last executing test programs: 3m32.830776039s ago: executing program 0 (id=154): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13) 3m32.758194511s ago: executing program 0 (id=158): unshare(0x2c020400) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)=0x3) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, 0x0) 3m32.640342673s ago: executing program 0 (id=165): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x35, &(0x7f00000000c0), 0x4) 3m31.707075892s ago: executing program 0 (id=178): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x800, &(0x7f0000000500)=ANY=[@ANYBLOB='iocharset=cp850,dmask=00000000000000000000777,namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30300000000000000040303030303030303030303031302c757466382c666d61736b3d30303030303030303030303030303030303030303030372c6572726f72733d72476d6f756e742d726f2c6e616d65636173653d312c706c6c6f775f7574696d653d30303030323030303030303030303015303134373037302c00904f5ef6c3660c06b4d7d3172ed33955a22d96c6b58d48d25609fc8fd957db7f4cfb97e98333158a7878aa16963be19155c4a0068007e41cc520b790c6292f5e20dbf5725a2a02670903b3d75dfbb2030d8cdef5210ed5485e27f1d33f67e2d90248d081d098053c"], 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==") mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/174, 0xae) 3m31.649972102s ago: executing program 0 (id=179): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r0, &(0x7f0000000240)={0x24, @short={0x2, 0x1, 0xaaa0}}, 0x14) sendmmsg$inet(r0, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x24000800) 3m31.509411945s ago: executing program 0 (id=181): sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYBLOB="010000000000000000000c000000280005801400f48004000200000000000800010000000000080001"], 0x3c}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400340008"], 0x2c}}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 3m31.484272886s ago: executing program 32 (id=181): sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYBLOB="010000000000000000000c000000280005801400f48004000200000000000800010000000000080001"], 0x3c}}, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400340008"], 0x2c}}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 2m53.085693796s ago: executing program 1 (id=828): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCEXCL(r0, 0x540c) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd}) syz_open_dev$tty1(0xc, 0x4, 0x1) 2m52.704516044s ago: executing program 1 (id=831): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000008600850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000080"], 0x48) 2m51.963630308s ago: executing program 1 (id=839): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00'}, 0x94) syz_clone(0x4002000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002240)={r1, 0xe0, &(0x7f0000002140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001f40)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb1, 0x8, 0x0, 0x0}}, 0x10) 2m51.918063389s ago: executing program 1 (id=841): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x56e, &(0x7f0000000640)="$eJzs3U9sHFcZAPBvdh0ndU1dm1pqysGBRLh/FNvtSk4NB8IBDhT1UiRUqRysZGMHr2Nju6I2F/fGiQoJBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHggBjGZ3NtnYs2bBjhcyv5+02TdvnvO9t5vvafe9iSeAwjqR/pFE9EfE1YgYaBze2uBE4+kblY3ZK5WN2SS2t5/6U1Jvd7myMdts2vy5uyNiPSLuj4jvX4g4d2R33OXVtbnpWq26lB2Pr8wvji+vrp2+OD89U52pXqpUHp+anJw6MznxH4wm2fPsRxffGPrF7JMzL4/8/ekz81/5YxJn6+OOHeM4SHk96kkizt6OYF1QTscTEX0dth+uvvDKbe4SHfrc0OZ4+t7dFxGn6vk/EOX6uxnxvpee+ctAvPd6u5+9uvnS7w6zrwDAwdlOHd37NHBnKkX63T8pjUVEo1wqjY01vsPfF32l2sLyyiMXFp69dL6xRnBvHClduFirTmRrBffGkSQ9frRevnn82I7jSkQMRsSny3fVj8fOLdTOH+pMBzT1R7z+zU+c6717R/7/ttzIf+DOleb/z37w7e+m5bfK3e4NcJjS/P/aW/NPhPyHwpH/UFzyH4pL/kNxyX8oLvkPxSX/objkPxSX/Ifikv9QXK35L/2hmAZHXt1MImL9PXfVH6ne7FzOr+0B7iDb24n/5A8F5bM/FFdPtzsAdI3v+MDevzk74li7E4sH3xfgcJS63QGga0aP2/+DorL+D8Vl/R+Ky2d8wPo/FI/1fyiu/jb3/3pby727JiLinoj4UfnI0ea9voD/X/0Rr7949VvPRJR+n2Sf/0cHTvVPv/Ha91rb9SZ/rW8R9EbEJ1986gvPTa+sLD2a1v/5Rv3KF7P6x7o1GqATzTxt5jFQXMura3PTtVp1SUFBoXCF5jxwubIx23wc1tzzwsMRb76/cRFCGvdK9mic7cnWJo/V9yj7tpJbrlVIDmDv8jOnI9afj4j788afZPc7b+x89G2Vd8V/e/acPo5n6ydpm+EO45fv2V/8B1rij7TEf0eH8Tc/0mHD22Tw692N//Ivs9d/oqcn7/Xf77UxQ//m/BNf3WeAffrNr7sb/9RId+N/fiHi1XT+mcjLv1Kaljd2PnfOP/0t10n/tz41enP+u7Jr/ivdmP/Kbea/Ex3G+eHT1Y/l1Zd/HPHm8xEP5MZvxjtWj9W3VdoV/2TL/PPgHvH/8OGfzuXVn30tYvtyxGjkx2+NNb4yvzi+vLp2+uL89Ex1pnqpUnl8anJy6szkxHh9jXq8uVK925PXhz+QV3/yy43x97WJ3xx/u9d/e48xt1r70sf735lT/5PjjfgPnsx//4ey+I3Xv2dX/Hdlz+m/k39k1/Kmba5FxNGs/qGI+M4rgw/n9etD1xvxz7cZf+mW+LvH/0iH4//sr/75bF79cx/s8C8AAA5U+6WBbvcMAAA4aIex09jtMQL5+rZ6o3UbOFlv2VdYv7mvkNZfy/YXyusRf8v2GNL6h7JdsrScu9EA/M8ZXnv3z7vdBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICiW15dm5uu1apLy93uCXDY/hUAAP//T2kBHQ==") r0 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) 2m51.736983853s ago: executing program 1 (id=844): r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000880)=""/96, 0x60}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) 2m51.542064786s ago: executing program 1 (id=845): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff75257078bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661962239c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e6fff4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be3cdda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f00000000008000000000000000000000000040000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000002900)=r1, 0x4) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f00000005c0)) 2m51.38790925s ago: executing program 33 (id=845): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff75257078bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661962239c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e6fff4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be3cdda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f00000000008000000000000000000000000040000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000002900)=r1, 0x4) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f00000005c0)) 1m51.300052374s ago: executing program 5 (id=2477): unshare(0x22020600) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) listen(r0, 0x86a) poll(&(0x7f00000003c0)=[{r0, 0x44}], 0x1, 0x3) 1m51.243133035s ago: executing program 5 (id=2478): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xfffff000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0x2, 0x0, 0x0) 1m51.00202462s ago: executing program 5 (id=2485): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x487, 0x0, 0x11}]}) 1m50.905431762s ago: executing program 5 (id=2490): syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000240)='./bus\x00', 0x3010050, &(0x7f0000000600)=ANY=[], 0x1, 0x1500, &(0x7f0000003080)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c8/rGu+dvjDX2mvv/zPmstecez/8yxt7fdhxctX61ynWZGf4p+OcvqQCQAgD9AOAaAIgAoFS2UtkAh0Emjan/3JuIf62Hpl3pFYgrSfqfvkn/0zfpf/om/U/fpP/pm/Q/fZP+p2/SfyHSs63Tc18rI/2O/7nn/yDP//+/I+f//0UOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J//+XiwAq/TeHpf/pm/RfiPTsSj9/lnFlx5X+/RNCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIkT6cC5cZAPjL/EqvSwghhBBCCCGEEP86IeOVXoEQQgghhBBCCCH+/RAUaDAQQQbICCmQCTLDVZAFroascA0k4FrIBtdBdrgeckBOyAW5IQ/khXxggcABQwz5oQAk4QYoCDdCISgMRaAoeCgGxeEmKAE3Q0m4BUrBrVAaboMyUBbKQXm4HSrAHVARKkFluBOqwF1QFarB3VAd7oEacC/UhPugFtwPteEBqAMPQl14COrBw1AfHoEG8Cg0hEbQGJpA0/+n/BehK7wE3aA7pEIP6AkvQy/oDX2gL/SDV6A/vAoD4DUYCINgMLwOQ+ANGApvwjAYDiPgLRgJo2A0jIGxMA7Gw9swAd6BifAuTILJMAWmwjSYDjPgPZgJs2A2vA9z4AOYC/NgPiyAhfAhLILFkAYfwRL4GJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsInsA22ww7YCbtgN+yBT2EvfAb74HPYD1/8g/ln/1N+JwQEVKjQoMEMmAFTMAUzY2bMglkwK2bFBCYwG2bD7Jgdc2AOzIW5MA/mwXyYDwkJGRnzY35MYhILYkEshIWwCBZBjx6LY3EsgTdjSSyJpbAUlsbSWAbLYlksj+WxAlbAilgRK2NlrIJVsCpWxbvxbrwHa2ANrIk1sRbWwtpYG+tgHayLdbEe1sP6WB8bYANsiA2xMTbGptgUm2EzbI7NsSW2xFbYCltja2yDbbAttsV22A7bY3vsgB2wI3bETtgZO+OL+CK+hC9hd6yiemBP7Im9sBf2wb7YF1/B/vgqvoqv4UAchIPxdXwd38CheAaH4XAcgSOwghqFo3EMshqH43E8TsAJOBEn4iScjJNxKk7D6TgDZ+BMnIWz8H2cgx/gBzgP5+ECXIgLcREuxjRMwyV4FpfiMlyOK3AlrsKVuAbX4hpcjxtwPW7CTbgFt+An+Alux+24E3fibtyNn+Kn+Bl+hgNxP+7HA3gAD+JBPISH8DAexiN4BI/iUTyGx/A4HscTeBJP4Uk8jafxDJ7Fc3gOz+N5vIDP5/m63u7C6waCusQoozKoDCpFpajMKrPKorKorCqrSqiEyqayqewqu8qhcqhcKpfKo/KofCqfIkWKVazyq/wqqZKqoCqoCqlCqogqorzyqrgqrkqoEqqkKqlKqVtVaXWbKqPKqha+vCqvKqiWvqKqpCqryqqKuktVVdVUNVVdVVc1VA1VU9VUtVQtVVs9oOqoHtgHH1KXOlNfDcIGajA2VI1UY9VEvYGPqWZqKDZXLVRL9YQajsOwtWrm26inVVs1GtupZ9UYfE51UOOwo3pBdVKdVRf1ouqqmvtuGX77CFRTsZfqrfqovmom3qUudayqek0NVIPUYPW6WoBvqKHqTTVMDVcj1FtqpBqlRqsxaqwap8art9UE9Y6aqN5Vk9RkNUVNVdPUdDVDvadmqllqtnpfzVEfqLlqnpqvFqiF6kO1SC1WaeojtUR9rJaqZWq5WqFWqlVqtVqj1qp1ar3aoDaqTWqz2qK2qk/UNrVd7VA71S61W+1Rn6q96jO1T32u9qsv1AH1J3VQfakOqa/UYfW1OqK+UUfVt+qY+k4dV9+rE+qkOqV+UKfVj+qMOqvOqZ/UefWzuqB+URdVUKBRK6210ZHOoDPqFJ1JZ9ZX6Sz6ap1VX6MT+lqdTV+ns+vrdQ6dU+fSuXUenVfn01aTdpp1rPPrAjqpb9AF9Y26kC6si+ii2utiuri+SZfQN+uS+hZdSt+qS+vbdBldVpfT5fXtuoK+Q1fUlXRlfaeuou/SVXU1fbeuru/RNfS9uqa+T9fS9+va+gFdRz+o6+qHdD39sK6vH9EN9KO6oW6kG+smuql+TDfTj+vmuoVuqZ/QrfSTurV+SrfRT+u2+hndTj+r2+vndAf9vO6oX9CddGfdRf+iL+qgu+nuOlX30D31y7qX7q376L66n35F99ev6gH6NT1QD9KD9et6iH5DD9Vv6mF6uB6h39Ij9Sg9Wo/RY/U4PV6/rSfod/RE/a6epCfrKXqqnqan6z6/VZr9d+S/8zfyB/z67lv0Vv2J3qa36x16p96ld+s9eo/eq/fqfXqf3q/36wP6gD6oD+pD+pA+rA/rI/qIPqqP6mP6mD6uj+sT+qT+Sf+gT+sf9Rl9Vp/VP+nz+ry+8NvPAAwaZbQxJjIZTEaTYjKZzOYqk8VcbbKaa0zCXGuymetMdnO9yWFymlwmt8lj8pp8xhoyzrCJTX5TwCTNDaagudEUMoVNEVPUeFPMFDc3/dP5f7S+pqapaWaameamuWlpWppWppVpbVqbNqaNaWvamnamnWlv2psOpoPpaDqaTqaT6WK6mK6mq+lmuplUDQDmZdPL9DZ9TF/Tz7xi+pv+ZoAZYAaagWawGWyGmCFmqBlqhplhZoQZYUaakWa0GW3GmrFmvBlvJpgJZqKZaCaZSWaKmWKmmWlmhplhZpqZZraZbeaYOWaumWvmm/lmoVloFplFJs2kmSVmiVlqlpllZoVZYVaZVWaNWWPWmXVmg9lgNplNZqnZaraabWab2WF2mF1ml9lj9pi9Zq/ZZ/aZ/Wa/OWAOmIPmoDlkDpnD5rA5Yo6Yo+aoOWaOmePmuDlhTphT5pQ5bU6bM+aMOWfOmfPmvLlgLpiL5uKly75IRSoykYkyRBmilCglyhxljrJEWaKsUdYoESWibFG2KHt0fZQjyhnlinJHeaK8USrYiCIXcRRH+aMCUTK6ISoY3RgVigpHRaKikY+KRcWjm6IS0c1RyeiWqFR0a1Q6ui0qE5WNykXlo9ujCtEdUcWoUlQ5ujOqEt0VVY2qRXdH1aN7ohrRvVHN6L6oVnR/VDt6IKoTPRjVjR6K6kUPR/WjR6IG0aNRw6hR1DhqEjX9l9YP4UzOx303292m2h62p33Z9rK9bR/b1/azr9j+9lU7wL5mB9pBdrB93Q6xb9ih9k07zA63I+xbdqQdZUfbMXasHWfH27ftBPuOnWjftZPsZDvFTrXT7HQ7w75nZ9pZdrZ9386xH9i5dp6dbxfYhfZDu8gutmn2I7vEfmyX2mV2uV1hV9pVdrVdY9fadXa93WA32k12s91it9pP7Da73e6wO+0uu9vusZ/avfYzu89+bvfbL+wB+yd70H5pD9mv7GH7tT1iv7FH7bf2mP3OHrff2xP2pD1lf7Cn7Y/2jD1rz9mf7Hn7s71gf7EXbbh0cX/p9E6GDGWgDJRCKZSZMlMWykJZKSslKEHZKBtlp+yUg3JQLspFeSgP5aN8dAkTU37KT0lKUkEqSIWoEBWhIuTJU3EqTiWoBJWkklSKSlFpKk1lqAyVo3J0O91Od9AdVIkq0Z10J91Fd1E1qkbVqTrVoBpUk2pSLapFtak21aE6VJfqUj2qR/WpPjWgBtSQGlJjakxNqSk1o2bUnJpTS2pJragVtabW1IbaUFtqS+2oHbWn9tSBOlBH6kidqBN1oS7UlbpSN+pGqZRKPakn9aJe1If6UD/qR/2pPw2gATSQBtJgGkxDaAgNpaE0jIbTCHqLRtIoGk1jaCyNo/E0nibQBJpIE2kSTaIpNIWm0TSaQTNoJs2k2TSb5tAcmktzaT7Np4W0kBbRIkqjNFpCS2gpLaXltJxW0kpaTatpLa2l9bSeNtJG2kybaSttpW20jXbQDtpFu2gP7aG9tJf20T7aT/vpAB2gg3SQDtEhOkyH6QgdoaN0lI7RMTpOx+kEnaBTdIpO02k6Q2foHJ2j8/QzXaBf6CIFSnEKMrurXBZ3tcvqrnEpLpO7FEcAcCnO5XK7PC6vy+esy+Fy/lVMzrlCrrAr4oo674q54u6m38VlXFlXzpV3t7sK7g5X8XdxdXePq+HudTXdfa6au/uv4lruflfbPeLquEddXdfI1XNNXH33iGvgHnUNXSPX2DVxrdyTrrV7yrVxT7u27pnfxYvcYrfWrXPr3Qa3133mzrmf3FH3rTvvfnbdXHfXz73i+rtX3QD3mhvoBv0uHuHeciPdKDfajXFj3bjfxVPcVDfNTXcz3Htuppv1u3ih+9DNcWlurpvn5rsFv8aX1pTmPnJL3MduqVvmlrsVbqVb5Va7Nf93rSvcJrfZbXF73Kdum9vudridbpfb/Wt8aR/73Oduv/vCHXHfuIPuS3fIHXOH3de/xpf2d8x95467790Jd9Kdcj+40+5Hd8ad/XX/l/b+g/vFXXTBASMr1mw44gyckVM4E2fmqzgLX81Z+RpO8LWcja/j7Hw95+CcnItzcx7Oy/nYMrFj5pjzcwFO8g1ckG/kQlyYi3BR9lyMi/NNXIJv5pJ8C5fiW7k038ZluCyX4/J8O1fgO7giV+LKfCdXCYGrcjW+m6vzPVyD7+WafB/X4vu5Nj/AdfhBrssPcT1+mOvzI9yAH+WG3IgbcxNuyo9xM36cm3MLbslPcCt+klvzU9yGn+a2/Ay342e5PT/HHfh57sgvcCfuzF34Re7KL3E37s6p3IN78svci3tzH+7L/fgV7s+v8gB+jQfyIB7Mr/MQfoOH8ps8jIfzCH6LR/IoHs1jeCyP4/H8Nk/gd3giv8uTeDJP4ak8jafzDH6PZ/Isns3v8xz+gOfyPJ7PC3ghf8iLeDGn8Ue8hD/mpbyMl/MKXsmreDWv4bW8jtfzBt7Im3gzb+Gt/Alv4+28g3fyLt7Ne/hT3suf8T7+nPfzF3yA/8QH+Us+xF/xYf6aj/A3fJS/5WP8HR/n7/kEn+RT/AOf5h/5DJ/lc/wTn+ef+QL/whc5MMQYq1jHJo7iDHHGOCXOFGeOr4qzxFfHWeNr4kR8bZwtvi7OHl8f54hzxrni3HGeOG+cL7YxxS7mOI7zxwXiZHzD2oLxjXGhuHBcJC4a+7hYXDy+KS4R3xyXjG+JS8W3xqXj2+Iycdn4kfvKx7fHFeI74opxpbhyfGdcJb4rrhpXi++Oq8f3xDXie+Oa8X1xyfj+uHb8QFwnfjCuGz8U14sfjuvHj8QN4kfjhnGjuHHcJG4aPxY3ix+Pm8ct4pbxE3Gr+Mm4dfxU3CZ+Om4bP/OHx1PjHnHP+OX45TiEe/X85ILkwuSHyUXJxcm05EfJJcmPk0uTy5LLkyuSK5OrkquTa5Jrk+uS65MbkhuTm5Kbk1uSIVTLCB698tobH/kMPqNP8Zl8Zn+Vz+Kv9ln9NT7hr/XZ/HU+u7/e5/A5fS6f2+fxeX0+bz1559nHPr8v4JP+Bl/Q3+gL+cK+iC/qvS/mi/smvqlv6pv5x31z38K39E/4J/yT/kn/lH/KP+3b+md8O/+sb++f8x388/55/4Lv5Dv7Lv5F39W/5Lv57j7Vp/qevqfv5Xv5Pr6P7+f7+f6+vx/gB/iBfqAf7Af7IX6IH+qH+mF+mB/hR/iRfqQf7Uf7sX6sH+/H+wl+gp/oJ/pJfpKf4qf4aX6an+Fn+Jl+pp/tZ/s5heb4uX6un+/n+4V+oV/kF/k0n+aX+CV+qV/ql/vlfqVf6Vf71X6tX+vX+/V+o9/oN/vNfqvf6rf5bX6H3+F3+V1+j9/j9/q9fp/f5/f7/f6AP+AP+oP+kP/KH/Zf+yP+G3/Uf+uP+e/8cf+9P+FP+lP+B3/a/+jP+LP+nP/Jn/c/+wv+F3/RBz8+8XZiQuKdxMTEu4lJicmJKYmpiWmJ6YkZifcSMxOzErMT7yfmJD5IzE3MS8xPLEgsTHyYWJRYnEhLfJRYkvg4sTSxLLE8sSKxMrEqEULebXHIHwqEZLghFAw3hkKhcCgSigYfioXi4aZQItwcSoZbQqlwaygdbgtlQtlQLjwaGoZGoXFoEpqGx0Kz8HhoHlqEluGJ0Co8GVqHp0Kb8HRoG54J7cKzoX14LnQIz4eO4YXQKXQOXcKLoWt4KXQL3UNq6BF6hpdDr9A79Al9Q7/wSugfXg0DwmthYBgUBofXw5DwRhga3gzDwvAwIrwVRoZRYXQYE8aGcWF8eDtMCO+EieHdMClMDlPC1DAtTA8zwnthZpgVZof3w5zwQZgb5oX5YUFYGD4Mi8LikBY+CkvCx2FpWBaWhxVhZVgVVoc1YW1YF9aHDWFj2BQ2hy1ha/gkbAvbw46wM+wKu8Oe8GnYGz4L+8LnYX/4IhwIfwoHw5fhUPgqHA5fhyPhm3A0fBuOhe/C8fB9OBFOhlPhh3A6/BjOhLPhXPgpnA8/hwvhl3BR/mZNCCGEEOLvov/geI+/8b0MAKB+m/cEgKu35z78n2tuzPHneW+Vp1UCAJ7u3vGhv4wqVVJTU3977VINUYF5AJD46/p/iZdBS3gS2kALKPE319dbdT7Pf1A/eStA5v+QkwKX48v1b/4v6j/2xIhFpeNz2f6b+vMAChW4nJMJLseX65f8L+rnbPYH68/05XiA5v8hJwtcji/XLw6PwzPQ5q9eKYQQQgghhBBC/FlvVa79H90/X7o/z2Mu52SEy/Ef3Z8LIYQQQgghhBDiynuuc5enHmvTpkX7v2+Cvz0X+MeyZCITmfwbJ+rfUPlKfzIJIYQQQggh/tUuX/Rf6ZUIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBDp1//E/ye70nsUQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghrrT/EwAA//+9yTig") mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) getdents64(r0, &(0x7f00000002c0)=""/173, 0xad) 1m50.754766405s ago: executing program 5 (id=2492): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000040)={[{@orlov}]}, 0x26, 0x75c, &(0x7f0000000b00)="$eJzs3M1rHGUYAPBnJtmkTaMbQfDjIEILFko3SXNpT40Xb4VCwWsNySSETLIhu6ndWLD1LNTmoiCIePboVSj1D/AmBQXvgmiNB/GyMptNatNsum3Srqa/H0z3eefjfd6nO7zsQN4J4Ln1ZvFPEjEcERcjotzen0bEQCs6EnF987yNe9emiy2JZvPSb0lxWWw0y9t9Je3PY9G6JF6NiDuliFMfPZy31lhbmMrzbKXdHq0vLo/WGmtD84tTc9lctjQ+cW7s7MTE2bGJR9bwSpe1nnj33NFb37+zvv7DN/Wbb/SfTmKyVXe0a+uym8ey+X9Siskd+5eeRrIeSno9AAAAulL8zu+LiP7Wr9Ry9LUiAAAA4DBpDjYBAACAQy+JPQ4e2esgAAAA8P+w9XcAW2t7n9Y62E5+fTsiRnbL399aQxxxJEoRMbSRPLAyIdm8DPbl+o2IuD258/77qrjDru+z77Ed7QfXSA/ss3cOwu1i/pncbf5Jt+ef2GX+6d96d8I+dZ7/7ufv6zD/Xewyx7dfvFbqmP9GxOv9u+VPtvMnHfK/12X+m+sf33rUObvl/3eurfdDnH74/RCTs/P5nq8fuPP3ybudjhX1D3XK3+q1c/3LXdRe+GDjj4VOc0mR/+Txvb//3fIX98Qn7XGkEXGr/Vm013fkOL7443d71T8T0XyS7//LLuv/+evBq12eCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1pRAxHkla24zStVCKORcTLMZTm1Vr91Gx1dWmmOBYxEqV0dj7PxiKivNlOivZ4K77fPrOjPRERL/10dDPpfJ5Vpqv5TK+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNuxiBiOJK1ERBoRf5bTtFKJ6O/i2sFnMD4AAADggIz0egAAAADAU+f5HwAAAA6/J33+Tw54HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMChdvHChWJrbty7Nl20Z640VheqV07PZLWFyuLqdGW6urJcmatW5/KsMl1dfFR/ebW6PH4uVq+O1rNafbTWWLu8WF1dql+eX5yayy5npWdSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI9ruLUlaSUi0lacppVKxAsRMRKlZHY+z8Yi4sWIuFsuDRbt8V4PGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgANXa6wtTOV5tiIQCJ5Z8GFE/AeGsUfQ65kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBeqDXWFqbyPFup9XokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fb6SxIRxfZW+cTwjoN9A8lf5SIYiIj3P7/06dWpen1lPGIg+X17f/2z9v4zPSkAAAAAngfnH+fkref0red4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbtUaawtTeZ6t7C84H421ZtLhnF7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJl/AgAA///CK8Nb") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r0, 0x104, 0x1) getdents64(r0, 0x0, 0x0) 1m50.637411067s ago: executing program 5 (id=2493): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') syz_read_part_table(0x5d4, &(0x7f0000000000)="$eJzs279r02kcB/BPqiF3OrgIBy6nDg6HHCiOZlBJoqKQi3aRGxQUETNFECIXEHTQDIoZxNFFCln6Y2qaoVNLC517pUOPQocud7RLoUtzhD5dyg0tlx4cvF7w5cPzfN/f5/N8/oBv8L82FH/1er1MRPRyEd8d8uvhdqF462z5WuV+RKZ/WPz+8w+/9N/8mBL9U/vOp/VKWn/7eqL7fvNmtr18b+vCw5nm0N51IuJ1RJwc6QwPYj6O1mh+9tSbt7XSh3r+2VKpsfZuceHu2Eah0rnTbI3fzt54nHJzqR5P9UXU41U8j0dRjWo8idqA+n9pr17aOVNqTz69ul3sfpy+nHLlfznnQfu/PPfpQatx/eLE6c9X6lPzlfVju7lq7oguAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQI3mZ0+9eVsrfajncxGx9m5x4e7YRqHSudNsjd/O3niccnOpHk/1RdTjVTyPR1GNajyJ2t6Bvd5B2n7/D/2fLZUaa1/aq5d2zpTak0+vbhe7H6cvp1x5UAPvs7//y3OfHrQa1y9OnP58pT41X1k/tpur5o7oAgAAAAAAAAAAAAAAAAAAABARheKts+VrlfsRmfg1In7687eh/n4v/e+eSbnzqa6k/W9fT3Tfb97MtpfvbV14ONP8I+2/Ts/Jkc7wfz4Mh/Z3AAAA///sR5Sb") 1m50.570089758s ago: executing program 34 (id=2493): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') syz_read_part_table(0x5d4, &(0x7f0000000000)="$eJzs279r02kcB/BPqiF3OrgIBy6nDg6HHCiOZlBJoqKQi3aRGxQUETNFECIXEHTQDIoZxNFFCln6Y2qaoVNLC517pUOPQocud7RLoUtzhD5dyg0tlx4cvF7w5cPzfN/f5/N8/oBv8L82FH/1er1MRPRyEd8d8uvhdqF462z5WuV+RKZ/WPz+8w+/9N/8mBL9U/vOp/VKWn/7eqL7fvNmtr18b+vCw5nm0N51IuJ1RJwc6QwPYj6O1mh+9tSbt7XSh3r+2VKpsfZuceHu2Eah0rnTbI3fzt54nHJzqR5P9UXU41U8j0dRjWo8idqA+n9pr17aOVNqTz69ul3sfpy+nHLlfznnQfu/PPfpQatx/eLE6c9X6lPzlfVju7lq7oguAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQI3mZ0+9eVsrfajncxGx9m5x4e7YRqHSudNsjd/O3niccnOpHk/1RdTjVTyPR1GNajyJ2t6Bvd5B2n7/D/2fLZUaa1/aq5d2zpTak0+vbhe7H6cvp1x5UAPvs7//y3OfHrQa1y9OnP58pT41X1k/tpur5o7oAgAAAAAAAAAAAAAAAAAAABARheKts+VrlfsRmfg1In7687eh/n4v/e+eSbnzqa6k/W9fT3Tfb97MtpfvbV14ONP8I+2/Ts/Jkc7wfz4Mh/Z3AAAA///sR5Sb") 42.591601027s ago: executing program 6 (id=3898): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xdd5, &(0x7f0000000400)=ANY=[], 0x0) 42.551679358s ago: executing program 6 (id=3900): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) readv(r1, &(0x7f0000000000)=[{&(0x7f0000000580)=""/244, 0xf4}], 0x1) 41.694187995s ago: executing program 6 (id=3921): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000002140)={[0xfffffffffffffff5]}, 0x8, 0x0) readv(r1, &(0x7f0000002940)=[{&(0x7f00000000c0)=""/121, 0x80}, {0x0, 0xe00}], 0x10000000000000fb) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 41.545888618s ago: executing program 6 (id=3925): getpid() syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000003980)='./file1\x00', 0x0, &(0x7f0000000380)={[{@sys_tz}, {@namecase}, {@gid}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@dmask={'dmask', 0x3d, 0x71c7}}, {@umask={'umask', 0x3d, 0x1558}}, {@gid}, {@errors_remount}, {@keep_last_dots}, {@dmask={'dmask', 0x3d, 0x3}}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {}, {@fmask={'fmask', 0x3d, 0x5}}], [{@smackfsdef={'smackfsdef', 0x3d, 'iocharset'}}, {@subj_user}]}, 0x1, 