2112 0003:10C4:EA90.0039: item fetching failed at offset 5/7 [ 680.334648][ T424] cp2112 0003:10C4:EA90.0039: parse failed [ 680.340340][ T326] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 680.347767][ T424] cp2112: probe of 0003:10C4:EA90.0039 failed with error -22 [ 680.355597][ T4904] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 680.436067][T13367] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3444'. [ 680.506001][ T5985] usb 3-1: Using ep0 maxpacket: 16 [ 680.529296][ T39] usb 2-1: USB disconnect, device number 42 [ 680.595651][ T4904] usb 5-1: Using ep0 maxpacket: 8 [ 680.600736][ T326] usb 4-1: Using ep0 maxpacket: 16 [ 680.625740][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 680.636860][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 680.646655][ T5985] usb 3-1: New USB device found, idVendor=1b96, idProduct=000d, bcdDevice= 0.00 [ 680.655527][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.664181][ T5985] usb 3-1: config 0 descriptor?? [ 680.669638][T13392] fuse: Bad value for 'fd' [ 680.725785][ T326] usb 4-1: config 0 has no interfaces? [ 680.731193][ T4904] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 680.740126][ T4904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.749139][ T4904] usb 5-1: config 0 descriptor?? [ 680.895709][ T326] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 680.904603][ T326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 680.912954][ T326] usb 4-1: Product: syz [ 680.917070][ T326] usb 4-1: Manufacturer: syz [ 680.921471][ T326] usb 4-1: SerialNumber: syz [ 680.926742][ T326] usb 4-1: config 0 descriptor?? [ 681.005716][ T4904] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 681.046379][T13396] loop1: detected capacity change from 0 to 128 [ 681.054282][T13396] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 681.062868][T13396] ext4 filesystem being mounted at /305/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 681.101609][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 681.115627][ T312] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 681.147029][ T5985] ntrig 0003:1B96:000D.003A: unknown main item tag 0x3 [ 681.155486][ T5985] ntrig 0003:1B96:000D.003A: unknown main item tag 0x0 [ 681.162399][ T5985] ntrig 0003:1B96:000D.003A: item fetching failed at offset 6/7 [ 681.172503][ T5985] ntrig 0003:1B96:000D.003A: parse failed [ 681.178164][ T5985] ntrig: probe of 0003:1B96:000D.003A failed with error -22 [ 681.300414][T13404] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 681.355329][ T5985] usb 3-1: USB disconnect, device number 41 [ 681.373083][T13408] loop1: detected capacity change from 0 to 1024 [ 681.379569][T13408] EXT4-fs: Ignoring removed orlov option [ 681.385206][T13408] EXT4-fs: Ignoring removed nomblk_io_submit option [ 681.397750][T13408] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 681.413196][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 681.433707][T13414] syz.1.3461[13414] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 681.433751][T13414] syz.1.3461[13414] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 681.575680][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 681.597601][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 681.607155][ T312] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 681.616173][ T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.624691][ T312] usb 1-1: config 0 descriptor?? [ 681.675641][ T4904] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 681.685530][ T4904] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 681.725684][ T4904] asix: probe of 5-1:0.0 failed with error -71 [ 681.732557][ T4904] usb 5-1: USB disconnect, device number 35 [ 681.864177][T13423] loop2: detected capacity change from 0 to 256 [ 681.875029][T13423] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 681.954851][T13426] loop2: detected capacity change from 0 to 512 [ 681.963717][T13426] EXT4-fs: Ignoring removed nobh option [ 681.970461][T13426] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 681.982141][T13426] EXT4-fs (loop2): orphan cleanup on readonly fs [ 681.990038][T13426] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3845: comm syz.2.3465: Allocating blocks 41-42 which overlap fs metadata [ 682.003814][T13426] EXT4-fs (loop2): Remounting filesystem read-only [ 682.010426][T13426] __quota_error: 7 callbacks suppressed [ 682.010450][T13426] Quota error (device loop2): write_blk: dquota write failed [ 682.023075][T13426] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 682.032824][T13426] EXT4-fs error (device loop2): ext4_acquire_dquot:6764: comm syz.2.3465: Failed to acquire dquot type 0 [ 682.044427][T13426] EXT4-fs (loop2): 1 truncate cleaned up [ 682.050417][T13426] EXT4-fs (loop2): pa ffff888110e85dc8: logic 1, phys. 41, len 23 [ 682.058319][T13426] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 682.069053][T13426] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 682.083509][T13426] fuse: Bad value for 'fd' [ 682.107790][ T312] logitech-djreceiver 0003:046D:C71B.003B: item fetching failed at offset 3/7 [ 682.116919][ T312] logitech-djreceiver 0003:046D:C71B.003B: logi_dj_probe: parse failed [ 682.125199][ T312] logitech-djreceiver: probe of 0003:046D:C71B.003B failed with error -22 [ 682.178389][T13429] loop4: detected capacity change from 0 to 256 [ 682.191169][T13429] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 682.313688][ T5985] usb 1-1: USB disconnect, device number 45 [ 682.323839][T12904] EXT4-fs (loop2): unmounting filesystem. [ 682.558510][T13446] tipc: Started in network mode [ 682.563255][T13446] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 682.572036][T13446] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 682.580059][T13446] tipc: Enabled bearer , priority 0 [ 682.655614][ T39] usb 5-1: new full-speed USB device number 36 using dummy_hcd [ 683.101657][ T797] usb 4-1: USB disconnect, device number 40 [ 683.116613][T13465] loop1: detected capacity change from 0 to 128 [ 683.125447][T13465] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 683.137236][ T39] usb 5-1: unable to get BOS descriptor or descriptor too short [ 683.147726][T13465] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 683.174110][T12986] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 683.185655][ T39] usb 5-1: not running at top speed; connect to a high speed hub [ 683.239093][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x7 [ 683.246425][ T877] hid-generic 0000:0000:0000.003C: ignoring exceeding usage max [ 