last executing test programs: 3.236252152s ago: executing program 3 (id=1294): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x26, 0x0, 0x40f00, 0x6b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff7}]}) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pwrite64(r2, &(0x7f0000000080)='3', 0x500, 0x0) 3.167118159s ago: executing program 3 (id=1295): r0 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfb, 0x400000}, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x0) 3.166521699s ago: executing program 1 (id=1306): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@resuid}, {@stripe}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x20000000) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r1, 0x0, 0x0) 3.121399273s ago: executing program 3 (id=1298): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r1) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x28, r3, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x28}}, 0x0) 3.04090308s ago: executing program 3 (id=1300): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file1\x00', 0x2000000, &(0x7f00000000c0)={[{@jqfmt_vfsold}, {@noquota}, {@errors_continue}, {@mb_optimize_scan}, {@init_itable_val={'init_itable', 0x3d, 0x400}}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@bsdgroups}]}, 0xfe, 0x453, &(0x7f0000000900)="$eJzs3MtvG0UYAPBv/UjfJJTyaGkhUBAVj6RJH/SAkEAgcQAJCQ5FnEKSVqFug5og0SqCwCEcUSXuiCMSfwEXygUBJySucEdIEcqlhZPR2rupm9h5OnGpfz9p6xnPNjPfzo49O2s7gK7Vn/6TROyNiN8joreevX2H/vrDzYWZ0X8WZkaTqFbf+jup7XdjYWY037WQPe6p/81qNcu/2KTeuXcjRiqV8ctZfnD64geDU1euPjdxceT8+PnxS8Nnzpw8caTn9PCptsSZxnXj0MeThw++9s61N0bPXnvv52/T9u/NyhvjaJf++tFt6sl2V9Zh+xrSSamDDWFdihGRdle5Nv57oxi7Fst649XPOto4YEtVq4XqjtbFs1XgLpZO1IFulL/Rp9e/+bZNU487wvxL9QugNO6b2VYvKS2uZ5Sza6St0B8RZ2f//SrdYovWIQAAGl1P5z/PNpv/FeKBhv3uye6h9EXEvRGxPyLui4gDEXF/RG3fByPioXXWv/QOyfL5T7V3Q4GtUTr/eyG7t3X7/C+f/UVfMcvtq8VfTs5NVMaPZ8fkWJR3pPmhFer44ZXfvmhV1jj/S7e0/nwumLXjr9KSBbqxkemRzcTcaP7TiEOlZvEni3PeJCIORsShDdYx8fQ3h1uVrR7/CtowKa9+HfFUvf9nY0n8uaTl/cmh508PnxrcGZXx44P5WbHcL7/Ovdmq/k3F3wbz16uxu+n5vxh/X7IzYurK1Qu1+7VT669j7o/PW17TlDZ4/vckb9fSPdlzH41MT18eiuhJXl/+/PCt/5vn8/3T8//Y0ebjf3/cOhIPR0R6Eh+JiEci4tGs7x6LiMcj4ugK8f/08hPvtypr3f8rrMq3URr/2Gr9H439v/5E8cKP360//lza/ydrqWPZM2t5/VtrAzdz7AAAAOD/olD7DHxSGFhMFwoDA/XP8B+I3YXK5NT0M+cmP7w0Vv+sfF+UC/lKV2/DeuhQtjac54eX5E9k68ZfFnfV8gOjk5WxTgcPXW5Pi/Gf+rPY6dYBW873taB7Gf/QvYx/6F7GP3Qv4x+6V7Px/0kH2gFsv1Xe/3dtVzuA7Wf+D93L+IfuZfxDV2r53fjCpr7yL9GhxPc9m/uthrUnonCHhHzXJMrRtKi05h+z2GBiR9OiTr8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtMd/AQAA//8Bx+M8") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000071000040"]) 2.982977386s ago: executing program 1 (id=1303): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001880), 0x2, 0x0) r1 = eventfd2(0x5664, 0x1) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000000)={0x0, r1}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000080)={0x0, r1}) dup3(r2, r0, 0x80000) 2.892361344s ago: executing program 3 (id=1305): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x400, &(0x7f0000000000)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x1, 0x4a6, &(0x7f0000000a40)="$eJzs3c9rXNUeAPDvzDRpkua9/niPR9sHr4U+6HtKM/mBNFEXulIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLvzKT5NXXQNAO5nw/czrn33M73nAzfw51z750bQGadTv7JRQxGxBcRcbixunmH042XtbvXp5IlF/X6xe9z6X7JemvX1v87FBGrEdEXEc89FfFybnvc6vLK7GS5XFpsrhdrcwvF6vLKuStzkzOlmdL8yPj5iYnx4bHRiV3r6803X7154eNnej/6+Y07t9/69JOkWYPNuo392E2NrvfE0Q3bDkTE4w8iWBcUmv3p73ZD+FOSz+8fEXEmzf/DUUg/TSAL6vV6/bf6wXbVq3Vg38qnx8C5/FBENMr5/NBQ4xj+nzGQL1eqtYcvV5bmpxvHykeiJ3/5Srk03PyucCR6csn6SFq+tz66ZX0sIj0GfrvQn64PTVXK03s71AFbHNqS/z8VGvkPZISv/JBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yH7JL/kMmPXvhQrLUW/e/T19dXpqtXD03XarODs0tTQ1NVRYXhmYqlZn0np25P3q/cqWyMPJILF0r1krVWrG6vHJprrI0X7uU3td/qdSzJ70COnH01K2vchGx+mh/uiR6m3VyFfa3ej0X3b4HGeiOQrcHIKBrTP1BdvmOD+zwE72b9LWrWNj9tgB7I9/tBgBdc/aE83+QVeb/IbvM/0N2OcYHzP9D9pj/h+wabPP8r79teHbXcET8PSK+LPQcbD3rC9gP8t/mmsf/Zw//d3BrbW/ul/QUQW9EvPb+xXevTdZqiyPJ9h/Wt9fea24f7Ub7gU618rSVxwBAdq3dvT7VWvYy7ndPNi5C2B7/QHNusi89Rzmwltt0rUJul65dWL0REcd3ip9rPu+8ceZjYK2wLf6x5muu8RZpew+kz03fm/gnNsT/z4b4J//yXwWy4VYy/gzvlH/5NKdjPf82jz+Du3TtRPvxL78+/hXajH+nOozxygevf9M2/o2IkzvGb8XrS2NtjZ+07WyH8e+8+Py/2tXVP2y8z07xW5JSsTa3UKwur5xLf0dupjQ/Mn5+YmJ8eGx0opjOURdbM9XbPXb889v36/9Am/jt+v9Es03/77D/v/77sxdO3yf+/87s/PkfaxM/0R8RD3UY/8fRr19qV5fEn27T//x94ifbxjqMX33n6YMd7goA7IHq8srsZLlcWlRQUFBYL3R7ZAIetHtJ3+2WAAAAAAAAAAAAAJ3ai8uJu91HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID94PcAAAD//5j81ps=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f00000001c0)=0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x200c840, &(0x7f0000000080)={[{@discard}, {@noload}]}, 0x64, 0x526, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDveO0l2c3WKXCAHkqhRdkVrJ00tI04lCIhOFUCyn0JiRNFceIocdpNVNFE/AFcECBxggsXJP4DVIkLxwqpCM4gikAItnDgAAwae5zNZu04uzh26nw+0uy8N7++73n3jefNvB0HcGk9ExGvRMR/0zS9FRHlfHkhn+KgPWXbvX/vzaVsSiJNX/tbEkm+rHOsJJ9fz3ebiIivfyXiW8nDcXf29tcX6/Xadp6vNje2qjt7+7fXNhZXa6u1zfn5uRcXXlp4YWF2IPW8EREvf+lP3//uT7/88i8++8Yf7vzl5rezYk3l64/X4xEVT1vZrnqp9Vkc32H7MYNdRMVWDXOTZ9vn8BzLAwBAb9k1/ocj4lMRcSvKceX0y1kAAADgAyj9wlT8O4lIu7vabeFE9NweAAAAuIAKrTGwSaGSjwWYikKhUmmP4f1oXEvfimh+ZqWxu7ncHis7HaXCylq9NpuPFZ6OUpLl51rp+/nn2/nD9yJa+fmIeDIivleebOUrS4368qhvfgAAAMAlcf1E//+f5Xb/HwAAABgz06MuAAAAAHDu9P8BAABg/On/AwAAwFj76quvZlPa+f3r5df3dtcbr99eru2sVzZ2lypLje2tymqjsdp6Z99Gv+PVG42tz8Xm7t1qs7bTrO7s7d/ZaOxuNu+sPfAT2AAAAMAQPfmJt3+XRMTB5ydbU+Zqj22vDLVkwHkrHqWSfN6l9f/+ifb8vSEVChiKft/pvykPqSDA0BVHXQBgZEqPsrH/JwBjKemzvufgnXfy+ScHWx4AAGDwZj7e+/l/4dQ9D05fDVx4GjFcXkfP/3sN+gPGVuv5/1nbvosFGCslo/rh0uv7/L/XAIB3zhohTR+tRAAAwKBNtaakUMlv701FoVCpRNxoDfcvJStr9dpsRDwREb8tlz6U5edaeyZ9+wwAAAAAAAAAAAAAAAAAAAAAAAAAQFuaJpECAAAAYy2i8Ofkl+13+c+Un5s6eX/gavKvcuQ/EfrGj177wd3FZnN7Llv+96PlzR/my58fxR0MAAAA4KROP73TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQXr/3ptLnWmYcf/6xYiY7ha/GBOt+USUIuLaP5IoHtsviYgrA4h/cBgRH+sWP8mKdRSyW/zJ848f0/mn0C3+9QHEh8vs7ez880rW/q5GxPH2V4hnWvPu7a8Y8UD+cbXOf9kJrsv5t3P+u9Kj/d84cazpHjGeevfn1Z7xDyOeKnY//3TiJz3iP3vGOn7zG/v7vdalP46Y6fr9kzwQq9rc2Kru7O3fXttYXK2t1jbn5+deXHhp4YWF2erKWr2W//nQ8Ut9ypbV/1qP+NN96v/cGev/n3fv3vtIj+Jk8W8+2yX+r36Sb/Fw/EL+3ffpPJ2tn+mkD9rp457+2a+fPq3+yz3q3+/v/+YZ63/ra9/549FOAMDI7eztry/W67XtsU1kvfQLUAyJx0uc6z/RtwZ6wDRN06xN/R/HSWLkH3gnMeozEwAAMGj3L/pHXRIAAAAAAAAAAAAAAAAAAAC4vIbxOrGTMQ+OUskgXqENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQ/wsAAP//Yu/R8g==") io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}]) ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000680)={0x58f5, 0xfffe, 0x1, 0x5, 0x14, 0x0, 0x2401}) 2.671702734s ago: executing program 3 (id=1310): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x150, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0x8}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x0, 0x20}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.442407195s ago: executing program 2 (id=1317): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000a40)=[{&(0x7f00000005c0)="c2c10b270d21c75ca6ebfb5b86dd", 0xe}, {&(0x7f0000000100)="974111ae5e972fd42356f2a399ce1ec4561165c32bdc8c8e11ea78d218e2caf0de3f0a7e792c480db82f127f", 0x2c}], 0x2) 2.301997578s ago: executing program 2 (id=1318): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f000001a000/0x3000)=nil, 0x3000, 0xf, 0x11012, r1, 0x0) pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.279526781s ago: executing program 2 (id=1319): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x801, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 2.211676157s ago: executing program 2 (id=1320): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) dup3(r1, r0, 0x0) listen(r0, 0x0) 2.211460737s ago: executing program 2 (id=1321): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000040d90455a000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000ac0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "000200"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.568350626s ago: executing program 1 (id=1308): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1804000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xe, 0x0, &(0x7f0000000440)="c8df14c8586aa5611cfb29bf7234", 0x0, 0x6dcc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.436589438s ago: executing program 1 (id=1329): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$vga_arbiter(r0, &(0x7f0000000000)=@other={'lock', ' ', 'io'}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pselect6(0x40, &(0x7f0000000580), 0x0, &(0x7f0000000d00)={0xd0}, 0x0, 0x0) close(r0) 1.005321028s ago: executing program 4 (id=1335): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001880), 0x2, 0x0) r1 = eventfd2(0x5664, 0x1) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000000)={0x0, r1}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000080)={0x0, r1}) dup3(r2, r0, 0x80000) 977.94675ms ago: executing program 4 (id=1338): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000003200)='./file2\x00', 0x4204, &(0x7f0000003240)=ANY=[], 0x2, 0x32f, &(0x7f0000000540)="$eJzs3E1rG0cYwPFHr5ZkbOlQWlooHtpLe1lstedSUWwoFdTYVqldKKztVSu0lYxWuKiU2j71WnrPKZCD8dE3Q5Iv4EtuySWX3HwJ5BAfkmzYN+vdlhUZOfb/B2FHM/NIMzuj8Ozi1cnP//1RLlpaUa9LOKEkJCJyKpKRsARC/jHsluPSale+nHzx+NPl1bUfcvn8/JJSC7mVr7JKqemZ+3/+nfS7HU3IcebXk+fZZ8cfHn988mbl95KlSpaqVOtKV+vVp3V93TTUZskqa0otmoZuGapUsYya11712otmdWurofTK5lRqq2ZYltIrDVU2GqpeVfVaQ+m/6aWK0jRNTaUEFynsLy3puSGDN0Y8GFyRWi2nR0Qk2dVS2B/LgAAAwFh15v9hJ6UfKv+XaTf/dzo38/+Dzx7WJ386nPbz/6N4r/z/6yfee7Xl/wkRGSb/vyOXyP+7M6Lb5Z3yf1wPM/GuqlDbKyf/T/nfX9feLwezboH8HwAAAAAAAAAAAAAAAAAAAACA98Gpbadt204Hx+Bf8xEC/zVupH7rPyEiCWf1bdb/JlteXZOE++Ces8bmv9uF7YJ3dFpf2x4xZFbS8srdD0Gd2Hbw5JFyZOSBuePH72wXIm5LriglMcWQOUlLpjPethe+z8/PKY8ff/aYUqo1Pitp+aB3fLY93v/8uHzxeUu8Jml5tCFVMWXT3dfN+H/mlPrux3xHfNLtBwAAAADATaCpMz2v3zWtX7v3KyO5onubqM/9Ae/6erbn9Xk0/Ul03LMHAAAAAOB2sBp/lXXTNGrnFJJycZ/hC9HBOsc7amLndY60zHDQ8cTdGxki/fpEBjxjdwc8q22F4A8p2poSfuVwpzeY/8jWa7e1JiwDREU7Bz/jVKhLfvqeP5GzmuC2UbzPeZbF7vcJn7MTYiPbzx/9f+/l6L4g3xwGO+DiznstNbGB97xpGonOXecWYlf5fw4AAACA8Wgm/UHNt63NobEMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAACAW+ZKftKvozDuOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADXxdsAAAD//yOa+kQ=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r0, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[], 0x119) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)) 791.551107ms ago: executing program 0 (id=1339): syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x60000, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) 772.366079ms ago: executing program 0 (id=1340): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 704.321036ms ago: executing program 4 (id=1341): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001140)={'bridge_slave_0\x00', 0x0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4affeeaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x0) 587.499976ms ago: executing program 4 (id=1342): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 587.151496ms ago: executing program 4 (id=1343): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b0100000000"], 0x38}, 0x0) 586.860086ms ago: executing program 1 (id=1345): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ffdd18110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=@newsa={0xf0, 0x12, 0x713, 0x0, 0x0, {{@in=@multicast1, @in6=@private0}, {@in=@multicast2}, @in=@private}}, 0xf0}}, 0x0) 479.363126ms ago: executing program 1 (id=1346): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x400, &(0x7f0000000000)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x1, 0x4a6, &(0x7f0000000a40)="$eJzs3c9rXNUeAPDvzDRpkua9/niPR9sHr4U+6HtKM/mBNFEXulIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLvzKT5NXXQNAO5nw/czrn33M73nAzfw51z750bQGadTv7JRQxGxBcRcbixunmH042XtbvXp5IlF/X6xe9z6X7JemvX1v87FBGrEdEXEc89FfFybnvc6vLK7GS5XFpsrhdrcwvF6vLKuStzkzOlmdL8yPj5iYnx4bHRiV3r6803X7154eNnej/6+Y07t9/69JOkWYPNuo392E2NrvfE0Q3bDkTE4w8iWBcUmv3p73ZD+FOSz+8fEXEmzf/DUUg/TSAL6vV6/bf6wXbVq3Vg38qnx8C5/FBENMr5/NBQ4xj+nzGQL1eqtYcvV5bmpxvHykeiJ3/5Srk03PyucCR6csn6SFq+tz66ZX0sIj0GfrvQn64PTVXK03s71AFbHNqS/z8VGvkPZISv/JBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yH7JL/kMmPXvhQrLUW/e/T19dXpqtXD03XarODs0tTQ1NVRYXhmYqlZn0np25P3q/cqWyMPJILF0r1krVWrG6vHJprrI0X7uU3td/qdSzJ70COnH01K2vchGx+mh/uiR6m3VyFfa3ej0X3b4HGeiOQrcHIKBrTP1BdvmOD+zwE72b9LWrWNj9tgB7I9/tBgBdc/aE83+QVeb/IbvM/0N2OcYHzP9D9pj/h+wabPP8r79teHbXcET8PSK+LPQcbD3rC9gP8t/mmsf/Zw//d3BrbW/ul/QUQW9EvPb+xXevTdZqiyPJ9h/Wt9fea24f7Ub7gU618rSVxwBAdq3dvT7VWvYy7ndPNi5C2B7/QHNusi89Rzmwltt0rUJul65dWL0REcd3ip9rPu+8ceZjYK2wLf6x5muu8RZpew+kz03fm/gnNsT/z4b4J//yXwWy4VYy/gzvlH/5NKdjPf82jz+Du3TtRPvxL78+/hXajH+nOozxygevf9M2/o2IkzvGb8XrS2NtjZ+07WyH8e+8+Py/2tXVP2y8z07xW5JSsTa3UKwur5xLf0dupjQ/Mn5+YmJ8eGx0opjOURdbM9XbPXb889v36/9Am/jt+v9Es03/77D/v/77sxdO3yf+/87s/PkfaxM/0R8RD3UY/8fRr19qV5fEn27T//x94ifbxjqMX33n6YMd7goA7IHq8srsZLlcWlRQUFBYL3R7ZAIetHtJ3+2WAAAAAAAAAAAAAJ3ai8uJu91HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID94PcAAAD//5j81ps=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f00000001c0)=0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x200c840, &(0x7f0000000080)={[{@discard}, {@noload}]}, 0x64, 0x526, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDveO0l2c3WKXCAHkqhRdkVrJ00tI04lCIhOFUCyn0JiRNFceIocdpNVNFE/AFcECBxggsXJP4DVIkLxwqpCM4gikAItnDgAAwae5zNZu04uzh26nw+0uy8N7++73n3jefNvB0HcGk9ExGvRMR/0zS9FRHlfHkhn+KgPWXbvX/vzaVsSiJNX/tbEkm+rHOsJJ9fz3ebiIivfyXiW8nDcXf29tcX6/Xadp6vNje2qjt7+7fXNhZXa6u1zfn5uRcXXlp4YWF2IPW8EREvf+lP3//uT7/88i8++8Yf7vzl5rezYk3l64/X4xEVT1vZrnqp9Vkc32H7MYNdRMVWDXOTZ9vn8BzLAwBAb9k1/ocj4lMRcSvKceX0y1kAAADgAyj9wlT8O4lIu7vabeFE9NweAAAAuIAKrTGwSaGSjwWYikKhUmmP4f1oXEvfimh+ZqWxu7ncHis7HaXCylq9NpuPFZ6OUpLl51rp+/nn2/nD9yJa+fmIeDIivleebOUrS4368qhvfgAAAMAlcf1E//+f5Xb/HwAAABgz06MuAAAAAHDu9P8BAABg/On/AwAAwFj76quvZlPa+f3r5df3dtcbr99eru2sVzZ2lypLje2tymqjsdp6Z99Gv+PVG42tz8Xm7t1qs7bTrO7s7d/ZaOxuNu+sPfAT2AAAAMAQPfmJt3+XRMTB5ydbU+Zqj22vDLVkwHkrHqWSfN6l9f/+ifb8vSEVChiKft/pvykPqSDA0BVHXQBgZEqPsrH/JwBjKemzvufgnXfy+ScHWx4AAGDwZj7e+/l/4dQ9D05fDVx4GjFcXkfP/3sN+gPGVuv5/1nbvosFGCslo/rh0uv7/L/XAIB3zhohTR+tRAAAwKBNtaakUMlv701FoVCpRNxoDfcvJStr9dpsRDwREb8tlz6U5edaeyZ9+wwAAAAAAAAAAAAAAAAAAAAAAAAAQFuaJpECAAAAYy2i8Ofkl+13+c+Un5s6eX/gavKvcuQ/EfrGj177wd3FZnN7Llv+96PlzR/my58fxR0MAAAA4KROP73TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQXr/3ptLnWmYcf/6xYiY7ha/GBOt+USUIuLaP5IoHtsviYgrA4h/cBgRH+sWP8mKdRSyW/zJ848f0/mn0C3+9QHEh8vs7ez880rW/q5GxPH2V4hnWvPu7a8Y8UD+cbXOf9kJrsv5t3P+u9Kj/d84cazpHjGeevfn1Z7xDyOeKnY//3TiJz3iP3vGOn7zG/v7vdalP46Y6fr9kzwQq9rc2Kru7O3fXttYXK2t1jbn5+deXHhp4YWF2erKWr2W//nQ8Ut9ypbV/1qP+NN96v/cGev/n3fv3vtIj+Jk8W8+2yX+r36Sb/Fw/EL+3ffpPJ2tn+mkD9rp457+2a+fPq3+yz3q3+/v/+YZ63/ra9/549FOAMDI7eztry/W67XtsU1kvfQLUAyJx0uc6z/RtwZ6wDRN06xN/R/HSWLkH3gnMeozEwAAMGj3L/pHXRIAAAAAAAAAAAAAAAAAAAC4vIbxOrGTMQ+OUskgXqENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQ/wsAAP//Yu/R8g==") io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x16000}]) ioctl$EXT4_IOC_GROUP_ADD(r0, 0xc0185879, &(0x7f0000000680)={0x58f5, 0xfffe, 0x1, 0x5, 0x14, 0x0, 0x2401}) 451.701588ms ago: executing program 0 (id=1356): socket$inet(0x2, 0x4000000000000001, 0x0) unshare(0x40020000) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}]}, 0x2c}}, 0x0) 439.98817ms ago: executing program 4 (id=1347): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20, 0x0, 0x0, 0xffffffff, 0x1}}, 0x120) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902"], 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGFEATURE(r1, 0xc0404809, &(0x7f00000000c0)={0x0, "277c968feb45a14b9d13aa865c15a5eaecdeecd810993081b239d4a3d23f64f1313939c9069b32eba8ea187c82613f238bdc42f990210277a196479b8e8df477"}) ioctl$HIDIOCGFEATURE(r1, 0xc0404807, &(0x7f00000001c0)={0x1, "5fbaf77c49a9e363eed255a8164a43edd3fbf3f53506ab88ceae7536ba00c7498731efa3dafb0258a1a0e6dacafa3ba666a4c94f7af45941f84c2857c71600b2"}) write$UHID_DESTROY(r0, &(0x7f0000000040), 