0x1524, &(0x7f0000002280)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yX8vb31fu/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVtwuyok7RHlRQbR2lUQlUVm0cVXE3aKqqCqqieqihqgpaopaopaoLWqLOqKOqCvqinriIVFf9MJ++Ii40JlGYjA2FkOwiWgq5KVPsJZiGLYSrUUb8ZQYgcOxnWjpksSzor0YjR3EX8QYfF50EuOws3hRdBFdRTfxkuguWrkeoqeYhL1EbzEV+4i+op/oL2ZgdfEBzs5ZQ7wuUsRgMUS8Iebjm2KYeEsMFyPESPG2GCXeEaPFGDFWjBOpYryYIN4VE8V7YpKYLKaIqSJNTBPTxftihpgpZokPxGzxoZgj5op5Yr5IFx+JBWKhyBAfi0XiE5EpFoslYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix3iU7FTfCZ2id1ij/hc7BVfiH3iS7FffCUOiK9FlvhGHBTfikPiO3FYfC+OiB/EUXFMHBc/ihPiJ3FSnBKnxRlxVvwszolfxHnhBUiUQkqpZCBjZA4ZK3PKOHmNzCWDS8/u9TJe3iDzyBtlXplP5pcFZIIsKAtJLY20kmQoC8siMipvkkXlzbKYLC5LyJLSyVIyUd4iS8tbZRl5mywrb5fl5B2yvKwgK8pK8k5ZWd4lIXJxH9VkdVlD1pT3ymS4T9aW98s68gFZVz4o68mHZH35sGwgH5EN5aOykXxMNpaPyyayqWwmm8sW8gnZUj4pW8nWso18SraVT8t28hmZJJ+V7aW/9BJ5XnaSL8jO8kXZRXaV3eQv8rz0sofsKaEXyN7yFdlH9pX9ZH85QL4qB8rX5CD5ukyRg+UQ+YYcKt+Uw+RbcrgcIUfKt+Uo+Y4cLcfIsXKcTJXj5QT5rpwo35OT5GQ5RU6VaXKa7HdppllS/sP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zF6rB6nU/V4PUG/qyfq9/QkPVlP0VN1mp6mp+v39Qw9U8/SH+jZ+kM9R8/V8/R8na4/0gv0Qp2hP9aL9Cc6Uy/WS/RSvUwv1yv0Sr1Kr9Zr9Fq9Tq/XG/RGvUlv1lv0Vr1Nb9c79Kd6p/5M79K79R79ud6rv9D79Jd6v/5KH9Bf6yz9jT6ov9WH9Hf6sP5eH9E/6KP6mD6uf9Qn9E/6pD6lT+sz+qz+WZ/Tv+jz2l84ub/w9W6UUSbGxJhYE2viTJzJZXKZ3Ca3iZiIiTfxJo/JY/KavCa/yW8STIIpZAqZC8iQKWwKm6iJmqKmqClmipkSpoRxxplEk2hKm9KmjCljypqyppwpZ8qb8qaiqWjuNHeau8xd5m5zt7nH3GOqm+qmpqlpaplaprapbeqYOqauqWvqmXqmvqlvGpgGpqFpaBqZRqaxaWyamCammWlmWpgWpqVpaVqZVqaNaWPamramnWlnkkySaW/amw6mg+loOppOppPpbDqbLqaL6Wa6me6mu+lhephkk2x6m96mj+lj+pl+ZoAZYAaagWaQGWRSTIoZYoaYoWaoGWaGmeFmhBl54UTVvGNGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbBWaByTAZZpFZZDJNpllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSZLHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02+S9+X3sTanDbOXmNz2Wttbnud/ds4vy1gE2xBW8hqm9fm+01srLXFbHFbwpa0zpayifaW38XlbQVb0Vayd9rK9i5b5XdxLXufrW3vt3XsA7amvfc3cV37oK1nH7P1EQFsU9vQNreN7GO2sX3cNrFNbTPb3La1T9t29hmbZJ+17e1zv4sX2IV2lV1t19i1dpfdbU/bM/aQ/c6etT/bHranHWBftQPta3aQfd2m2MG/i0fat+0o+44dbcfYsXbc7+IpdqpNs9PsdPu+nWFn/i5Otx/Z2TbDzrFz7Tw7/9f4Qk0Z9mO7yH5iM20AS+xSu8wutyvsyv9f61K73m6wG+1O+5ndYrfabXa73XH5RNjutnvs53av/cIetN/a/fYre8Aetln2m1/jC8d32H5vj9gf7FF7zB63P9oT9id1OfvCsf9of7HnrbdASECSFAUUQzkolnJSHF1Duehayk3XUYSup3i6gfLQjZSX8lF+KkAJVJAKkSZDlohCKkxFKEo30eXySlBJclSKEukWKk23Uhm6jcrS7VSO7qDyVIEqUiW6kyrTXVSF7qaqdA9Vo+pUg2rSvVSL7qPadD/VoQeoLj1I9eghqk8PUwN6hBrSo9SIHqPG9Dg1oabUjJpTC3qCWtKT1IpaUxt6itrS09SOnqEkepba03PUgf5CHel56kQvUGd6kbpQV+pGL1F3epl6UE9Kpl7Um16hPtSX+lF/GkCv0kB6jQbR65RCg2kIvUFD6U0aRm/RcBpBI+ltGkXv0GgaQ2NpHKXSeJpA79JEeo8m0WSaQlMpjabRdHqfZtBMmkUf0Gz6kObQXJpH8ymdPqIFtJAy6GNaRJ9QJi2mJbSUltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQZ/STvqMdtFu2kOf0176gvbRl7SfvqID9DVl0Td0kL6lQ/QdHabvfU/6gY7SMTpOP9IJ+olO0ik6TWfoLP1M5+gXOk+eIMRQhDJUYRDGhDnC2DBnGBdeE+YKrw1zh9eFkfD6MD68IcwT3hjmDfOF+cMCYUJYMCwU6tCENqQwDAuHRcJoeFNYNLw5LBYWD0uEJUMXlgoTw1vC0uGtYZnwtrBseHtYLrwjLB9WCB97oFJ4Z1g5vCusEt4dVg3vCauF1cMaYc3w3rBWeF9YO7w/rBM+EJYJHwzrhQ+F9cOHwwbhI2HD8NGwUfhY2Dh8PGwSNg2bhc3DFuETYcvwybBV2DpsEz4Vtg2fDtuFz4RJ4bNh+/C5X9c/uPDvr08Oe4W9w1fCV0Lv75fzovOj6dGPoguiC6MZ0Y+ji6KfRDOji6NLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohuj3tfMAQ6dcNIpF7gYl8PFupwuzl3jcrlrXW53nYu46128u8HlcTe6vC6fy+8KuARX0BVy2hlnHbnQFXZFXNTd5Iq6m10xV9yVcCWdc6VcomvuWrgWrqV70rVyrV0b95R7yj3tnnbPuGfcs669e851cH9xHd3zrpN7wb3gXnRdXFfXzb3kurvxuS++J5Ndb9fb9XF9XD/Xzw1wA9xAN9ANcoNciktxQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yo91oN9aNdaku1U1wE9xEN9FNcpPcFDfFpbk0N91NdzPcDFd55sW9zHFz3Dw3z6W7dLfAXThnzHCL3CKX6TLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/dxUndXrfP7XP73X53wH3tstw37qD71h1y37nD7nt3xP3gjrpj7rj70Z1wP7mT7pQ77c64s+5nd8794s4771Ij4yMTIu9GJkbei0yKTI5MiUyNpEWmRaZH3o/MiMyMzIp8EJkd+TAyJzI3Mi8yP5Ie+SiyILIwkhH5OLIo8kkkM7I4siSyNLIssjzifcEtoS/si/iov8kX9Tf7Yr64L+FLeudL+UR/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27fwzPsk/69v753wH/xff0T/vO/kXfGf/ou/iu/pu/iXf3b/se/iePtn38r39K76P7+v7+f5+gH/VD/Sv+UH+dZ/iB/sh/g0/1L/ph/m3/HA/wo+MeduPunyJDON8qh/vJ/h3/UT/np/kJ/spfqpP89P8dP++n+Fn+ln+Az/bf+jn+Ll+np/v0/1HfoFf6DP8x36R/8Rn+sWXbyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+U7/Tf+Z3+d1+j//c7/Vf+H3+S7/ff+UP+K99lv/GH/Tf+kP+O3/Yf++P+B/8UX/MH/c/+hP+J3/Sn/Kn/Rl/1v/sz/lf/Hn+nTXGGGOMsX/K+CtD8ds1F2/n9/qDHPFXG/cGgGu3Fsj66/UXzijX5b047isS2kYA4NmenR+5vFSrlpycfGnbTAlBkbkAl/8n6IIYuBIvhjbwNCRBayj9h/X3FV3P0j+YP3o7QNxf5cTClfjK/F8CYPIfzP/EUyMXlAtPx/8X888FKFbkSk5OuBIvhja/3l9pDWX+Tv35Wv6D+nN+lQrQ6q9ycsGV+Er9ifAkPAdJv9mSMcYYY4wxxhi7qK+o2PHy9efln/j8o+vzBHUlJwdcif/R9TljjDHGGGOMMcauvue7dnvmiaSk1h3/9UGV/1bWPz1oDP9TM/PgDwfeA1x+RAHAvzkhwIWB/E8exeb/yL5SLr11/nbVsjM+gP8drfwzBlf5g4kxxhhjjDH2p7ty0v/bx9XVKogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/TuxqHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//9IVQM5") mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 41.43729023s ago: executing program 6 (id=3929): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000200000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10) io_setup(0x3, &(0x7f0000000340)) socket$tipc(0x1e, 0x5, 0x0) 41.307158912s ago: executing program 6 (id=3932): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x6, "3204dd9d"}, @local=@item_4, @global=@item_4={0x3, 0x1, 0x5, "bf3baf95"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f0000000080)={0x3, 0x3, 0x1}) 41.260436183s ago: executing program 35 (id=3932): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x6, "3204dd9d"}, @local=@item_4, @global=@item_4={0x3, 0x1, 0x5, "bf3baf95"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f0000000080)={0x3, 0x3, 0x1}) 4.648565679s ago: executing program 8 (id=4415): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x7, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000001000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x20, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) getrandom(0x0, 0x0, 0x0) 4.630912599s ago: executing program 8 (id=4416): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) unshare(0x62040200) fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.534482041s ago: executing program 8 (id=4422): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000400e05a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000013000000000006241a0000000905810200020000000904010000020d000009040101"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x1, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x11}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.04031088s ago: executing program 3 (id=4464): vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x0) syz_io_uring_setup(0x40832, &(0x7f0000000300)={0x0, 0x0, 0x10100}, 0x0, 0x0) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d10, &(0x7f00000002c0)={0x1, 0x9}) 3.006081371s ago: executing program 3 (id=4465): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 2.941476933s ago: executing program 3 (id=4466): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3001}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000700)={0x14, 0x0, &(0x7f0000000780)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="1c03fb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.442979362s ago: executing program 8 (id=4470): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x2000002, &(0x7f0000000340), 0x9, 0x558, &(0x7f0000001a80)="$eJzs3c9vHFcdAPDvjH8mdeoEeoAKSIBCQFHW8aaNql5oLiBUVUIgDohDauyNZbLOBntd1cYS7t8AB67wJ3BA4oDUEwduHJE4IKRyQApggWIkkAbN7NjZJLvtut4f1e7nI41m3szufL8vzsx7+7yeF8DEuhIRBxExGxFvRcRiuT8pl3i9teSve3S4v3p0uL+aRJZ95x9JcTzfF23vyT1XnnM+Ir79jYgfJG0B51qr7d29eyv1em2r3L3U3HywtL27d31jc2W9tl67X63eWr5149Wbr1T7VtfLm796+PWNN77729989v0/HHz1x3laC+Wx9np8FNNd9reqPnMS5/i1b5wl2MfIVLmeHXEefDRpRHwiIr5QXP+LMdX1fzIAMC6ybDGyxfYyADDu0mIMLEkr5VjAQqRppdIaw3shzqf1xnbz2t3Gzv211ljZxZhJ727Uazcuzf3pR0WPYSbJy8vFseJ4Ua4+Vb4ZEZci4mdz54pyZbVRXxtdtwcAJtpzT7X//55rtf89SAaeHAAwOPOjTgAAGDrtPwBMHu0/AEyeHtr/8pf9BwPPBQAYjlN8/k8HmQcAMDzG/wFg8mj/AWCifOvNN/MlOyqff7329u7Ovcbb19dq2/cqmzurldXG1oPKeqOxXjyzZ/PDzldvNB4svxw77yw1a9vNpe3dvTubjZ37zTvFc73v1GaGUisA4INcuvzeH5OIOHjtXLFE21wO2moYb71/n2fOHQHGTNtD/Ez8AxPGRQ+Tq/ce/e8HmgcwOh0f5j3fcfNJPz9FEN8zgo+Vq5/uffzfHM8wXvw9L0yuqYjWxH6nMjeQXIDhOv34vx4DjIssSyLLzp2UsiybbS8AAOPnDN/ozX7Sjw4IMHJJa+n6fO++/P4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxsxCRPwwkrRSzuy5EGlaqURciIiLMZPc3ajXbkTE83E5Imbm8vLyqJMGAM4o/Vs591dcXXxp4emjs8l/isn+Z/PWv9y3tZzv/+fJ/rnW2yOqj993hnkFAYA+e2el2dyqluu2D/KPDvdXj5dh5vPwdvyvnIr4Qhzurx6dxJ+O6WI9X/Qlzv8rKcutuUhfjIipPsQ/eDciPtWp/kkxNnKxnPm0PX6UsS8MNX76RPy0ONZa552vT/YhF5g0792OiNc7XX9pXCnWna//+eIOdXYPb7dOdlTe+44O92eP4x/f/6Y6xM+v+Su9xnj5d998Zme22Dr2bsSL0yfx56Pt/nMcP+kS/6Ue4//5M5/76de6HMt+EXE1nqj/6uMIj7eWmpsPlrZ3965vbK6s19Zr96vVW8u3brx685XqUjFGvXQ8Uv2sv7927fluueX1P98l/nzH+s+evPdLPdb/l/996/uf/4D4X/lip/hpvNAxfkveJn65x/gr53/ddfruPP5al/p/2M//Wo/x3//r3lqPLwUAhmB7d+/eSr1e2zrTRv4ptB/neWYjT7GvJ+ywMduW/F9isLFOtTHTr3/V6WEnP33SV+zvmb+Xn3HIP4u077U408ajYcUa7X0JGLzHF/2oMwEAAAAAAAAAAAAAALoZxp8ujbqOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjK//BwAA//9FJ7wx") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) syz_mount_image$fuse(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x40000, &(0x7f0000000a80)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}}, 0x1, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x80) lseek(r0, 0x101, 0x0) 2.290527485s ago: executing program 8 (id=4471): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}], 0x1) 2.060775249s ago: executing program 8 (id=4472): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0) write$cgroup_int(r2, &(0x7f0000000000)=0x10000000000700, 0xfffffd65) 1.99769979s ago: executing program 36 (id=4472): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0) write$cgroup_int(r2, &(0x7f0000000000)=0x10000000000700, 0xfffffd65) 1.410794443s ago: executing program 4 (id=4485): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0xfffffffe, 0x4e, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 1.287449565s ago: executing program 4 (id=4486): vmsplice(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)}], 0x2, 0x0) syz_io_uring_setup(0x40832, &(0x7f0000000300)={0x0, 0x0, 0x10100}, 0x0, 0x0) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d10, &(0x7f00000002c0)={0x1, 0x9}) 1.264352065s ago: executing program 4 (id=4487): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18) setrlimit(0x4, 0x0) 1.248522925s ago: executing program 4 (id=4488): io_setup(0x3ff, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r2, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x42) io_submit(r0, 0x2, &(0x7f0000000400)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r2, &(0x7f0000000100)='G', 0x1, 0x0, 0x0, 0x2}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x1, 0x7fff, r1, 0x0, 0x0, 0xb}]) syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0) 1.05078878s ago: executing program 4 (id=4490): syz_emit_ethernet(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4006, &(0x7f0000003f80), 0x1, 0x44f, &(0x7f00000002c0)="$eJzs289vFFUcAPDvzG6L/LIrwR/8UIloJP4otCBy8KLRxIMmJnrAY20LQRZqaE2EEC3G4NGQeDceTfgLPOnFqCcTr+rZkBDTC+hpzezO0O2yu/bXdiv7+SQD78287XvfefO2b+Z1AhhYB7J/kogdEfFbRIw0sksLHGj8d3vh8uTfC5cnk6jV3v4rqZe7tXB5sihafG57kSlHpJ8lsa9NvbMXL52dqFanL+T5w3PnPjg8e/HS82fOTZyePj19fvzEiWNHx148Pv7CusSZxXVr78cz+/e8/u61NydPXnvvp+tJEX9LHGtXjqYf3dZTtdr6VbcJ7GxKJ+U+NoQVKeVX61B9/I9EKRY7byRe+7SvjQN6qlar1R7qfHi+BtzDkuh3C4D+KH7RZ/e/xbZBU49N4ebLjRugLO7b+dY4Uo40LzPUcn+7ng5ExMn5f77Ktmh9DrG1R5UCAAPtu2z+81y7+V8azc+F7s/XUCoR8UBE7IqI4xGxOyIejKiXfTgiHllh/a2LJHfPP9MbqwpsmbL530v52tbS+V8x+4tKKc/trMc/lJw6U50+kp+TQzG0JcuPdanj+1d//aLTseb5X7Zl9RdzwbwdN8pbln5mamJuYi0xN7t5JWJvuV38yZ2VgCQi9kTE3lXWceaZb/Z3OtYh/uFl/eB1WGeqfR3xdKP/56Ml/kLSfX3y8H1RnT6yJfKr4m4//3L1rU71/3f/91bW/9vaXv9F/H9Ukub12tmV13H198873lOu9vofTt5Zsu+jibm5C2MRw8kb9Xylef94S7nxxfJZ/IcOth//u2LxTOyLiOwifjQiHouIx5u+u56IiINd4v/xlSffX338vZXFP9W1/6Ol/xcTw9G6p32idPaHb5dUWllJ/Fn/H6unDuV7lvP91645RUTNh9Zy7gAAAOD/Io2IHZGko3fSaTo62vgb/t2xLa3OzM49e2rmw/NTjXcEKjGUFs8/R5qeh47lt/VFfrwlfzR/bvxlaWs9Pzo5U53qd/Aw4LZ3GP+ZP0v9bh3Qc97XgsFl/MPgMv5hcBn/MLjajH+vnsGAaPf7/5M+tAPYeC3jv+uyn4kB3Fvc/8PgMv5hcBn/MJCuRHR/eb+niet5Kzak0jQiVv3xiH6cn82ciHRTNEOiR4k+fzEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsk38DAAD//3893aY=") rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x27ffff7, 0x4012011, r0, 0x0) 1.036786309s ago: executing program 7 (id=4491): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) getitimer(0x2, &(0x7f0000000000)) 951.419031ms ago: executing program 7 (id=4492): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x1) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x32, 0xffffffffffffffff, 0x2ec37000) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000040)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') 922.176932ms ago: executing program 3 (id=4493): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r1 = epoll_create1(0x0) ppoll(&(0x7f0000000080)=[{r1, 0x581}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 891.576682ms ago: executing program 4 (id=4494): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000540b45501821"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x300, 0x8}) 891.193532ms ago: executing program 7 (id=4495): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23"], &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) dup3(r1, r2, 0x0) 741.018295ms ago: executing program 7 (id=4498): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) 657.769377ms ago: executing program 9 (id=4503): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x1, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000100", "2809e8dbe108598948224aee4afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4080000000000000000000000004000000040ff0300000000e700", [0x4, 0x2000000000001]}}) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r2) 640.527657ms ago: executing program 9 (id=4504): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000002, 0xe, 0xfffffffffffffda9, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 566.754268ms ago: executing program 9 (id=4505): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001c000000180001801400020074756e6c30"], 0x2c}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000) 550.216849ms ago: executing program 9 (id=4506): syz_open_procfs$namespace(0x0, 0x0) unshare(0x22020400) r0 = timerfd_create(0x8, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) timerfd_settime(r0, 0x1, &(0x7f00000000c0), 0x0) 537.652459ms ago: executing program 7 (id=4507): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040), 0x0}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x5, 0x0, 0x0, {}, {0x77359400}, {}, 0x2, @can={{}, 0x0, 0x0, 0x0, 0x0, "3fd31340e92c4bb8"}}, 0x48}, 0x300}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x2, @can={{}, 0x0, 0x2, 0x0, 0x0, "3fd31340e92c4bb8"}}, 0x38}, 0x300}, 0x8040) 505.13859ms ago: executing program 9 (id=4508): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x4, 0x4, 0x1}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r0, 0x22, &(0x7f0000000500)={0x0, 0x0}}, 0x27) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={r1, 0x2, 0x8}, 0xc) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000000)={r2, 0xe0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0}}, 0x10) 491.91698ms ago: executing program 9 (id=4509): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc626, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff, 0x8, 0xfd}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x8, "da6c3deb"}, @main=@item_012={0x0, 0x0, 0xa}, @global=@item_4={0x3, 0x1, 0x3, "3b715a8a"}]}}, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) 303.000754ms ago: executing program 2 (id=4510): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0xc0041, 0x0) 284.094804ms ago: executing program 2 (id=4511): syz_mount_image$vfat(&(0x7f0000000a40), &(0x7f0000000000)='./file1\x00', 0x2010000, &(0x7f0000000940)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d63703836352c73686f72746e616d653d6d697865642c636f6465706167653d3836392c726f6469722c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c73686f72746e616d653d77696e39352c696f636861727365743d6370313235352c636865636b3d7374726963742c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c004c21fbd23364597e61bd9e6c47bce24b3f93d831eaa8688deebdbf10d10f509bad0fabd2253225b10ce42f4dc8b613d3585bcb3b5892369a7a4e0325cb6510"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==") r0 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0) write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0'}, 0xb) pwrite64(r0, &(0x7f0000000040)="ab", 0x1, 0x2) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 138.482407ms ago: executing program 2 (id=4512): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1f, 0x4, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='1-1,'], 0x31) 121.052557ms ago: executing program 2 (id=4513): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0x7, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4000050}, 0x50040) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)={0x14, 0x1, 0x4, 0x801, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) 102.007798ms ago: executing program 2 (id=4514): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000300)='neigh_update\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {0x0, @link_local}, 0x0, {0x2, 0x0, @multicast1}, 'team_slave_0\x00'}) 84.990778ms ago: executing program 2 (id=4515): unshare(0x2c020400) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 65.457488ms ago: executing program 3 (id=4516): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x1, r0}, 0x48) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 35.788519ms ago: executing program 3 (id=4517): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000480)={[{@min_batch_time={'min_batch_time', 0x3d, 0x9}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@errors_continue}, {@noquota}, {@data_err_ignore}, {@noblock_validity}, {@delalloc}, {@noauto_da_alloc}, {@orlov}, {@user_xattr}, {@nodioread_nolock}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") creat(&(0x7f0000000280)='./bus\x00', 0x2) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0) preadv2(r0, &(0x7f0000000240)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x3400, 0x2, 0x8) 0s ago: executing program 7 (id=4518): r0 = syz_io_uring_setup(0x5bbd, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x10b}, &(0x7f0000000280), &(0x7f0000000440)) r1 = syz_io_uring_setup(0x3a12, &(0x7f0000000600), 0x0, 0x0) syz_io_uring_setup(0x74d9, &(0x7f00000007c0)={0x0, 0x5197, 0x2, 0x3, 0x0, 0x0, r1}, 0x0, 0x0) syz_io_uring_setup(0x10278e, &(0x7f0000000000)={0x0, 0x0, 0x10}, &(0x7f0000000200), &(0x7f00000000c0)) io_uring_enter(r0, 0x46, 0xfffffffc, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): 19d30d) [ 205.890491][ T9988] input: syz0 as /devices/virtual/input/input53 [ 205.957833][ T9992] loop7: detected capacity change from 0 to 512 [ 205.986100][ T9992] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 206.093103][ T9983] loop4: detected capacity change from 0 to 40427 [ 206.108867][ T9983] F2FS-fs (loop4): fault_type options not supported [ 206.133108][ T9983] F2FS-fs (loop4): fault_injection options not supported [ 206.149656][T10002] loop7: detected capacity change from 0 to 128 [ 206.152876][ T9983] F2FS-fs (loop4): Image doesn't support compression [ 206.176680][ T9983] F2FS-fs (loop4): invalid crc value [ 206.194611][T10002] ext4 filesystem being mounted at /303/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 206.207521][ T9983] F2FS-fs (loop4): Found nat_bits in checkpoint [ 206.262958][ T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 206.297608][T10000] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.302002][ T9993] loop2: detected capacity change from 0 to 40427 [ 206.322212][ T9993] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 206.324394][T10000] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.341340][ T9993] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 206.346341][T10000] device bridge_slave_0 entered promiscuous mode [ 206.358698][ T9993] F2FS-fs (loop2): invalid crc value [ 206.364647][ T9983] F2FS-fs (loop4): Start checkpoint disabled! [ 206.371774][ T9983] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 206.381373][T10000] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.393799][ T9993] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 206.411094][T10000] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.426217][T10000] device bridge_slave_1 entered promiscuous mode [ 206.427464][ T9983] syz.4.3930: attempt to access beyond end of device [ 206.427464][ T9983] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 206.447200][ T3928] device bridge_slave_1 left promiscuous mode [ 206.454993][ T9983] syz.4.3930: attempt to access beyond end of device [ 206.454993][ T9983] loop4: rw=2049, sector=77960, nr_sectors = 376 limit=40427 [ 206.458725][ T3928] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.470542][ T9983] syz.4.3930: attempt to access beyond end of device [ 206.470542][ T9983] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 206.490779][ T3928] device bridge_slave_0 left promiscuous mode [ 206.493800][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 206.497422][ T3928] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.517325][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 206.518421][ T9993] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 206.533626][ T24] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 206.535091][ T9993] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 206.550661][ T3928] device veth1_macvtap left promiscuous mode [ 206.552510][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 206.557714][ T3928] device veth0_vlan left promiscuous mode [ 206.565701][ T24] usb 4-1: SerialNumber: syz [ 206.606673][ T353] kworker/u4:4: attempt to access beyond end of device [ 206.606673][ T353] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 206.693409][T10019] loop7: detected capacity change from 0 to 256 [ 206.706917][ T285] syz-executor: attempt to access beyond end of device [ 206.706917][ T285] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 206.723262][T10019] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 206.738421][T10019] FAT-fs (loop7): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 206.762612][T10019] FAT-fs (loop7): Filesystem has been set read-only [ 206.789279][ T24] usb 4-1: 0:2 : does not exist [ 206.826472][ T24] usb 4-1: USB disconnect, device number 23 [ 206.854811][T10025] loop7: detected capacity change from 0 to 1024 [ 206.917380][T10025] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.3945: bg 0: block 88: padding at end of block bitmap is not set [ 206.993938][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.016194][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.036792][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.045636][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.067981][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.075195][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.100935][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.115696][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.125772][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.131187][ T28] kauditd_printk_skb: 62 callbacks suppressed [ 207.131205][ T28] audit: type=1400 audit(2000000041.895:2438): avc: denied { create } for pid=10054 comm="syz.7.3956" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 207.132956][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.139192][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.180743][ T28] audit: type=1400 audit(2000000041.945:2439): avc: denied { read } for pid=10054 comm="syz.7.3956" name="file0" dev="tmpfs" ino=1661 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 207.183526][T10040] netlink: 'syz.2.3949': attribute type 10 has an invalid length. [ 207.232699][ T28] audit: type=1400 audit(2000000041.945:2440): avc: denied { open } for pid=10054 comm="syz.7.3956" path="/313/file0" dev="tmpfs" ino=1661 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 207.257255][ T28] audit: type=1400 audit(2000000041.985:2441): avc: denied { unlink } for pid=6352 comm="syz-executor" name="file0" dev="tmpfs" ino=1661 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 207.257667][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.290093][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.303716][ T24] hid-generic 0000:0004:0000.0035: unknown main item tag 0x0 [ 207.311688][ T24] hid-generic 0000:0004:0000.0035: unknown main item tag 0x0 [ 207.324390][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 207.324736][T10060] SELinux: failed to load policy [ 207.332751][ T28] audit: type=1400 audit(2000000042.095:2442): avc: denied { load_policy } for pid=10059 comm="syz.7.3968" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 207.347296][ T24] hid-generic 0000:0004:0000.0035: unknown main item tag 0x0 [ 207.364690][T10000] device veth0_vlan entered promiscuous mode [ 207.383450][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 207.395896][ T24] hid-generic 0000:0004:0000.0035: hidraw0: HID v0.00 Device [syz0] on syz0 [ 207.402272][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 207.424936][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 207.449077][T10074] loop2: detected capacity change from 0 to 1024 [ 207.472909][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 207.473763][T10074] EXT4-fs: Ignoring removed orlov option [ 207.488337][T10077] netlink: 'syz.7.3964': attribute type 1 has an invalid length. [ 207.490519][T10000] device veth1_macvtap entered promiscuous mode [ 207.512504][ T28] audit: type=1400 audit(2000000042.275:2443): avc: denied { create } for pid=10075 comm="syz.4.3967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 207.522417][T10073] fido_id[10073]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 207.542661][T10074] EXT4-fs: Invalid want_extra_isize 1234 [ 207.554205][T10079] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3967'. [ 207.573465][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 207.584097][T10082] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10082 comm=syz.3.3970 [ 207.599089][ T28] audit: type=1400 audit(2000000042.365:2444): avc: denied { nlmsg_write } for pid=10080 comm="syz.3.3970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 207.604668][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 207.705517][ T28] audit: type=1400 audit(2000000042.475:2445): avc: denied { setcurrent } for pid=10092 comm="syz.2.3976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 207.726826][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 207.737372][ T353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 207.767671][ T28] audit: type=1400 audit(2000000042.535:2446): avc: denied { mounton } for pid=10000 comm="syz-executor" path="/root/syzkaller.tme3Ak/syz-tmp" dev="sda1" ino=2079 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 207.815569][T10106] loop4: detected capacity change from 0 to 256 [ 207.824992][T10106] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 207.827241][ T28] audit: type=1400 audit(2000000042.565:2447): avc: denied { mount } for pid=10000 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 207.869378][T10106] exFAT-fs (loop4): error, invalid access to FAT free cluster (entry 0x00000008) [ 207.878891][T10106] exFAT-fs (loop4): Filesystem has been set read-only [ 207.909895][T10111] loop3: detected capacity change from 0 to 512 [ 208.283829][T10111] EXT4-fs: Ignoring removed i_version option [ 208.352883][ T335] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 208.932996][ T335] usb 8-1: Using ep0 maxpacket: 16 [ 208.951481][T10123] device veth0_to_bridge entered promiscuous mode [ 208.961695][T10123] device veth0_to_bridge left promiscuous mode [ 208.974708][ T335] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.049157][ T335] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 209.064250][ T335] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 209.074504][ T335] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.090317][T10135] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 209.113669][ T335] usb 8-1: config 0 descriptor?? [ 209.189340][T10146] netlink: 140 bytes leftover after parsing attributes in process `syz.8.3998'. [ 209.290006][T10128] loop3: detected capacity change from 0 to 40427 [ 209.306995][T10128] F2FS-fs (loop3): heap/no_heap options were deprecated [ 209.325087][T10128] F2FS-fs (loop3): invalid crc value [ 209.377690][T10128] F2FS-fs (loop3): Found nat_bits in checkpoint [ 209.404199][T10170] loop8: detected capacity change from 0 to 512 [ 209.414271][T10170] EXT4-fs: Ignoring removed bh option [ 209.420437][T10170] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended [ 209.431250][T10170] EXT4-fs (loop8): mounting ext2 file system using the ext4 subsystem [ 209.445908][T10170] EXT4-fs (loop8): warning: mounting unchecked fs, running e2fsck is recommended [ 209.459725][T10170] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 209.469578][T10128] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 209.479025][T10170] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.4006: bg 0: block 353: padding at end of block bitmap is not set [ 209.510217][T10170] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 209.539265][ T335] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.0036/input/input54 [ 209.570602][ T353] kworker/u4:4: attempt to access beyond end of device [ 209.570602][ T353] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 209.593536][T10128] VFS:Filesystem freeze failed [ 209.624039][ T335] microsoft 0003:045E:07DA.0036: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 209.822921][ T288] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 210.016446][ T288] usb 9-1: Using ep0 maxpacket: 16 [ 210.023093][ T288] usb 9-1: config 0 interface 0 has no altsetting 0 [ 210.029839][ T288] usb 9-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 210.039321][ T288] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.047489][ T335] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 210.056292][ T288] usb 9-1: config 0 descriptor?? [ 210.149969][ T1015] usb 8-1: USB disconnect, device number 10 [ 210.253179][ T335] usb 3-1: Using ep0 maxpacket: 32 [ 210.259477][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.271937][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.282273][ T335] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 210.291429][ T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.300251][ T335] usb 3-1: config 0 descriptor?? [ 210.486840][ T288] hid (null): global environment stack underflow [ 210.493949][ T288] hid (null): report_id 0 is invalid [ 210.501253][ T288] hid (null): global environment stack underflow [ 210.509943][ T288] hid (null): unknown global tag 0xc [ 210.515451][ T288] hid (null): report_id 25068 is invalid [ 210.521584][ T288] hid (null): report_id 0 is invalid [ 210.527215][ T288] hid (null): global environment stack overflow [ 210.535121][ T288] hid (null): unknown global tag 0xc [ 210.540746][ T288] hid (null): unknown global tag 0x58 [ 210.596528][T10201] loop3: detected capacity change from 0 to 2048 [ 210.604435][T10203] loop4: detected capacity change from 0 to 512 [ 210.625093][T10203] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802e028, mo2=0082] [ 210.625914][T10201] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.639129][T10203] System zones: 0-2, 18-18, 34-35 [ 210.660103][T10203] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.4018: bad orphan inode 11862016 [ 210.680598][T10203] EXT4-fs (loop4): Remounting filesystem read-only [ 210.688794][T10203] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.715185][ T335] savu 0003:1E7D:2D5A.0038: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 210.736355][ T24] usb 9-1: USB disconnect, device number 2 [ 210.790985][T10214] loop7: detected capacity change from 0 to 1024 [ 210.864692][T10214] ext4 filesystem being mounted at /321/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.897627][ T43] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 210.932313][ T43] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 210.959585][ T43] EXT4-fs (loop7): This should not happen!! Data will be lost [ 210.959585][ T43] [ 210.969989][ T43] EXT4-fs (loop7): Total free blocks count 0 [ 210.978310][ T43] EXT4-fs (loop7): Free/Dirty block details [ 210.984363][ T43] EXT4-fs (loop7): free_blocks=4293918720 [ 210.990294][ T43] EXT4-fs (loop7): dirty_blocks=16 [ 210.995785][ T43] EXT4-fs (loop7): Block reservation details [ 211.002771][ T43] EXT4-fs (loop7): i_reserved_data_blocks=1 [ 211.026382][ T24] usb 3-1: USB disconnect, device number 26 [ 211.276630][T10263] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4044'. [ 211.405990][T10254] loop4: detected capacity change from 0 to 40427 [ 211.413551][T10254] F2FS-fs (loop4): fault_injection options not supported [ 211.420644][T10254] F2FS-fs (loop4): Image doesn't support compression [ 211.427616][T10254] F2FS-fs (loop4): Image doesn't support compression [ 211.435374][T10254] F2FS-fs (loop4): invalid crc value [ 211.442185][T10254] F2FS-fs (loop4): Found nat_bits in checkpoint [ 211.474296][T10254] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 211.662934][ T826] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 211.726405][T10254] syz.4.4050: attempt to access beyond end of device [ 211.726405][T10254] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 211.808864][T10297] loop7: detected capacity change from 0 to 1024 [ 211.834053][T10297] ext4 filesystem being mounted at /330/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.849216][T10297] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 211.852955][ T826] usb 9-1: Using ep0 maxpacket: 16 [ 211.868434][T10297] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 211.880505][ T826] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.894400][ T826] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.903760][T10297] EXT4-fs (loop7): This should not happen!! Data will be lost [ 211.903760][T10297] [ 211.914600][T10297] EXT4-fs (loop7): Total free blocks count 0 [ 211.920674][T10297] EXT4-fs (loop7): Free/Dirty block details [ 211.926744][T10297] EXT4-fs (loop7): free_blocks=4293918720 [ 211.932493][T10297] EXT4-fs (loop7): dirty_blocks=16 [ 211.934858][ T826] usb 9-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 211.938526][T10297] EXT4-fs (loop7): Block reservation details [ 211.953438][T10297] EXT4-fs (loop7): i_reserved_data_blocks=1 [ 211.960011][ T826] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.973236][ T826] usb 9-1: config 0 descriptor?? [ 212.006394][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4057'. [ 212.015880][T10303] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4057'. [ 212.252184][T10307] loop7: detected capacity change from 0 to 40427 [ 212.263126][T10307] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504) [ 212.270160][T10307] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 212.278624][T10307] F2FS-fs (loop7): fault_injection options not supported [ 212.285898][T10307] F2FS-fs (loop7): fault_type options not supported [ 212.293837][T10307] F2FS-fs (loop7): invalid crc value [ 212.311572][T10307] F2FS-fs (loop7): Found nat_bits in checkpoint [ 212.352019][T10307] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 212.359945][T10307] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 212.382078][ T826] hid-multitouch 0003:1FD2:6007.0039: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.8-1/input0 [ 212.436905][ T6352] syz-executor: attempt to access beyond end of device [ 212.436905][ T6352] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 212.451050][T10320] loop3: detected capacity change from 0 to 4096 [ 212.605421][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 212.605439][ T28] audit: type=1326 audit(2000000047.375:2474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.623725][ T335] usb 9-1: USB disconnect, device number 3 [ 212.663015][ T28] audit: type=1326 audit(2000000047.375:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.707401][T10328] loop2: detected capacity change from 0 to 40427 [ 212.740373][ T28] audit: type=1326 audit(2000000047.375:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.758648][T10335] loop7: detected capacity change from 0 to 1024 [ 212.775026][ T28] audit: type=1326 audit(2000000047.375:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.800874][ T28] audit: type=1326 audit(2000000047.375:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.827116][ T28] audit: type=1326 audit(2000000047.375:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.859641][ T28] audit: type=1326 audit(2000000047.375:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.885549][T10335] ext4 filesystem being mounted at /332/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.888325][ T28] audit: type=1326 audit(2000000047.375:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.919915][T10328] F2FS-fs (loop2): Found nat_bits in checkpoint [ 212.948524][ T28] audit: type=1326 audit(2000000047.375:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 212.960432][T10344] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 212.989488][T10347] loop7: detected capacity change from 0 to 16 [ 213.006407][T10347] erofs: (device loop7): mounted with root inode @ nid 36. [ 213.014080][ T28] audit: type=1326 audit(2000000047.375:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10329 comm="syz.4.4069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85c998eec9 code=0x50000 [ 213.080320][T10328] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 213.145057][T10328] F2FS-fs (loop2): access invalid blkaddr:2048 [ 213.151280][T10328] CPU: 1 PID: 10328 Comm: syz.2.4070 Tainted: G W syzkaller #0 [ 213.160428][T10328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 213.170634][T10328] Call Trace: [ 213.173939][T10328] [ 213.176965][T10328] __dump_stack+0x21/0x24 [ 213.181336][T10328] dump_stack_lvl+0xee/0x150 [ 213.185953][T10328] ? __cfi_dump_stack_lvl+0x8/0x8 [ 213.191004][T10328] ? __cfi_f2fs_get_dnode_of_data+0x10/0x10 [ 213.196951][T10328] dump_stack+0x15/0x24 [ 213.201248][T10328] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 213.206885][T10328] f2fs_is_valid_blkaddr+0x23/0x30 [ 213.212058][T10328] f2fs_map_blocks+0xc93/0x3a50 [ 213.217065][T10328] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 213.222478][T10328] ? xas_start+0x317/0x3e0 [ 213.226992][T10328] ? xas_load+0x39e/0x3b0 [ 213.231452][T10328] ? xa_load+0xad/0xd0 [ 213.235562][T10328] f2fs_mpage_readpages+0xa3a/0x1b70 [ 213.240984][T10328] ? dquot_release_reservation_block+0xa0/0xa0 [ 213.247350][T10328] ? cgroup_rstat_updated+0xf5/0x370 [ 213.252705][T10328] ? xas_nomem+0x6b/0x1f0 [ 213.257223][T10328] f2fs_readahead+0xfc/0x240 [ 213.261960][T10328] ? __cfi_f2fs_readahead+0x10/0x10 [ 213.267200][T10328] read_pages+0x1b0/0xdd0 [ 213.271584][T10328] ? __cfi___filemap_add_folio+0x10/0x10 [ 213.277350][T10328] ? page_cache_ra_unbounded+0x720/0x720 [ 213.283033][T10328] ? folio_add_lru+0x260/0x390 [ 213.288360][T10328] ? filemap_add_folio+0x105/0x150 [ 213.293514][T10328] page_cache_ra_unbounded+0x5d1/0x720 [ 213.297394][T10354] loop3: detected capacity change from 0 to 40427 [ 213.299014][T10328] ? __cfi_page_cache_ra_unbounded+0x10/0x10 [ 213.306673][T10354] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 213.311584][T10328] ? __switch_to+0x51f/0xe30 [ 213.311624][T10328] page_cache_ra_order+0x36a/0xb70 [ 213.318835][T10354] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 213.323301][T10328] ? finish_task_switch+0x16b/0x7b0 [ 213.323341][T10328] ? __switch_to_asm+0x3a/0x60 [ 213.328951][T10354] F2FS-fs (loop3): fault_injection options not supported [ 213.336836][T10328] ? __schedule+0xb8f/0x14e0 [ 213.336870][T10328] ? __cfi_page_cache_ra_order+0x10/0x10 [ 213.342397][T10354] F2FS-fs (loop3): fault_type options not supported [ 213.347059][T10328] ondemand_readahead+0x817/0xdb0 [ 213.347103][T10328] ? __kasan_check_read+0x11/0x20 [ 213.347125][T10328] ? page_cache_sync_ra+0x490/0x490 [ 213.355348][T10354] F2FS-fs (loop3): invalid crc value [ 213.358941][T10328] page_cache_sync_ra+0x41b/0x490 [ 213.385799][T10362] loop8: detected capacity change from 0 to 256 [ 213.387325][T10328] f2fs_readdir+0x444/0x940 [ 213.408871][T10328] ? __cfi_f2fs_readdir+0x10/0x10 [ 213.413982][T10328] ? down_read_killable+0xb6/0x100 [ 213.415128][T10354] F2FS-fs (loop3): Found nat_bits in checkpoint [ 213.419183][T10328] ? __cfi_down_read_killable+0x10/0x10 [ 213.419219][T10328] ? fsnotify_perm+0x269/0x5b0 [ 213.435973][T10328] ? security_file_permission+0x94/0xb0 [ 213.441647][T10328] iterate_dir+0x271/0x610 [ 213.446092][T10328] ? __cfi_f2fs_readdir+0x10/0x10 [ 213.451320][T10328] __se_sys_getdents64+0xe5/0x240 [ 213.456500][T10328] ? __x64_sys_getdents64+0x90/0x90 [ 213.461844][T10328] ? xfd_validate_state+0x70/0x150 [ 213.467133][T10328] ? __cfi_filldir64+0x10/0x10 [ 213.471980][T10328] ? fpregs_restore_userregs+0x128/0x260 [ 213.477657][T10328] __x64_sys_getdents64+0x7b/0x90 [ 213.482726][T10328] x64_sys_call+0x15c/0x9a0 [ 213.487360][T10328] do_syscall_64+0x4c/0xa0 [ 213.491815][T10328] ? clear_bhb_loop+0x30/0x80 [ 213.496539][T10328] ? clear_bhb_loop+0x30/0x80 [ 213.501345][T10328] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.507368][T10328] RIP: 0033:0x7f6fe998eec9 [ 213.511890][T10328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.531596][T10328] RSP: 002b:00007f6fea85c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 213.540108][T10328] RAX: ffffffffffffffda RBX: 00007f6fe9be5fa0 RCX: 00007f6fe998eec9 [ 213.548172][T10328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 213.556320][T10328] RBP: 00007f6fe9a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 213.564556][T10328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.572647][T10328] R13: 00007f6fe9be6038 R14: 00007f6fe9be5fa0 