last executing test programs: 9.019180369s ago: executing program 2 (id=2867): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020701200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) timer_create(0x0, &(0x7f0000000100)={0x0, 0x1e, 0x0, @thr={&(0x7f0000000380), &(0x7f00000004c0)="b55bc3d37c1e33c63fe5f2f7e2b5e3a8952d04962652e391d1bab8a61ca208a76e569f4eab6f69b218c583ca28746fbf7cb35383f6c6b0abd60d16cce022fd7e99"}}, &(0x7f00000002c0)) timer_gettime(0x0, &(0x7f0000000400)) 8.398191459s ago: executing program 4 (id=2868): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x34, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) (fail_nth: 1) 7.927522558s ago: executing program 2 (id=2869): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x5, {0x5, 0x0, "b72916"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 7.476239254s ago: executing program 4 (id=2871): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000040)) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100736974000c00028008000100", @ANYRES32=r7, @ANYBLOB="0800040000100000"], 0x40}}, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x3fffe, 0x0, 0x0, 0x0, '\x00', r7}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014001180b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r9}, 0x10) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000c00)=0x4) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000000)) write$ppp(0xffffffffffffffff, &(0x7f0000000280)='\x00!', 0x2) syz_usb_control_io$hid(r0, 0x0, 0x0) 6.093783686s ago: executing program 1 (id=2882): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x608, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x668) 5.92624585s ago: executing program 2 (id=2883): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x23, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 5.847488576s ago: executing program 2 (id=2884): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=0x0, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x5, {0x5, 0x0, "b72916"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 5.847065226s ago: executing program 1 (id=2885): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') pipe2$9p(&(0x7f0000000200), 0x84800) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='gid_map\x00') write$P9_RSTATu(r1, 0x0, 0x70) fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x20, r4, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x40, 0x13}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, 0x0}) r6 = syz_open_procfs(r5, &(0x7f0000000600)='fd/4\x00') r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) pipe2$9p(&(0x7f0000000380), 0x100) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xffffff36}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r10 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendto$packet(r10, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r11}, 0x14) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0x40286608, &(0x7f0000000180)={@id={0x2, 0x0, @d}}) 5.701603228s ago: executing program 4 (id=2888): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x30}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) utimes(&(0x7f0000000280)='./file0\x00', 0x0) 5.685795359s ago: executing program 4 (id=2889): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000"], 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x40}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, 0x0) 5.18946712s ago: executing program 1 (id=2886): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x33d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0xfd, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000100)={{0x3, 0x3, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000440)={0x0, 0x3}) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r5 = accept4$unix(r3, 0x0, 0x0, 0x0) setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000000c0), 0x4) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000380)={0x0, 0x2, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82577ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000280)={0x20, 0xf, 0x2, 'u,'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) llistxattr(&(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0) 4.438146581s ago: executing program 1 (id=2892): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x5, {0x5, 0x0, "b72916"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 4.32732766s ago: executing program 0 (id=2895): bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x0) write$FUSE_INIT(r0, &(0x7f0000000340)={0x50}, 0x50) vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r0, 0x407, 0x2000000) (fail_nth: 2) 4.039865253s ago: executing program 0 (id=2896): mkdir(0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0), 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]}) 3.648803225s ago: executing program 2 (id=2897): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000040)) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100736974000c00028008000100", @ANYRES32=r7, @ANYBLOB="0800040000100000"], 0x40}}, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x3fffe, 0x0, 0x0, 0x0, '\x00', r7}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014001180b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r9}, 0x10) ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000c00)=0x4) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000000)) write$ppp(0xffffffffffffffff, &(0x7f0000000280)='\x00!', 0x2) syz_usb_control_io$hid(r0, 0x0, 0x0) 3.184812432s ago: executing program 0 (id=2898): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$can_raw(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r2}, 0x10, &(0x7f00000003c0)={0x0, 0x10}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x100008b}, 0x0) sched_setscheduler(0xffffffffffffffff, 0x5, &(0x7f0000000000)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r7}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r8}, 0x10) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = dup(r10) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r12, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 3.073093111s ago: executing program 0 (id=2899): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x30}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) utimes(&(0x7f0000000280)='./file0\x00', 0x0) 3.072763012s ago: executing program 0 (id=2900): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b00000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f00000000c0)='P', &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f0000000300)='@', 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000340)={r3, &(0x7f0000000400), 0x20000000}, 0x20) socket$unix(0x1, 0x5, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10) rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') preadv(r4, &(0x7f0000000340)=[{&(0x7f0000000180)=""/109, 0x6d}], 0x1, 0x0, 0x0) 2.527559055s ago: executing program 4 (id=2902): r0 = syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d34, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "6f7f5e18"}]}}, 0x0}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.401373326s ago: executing program 1 (id=2903): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x33d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0xfd, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000100)={{0x3, 0x3, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000440)={0x0, 0x3}) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r5 = accept4$unix(r3, 0x0, 0x0, 0x0) setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000000c0), 0x4) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000380)={0x0, 