0x4) 288.804114ms ago: executing program 0 (id=1348): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008bd6000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r1}, 0x10) syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x0) 247.897037ms ago: executing program 0 (id=1349): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000009c0)="ec", 0x1}], 0x1, &(0x7f0000000d80)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3], 0x18}, 0x0) close(r2) close(r1) 180.591964ms ago: executing program 2 (id=1350): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) write$evdev(r0, &(0x7f0000000000), 0x100000008) ioctl$EVIOCGREP(r0, 0x40044591, 0x0) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) 0s ago: executing program 0 (id=1351): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000031a000/0x4000)=nil, 0x4000, 0x15) kernel console output (not intermixed with test programs): e from 0 to 512 [ 113.044131][ T20] usb 2-1: USB disconnect, device number 16 [ 113.081663][ T2438] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000000,minixdf,,errors=continue. Quota mode: writeback. [ 113.100279][ T2438] ext4 filesystem being mounted at /13/bus supports timestamps until 2038 (0x7fffffff) [ 113.118195][ T30] audit: type=1400 audit(1728479540.284:801): avc: denied { append } for pid=2437 comm="syz.0.818" name="file2" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 113.424649][ T2442] loop0: detected capacity change from 0 to 40427 [ 113.480792][ T2442] F2FS-fs (loop0): Invalid segment count (0) [ 113.490124][ T2442] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 113.503276][ T2442] F2FS-fs (loop0): invalid crc value [ 113.521095][ T2442] F2FS-fs (loop0): Found nat_bits in checkpoint [ 113.529890][ T509] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 113.589035][ T30] audit: type=1400 audit(1728479540.754:802): avc: denied { map } for pid=2461 comm="syz.1.826" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 113.620245][ T2442] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 113.627746][ T2442] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 113.696214][ T2320] attempt to access beyond end of device [ 113.696214][ T2320] loop0: rw=2049, want=45104, limit=40427 [ 113.790347][ T509] usb 3-1: Using ep0 maxpacket: 16 [ 113.813591][ T2469] loop3: detected capacity change from 0 to 512 [ 113.854165][ T2469] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 113.879912][ T2469] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 113.900971][ T2469] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #15: comm syz.3.830: corrupted in-inode xattr [ 113.914272][ T509] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.938225][ T2469] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.830: couldn't read orphan inode 15 (err -117) [ 113.953129][ T2469] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,mblk_io_submit,user_xattr,auto_da_alloc,block_validity,quota,,errors=continue. Quota mode: writeback. [ 113.997459][ T30] audit: type=1400 audit(1728479541.164:803): avc: denied { setattr } for pid=2468 comm="syz.3.830" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 114.089935][ T509] usb 3-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 114.114041][ T509] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.130701][ T509] usb 3-1: Product: syz [ 114.138568][ T509] usb 3-1: Manufacturer: syz [ 114.144766][ T509] usb 3-1: SerialNumber: syz [ 114.151255][ T509] usb 3-1: config 0 descriptor?? [ 114.287471][ T2450] loop4: detected capacity change from 0 to 131072 [ 114.390616][ T2450] F2FS-fs (loop4): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 114.400296][ T2450] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 114.412871][ T2450] F2FS-fs (loop4): invalid crc value [ 114.420741][ T2450] F2FS-fs (loop4): Found nat_bits in checkpoint [ 114.455282][ T2450] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 114.463622][ T2450] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 114.476864][ T2450] fscrypt (loop4, inode 8): Error -61 getting encryption context [ 114.548689][ T2493] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 114.626349][ T2498] device syzkaller0 entered promiscuous mode [ 114.672290][ T509] usb 3-1: Found UVC 0.00 device syz (045e:0721) [ 114.686389][ T509] usb 3-1: No valid video chain found. [ 114.701472][ T509] usb 3-1: USB disconnect, device number 19 [ 114.737710][ T2505] syz.0.841[2505] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.737815][ T2505] syz.0.841[2505] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.802958][ T2509] netem: incorrect ge model size [ 114.850102][ T2509] netem: change failed [ 114.998437][ T2526] loop1: detected capacity change from 0 to 512 [ 115.121877][ T2526] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8842c01d, mo2=0002] [ 115.133124][ T2526] EXT4-fs (loop1): orphan cleanup on readonly fs [ 115.142072][ T2526] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 115.159197][ T2526] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 115.169985][ T2526] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #13: comm syz.1.850: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 115.188771][ T356] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 115.207250][ T2526] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.850: couldn't read orphan inode 13 (err -117) [ 115.223199][ T2526] EXT4-fs (loop1): mounted filesystem without journal. Opts: noquota,noblock_validity,nombcache,auto_da_alloc=0x0000000000000008,debug,debug,grpid,,errors=continue. Quota mode: writeback. [ 115.246323][ T2526] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 115.259645][ T2526] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8842c01d, mo2=0002] [ 115.300380][ T2526] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 115.321529][ T2550] xt_hashlimit: size too large, truncated to 1048576 [ 115.373234][ T2551] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 115.458582][ T2556] device syzkaller0 entered promiscuous mode [ 115.519906][ T60] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 115.539894][ T356] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 115.559970][ T356] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 115.730060][ T356] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 115.747973][ T356] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.756898][ T356] usb 5-1: Product: syz [ 115.762776][ T356] usb 5-1: Manufacturer: syz [ 115.772762][ T356] usb 5-1: SerialNumber: syz [ 115.788203][ T329] Bluetooth: hci0: Frame reassembly failed (-84) [ 115.789976][ T60] usb 3-1: Using ep0 maxpacket: 16 [ 115.800677][ T356] usb 5-1: config 0 descriptor?? [ 115.820325][ T2516] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 115.849988][ T389] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 115.860939][ T30] audit: type=1400 audit(1728479543.034:804): avc: denied { ioctl } for pid=2587 comm="syz.0.877" path="socket:[26240]" dev="sockfs" ino=26240 ioctlcmd=0x7459 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 115.896897][ T2590] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=2590 comm=syz.0.878 [ 115.921332][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 115.941104][ T30] audit: type=1326 audit(1728479543.114:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2593 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 115.964642][ T30] audit: type=1326 audit(1728479543.114:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2593 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 115.988632][ T30] audit: type=1326 audit(1728479543.114:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2593 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 116.012080][ T30] audit: type=1326 audit(1728479543.114:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2593 comm="syz.0.880" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 116.053699][ T356] usb 5-1: USB disconnect, device number 18 [ 116.064287][ T414] udevd[414]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 116.110162][ T60] usb 3-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 116.119209][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.127898][ T60] usb 3-1: Product: syz [ 116.132010][ T60] usb 3-1: Manufacturer: syz [ 116.137670][ T60] usb 3-1: SerialNumber: syz [ 116.151521][ T60] usb 3-1: config 0 descriptor?? [ 116.190851][ T60] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 116.310015][ T389] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.322477][ T389] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.334057][ T389] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 116.343776][ T389] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.356223][ T389] usb 2-1: config 0 descriptor?? [ 116.391779][ T20] usb 3-1: USB disconnect, device number 20 [ 116.776179][ T2628] loop4: detected capacity change from 0 to 256 [ 116.820576][ T389] hid (null): bogus close delimiter [ 116.831796][ T2628] FAT-fs (loop4): Directory bread(block 64) failed [ 116.840577][ T2628] FAT-fs (loop4): Directory bread(block 65) failed [ 116.849529][ T2628] FAT-fs (loop4): Directory bread(block 66) failed [ 116.859521][ T2628] FAT-fs (loop4): Directory bread(block 67) failed [ 116.866714][ T2628] FAT-fs (loop4): Directory bread(block 68) failed [ 116.874109][ T2628] FAT-fs (loop4): Directory bread(block 69) failed [ 116.881562][ T2628] FAT-fs (loop4): Directory bread(block 70) failed [ 116.889816][ T2628] FAT-fs (loop4): Directory bread(block 71) failed [ 116.896911][ T2628] FAT-fs (loop4): Directory bread(block 72) failed [ 116.903489][ T2628] FAT-fs (loop4): Directory bread(block 73) failed [ 116.939193][ T2628] incfs: Error accessing: ./file0. [ 116.944822][ T2628] incfs: mount failed -20 [ 116.987591][ T2637] loop4: detected capacity change from 0 to 256 [ 117.001343][ T2637] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 117.029923][ T389] usb 2-1: language id specifier not provided by device, defaulting to English [ 117.152767][ T2653] netlink: 40 bytes leftover after parsing attributes in process `syz.0.908'. [ 117.165366][ T2653] netlink: 40 bytes leftover after parsing attributes in process `syz.0.908'. [ 117.175283][ T2653] netlink: 40 bytes leftover after parsing attributes in process `syz.0.908'. [ 117.186018][ T2653] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 117.269920][ T39] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 117.452224][ T389] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0022/input/input19 [ 117.466754][ T389] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0022/input/input20 [ 117.481748][ T389] uclogic 0003:256C:006D.0022: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 117.651821][ T389] usb 2-1: USB disconnect, device number 17 [ 117.669932][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 117.684222][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 117.849913][ T26] Bluetooth: hci0: command 0x1003 tx timeout [ 117.856121][ T47] Bluetooth: hci0: sending frame failed (-49) [ 117.869945][ T39] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 117.880380][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.889172][ T39] usb 3-1: Product: syz [ 117.893479][ T39] usb 3-1: Manufacturer: syz [ 117.898632][ T39] usb 3-1: SerialNumber: syz [ 117.905431][ T39] usb 3-1: config 0 descriptor?? [ 117.939926][ T2635] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 118.223670][ T39] usb 3-1: USB disconnect, device number 21 [ 118.259860][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 118.259908][ T30] audit: type=1326 audit(1728479545.424:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 118.263780][ T2694] loop4: detected capacity change from 0 to 512 [ 118.284445][ T30] audit: type=1326 audit(1728479545.424:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 118.355425][ T30] audit: type=1326 audit(1728479545.424:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8ac8803033 code=0x7ffc0000 [ 118.385524][ T30] audit: type=1326 audit(1728479545.434:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8ac8801adf code=0x7ffc0000 [ 118.414248][ T30] audit: type=1326 audit(1728479545.434:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f8ac8803087 code=0x7ffc0000 [ 118.422175][ T2694] EXT4-fs (loop4): Ignoring removed nobh option [ 118.449692][ T30] audit: type=1326 audit(1728479545.434:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8ac8801990 code=0x7ffc0000 [ 118.480821][ T2694] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled [ 118.511250][ T30] audit: type=1326 audit(1728479545.434:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ac8802bfb code=0x7ffc0000 [ 118.567405][ T2702] loop1: detected capacity change from 0 to 512 [ 118.574882][ T30] audit: type=1326 audit(1728479545.514:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8ac8801c8a code=0x7ffc0000 [ 118.602226][ T30] audit: type=1326 audit(1728479545.514:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8ac8801c8a code=0x7ffc0000 [ 118.628587][ T30] audit: type=1326 audit(1728479545.594:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2693 comm="syz.4.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f8ac8801897 code=0x7ffc0000 [ 118.659665][ T2694] EXT4-fs (loop4): 1 orphan inode deleted [ 118.666990][ T2694] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nodiscard,noquota,resuid=0x0000000000000000,errors=remount-ro,nobh,sysvgroups,delalloc,usrjquota=./file1,. Quota mode: writeback. [ 118.691736][ T2694] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038 (0x7fffffff) [ 118.773868][ T2702] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 118.785910][ T2702] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038 (0x7fffffff) [ 118.936585][ T2725] kvm [2724]: vcpu0, guest rIP: 0xfff0 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xa, nop [ 118.949873][ T2728] input: syz0 as /devices/virtual/input/input21 [ 118.952752][ T2723] loop4: detected capacity change from 0 to 2048 [ 118.992650][ T2730] loop2: detected capacity change from 0 to 16 [ 119.021370][ T2730] erofs: (device loop2): mounted with root inode @ nid 36. [ 119.042700][ T2730] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 119.074828][ T2730] attempt to access beyond end of device [ 119.074828][ T2730] loop2: rw=0, want=24, limit=16 [ 119.097403][ T2723] EXT4-fs (loop4): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none. [ 119.159895][ T2734] loop1: detected capacity change from 0 to 256 [ 119.321249][ T2742] input: syz1 as /devices/virtual/input/input22 [ 119.350043][ T324] udevd[324]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory [ 119.552476][ T2748] loop1: detected capacity change from 0 to 512 [ 119.569937][ T39] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 119.622756][ T2748] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 119.638802][ T2748] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038 (0x7fffffff) [ 119.655198][ T2748] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 119.671039][ T2748] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28 [ 119.686924][ T2748] EXT4-fs (loop1): This should not happen!! Data will be lost [ 119.686924][ T2748] [ 119.697967][ T2748] EXT4-fs (loop1): Total free blocks count 0 [ 119.705065][ T2748] EXT4-fs (loop1): Free/Dirty block details [ 119.711026][ T2748] EXT4-fs (loop1): free_blocks=65280 [ 119.716571][ T2748] EXT4-fs (loop1): dirty_blocks=23 [ 119.722486][ T2748] EXT4-fs (loop1): Block reservation details [ 119.728983][ T2748] EXT4-fs (loop1): i_reserved_data_blocks=23 [ 119.829910][ T60] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 119.830057][ T389] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 119.919916][ T26] Bluetooth: hci0: command 0x1001 tx timeout [ 119.926628][ T47] Bluetooth: hci0: sending frame failed (-49) [ 119.933812][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.945521][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.955844][ T39] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 119.968994][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.981768][ T39] usb 3-1: config 0 descriptor?? [ 120.028231][ T2769] loop1: detected capacity change from 0 to 2048 [ 120.069924][ T60] usb 5-1: Using ep0 maxpacket: 32 [ 120.072388][ T2769] EXT4-fs (loop1): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none. [ 120.199939][ T389] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.199950][ T60] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.199996][ T389] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.214455][ T60] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.228101][ T389] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 120.269909][ T389] usb 1-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 120.279628][ T389] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.290151][ T389] usb 1-1: config 0 descriptor?? [ 120.379916][ T60] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 120.391269][ T60] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 120.400243][ T60] usb 5-1: Product: syz [ 120.404593][ T60] usb 5-1: Manufacturer: syz [ 120.425757][ T2775] loop1: detected capacity change from 0 to 40427 [ 120.450447][ T60] hub 5-1:4.0: USB hub found [ 120.501324][ T39] hid-steam 0003:28DE:1142.0023: item fetching failed at offset 4/5 [ 120.510551][ T39] hid-steam 0003:28DE:1142.0023: steam_probe:parse of hid interface failed [ 120.522771][ T39] hid-steam: probe of 0003:28DE:1142.0023 failed with error -22 [ 120.570608][ T2775] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 120.580256][ T2775] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 120.591088][ T2775] F2FS-fs (loop1): invalid crc value [ 120.600703][ T2775] F2FS-fs (loop1): Found nat_bits in checkpoint [ 120.639548][ T2775] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 120.648044][ T2775] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 120.686700][ T2111] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 120.701377][ T2111] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 120.706056][ T60] hub 5-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 120.725614][ T356] usb 3-1: USB disconnect, device number 22 [ 120.751714][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.769071][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.777222][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.787398][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.795875][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.805761][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.813654][ T389] wacom 0003:056A:0094.0024: unknown main item tag 0x0 [ 120.822201][ T389] wacom 0003:056A:0094.0024: Using device in hidraw-only mode [ 120.842498][ T389] wacom 0003:056A:0094.0024: hidraw0: USB HID v0.00 Device [HID 056a:0094] on usb-dummy_hcd.0-1/input0 [ 120.970324][ T60] usb 1-1: USB disconnect, device number 14 [ 121.030255][ T389] usb 5-1: USB disconnect, device number 19 [ 121.567789][ T2802] device syzkaller0 entered promiscuous mode [ 121.949640][ T2805] loop4: detected capacity change from 0 to 40427 [ 122.000001][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 122.031217][ T2805] F2FS-fs (loop4): Invalid segment count (0) [ 122.042895][ T2805] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 122.055732][ T2805] F2FS-fs (loop4): invalid crc value [ 122.064921][ T2805] F2FS-fs (loop4): Found nat_bits in checkpoint [ 122.139240][ T2789] loop2: detected capacity change from 0 to 131072 [ 122.150230][ T2805] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 122.158924][ T2805] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 122.211713][ T1668] attempt to access beyond end of device [ 122.211713][ T1668] loop4: rw=2049, want=45104, limit=40427 [ 122.235329][ T2789] F2FS-fs (loop2): Test dummy encryption mode enabled [ 122.261434][ T2789] F2FS-fs (loop2): invalid crc value [ 122.281488][ T2789] F2FS-fs (loop2): Found nat_bits in checkpoint [ 122.370525][ T2789] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 122.399947][ T60] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 122.639902][ T60] usb 2-1: Using ep0 maxpacket: 32 [ 122.780107][ T60] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.798471][ T60] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.930023][ T60] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 122.940389][ T60] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 122.949221][ T60] usb 2-1: Product: syz [ 122.954341][ T60] usb 2-1: Manufacturer: syz [ 123.000727][ T60] hub 2-1:4.0: USB hub found [ 123.260041][ T60] hub 2-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 123.580051][ T26] usb 2-1: USB disconnect, device number 18 [ 126.227320][ T45] tipc: Left network mode [ 126.301776][ T2867] device syzkaller0 entered promiscuous mode [ 126.429736][ T2859] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.438125][ T2859] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.446521][ T2859] device bridge_slave_0 entered promiscuous mode [ 126.455102][ T2859] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.463003][ T2859] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.470798][ T2859] device bridge_slave_1 entered promiscuous mode [ 126.631032][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.661777][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.692141][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.704808][ T2859] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.711867][ T2859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.719552][ T2859] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.726898][ T2859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.735576][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.743475][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.751459][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.759437][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.759879][ T20] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 126.768770][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.799895][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.807464][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.812839][ T2884] loop4: detected capacity change from 0 to 40427 [ 126.826752][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.830808][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.842356][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.844827][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.851598][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.860459][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.867763][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.876476][ T2884] F2FS-fs (loop4): Found nat_bits in checkpoint [ 126.883238][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.906112][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.914967][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 126.915571][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.933794][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.941556][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.942533][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 126.948970][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.949001][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.963308][ T2884] F2FS-fs (loop4): Cannot turn on quotas: -2 on 2 [ 126.965568][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.986187][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 126.995693][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 126.996656][ T2884] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 127.010790][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.020830][ T20] usb 2-1: Using ep0 maxpacket: 16 [ 127.031539][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 127.040760][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.042149][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 127.049256][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.059863][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 127.067372][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.092795][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.101877][ T2859] device veth0_vlan entered promiscuous mode [ 127.106185][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.125352][ T1668] attempt to access beyond end of device [ 127.125352][ T1668] loop4: rw=2049, want=45104, limit=40427 [ 127.125586][ T45] device bridge_slave_1 left promiscuous mode [ 127.145339][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.155803][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.160071][ T20] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.164755][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.184684][ T389] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 127.193124][ T20] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 127.205270][ T45] device bridge_slave_0 left promiscuous mode [ 127.223181][ T389] hid-generic 0000:0000:0000.0025: hidraw0: HID v0.00 Device [syz0] on syz0 [ 127.225140][ T20] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 127.234006][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.264433][ T20] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 127.276629][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.290899][ T45] device vlan0 left promiscuous mode [ 127.296359][ T45] device veth1_macvtap left promiscuous mode [ 127.300038][ T2878] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 127.302988][ T45] device veth0_vlan left promiscuous mode [ 127.331136][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 127.331153][ T30] audit: type=1326 audit(1728479554.504:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2898 comm="syz.2.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 127.340594][ T20] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 127.409826][ T30] audit: type=1326 audit(1728479554.534:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2898 comm="syz.2.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 127.455629][ T2901] loop2: detected capacity change from 0 to 512 [ 127.470356][ T26] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 127.480159][ T30] audit: type=1326 audit(1728479554.534:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2898 comm="syz.2.1000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 127.515973][ T2903] loop4: detected capacity change from 0 to 512 [ 127.524252][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 127.530142][ T2901] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.1001: iget: bad extended attribute block 1 [ 127.532673][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 127.552786][ T2901] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.1001: couldn't read orphan inode 15 (err -117) [ 127.553551][ T20] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 127.567103][ T2859] device veth1_macvtap entered promiscuous mode [ 127.577125][ T2901] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,resgid=0x0000000000000000,auto_da_alloc=0x000000000000007e,noload,inode_readahead_blks=0x0000000000000000,nombcache,,errors=continue. Quota mode: none. [ 127.580781][ T20] usb 2-1: USB disconnect, device number 19 [ 127.610040][ T2903] EXT4-fs (loop4): Ignoring removed orlov option [ 127.619558][ T2903] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 127.634015][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 127.644753][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 127.653557][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 127.660553][ T2903] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.998: Attempting to read directory block (0) that is past i_size (256) [ 127.662888][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 127.685987][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 127.695641][ T2903] EXT4-fs (loop4): Remounting filesystem read-only [ 127.702852][ T2903] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 127.712558][ T2903] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,orlov,nogrpid,init_itable,dioread_nolock,grpjquota=.oldalloc,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 127.746907][ T2903] EXT4-fs error (device loop4): ext4_remount:5845: comm syz.4.998: Abort forced by user [ 127.758662][ T2903] EXT4-fs (loop4): Remounting filesystem read-only [ 127.890104][ T26] usb 1-1: config 0 has no interfaces? [ 127.895459][ T26] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 127.905802][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.916093][ T26] usb 1-1: config 0 descriptor?? [ 127.962892][ T2915] loop4: detected capacity change from 0 to 40427 [ 128.049972][ T60] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 128.054162][ T2915] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 128.064590][ T2915] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 128.074082][ T2915] F2FS-fs (loop4): invalid crc value [ 128.082194][ T2915] F2FS-fs (loop4): Found nat_bits in checkpoint [ 128.114787][ T2915] F2FS-fs (loop4): Start checkpoint disabled! [ 128.122377][ T2915] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 128.131497][ T2915] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 128.154694][ T2915] attempt to access beyond end of device [ 128.154694][ T2915] loop4: rw=2049, want=53256, limit=40427 [ 128.162980][ T26] usb 1-1: USB disconnect, device number 15 [ 128.194823][ T2921] loop2: detected capacity change from 0 to 1024 [ 128.200016][ T45] attempt to access beyond end of device [ 128.200016][ T45] loop4: rw=2049, want=40992, limit=40427 [ 128.232338][ T2921] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.315075][ T2926] device syzkaller0 entered promiscuous mode [ 128.409935][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.429862][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.449808][ T60] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 128.479892][ T60] usb 4-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 128.488786][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.499833][ T39] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 128.511934][ T60] usb 4-1: config 0 descriptor?? [ 128.554543][ T2934] xt_bpf: check failed: parse error [ 128.610927][ T2942] loop4: detected capacity change from 0 to 512 [ 128.687938][ T2942] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 128.702717][ T2942] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 128.717660][ T2942] EXT4-fs (loop4): 1 truncate cleaned up [ 128.723473][ T2942] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 128.741635][ T2942] device vlan2 entered promiscuous mode [ 128.747166][ T2942] device vlan0 entered promiscuous mode [ 128.780881][ T2950] xt_hashlimit: size too large, truncated to 1048576 [ 128.814904][ T2952] loop4: detected capacity change from 0 to 256 [ 128.841224][ T2953] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 128.848781][ T2952] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 128.875192][ T2952] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.909969][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.922742][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.934991][ T39] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 128.945844][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.975553][ T39] usb 2-1: config 0 descriptor?? [ 128.983265][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 128.993468][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 