683.254465][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.261912][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.269176][ T39] usb 5-1: config 1 has an invalid interface number: 3 but max is 2 [ 683.277047][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.284230][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.291557][ T39] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 683.301475][ T60] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 683.308823][ T39] usb 5-1: config 1 has no interface number 1 [ 683.314713][ T39] usb 5-1: too many endpoints for config 1 interface 3 altsetting 8: 142, using maximum allowed: 30 [ 683.325382][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.332653][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.339917][ T39] usb 5-1: config 1 interface 3 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 142 [ 683.352616][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.359919][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.367279][ T39] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 683.377973][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.385141][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.392528][ T39] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 1023 [ 683.403389][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.410800][ T39] usb 5-1: config 1 interface 3 has no altsetting 0 [ 683.417229][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.424399][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.431684][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.438895][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.446069][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.453226][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.460448][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.467718][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.474824][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.482211][ T877] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 683.489955][ T877] hid-generic 0000:0000:0000.003C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 683.505647][ T5985] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 683.523397][T13486] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 683.635738][ T39] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 683.644902][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.652797][ T39] usb 5-1: Product: syz [ 683.657016][ T39] usb 5-1: Manufacturer: syz [ 683.661459][ T39] usb 5-1: SerialNumber: syz [ 683.719769][ T60] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 683.727864][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 683.739175][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 683.750486][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 683.763458][ T60] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 683.772544][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.781687][ T60] usb 1-1: config 0 descriptor?? [ 683.786548][ T312] tipc: Node number set to 1 [ 683.805707][T13461] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 683.855666][ T5985] usb 3-1: Using ep0 maxpacket: 16 [ 683.975629][ T5985] usb 3-1: config 0 has no interfaces? [ 684.126990][T13502] tipc: Enabling of bearer rejected, already enabled [ 684.135642][ T5985] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 684.144577][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.152359][ T5985] usb 3-1: Product: syz [ 684.156382][ T5985] usb 3-1: Manufacturer: syz [ 684.160750][ T5985] usb 3-1: SerialNumber: syz [ 684.166027][ T5985] usb 3-1: config 0 descriptor?? [ 684.246501][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.253813][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.260960][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.268256][ T39] usb 5-1: 2:1 : no UAC_FORMAT_TYPE desc [ 684.273737][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.280976][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.288571][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.296277][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.303473][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.310712][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.317962][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.325089][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.332316][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.340701][ T39] usb 5-1: USB disconnect, device number 36 [ 684.347196][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.355031][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.362447][ T60] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 684.371846][ T60] plantronics 0003:047F:FFFF.003D: No inputs registered, leaving [ 684.380740][ T60] plantronics 0003:047F:FFFF.003D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 684.496551][T13503] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 684.528399][ T60] usb 1-1: USB disconnect, device number 46 [ 684.657616][T13509] loop1: detected capacity change from 0 to 1024 [ 684.664400][T13509] EXT4-fs (loop1): Test dummy encryption mode enabled [ 684.672786][T13509] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 684.688692][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 684.770217][ T28] audit: type=1400 audit(2000008766.923:1021): avc: denied { setattr } for pid=13515 comm="syz.1.3500" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 684.915618][ T39] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 684.984265][T13520] loop3: detected capacity change from 0 to 512 [ 684.991563][T13520] EXT4-fs: Ignoring removed nobh option [ 684.998463][T13520] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 685.010579][T13520] EXT4-fs (loop3): orphan cleanup on readonly fs [ 685.018701][T13520] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3845: comm syz.3.3501: Allocating blocks 41-42 which overlap fs metadata [ 685.035426][T13520] EXT4-fs (loop3): Remounting filesystem read-only [ 685.042228][T13520] Quota error (device loop3): write_blk: dquota write failed [ 685.051798][T13520] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 685.062077][T13520] EXT4-fs error (device loop3): ext4_acquire_dquot:6764: comm syz.3.3501: Failed to acquire dquot type 0 [ 685.106396][T13520] EXT4-fs (loop3): 1 truncate cleaned up [ 685.124769][T13520] EXT4-fs (loop3): pa ffff888110e85f18: logic 1, phys. 41, len 23 [ 685.132449][T13520] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 685.177707][T13520] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 685.200505][T13520] fuse: Bad value for 