0x2, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82577ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000280)={0x20, 0xf, 0x2, 'u,'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) llistxattr(&(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0) 2.195572282s ago: executing program 0 (id=2904): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=0x0, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x5, {0x5, 0x0, "b72916"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.933746874s ago: executing program 3 (id=2905): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000e960dd227c915797110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000081000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r1) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8) 1.883564278s ago: executing program 3 (id=2906): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r4, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) (fail_nth: 2) 1.661553105s ago: executing program 3 (id=2907): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000d40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x608, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x668) 1.428360615s ago: executing program 1 (id=2908): r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0xbe, &(0x7f0000000100)=[{}, {}], 0x10, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x89, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010008020d00000904010102020d0000090582020002000000090503020002000000bc94ef907df247d46eaa274c8f51e61fb4cfc6664d5c9315a37e6e4eae4cdd654f17856753d01b00310244243631e819a05df18c7f"], 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000080)='./file2\x00', 0x100080d, &(0x7f0000000a80)=ANY=[@ANYRES32=0x0, @ANYBLOB="de60d8dc536d5258d6a94ad55604a34dc65b7ef79c1a1754e4cadfe21823d0c10a15d53dba5f2d2bc67ef2477d0412534e2f5151c7a60c8f5d6c634d173fecb5de9207a7090d302229cd3f210d34e4584c824c9dda7d35e0d7a06cd667bf9cced32944ca27d8a80e62cf6310db869ee250fb65467e3b11ad5042d600c6b8f18454d57df621e578fef0a3a93c14609231", @ANYRES8, @ANYRESDEC, @ANYBLOB="215aa15bf29ed2ff6f9241ff60693d298a3d41143bfc9091146111b4930c37eddcf542d641b821af229e7d8780d50b6f47fa3e5928555eb4d6d507d92b87b0b01c19c789895e02891afc082bb85a47087f168a6aa2c2bc51a3f3a404a4a1e6e2fbad00d592df65bd2a593f488bf41dbc7ea43fe2554fbe34e4a77f606f35e445aff55aaa19f7ffffffffffffff19bd4739c80c9e6681229c48e0c6de634c35c029c4eb3b4341ffff089416a3d63f08577a303758410658a4ec52e5b778eda9cd1bd8834e145c111690b0da927087e805000000000000008fd8b9bdfbdaa777db54127463a589eed325c34b6459505702f3a45f285c53c1b25bab2eef6324d67ad8d7e247317d80ff3ad9120b4e2294e67de9adaab76fa991571a187cd8f7fbc49bf45d6f8dbf69ef0d765a02ad98e802b1688148a8c017e3af238f82c49bbd8ba542fbfec5693d82158e3216b95656986f9d7eec7244a27dfaf8623fc76943bf142a61d9d6c622dbcac3d324d07be5a5cc88f85a857ff9d45924d5d82a04424d3453c96fafa37d952940f3147d5af234b39c3ff742a2e5300e10ee692a32f5c3321d44eadaa8c44bf9d534b52fe758082299e04f839e529a6d0293bf12770ac948730a0c367e117137c6fd930b1f306138163b7180e111d6926255a71bd227b1d27f2897721e3bda884b0792a81134d8fbc9aafc732b15aee5c9e0a835ac17b457efa36ce1095a3196d278207846ea81172826d49b87aac6e662bb824f16b0b65fc6989395ba022bd6af2f1830375c311bdf55f15d9830564e65dc76e5b7c9a91e857dbcef3909cfd628649337de6ff04a398f4325a430467aee51d7fa12ef61bc0b67d1e18e62754d8a2b65fb", @ANYRESOCT, @ANYRESOCT=0x0, @ANYRES32, @ANYRESDEC, @ANYRESOCT, @ANYRES64, @ANYRES8, @ANYBLOB="3dea3f"], 0xff, 0x1fc, &(0x7f0000002c80)="$eJzsmb+LE0EUx78zu5c9DxFsLGwsPPBEb39F5ZorThArQYiilsFsQnCTSLJCEhANNjaWIoKt/4CFRSoLOztbLVQQLEwpWAgjMztuJokbExQN+D5wc995M/PmzbD7TbEgCOK/5cP7L+8enN25dBLAfmzC0fFP1ngOB7Le28e3TjzcPffk2ZunL5sHbg+n860DEGLx/WXiF3sWEtUTQtyZHN+UzaPJ2GVwHNf6Chhc3JXym1Ck8QgM15SygUwDrX1axJF7vRVXqvU48mUTyCaUTdHcS64eDRgq2dmEYMZ4p9e/UY7jqD0t1sSPfWaGlhXz7k/Vt8exq/uyPg7g6v17A9l3ddwHT+8SQACOQOsiGEpa78CB67rjKzHOf9ge57cWOf+/Euxr+hjIyMHtP5hZXsAqHPDvC/kC/XqycFag1IUEm47IFzqLHBoNX82u+rgqxecLhhzHUcZlPr3n9ZzXG3F84Tc2LegdZ4cs05+YDRwz/MmGnfmHlzRuep1ef7veKNeiWtQMw+IZ/5Tvnw69at2B7yk7muN/68qfNoz8a+YE4welwArolpOkHXSBpB1k/TBtDcctPW99Vmu48j+OraNpDnnJ6tjOz+th+o+r/1JtWbnFEwRBEARBEARBEARBEARBLMURMKSfQNSHKpFDeFHN/h4AAP//g4dqzQ==") stat(&(0x7f0000005280)='./file0\x00', 0x0) dup(0xffffffffffffffff) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000071122700000000009500c9df00000000de54efd337d35285c161c5277edb8ebb15b58f91a5ee2dfc464680aaeda509f80db720be849cfad349052a513d731f3e1ab1616de782ebeab3fad78b022a9488de94c51041787406824c841f2e132d053e63230d79544561215df07865865ca3b1d4cd0ca39c621b8bcb16c583a7d45d18615d25d7189e29edf825cc4555d6357089204333610ca3ad8e0bd555a1a819abd1c3df59e861ad355c8b4c483a06d01b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x11}}}, 0x1e) connect$pptp(r3, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000380)={0x14, &(0x7f0000000ec0)=ANY=[@ANYBLOB="400dae000000ae06173f3627f5404b6e6b6c7a5fe4db5a83630cce986a9b1b8a213f109c098e8fa8145a0c4d58bc15a92772afcb3cfa4d7e2a7522c1533c1654ae91d1ed9de1c4490488ed11953d195bfb6fd8238a0181bbcfe27e1ecaa79793ff27645914aaafa1312a1815193dcd7af2a7e1384c1c2b6a67239fcc47685367c06d1bfd5e0591667a0e0cde45d7c90c09c32d950001ec07e82416c5f44e5e3746131bdd4e6fc9fcf839363c206f78edd1af9a3f17023f8844259399ef188eba924058d83346fd6639c2160063d9b890be0392a6267142c7bf6dd12a3bec238aa43de3cb4e62b5ae5182732f15aa167a411cea0a596f784a0e51debba40d81ef1723a04b7c2f6ff3e77871847245f03dfef47e07c5ce354ff2dd19d0d7315cbd1a6f5db910068920d27a6a5279017e2eeb4549d5e454913a5c99e990bfa3461f5ae6e079a3c50fe7b86f5adddbc1c0d104cf82337fb21175bdc3c10d599a3b193c6591"], 0x0}, &(0x7f00000009c0)={0x44, &(0x7f0000000e00)=ANY=[@ANYBLOB="20159800000084bc90b51cd0cb9125a6e7ba8536532aa552e796d0962066dee140dc9098b68befdd1267ba1f3eb407d3414e36e668228cbb58e6efa2c5fe5a3515d9afcd8dc6ac33773032108a40e2ffcaec4954533204b3e792a25e22f2f6809b1cf6684a798b15c0a0e93352db7d01990f426d36904824d54395d1de1f39c411d16c7ff82b9709c5fa556c756296de1b1eb5c358f36ef7a5742a2f18f4488555dff410dd0000000000000000"], &(0x7f0000000400)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000500)={0x20, 0x80, 0x1c, {0x7, 0x8a, 0x2, 0x3, 0x5, 0x1, 0x80, 0xa455, 0x400, 0xb6, 0xffff, 0x8}}, &(0x7f0000000640)={0x20, 0x85, 0x4, 0xffffffc0}, &(0x7f0000000900)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000940)={0x20, 0x87, 0x2, 0x3bf3}, &(0x7f0000000980)={0x20, 0x89, 0x2}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r5 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246) writev(r5, &(0x7f0000000680)=[{&(0x7f00000002c0)="2614", 0xf00}], 0x1) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f0000000000)={0x1, 0x40, 0xeb, 0x101, 0x1a, "3e450f5726b4412a3327c17f177f7b72f19409"}) 802.057966ms ago: executing program 3 (id=2909): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0xa}, {0x0, [0x61, 0x0, 0x5f, 0x30, 0x30, 0x30, 0x60, 0x2e]}}, &(0x7f0000000680)=""/216, 0x22, 0xd8, 0x1, 0x9}, 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8}]}}]}, 0x38}}, 0x0) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r4 = dup2(r3, r3) write$tun(r4, 0x0, 0x2d) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0x0, '\x00', 0x0, r4}, 0x48) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6}, &(0x7f0000000040), &(0x7f0000000140)=r5}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 789.963766ms ago: executing program 3 (id=2910): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$can_raw(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r2}, 0x10, &(0x7f00000003c0)={0x0, 0x10}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x100008b}, 0x0) sched_setscheduler(0xffffffffffffffff, 0x5, &(0x7f0000000000)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r7}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r8}, 0x10) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = dup(r10) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r12, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 646.812528ms ago: executing program 3 (id=2911): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x27b8, 0x1ed, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x0, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x6, {[@global=@item_012={0x2, 0x1, 0x3, "8daf"}, @global=@item_012={0x2, 0x1, 0x4, ',!'