129.002844][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 129.010165][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 129.017591][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 129.025247][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 129.032508][ T60] wacom 0003:056A:0094.0026: unknown main item tag 0x0 [ 129.049890][ T60] wacom 0003:056A:0094.0026: Using device in hidraw-only mode [ 129.063275][ T60] wacom 0003:056A:0094.0026: hidraw0: USB HID v0.00 Device [HID 056a:0094] on usb-dummy_hcd.3-1/input0 [ 129.187496][ T312] usb 4-1: USB disconnect, device number 14 [ 129.430042][ T60] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 129.471449][ T39] hid-led 0003:1D34:000A.0027: unknown main item tag 0x0 [ 129.699981][ T39] hid-led: probe of 0003:1D34:000A.0027 failed with error -71 [ 129.709950][ T20] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 129.719989][ T39] usb 2-1: USB disconnect, device number 20 [ 129.790234][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.802219][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.812416][ T60] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.09 [ 129.821562][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.834070][ T60] usb 5-1: config 0 descriptor?? [ 129.847759][ T2987] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 129.925002][ T2992] loop3: detected capacity change from 0 to 8192 [ 130.011026][ T2992] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 130.039923][ T26] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 130.110071][ T20] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 130.121537][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 130.132635][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.142506][ T20] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 130.156812][ T20] usb 3-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 130.166786][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.178143][ T20] usb 3-1: config 0 descriptor?? [ 130.311160][ T60] logitech-hidpp-device 0003:046D:C086.0028: unbalanced collection at end of report description [ 130.322628][ T60] logitech-hidpp-device 0003:046D:C086.0028: hidpp_probe:parse failed [ 130.331225][ T60] logitech-hidpp-device: probe of 0003:046D:C086.0028 failed with error -22 [ 130.370017][ T39] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 130.409956][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.421820][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.432093][ T26] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 130.441308][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.450628][ T26] usb 1-1: config 0 descriptor?? [ 130.509911][ T356] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 130.515123][ T718] usb 5-1: USB disconnect, device number 20 [ 130.681078][ T20] hid-rmi 0003:17EF:6085.0029: unknown main item tag 0x0 [ 130.688159][ T20] hid-rmi 0003:17EF:6085.0029: unknown main item tag 0x0 [ 130.695189][ T20] hid-rmi 0003:17EF:6085.0029: item fetching failed at offset 2/5 [ 130.703208][ T20] hid-rmi 0003:17EF:6085.0029: parse failed [ 130.709066][ T20] hid-rmi: probe of 0003:17EF:6085.0029 failed with error -22 [ 130.749890][ T356] usb 2-1: Using ep0 maxpacket: 16 [ 130.779880][ T39] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.789980][ T39] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 130.798835][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.808002][ T39] usb 4-1: config 0 descriptor?? [ 130.869991][ T356] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 130.878751][ T356] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.889156][ T356] usb 2-1: config 0 has no interface number 0 [ 130.889541][ T389] usb 3-1: USB disconnect, device number 23 [ 130.895899][ T356] usb 2-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 130.942591][ T26] hid-rmi 0003:06CB:81A7.002A: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.0-1/input0 [ 131.029951][ T356] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 131.040321][ T356] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 131.048689][ T356] usb 2-1: Product: syz [ 131.054044][ T356] usb 2-1: SerialNumber: syz [ 131.060468][ T356] usb 2-1: config 0 descriptor?? [ 131.079393][ T30] audit: type=1326 audit(1728479558.244:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.103507][ T30] audit: type=1326 audit(1728479558.244:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.110003][ T39] usb 4-1: string descriptor 0 read error: -71 [ 131.128292][ T30] audit: type=1326 audit(1728479558.244:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.134320][ T39] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 131.163708][ T30] audit: type=1326 audit(1728479558.244:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.163750][ T30] audit: type=1326 audit(1728479558.244:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.163780][ T30] audit: type=1326 audit(1728479558.284:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.234557][ T39] usb 4-1: No valid video chain found. [ 131.239173][ T30] audit: type=1326 audit(1728479558.334:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3001 comm="syz.4.1041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ac8802ff9 code=0x7ffc0000 [ 131.244931][ T39] usb 4-1: USB disconnect, device number 15 [ 131.273653][ T509] usb 1-1: USB disconnect, device number 16 [ 131.360760][ T356] snd-usb-audio: probe of 2-1:0.2 failed with error -2 [ 131.373174][ T356] usb 2-1: USB disconnect, device number 21 [ 131.643441][ T3014] xt_hashlimit: size too large, truncated to 1048576 [ 131.695676][ T3015] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 131.993231][ T3028] loop2: detected capacity change from 0 to 2048 [ 132.039952][ T3032] loop3: detected capacity change from 0 to 256 [ 132.064882][ T3028] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 132.076926][ T509] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 132.089002][ T3023] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 132.409850][ T39] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 132.439994][ T356] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 132.447531][ T509] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.458909][ T509] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.468552][ T509] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 132.481462][ T509] usb 1-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 132.490471][ T509] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.499286][ T509] usb 1-1: config 0 descriptor?? [ 132.592878][ T3053] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.600033][ T3053] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.607558][ T3053] device bridge_slave_0 entered promiscuous mode [ 132.614956][ T3053] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.622422][ T3053] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.629936][ T3053] device bridge_slave_1 entered promiscuous mode [ 132.689356][ T3053] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.696396][ T3053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.703643][ T3053] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.710605][ T3053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.737266][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 132.745716][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.754236][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.768660][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 132.777290][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.779917][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.784441][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.796047][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.813356][ T39] usb 3-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 132.823398][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.824350][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 132.837299][ T39] usb 3-1: config 0 descriptor?? [ 132.842196][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.852559][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.864930][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 132.877573][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 132.896780][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 132.911875][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 132.923795][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 132.932866][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 132.940072][ T356] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.956969][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 132.960860][ T3053] device veth0_vlan entered promiscuous mode [ 132.969913][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 132.976718][ T356] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.987171][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 132.994136][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 133.000918][ T356] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 133.004775][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 133.010580][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 133.021576][ T3053] device veth1_macvtap entered promiscuous mode [ 133.025224][ T356] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.040653][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 133.047998][ T10] device bridge_slave_1 left promiscuous mode [ 133.048157][ T509] wacom 0003:056A:0094.002B: unknown main item tag 0x0 [ 133.054404][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.062182][ T356] usb 5-1: config 0 descriptor?? [ 133.074021][ T509] wacom 0003:056A:0094.002B: Using device in hidraw-only mode [ 133.082796][ T10] device bridge_slave_0 left promiscuous mode [ 133.083115][ T509] wacom 0003:056A:0094.002B: hidraw0: USB HID v0.00 Device [HID 056a:0094] on usb-dummy_hcd.0-1/input0 [ 133.093338][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.110044][ T10] device veth1_macvtap left promiscuous mode [ 133.116388][ T10] device veth0_vlan left promiscuous mode [ 133.173871][ T26] usb 1-1: USB disconnect, device number 17 [ 133.228259][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 133.237008][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 133.320997][ T39] elo 0003:04E7:0030.002C: item fetching failed at offset 5/7 [ 133.329156][ T39] elo 0003:04E7:0030.002C: parse failed [ 133.335223][ T39] elo: probe of 0003:04E7:0030.002C failed with error -22 [ 133.522652][ T39] usb 3-1: USB disconnect, device number 24 [ 133.571665][ T356] hid-steam 0003:28DE:1142.002D: unknown main item tag 0x0 [ 133.579092][ T356] hid-steam 0003:28DE:1142.002D: unknown main item tag 0x0 [ 133.586798][ T356] hid-steam 0003:28DE:1142.002D: unknown main item tag 0x0 [ 133.594306][ T356] hid-steam 0003:28DE:1142.002D: unknown main item tag 0x0 [ 133.601612][ T356] hid-steam 0003:28DE:1142.002D: unknown main item tag 0x0 [ 133.609708][ T356] hid-steam 0003:28DE:1142.002D: hidraw0: USB HID v0.40 Device [HID 28de:1142] on usb-dummy_hcd.4-1/input0 [ 133.775346][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 133.775362][ T30] audit: type=1326 audit(1728479560.944:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.0.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 133.776388][ T3064] syz.0.1063[3064] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.782156][ T30] audit: type=1326 audit(1728479560.944:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.0.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 133.804657][ T3064] syz.0.1063[3064] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.816494][ T26] usb 5-1: USB disconnect, device number 21 [ 133.858254][ T30] audit: type=1326 audit(1728479561.024:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.0.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 133.891327][ T30] audit: type=1326 audit(1728479561.024:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.0.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 133.960547][ T30] audit: type=1326 audit(1728479561.134:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3069 comm="syz.0.1065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 133.984887][ T30] audit: type=1326 audit(1728479561.134:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3069 comm="syz.0.1065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 134.008921][ T30] audit: type=1326 audit(1728479561.134:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3069 comm="syz.0.1065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 134.033207][ T30] audit: type=1326 audit(1728479561.134:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3069 comm="syz.0.1065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 134.057625][ T30] audit: type=1326 audit(1728479561.134:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3069 comm="syz.0.1065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 134.086276][ T30] audit: type=1326 audit(1728479561.134:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3069 comm="syz.0.1065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1484caff9 code=0x7ffc0000 [ 134.144312][ T3076] loop2: detected capacity change from 0 to 2048 [ 134.220976][ T3076] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 134.241314][ T3076] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038 (0x7fffffff) [ 134.434795][ T3075] loop3: detected capacity change from 0 to 40427 [ 134.472566][ T3091] loop2: detected capacity change from 0 to 2048 [ 134.484944][ T3075] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 134.493798][ T3075] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 134.507076][ T3075] F2FS-fs (loop3): invalid crc value [ 134.514747][ T3075] F2FS-fs (loop3): Found nat_bits in checkpoint [ 134.566940][ T3091] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 134.585169][ T26] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 134.594179][ T3091] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none. [ 134.602437][ T3075] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 134.610518][ T3075] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 134.630562][ T3075] attempt to access beyond end of device [ 134.630562][ T3075] loop3: rw=2049, want=45104, limit=40427 [ 134.643118][ T3075] attempt to access beyond end of device [ 134.643118][ T3075] loop3: rw=2049, want=45120, limit=40427 [ 134.662000][ T3053] attempt to access beyond end of device [ 134.662000][ T3053] loop3: rw=2049, want=40968, limit=40427 [ 134.673795][ T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 134.690463][ T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 134.841746][ T26] usb 5-1: Using ep0 maxpacket: 16 [ 134.970110][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 135.149952][ T509] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 135.150011][ T26] usb 5-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 135.166557][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.174317][ T26] usb 5-1: Product: syz [ 135.178276][ T26] usb 5-1: Manufacturer: syz [ 135.182883][ T26] usb 5-1: SerialNumber: syz [ 135.188690][ T26] usb 5-1: config 0 descriptor?? [ 135.189902][ T356] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 135.230736][ T26] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 135.434901][ T26] usb 5-1: USB disconnect, device number 22 [ 135.454053][ T3118] loop2: detected capacity change from 0 to 512 [ 135.476405][ T3118] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 135.487661][ T3118] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 135.495911][ T3118] System zones: 1-12 [ 135.502276][ T3118] EXT4-fs (loop2): 1 truncate cleaned up [ 135.507847][ T3118] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,nolazytime,,errors=continue. Quota