'fd' [ 685.242760][T10267] EXT4-fs (loop3): unmounting filesystem. [ 685.248622][ T39] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 685.595686][ T771] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 685.995713][ T39] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 686.004629][ T771] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.015931][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.023878][ T771] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 686.038386][ T771] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 686.039411][T13547] tipc: Enabling of bearer rejected, already enabled [ 686.055795][ T771] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.064367][ T771] usb 4-1: config 0 descriptor?? [ 686.254846][ T5985] usb 3-1: USB disconnect, device number 42 [ 686.395647][ T39] usb 5-1: string descriptor 0 read error: -71 [ 686.401993][ T39] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 686.422858][ T39] usb 5-1: No valid video chain found. [ 686.444059][ T39] usb 5-1: USB disconnect, device number 37 [ 686.526481][ T771] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 686.533888][ T771] plantronics 0003:047F:FFFF.003E: unknown main item tag 0x0 [ 686.541364][ T771] plantronics 0003:047F:FFFF.003E: No inputs registered, leaving [ 686.553491][ T771] plantronics 0003:047F:FFFF.003E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 686.725617][ T312] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 686.815826][ T5985] usb 4-1: USB disconnect, device number 41 [ 686.880492][T13566] kvm: MONITOR instruction emulated as NOP! [ 687.043256][T13564] binder: 13563:13564 ioctl c0306201 20001a80 returned -14 [ 687.085696][ T312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 687.095416][ T312] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 687.108091][ T312] usb 2-1: New USB device found, idVendor=05ac, idProduct=027b, bcdDevice= 0.00 [ 687.117447][ T312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.126003][ T312] usb 2-1: config 0 descriptor?? [ 687.335629][ T5985] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 687.465595][ T39] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 687.606232][ T312] apple 0003:05AC:027B.003F: item fetching failed at offset 1/5 [ 687.613816][ T312] apple 0003:05AC:027B.003F: parse failed [ 687.619324][ T312] apple: probe of 0003:05AC:027B.003F failed with error -22 [ 687.705672][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 687.716403][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 687.725613][ T39] usb 3-1: Using ep0 maxpacket: 8 [ 687.725933][ T5985] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 687.743471][ T5985] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 687.752316][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.760808][ T5985] usb 1-1: config 0 descriptor?? [ 687.810745][ T771] usb 2-1: USB disconnect, device number 43 [ 687.819863][T13597] syz.4.3527[13597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 687.819935][T13597] syz.4.3527[13597] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 687.855679][ T39] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 687.875521][ T39] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 687.886560][ T39] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 688.076405][ T39] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 688.085421][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 688.093516][ T39] usb 3-1: Product: syz [ 688.097769][ T39] usb 3-1: Manufacturer: syz [ 688.102222][ T39] usb 3-1: SerialNumber: syz [ 688.246193][ T5985] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 688.253471][ T5985] plantronics 0003:047F:FFFF.0040: unknown main item tag 0x0 [ 688.260813][ T5985] plantronics 0003:047F:FFFF.0040: No inputs registered, leaving [ 688.270901][ T5985] plantronics 0003:047F:FFFF.0040: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 688.408743][T13621] loop1: detected capacity change from 0 to 256 [ 688.420560][T13621] FAT-fs (loop1): Directory bread(block 64) failed [ 688.427046][ T39] usb 3-1: 0:2 : does not exist [ 688.432429][T13621] FAT-fs (loop1): Directory bread(block 65) failed [ 688.454578][ T39] usb 3-1: USB disconnect, device number 43 [ 688.463784][T13621] FAT-fs (loop1): Directory bread(block 66) failed [ 688.471614][T13621] FAT-fs (loop1): Directory bread(block 67) failed [ 688.478119][T13621] FAT-fs (loop1): Directory bread(block 68) failed [ 688.484505][T13621] FAT-fs (loop1): Directory bread(block 69) failed [ 688.490903][T13621] FAT-fs (loop1): Directory bread(block 70) failed [ 688.497328][T13621] FAT-fs (loop1): Directory bread(block 71) failed [ 688.503638][T13621] FAT-fs (loop1): Directory bread(block 72) failed [ 688.509980][T13621] FAT-fs (loop1): Directory bread(block 73) failed [ 688.536429][ T877] usb 1-1: USB disconnect, device number 47 [ 688.557919][ T602] Bluetooth: hci0: Frame reassembly failed (-84) [ 689.635653][ T39] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 689.696170][ T877] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 689.697394][T13653] loop4: detected capacity change from 0 to 1024 [ 689.727420][T13653] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 689.742011][ T28] audit: type=1400 audit(2000008771.893:1022): avc: denied { map } for pid=13652 comm="syz.4.3548" path="/350/file1/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 689.770697][ T9256] EXT4-fs (loop4): unmounting filesystem. [ 690.015673][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 690.026568][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 690.036451][ T39] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 690.049320][ T39] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 690.055613][ T5985] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 690.058366][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.074232][ T39] usb 4-1: config 0 descriptor?? [ 690.079182][ T877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 690.090085][ T877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 690.099855][ T877] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 690.108950][ T877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.117257][ T877] usb 1-1: config 0 descriptor?? [ 690.435675][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 690.446424][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 690.455950][ T5985] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 690.464788][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.473141][ T5985] usb 5-1: config 0 descriptor?? [ 690.556301][ T39] acrux 