}]}}, 0x0}, 0x0) 575.508054ms ago: executing program 2 (id=2912): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x608, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x668) 0s ago: executing program 4 (id=2913): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x54, 0x54, 0xa, [@union={0x2, 0x6, 0x0, 0x5, 0x1, 0x6, [{0x7, 0x3}, {0xd, 0x5, 0xf159}, {0xa, 0x5, 0x8}, {0x7, 0x3, 0x15e7}, {0x10, 0x4, 0xffff0001}, {0xd, 0x1, 0x83}]}]}, {0x0, [0x61, 0x0, 0x5f, 0x30, 0x30, 0x30, 0x60, 0x2e]}}, &(0x7f0000000680)=""/216, 0x76, 0xd8, 0x1, 0x9}, 0x20) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8}]}}]}, 0x38}}, 0x0) socket$inet6(0xa, 0x3, 0xff) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00', r3}, 0x10) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) epoll_create(0x689) kernel console output (not intermixed with test programs): d, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 130.496820][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.505493][ T310] usb 1-1: config 0 descriptor?? [ 130.608487][ T26] logitech-hidpp-device 0003:046D:C086.001B: item fetching failed at offset 2/5 [ 130.617710][ T26] logitech-hidpp-device 0003:046D:C086.001B: hidpp_probe:parse failed [ 130.625791][ T26] logitech-hidpp-device: probe of 0003:046D:C086.001B failed with error -22 [ 130.741479][ T6719] loop2: detected capacity change from 0 to 512 [ 130.862946][ T6044] usb 2-1: USB disconnect, device number 20 [ 130.873949][ T6719] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 130.885477][ T6719] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 130.895525][ T6719] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.2680: Corrupt directory, running e2fsck is recommended [ 130.912716][ T6719] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 130.920578][ T6719] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.2680: corrupted in-inode xattr [ 130.932915][ T6719] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2680: couldn't read orphan inode 15 (err -117) [ 130.944889][ T6719] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.nouid32,auto_da_alloc,jqfmt=vfsv1,i_version,,,errors=continue. Quota mode: writeback. [ 130.971787][ T6718] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 130.983152][ T6718] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 130.993027][ T6718] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.2680: Corrupt directory, running e2fsck is recommended [ 131.012230][ T6718] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 131.023529][ T6718] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 131.033426][ T6718] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.2680: Corrupt directory, running e2fsck is recommended [ 131.046104][ T6718] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 3: comm syz.2.2680: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 131.147493][ T533] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 131.147533][ T310] usbhid 1-1:0.0: can't add hid device: -71 [ 131.160759][ T310] usbhid: probe of 1-1:0.0 failed with error -71 [ 131.167884][ T310] usb 1-1: USB disconnect, device number 18 [ 131.507851][ T533] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.518703][ T533] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.528292][ T533] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 131.537121][ T533] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.545445][ T533] usb 5-1: config 0 descriptor?? [ 131.667501][ T310] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 131.704263][ T6044] usb 4-1: USB disconnect, device number 15 [ 131.747507][ T26] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 131.795822][ T6735] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 131.804406][ T6735] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 131.815940][ T6735] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 131.867488][ T294] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 132.067574][ T310] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.078400][ T310] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 132.087551][ T533] usbhid 5-1:0.0: can't add hid device: -71 [ 132.096837][ T533] usbhid: probe of 5-1:0.0 failed with error -71 [ 132.105213][ T533] usb 5-1: USB disconnect, device number 20 [ 132.137600][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.148464][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.158103][ T26] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 132.166884][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.175558][ T26] usb 3-1: config 0 descriptor?? [ 132.227588][ T294] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.238334][ T294] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.247881][ T294] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 132.256713][ T294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.265078][ T294] usb 1-1: config 0 descriptor?? [ 132.277554][ T310] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 132.286471][ T310] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.294386][ T310] usb 2-1: Product: syz [ 132.298346][ T310] usb 2-1: Manufacturer: syz [ 132.302721][ T310] usb 2-1: SerialNumber: syz [ 132.658262][ T26] logitech-hidpp-device 0003:046D:C086.001C: item fetching failed at offset 2/5 [ 132.667275][ T26] logitech-hidpp-device 0003:046D:C086.001C: hidpp_probe:parse failed [ 132.675324][ T26] logitech-hidpp-device: probe of 0003:046D:C086.001C failed with error -22 [ 132.748528][ T294] hid-led 0003:27B8:01ED.001D: item fetching failed at offset 3/5 [ 132.756352][ T294] hid-led: probe of 0003:27B8:01ED.001D failed with error -22 [ 132.827525][ T6044] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 132.859136][ T26] usb 3-1: USB disconnect, device number 32 [ 132.907529][ T294] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 132.950725][ T6017] usb 1-1: USB disconnect, device number 19 [ 133.067506][ T6044] usb 5-1: Using ep0 maxpacket: 32 [ 133.147566][ T294] usb 4-1: Using ep0 maxpacket: 16 [ 133.187598][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.198407][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.207861][ T6044] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 133.216678][ T6044] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.225435][ T6044] usb 5-1: config 0 descriptor?? [ 133.268036][ T6044] hub 5-1:0.0: USB hub found [ 133.277607][ T294] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 133.286470][ T294] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 133.295975][ T294] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 133.305424][ T294] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 133.314955][ T294] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 133.324500][ T294] usb 4-1: config 1 interface 0 has no altsetting 0 [ 133.330959][ T294] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 133.339767][ T294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.389074][ T294] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 133.408335][ T6726] loop1: detected capacity change from 0 to 16 [ 133.488157][ T6726] erofs: (device loop1): mounted with root inode @ nid 36. [ 133.493396][ T6044] hub 5-1:0.0: 1 port detected [ 133.507725][ T6726] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -1027 in[4096, 0] out[4096] [ 133.537566][ T310] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 133.543908][ T310] cdc_ncm 2-1:1.0: dwNtbInMaxSize=3 is too small. Using 2048 [ 133.551391][ T310] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 133.608094][ T294] scsi host1: usb-storage 4-1:1.0 [ 133.749739][ T310] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 133.826120][ T310] usb 4-1: USB disconnect, device number 16 [ 133.953774][ T60] usb 2-1: USB disconnect, device number 21 [ 133.960231][ T60] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 134.147576][ T6044] hub 5-1:0.0: activate --> -90 [ 134.248443][ T30] audit: type=1400 audit(1720346023.535:372): avc: denied { remount } for pid=6782 comm="syz.2.2692" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 134.351245][ T310] usb 5-1: USB disconnect, device number 21 [ 134.367731][ T6044] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 134.607636][ T6017] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 134.657498][ T6044] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 134.797575][ T533] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 134.807621][ T821] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 134.949802][ T6799] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 134.958372][ T6799] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 134.969745][ T6799] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 134.977949][ T6017] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.988715][ T6017] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.998302][ T6017] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 135.007094][ T6017] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.016597][ T6017] usb 1-1: config 0 descriptor?? [ 135.021559][ T6044] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.032423][ T6044] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.041952][ T533] usb 4-1: Using ep0 maxpacket: 16 [ 135.046861][ T6044] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 135.055798][ T6044] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.064225][ T6044] usb 3-1: config 0 descriptor?? [ 135.157617][ T533] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 135.170419][ T533] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 135.179190][ T533] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.187833][ T533] usb 4-1: config 0 descriptor?? [ 135.217572][ T821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.228023][ T533] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 135.230102][ T821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.245046][ T821] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 135.253934][ T821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.262202][ T821] usb 2-1: config 0 descriptor?? [ 135.508671][ T6017] logitech-hidpp-device 0003:046D:C086.001E: item fetching failed at offset 2/5 [ 135.518006][ T6017] logitech-hidpp-device 0003:046D:C086.001E: hidpp_probe:parse failed [ 135.527346][ T6017] logitech-hidpp-device: probe of 0003:046D:C086.001E failed with error -22 [ 135.627533][ T6044] usbhid 3-1:0.0: can't add hid device: -71 [ 135.633355][ T6044] usbhid: probe of 3-1:0.0 failed with error -71 [ 135.641577][ T6044] usb 3-1: USB disconnect, device number 33 [ 135.720349][ T26] usb 1-1: USB disconnect, device number 20 [ 135.847559][ T821] usbhid 2-1:0.0: can't add hid device: -71 [ 135.853383][ T821] usbhid: probe of 2-1:0.0 failed with error -71 [ 135.860614][ T821] usb 2-1: USB disconnect, device number 22 [ 136.007482][ T6017] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 136.092109][ T6809] UDC core: couldn't find an available UDC or it's busy: -16 [ 136.099394][ T6809] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 136.109859][ T329] Bluetooth: hci0: Frame reassembly failed (-84) [ 136.286075][ T30] audit: type=1400 audit(1720346025.565:373): avc: denied { write } for pid=6814 comm="syz.1.2704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 136.397591][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.408578][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.418254][ T6017] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 136.427113][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.435467][ T6017] usb 5-1: config 0 descriptor?? [ 136.929150][ T6017] logitech-hidpp-device 0003:046D:C086.001F: item fetching failed at offset 2/5 [ 136.938322][ T6017] logitech-hidpp-device 0003:046D:C086.001F: hidpp_probe:parse failed [ 136.946682][ T6017] logitech-hidpp-device: probe of 0003:046D:C086.001F failed with error -22 [ 137.132203][ T6017] usb 5-1: USB disconnect, device number 22 [ 137.241884][ T6827] loop0: detected capacity change from 0 to 40427 [ 137.320124][ T6827] F2FS-fs (loop0): Found nat_bits in checkpoint [ 137.351506][ T6827] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 137.367831][ T329] attempt to access beyond end of device [ 137.367831][ T329] loop0: rw=2049, want=45104, limit=40427 [ 137.379643][ T6837] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 137.395494][ T6017] usb 4-1: USB disconnect, device number 17 [ 137.414358][ T6837] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 138.007567][ T6017] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 138.199780][ T26] Bluetooth: hci0: command 0x1003 tx timeout [ 138.207736][ T1746] Bluetooth: hci0: sending frame failed (-49) [ 138.407541][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.418434][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.428378][ T6017] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 138.437341][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.445755][ T6017] usb 4-1: config 0 descriptor?? [ 138.497492][ T533] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 138.537553][ T26] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 138.867703][ T533] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.894971][ T533] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.922662][ T533] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 138.933056][ T533] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.964203][ T533] usb 2-1: config 0 descriptor?? [ 138.975303][ T6017] logitech-hidpp-device 0003:046D:C086.0020: item fetching failed at offset 2/5 [ 139.012804][ T6017] logitech-hidpp-device 0003:046D:C086.0020: hidpp_probe:parse failed [ 139.022476][ T6017] logitech-hidpp-device: probe of 0003:046D:C086.0020 failed with error -22 [ 139.057560][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.068415][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.078133][ T26] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 139.086938][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.095999][ T26] usb 1-1: config 0 descriptor?? [ 139.174087][ T6017] usb 4-1: USB disconnect, device number 18 [ 139.488853][ T533] hid-led 0003:27B8:01ED.0021: item fetching failed at offset 3/5 [ 139.496680][ T533] hid-led: probe of 0003:27B8:01ED.0021 failed with error -22 [ 139.568479][ T26] logitech-hidpp-device 0003:046D:C086.0022: item fetching failed at offset 2/5 [ 139.577593][ T26] logitech-hidpp-device 0003:046D:C086.0022: hidpp_probe:parse failed [ 139.585648][ T26] logitech-hidpp-device: probe of 0003:046D:C086.0022 failed with error -22 [ 139.689625][ T533] usb 2-1: USB disconnect, device number 23 [ 139.723497][ T30] audit: type=1400 audit(1720346029.005:374): avc: denied { getopt } for