mode: writeback. [ 135.525986][ T3125] loop1: detected capacity change from 0 to 2048 [ 135.527556][ T509] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.544373][ T509] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.554174][ T509] usb 1-1: New USB device found, idVendor=056a, idProduct=0309, bcdDevice= 0.00 [ 135.563326][ T509] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.572459][ T509] usb 1-1: config 0 descriptor?? [ 135.580105][ T356] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.582126][ T3125] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 135.591331][ T356] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.613780][ T3125] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none. [ 135.613962][ T356] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 135.648933][ T356] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.657946][ T356] usb 4-1: config 0 descriptor?? [ 135.957799][ T3171] loop1: detected capacity change from 0 to 256 [ 136.052776][ T509] wacom 0003:056A:0309.002E: hidraw0: USB HID v0.00 Device [HID 056a:0309] on usb-dummy_hcd.0-1/input0 [ 136.140704][ T356] keytouch 0003:0926:3333.002F: fixing up Keytouch IEC report descriptor [ 136.186765][ T3193] loop4: detected capacity change from 0 to 512 [ 136.203252][ T356] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.002F/input/input27 [ 136.223891][ T3193] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 136.240707][ T3196] ÿÿÿÿÿÿ: renamed from vlan1 [ 136.254091][ T3193] EXT4-fs (loop4): orphan cleanup on readonly fs [ 136.262287][ T39] usb 1-1: USB disconnect, device number 18 [ 136.290081][ T356] keytouch 0003:0926:3333.002F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 136.302577][ T3193] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:510: comm syz.4.1116: Block bitmap for bg 0 marked uninitialized [ 136.374635][ T3193] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 136.385699][ T3193] EXT4-fs (loop4): 1 orphan inode deleted [ 136.388033][ T356] usb 4-1: USB disconnect, device number 16 [ 136.391499][ T3193] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 136.431712][ T3206] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 136.829496][ T3218] syz.4.1128[3218] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 136.829598][ T3218] syz.4.1128[3218] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 136.892400][ T45] device bridge_slave_1 left promiscuous mode [ 136.912331][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.923418][ T45] device bridge_slave_0 left promiscuous mode [ 136.930207][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.941200][ T45] device veth1_macvtap left promiscuous mode [ 136.948122][ T45] device veth0_vlan left promiscuous mode [ 136.992376][ T3232] 9pnet: p9_errstr2errno: server reported unknown error @íÎhQI¸¥Šte [ 137.120193][ T39] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 137.137946][ T3217] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.146381][ T3217] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.154692][ T3217] device bridge_slave_0 entered promiscuous mode [ 137.164807][ T3217] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.177756][ T3217] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.188787][ T3217] device bridge_slave_1 entered promiscuous mode [ 137.322253][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.331185][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.352568][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.361963][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.371656][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.379242][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.387288][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 137.396203][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.405982][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.409926][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 137.413294][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.427762][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 137.447734][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 137.460296][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 137.475698][ T3252] loop3: detected capacity change from 0 to 40427 [ 137.488023][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 137.496375][ T3252] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 137.496927][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 137.505008][ T3252] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 137.512977][ T389] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 137.531095][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 137.540105][ T3252] F2FS-fs (loop3): invalid crc value [ 137.540712][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 137.554907][ T3252] F2FS-fs (loop3): Found nat_bits in checkpoint [ 137.568016][ T3217] device veth0_vlan entered promiscuous mode [ 137.574821][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 137.583363][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 137.599382][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 137.602807][ T3252] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 137.608870][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 137.615775][ T3252] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 137.651775][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 137.655191][ T3252] attempt to access beyond end of device [ 137.655191][ T3252] loop3: rw=2049, want=45224, limit=40427 [ 137.673387][ T3217] device veth1_macvtap entered promiscuous mode [ 137.690874][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 137.700667][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 137.710298][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 137.722296][ T3053] attempt to access beyond end of device [ 137.722296][ T3053] loop3: rw=2051, want=45224, limit=40427 [ 137.723132][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 137.734006][ T3053] F2FS-fs (loop3): Issue discard(5649, 5649, 4) failed, ret: -5 [ 137.742551][ T39] usb 5-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 137.767287][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.777399][ T389] usb 1-1: Using ep0 maxpacket: 16 [ 137.797967][ T39] usb 5-1: Product: syz [ 137.802747][ T39] usb 5-1: Manufacturer: syz [ 137.807955][ T39] usb 5-1: SerialNumber: syz [ 137.814332][ T39] usb 5-1: config 0 descriptor?? [ 137.870740][ T39] ums-freecom 5-1:0.0: USB Mass Storage device detected [ 137.939987][ T389] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.952723][ T389] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.963261][ T389] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 137.973328][ T389] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 137.985001][ T389] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 137.995731][ T389] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 138.075561][ T1914] usb 5-1: USB disconnect, device number 23 [ 138.169913][ T389] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 138.181431][ T26] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 138.189293][ T389] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.197942][ T389] usb 1-1: Product: syz [ 138.202634][ T389] usb 1-1: Manufacturer: syz [ 138.208451][ T389] usb 1-1: SerialNumber: syz [ 138.322146][ T3270] syz.1.1145[3270] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.322213][ T3270] syz.1.1145[3270] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.439900][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 138.507031][ T3277] loop1: detected capacity change from 0 to 512 [ 138.550920][ T3277] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 138.567705][ T3277] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1148: invalid indirect mapped block 4294967295 (level 1) [ 138.583702][ T3277] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1148: invalid indirect mapped block 4294967295 (level 1) [ 138.599501][ T3277] EXT4-fs (loop1): 2 truncates cleaned up [ 138.607803][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 138.613018][ T3277] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000000006,dioread_nolock,,errors=continue. Quota mode: writeback. [ 138.627538][ T26] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 138.648193][ T26] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 138.657934][ T26] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 138.668400][ T389] cdc_ncm 1-1:1.0: bind() failure [ 138.674646][ T389] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 138.681815][ T26] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 138.692088][ T389] cdc_ncm 1-1:1.1: bind() failure [ 138.697813][ T26] usb 4-1: config 1 interface 0 has no altsetting 0 [ 138.704821][ T26] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 138.717932][ T389] usb 1-1: USB disconnect, device number 19 [ 138.724305][ T3277] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 138.726223][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.746308][ T3277] EXT4-fs error (device loop1): ext4_remount:5845: comm syz.1.1148: Abort forced by user [ 138.762999][ T3277] EXT4-fs (loop1): Remounting filesystem read-only [ 138.772559][ T3287] syz.2.1161[3287] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.772654][ T3287] syz.2.1161[3287] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.790573][ T26] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 138.839540][ T3292] ÿÿÿÿÿÿ: renamed from vlan1 [ 139.013135][ T26] scsi host1: usb-storage 4-1:1.0 [ 139.029676][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 139.029695][ T30] audit: type=1326 audit(1728479566.194:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.063530][ T1914] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 139.073617][ T30] audit: type=1326 audit(1728479566.214:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.100756][ T30] audit: type=1326 audit(1728479566.214:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.130555][ T30] audit: type=1326 audit(1728479566.214:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.170245][ T30] audit: type=1326 audit(1728479566.214:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.215979][ T30] audit: type=1326 audit(1728479566.214:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.233140][ T26] usb 4-1: USB disconnect, device number 17 [ 139.245064][ T30] audit: type=1326 audit(1728479566.214:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.277366][ T30] audit: type=1326 audit(1728479566.244:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.302814][ T30] audit: type=1326 audit(1728479566.244:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.328122][ T30] audit: type=1326 audit(1728479566.304:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3303 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa98fe7cff9 code=0x7ffc0000 [ 139.379863][ T1914] usb 3-1: Using ep0 maxpacket: 16 [ 139.433087][ T3314] loop1: detected capacity change from 0 to 512 [ 139.446734][ T3314] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 139.462398][ T3314] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 139.474238][ T3314] System zones: 1-12 [ 139.480861][ T3314] EXT4-fs (loop1): 1 truncate cleaned up [ 139.487174][ T3314] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,nolazytime,,errors=continue. Quota mode: writeback. [ 139.660065][ T1914] usb 3-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 139.670901][ T1914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.681950][ T1914] usb 3-1: Product: syz [ 139.689868][ T1914] usb 3-1: Manufacturer: syz [ 139.697355][ T1914] usb 3-1: SerialNumber: syz [ 139.708620][ T1914] usb 3-1: config 0 descriptor?? [ 139.739898][ T6] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 139.752125][ T1914] ums-freecom 3-1:0.0: USB Mass Storage device detected [ 139.799678][ T3328] loop4: detected capacity change from 0 to 256 [ 139.840058][ T26] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 139.954688][ T1914] usb 3-1: USB disconnect, device number 25 [ 140.000285][ T6] usb 1-1: Using ep0 maxpacket: 32 [ 140.119954][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 140.131366][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.141662][ T6] usb 1-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00 [ 140.151663][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.166181][ T6] usb 1-1: config 0 descriptor?? [ 140.201179][ T45] tipc: Left network mode [ 140.219878][ T26] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 140.232960][ T26] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 140.250199][ T26] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 140.259600][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.289964][ T3321] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 140.318510][ T3338] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.326802][ T3338] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.334358][ T3338] device bridge_slave_0 entered promiscuous mode [ 140.342095][ T3338] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.349226][ T3338] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.357074][ T3338] device bridge_slave_1 entered promiscuous mode [ 140.415465][ T3338] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.423853][ T3338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.429854][ T39] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 140.431471][ T3338] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.446852][ T3338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.477063][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.491004][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.499468][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.521557][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.530570][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.537827][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.545955][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.554264][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.561769][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.575936][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.587284][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.606718][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 140.625099][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 140.634165][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 140.642328][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 140.654878][ T3338] device veth0_vlan entered promiscuous mode [ 140.673048][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 140.673601][ T6] kye 0003:0458:501A.0030: item fetching failed at offset 4/5 [ 140.684354][ T3338] device veth1_macvtap entered promiscuous mode [ 140.689318][ T6] kye 0003:0458:501A.0030: parse failed [ 140.695272][ T39] usb 4-1: Using ep0 maxpacket: 16 [ 140.701249][ T6] kye: probe of 0003:0458:501A.0030 failed with error -22 [ 140.726696][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 140.740580][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 140.780898][ T45] device bridge_slave_1 left promiscuous mode [ 140.789229][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.800135][ T45] device bridge_slave_0 left promiscuous mode [ 140.808495][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.818603][ T45] device vlan0 left promiscuous mode [ 140.824132][ T45] device veth1_macvtap left promiscuous mode [ 140.830136][ T45] device veth0_vlan left promiscuous mode [ 140.840076][ T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.852667][ T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.863445][ T39] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 