R15: 00007ffec1ca54f8 [ 213.580720][T10328] [ 213.606274][T10354] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 213.615462][T10328] syz.2.4070: attempt to access beyond end of device [ 213.615462][T10328] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 213.630391][T10354] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 213.672599][T10328] syz.2.4070: attempt to access beyond end of device [ 213.672599][T10328] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 213.692536][T10354] syz.3.4077: attempt to access beyond end of device [ 213.692536][T10354] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 213.699812][T10367] syz.2.4070: attempt to access beyond end of device [ 213.699812][T10367] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 213.802339][ T285] syz-executor: attempt to access beyond end of device [ 213.802339][ T285] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 213.933621][T10366] loop8: detected capacity change from 0 to 40427 [ 213.977612][T10366] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 213.997667][T10366] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 214.046332][T10393] input: syz1 as /devices/virtual/input/input55 [ 214.059366][T10366] F2FS-fs (loop8): Found nat_bits in checkpoint [ 214.150026][T10411] loop7: detected capacity change from 0 to 256 [ 214.153210][T10366] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 214.180938][T10366] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 214.194419][T10411] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3ec, utbl_chksum : 0xe619d30d) [ 214.279785][T10000] syz-executor: attempt to access beyond end of device [ 214.279785][T10000] loop8: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 214.349522][T10434] loop3: detected capacity change from 0 to 1024 [ 214.358032][T10434] EXT4-fs: Ignoring removed nobh option [ 214.366458][T10434] EXT4-fs: Ignoring removed bh option [ 214.389673][T10434] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 214.435039][T10434] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3836: comm syz.3.4110: Allocating blocks 497-513 which overlap fs metadata [ 214.466492][T10434] EXT4-fs (loop3): pa ffff8881055272a0: logic 256, phys. 385, len 8 [ 214.474955][T10434] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1 [ 214.509008][T10446] loop2: detected capacity change from 0 to 16 [ 214.520898][T10442] EXT4-fs error (device loop3): mb_free_blocks:1810: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 214.538722][T10446] erofs: (device loop2): mounted with root inode @ nid 36. [ 214.589128][T10446] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=46 [ 214.610169][T10446] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=46 [ 214.830441][T10478] loop7: detected capacity change from 0 to 16 [ 214.840272][T10478] erofs: (device loop7): mounted with root inode @ nid 36. [ 214.849920][T10478] syz.7.4129: attempt to access beyond end of device [ 214.849920][T10478] loop7: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 214.882182][T10464] loop8: detected capacity change from 0 to 40427 [ 214.900993][T10464] F2FS-fs (loop8): Invalid SB checksum offset: 0 [ 214.907951][T10464] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 214.923197][T10464] F2FS-fs (loop8): invalid crc value [ 214.940215][T10464] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 214.953424][ T288] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 214.969692][T10464] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0 [ 214.976998][T10464] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 215.017486][T10000] syz-executor: attempt to access beyond end of device [ 215.017486][T10000] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 215.041458][T10487] loop4: detected capacity change from 0 to 16 [ 215.050995][T10487] erofs: (device loop4): mounted with root inode @ nid 36. [ 215.058846][ T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 215.134194][ T288] usb 3-1: Using ep0 maxpacket: 16 [ 215.140627][ T288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.144748][T10494] loop8: detected capacity change from 0 to 512 [ 215.161988][ T288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.172576][T10494] EXT4-fs: Ignoring removed nobh option [ 215.175686][ T288] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 215.187649][ T288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.196535][T10494] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.4131: bg 0: block 248: padding at end of block bitmap is not set [ 215.196805][ T288] usb 3-1: config 0 descriptor?? [ 215.216832][T10494] EXT4-fs error (device loop8): ext4_acquire_dquot:6803: comm syz.8.4131: Failed to acquire dquot type 1 [ 215.229524][T10494] EXT4-fs (loop8): 1 truncate cleaned up [ 215.235337][T10494] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 215.243041][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 215.256951][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.268344][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 215.281548][ T24] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 215.291190][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.300516][ T24] usb 4-1: config 0 descriptor?? [ 215.362909][ T335] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 215.543950][ T335] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 215.553262][ T335] usb 8-1: config 1 has no interface number 0 [ 215.559605][ T335] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.571080][ T335] usb 8-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 215.580678][ T335] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 10095, setting to 1024 [ 215.591905][ T335] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 215.603362][ T335] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 215.612703][ T335] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.621237][ T335] usb 8-1: Product: syz [ 215.626905][ T335] usb 8-1: Manufacturer: syz [ 215.632150][ T288] hid-multitouch 0003:1FD2:6007.003A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 215.644190][ T335] usb 8-1: SerialNumber: syz [ 215.716788][ T24] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.003B/input/input56 [ 215.794153][ T24] microsoft 0003:045E:07DA.003B: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 215.842901][ T288] usb 3-1: USB disconnect, device number 27 [ 215.851891][T10489] raw-gadget.2 gadget.7: fail, usb_ep_enable returned -22 [ 216.328859][ T24] usb 4-1: USB disconnect, device number 24 [ 216.386747][T10504] loop8: detected capacity change from 0 to 512 [ 216.400779][T10504] EXT4-fs: Ignoring removed nobh option [ 216.415436][T10504] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.4145: bg 0: block 248: padding at end of block bitmap is not set [ 216.430438][T10504] EXT4-fs error (device loop8): ext4_acquire_dquot:6803: comm syz.8.4145: Failed to acquire dquot type 1 [ 216.443399][T10504] EXT4-fs (loop8): 1 truncate cleaned up [ 216.449184][T10504] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.467512][T10489] raw-gadget.2 gadget.7: fail, usb_ep_enable returned -22 [ 216.488446][ T335] cdc_ncm 8-1:1.1: bind() failure [ 216.543152][T10506] loop2: detected capacity change from 0 to 40427 [ 216.552058][T10506] F2FS-fs (loop2): fault_injection options not supported [ 216.559948][T10506] F2FS-fs (loop2): Image doesn't support compression [ 216.567137][T10506] F2FS-fs (loop2): Image doesn't support compression [ 216.574738][T10506] F2FS-fs (loop2): invalid crc value [ 216.581625][T10506] F2FS-fs (loop2): Found nat_bits in checkpoint [ 216.611434][T10506] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 216.632880][ T555] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 216.695697][ T335] usb 8-1: USB disconnect, device number 11 [ 216.759225][T10506] bio_check_eod: 1 callbacks suppressed [ 216.759242][T10506] syz.2.4135: attempt to access beyond end of device [ 216.759242][T10506] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 216.812897][ T24] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 216.832889][ T555] usb 5-1: Using ep0 maxpacket: 8 [ 216.839652][ T555] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 216.859567][ T555] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 216.871480][ T555] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 216.884360][T10518] loop3: detected capacity change from 0 to 512 [ 216.891334][ T555] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.900377][ T555] usb 5-1: Product: syz [ 216.904859][ T555] usb 5-1: Manufacturer: syz [ 216.909674][ T555] usb 5-1: SerialNumber: syz [ 216.925605][T10518] ext4 filesystem being mounted at /241/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.002871][ T24] usb 9-1: Using ep0 maxpacket: 16 [ 217.012480][ T24] usb 9-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 217.032616][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.041246][ T24] usb 9-1: Product: syz [ 217.045710][ T24] usb 9-1: Manufacturer: syz [ 217.050472][ T24] usb 9-1: SerialNumber: syz [ 217.056655][ T24] usb 9-1: config 0 descriptor?? [ 217.063438][ T24] ftdi_sio 9-1:0.0: FTDI USB Serial Device converter detected [ 217.071872][ T24] usb 9-1: Detected FT232H [ 217.264130][ T24] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 217.452919][ T1967] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 217.582920][ T826] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 217.632934][ T1967] usb 4-1: Using ep0 maxpacket: 16 [ 217.639265][ T1967] usb 4-1: config 0 interface 0 has no altsetting 0 [ 217.646140][ T1967] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 217.655281][ T1967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.664097][ T1967] usb 4-1: config 0 descriptor?? [ 217.673509][ T24] usb 9-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 217.762927][ T826] usb 8-1: Using ep0 maxpacket: 16 [ 217.769187][ T826] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.780755][ T826] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.790683][ T826] usb 8-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 217.799996][ T826] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.808726][ T826] usb 8-1: config 0 descriptor?? [ 217.877783][ T287] usb 9-1: USB disconnect, device number 4 [ 217.884920][ T287] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 217.895357][ T287] ftdi_sio 9-1:0.0: device disconnected [ 217.921740][ T555] cdc_ncm 5-1:1.0: bind() failure [ 217.928548][ T555] cdc_ncm: probe of 5-1:1.1 failed with error -71 [ 217.935681][ T555] cdc_mbim: probe of 5-1:1.1 failed with error -71 [ 217.944117][ T555] usb 5-1: USB disconnect, device number 25 [ 218.075246][ T1967] hid (null): global environment stack underflow [ 218.081784][ T1967] hid (null): report_id 0 is invalid [ 218.088886][ T1967] hid (null): global environment stack underflow [ 218.095468][ T1967] hid (null): unknown global tag 0xc [ 218.100867][ T1967] hid (null): report_id 25068 is invalid [ 218.106971][ T1967] hid (null): report_id 0 is invalid [ 218.112405][ T1967] hid (null): global environment stack overflow [ 218.120276][ T1967] hid (null): unknown global tag 0xc [ 218.125647][ T1967] hid (null): unknown global tag 0x58 [ 218.217186][ T826] hid-multitouch 0003:1FD2:6007.003D: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.7-1/input0 [ 218.283239][ T826] usb 4-1: USB disconnect, device number 25 [ 218.398674][T10554] loop2: detected capacity change from 0 to 256 [ 218.407867][T10554] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 218.426640][T10554] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008) [ 218.435948][T10554] exFAT-fs (loop2): Filesystem has been set read-only [ 218.437624][ T555] usb 8-1: USB disconnect, device number 12 [ 218.581963][T10560] loop8: detected capacity change from 0 to 40427 [ 218.589448][T10560] F2FS-fs (loop8): fault_injection options not supported [ 218.597042][T10560] F2FS-fs (loop8): Image doesn't support compression [ 218.604197][T10560] F2FS-fs (loop8): Image doesn't support compression [ 218.619381][T10560] F2FS-fs (loop8): invalid crc value [ 218.626055][T10560] F2FS-fs (loop8): Found nat_bits in checkpoint [ 218.655619][T10560] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 218.762904][ T288] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 218.799027][T10560] syz.8.4151: attempt to access beyond end of device [ 218.799027][T10560] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 218.942918][ T288] usb 5-1: Using ep0 maxpacket: 16 [ 218.949862][ T288] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.981229][ T288] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 218.995370][ T288] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 219.005966][ T288] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.018939][ T288] usb 5-1: config 0 descriptor?? [ 219.122941][ T826] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 219.178818][T10580] syz.8.4160[10580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.178902][T10580] syz.8.4160[10580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.192928][ T555] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 219.195877][T10580] serio: Serial port ptm0 [ 219.239261][ T28] kauditd_printk_skb: 82 callbacks suppressed [ 219.239277][ T28] audit: type=1400 audit(2000000054.005:2562): avc: denied { create } for pid=10581 comm="syz.7.4162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 219.302882][ T826] usb 3-1: Using ep0 maxpacket: 16 [ 219.311237][ T826] usb 3-1: config 0 interface 0 has no altsetting 0 [ 219.319143][ T826] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 219.328523][ T826] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.337587][ T826] usb 3-1: config 0 descriptor?? [ 219.384053][ T555] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 219.393038][ T555] usb 4-1: config 1 has no interface number 0 [ 219.399182][ T555] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.410144][ T555] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 219.419531][ T555] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 10095, setting to 1024 [ 219.430902][ T555] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 219.441533][ T288] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.003E/input/input57 [ 219.443434][ T555] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 219.462763][ T555] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.470910][ T555] usb 4-1: Product: syz [ 219.475265][ T555] usb 4-1: Manufacturer: syz [ 219.479996][ T555] usb 4-1: SerialNumber: syz [ 219.524284][ T288] microsoft 0003:045E:07DA.003E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 219.687348][T10570] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 219.749697][ T826] hid (null): global environment stack underflow [ 219.756180][ T826] hid (null): report_id 0 is invalid [ 219.763519][ T826] hid (null): global environment stack underflow [ 219.770003][ T826] hid (null): unknown global tag 0xc [ 219.775700][ T826] hid (null): report_id 25068 is invalid [ 219.781449][ T826] hid (null): report_id 0 is invalid [ 219.786929][ T826] hid (null): global environment stack overflow [ 219.795414][ T826] hid (null): unknown global tag 0xc [ 219.801060][ T826] hid (null): unknown global tag 0x58 [ 219.961499][ T1015] usb 3-1: USB disconnect, device number 28 [ 220.053531][ T826] usb 5-1: USB disconnect, device number 26 [ 220.298655][T10570] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 220.306422][ T288] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 220.307517][ T555] cdc_ncm 4-1:1.1: bind() failure [ 220.477331][ T28] audit: type=1326 audit(2000000055.245:2563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.501863][ T28] audit: type=1326 audit(2000000055.245:2564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.502267][ T288] usb 9-1: Using ep0 maxpacket: 8 [ 220.526866][ T28] audit: type=1326 audit(2000000055.245:2565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.544077][ T288] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 220.555414][ T28] audit: type=1326 audit(2000000055.245:2566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.581166][ T288] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 220.601884][ T1015] usb 4-1: USB disconnect, device number 26 [ 220.602801][ T28] audit: type=1326 audit(2000000055.245:2567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.610090][ T288] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 220.632102][ T28] audit: type=1326 audit(2000000055.245:2568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.641396][ T288] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.666009][ T28] audit: type=1326 audit(2000000055.245:2569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.677008][ T288] usb 9-1: Product: syz [ 220.697458][ T28] audit: type=1326 audit(2000000055.245:2570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.701429][ T288] usb 9-1: Manufacturer: syz [ 220.725959][ T28] audit: type=1326 audit(2000000055.245:2571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10590 comm="syz.2.4167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fe998eec9 code=0x7ffc0000 [ 220.730512][ T288] usb 9-1: SerialNumber: syz [ 221.249597][T10593] loop3: detected capacity change from 0 to 40427 [ 221.260222][T10593] F2FS-fs (loop3): fault_injection options not supported [ 221.267903][T10593] F2FS-fs (loop3): Image doesn't support compression [ 221.274787][T10593] F2FS-fs (loop3): Image doesn't support compression [ 221.282574][T10593] F2FS-fs (loop3): invalid crc value [ 221.289918][T10593] F2FS-fs (loop3): Found nat_bits in checkpoint [ 221.324880][T10593] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 221.373012][ T2934] Bluetooth: hci0: command 0x1003 tx timeout [ 221.379737][ T662] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 221.422961][ T1015] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 221.430813][ T6] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 221.489857][T10593] syz.3.4168: attempt to access beyond end of device [ 221.489857][T10593] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 221.622919][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 221.629622][ T1015] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 221.639470][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.662855][ T1015] usb 3-1: config 1 has no interface number 0 [ 221.669077][ T1015] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.693239][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 221.713314][ T6] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 221.715300][T10606] loop7: detected capacity change from 0 to 40427 [ 221.723021][ T1015] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 221.749530][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.757833][ T1015] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 10095, setting to 1024 [ 221.769326][ T288] cdc_ncm 9-1:1.0: bind() failure [ 221.774186][T10606] F2FS-fs (loop7): Found nat_bits in checkpoint [ 221.776857][ T1015] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 221.791359][ T288] cdc_ncm: probe of 9-1:1.1 failed with error -71 [ 221.798317][ T6] usb 5-1: config 0 descriptor?? [ 221.805135][ T288] cdc_mbim: probe of 9-1:1.1 failed with error -71 [ 221.817261][ T288] usb 9-1: USB disconnect, device number 5 [ 221.826948][ T1015] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 221.838737][T10606] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 221.844312][ T1015] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.858360][ T1015] usb 3-1: Product: syz [ 221.862697][ T1015] usb 3-1: Manufacturer: syz [ 221.867559][ T1015] usb 3-1: SerialNumber: syz [ 221.927590][T10606] F2FS-fs (loop7): access invalid blkaddr:2048 [ 221.934395][T10606] CPU: 0 PID: 10606 Comm: syz.7.4172 Tainted: G W syzkaller #0 [ 221.943650][T10606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 221.953731][T10606] Call Trace: [ 221.957044][T10606] [ 221.960197][T10606] __dump_stack+0x21/0x24 [ 221.964632][T10606] dump_stack_lvl+0xee/0x150 [ 221.969380][T10606] ? __cfi_dump_stack_lvl+0x8/0x8 [ 221.974521][T10606] ? __cfi_f2fs_get_dnode_of_data+0x10/0x10 [ 