pid=6872 comm="syz.3.2722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 139.747814][ T6873] device wireguard0 entered promiscuous mode [ 139.770320][ T26] usb 1-1: USB disconnect, device number 21 [ 139.819380][ T6876] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6876 comm=syz.3.2723 [ 140.047509][ T6017] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 140.167502][ T60] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 140.287522][ T6017] usb 5-1: Using ep0 maxpacket: 16 [ 140.287885][ T26] Bluetooth: hci0: command 0x1001 tx timeout [ 140.299715][ T1746] Bluetooth: hci0: sending frame failed (-49) [ 140.417525][ T60] usb 4-1: Using ep0 maxpacket: 32 [ 140.417594][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 140.435195][ T6017] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 140.444172][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.453491][ T6017] usb 5-1: config 0 descriptor?? [ 140.498029][ T6017] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 140.537673][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.548757][ T39] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 140.556251][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.565881][ T60] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 140.574808][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.585307][ T60] usb 4-1: config 0 descriptor?? [ 140.627969][ T60] hub 4-1:0.0: USB hub found [ 140.907556][ T39] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.918623][ T39] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 141.187557][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 141.196475][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.204268][ T39] usb 2-1: Product: syz [ 141.208265][ T39] usb 2-1: Manufacturer: syz [ 141.212658][ T39] usb 2-1: SerialNumber: syz [ 141.387522][ T310] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 141.747559][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.758327][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.767843][ T310] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 141.776681][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.785045][ T310] usb 1-1: config 0 descriptor?? [ 142.268989][ T310] logitech-hidpp-device 0003:046D:C086.0023: item fetching failed at offset 2/5 [ 142.278044][ T310] logitech-hidpp-device 0003:046D:C086.0023: hidpp_probe:parse failed [ 142.286170][ T310] logitech-hidpp-device: probe of 0003:046D:C086.0023 failed with error -22 [ 142.338531][ T6896] loop1: detected capacity change from 0 to 16 [ 142.377558][ T294] Bluetooth: hci0: command 0x1009 tx timeout [ 142.379332][ T6896] erofs: (device loop1): mounted with root inode @ nid 36. [ 142.396258][ T6896] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -1027 in[4096, 0] out[4096] [ 142.437545][ T39] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 142.443920][ T39] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 142.451167][ T39] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 142.470955][ T294] usb 1-1: USB disconnect, device number 22 [ 142.632721][ T26] usb 5-1: USB disconnect, device number 23 [ 142.648525][ T39] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 142.880414][ T533] usb 2-1: USB disconnect, device number 24 [ 142.897642][ T533] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 143.017526][ T60] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 143.287506][ T294] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 143.307575][ T60] usbhid 4-1:0.0: can't add hid device: -71 [ 143.313384][ T60] usbhid: probe of 4-1:0.0 failed with error -71 [ 143.357830][ T60] usb 4-1: USB disconnect, device number 19 [ 143.647596][ T294] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.658395][ T294] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.669113][ T294] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 143.677997][ T294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.686509][ T294] usb 1-1: config 0 descriptor?? [ 143.747635][ T39] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 143.897713][ T60] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 144.107641][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.118552][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.128290][ T39] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 144.137041][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.145045][ T310] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 144.153054][ T39] usb 5-1: config 0 descriptor?? [ 144.168401][ T294] hid-led 0003:27B8:01ED.0024: item fetching failed at offset 3/5 [ 144.176194][ T294] hid-led: probe of 0003:27B8:01ED.0024 failed with error -22 [ 144.287604][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.298420][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.307994][ T60] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 144.317081][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.325742][ T60] usb 2-1: config 0 descriptor?? [ 144.369904][ T294] usb 1-1: USB disconnect, device number 23 [ 144.417534][ T310] usb 4-1: Using ep0 maxpacket: 32 [ 144.537573][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.548294][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.557828][ T310] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 144.566728][ T310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.575419][ T310] usb 4-1: config 0 descriptor?? [ 144.618032][ T310] hub 4-1:0.0: USB hub found [ 144.648549][ T39] logitech-hidpp-device 0003:046D:C086.0025: item fetching failed at offset 2/5 [ 144.657620][ T39] logitech-hidpp-device 0003:046D:C086.0025: hidpp_probe:parse failed [ 144.665587][ T39] logitech-hidpp-device: probe of 0003:046D:C086.0025 failed with error -22 [ 144.854294][ T6017] usb 5-1: USB disconnect, device number 24 [ 144.897643][ T60] usbhid 2-1:0.0: can't add hid device: -71 [ 144.903671][ T60] usbhid: probe of 2-1:0.0 failed with error -71 [ 144.944617][ T60] usb 2-1: USB disconnect, device number 25 [ 145.146533][ T6966] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 145.155205][ T6966] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 145.166698][ T6966] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 145.521616][ T30] audit: type=1400 audit(1720346034.805:375): avc: denied { getopt } for pid=6977 comm="syz.4.2749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 145.587560][ T6017] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 145.616353][ T6982] loop4: detected capacity change from 0 to 512 [ 145.668352][ T6982] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 145.677613][ T6982] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 145.686501][ T6982] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 145.695591][ T6982] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 145.703637][ T6982] System zones: 0-2, 18-18, 34-34 [ 145.709923][ T6982] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 145.735337][ T6982] EXT4-fs (loop4): 1 truncate cleaned up [ 145.755069][ T6982] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 145.781000][ T30] audit: type=1400 audit(1720346035.065:376): avc: denied { write } for pid=6980 comm="syz.4.2750" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 145.804882][ T30] audit: type=1400 audit(1720346035.085:377): avc: denied { ioctl } for pid=6980 comm="syz.4.2750" path="/492/file1/file1" dev="loop4" ino=15 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 145.884502][ T30] audit: type=1400 audit(1720346035.165:378): avc: denied { ioctl } for pid=6989 comm="syz.0.2753" path="socket:[37593]" dev="sockfs" ino=37593 