140.876853][ T39] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 140.890246][ T39] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 140.902613][ T39] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 140.911695][ T586] usb 1-1: USB disconnect, device number 20 [ 141.040014][ T6] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 141.090056][ T39] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 141.099057][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.107496][ T39] usb 4-1: Product: syz [ 141.113116][ T39] usb 4-1: Manufacturer: syz [ 141.117827][ T39] usb 4-1: SerialNumber: syz [ 141.279902][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 141.399654][ T3354] device wireguard0 entered promiscuous mode [ 141.405765][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.416828][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.430704][ T6] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 141.439671][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.452416][ T6] usb 5-1: config 0 descriptor?? [ 141.560085][ T39] cdc_ncm 4-1:1.0: bind() failure [ 141.567028][ T39] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 141.574291][ T39] cdc_ncm 4-1:1.1: bind() failure [ 141.581244][ T39] usb 4-1: USB disconnect, device number 18 [ 141.729891][ T718] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 141.749903][ T26] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 141.765219][ T26] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input28 [ 141.787465][ T26] usb 2-1: USB disconnect, device number 22 [ 141.793383][ C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 141.906063][ T3363] loop3: detected capacity change from 0 to 512 [ 141.932022][ T6] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:05AC:8241.0031/input/input29 [ 141.970132][ T3361] loop2: detected capacity change from 0 to 131072 [ 141.979893][ T718] usb 1-1: Using ep0 maxpacket: 16 [ 141.991417][ T3363] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 142.004203][ T3361] F2FS-fs (loop2): invalid crc value [ 142.009573][ T3363] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 142.020898][ T3363] System zones: 1-12 [ 142.023843][ T6] appleir 0003:05AC:8241.0031: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 142.045366][ T3363] EXT4-fs (loop3): 1 truncate cleaned up [ 142.055004][ T3361] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 142.069929][ T3363] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,nolazytime,,errors=continue. Quota mode: writeback. [ 142.099917][ T718] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 142.109396][ T718] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 142.119236][ T718] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 142.129108][ T718] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 142.141782][ T718] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 142.151662][ T718] usb 1-1: config 1 interface 0 has no altsetting 0 [ 142.158238][ T718] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 142.159302][ T3361] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 142.167165][ T718] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.220379][ T718] ums-sddr09 1-1:1.0: USB Mass Storage device detected [ 142.278780][ T3381] loop1: detected capacity change from 0 to 512 [ 142.356152][ T3381] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 142.374533][ T3381] EXT4-fs (loop1): 1 truncate cleaned up [ 142.380174][ T3381] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 142.442103][ T718] scsi host1: usb-storage 1-1:1.0 [ 142.470239][ T3387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1189'. [ 142.478966][ T3387] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1189'. [ 142.500726][ T6] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 142.579175][ T3395] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.586532][ T3395] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.593914][ T3395] device bridge_slave_0 entered promiscuous mode [ 142.600890][ T3395] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.607978][ T3395] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.615589][ T3395] device bridge_slave_1 entered promiscuous mode [ 142.647306][ T586] usb 1-1: USB disconnect, device number 21 [ 142.680936][ T3395] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.687931][ T3395] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.695029][ T3395] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.701890][ T3395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.729099][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.737775][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.742483][ T20] usb 5-1: USB disconnect, device number 24 [ 142.750592][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.768565][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.776809][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.783810][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.792879][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.801850][ T1914] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 142.802100][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.816678][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.831757][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.841390][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.857838][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 142.874631][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 142.882979][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 142.890877][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 142.900313][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.911659][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.912832][ T3395] device veth0_vlan entered promiscuous mode [ 142.921279][ T6] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 142.936568][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.936692][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 142.948866][ T6] usb 4-1: config 0 descriptor?? [ 142.955417][ T3395] device veth1_macvtap entered promiscuous mode [ 142.971556][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.985057][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 143.031012][ T8] device bridge_slave_1 left promiscuous mode [ 143.037287][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.046385][ T8] device bridge_slave_0 left promiscuous mode [ 143.054296][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.066795][ T8] device veth1_macvtap left promiscuous mode [ 143.189902][ T1914] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 143.202747][ T1914] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 143.214237][ T1914] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 143.223812][ T1914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.249882][ T3394] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 143.400494][ T3417] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 143.429976][ T586] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 143.629863][ T6] usb 4-1: string descriptor 0 read error: -22 [ 143.809897][ T586] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.821075][ T586] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.832452][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0032/input/input31 [ 143.844152][ T586] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 143.857761][ T586] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 143.867624][ T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0032/input/input32 [ 143.879739][ T586] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.889084][ T586] usb 2-1: config 0 descriptor?? [ 143.894651][ T6] uclogic 0003:256C:006D.0032: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 144.038713][ T6] usb 4-1: USB disconnect, device number 19 [ 144.089992][ T356] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 144.381069][ T586] prodikeys 0003:041E:2801.0033: unknown main item tag 0x0 [ 144.388580][ T586] prodikeys 0003:041E:2801.0033: unknown main item tag 0x0 [ 144.395932][ T586] prodikeys 0003:041E:2801.0033: unknown main item tag 0x0 [ 144.403306][ T586] prodikeys 0003:041E:2801.0033: unknown main item tag 0x0 [ 144.410562][ T586] prodikeys 0003:041E:2801.0033: unknown main item tag 0x0 [ 144.418763][ T586] prodikeys 0003:041E:2801.0033: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0 [ 144.469993][ T356] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.480889][ T356] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.490613][ T356] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 144.499391][ T356] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.508161][ T356] usb 1-1: config 0 descriptor?? [ 144.583473][ T6] usb 2-1: USB disconnect, device number 23 [ 144.689952][ T1914] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 144.697824][ T1914] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input30 [ 144.708919][ T1914] usb 3-1: USB disconnect, device number 26 [ 144.991202][ T356] lg-g15 0003:046D:C222.0034: unknown main item tag 0x0 [ 145.000576][ T356] lg-g15 0003:046D:C222.0034: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.0-1/input0 [ 145.108519][ T3427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1202'. [ 145.117926][ T3427] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1202'. [ 145.203496][ T26] usb 1-1: USB disconnect, device number 22 [ 145.322736][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 145.322752][ T30] audit: type=1400 audit(1728479572.494:981): avc: denied { mount } for pid=3442 comm="syz.2.1210" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 145.351289][ T30] audit: type=1400 audit(1728479572.494:982): avc: denied { unmount } for pid=2096 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 145.374610][ T30] audit: type=1400 audit(1728479572.544:983): avc: denied { write } for pid=3444 comm="syz.2.1211" name="001" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 145.375070][ T3445] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 145.431989][ T3449] netlink: 'syz.2.1213': attribute type 4 has an invalid length. [ 145.440044][ T26] Bluetooth: hci0: command 0x1003 tx timeout [ 145.446131][ T47] Bluetooth: hci0: sending frame failed (-49) [ 145.469810][ T356] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 145.511587][ T3455] loop2: detected capacity change from 0 to 512 [ 145.542485][ T3455] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 145.553949][ T3455] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038 (0x7fffffff) [ 145.729870][ T356] usb 2-1: Using ep0 maxpacket: 16 [ 145.859965][ T356] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 145.869240][ T356] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 145.879189][ T356] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 145.879843][ T26] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 145.889641][ T356] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 145.906737][ T356] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 145.916680][ T356] usb 2-1: config 1 interface 0 has no altsetting 0 [ 145.924096][ T356] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 145.933025][ T356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.990724][ T356] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 146.066872][ T3470] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3470 comm=syz.3.1221 [ 146.137693][ T3475] 9pnet: p9_errstr2errno: server reported unknown error el/debug/binder/failed_transaction_log [ 146.206169][ T356] scsi host1: usb-storage 2-1:1.0 [ 146.210682][ T3479] loop3: detected capacity change from 0 to 256 [ 146.235446][ T3479] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 146.250033][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.272688][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.282916][ T26] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 146.296943][ T26] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 146.313210][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.327157][ T26] usb 3-1: config 0 descriptor?? [ 146.408199][ T356] usb 2-1: USB disconnect, device number 24 [ 146.769811][ T1914] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 146.810896][ T26] prodikeys 0003:041E:2801.0035: unknown main item tag 0x0 [ 146.822941][ T26] prodikeys 0003:041E:2801.0035: unknown main item tag 0x0 [ 146.831054][ T26] prodikeys 0003:041E:2801.0035: unknown main item tag 0x0 [ 146.838301][ T26] prodikeys 0003:041E:2801.0035: unknown main item tag 0x0 [ 146.845516][ T26] prodikeys 0003:041E:2801.0035: unknown main item tag 0x0 [ 146.854600][ T26] prodikeys 0003:041E:2801.0035: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input0 [ 147.016689][ T20] usb 3-1: USB disconnect, device number 27 [ 147.149962][ T1914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.164130][ T1914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.175492][ T1914] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 147.185400][ T1914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.203516][ T1914] usb 4-1: config 0 descriptor?? [ 147.388685][ T3507] incfs: iterate_incfs_dir / -22 [ 147.394900][ T3507] incfs: iterate_incfs_dir / -22 [ 147.401495][ T3507] incfs: iterate_incfs_dir / -22 [ 147.519838][ T718] Bluetooth: hci0: command 0x1001 tx timeout [ 147.526343][ T47] Bluetooth: hci0: sending frame failed (-49) [ 147.671030][ T1914] lg-g15 0003:046D:C222.0036: unknown main item tag 0x0 [ 147.679109][ T1914] lg-g15 0003:046D:C222.0036: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0 [ 147.873530][ T1914] usb 4-1: USB disconnect, device number 20 [ 149.599961][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 153.683723][ T3516] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.690730][ T3516] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.697942][ T3516] device bridge_slave_0 entered promiscuous mode [ 153.704954][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.712448][ T3516] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.720041][ T3516] device bridge_slave_1 entered promiscuous mode [ 153.736049][ T30] audit: type=1400 audit(1728479580.904:984): avc: denied { ioctl } for pid=3521 comm="syz.3.1248" path="socket:[32064]" dev="sockfs" ino=32064 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 153.831221][ T3529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1240'. [ 153.840401][ T3529] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1240'. [ 153.840697][ T30] audit: type=1326 audit(1728479581.014:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 153.874877][ T30] audit: type=1326 audit(1728479581.054:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 153.902044][ T30] audit: type=1326 audit(1728479581.064:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 153.939122][ T3540] loop3: detected capacity change from 0 to 512 [ 153.949438][ T30] audit: type=1326 audit(1728479581.064:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 153.973982][ T30] audit: type=1326 audit(1728479581.064:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 154.014153][ T3544] device batadv_slave_1 entered promiscuous mode [ 154.020851][ T30] audit: type=1326 audit(1728479581.064:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 154.021569][ T3544] device bridge0 entered promiscuous mode [ 154.051224][ T3540] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 154.062805][ T30] audit: type=1326 audit(1728479581.074:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 154.067013][ T3549] syz.2.1249[3549] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.088168][ T30] audit: type=1326 audit(1728479581.074:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 154.090249][ T3549] syz.2.1249[3549] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.100239][ T3540] EXT4-fs (loop3): 1 truncate cleaned up [ 154.144262][ T3540] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 154.165871][ T30] audit: type=1326 audit(1728479581.094:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3534 comm="syz.2.