221.980877][T10606] dump_stack+0x15/0x24 [ 221.985229][T10606] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 221.990838][T10606] f2fs_is_valid_blkaddr+0x23/0x30 [ 221.996145][T10606] f2fs_map_blocks+0xc93/0x3a50 [ 222.001127][T10606] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 222.006510][T10606] ? xas_start+0x317/0x3e0 [ 222.011034][T10606] ? xas_load+0x39e/0x3b0 [ 222.015411][T10606] ? xa_load+0xad/0xd0 [ 222.019507][T10606] f2fs_mpage_readpages+0xa3a/0x1b70 [ 222.024808][T10606] ? dquot_release_reservation_block+0xa0/0xa0 [ 222.030997][T10606] ? cgroup_rstat_updated+0xf5/0x370 [ 222.036359][T10606] ? xas_nomem+0x6b/0x1f0 [ 222.040728][T10606] f2fs_readahead+0xfc/0x240 [ 222.045351][T10606] ? __cfi_f2fs_readahead+0x10/0x10 [ 222.050568][T10606] read_pages+0x1b0/0xdd0 [ 222.054942][T10606] ? __cfi___filemap_add_folio+0x10/0x10 [ 222.060683][T10606] ? page_cache_ra_unbounded+0x720/0x720 [ 222.066327][T10606] ? folio_add_lru+0x260/0x390 [ 222.071213][T10606] ? filemap_add_folio+0x105/0x150 [ 222.076441][T10606] page_cache_ra_unbounded+0x5d1/0x720 [ 222.081920][T10606] ? __cfi_page_cache_ra_unbounded+0x10/0x10 [ 222.087912][T10606] ? sysvec_apic_timer_interrupt+0x64/0xc0 [ 222.093750][T10606] page_cache_ra_order+0x36a/0xb70 [ 222.098889][T10606] ? finish_task_switch+0x209/0x7b0 [ 222.104114][T10606] ? __switch_to_asm+0x3a/0x60 [ 222.109096][T10606] ? __schedule+0xb8f/0x14e0 [ 222.113890][T10606] ? __cfi_page_cache_ra_order+0x10/0x10 [ 222.119650][T10606] ondemand_readahead+0x817/0xdb0 [ 222.124694][T10606] ? __kasan_check_read+0x11/0x20 [ 222.129739][T10606] ? page_cache_sync_ra+0x490/0x490 [ 222.134968][T10606] page_cache_sync_ra+0x41b/0x490 [ 222.140026][T10606] f2fs_readdir+0x444/0x940 [ 222.144647][T10606] ? __cfi_f2fs_readdir+0x10/0x10 [ 222.149872][T10606] ? down_read_killable+0xb6/0x100 [ 222.155105][T10606] ? __cfi_down_read_killable+0x10/0x10 [ 222.160671][T10606] ? fsnotify_perm+0x269/0x5b0 [ 222.165554][T10606] ? security_file_permission+0x94/0xb0 [ 222.171340][T10606] iterate_dir+0x271/0x610 [ 222.175985][T10606] ? __cfi_f2fs_readdir+0x10/0x10 [ 222.181062][T10606] __se_sys_getdents64+0xe5/0x240 [ 222.186096][T10606] ? __x64_sys_getdents64+0x90/0x90 [ 222.191303][T10606] ? xfd_validate_state+0x70/0x150 [ 222.196427][T10606] ? __cfi_filldir64+0x10/0x10 [ 222.201288][T10606] ? fpregs_restore_userregs+0x128/0x260 [ 222.206938][T10606] __x64_sys_getdents64+0x7b/0x90 [ 222.211976][T10606] x64_sys_call+0x15c/0x9a0 [ 222.216750][T10606] do_syscall_64+0x4c/0xa0 [ 222.221180][T10606] ? clear_bhb_loop+0x30/0x80 [ 222.225988][T10606] ? clear_bhb_loop+0x30/0x80 [ 222.230769][T10606] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 222.236677][T10606] RIP: 0033:0x7ff98eb8eec9 [ 222.241138][T10606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.261108][T10606] RSP: 002b:00007ff98fa0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 222.269620][T10606] RAX: ffffffffffffffda RBX: 00007ff98ede5fa0 RCX: 00007ff98eb8eec9 [ 222.277603][T10606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 222.285606][T10606] RBP: 00007ff98ec11f91 R08: 0000000000000000 R09: 0000000000000000 [ 222.293688][T10606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.301865][T10606] R13: 00007ff98ede6038 R14: 00007ff98ede5fa0 R15: 00007fff5ae95a68 [ 222.310036][T10606] [ 222.315525][T10606] syz.7.4172: attempt to access beyond end of device [ 222.315525][T10606] loop7: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 222.329938][T10606] syz.7.4172: attempt to access beyond end of device [ 222.329938][T10606] loop7: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 222.343893][T10616] syz.7.4172: attempt to access beyond end of device [ 222.343893][T10616] loop7: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 222.367774][T10598] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 222.395541][ T6352] syz-executor: attempt to access beyond end of device [ 222.395541][ T6352] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 222.569886][ T6] hid-multitouch 0003:1FD2:6007.0040: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 222.689910][T10619] loop3: detected capacity change from 0 to 1024 [ 222.725290][T10619] EXT4-fs mount: 38 callbacks suppressed [ 222.725309][T10619] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 222.741453][T10619] ext4 filesystem being mounted at /249/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.778707][ T555] usb 5-1: USB disconnect, device number 27 [ 222.786346][T10619] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 222.810338][T10619] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 222.823894][T10619] EXT4-fs (loop3): This should not happen!! Data will be lost [ 222.823894][T10619] [ 222.834232][T10619] EXT4-fs (loop3): Total free blocks count 0 [ 222.840396][T10619] EXT4-fs (loop3): Free/Dirty block details [ 222.847553][T10619] EXT4-fs (loop3): free_blocks=4293918720 [ 222.853645][T10619] EXT4-fs (loop3): dirty_blocks=16 [ 222.858890][T10619] EXT4-fs (loop3): Block reservation details [ 222.865349][T10619] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 222.889654][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 222.914060][T10635] syz.3.4176[10635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 222.914143][T10635] syz.3.4176[10635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 222.941779][T10635] serio: Serial port ptm0 [ 222.985768][T10598] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 222.994168][ T1015] cdc_ncm 3-1:1.1: bind() failure [ 223.053278][T10631] loop7: detected capacity change from 0 to 40427 [ 223.061394][T10631] F2FS-fs (loop7): Insane cp_payload (553648128 >= 504) [ 223.068774][T10631] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 223.077321][T10631] F2FS-fs (loop7): fault_injection options not supported [ 223.084707][T10631] F2FS-fs (loop7): fault_type options not supported [ 223.092213][T10631] F2FS-fs (loop7): invalid crc value [ 223.099432][T10631] F2FS-fs (loop7): Found nat_bits in checkpoint [ 223.130959][T10631] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 223.138104][T10631] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 223.166748][T10631] syz.7.4177: attempt to access beyond end of device [ 223.166748][T10631] loop7: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 223.206246][ T1967] usb 3-1: USB disconnect, device number 29 [ 223.452960][ T1015] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 223.542868][ T555] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 223.592920][ T6] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 223.632930][ T1015] usb 9-1: Using ep0 maxpacket: 16 [ 223.639669][ T1015] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.650821][ T1015] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 223.663965][ T1015] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 223.673410][ T1015] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.682449][ T1015] usb 9-1: config 0 descriptor?? [ 223.723574][ T555] usb 8-1: Using ep0 maxpacket: 16 [ 223.730336][ T555] usb 8-1: config 0 interface 0 has no altsetting 0 [ 223.737460][ T555] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 223.746792][ T555] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.771788][ T555] usb 8-1: config 0 descriptor?? [ 223.777957][ T6] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.794718][T10649] loop3: detected capacity change from 0 to 1024 [ 223.802324][ T6] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 223.815260][T10649] EXT4-fs: Ignoring removed orlov option [ 223.822989][ T6] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 223.823663][T10649] EXT4-fs: Invalid want_extra_isize 1234 [ 223.861549][ T6] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 223.871580][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.881719][ T6] usb 5-1: Product: syz [ 223.886478][ T6] usb 5-1: Manufacturer: syz [ 223.892754][ T6] usb 5-1: SerialNumber: syz [ 223.988220][T10647] loop2: detected capacity change from 0 to 40427 [ 224.013488][T10647] F2FS-fs (loop2): fault_injection options not supported [ 224.020879][T10647] F2FS-fs (loop2): Image doesn't support compression [ 224.052946][T10647] F2FS-fs (loop2): Image doesn't support compression [ 224.062309][T10647] F2FS-fs (loop2): invalid crc value [ 224.070802][T10647] F2FS-fs (loop2): Found nat_bits in checkpoint [ 224.102760][ T1015] input: HID 045e:07da as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:045E:07DA.0041/input/input58 [ 224.104490][T10653] loop3: detected capacity change from 0 to 40427 [ 224.145549][T10647] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 224.154320][T10653] F2FS-fs (loop3): Found nat_bits in checkpoint [ 224.183793][ T555] hid (null): global environment stack underflow [ 224.200616][ T555] hid (null): report_id 0 is invalid [ 224.207675][ T1015] microsoft 0003:045E:07DA.0041: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0 [ 224.210942][ T555] hid (null): global environment stack underflow [ 224.246839][T10653] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 224.254806][ T555] hid (null): unknown global tag 0xc [ 224.260146][ T555] hid (null): report_id 25068 is invalid [ 224.306774][ T555] hid (null): report_id 0 is invalid [ 224.317054][ T555] hid (null): global environment stack overflow [ 224.325844][ T555] hid (null): unknown global tag 0xc [ 224.331997][ T555] hid (null): unknown global tag 0x58 [ 224.339555][T10653] F2FS-fs (loop3): access invalid blkaddr:2048 [ 224.348117][T10653] CPU: 1 PID: 10653 Comm: syz.3.4186 Tainted: G W syzkaller #0 [ 224.357751][T10653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 224.367956][T10653] Call Trace: [ 224.371381][T10653] [ 224.374349][T10653] __dump_stack+0x21/0x24 [ 224.379318][T10653] dump_stack_lvl+0xee/0x150 [ 224.383963][T10653] ? __cfi_dump_stack_lvl+0x8/0x8 [ 224.389291][T10653] ? __cfi_f2fs_get_dnode_of_data+0x10/0x10 [ 224.395326][T10653] dump_stack+0x15/0x24 [ 224.399721][T10653] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 224.406108][T10653] f2fs_is_valid_blkaddr+0x23/0x30 [ 224.411473][T10653] f2fs_map_blocks+0xc93/0x3a50 [ 224.416443][T10653] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 224.421864][T10653] ? xas_start+0x317/0x3e0 [ 224.426400][T10653] ? xas_load+0x39e/0x3b0 [ 224.430772][T10653] ? xa_load+0xad/0xd0 [ 224.435220][T10653] f2fs_mpage_readpages+0xa3a/0x1b70 [ 224.440551][T10653] ? dquot_release_reservation_block+0xa0/0xa0 [ 224.447071][T10653] ? cgroup_rstat_updated+0xf5/0x370 [ 224.452555][T10653] ? xas_nomem+0x6b/0x1f0 [ 224.457186][T10653] f2fs_readahead+0xfc/0x240 [ 224.462183][T10653] ? __cfi_f2fs_readahead+0x10/0x10 [ 224.467435][T10653] read_pages+0x1b0/0xdd0 [ 224.471799][T10653] ? __cfi___filemap_add_folio+0x10/0x10 [ 224.477463][T10653] ? page_cache_ra_unbounded+0x720/0x720 [ 224.483292][T10653] ? folio_add_lru+0x260/0x390 [ 224.488369][T10653] ? filemap_add_folio+0x105/0x150 [ 224.493838][T10653] page_cache_ra_unbounded+0x5d1/0x720 [ 224.499463][T10653] ? __cfi_page_cache_ra_unbounded+0x10/0x10 [ 224.505831][T10653] ? __switch_to+0x51f/0xe30 [ 224.510741][T10653] page_cache_ra_order+0x36a/0xb70 [ 224.515898][T10653] ? finish_task_switch+0x209/0x7b0 [ 224.521248][T10653] ? __switch_to_asm+0x3a/0x60 [ 224.526225][T10653] ? __schedule+0xb8f/0x14e0 [ 224.530936][T10653] ? __cfi_page_cache_ra_order+0x10/0x10 [ 224.536706][T10653] ondemand_readahead+0x817/0xdb0 [ 224.542100][T10653] ? __kasan_check_read+0x11/0x20 [ 224.547426][T10653] ? page_cache_sync_ra+0x490/0x490 [ 224.552758][T10653] page_cache_sync_ra+0x41b/0x490 [ 224.558277][T10653] f2fs_readdir+0x444/0x940 [ 224.562888][T10653] ? __cfi_f2fs_readdir+0x10/0x10 [ 224.568380][T10653] ? down_read_killable+0xb6/0x100 [ 224.573529][T10653] ? __cfi_down_read_killable+0x10/0x10 [ 224.579362][T10653] ? fsnotify_perm+0x269/0x5b0 [ 224.584230][T10653] ? security_file_permission+0x94/0xb0 [ 224.590085][T10653] iterate_dir+0x271/0x610 [ 224.594619][T10653] ? __cfi_f2fs_readdir+0x10/0x10 [ 224.599717][T10653] __se_sys_getdents64+0xe5/0x240 [ 224.604773][T10653] ? __x64_sys_getdents64+0x90/0x90 [ 224.610004][T10653] ? xfd_validate_state+0x70/0x150 [ 224.615441][T10653] ? __cfi_filldir64+0x10/0x10 [ 224.620334][T10653] ? fpregs_restore_userregs+0x128/0x260 [ 224.626218][T10653] __x64_sys_getdents64+0x7b/0x90 [ 224.631367][T10653] x64_sys_call+0x15c/0x9a0 [ 224.635909][T10653] do_syscall_64+0x4c/0xa0 [ 224.640627][T10653] ? clear_bhb_loop+0x30/0x80 [ 224.645330][T10653] ? clear_bhb_loop+0x30/0x80 [ 224.650135][T10653] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 224.656136][T10653] RIP: 0033:0x7f39b218eec9 [ 224.660655][T10653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.681405][T10653] RSP: 002b:00007f39b3102038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 224.690130][T10653] RAX: ffffffffffffffda RBX: 00007f39b23e5fa0 RCX: 00007f39b218eec9 [ 224.698326][T10653] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 224.706944][T10653] RBP: 00007f39b2211f91 R08: 0000000000000000 R09: 0000000000000000 [ 224.716168][T10653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.725046][T10653] R13: 00007f39b23e6038 R14: 00007f39b23e5fa0 R15: 00007ffd2bcec8f8 [ 224.733404][T10653] [ 224.742145][T10653] syz.3.4186: attempt to access beyond end of device [ 224.742145][T10653] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 224.773054][T10653] syz.3.4186: attempt to access beyond end of device [ 224.773054][T10653] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 224.776512][ T555] usb 8-1: USB disconnect, device number 13 [ 224.793044][T10663] syz.3.4186: attempt to access beyond end of device [ 224.793044][T10663] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 224.842327][ T7573] syz-executor: attempt to access beyond end of device [ 224.842327][ T7573] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 224.850701][T10662] syz.2.4183: attempt to access beyond end of device [ 224.850701][T10662] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 224.969454][ T826] usb 9-1: USB disconnect, device number 6 [ 224.988059][T10666] loop3: detected capacity change from 0 to 512 [ 225.015121][T10666] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 225.025008][T10666] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.037085][T10666] EXT4-fs (loop3): unmounting filesystem. [ 225.160524][ T6] cdc_ncm 5-1:1.0: bind() failure [ 225.172950][ T6] cdc_ncm: probe of 5-1:1.1 failed with error -71 [ 225.179744][ T6] cdc_mbim: probe of 5-1:1.1 failed with error -71 [ 225.187828][ T6] usb 5-1: USB disconnect, device number 28 [ 225.436149][T10683] loop2: detected capacity change from 0 to 40427 [ 225.444420][T10683] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 225.451909][T10683] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 225.460933][T10683] F2FS-fs (loop2): fault_injection options not supported [ 225.469890][T10683] F2FS-fs (loop2): fault_type options not supported [ 225.477675][T10683] F2FS-fs (loop2): invalid crc value [ 225.484855][T10683] F2FS-fs (loop2): Found nat_bits in checkpoint [ 225.505398][T10690] loop7: detected capacity change from 0 to 1024 [ 225.531888][T10690] EXT4-fs: Ignoring removed nobh option [ 225.537843][T10690] EXT4-fs: Ignoring removed bh option [ 225.543897][T10690] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 225.544427][T10683] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 225.556643][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 225.556662][ T28] audit: type=1400 audit(2000000060.325:2579): avc: denied { map } for pid=10688 comm="syz.3.4197" path="socket:[65796]" dev="sockfs" ino=65796 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 225.562511][T10683] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 225.577521][T10690] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 225.640025][T10690] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:3836: comm syz.7.4207: Allocating blocks 497-513 which overlap fs metadata [ 225.656070][T10690] EXT4-fs (loop7): pa ffff888105527738: logic 256, phys. 385, len 8 [ 225.664300][T10690] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1 [ 225.715249][T10690] EXT4-fs error (device loop7): mb_free_blocks:1810: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 225.754929][ T6352] EXT4-fs (loop7): unmounting filesystem. [ 225.761147][T10699] loop2: detected capacity change from 0 to 512 [ 225.787695][T10699] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 225.797529][ T6] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 225.797777][T10699] ext4 filesystem being mounted at /796/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 225.848097][T10699] EXT4-fs (loop2): shut down requested (2) [ 225.859938][ T285] EXT4-fs (loop2): unmounting filesystem. [ 225.994338][ T6] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 226.003684][ T6] usb 9-1: config 1 has no interface number 0 [ 226.009899][ T6] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.021051][ T6] usb 9-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 226.030434][ T6] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 10095, setting to 1024 [ 226.041644][ T6] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 226.053126][ T6] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 226.062231][ T6] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.071124][ T6] usb 9-1: Product: syz [ 226.075527][ T6] usb 9-1: Manufacturer: syz [ 226.080149][ T6] usb 9-1: SerialNumber: syz [ 226.287610][T10693] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 226.897271][T10693] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 226.905556][ T6] cdc_ncm 9-1:1.1: bind() failure [ 227.110820][ T6] usb 9-1: USB disconnect, device number 7 [ 227.847577][T10713] loop8: detected capacity change from 0 to 40427 [ 227.854722][T10709] loop4: detected capacity change from 0 to 40427 [ 227.877341][T10709] F2FS-fs (loop4): fault_injection options not supported [ 227.885073][T10709] F2FS-fs (loop4): Image doesn't support compression [ 227.891899][T10709] F2FS-fs (loop4): Image doesn't support compression [ 227.900494][T10713] F2FS-fs (loop8): Found nat_bits in checkpoint [ 227.905364][T10709] F2FS-fs (loop4): invalid crc value [ 227.907563][ T555] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 227.924769][T10709] F2FS-fs (loop4): Found nat_bits in checkpoint [ 227.951721][T10713] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 227.966446][T10709] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 228.010529][T10713] F2FS-fs (loop8): access invalid blkaddr:2048 [ 228.017283][T10713] CPU: 0 PID: 10713 Comm: syz.8.4199 Tainted: G W syzkaller #0 [ 228.026453][T10713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 228.036983][T10713] Call Trace: [ 228.040384][T10713] [ 228.043431][T10713] __dump_stack+0x21/0x24 [ 228.047803][T10713] dump_stack_lvl+0xee/0x150 [ 228.052792][T10713] ? __cfi_dump_stack_lvl+0x8/0x8 [ 228.058327][T10713] ? __cfi_f2fs_get_dnode_of_data+0x10/0x10 [ 228.064388][T10713] dump_stack+0x15/0x24 [ 228.068814][T10713] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 228.074581][T10713] f2fs_is_valid_blkaddr+0x23/0x30 [ 228.079921][T10713] f2fs_map_blocks+0xc93/0x3a50 [ 228.084938][T10713] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 228.090268][T10713] ? xas_start+0x317/0x3e0 [ 228.094725][T10713] ? xas_load+0x39e/0x3b0 [ 228.099194][T10713] ? xa_load+0xad/0xd0 [ 228.103301][T10713] f2fs_mpage_readpages+0xa3a/0x1b70 [ 228.108640][T10713] ? dquot_release_reservation_block+0xa0/0xa0 [ 228.115053][T10713] ? cgroup_rstat_updated+0xf5/0x370 [ 228.120636][T10713] ? xas_nomem+0x6b/0x1f0 [ 228.124147][ T555] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 228.125039][T10713] f2fs_readahead+0xfc/0x240 [ 228.141010][T10713] ? __cfi_f2fs_readahead+0x10/0x10 [ 228.143067][ T555] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 228.146244][T10713] read_pages+0x1b0/0xdd0 [ 228.160893][T10713] ? __cfi___filemap_add_folio+0x10/0x10 [ 228.166748][T10713] ? page_cache_ra_unbounded+0x720/0x720 [ 228.171342][ T555] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 228.172420][T10713] ? folio_add_lru+0x260/0x390 [ 228.186244][ T287] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 