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 145.909445][ T30] audit: type=1400 audit(1720346035.165:379): avc: denied { read } for pid=6989 comm="syz.0.2753" path="socket:[37593]" dev="sockfs" ino=37593 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 145.967637][ T6017] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.978452][ T6017] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.988207][ T6017] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 145.997121][ T6017] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.005792][ T6017] usb 2-1: config 0 descriptor?? [ 146.488601][ T6017] logitech-hidpp-device 0003:046D:C086.0026: item fetching failed at offset 2/5 [ 146.498088][ T6017] logitech-hidpp-device 0003:046D:C086.0026: hidpp_probe:parse failed [ 146.506145][ T6017] logitech-hidpp-device: probe of 0003:046D:C086.0026 failed with error -22 [ 146.520581][ T6993] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.529161][ T6993] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.536340][ T6993] device bridge_slave_0 entered promiscuous mode [ 146.543336][ T6993] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.550351][ T6993] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.558054][ T6993] device bridge_slave_1 entered promiscuous mode [ 146.598587][ T6993] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.605444][ T6993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.613044][ T6993] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.619802][ T6993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.640823][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 146.648401][ T533] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.655441][ T533] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.664431][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 146.672505][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.679356][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.691354][ T533] usb 2-1: USB disconnect, device number 26 [ 146.694342][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.705363][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.712234][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.730482][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 146.738416][ T294] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 146.746128][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.754214][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.765314][ T6993] device veth0_vlan entered promiscuous mode [ 146.771630][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 146.777613][ T821] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 146.779956][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 146.793876][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 146.808370][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 146.817309][ T6993] device veth1_macvtap entered promiscuous mode [ 146.826490][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 146.839875][ T6044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 146.937580][ T310] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 146.977595][ T294] usb 1-1: Using ep0 maxpacket: 32 [ 147.018067][ T328] device bridge_slave_1 left promiscuous mode [ 147.024096][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.031537][ T328] device bridge_slave_0 left promiscuous mode [ 147.037816][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.045400][ T328] device veth1_macvtap left promiscuous mode [ 147.051358][ T310] usbhid 4-1:0.0: can't add hid device: -71 [ 147.051620][ T328] device veth0_vlan left promiscuous mode [ 147.057193][ T310] usbhid: probe of 4-1:0.0 failed with error -71 [ 147.097574][ T294] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.108621][ T294] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 147.117483][ T294] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 147.126388][ T294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.134238][ T6044] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 147.142742][ T294] usb 1-1: config 0 descriptor?? [ 147.157603][ T821] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.168775][ T821] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.178540][ T821] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 147.187638][ T821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.196540][ T821] usb 5-1: config 0 descriptor?? [ 147.277741][ T310] usb 4-1: reset high-speed USB device number 20 using dummy_hcd [ 147.317864][ T310] usb 4-1: device reset changed ep0 maxpacket size! [ 147.324380][ T310] usb 4-1: USB disconnect, device number 20 [ 147.507521][ T39] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 147.615133][ T6044] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.625843][ T6044] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.635398][ T6044] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 147.644228][ T6044] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.653030][ T6044] usb 3-1: config 0 descriptor?? [ 147.697667][ T310] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 147.706035][ T821] logitech-hidpp-device 0003:046D:C086.0027: item fetching failed at offset 2/5 [ 147.715150][ T821] logitech-hidpp-device 0003:046D:C086.0027: hidpp_probe:parse failed [ 147.723241][ T821] logitech-hidpp-device: probe of 0003:046D:C086.0027 failed with error -22 [ 147.887554][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.898532][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.908185][ T39] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 147.908211][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.909521][ T39] usb 2-1: config 0 descriptor?? [ 147.920341][ T533] usb 5-1: USB disconnect, device number 25 [ 148.127578][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.138744][ T6044] hid-led 0003:27B8:01ED.0028: item fetching failed at offset 3/5 [ 148.140333][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.146545][ T6044] hid-led: probe of 0003:27B8:01ED.0028 failed with error -22 [ 148.156229][ T310] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 148.172342][ T310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.180723][ T310] usb 4-1: config 0 descriptor?? [ 148.369199][ T533] usb 3-1: USB disconnect, device number 34 [ 148.388401][ T39] logitech-hidpp-device 0003:046D:C086.0029: item fetching failed at offset 2/5 [ 148.397398][ T39] logitech-hidpp-device 0003:046D:C086.0029: hidpp_probe:parse failed [ 148.405588][ T39] logitech-hidpp-device: probe of 0003:046D:C086.0029 failed with error -22 [ 148.589779][ T821] usb 2-1: USB disconnect, device number 27 [ 148.689146][ T310] hid-led 0003:27B8:01ED.002A: item fetching failed at offset 3/5 [ 148.696922][ T310] hid-led: probe of 0003:27B8:01ED.002A failed with error -22 [ 148.737575][ T39] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 148.906097][ T310] usb 4-1: USB disconnect, device number 21 [ 148.986908][ T7016] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 148.995468][ T7016] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 149.006814][ T7016] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 149.162792][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.173871][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.183667][ T39] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 149.192566][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.201256][ T39] usb 5-1: config 0 descriptor?? [ 149.461881][ T7013] UDC core: couldn't find an available UDC or it's busy: -16 [ 149.469423][ T7013] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 149.550883][ T26] usb 1-1: USB disconnect, device number 24 [ 150.024624][ T39] hid-rmi 0003:06CB:81A7.002B: unknown main item tag 0x0 [ 150.039257][ T30] audit: type=1400 audit(1720346039.315:380): avc: denied { bind } for pid=7033 comm="syz.0.2767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 150.104595][ T39] hid-rmi 0003:06CB:81A7.002B: unknown main item tag 0x0 [ 150.181012][ T39] hid-rmi 0003:06CB:81A7.002B: unknown main item tag 0x0 [ 150.237587][ T39] hid-rmi 0003:06CB:81A7.002B: unknown main item tag 0x0 [ 150.247687][ T39] hid-rmi 0003:06CB:81A7.002B: unknown main item tag 0x0 [ 150.268043][ T39] hid-rmi 0003:06CB:81A7.002B: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.4-1/input0 [ 150.323305][ T39] usb 5-1: USB disconnect, device number 26 [ 150.454831][ T7048] loop2: detected capacity change from 0 to 512 [ 150.657747][ T7051] SELinux: security_context_str_to_sid(staff_u) failed for (dev ?, type ?) errno=-22 [ 150.665326][ T7048] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 150.678806][ T7053] SELinux: security_context_str_to_sid(staff_u) failed for (dev ?, type ?) errno=-22 [ 150.678811][ T7048] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 150.678829][ T7048] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.2770: Corrupt directory, running e2fsck is recommended [ 150.698573][ T7053] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 150.718422][ T7048] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 150.733078][ T7048] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.2770: corrupted in-inode xattr [ 150.745886][ T7048] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2770: couldn't read orphan inode 15 (err -117) [ 150.757714][ T7048] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.nouid32,auto_da_alloc,jqfmt=vfsv1,i_version,,,errors=continue. Quota mode: writeback. [ 150.787800][ T7053] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 150.798406][ T533] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 150.802328][ T7053] SELinux: security_context_str_to_sid(staff_u) failed for (dev overlay, type overlay) errno=-22 [ 150.814216][ T7051] SELinux: security_context_str_to_sid(staff_u) failed for (dev overlay, type overlay) errno=-22 [ 150.819428][ T7047] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 150.840967][ T7047] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 150.842685][ T7060] FAULT_INJECTION: forcing a failure. [ 150.842685][ T7060] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 150.850864][ T7047] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.2770: Corrupt directory, running e2fsck is recommended [ 150.866792][ T7058] loop0: detected capacity change from 0 to 512 [ 150.883640][ T7060] CPU: 0 PID: 7060 Comm: syz.3.2773 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 150.883882][ T7047] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 150.893340][ T7060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 150.893352][ T7060] Call Trace: [ 150.893357][ T7060] [ 150.893363][ T7060] dump_stack_lvl+0x151/0x1b7 [ 150.893384][ T7060] ? io_uring_drop_tctx_refs+0x190/0x190 [ 150.893401][ T7060] ? kmem_cache_free+0x116/0x2e0 [ 150.893421][ T7060] dump_stack+0x15/0x17 [ 150.893435][ T7060] should_fail+0x3c6/0x510 [ 150.904642][ T7047] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 150.914520][ T7060] should_fail_usercopy+0x1a/0x20 [ 150.914538][ T7060] _copy_to_user+0x20/0x90 [ 150.914554][ T7060] simple_read_from_buffer+0xc7/0x150 [ 150.917653][ T7047] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.2770: Corrupt directory, running e2fsck is recommended [ 150.920419][ T7060] proc_fail_nth_read+0x1a3/0x210 [ 150.924966][ T7047] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 3: comm syz.2.2770: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 150.930400][ T7060] ? proc_fault_inject_write+0x390/0x390 [ 150.930421][ T7060] ? fsnotify_perm+0x470/0x5d0 [ 151.014171][ T7060] ? security_file_permission+0x86/0xb0 [ 151.019547][ T7060] ? proc_fault_inject_write+0x390/0x390 [ 151.025014][ T7060] vfs_read+0x27d/0xd40 [ 151.029007][ T7060] ? kmem_cache_free+0x116/0x2e0 [ 151.033787][ T7060] ? kernel_read+0x1f0/0x1f0 [ 151.038211][ T7060] ? __kasan_check_write+0x14/0x20 [ 151.043155][ T7060] ? mutex_lock+0xb6/0x1e0 [ 151.047407][ T7060] ? wait_for_completion_killable_timeout+0x10/0x10 [ 151.053832][ T7060] ? __fdget_pos+0x2e7/0x3a0 [ 151.058261][ T7060] ? ksys_read+0x77/0x2c0 [ 151.062421][ T7060] ksys_read+0x199/0x2c0 [ 151.066499][ T7060] ? vfs_write+0x1110/0x1110 [ 151.070926][ T7060] ? debug_smp_processor_id+0x17/0x20 [ 151.076133][ T7060] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 151.082038][ T7060] __x64_sys_read+0x7b/0x90 [ 151.086378][ T7060] do_syscall_64+0x3d/0xb0 [ 151.090631][ T7060] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 151.096358][ T7060] RIP: 0033:0x7f47f93516bc [ 151.100613][ T7060] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 151.120053][ T7060] RSP: 002b:00007f47f85b3040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 151.128297][ T7060] RAX: ffffffffffffffda RBX: 00007f47f94e1038 RCX: 00007f47f93516bc [ 151.136108][ T7060] RDX: 000000000000000f RSI: 00007f47f85b30b0 RDI: 0000000000000004 [ 151.144009][ T7060] RBP: 00007f47f85b30a0 R08: 0000000000000000 R09: 0000000000000000 [ 151.151817][ T7060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.159631][ T7060] R13: 000000000000006e R14: 00007f47f94e1038 R15: 00007ffd080cbb58 [ 151.167450][ T7060] [ 151.318605][ T533] usb 2-1: Using ep0 maxpacket: 32 [ 151.322812][ T7076] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 151.332303][ T7076] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 151.343823][ T7076] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 151.437675][ T533] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.448468][ T533] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.467610][ T533] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 151.476950][ T533] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.487065][ T533] usb 2-1: config 0 descriptor?? [ 151.492129][ T294] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 151.492184][ T311] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 151.540109][ T533] hub 2-1:0.0: USB hub found [ 151.737520][ T311] usb 5-1: Using ep0 maxpacket: 32 [ 152.418913][ T294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.429804][ T294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.439762][ T294] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 152.449131][ T294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.457511][ T311] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.467405][ T311] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 152.467829][ T294] usb 4-1: config 0 descriptor?? [ 152.481459][ T311] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 152.481660][ T30] audit: type=1326 audit(1720346041.775:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.490319][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.522820][ T311] usb 5-1: config 0 descriptor?? [ 152.528154][ T30] audit: type=1326 audit(1720346041.805:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.551716][ T30] audit: type=1326 audit(1720346041.805:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.577566][ T60] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 152.578476][ T30] audit: type=1326 audit(1720346041.805:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.608641][ T30] audit: type=1326 audit(1720346041.805:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.632117][ T30] audit: type=1326 