0003:1A34:0802.0041: unknown main item tag 0x0 [ 690.563001][ T39] acrux 0003:1A34:0802.0041: unknown main item tag 0x0 [ 690.569747][ T39] acrux 0003:1A34:0802.0041: item fetching failed at offset 2/5 [ 690.586276][ T877] hid-steam 0003:28DE:1142.0042: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 690.595630][T13626] Bluetooth: hci0: command 0x1003 tx timeout [ 690.597215][ T39] acrux 0003:1A34:0802.0041: parse failed [ 690.602728][ T1220] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 690.613973][ T877] hid-steam 0003:28DE:1142.0043: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 690.635882][ T39] acrux: probe of 0003:1A34:0802.0041 failed with error -22 [ 690.646740][T13670] loop1: detected capacity change from 0 to 128 [ 690.654686][T13670] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 690.663441][T13670] ext4 filesystem being mounted at /336/mnt supports timestamps until 2038 (0x7fffffff) [ 690.678372][T13670] fscrypt: key with descriptor e8dab99234bb312e is too short (got 33 bytes, need 64+ bytes) [ 690.694002][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 690.708136][T13674] loop1: detected capacity change from 0 to 512 [ 690.717093][T13674] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 690.724862][T13674] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 690.732739][ T877] hid-steam 0003:28DE:1142.0042: Steam wireless receiver connected [ 690.732858][T13674] System zones: 0-1, 15-15, 18-18, 34-34 [ 690.747044][T13674] EXT4-fs (loop1): orphan cleanup on readonly fs [ 690.753211][T13674] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 690.762611][T13674] EXT4-fs warning (device loop1): ext4_enable_quotas:6999: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 690.777244][ T312] usb 4-1: USB disconnect, device number 42 [ 690.785028][ T4904] usb 1-1: USB disconnect, device number 48 [ 690.785864][T13674] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 690.797787][T13674] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz.1.3554: bad orphan inode 16 [ 690.800614][ T4904] hid-steam 0003:28DE:1142.0042: Steam wireless receiver disconnected [ 690.807719][T13674] ext4_test_bit(bit=15, block=18) = 1 [ 690.820810][T13674] is_bad_inode(inode)=0 [ 690.824772][T13674] NEXT_ORPHAN(inode)=0 [ 690.829045][T13674] max_ino=32 [ 690.832072][T13674] i_nlink=2 [ 690.835057][T13674] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 690.852886][T13674] fscrypt (loop1, inode 16): Error -61 getting encryption context [ 690.852965][ T28] audit: type=1400 audit(2000008773.003:1023): avc: denied { read } for pid=13673 comm="syz.1.3554" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 690.883863][T13674] fscrypt (loop1, inode 16): Error -61 getting encryption context [ 690.898033][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 690.957309][ T5985] hid-led 0003:1D34:000A.0044: ignoring exceeding usage max [ 691.175643][ T326] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 691.183502][ T5985] hid-led 0003:1D34:000A.0044: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0 [ 691.195874][ T5985] hid-led 0003:1D34:000A.0044: Dream Cheeky Webmail Notifier initialized [ 691.378205][ T5985] usb 5-1: USB disconnect, device number 38 [ 691.689546][T13698] loop2: detected capacity change from 0 to 256 [ 691.698787][ T28] audit: type=1400 audit(2000008773.853:1024): avc: denied { watch } for pid=13697 comm="syz.2.3562" path="/49/file0/file0" dev="loop2" ino=1049137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 691.755711][ T326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 691.767028][ T326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 691.780076][ T326] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 691.792888][ T4904] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 691.800408][ T326] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 691.809284][ T326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.817518][ T326] usb 2-1: config 0 descriptor?? [ 691.835671][T13681] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 692.183445][T13710] loop3: detected capacity change from 0 to 256 [ 692.189818][T13710] exfat: Deprecated parameter 'utf8' [ 692.194993][T13710] exfat: Deprecated parameter 'utf8' [ 692.202620][T13710] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x811ad48d, utbl_chksum : 0xe619d30d) [ 692.295672][ T4904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 692.306750][ T5985] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 692.318169][ T4904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 692.332342][ T326] plantronics 0003:047F:FFFF.0045: No inputs registered, leaving [ 692.340063][ T4904] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 692.353764][ T326] plantronics 0003:047F:FFFF.0045: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 692.367033][ T4904] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 692.376054][ T4904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.384237][ T4904] usb 1-1: config 0 descriptor?? [ 692.405739][T13689] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 692.588802][T13723] loop2: detected capacity change from 0 to 2048 [ 692.595776][ T39] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 692.606715][T13723] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 692.615321][T13723] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038 (0x7fffffff) [ 692.634150][T12904] EXT4-fs (loop2): unmounting filesystem. [ 692.705660][ T5985] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 692.715701][ T5985] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 692.728370][ T5985] usb 5-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00 [ 692.737415][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.916568][ T4904] plantronics 0003:047F:FFFF.0046: unknown main item tag 0xd [ 692.924661][ T4904] plantronics 0003:047F:FFFF.0046: No inputs registered, leaving [ 692.932778][ T5985] usb 5-1: config 0 descriptor?? [ 692.938702][ T4904] plantronics 0003:047F:FFFF.0046: hiddev97,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 692.976053][ T5985] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 692.995675][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 693.006420][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 693.016057][ T39] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 693.024921][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.033275][ T39] usb 4-1: config 0 descriptor?? [ 693.516540][ T39] logitech-djreceiver 0003:046D:C71B.0047: item fetching failed at offset 3/7 [ 693.525384][ T39] logitech-djreceiver 