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f399b163ff9 code=0x7ffc0000 [ 154.167047][ T3543] device bridge0 left promiscuous mode [ 154.201092][ T3549] loop2: detected capacity change from 0 to 128 [ 154.207610][ T3543] device batadv_slave_1 left promiscuous mode [ 154.251548][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.258550][ T3516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.265735][ T3516] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.272718][ T3516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.285986][ T3549] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 154.285986][ T3549] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 154.285986][ T3549] [ 154.312211][ T3549] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 154.319994][ T3549] EXT4-fs (loop2): dax option not supported [ 154.371615][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.383143][ T3549] incfs: Options parsing error. -22 [ 154.383290][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.398755][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.406770][ T3549] incfs: mount failed -22 [ 154.427368][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.439183][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.446115][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.457920][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.467086][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.474029][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.487739][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.497954][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.513286][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.527514][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.536092][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 154.543778][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 154.555103][ T2111] device bridge_slave_1 left promiscuous mode [ 154.561360][ T2111] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.569023][ T2111] device bridge_slave_0 left promiscuous mode [ 154.575189][ T2111] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.583436][ T2111] device veth1_macvtap left promiscuous mode [ 154.589260][ T2111] device veth0_vlan left promiscuous mode [ 154.675282][ T3516] device veth0_vlan entered promiscuous mode [ 154.686714][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 154.694931][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 154.704263][ T3516] device veth1_macvtap entered promiscuous mode [ 154.715371][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 154.723142][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 154.731662][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.741552][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 154.749836][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.907103][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.914099][ T3577] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.922753][ T3577] device bridge_slave_0 entered promiscuous mode [ 154.930266][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.937129][ T3577] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.945125][ T3577] device bridge_slave_1 entered promiscuous mode [ 155.037317][ T3583] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1259'. [ 155.047874][ T3583] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1259'. [ 155.051584][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.061280][ T3587] loop1: detected capacity change from 0 to 1024 [ 155.063554][ T3577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.076810][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.083698][ T3577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.115357][ T3587] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 155.117549][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.161334][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.176081][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.210132][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.219561][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.226490][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.240194][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.248328][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.255312][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.266458][ T3595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1275'. [ 155.284906][ T3595] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1275'. [ 155.303721][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.322836][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.347467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 155.361875][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 155.372667][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 155.381345][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 155.390077][ T3577] device veth0_vlan entered promiscuous mode [ 155.418958][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 155.431851][ T3577] device veth1_macvtap entered promiscuous mode [ 155.432762][ T3604] loop2: detected capacity change from 0 to 512 [ 155.445855][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 155.466056][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.511371][ T3604] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 155.531717][ T3604] EXT4-fs (loop2): 1 truncate cleaned up [ 155.537642][ T3604] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 155.641563][ T2111] device bridge_slave_1 left promiscuous mode [ 155.648153][ T2111] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.656060][ T2111] device bridge_slave_0 left promiscuous mode [ 155.662574][ T2111] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.671384][ T2111] device veth1_macvtap left promiscuous mode [ 155.677297][ T2111] device veth0_vlan left promiscuous mode [ 155.769950][ T26] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 155.882503][ T3638] loop4: detected capacity change from 0 to 1024 [ 155.923861][ T3638] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 155.956463][ T3634] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.963502][ T3634] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.971356][ T3634] device bridge_slave_0 entered promiscuous mode [ 155.980446][ T3634] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.987988][ T3634] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.997638][ T3634] device bridge_slave_1 entered promiscuous mode [ 156.070074][ T3634] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.076952][ T3634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.084097][ T3634] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.090971][ T3634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.137679][ T3656] loop4: detected capacity change from 0 to 512 [ 156.154339][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.163346][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.163468][ T26] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 156.172045][ T3656] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 156.180146][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 156.191072][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.209362][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 156.213103][ T3656] EXT4-fs (loop4): 1 truncate cleaned up [ 156.220533][ T26] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 156.226836][ T3656] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 156.239161][ T26] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 156.264793][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.273899][ T26] usb 1-1: config 0 descriptor?? [ 156.286883][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.298439][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.299862][ T3612] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 156.344630][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 156.365819][ T3634] device veth0_vlan entered promiscuous mode [ 156.375605][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 156.396116][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 156.405835][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 156.436576][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 156.467146][ T3669] loop1: detected capacity change from 0 to 512 [ 156.467476][ T3634] device veth1_macvtap entered promiscuous mode [ 156.489042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 156.505811][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 156.506224][ T3671] netlink: 'syz.3.1298': attribute type 4 has an invalid length. [ 156.532045][ T3669] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 156.542551][ T3673] loop3: detected capacity change from 0 to 512 [ 156.556287][ T3669] EXT4-fs (loop1): 1 truncate cleaned up [ 156.570078][ T3673] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 156.580755][ T3669] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 156.702456][ T3684] loop3: detected capacity change from 0 to 512 [ 156.736584][ T3684] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 156.750949][ T3684] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038 (0x7fffffff) [ 156.751478][ T3682] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.767637][ T3682] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.776476][ T3682] device bridge_slave_0 entered promiscuous mode [ 156.786196][ T3682] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.793720][ T3682] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.802379][ T3682] device bridge_slave_1 entered promiscuous mode [ 156.811647][ T26] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 156.829907][ T26] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 156.852198][ T26] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 156.859577][ T26] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 156.867022][ T26] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 156.880358][ T26] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 156.909681][ T26] plantronics 0003:047F:FFFF.0037: No inputs registered, leaving [ 156.959160][ T26] plantronics 0003:047F:FFFF.0037: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 157.008865][ T2111] device bridge_slave_1 left promiscuous mode [ 157.015811][ T2111] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.024281][ T2111] device bridge_slave_0 left promiscuous mode [ 157.030758][ T2111] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.054698][ T2111] device veth1_macvtap left promiscuous mode [ 157.123024][ T6] usb 1-1: USB disconnect, device number 23 [ 157.125314][ T3710] overlayfs: filesystem on './file0' not supported as upperdir [ 157.228123][ T3693] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.235065][ T3693] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.242466][ T3693] device bridge_slave_0 entered promiscuous mode [ 157.258457][ T3693] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.265455][ T3693] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.272790][ T3693] device bridge_slave_1 entered promiscuous mode [ 157.279989][ T718] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 157.332089][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.341892][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.361429][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.374813][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.383471][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.390363][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.398297][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.406784][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.414819][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.421685][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.428900][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.461158][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.480173][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.509541][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.520424][ T718] usb 4-1: Using ep0 maxpacket: 8 [ 157.534007][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.541985][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 157.549246][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 157.557773][ T3682] device veth0_vlan entered promiscuous mode [ 157.575650][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.595703][ T3682] device veth1_macvtap entered promiscuous mode [ 157.603697][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.616345][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.624650][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.631519][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.639329][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.656749][ T718] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.671589][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.674657][ T3730] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 157.680255][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.697368][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.704670][ T389] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 157.714512][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.722478][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.754682][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.776002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 157.799282][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.807337][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 157.815355][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 157.823782][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.833597][ T3693] device veth0_vlan entered promiscuous mode [ 157.856825][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 157.865666][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.869680][ T3742] loop0: detected capacity change from 0 to 2048 [ 157.873742][ T718] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.891516][ T3693] device veth1_macvtap entered promiscuous mode [ 157.901086][ T718] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.909172][ T718] usb 4-1: Product: syz [ 157.913283][ T718] usb 4-1: Manufacturer: syz [ 157.917735][ T718] usb 4-1: SerialNumber: syz [ 157.924456][ T3742] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.939005][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.948451][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.949599][ T3742] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 157.956997][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.973970][ T3742] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 3 with error 28 [ 157.980313][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 157.993167][ T3742] EXT4-fs (loop0): This should not happen!! Data will be lost [ 157.993167][ T3742] [ 158.000734][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.009769][ T3742] EXT4-fs (loop0): Total free blocks count 0 [ 158.022763][ T3742] EXT4-fs (loop0): Free/Dirty block details [ 158.028701][ T3742] EXT4-fs (loop0): free_blocks=2415919104 [ 158.034408][ T3742] EXT4-fs (loop0): dirty_blocks=16 [ 158.040932][ T3742] EXT4-fs (loop0): Block reservation details [ 158.047815][ T3742] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 158.145077][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 158.157294][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 