228.190239][T10713] ? filemap_add_folio+0x105/0x150 [ 228.190282][T10713] page_cache_ra_unbounded+0x5d1/0x720 [ 228.190314][T10713] ? __cfi_page_cache_ra_unbounded+0x10/0x10 [ 228.214364][ T555] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 228.214995][T10713] ? __switch_to+0x51f/0xe30 [ 228.215025][T10713] page_cache_ra_order+0x36a/0xb70 [ 228.215056][T10713] ? finish_task_switch+0x16b/0x7b0 [ 228.233964][ T555] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.234098][T10713] ? __switch_to_asm+0x3a/0x60 [ 228.251067][ T555] usb 4-1: config 0 descriptor?? [ 228.252417][T10713] ? __schedule+0xb8f/0x14e0 [ 228.262779][T10713] ? __cfi_page_cache_ra_order+0x10/0x10 [ 228.268538][T10713] ondemand_readahead+0x817/0xdb0 [ 228.273549][T10709] bio_check_eod: 1 callbacks suppressed [ 228.273566][T10709] syz.4.4201: attempt to access beyond end of device [ 228.273566][T10709] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 228.273778][T10713] ? __kasan_check_read+0x11/0x20 [ 228.298203][T10713] ? page_cache_sync_ra+0x490/0x490 [ 228.303488][T10713] page_cache_sync_ra+0x41b/0x490 [ 228.308838][T10713] f2fs_readdir+0x444/0x940 [ 228.313408][T10713] ? __cfi_f2fs_readdir+0x10/0x10 [ 228.318497][T10713] ? down_read_killable+0xb6/0x100 [ 228.323673][T10713] ? __cfi_down_read_killable+0x10/0x10 [ 228.329288][T10713] ? fsnotify_perm+0x269/0x5b0 [ 228.334181][T10713] ? security_file_permission+0x94/0xb0 [ 228.339770][T10713] iterate_dir+0x271/0x610 [ 228.344207][T10713] ? __cfi_f2fs_readdir+0x10/0x10 [ 228.349262][T10713] __se_sys_getdents64+0xe5/0x240 [ 228.354324][T10713] ? __x64_sys_getdents64+0x90/0x90 [ 228.359911][T10713] ? xfd_validate_state+0x70/0x150 [ 228.365142][T10713] ? __cfi_filldir64+0x10/0x10 [ 228.370030][T10713] ? fpregs_restore_userregs+0x128/0x260 [ 228.375883][T10713] __x64_sys_getdents64+0x7b/0x90 [ 228.381053][T10713] x64_sys_call+0x15c/0x9a0 [ 228.386322][T10713] do_syscall_64+0x4c/0xa0 [ 228.391032][T10713] ? clear_bhb_loop+0x30/0x80 [ 228.395750][T10713] ? clear_bhb_loop+0x30/0x80 [ 228.400591][T10713] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 228.406632][T10713] RIP: 0033:0x7f22aa18eec9 [ 228.411272][T10713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.431164][T10713] RSP: 002b:00007f22aafdb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 228.439603][T10713] RAX: ffffffffffffffda RBX: 00007f22aa3e5fa0 RCX: 00007f22aa18eec9 [ 228.448176][T10713] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 228.457172][T10713] RBP: 00007f22aa211f91 R08: 0000000000000000 R09: 0000000000000000 [ 228.465787][T10713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.473994][T10713] R13: 00007f22aa3e6038 R14: 00007f22aa3e5fa0 R15: 00007ffc27247fa8 [ 228.482522][T10713] [ 228.486816][ T287] usb 3-1: Using ep0 maxpacket: 16 [ 228.489219][T10713] syz.8.4199: attempt to access beyond end of device [ 228.489219][T10713] loop8: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 228.509366][ T287] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 228.521339][ T287] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 228.536599][ T287] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 228.547035][ T287] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.553034][T10713] syz.8.4199: attempt to access beyond end of device [ 228.553034][T10713] loop8: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 228.564026][ T287] usb 3-1: config 0 descriptor?? [ 228.603067][T10732] syz.8.4199: attempt to access beyond end of device [ 228.603067][T10732] loop8: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 228.667957][T10000] syz-executor: attempt to access beyond end of device [ 228.667957][T10000] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 228.714859][ T555] plantronics 0003:047F:FFFF.0043: unknown main item tag 0xd [ 228.734563][ T555] plantronics 0003:047F:FFFF.0043: No inputs registered, leaving [ 228.763445][ T555] plantronics 0003:047F:FFFF.0043: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 228.860579][T10734] loop7: detected capacity change from 0 to 40427 [ 228.876877][T10734] F2FS-fs (loop7): fault_injection options not supported [ 228.908294][T10734] F2FS-fs (loop7): Image doesn't support compression [ 228.930657][T10743] loop4: detected capacity change from 0 to 8192 [ 228.932908][T10734] F2FS-fs (loop7): Image doesn't support compression [ 228.946295][T10734] F2FS-fs (loop7): invalid crc value [ 228.961142][T10734] F2FS-fs (loop7): Found nat_bits in checkpoint [ 229.002561][ T287] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0044/input/input60 [ 229.035129][ T555] usb 4-1: USB disconnect, device number 27 [ 229.039470][T10734] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 229.104542][ T287] microsoft 0003:045E:07DA.0044: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 229.191268][T10758] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 229.234020][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 229.253075][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.261484][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 229.270748][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.279897][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.289064][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.298957][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.309112][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.328342][T10734] syz.7.4220: attempt to access beyond end of device [ 229.328342][T10734] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 229.620174][T10766] loop4: detected capacity change from 0 to 40427 [ 229.628172][T10766] F2FS-fs (loop4): fault_injection options not supported [ 229.635686][T10766] F2FS-fs (loop4): Image doesn't support compression [ 229.642579][T10766] F2FS-fs (loop4): Image doesn't support compression [ 229.651040][T10766] F2FS-fs (loop4): invalid crc value [ 229.661311][ T1967] usb 3-1: USB disconnect, device number 30 [ 229.662221][T10766] F2FS-fs (loop4): Found nat_bits in checkpoint [ 229.700846][T10781] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4227'. [ 229.722995][ T287] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 229.751610][T10766] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 229.852960][ T6] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 229.909326][T10766] syz.4.4232: attempt to access beyond end of device [ 229.909326][T10766] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 229.924100][ T287] usb 9-1: Using ep0 maxpacket: 16 [ 229.930525][ T287] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 229.940114][ T287] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 229.950804][ T287] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 229.961660][ T287] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 229.973665][ T287] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.982536][ T287] usb 9-1: Product: syz [ 229.987117][ T287] usb 9-1: Manufacturer: syz [ 229.992428][ T287] usb 9-1: SerialNumber: syz [ 230.034170][ T6] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.046137][ T6] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 230.058406][ T6] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 230.084234][ T6] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 230.095260][ T6] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.104687][ T6] usb 8-1: Product: syz [ 230.109058][ T6] usb 8-1: Manufacturer: syz [ 230.113903][ T6] usb 8-1: SerialNumber: syz [ 230.199158][T10793] bridge0: port 3(syz_tun) entered blocking state [ 230.205838][T10793] bridge0: port 3(syz_tun) entered forwarding state [ 230.212872][T10793] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.219943][T10793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.227742][T10793] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.234997][T10793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.252460][T10793] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 230.307113][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.333796][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 230.364082][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.373510][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 230.382519][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.391057][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.399712][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.405618][ T287] usb 9-1: 0:2 : does not exist [ 230.408415][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.421580][ T3925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.472706][T10794] loop3: detected capacity change from 0 to 40427 [ 230.481239][T10794] F2FS-fs (loop3): fault_injection options not supported [ 230.488964][T10794] F2FS-fs (loop3): Image doesn't support compression [ 230.509437][T10794] F2FS-fs (loop3): Image doesn't support compression [ 230.520431][T10794] F2FS-fs (loop3): invalid crc value [ 230.530519][T10794] F2FS-fs (loop3): Found nat_bits in checkpoint [ 230.573909][T10794] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 230.623146][ T1967] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 230.768176][T10794] syz.3.4242: attempt to access beyond end of device [ 230.768176][T10794] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 230.804158][ T1967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.815590][ T1967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.825776][ T1967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 230.839602][ T1967] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 230.849264][ T1967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.863400][ T1967] usb 5-1: config 0 descriptor?? [ 231.018877][ T287] usb 9-1: USB disconnect, device number 8 [ 231.128025][ T6] cdc_ncm 8-1:1.0: bind() failure [ 231.135187][ T6] cdc_ncm: probe of 8-1:1.1 failed with error -71 [ 231.142214][ T6] cdc_mbim: probe of 8-1:1.1 failed with error -71 [ 231.150421][ T6] usb 8-1: USB disconnect, device number 14 [ 231.272785][ T1967] plantronics 0003:047F:FFFF.0045: unknown main item tag 0xd [ 231.281374][ T1967] plantronics 0003:047F:FFFF.0045: No inputs registered, leaving [ 231.291099][ T1967] plantronics 0003:047F:FFFF.0045: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 231.544002][ T6] usb 5-1: USB disconnect, device number 29 [ 231.614396][T10815] loop8: detected capacity change from 0 to 256 [ 231.627030][T10817] loop3: detected capacity change from 0 to 512 [ 231.634351][T10815] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 231.646122][T10815] exFAT-fs (loop8): Medium has reported failures. Some data may be lost. [ 231.654616][T10817] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 231.667770][T10815] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 231.678179][T10817] EXT4-fs (loop3): invalid journal inode [ 231.690937][T10817] EXT4-fs (loop3): can't get journal size [ 231.716984][T10817] EXT4-fs (loop3): 1 truncate cleaned up [ 231.725295][T10817] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 231.782637][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 231.908692][ T2524] Bluetooth: hci0: Frame reassembly failed (-84) [ 231.982952][ T1015] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 231.991444][ T28] audit: type=1400 audit(2000000066.685:2580): avc: denied { ioctl } for pid=10838 comm="syz.2.4253" path="socket:[66628]" dev="sockfs" ino=66628 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 232.055363][T10837] loop8: detected capacity change from 0 to 40427 [ 232.063024][T10837] F2FS-fs (loop8): fault_injection options not supported [ 232.070602][T10837] F2FS-fs (loop8): fault_type options not supported [ 232.078205][T10837] F2FS-fs (loop8): invalid crc value [ 232.087078][T10833] loop3: detected capacity change from 0 to 40427 [ 232.104565][T10837] F2FS-fs (loop8): Found nat_bits in checkpoint [ 232.112351][T10833] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(32256) [ 232.140121][T10833] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 232.152173][T10833] F2FS-fs (loop3): fault_injection options not supported [ 232.159871][T10833] F2FS-fs (loop3): fault_type options not supported [ 232.166707][T10837] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 232.192092][T10833] F2FS-fs (loop3): invalid crc value [ 232.193076][ T1015] usb 8-1: Using ep0 maxpacket: 16 [ 232.212110][ T1015] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.224320][T10833] F2FS-fs (loop3): Found nat_bits in checkpoint [ 232.237752][ T1015] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 232.252123][ T1015] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 232.293390][ T1015] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.306605][T10833] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 232.313871][T10833] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 232.316779][ T1015] usb 8-1: config 0 descriptor?? [ 232.363578][T10833] syz.3.4249: attempt to access beyond end of device [ 232.363578][T10833] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 232.504959][T10853] input: syz1 as /devices/virtual/input/input62 [ 232.560761][T10855] loop8: detected capacity change from 0 to 512 [ 232.590627][T10855] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 232.625839][T10855] EXT4-fs (loop8): invalid journal inode [ 232.632548][T10855] EXT4-fs (loop8): can't get journal size [ 232.643288][T10855] EXT4-fs (loop8): 1 truncate cleaned up [ 232.643624][T10858] loop3: detected capacity change from 0 to 256 [ 232.652319][T10855] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 232.673320][T10858] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 232.689934][T10858] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 232.704674][T10858] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 232.732363][T10000] EXT4-fs (loop8): unmounting filesystem. [ 232.769014][ T1015] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.0046/input/input63 [ 232.807811][T10862] loop8: detected capacity change from 0 to 1024 [ 232.825374][T10862] EXT4-fs (loop8): couldn't mount as ext3 due to feature incompatibilities [ 232.854664][ T1015] microsoft 0003:045E:07DA.0046: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0 [ 232.872156][T10842] loop4: detected capacity change from 0 to 131072 [ 232.888644][T10842] F2FS-fs (loop4): invalid crc value [ 232.900550][ T1310] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 232.911270][ T28] audit: type=1400 audit(2000000067.665:2581): avc: denied { bind } for pid=10860 comm="syz.8.4260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 232.936342][T10842] F2FS-fs (loop4): Found nat_bits in checkpoint [ 232.987096][ T28] audit: type=1400 audit(2000000067.665:2582): avc: denied { setopt } for pid=10860 comm="syz.8.4260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 233.051499][T10842] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 233.200977][T10874] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 233.221826][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 233.243303][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.256501][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 233.265573][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 233.274889][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.284242][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.292617][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.301564][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.413523][ T1967] usb 8-1: USB disconnect, device number 15 [ 233.642855][T10550] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 233.863890][T10550] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.882838][T10550] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.892611][T10550] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 233.932982][T10550] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 233.933857][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 233.942153][T10550] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.953108][T10550] usb 9-1: config 0 descriptor?? [ 233.956469][ T662] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 235.897772][T10550] plantronics 0003:047F:FFFF.0047: No inputs registered, leaving [ 235.907133][T10550] plantronics 0003:047F:FFFF.0047: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 236.933801][ T287] usb 9-1: USB disconnect, device number 9 [ 236.950171][T10895] loop4: detected capacity change from 0 to 512 [ 236.962898][T10900] loop2: detected capacity change from 0 to 256 [ 236.975800][T10901] loop3: detected capacity change from 0 to 1024 [ 236.977045][T10900] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 236.997030][T10900] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 237.007616][T10900] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 237.015764][T10901] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 237.033123][T10895] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 237.047264][T10895] EXT4-fs (loop4): invalid journal inode [ 237.055612][T10895] EXT4-fs (loop4): can't get journal size [ 237.070366][T10895] EXT4-fs (loop4): 1 truncate cleaned up [ 237.076544][T10895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 237.164388][ T8565] EXT4-fs (loop4): unmounting filesystem. [ 237.238715][T10914] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 237.336258][ T1967] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 237.515539][T10926] loop8: detected capacity change from 0 to 256 [ 237.523414][ T1967] usb 8-1: Using ep0 maxpacket: 16 [ 237.542005][ T1967] usb 8-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 237.545405][T10926] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xb5f96684, utbl_chksum : 0xe619d30d) [ 237.561927][ T1967] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.571612][ T1967] usb 8-1: Product: syz [ 237.583022][ T1967] usb 8-1: Manufacturer: syz [ 237.587831][ T1967] usb 8-1: SerialNumber: syz [ 237.603461][ T1967] usb 8-1: config 0 descriptor?? [ 237.628875][ T1967] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected [ 237.648672][ T1967] usb 8-1: Detected FT-X [ 237.737448][T10909] loop3: detected capacity change from 0 to 131072 [ 237.754881][T10909] F2FS-fs (loop3): invalid crc value [ 237.763305][ T287] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 237.780748][T10909] F2FS-fs (loop3): Found nat_bits in checkpoint [ 237.823533][ T1967] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 237.851894][T10909] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 237.972940][T10550] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 237.981118][ T287] usb 3-1: Using ep0 maxpacket: 16 [ 237.988157][ T287] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.999744][ T287] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 238.013036][ T287] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 238.035112][ T287] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.057585][ T287] usb 3-1: config 0 descriptor?? [ 238.173304][T10550] usb 9-1: Using ep0 maxpacket: 16 [ 238.179834][T10550] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.202929][T10550] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.224891][T10550] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 238.240625][ T1967] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 238.271031][T10550] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 238.294470][T10550] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.313529][T10550] usb 9-1: config 0 descriptor?? [ 238.448045][ T1967] usb 8-1: USB disconnect, device number 16 [ 238.493497][ T1967] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 238.505853][ T287] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0048/input/input65 [ 238.531409][ T1967] ftdi_sio 8-1:0.0: device disconnected [ 238.614274][ T287] microsoft 0003:045E:07DA.0048: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 238.726178][T10550] microsoft 0003:045E:07DA.0049: unknown main item tag 0x6 [ 238.742766][T10550] microsoft 0003:045E:07DA.0049: unknown main item tag 0x7 [ 238.783461][T10550] input: HID 045e:07da as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:045E:07DA.0049/input/input66 [ 239.026111][T10965] loop7: detected capacity change