0003:046D:C71B.0047: logi_dj_probe: parse failed [ 693.533793][ T39] logitech-djreceiver: probe of 0003:046D:C71B.0047 failed with error -22 [ 693.554261][T13739] loop2: detected capacity change from 0 to 512 [ 693.562396][T13739] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.3575: casefold flag without casefold feature [ 693.575076][T13739] EXT4-fs (loop2): 1 truncate cleaned up [ 693.596901][ T39] usb 1-1: USB disconnect, device number 49 [ 693.719546][ T326] usb 4-1: USB disconnect, device number 43 [ 693.965623][ T877] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 694.224688][T13761] loop1: detected capacity change from 0 to 40427 [ 694.231031][ T877] usb 3-1: Using ep0 maxpacket: 16 [ 694.235462][T13763] loop3: detected capacity change from 0 to 512 [ 694.242272][T13763] EXT4-fs: Ignoring removed oldalloc option [ 694.248338][T13763] EXT4-fs: Ignoring removed mblk_io_submit option [ 694.254719][T13761] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 694.258561][T13763] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 694.261889][T13761] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 694.270605][T13763] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002] [ 694.277737][T13761] F2FS-fs (loop1): fault_injection options not supported [ 694.285632][T13763] System zones: 1-12 [ 694.292704][T13761] F2FS-fs (loop1): invalid crc value [ 694.297086][T13763] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz.3.3586: corrupted in-inode xattr [ 694.302290][T13761] F2FS-fs (loop1): Found nat_bits in checkpoint [ 694.313277][T13763] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.3586: couldn't read orphan inode 15 (err -117) [ 694.348914][T13761] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 694.352735][ T28] audit: type=1400 audit(2000008776.503:1025): avc: denied { watch_reads } for pid=13762 comm="syz.3.3586" path="/274/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 694.355994][T13761] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 694.407752][ T60] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 694.418582][ T5985] usb 2-1: USB disconnect, device number 44 [ 694.430019][T13761] syz.1.3585: attempt to access beyond end of device [ 694.430019][T13761] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 694.625707][ T877] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 694.634746][ T877] usb 3-1: New USB device strings: Mfr=1, Product=58, SerialNumber=231 [ 694.642896][ T877] usb 3-1: Product: syz [ 694.646888][ T877] usb 3-1: Manufacturer: syz [ 694.651264][ T877] usb 3-1: SerialNumber: syz [ 694.665772][ T877] usb 3-1: config 0 descriptor?? [ 694.705646][ T60] usb 1-1: Using ep0 maxpacket: 16 [ 694.712565][ T877] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 694.721334][ T877] usb 3-1: Detected FT232H [ 694.845651][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 694.856397][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 694.865929][ T60] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 694.874757][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.883408][ T60] usb 1-1: config 0 descriptor?? [ 694.925715][ T877] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 694.945707][ T877] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 694.975644][ T877] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 694.982426][ T877] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 694.991022][ T877] usb 3-1: USB disconnect, device number 44 [ 694.998284][ T877] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 695.007576][ T877] ftdi_sio 3-1:0.0: device disconnected [ 695.046095][ T771] usb 5-1: USB disconnect, device number 39 [ 695.082975][T13786] loop4: detected capacity change from 0 to 16 [ 695.089416][T13786] erofs: (device loop4): mounted with root inode @ nid 36. [ 695.297144][T13796] netlink: 172 bytes leftover after parsing attributes in process `syz.3.3597'. [ 695.356370][ T60] lenovo 0003:17EF:6009.0048: item fetching failed at offset 1/5 [ 695.375687][ T60] lenovo 0003:17EF:6009.0048: hid_parse failed [ 695.381658][ T60] lenovo: probe of 0003:17EF:6009.0048 failed with error -22 [ 695.545646][ T771] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 695.605859][ T877] usb 1-1: USB disconnect, device number 50 [ 695.755601][ T5985] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 695.797950][T13807] loop2: detected capacity change from 0 to 40427 [ 695.804674][T13807] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 695.812378][T13807] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 695.822219][T13807] F2FS-fs (loop2): Found nat_bits in checkpoint [ 695.845341][T13807] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 695.852254][T13807] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 696.195582][ T5985] usb 4-1: Using ep0 maxpacket: 16 [ 696.795628][ T771] usb 5-1: unable to read config index 0 descriptor/all [ 696.807475][ T771] usb 5-1: can't read configurations, error -71 [ 696.927550][T13826] loop1: detected capacity change from 0 to 512 [ 697.014231][T13826] EXT4-fs: Ignoring removed nobh option [ 697.075347][ T5985] usb 4-1: device descriptor read/all, error -71 [ 697.079030][T13826] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 697.092744][T13826] EXT4-fs (loop1): orphan cleanup on readonly fs [ 697.099710][T13826] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3845: comm syz.1.3604: Allocating blocks 41-42 which overlap fs metadata [ 697.113795][T13826] EXT4-fs (loop1): Remounting filesystem read-only [ 697.120626][T13826] Quota error (device loop1): write_blk: dquota write failed [ 697.129411][T13826] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 697.139428][T13826] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.3604: Failed to acquire dquot type 0 [ 697.152682][T13826] EXT4-fs (loop1): 1 truncate cleaned up [ 697.158349][T13826] EXT4-fs (loop1): pa ffff888110e85498: logic 1, phys. 41, len 23 [ 697.166037][T13826] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 697.182006][T13818] fuse: Bad value for 'fd' [ 697.921070][T13857] loop3: detected capacity change from 0 to 256 [ 697.934101][T13858] netem: change failed [ 697.953323][T13857] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 697.976184][T13860] futex_wake_op: syz.0.3618 tries to shift op by 144; fix this program [ 697.989362][ T28] audit: type=1400 audit(2000008780.143:1026): avc: denied { execute } for pid=13855 comm="syz.3.3616" path="/282/file0/cpuacct.usage_sys" dev="loop3" ino=1049139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 698.060294][T13869] loop2: detected capacity change from 0 to 512 [ 698.072842][T13869] EXT4-fs: Ignoring removed nobh option [ 698.103911][T13869] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 698.142296][T13869] EXT4-fs (loop2): orphan cleanup on readonly fs [ 698.159828][T13869] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3845: comm syz.2.3619: Allocating blocks 41-42 which overlap fs metadata [ 698.174915][T13869] EXT4-fs (loop2): Remounting filesystem read-only [ 698.175139][T13882] SELinux: failed to load policy [ 698.181669][T13869] Quota error (device loop2): write_blk: dquota write failed [ 698.193651][T13869] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 698.205023][T13869] EXT4-fs error (device loop2): ext4_acquire_dquot:6764: comm syz.2.3619: Failed to acquire dquot type 0 [ 698.245969][T13869] EXT4-fs (loop2): 1 truncate cleaned up [ 698.251617][T13869] EXT4-fs (loop2): pa ffff888110e85e70: logic 1, phys. 41, len 23 [ 698.259287][T13869] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 698.271491][T13869] EXT4-fs mount: 6 callbacks suppressed [ 698.271516][T13869] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 698.308089][ T28] audit: type=1400 audit(2000008780.463:1027): avc: denied { write } for pid=13887 comm="syz.0.3631" name="usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 698.339292][T13869] fuse: Bad value for 'fd' [ 698.373830][T13892] input: syz1 as /devices/virtual/input/input61 [ 698.377740][T13895] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsŧ‘Ì [ 699.168233][T12904] EXT4-fs (loop2): unmounting filesystem. [ 699.316205][ T312] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 699.363969][ T28] audit: type=1400 audit(2000008781.513:1028): avc: denied { create } for pid=13922 comm="syz.3.3646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 699.568843][ T28] audit: type=1400 audit(2000008781.723:1029): avc: denied { create } for pid=13935 comm="syz.4.3648" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=key permissive=1 [ 699.616613][T13942] SELinux: truncated policydb string identifier [ 699.626863][ T28] audit: type=1400 audit(2000008781.783:1030): avc: denied { mounton } for pid=13943 comm="syz.1.3652" path="/352/file0" dev="tmpfs" ino=1850 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 699.627097][T13942] SELinux: failed to load policy [ 699.885786][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 699.961144][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 699.970757][ T312] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 699.979583][ T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.988001][ T312] usb 1-1: config 0 descriptor?? [ 700.025772][ T5985] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 700.265667][ T5985] usb 4-1: Using ep0 maxpacket: 8 [ 700.385658][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 700.396402][ T5985] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.406040][ T5985] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 700.414878][ T5985] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.423537][ T5985] usb 4-1: config 0 descriptor?? [ 700.466634][ T312] lg-g15 0003:046D:C222.0049: item 0 2 0 8 parsing failed [ 700.473725][ T312] lg-g15: probe of 0003:046D:C222.0049 failed with error -22 [ 700.593307][T13970] loop1: detected capacity change from 0 to 512 [ 700.607348][T13970] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 700.616235][T13970] ext4 filesystem being mounted at /356/file0 supports timestamps until 2038 (0x7fffffff) [ 700.632022][ T28] audit: type=1400 audit(2000008782.783:1031): avc: denied { rename } for pid=13969 comm="syz.1.3662" name="#92" dev="loop1" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 700.640244][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.670990][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.673512][ T60] usb 1-1: USB disconnect, device number 51 [ 700.687516][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.708544][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.724653][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.740728][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.757075][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.773324][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.789414][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.805514][ T8930] EXT4-fs error (device loop1): ext4_empty_dir:3120: inode #11: block 8: comm syz-executor: Attempting to read directory block (8) that is past i_size (16390) [ 700.821372][ T312] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 700.877129][T12986] tipc: Disabling bearer [ 700.877666][ T8930] EXT4-fs (loop1): unmounting filesystem. [ 700.882346][T12986] tipc: Left network mode [ 700.906604][ T5985] kone 0003:1E7D:2CED.004A: collection stack underflow [ 700.913368][ T5985] kone 0003:1E7D:2CED.004A: item 0 1 0 12 parsing failed [ 700.920334][ T5985] kone 0003:1E7D:2CED.004A: parse failed [ 700.933304][ T5985] kone: probe of 0003:1E7D:2CED.004A failed with error -22 [ 701.008909][T13975] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.016025][T13975] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.023130][T13975] device bridge_slave_0 entered promiscuous mode [ 701.031573][T13975] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.038486][T13975] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.045620][T13975] device bridge_slave_1 entered promiscuous mode [ 701.111622][ T60] usb 4-1: USB disconnect, device number 46 [ 701.140260][T13982] loop2: detected capacity change from 0 to 512 [ 701.147594][T13982] EXT4-fs: Ignoring removed nobh option [ 701.154005][T13982] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 701.154947][T13975] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.164179][T13982] EXT4-fs (loop2): orphan cleanup on readonly fs [ 701.169732][T13975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 701.169819][T13975] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.176770][T13982] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3845: comm syz.2.3666: Allocating blocks 41-42 which overlap fs metadata [ 701.182918][T13975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.190160][T13982] EXT4-fs (loop2): Remounting filesystem read-only [ 701.215651][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.216729][T13982] EXT4-fs error (device loop2): ext4_acquire_dquot:6764: comm syz.2.3666: Failed to acquire dquot type 0 [ 701.238842][T13982] EXT4-fs (loop2): 1 truncate cleaned up [ 701.243655][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.264517][ T312] usb 