158.157294][ T8] [ 158.170629][ T389] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.191993][ T389] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.203189][ T389] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 158.212229][ T389] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.223844][ T389] usb 3-1: config 0 descriptor?? [ 158.332674][ T3757] tipc: Started in network mode [ 158.337521][ T3757] tipc: Node identity ac1414aa, cluster identity 4711 [ 158.344751][ T3757] tipc: New replicast peer: 100.1.1.1 [ 158.350359][ T3757] tipc: Enabled bearer , priority 10 [ 158.357430][ T2111] device bridge_slave_1 left promiscuous mode [ 158.363999][ T2111] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.374591][ T2111] device bridge_slave_0 left promiscuous mode [ 158.380931][ T2111] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.390393][ T2111] device bridge_slave_1 left promiscuous mode [ 158.396967][ T2111] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.410177][ T2111] device bridge_slave_0 left promiscuous mode [ 158.413608][ T3761] loop0: detected capacity change from 0 to 512 [ 158.416655][ T2111] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.431346][ T2111] device veth1_macvtap left promiscuous mode [ 158.437282][ T2111] device veth0_vlan left promiscuous mode [ 158.443332][ T2111] device veth1_macvtap left promiscuous mode [ 158.449352][ T2111] device veth0_vlan left promiscuous mode [ 158.700880][ T389] holtek_kbd 0003:04D9:A055.0038: unknown main item tag 0x0 [ 158.713402][ T389] holtek_kbd 0003:04D9:A055.0038: item fetching failed at offset 3/5 [ 158.730783][ T389] holtek_kbd: probe of 0003:04D9:A055.0038 failed with error -22 [ 158.775199][ T3775] loop4: detected capacity change from 0 to 128 [ 158.798209][ T30] kauditd_printk_skb: 139 callbacks suppressed [ 158.798226][ T30] audit: type=1400 audit(1728479585.964:1133): avc: denied { mount } for pid=3774 comm="syz.4.1338" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 158.801225][ T3775] FAT-fs (loop4): error, corrupted file size (i_pos 548, 512) [ 158.839712][ T3775] FAT-fs (loop4): Filesystem has been set read-only [ 158.902411][ T20] usb 3-1: USB disconnect, device number 28 [ 158.915130][ T30] audit: type=1400 audit(1728479586.084:1134): avc: denied { unmount } for pid=3682 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 159.038684][ T30] audit: type=1400 audit(1728479586.204:1135): avc: denied { create } for pid=3786 comm="syz.1.1345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 159.079942][ T718] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 159.086490][ T30] audit: type=1400 audit(1728479586.234:1136): avc: denied { create } for pid=3788 comm="syz.4.1343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 159.086525][ T30] audit: type=1400 audit(1728479586.234:1137): avc: denied { write } for pid=3788 comm="syz.4.1343" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 159.086552][ T30] audit: type=1400 audit(1728479586.234:1138): avc: denied { write } for pid=3786 comm="syz.1.1345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 159.086578][ T30] audit: type=1400 audit(1728479586.234:1139): avc: denied { nlmsg_read } for pid=3786 comm="syz.1.1345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 159.143003][ T3791] loop1: detected capacity change from 0 to 512 [ 159.158508][ T718] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 159.190587][ T30] audit: type=1400 audit(1728479586.364:1140): avc: denied { read write } for pid=3795 comm="syz.4.1347" name="uhid" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 159.216316][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.226204][ T30] audit: type=1400 audit(1728479586.364:1141): avc: denied { open } for pid=3795 comm="syz.4.1347" path="/dev/uhid" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 159.232089][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.258159][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.265839][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.273724][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.289678][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.297616][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.299266][ T3791] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 159.308843][ T718] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 159.331412][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.339169][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.340496][ T3791] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038 (0x7fffffff) [ 159.347461][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.377798][ T30] audit: type=1400 audit(1728479586.544:1142): avc: denied { read } for pid=139 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 159.386326][ T718] usb 4-1: USB disconnect, device number 21 [ 159.405304][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.413872][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.422551][ T718] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 159.430973][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.441713][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.449387][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.458306][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.469813][ T6] tipc: Node number set to 2886997162 [ 159.471330][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.483019][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.492706][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.500967][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.509043][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.525818][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.537259][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.546359][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.554145][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.571281][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.587402][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.596503][ T3814] syz.0.1351[3814] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 159.596630][ T3814] syz.0.1351[3814] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 159.597941][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.629222][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.637156][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.645491][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.653116][ T389] hid-generic 0000:0000:FFFFFFFF.0039: unknown main item tag 0x0 [ 159.669526][ T389] hid-generic 0000:0000:FFFFFFFF.0039: hidraw0: HID v0.01 Device [syz0] on syz0 [ 159.688512][ T39] ================================================================== [ 159.697090][ T39] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120 [ 159.705177][ T39] Read of size 8 at addr ffff888124750c70 by task kworker/1:1/39 [ 159.712880][ T39] [ 159.715124][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0 [ 159.728071][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 159.738408][ T39] Workqueue: rcu_gp process_srcu [ 159.743594][ T39] Call Trace: [ 159.746723][ T39] [ 159.749494][ T39] dump_stack_lvl+0x151/0x1c0 [ 159.754122][ T39] ? io_uring_drop_tctx_refs+0x190/0x190 [ 159.760112][ T39] ? panic+0x760/0x760 [ 159.764124][ T39] ? destroy_list_workfn+0x229/0x2e0 [ 159.769244][ T39] print_address_description+0x87/0x3b0 [ 159.774764][ T39] kasan_report+0x179/0x1c0 [ 159.779093][ T39] ? __kasan_check_write+0x14/0x20 [ 159.784149][ T39] ? __list_del_entry_valid+0xa6/0x120 [ 159.790023][ T39] ? __list_del_entry_valid+0xa6/0x120 [ 159.795755][ T39] __asan_report_load8_noabort+0x14/0x20 [ 159.801687][ T39] __list_del_entry_valid+0xa6/0x120 [ 159.806805][ T39] process_one_work+0x458/0xc10 [ 159.811597][ T39] worker_thread+0xad5/0x12a0 [ 159.816118][ T39] ? _raw_spin_lock+0x1b0/0x1b0 [ 159.820884][ T39] kthread+0x421/0x510 [ 159.824976][ T39] ? worker_clr_flags+0x180/0x180 [ 159.829818][ T39] ? kthread_blkcg+0xd0/0xd0 [ 159.834416][ T39] ret_from_fork+0x1f/0x30 [ 159.838671][ T39] [ 159.841542][ T39] [ 159.843704][ T39] Allocated by task 718: [ 159.847796][ T39] ____kasan_kmalloc+0xdb/0x110 [ 159.852650][ T39] __kasan_kmalloc+0x9/0x10 [ 159.856983][ T39] __kmalloc+0x13a/0x270 [ 159.861064][ T39] kvmalloc_node+0x1f0/0x4d0 [ 159.865489][ T39] alloc_netdev_mqs+0x8c/0xc90 [ 159.870218][ T39] alloc_etherdev_mqs+0x33/0x40 [ 159.874915][ T39] usbnet_probe+0x1fc/0x2840 [ 159.879586][ T39] usb_probe_interface+0x5b6/0xa90 [ 159.884533][ T39] really_probe+0x28d/0x970 [ 159.889142][ T39] __driver_probe_device+0x1a0/0x310 [ 159.895658][ T39] driver_probe_device+0x54/0x3d0 [ 159.901097][ T39] __device_attach_driver+0x2c5/0x470 [ 159.906932][ T39] bus_for_each_drv+0x183/0x200 [ 159.911993][ T39] __device_attach+0x312/0x510 [ 159.917486][ T39] device_initial_probe+0x1a/0x20 [ 159.922695][ T39] bus_probe_device+0xbe/0x1e0 [ 159.927473][ T39] device_add+0xb60/0xf10 [ 159.931633][ T39] usb_set_configuration+0x190f/0x1e80 [ 159.937267][ T39] usb_generic_driver_probe+0x8b/0x150 [ 159.942869][ T39] usb_probe_device+0x144/0x260 [ 159.947633][ T39] really_probe+0x28d/0x970 [ 159.951981][ T39] __driver_probe_device+0x1a0/0x310 [ 159.957095][ T39] driver_probe_device+0x54/0x3d0 [ 159.961945][ T39] __device_attach_driver+0x2c5/0x470 [ 159.967153][ T39] bus_for_each_drv+0x183/0x200 [ 159.971848][ T39] __device_attach+0x312/0x510 [ 159.976595][ T39] device_initial_probe+0x1a/0x20 [ 159.981601][ T39] bus_probe_device+0xbe/0x1e0 [ 159.986190][ T39] device_add+0xb60/0xf10 [ 159.990620][ T39] usb_new_device+0x1038/0x1c00 [ 159.995321][ T39] hub_event+0x2def/0x4770 [ 159.999737][ T39] process_one_work+0x6bb/0xc10 [ 160.004558][ T39] worker_thread+0xad5/0x12a0 [ 160.010469][ T39] kthread+0x421/0x510 [ 160.014872][ T39] ret_from_fork+0x1f/0x30 [ 160.019685][ T39] [ 160.022484][ T39] Freed by task 718: [ 160.026307][ T39] kasan_set_track+0x4b/0x70 [ 160.031424][ T39] kasan_set_free_info+0x23/0x40 [ 160.036322][ T39] ____kasan_slab_free+0x126/0x160 [ 160.041611][ T39] __kasan_slab_free+0x11/0x20 [ 160.046225][ T39] slab_free_freelist_hook+0xbd/0x190 [ 160.052627][ T39] kfree+0xc8/0x220 [ 160.056298][ T39] kvfree+0x35/0x40 [ 160.060076][ T39] netdev_freemem+0x3f/0x60 [ 160.064341][ T39] netdev_release+0x7f/0xb0 [ 160.069084][ T39] device_release+0x95/0x1c0 [ 160.073764][ T39] kobject_put+0x178/0x260 [ 160.078030][ T39] put_device+0x1f/0x30 [ 160.082194][ T39] free_netdev+0x34f/0x440 [ 160.086435][ T39] usbnet_disconnect+0x245/0x390 [ 160.091217][ T39] usb_unbind_interface+0x1fa/0x8c0 [ 160.096243][ T39] device_release_driver_internal+0x50b/0x7d0 [ 160.102146][ T39] device_release_driver+0x19/0x20 [ 160.107191][ T39] bus_remove_device+0x2f8/0x360 [ 160.111961][ T39] device_del+0x663/0xe90 [ 160.116182][ T39] usb_disable_device+0x380/0x720 [ 160.120999][ T39] usb_disconnect+0x32a/0x890 [ 160.125622][ T39] hub_event+0x1d42/0x4770 [ 160.129930][ T39] process_one_work+0x6bb/0xc10 [ 160.134682][ T39] worker_thread+0xe02/0x12a0 [ 160.139274][ T39] kthread+0x421/0x510 [ 160.143266][ T39] ret_from_fork+0x1f/0x30 [ 160.147536][ T39] [ 160.149689][ T39] Last potentially related work creation: [ 160.155336][ T39] kasan_save_stack+0x3b/0x60 [ 160.160007][ T39] __kasan_record_aux_stack+0xd3/0xf0 [ 160.165209][ T39] kasan_record_aux_stack_noalloc+0xb/0x10 [ 160.170857][ T39] insert_work+0x56/0x320 [ 160.175141][ T39] __queue_work+0x92a/0xcd0 [ 160.179470][ T39] queue_work_on+0x105/0x170 [ 160.183898][ T39] usbnet_link_change+0xeb/0x100 [ 160.188836][ T39] usbnet_probe+0x1dcb/0x2840 [ 160.193343][ T39] usb_probe_interface+0x5b6/0xa90 [ 160.198290][ T39] really_probe+0x28d/0x970 [ 160.202631][ T39] __driver_probe_device+0x1a0/0x310 [ 160.207750][ T39] driver_probe_device+0x54/0x3d0 [ 160.212611][ T39] __device_attach_driver+0x2c5/0x470 [ 160.217821][ T39] bus_for_each_drv+0x183/0x200 [ 160.222524][ T39] __device_attach+0x312/0x510 [ 160.227103][ T39] device_initial_probe+0x1a/0x20 [ 160.232068][ T39] bus_probe_device+0xbe/0x1e0 [ 160.236653][ T39] device_add+0xb60/0xf10 [ 160.240819][ T39] usb_set_configuration+0x190f/0x1e80 [ 160.246143][ T39] usb_generic_driver_probe+0x8b/0x150 [ 160.251407][ T39] usb_probe_device+0x144/0x260 [ 160.256201][ T39] really_probe+0x28d/0x970 [ 160.260541][ T39] __driver_probe_device+0x1a0/0x310 [ 160.265797][ T39] driver_probe_device+0x54/0x3d0 [ 160.270652][ T39] __device_attach_driver+0x2c5/0x470 [ 160.276001][ T39] bus_for_each_drv+0x183/0x200 [ 160.281352][ T39] __device_attach+0x312/0x510 [ 160.286118][ T39] device_initial_probe+0x1a/0x20 [ 160.291002][ T39] bus_probe_device+0xbe/0x1e0 [ 160.295580][ T39] device_add+0xb60/0xf10 [ 160.299763][ T39] usb_new_device+0x1038/0x1c00 [ 160.304663][ T39] hub_event+0x2def/0x4770 [ 160.308909][ T39] process_one_work+0x6bb/0xc10 [ 160.313598][ T39] worker_thread+0xad5/0x12a0 [ 160.318201][ T39] kthread+0x421/0x510 [ 160.322105][ T39] ret_from_fork+0x1f/0x30 [ 160.326361][ T39] [ 160.328662][ T39] The buggy address belongs to the object at ffff888124750000 [ 160.328662][ T39] which belongs to the cache kmalloc-4k of size 4096 [ 160.342809][ T39] The buggy address is located 3184 bytes inside of [ 160.342809][ T39] 4096-byte region [ffff888124750000, ffff888124751000) [ 160.356082][ T39] The buggy address belongs to the page: [ 160.361570][ T39] page:ffffea000491d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124750 [ 160.371782][ T39] head:ffffea000491d400 order:3 compound_mapcount:0 compound_pincount:0 [ 160.380084][ T39] flags: 0x4000000000010200(slab|head|zone=1) [ 160.385985][ T39] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 160.394525][ T39] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 160.403375][ T39] page dumped because: kasan: bad access detected [ 160.409630][ T39] page_owner tracks the page as allocated [ 160.415351][ T39] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 302, ts 34281682078, free_ts 0 [ 160.432685][ T39] post_alloc_hook+0x1a3/0x1b0 [ 160.437273][ T39] prep_new_page+0x1b/0x110 [ 160.441611][ T39] get_page_from_freelist+0x3550/0x35d0 [ 160.447020][ T39] __alloc_pages+0x27e/0x8f0 [ 160.451422][ T39] new_slab+0x9a/0x4e0 [ 160.455483][ T39] ___slab_alloc+0x39e/0x830 [ 160.459967][ T39] __slab_alloc+0x4a/0x90 [ 160.464095][ T39] __kmalloc_track_caller+0x16c/0x260 [ 160.469426][ T39] __alloc_skb+0x10c/0x550 [ 160.473874][ T39] rtmsg_ifinfo_build_skb+0x7f/0x180 [ 160.479165][ T39] rtmsg_ifinfo+0x78/0x120 [ 160.483801][ T39] __dev_notify_flags+0xdd/0x610 [ 160.488576][ T39] dev_change_flags+0xf0/0x1a0 [ 160.493174][ T39] do_setlink+0xc21/0x3d80 [ 160.497921][ T39] rtnl_newlink+0x17bc/0x2050 [ 160.502379][ T39] rtnetlink_rcv_msg+0x951/0xc40 [ 160.507617][ T39] page_owner free stack trace missing [ 160.512961][ T39] [ 160.515113][ T39] Memory state around the buggy address: [ 160.520584][ T39] ffff888124750b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.528699][ T39] ffff888124750b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.536682][ T39] >ffff888124750c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.545186][ T39] ^ [ 160.553794][ T39] ffff888124750c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.565614][ T39] ffff888124750d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.579948][ T39] ================================================================== [ 160.589492][ T39] Disabling lock debugging due to kernel taint [ 161.120136][ T389] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 161.540170][ T389] usb 5-1: config 0 has no interfaces? [ 161.545488][ T389] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 161.554520][ T389] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.563786][ T389] usb 5-1: config 0 descriptor?? [ 161.905063][ T312] usb 5-1: USB disconnect, device number 25