from 0 to 4096 [ 239.049715][T10550] microsoft 0003:045E:07DA.0049: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0 [ 239.066658][T10550] usb 9-1: USB disconnect, device number 10 [ 239.091019][T10965] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 239.109284][T10967] fido_id[10967]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/9-1/report_descriptor': No such file or directory [ 239.139300][ T6] usb 3-1: USB disconnect, device number 31 [ 239.149546][T10970] loop3: detected capacity change from 0 to 1024 [ 239.178535][ T6352] EXT4-fs (loop7): unmounting filesystem. [ 239.185457][T10970] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 239.199804][T10970] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c800e02c, mo2=0000] [ 239.214862][T10970] EXT4-fs error (device loop3): ext4_free_blocks:6205: comm syz.3.4301: Freeing blocks not in datazone - block = 0, count = 4096 [ 239.231250][T10970] EXT4-fs (loop3): Remounting filesystem read-only [ 239.238492][T10970] EXT4-fs (loop3): 1 orphan inode deleted [ 239.240651][T10973] loop7: detected capacity change from 0 to 512 [ 239.244970][T10970] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 239.263260][T10973] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 239.271842][T10970] EXT4-fs error (device loop3): ext4_search_dir:1549: inode #2: block 16: comm syz.3.4301: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 239.291886][T10970] EXT4-fs (loop3): Remounting filesystem read-only [ 239.304501][T10973] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 239.314003][T10973] ext4 filesystem being mounted at /372/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 239.314701][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 239.337552][ T28] audit: type=1400 audit(2000000074.105:2583): avc: denied { setattr } for pid=10972 comm="syz.7.4302" name="file1" dev="loop7" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 239.367554][ T6352] EXT4-fs (loop7): unmounting filesystem. [ 239.452272][ T28] audit: type=1400 audit(2000000074.215:2584): avc: denied { read } for pid=10978 comm="syz.3.4305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 239.556770][ T28] audit: type=1400 audit(2000000074.325:2585): avc: denied { write } for pid=10989 comm="syz.8.4309" name="route" dev="proc" ino=4026532496 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 239.621293][ T28] audit: type=1400 audit(2000000074.385:2586): avc: denied { append } for pid=10998 comm="syz.3.4313" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 239.852901][ T28] audit: type=1400 audit(2000000074.615:2587): avc: denied { name_bind } for pid=11029 comm="syz.2.4325" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 239.937277][ T28] audit: type=1400 audit(2000000074.705:2588): avc: denied { write } for pid=11035 comm="syz.2.4328" path="socket:[67063]" dev="sockfs" ino=67063 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 240.026725][T11045] netlink: 7000 bytes leftover after parsing attributes in process `syz.7.4332'. [ 240.067584][T11047] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 240.185622][ T28] audit: type=1400 audit(2000000074.955:2589): avc: denied { ioctl } for pid=11063 comm="syz.7.4341" path="/dev/usbmon2" dev="devtmpfs" ino=165 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 240.266481][T11075] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4346'. [ 240.276099][T11075] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4346'. [ 240.299023][ T28] audit: type=1400 audit(2000000075.065:2590): avc: denied { mounton } for pid=11076 comm="syz.7.4347" path="/386/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 240.348820][T11081] loop2: detected capacity change from 0 to 2048 [ 240.393428][T11081] loop2: p1 < > p2 p3 p4 < p5 > [ 240.400405][T11081] loop2: p2 size 458752 extends beyond EOD, truncated [ 240.409772][T11081] loop2: p3 start 4284289 is beyond EOD, truncated [ 240.417392][T11081] loop2: p5 size 458752 extends beyond EOD, truncated [ 240.472915][ T1015] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 240.487307][T11090] loop2: detected capacity change from 0 to 512 [ 240.509816][ T1309] udevd[1309]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 240.514785][ T1307] udevd[1307]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 240.531127][ T1310] udevd[1310]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 240.542298][ T1308] udevd[1308]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 240.557489][ T28] audit: type=1400 audit(2000000075.325:2591): avc: denied { setopt } for pid=11093 comm="syz.8.4355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 240.571530][ T3928] tipc: Subscription rejected, illegal request [ 240.600086][ T1310] udevd[1310]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 240.605151][T11101] loop8: detected capacity change from 0 to 256 [ 240.611355][ T1308] udevd[1308]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 240.624843][ T1309] udevd[1309]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 240.626398][ T28] audit: type=1400 audit(2000000075.335:2592): avc: denied { connect } for pid=11098 comm="syz.2.4357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 240.660424][ T1307] udevd[1307]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 240.682902][ T1015] usb 4-1: Using ep0 maxpacket: 8 [ 240.689799][ T1015] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 240.709602][ T1015] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 240.715220][T11101] FAT-fs (loop8): Directory bread(block 64) failed [ 240.725444][T11101] FAT-fs (loop8): Directory bread(block 65) failed [ 240.731928][ T1015] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2 [ 240.744054][T11101] FAT-fs (loop8): Directory bread(block 66) failed [ 240.756311][T11101] FAT-fs (loop8): Directory bread(block 67) failed [ 240.763867][ T1015] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.765134][T11101] FAT-fs (loop8): Directory bread(block 68) failed [ 240.778685][T11101] FAT-fs (loop8): Directory bread(block 69) failed [ 240.785320][ T1015] usb 4-1: Product: syz [ 240.785407][T11101] FAT-fs (loop8): Directory bread(block 70) failed [ 240.796182][T11101] FAT-fs (loop8): Directory bread(block 71) failed [ 240.796398][ T1015] usb 4-1: Manufacturer: syz [ 240.802934][T11101] FAT-fs (loop8): Directory bread(block 72) failed [ 240.814124][ T1015] usb 4-1: SerialNumber: syz [ 240.825482][T11101] FAT-fs (loop8): Directory bread(block 73) failed [ 240.847696][ T1015] usb 4-1: config 0 descriptor?? [ 240.968794][T11120] loop7: detected capacity change from 0 to 2048 [ 241.000220][T11120] EXT4-fs: Ignoring removed orlov option [ 241.043671][T11120] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 241.157870][T11137] netlink: 'syz.8.4373': attribute type 1 has an invalid length. [ 241.167718][T11137] netlink: 'syz.8.4373': attribute type 2 has an invalid length. [ 241.176856][ T6352] EXT4-fs (loop7): unmounting filesystem. [ 241.201220][T11137] netlink: 'syz.8.4373': attribute type 1 has an invalid length. [ 241.210881][T11137] netlink: 'syz.8.4373': attribute type 2 has an invalid length. [ 241.289344][T10550] usb 4-1: USB disconnect, device number 28 [ 241.613035][ T1015] usb 8-1: new full-speed USB device number 17 using dummy_hcd [ 241.794242][ T1015] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 241.805342][ T1015] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 241.819108][ T1015] usb 8-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00 [ 241.828811][ T1015] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.837992][ T1015] usb 8-1: config 0 descriptor?? [ 241.843596][T11163] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 241.982541][T11175] loop3: detected capacity change from 0 to 512 [ 242.005396][T11175] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 242.014860][T11175] ext4 filesystem being mounted at /300/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.038650][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 242.057725][T11179] loop3: detected capacity change from 0 to 1024 [ 242.066124][T11179] EXT4-fs: Ignoring removed nomblk_io_submit option [ 242.084748][T11179] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 242.107290][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 242.143607][T11185] loop3: detected capacity change from 0 to 256 [ 242.164174][T11187] loop8: detected capacity change from 0 to 128 [ 242.166319][T11185] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 242.202498][T11189] overlayfs: missing 'lowerdir' [ 242.256227][ T1015] smartjoyplus 0003:0925:8866.004A: item fetching failed at offset 3/7 [ 242.269167][ T1015] smartjoyplus 0003:0925:8866.004A: parse failed [ 242.279176][ T1015] smartjoyplus: probe of 0003:0925:8866.004A failed with error -22 [ 242.420579][T11218] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 242.473870][ T1015] usb 8-1: USB disconnect, device number 17 [ 242.731260][T11255] loop3: detected capacity change from 0 to 512 [ 242.756037][T11255] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 242.765486][T11255] ext4 filesystem being mounted at /315/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.780994][T11255] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 242.804252][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 242.874567][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.882610][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.890494][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.898734][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.906816][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.914822][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.923007][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.935422][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.942948][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.950688][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.958202][ T3589] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 242.966225][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.974229][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.981863][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.990221][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 242.997818][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 243.011549][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 243.019368][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 243.027545][ T1015] hid-generic 0003:0004:0000.004B: unknown main item tag 0x0 [ 243.035961][ T1015] hid-generic 0003:0004:0000.004B: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 243.087426][T11274] fido_id[11274]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 243.169765][ T3589] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.186195][ T3589] usb 9-1: New USB device found, idVendor=050e, idProduct=a4a1, bcdDevice= 0.40 [ 243.195558][ T3589] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.203770][ T3589] usb 9-1: Product: syz [ 243.208072][ T3589] usb 9-1: Manufacturer: syz [ 243.213042][ T662] Bluetooth: hci0: command 0x1003 tx timeout [ 243.219197][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 243.225507][ T3589] usb 9-1: SerialNumber: syz [ 243.494508][T11300] loop4: detected capacity change from 0 to 16 [ 243.510354][T11300] erofs: (device loop4): mounted with root inode @ nid 36. [ 243.522372][T11300] erofs: (device loop4): erofs_fill_dentries: bogus dirent @ nid 46 [ 243.553254][T11302] sch_fq: defrate 0 ignored. [ 243.695775][T11318] loop3: detected capacity change from 0 to 512 [ 243.706843][T11318] EXT4-fs (loop3): Test dummy encryption mode enabled [ 243.713814][T11318] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 243.725689][T11318] EXT4-fs (loop3): 1 truncate cleaned up [ 243.731542][T11318] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 243.758437][ T7573] EXT4-fs (loop3): unmounting filesystem. [ 243.912373][T11330] loop7: detected capacity change from 0 to 128 [ 243.919670][ T288] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 243.921915][T11330] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 243.930625][T11332] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 243.949850][T11332] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 243.965060][T11330] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 244.018663][T11336] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4457'. [ 244.029355][T11336] netlink: 180 bytes leftover after parsing attributes in process `syz.7.4457'. [ 244.059426][ T3928] Bluetooth: hci0: Frame reassembly failed (-84) [ 244.106849][ T288] usb 5-1: config 1 has an invalid interface number: 105 but max is 0 [ 244.111569][T11346] 9pnet_virtio: no channels available for device syz [ 244.115423][ T288] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 244.133434][ T288] usb 5-1: config 1 has no interface number 0 [ 244.140067][ T288] usb 5-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 244.153433][ T288] usb 5-1: config 1 interface 105 has no altsetting 0 [ 244.162400][ T288] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 244.171736][ T288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.180879][ T288] usb 5-1: Product: syz [ 244.185233][ T288] usb 5-1: Manufacturer: syz [ 244.189895][ T288] usb 5-1: SerialNumber: syz [ 244.240466][ T3589] cdc_ncm 9-1:1.0: bind() failure [ 244.247636][ T3589] usb 9-1: USB disconnect, device number 11 [ 244.404753][ T288] aqc111: probe of 5-1:1.105 failed with error -22 [ 244.488811][T11358] loop2: detected capacity change from 0 to 256 [ 244.492968][T10550] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 244.496323][T11358] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 244.514498][T11358] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 244.525087][T11358] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 244.545716][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 244.545733][ T28] audit: type=1400 audit(2000000079.315:2606): avc: denied { mounton } for pid=11357 comm="syz.2.4468" path="/851/bus/file0/file0" dev="loop2" ino=1048882 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 244.580229][ T28] audit: type=1400 audit(2000000079.315:2607): avc: denied { rename } for pid=11357 comm="syz.2.4468" name="file0" dev="loop2" ino=1048882 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 244.616979][ T1967] usb 5-1: USB disconnect, device number 30 [ 244.628045][ T28] audit: type=1326 audit(2000000079.395:2608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11359 comm="syz.2.4469" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6fe998eec9 code=0x0 [ 244.722947][T10550] usb 4-1: Using ep0 maxpacket: 16 [ 244.729297][T10550] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 244.738269][T10550] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 244.748469][T10550] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 244.764270][T10550] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 244.765789][T11364] loop8: detected capacity change from 0 to 512 [ 244.773832][T10550] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.788383][T10550] usb 4-1: Product: syz [ 244.792938][T10550] usb 4-1: Manufacturer: syz [ 244.797706][T10550] usb 4-1: SerialNumber: syz [ 244.816010][T11364] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 244.825527][T11364] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.842413][ T28] audit: type=1400 audit(2000000079.605:2609): avc: denied { mounton } for pid=11363 comm="syz.8.4470" path="/91/file0/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 244.850700][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 3: comm syz-executor: path /91/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 244.889216][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 12: comm syz-executor: path /91/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 244.910749][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 13: comm syz-executor: path /91/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 244.932995][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 14: comm syz-executor: path /91/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=1, rec_len=0, size=2048 fake=0 [ 244.953960][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 15: comm syz-executor: path /91/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 244.975045][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 16: comm syz-executor: path /91/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 244.996782][T10000] EXT4-fs error (device loop8): ext4_readdir:263: inode #2: block 17: comm syz-executor: path /91/file0: bad entry in directory: directory entry overrun - offset=0, inode=3, rec_len=3072, size=2048 fake=0 [ 245.017185][T10000] EXT4-fs error (device loop8): ext4_map_blocks:635: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 245.032591][T10000] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 245.043259][T10000] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 64512 [ 245.053190][T10000] EXT4-fs error (device loop8): ext4_acquire_dquot:6803: comm syz-executor: Failed to acquire dquot type 0 [ 245.125289][T10000] EXT4-fs (loop8): unmounting filesystem. [ 245.219028][T10550] usb 4-1: 0:2 : does not exist [ 245.296024][T11372] loop4: detected capacity change from 0 to 1024 [ 245.305228][T11372] EXT4-fs: Ignoring removed i_version option [ 245.321808][T11372] EXT4-fs (loop4): Test dummy encryption mode enabled [ 245.336430][T11372] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 245.360676][ T8565] EXT4-fs (loop4): unmounting filesystem. [ 245.380349][T11379] loop4: detected capacity change from 0 to 16 [ 245.393437][T11379] erofs: (device loop4): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 125300) [ 245.409435][T11374] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.417329][T11374] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.425655][T11374] device bridge_slave_0 entered promiscuous mode [ 245.435099][T11374] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.442291][T11374] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.460054][T11374] device bridge_slave_1 entered promiscuous mode [ 245.476701][T11383] loop2: detected capacity change from 0 to 256 [ 245.516573][T11386] 9pnet: p9_errstr2errno: server reported unknown error @c˙˙˙˙˙˙˙˙D†üB€|˜Ü‘…–0xffffffffffffffff [ 245.565427][T11390] loop4: detected capacity change from 0 to 512 [ 245.572303][T11390] journal_path: Lookup failure for './file0/../file0' [ 245.579838][T11390] EXT4-fs: error: could not find journal device path [ 245.588182][ T28] audit: type=1400 audit(2000000080.355:2610): avc: denied { write } for pid=11388 comm="syz.4.4481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 245.588222][T11390] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4481'. [ 245.630112][T10550] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1) [ 245.667828][T10550] usb 4-1: USB disconnect, device number 29 [ 245.695110][ T1307] udevd[1307]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 245.714168][ T3925] device bridge_slave_1 left promiscuous mode [ 245.720379][ T3925] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.734726][ T3925] device bridge_slave_0 left promiscuous mode [ 245.741086][ T3925] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.749866][ T3925] device veth1_macvtap left promiscuous mode [ 245.756342][ T3925] device veth0_vlan left promiscuous mode [ 245.888982][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 245.945628][T11374] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.952845][T11374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.960261][T11374] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.967690][T11374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.992618][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.001110][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.009461][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.024826][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.033410][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.040750][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.050501][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.060496][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.067977][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.079747][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.088472][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.096741][ T662] Bluetooth: hci0: command 0x1003 tx timeout [ 246.096802][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 246.097724][T11340] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 246.113249][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.116283][T11418] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4489'. [ 246.124485][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.155695][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 246.172227][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 246.184409][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 246.192313][T11421] loop4: detected capacity change from 0 to 512 [ 246.192496][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 246.208583][T11374] device veth0_vlan entered promiscuous mode [ 246.216898][T11421] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 246.225032][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 246.241320][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 246.250705][T11421] EXT4-fs (loop4): 1 truncate cleaned up [ 246.258067][T11421] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 246.267388][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 246.287538][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 246.297718][T11374] device veth1_macvtap entered promiscuous mode [ 246.310294][ T8565] EXT4-fs (loop4): unmounting filesystem. [ 246.310497][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 246.324416][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 246.333177][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 246.342602][ T28] audit: type=1400 audit(2000000081.105:2611): avc: denied { ioctl } for pid=11426 comm="syz.3.4493" path="/dev/binderfs/binder1" dev="binder" ino=11 ioctlcmd=0x6208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 246.371540][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 246.385022][ T3928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 246.652895][ T1015] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 246.671091][ T28] audit: type=1400 audit(2000000081.435:2612): avc: denied { wake_alarm } for pid=11458 comm="syz.9.4506" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 246.844053][ T1015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.855303][ T1015] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.865178][ T1015] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 246.878139][ T1015] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 246.887254][ T1015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.901176][ T1015] usb 5-1: config 0 descriptor?? [ 246.927221][T11468] loop2: detected capacity change from 0 to 256 [ 246.942637][T11468] FAT-fs (loop2): Directory bread(block 64) failed [ 246.950693][T11468] FAT-fs (loop2): Directory bread(block 65) failed [ 246.957872][T11468] FAT-fs (loop2): Directory bread(block 66) failed [ 246.965625][T11468] FAT-fs (loop2): Directory bread(block 67) failed [ 246.972685][T11468] FAT-fs (loop2): Directory bread(block 68) failed [ 246.980011][T11468] FAT-fs (loop2): Directory bread(block 69) failed [ 246.986873][T10550] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 246.987275][T11468] FAT-fs (loop2): Directory bread(block 70) failed [ 247.001502][T11468] FAT-fs (loop2): Directory bread(block 71) failed [ 247.008408][T11468] FAT-fs (loop2): Directory bread(block 72) failed [ 247.015713][T11468] FAT-fs (loop2): Directory bread(block 73) failed [ 247.038571][ T28] audit: type=1400 audit(2000000081.805:2613): avc: denied { execute } for pid=11467 comm="syz.2.4511" dev="tmpfs" ino=1440 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 247.147763][T11478] binder: 11477:11478 ioctl c018620c 200000000080 returned -1 [ 247.174210][T10550] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 247.178696][T11481] loop3: detected capacity change from 0 to 1024 [ 247.193113][T10550] usb 10-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 247.209667][T10550] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.218051][ C1] ================================================================== [ 247.218067][ C1] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480 [ 247.218115][ C1] Write of size 8 at addr ffff88811af70a00 by task kworker/1:6/10550 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 247.218133][ C1] [ 247.218140][ C1] CPU: 1 PID: 10550 Comm: kworker/1:6 Tainted: G W syzkaller #0 [ 247.218165][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 247.218178][ C1] Workqueue: usb_hub_wq hub_event [ 247.218207][ C1] Call Trace: [ 247.218215][ C1] [ 247.218223][ C1] __dump_stack+0x21/0x24 [ 247.218246][ C1] dump_stack_lvl+0xee/0x150 [ 247.218265][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 247.218285][ C1] ? dev_vprintk_emit+0x330/0x3d8 [ 247.218314][ C1] ? announce_device+0x11d/0x2b0 [ 247.218332][ C1] ? enqueue_timer+0xae/0x480 [ 247.218357][ C1] print_address_description+0x71/0x200 [ 247.218385][ C1] print_report+0x4a/0x60 [ 247.218410][ C1] kasan_report+0x122/0x150 [ 247.218432][ C1] ? enqueue_timer+0xae/0x480 [ 247.218460][ C1] __asan_report_store8_noabort+0x17/0x20 [ 247.218478][ C1] enqueue_timer+0xae/0x480 [ 247.218507][ C1] __mod_timer+0x79f/0xb30 [ 247.218531][ C1] mod_timer+0x1f/0x30 [ 247.218552][ C1] can_stat_update+0xb1a/0xbb0 [ 247.218585][ C1] ? __cfi_can_stat_update+0x10/0x10 [ 247.218614][ C1] call_timer_fn+0x46/0x2a0 [ 247.218639][ C1] ? __cfi_can_stat_update+0x10/0x10 [ 247.218668][ C1] __run_timers+0x639/0x9a0 [ 247.218695][ C1] ? calc_index+0x200/0x200 [ 247.218720][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 247.218750][ C1] run_timer_softirq+0x6a/0xf0 [ 247.218774][ C1] handle_softirqs+0x1d7/0x600 [ 247.218797][ C1] ? irqtime_account_irq+0xc4/0x240 [ 247.218825][ C1] __irq_exit_rcu+0x52/0xf0 [ 247.218844][ C1] irq_exit_rcu+0x9/0x10 [ 247.218862][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 247.218888][ C1] [ 247.218896][ C1] [ 247.218903][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 247.218944][ C1] RIP: 0010:console_emit_next_record+0x9e3/0xbc0 [ 247.218975][ C1] Code: de 48 81 e6 00 02 00 00 31 ff e8 78 4a 19 00 48 81 e3 00 02 00 00 75 07 e8 aa 45 19 00 eb 06 e8 a3 45 19 00 fb 0f b6 5c 24 07 <48> c7 84 24 80 00 00 00 0e 36 e0 45 4b c7 04 2e 00 00 00 00 4b c7 [ 247.218992][ C1] RSP: 0018:ffffc90003cff160 EFLAGS: 00000283 [ 247.219199][ C1] RAX: ffffffff8156d85d RBX: 0000000000000001 RCX: 0000000000100000 [ 247.219221][ C1] RDX: ffffc9000f98f000 RSI: 0000000000007c36 RDI: 0000000000007c37 [ 247.219237][ C1] RBP: ffffc90003cff370 R08: 0000000000000004 R09: 0000000000000003 [ 247.219250][ C1] R10: fffff5200079fe1c R11: 1ffff9200079fe1c R12: ffffc90003cff3bf [ 247.219264][ C1] R13: dffffc0000000000 R14: 1ffff9200079fe3c R15: 000000000000005a [ 247.219282][ C1] ? console_emit_next_record+0x9dd/0xbc0 [ 247.219318][ C1] ? __kasan_check_write+0x14/0x20 [ 247.219339][ C1] ? info_print_prefix+0x300/0x300 [ 247.219371][ C1] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 247.219393][ C1] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 247.219427][ C1] ? __cfi_vprintk_store+0x10/0x10 [ 247.219448][ C1] ? format_decode+0xbbf/0x1520 [ 247.219470][ C1] console_unlock+0x23d/0x550 [ 247.219491][ C1] ? down_trylock+0x52/0xb0 [ 247.219519][ C1] ? __cfi_console_unlock+0x10/0x10 [ 247.219543][ C1] ? snprintf+0xd7/0x120 [ 247.219564][ C1] vprintk_emit+0x14d/0x410 [ 247.219586][ C1] ? __cfi_vprintk_emit+0x10/0x10 [ 247.219609][ C1] ? debug_smp_processor_id+0x17/0x20 [ 247.219641][ C1] ? dev_vprintk_emit+0x15c/0x3d8 [ 247.219673][ C1] dev_vprintk_emit+0x330/0x3d8 [ 247.219703][ C1] ? __cfi_dev_vprintk_emit+0x8/0x8 [ 247.219733][ C1] ? __kmem_cache_free+0xb7/0x1b0 [ 247.219761][ C1] dev_printk_emit+0xdd/0x120 [ 247.219788][ C1] ? __cfi_dev_printk_emit+0x8/0x8 [ 247.219817][ C1] __dev_printk+0x17f/0x1b0 [ 247.219836][ C1] _dev_info+0x107/0x150 [ 247.219866][ C1] ? __cfi__dev_info+0x8/0x8 [ 247.219896][ C1] ? usb_detect_static_quirks+0x3f4/0x430 [ 247.219926][ C1] announce_device+0x11d/0x2b0 [ 247.219947][ C1] usb_new_device+0x4eb/0x1520 [ 247.219978][ C1] ? __cfi_usb_new_device+0x10/0x10 [ 247.220017][ C1] hub_event+0x2850/0x4350 [ 247.220057][ C1] ? __cfi_hub_event+0x10/0x10 [ 247.220085][ C1] ? __kasan_check_write+0x14/0x20 [ 247.220102][ C1] ? _raw_spin_lock_irq+0x8f/0xe0 [ 247.220124][ C1] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 247.220144][ C1] ? pwq_dec_nr_in_flight+0x18c/0x3c0 [ 247.220163][ C1] process_one_work+0x71f/0xc40 [ 247.220186][ C1] worker_thread+0xa29/0x11f0 [ 247.220206][ C1] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 247.220234][ C1] kthread+0x281/0x320 [ 247.220255][ C1] ? __cfi_worker_thread+0x10/0x10 [ 247.220274][ C1] ? __cfi_kthread+0x10/0x10 [ 247.220295][ C1] ret_from_fork+0x1f/0x30 [ 247.220324][ C1] [ 247.220332][ C1] [ 247.220337][ C1] Allocated by task 11340: [ 247.220347][ C1] kasan_set_track+0x4b/0x70 [ 247.220368][ C1] kasan_save_alloc_info+0x25/0x30 [ 247.220395][ C1] __kasan_kmalloc+0x95/0xb0 [ 247.220416][ C1] __kmalloc+0xb1/0x1e0 [ 247.220441][ C1] hci_alloc_dev_priv+0x27/0x1bd0 [ 247.220462][ C1] hci_uart_tty_ioctl+0x3d6/0xa20 [ 247.220484][ C1] tty_ioctl+0x8ef/0xc60 [ 247.220502][ C1] __se_sys_ioctl+0x12f/0x1b0 [ 247.220518][ C1] __x64_sys_ioctl+0x7b/0x90 [ 247.220536][ C1] x64_sys_call+0x58b/0x9a0 [ 247.220557][ C1] do_syscall_64+0x4c/0xa0 [ 247.220573][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 247.220595][ C1] [ 247.220599][ C1] Freed by task 11340: [ 247.220616][ C1] kasan_set_track+0x4b/0x70 [ 247.220634][ C1] kasan_save_free_info+0x31/0x50 [ 247.220658][ C1] ____kasan_slab_free+0x132/0x180 [ 247.220679][ C1] __kasan_slab_free+0x11/0x20 [ 247.220700][ C1] slab_free_freelist_hook+0xc2/0x190 [ 247.220725][ C1] __kmem_cache_free+0xb7/0x1b0 [ 247.220746][ C1] kfree+0x6f/0xf0 [ 247.220771][ C1] hci_release_dev+0x12a3/0x13b0 [ 247.220793][ C1] bt_host_release+0x82/0x90 [ 247.220817][ C1] device_release+0xa4/0x1d0 [ 247.220837][ C1] kobject_put+0x19d/0x280 [ 247.220856][ C1] put_device+0x1f/0x30 [ 247.220879][ C1] hci_dev_cmd+0x265/0x720 [ 247.220906][ C1] hci_sock_ioctl+0x41e/0x7f0 [ 247.220930][ C1] sock_do_ioctl+0x101/0x310 [ 247.220956][ C1] sock_ioctl+0x4d8/0x6e0 [ 247.220980][ C1] __se_sys_ioctl+0x12f/0x1b0 [ 247.220997][ C1] __x64_sys_ioctl+0x7b/0x90 [ 247.221068][ C1] x64_sys_call+0x58b/0x9a0 [ 247.221089][ C1] do_syscall_64+0x4c/0xa0 [ 247.221108][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 247.221131][ C1] [ 247.221136][ C1] Last potentially related work creation: [ 247.221143][ C1] kasan_save_stack+0x3a/0x60 [ 247.221164][ C1] __kasan_record_aux_stack+0xb6/0xc0 [ 247.221191][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 247.221219][ C1] insert_work+0x51/0x300 [ 247.221247][ C1] __queue_work+0x9b1/0xd30 [ 247.221269][ C1] queue_work_on+0xd2/0x140 [ 247.221291][ C1] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 247.221313][ C1] hci_cmd_sync_status+0x53/0x120 [ 247.221334][ C1] hci_dev_cmd+0x628/0x720 [ 247.221361][ C1] hci_sock_ioctl+0x41e/0x7f0 [ 247.221383][ C1] sock_do_ioctl+0x101/0x310 [ 247.221409][ C1] sock_ioctl+0x4d8/0x6e0 [ 247.221434][ C1] __se_sys_ioctl+0x12f/0x1b0 [ 247.221451][ C1] __x64_sys_ioctl+0x7b/0x90 [ 247.221468][ C1] x64_sys_call+0x58b/0x9a0 [ 247.221496][ C1] do_syscall_64+0x4c/0xa0 [ 247.221514][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 247.221539][ C1] [ 247.221544][ C1] Second to last potentially related work creation: [ 247.221551][ C1] kasan_save_stack+0x3a/0x60 [ 247.221571][ C1] __kasan_record_aux_stack+0xb6/0xc0 [ 247.221600][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 247.221628][ C1] insert_work+0x51/0x300 [ 247.221657][ C1] __queue_work+0x9b1/0xd30 [ 247.221679][ C1] queue_work_on+0xd2/0x140 [ 247.221701][ C1] hci_cmd_timeout+0x191/0x200 [ 247.221723][ C1] process_one_work+0x71f/0xc40 [ 247.221742][ C1] worker_thread+0xa29/0x11f0 [ 247.221758][ C1] kthread+0x281/0x320 [ 247.221778][ C1] ret_from_fork+0x1f/0x30 [ 247.221801][ C1] [ 247.221805][ C1] The buggy address belongs to the object at ffff88811af70000 [ 247.221805][ C1] which belongs to the cache kmalloc-8k of size 8192 [ 247.221823][ C1] The buggy address is located 2560 bytes inside of [ 247.221823][ C1] 8192-byte region [ffff88811af70000, ffff88811af72000) [ 247.221843][ C1] [ 247.221848][ C1] The buggy address belongs to the physical page: [ 247.221856][ C1] page:ffffea00046bdc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11af70 [ 247.221887][ C1] head:ffffea00046bdc00 order:3 compound_mapcount:0 compound_pincount:0 [ 247.221903][ C1] flags: 0x4000000000010200(slab|head|zone=1) [ 247.221943][ C1] raw: 4000000000010200 ffffea00041ac000 dead000000000004 ffff888100043500 [ 247.221961][ C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 247.221972][ C1] page dumped because: kasan: bad access detected [ 247.221986][ C1] page_owner tracks the page as allocated [ 247.221992][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10833, tgid 10832 (syz.3.4249), ts 232112278013, free_ts 232066959155 [ 247.222035][ C1] post_alloc_hook+0x1f5/0x210 [ 247.222059][ C1] prep_new_page+0x1c/0x110 [ 247.222084][ C1] get_page_from_freelist+0x2c7b/0x2cf0 [ 247.222110][ C1] __alloc_pages+0x1c3/0x450 [ 247.222134][ C1] alloc_slab_page+0x6e/0xf0 [ 247.222162][ C1] new_slab+0x98/0x3d0 [ 247.222188][ C1] ___slab_alloc+0x6bd/0xb20 [ 247.222211][ C1] __slab_alloc+0x5e/0xa0 [ 247.222237][ C1] __kmem_cache_alloc_node+0x203/0x2c0 [ 247.222261][ C1] kmalloc_trace+0x29/0xb0 [ 247.222288][ C1] f2fs_fill_super+0xc5/0x6c70 [ 247.222315][ C1] mount_bdev+0x2bc/0x3f0 [ 247.222340][ C1] f2fs_mount+0x34/0x40 [ 247.222365][ C1] legacy_get_tree+0xfe/0x1a0 [ 247.222390][ C1] vfs_get_tree+0x9a/0x270 [ 247.222416][ C1] do_new_mount+0x25a/0xa20 [ 247.222441][ C1] page last free stack trace: [ 247.222447][ C1] free_unref_page_prepare+0x742/0x750 [ 247.222472][ C1] free_unref_page+0x8f/0x530 [ 247.222495][ C1] __free_pages+0x67/0x100 [ 247.222522][ C1] __free_slab+0xca/0x1a0 [ 247.222547][ C1] discard_slab+0x29/0x40 [ 247.222573][ C1] __slab_free+0x201/0x280 [ 247.222597][ C1] ___cache_free+0xbf/0xd0 [ 247.222620][ C1] qlist_free_all+0xc6/0x140 [ 247.222638][ C1] kasan_quarantine_reduce+0x14a/0x170 [ 247.222657][ C1] __kasan_slab_alloc+0x24/0x80 [ 247.222678][ C1] slab_post_alloc_hook+0x4f/0x2d0 [ 247.222702][ C1] kmem_cache_alloc+0x16e/0x330 [ 247.222726][ C1] getname_flags+0xb9/0x500 [ 247.222752][ C1] user_path_at_empty+0x30/0x1c0 [ 247.222771][ C1] do_readlinkat+0xd4/0x480 [ 247.222791][ C1] __x64_sys_readlink+0x7f/0x90 [ 247.222810][ C1] [ 247.222814][ C1] Memory state around the buggy address: [ 247.222824][ C1] ffff88811af70900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.222837][ C1] ffff88811af70980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.222849][ C1] >ffff88811af70a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.222858][ C1] ^ [ 247.222868][ C1] ffff88811af70a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.222883][ C1] ffff88811af70b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 247.222893][ C1] ================================================================== [ 247.222900][ C1] Disabling lock debugging due to kernel taint [ 247.293898][T11481] EXT4-fs: Ignoring removed orlov option [ 247.465789][T10550] usb 10-1: config 0 descriptor?? [ 247.528776][T11481] EXT4-fs warning (device loop3): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop3. [ 248.182932][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 248.444583][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 248.454060][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B W syzkaller #0 [ 248.463282][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 248.473923][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 248.479715][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 88 dc 28 00 4c 89 ff e8 70 db ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 bc 45 6d 00 49 8b 7d 00 e8 53 d7 [ 248.501086][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 248.507541][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b2880 [ 248.515768][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 248.524200][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 248.532541][ C1] R10: ffffed10235ee139 R11: 1ffff110235ee139 R12: dffffc0000000000 [ 248.541248][ C1] R13: 0000000000000000 R14: ffff88811af709c8 R15: 0000000000000008 [ 248.549600][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 248.559606][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.566321][ C1] CR2: 00007fa984378df4 CR3: 0000000006e0f000 CR4: 00000000003506a0 [ 248.574752][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 248.582839][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 248.591403][ C1] Call Trace: [ 248.594872][ C1] [ 248.597818][ C1] delayed_work_timer_fn+0x61/0x80 [ 248.603041][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 248.608945][ C1] call_timer_fn+0x46/0x2a0 [ 248.614097][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 248.620099][ C1] __run_timers+0x667/0x9a0 [ 248.624645][ C1] ? calc_index+0x200/0x200 [ 248.629192][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 248.634413][ C1] run_timer_softirq+0x6a/0xf0 [ 248.639228][ C1] handle_softirqs+0x1d7/0x600 [ 248.644009][ C1] ? irqtime_account_irq+0xc4/0x240 [ 248.649301][ C1] __irq_exit_rcu+0x52/0xf0 [ 248.654081][ C1] irq_exit_rcu+0x9/0x10 [ 248.658351][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 248.664098][ C1] [ 248.667036][ C1] [ 248.669981][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 248.675976][ C1] RIP: 0010:default_idle+0xf/0x20 [ 248.681099][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d d3 3f 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 248.700977][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257 [ 248.707317][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b2880 RCX: 845be9761ce9d300 [ 248.715390][ C1] RDX: 0000000000000001 RSI: ffffffff85aa1180 RDI: ffffffff85aa1140 [ 248.723956][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917 [ 248.731956][ C1] R10: 0000000000000000 R11: ffffffff84f3f260 R12: 0000000000000000 [ 248.740458][ C1] R13: 0000000000000000 R14: ffff8881003b2880 R15: dffffc0000000000 [ 248.749135][ C1] ? __cfi_default_idle+0x10/0x10 [ 248.754770][ C1] arch_cpu_idle+0x1c/0x20 [ 248.759395][ C1] default_idle_call+0x71/0x1d0 [ 248.764577][ C1] do_idle+0x1a7/0x520 [ 248.769033][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 248.774420][ C1] ? schedule_idle+0x5b/0x90 [ 248.779919][ C1] cpu_startup_entry+0x43/0x60 [ 248.784954][ C1] start_secondary+0x119/0x120 [ 248.789762][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 248.795791][ C1] [ 248.798817][ C1] Modules linked in: [ 248.802805][ C1] ---[ end trace 0000000000000000 ]--- [ 248.808364][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 248.814441][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 88 dc 28 00 4c 89 ff e8 70 db ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 bc 45 6d 00 49 8b 7d 00 e8 53 d7 [ 248.840575][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 248.846925][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b2880 [ 248.855097][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 248.863589][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 248.872304][ C1] R10: ffffed10235ee139 R11: 1ffff110235ee139 R12: dffffc0000000000 [ 248.880821][ C1] R13: 0000000000000000 R14: ffff88811af709c8 R15: 0000000000000008 [ 248.890139][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 248.899351][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.905948][ C1] CR2: 00007fa984378df4 CR3: 0000000006e0f000 CR4: 00000000003506a0 [ 248.914428][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 248.922685][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 248.931738][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 248.939386][ C1] Kernel Offset: disabled [ 248.943735][ C1] Rebooting in 86400 seconds..