5-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00 [ 701.273701][ T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.277984][T13985] SELinux: policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c [ 701.285018][T13975] device veth0_vlan entered promiscuous mode [ 701.292044][T13985] SELinux: failed to load policy [ 701.302563][T13982] EXT4-fs (loop2): pa ffff888110e85348: logic 1, phys. 41, len 23 [ 701.302720][ T312] usb 5-1: config 0 descriptor?? [ 701.310229][T13982] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 701.318337][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 701.333014][T13982] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 701.342413][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 701.367894][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 701.380735][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 701.380939][T13982] fuse: Bad value for 'fd' [ 701.388959][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 701.401558][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 701.410625][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 701.418653][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 701.426122][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 701.446087][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 701.455535][T13975] device veth1_macvtap entered promiscuous mode [ 701.469312][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 701.484302][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 701.562024][T12904] EXT4-fs (loop2): unmounting filesystem. [ 701.577980][T12986] device bridge_slave_1 left promiscuous mode [ 701.582897][T13995] loop1: detected capacity change from 0 to 2048 [ 701.583926][T12986] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.597484][T12986] device bridge_slave_0 left promiscuous mode [ 701.603520][T12986] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.611663][T12986] device veth1_macvtap left promiscuous mode [ 701.618737][T13995] Alternate GPT is invalid, using primary GPT. [ 701.624754][T13995] loop1: p1 p2 p3 [ 701.628920][T12986] device veth0_vlan left promiscuous mode [ 701.659040][ T102] Alternate GPT is invalid, using primary GPT. [ 701.665649][ T102] loop1: p1 p2 p3 [ 701.686558][ T2309] udevd[2309]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 701.697474][ T316] udevd[316]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 701.714953][ T418] udevd[418]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 702.312461][ T877] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 702.368399][ T2309] udevd[2309]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 702.378875][ T418] udevd[418]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 702.389655][ T316] udevd[316]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 702.469140][ T312] sony 0003:12BA:0100.004B: hidraw0: USB HID vff.ff Device [HID 12ba:0100] on usb-dummy_hcd.4-1/input0 [ 702.480070][ T312] sony 0003:12BA:0100.004B: failed to claim input [ 702.505597][ T60] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 702.595687][ T877] usb 1-1: Using ep0 maxpacket: 32 [ 702.745916][ T877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 702.775650][ T60] usb 4-1: Using ep0 maxpacket: 16 [ 702.808368][ T877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 702.827590][T14012] tipc: Enabling of bearer rejected, already enabled [ 702.838759][ T877] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 702.848106][ T877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.859692][ T877] usb 1-1: config 0 descriptor?? [ 702.866592][ T771] usb 5-1: USB disconnect, device number 42 [ 702.876718][T13989] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 702.899417][ T877] hub 1-1:0.0: USB hub found [ 702.922944][T14015] loop1: detected capacity change from 0 to 40427 [ 702.929726][T14015] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 702.937353][T14015] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 702.945814][T14015] F2FS-fs (loop1): invalid crc value [ 702.952402][T14015] F2FS-fs (loop1): Found nat_bits in checkpoint [ 702.980597][T14015] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 702.987531][T14015] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 703.010654][T13975] syz-executor: attempt to access beyond end of device [ 703.010654][T13975] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 703.108199][ T877] hub 1-1:0.0: 2 ports detected [ 703.112958][ T60] usb 4-1: New USB device found, idVendor=114b, idProduct=0110, bcdDevice=55.87 [ 703.125679][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.132393][T14024] loop1: detected capacity change from 0 to 512 [ 703.133575][ T60] usb 4-1: Product: syz [ 703.142212][T14024] EXT4-fs: Ignoring removed bh option [ 703.144863][ T60] usb 4-1: Manufacturer: syz [ 703.154407][ T60] usb 4-1: SerialNumber: syz [ 703.155004][T14024] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.3679: inode #11614: comm syz.1.3679: iget: illegal inode # [ 703.162423][ T60] usb 4-1: config 0 descriptor?? [ 703.172634][T14024] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.3679: error while reading EA inode 11614 err=-117 [ 703.189597][T14024] EXT4-fs (loop1): 1 truncate cleaned up [ 703.195035][T14024] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 703.214944][T13975] EXT4-fs (loop1): unmounting filesystem. [ 703.220968][ T60] usb-storage 4-1:0.0: USB Mass Storage device detected [ 703.240975][T14031] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3681'. [ 703.315958][T14036] loop1: detected capacity change from 0 to 512 [ 703.326904][T14036] EXT4-fs: Ignoring removed nobh option [ 703.332972][T14036] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 703.346075][T14041] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3684'. [ 703.414585][T14036] EXT4-fs (loop1): orphan cleanup on readonly fs [ 703.429559][ T326] usb 4-1: USB disconnect, device number 47 [ 704.185051][T14036] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3845: comm syz.1.3682: Allocating blocks 41-42 which overlap fs metadata [ 704.206880][T14036] EXT4-fs (loop1): Remounting filesystem read-only [ 704.213407][T14036] __quota_error: 3 callbacks suppressed [ 704.213430][T14036] Quota error (device loop1): write_blk: dquota write failed [ 704.226329][T14036] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 704.236485][T14036] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.3682: Failed to acquire dquot type 0 [ 704.276351][T14036] EXT4-fs (loop1): 1 truncate cleaned up [ 704.291505][T14036] EXT4-fs (loop1): pa ffff888110e85bd0: logic 1, phys. 41, len 23 [ 704.299210][T14036] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 704.349160][T14036] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 704.445649][ T877] usb 1-1: USB disconnect, device number 52 [ 705.015662][T14036] fuse: Bad value for 'fd' [ 705.592204][T13975] EXT4-fs (loop1): unmounting filesystem. [ 705.726590][T14082] tipc: Started in network mode [ 705.731367][T14082] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 705.740287][T14082] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 705.748514][T14082] tipc: Enabled bearer , priority 0 [ 705.915693][ T797] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 706.013243][T14096] syz.4.3706[14096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 706.013287][T14096] syz.4.3706[14096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 706.115620][ T4904] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 706.157276][T14110] loop4: detected capacity change from 0 to 128 [ 706.207449][T14118] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 706.219005][T14118] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 706.227247][T14118] CPU: 0 PID: 14118 Comm: syz.4.3717 Tainted: G W 6.1.93-syzkaller-00013-g814dd5bfa8b1 #0 [ 706.238442][T14118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 706.248339][T14118] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 [ 706.254413][T14118] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 9c 00 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 81 2e 25 00 48 89 5c 24 18 4c 8b [ 706.273858][T14118] RSP: 0018:ffffc900030676a0 EFLAGS: 00010246 [ 706.279756][T14118] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 706.287570][T14118] RDX: ffffc9000537d000 RSI: 0000000000000113 RDI: 0000000000000114 [ 706.295380][T14118] RBP: ffffc900030677f0 R08: ffffffff841339cd R09: ffffffff841338eb [ 706.303191][T14118] R10: 0000000000000004 R11: ffff888115dd8000 R12: dffffc0000000000 [ 706.311004][T14118] R13: ffff8881177bdc80 R14: 1ffff9200060cee0 R15: dffffc0000000000 [ 706.318815][T14118] FS: 00007f948a2c36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 706.327581][T14118] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 706.334002][T14118] CR2: 0000000020003000 CR3: 000000014bb58000 CR4: 00000000003506b0 [ 706.341817][T14118] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 706.349625][T14118] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 706.357437][T14118] Call Trace: [ 706.360572][T14118] [ 706.363341][T14118] ? __die_body+0x62/0xb0 [ 706.367505][T14118] ? die_addr+0x9f/0xd0 [ 706.371498][T14118] ? exc_general_protection+0x317/0x4c0 [ 706.376883][T14118] ? asm_exc_general_protection+0x27/0x30 [ 706.382433][T14118] ? xdp_do_generic_redirect+0x32b/0xb40 [ 706.387902][T14118] ? xdp_do_generic_redirect+0x40d/0xb40 [ 706.393382][T14118] ? dev_map_generic_redirect+0x90/0x7d0 [ 706.398840][T14118] ? kasan_quarantine_put+0x34/0x1a0 [ 706.403958][T14118] ? kfree+0x7a/0xf0 [ 706.407692][T14118] ? bq_enqueue+0x3e0/0x3e0 [ 706.412033][T14118] ? bpf_prog_run_generic_xdp+0xa35/0x1200 [ 706.417675][T14118] xdp_do_generic_redirect+0x42e/0xb40 [ 706.422969][T14118] do_xdp_generic+0x53e/0x800 [ 706.427484][T14118] ? generic_xdp_tx+0x560/0x560 [ 706.432169][T14118] ? tun_get_user+0x2340/0x3a90 [ 706.436855][T14118] tun_get_user+0x238a/0x3a90 [ 706.441368][T14118] ? cpu_curr_snapshot+0x90/0x90 [ 706.446140][T14118] ? tun_do_read+0x2000/0x2000 [ 706.450742][T14118] ? ref_tracker_alloc+0x31d/0x450 [ 706.455692][T14118] ? ref_tracker_dir_print+0x160/0x160 [ 706.460985][T14118] ? avc_policy_seqno+0x1b/0x70 [ 706.465675][T14118] ? tun_get+0xe9/0x120 [ 706.469662][T14118] tun_chr_write_iter+0x129/0x210 [ 706.474522][T14118] vfs_write+0x902/0xeb0 [ 706.478698][T14118] ? file_end_write+0x1c0/0x1c0 [ 706.483378][T14118] ? do_futex+0x501/0x9a0 [ 706.487676][T14118] ? __fget_files+0x2cb/0x330 [ 706.492278][T14118] ? __fdget_pos+0x204/0x390 [ 706.496693][T14118] ? ksys_write+0x77/0x2c0 [ 706.500947][T14118] ksys_write+0x199/0x2c0 [ 706.505115][T14118] ? save_fpregs_to_fpstate+0x220/0x220 [ 706.510496][T14118] ? __ia32_sys_read+0x90/0x90 [ 706.515098][T14118] ? fpregs_restore_userregs+0x130/0x290 [ 706.520565][T14118] __x64_sys_write+0x7b/0x90 [ 706.524989][T14118] x64_sys_call+0x2f/0x9a0 [ 706.529244][T14118] do_syscall_64+0x3b/0xb0 [ 706.533495][T14118] ? clear_bhb_loop+0x55/0xb0 [ 706.538007][T14118] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 706.543736][T14118] RIP: 0033:0x7f948957c9df [ 706.547989][T14118] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 706.567433][T14118] RSP: 002b:00007f948a2c3000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 706.575677][T14118] RAX: ffffffffffffffda RBX: 00007f9489735f80 RCX: 00007f948957c9df [ 706.583486][T14118] RDX: 0000000000000d86 RSI: 0000000020002340 RDI: 00000000000000c8 [ 706.591298][T14118] RBP: 00007f94895f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 706.599108][T14118] R10: 0000000000000d86 R11: 0000000000000293 R12: 0000000000000000 [ 706.606921][T14118] R13: 0000000000000000 R14: 00007f9489735f80 R15: 00007ffe78c21848 [ 706.614738][T14118] [ 706.617603][T14118] Modules linked in: [ 706.621407][T14118] ---[ end trace 0000000000000000 ]--- [ 706.621441][ T797] usb 1-1: Using ep0 maxpacket: 32 [ 706.626648][T14118] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 [ 706.637674][T14118] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 9c 00 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 81 2e 25 00 48 89 5c 24 18 4c 8b [ 706.657196][T14118] RSP: 0018:ffffc900030676a0 EFLAGS: 00010246 [ 706.663165][T14118] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 706.670990][T14118] RDX: ffffc9000537d000 RSI: 0000000000000113 RDI: 0000000000000114 [ 706.678802][T14118] RBP: ffffc900030677f0 R08: ffffffff841339cd R09: ffffffff841338eb [ 706.686622][T14118] R10: 0000000000000004 R11: ffff888115dd8000 R12: dffffc0000000000 [ 706.694409][T14118] R13: ffff8881177bdc80 R14: 1ffff9200060cee0 R15: dffffc0000000000 [ 706.702246][T14118] FS: 00007f948a2c36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 706.711003][T14118] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 706.717436][T14118] CR2: 0000000020003000 CR3: 000000014bb58000 CR4: 00000000003506b0 [ 706.725225][T14118] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 706.733059][T14118] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 706.740861][T14118] Kernel panic - not syncing: Fatal exception in interrupt [ 706.748074][T14118] Kernel Offset: disabled [ 706.752192][T14118] Rebooting in 86400 seconds..