audit(1720346041.805:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.655546][ T30] audit: type=1326 audit(1720346041.805:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.679360][ T30] audit: type=1326 audit(1720346041.815:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.702956][ T30] audit: type=1326 audit(1720346041.815:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.726801][ T30] audit: type=1326 audit(1720346041.815:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7084 comm="syz.2.2782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa037708bd9 code=0x7ffc0000 [ 152.877670][ T7095] loop2: detected capacity change from 0 to 1024 [ 152.942001][ T7095] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 152.952531][ T7095] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038 (0x7fffffff) [ 153.008955][ T294] hid-led 0003:27B8:01ED.002C: item fetching failed at offset 3/5 [ 153.017592][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.018873][ T294] hid-led: probe of 0003:27B8:01ED.002C failed with error -22 [ 153.028759][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.049259][ T60] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 153.058577][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.071855][ T60] usb 1-1: config 0 descriptor?? [ 153.215941][ T310] usb 4-1: USB disconnect, device number 22 [ 153.507590][ T533] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 153.528597][ T60] hid-led 0003:27B8:01ED.002D: item fetching failed at offset 3/5 [ 153.536419][ T60] hid-led: probe of 0003:27B8:01ED.002D failed with error -22 [ 153.607531][ T533] usbhid 2-1:0.0: can't add hid device: -71 [ 153.613319][ T533] usbhid: probe of 2-1:0.0 failed with error -71 [ 153.651512][ T533] usb 2-1: USB disconnect, device number 28 [ 153.730204][ T60] usb 1-1: USB disconnect, device number 25 [ 153.976519][ T7112] loop2: detected capacity change from 0 to 2048 [ 154.007874][ T7112] loop2: p3 p4 < > [ 154.011592][ T7112] loop2: p3 start 4284289 is beyond EOD, truncated [ 154.267551][ T6017] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 154.277627][ T533] usb 5-1: USB disconnect, device number 27 [ 154.382006][ T7125] loop1: detected capacity change from 0 to 4096 [ 154.403767][ T7128] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 154.412371][ T7128] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 154.424048][ T7128] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 154.436150][ T7125] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 154.627552][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.638404][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.648019][ T6017] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 154.656839][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.667476][ T6044] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 154.677156][ T6017] usb 4-1: config 0 descriptor?? [ 154.709043][ T7138] binder: 7131:7138 ioctl 541b 20000000 returned -22 [ 154.857495][ T533] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 154.917571][ T6044] usb 1-1: Using ep0 maxpacket: 32 [ 155.037580][ T6044] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.048436][ T6044] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.058064][ T6044] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 155.066883][ T6044] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.075347][ T6044] usb 1-1: config 0 descriptor?? [ 155.118040][ T6044] hub 1-1:0.0: USB hub found [ 155.158719][ T6017] logitech-hidpp-device 0003:046D:C086.002E: item fetching failed at offset 2/5 [ 155.168015][ T6017] logitech-hidpp-device 0003:046D:C086.002E: hidpp_probe:parse failed [ 155.176107][ T6017] logitech-hidpp-device: probe of 0003:046D:C086.002E failed with error -22 [ 155.217599][ T533] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.228413][ T533] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 155.369614][ T6017] usb 4-1: USB disconnect, device number 23 [ 155.397569][ T533] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 155.406689][ T533] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.472494][ T60] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 155.579242][ T533] usb 3-1: Product: syz [ 155.583397][ T533] usb 3-1: Manufacturer: syz [ 155.588047][ T533] usb 3-1: SerialNumber: syz [ 155.687499][ T39] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 155.877589][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.888493][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.898148][ T60] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 155.911467][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.923155][ T60] usb 5-1: config 0 descriptor?? [ 155.947491][ T39] usb 2-1: Using ep0 maxpacket: 32 [ 156.011856][ T7151] loop3: detected capacity change from 0 to 40427 [ 156.087599][ T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.097596][ T39] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 156.106311][ T39] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 156.109928][ T7151] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 156.116474][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.123202][ T7151] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 156.131402][ T39] usb 2-1: config 0 descriptor?? [ 156.142212][ T7151] F2FS-fs (loop3): invalid crc value [ 156.150095][ T7151] F2FS-fs (loop3): Found nat_bits in checkpoint [ 156.172852][ T7151] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 156.179757][ T7151] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 156.657505][ T60] usbhid 5-1:0.0: can't add hid device: -71 [ 156.664590][ T60] usbhid: probe of 5-1:0.0 failed with error -71 [ 156.673963][ T60] usb 5-1: USB disconnect, device number 28 [ 156.708561][ T7136] loop2: detected capacity change from 0 to 16 [ 156.719254][ T7136] erofs: (device loop2): mounted with root inode @ nid 36. [ 156.728175][ T7136] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -1027 in[4096, 0] out[4096] [ 156.767605][ T533] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 156.779632][ T533] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 156.794374][ T533] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 156.999040][ T533] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42 [ 157.140126][ T7180] FAULT_INJECTION: forcing a failure. [ 157.140126][ T7180] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 157.153463][ T7180] CPU: 0 PID: 7180 Comm: syz.4.2806 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 157.163172][ T7180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 157.173068][ T7180] Call Trace: [ 157.176189][ T7180] [ 157.178967][ T7180] dump_stack_lvl+0x151/0x1b7 [ 157.183479][ T7180] ? io_uring_drop_tctx_refs+0x190/0x190 [ 157.189033][ T7180] ? __kasan_kmalloc+0x9/0x10 [ 157.193550][ T7180] ? kfree+0xc8/0x220 [ 157.197366][ T7180] dump_stack+0x15/0x17 [ 157.201362][ T7180] should_fail+0x3c6/0x510 [ 157.205614][ T7180] should_fail_alloc_page+0x5a/0x80 [ 157.210733][ T7180] prepare_alloc_pages+0x15c/0x700 [ 157.215785][ T7180] ? __alloc_pages_bulk+0xe40/0xe40 [ 157.220807][ T7180] ? vsnprintf+0x1b96/0x1c70 [ 157.225236][ T7180] __alloc_pages+0x18c/0x8f0 [ 157.229660][ T7180] ? prep_new_page+0x110/0x110 [ 157.234262][ T7180] new_slab+0x9a/0x4e0 [ 157.238165][ T7180] ___slab_alloc+0x39e/0x830 [ 157.242595][ T7180] ? audit_log_d_path+0xbd/0x2e0 [ 157.247365][ T7180] ? audit_log_d_path+0xbd/0x2e0 [ 157.252139][ T7180] __slab_alloc+0x4a/0x90 [ 157.256306][ T7180] kmem_cache_alloc_trace+0x142/0x210 [ 157.261512][ T7180] ? audit_log_d_path+0xbd/0x2e0 [ 157.266287][ T7180] audit_log_d_path+0xbd/0x2e0 [ 157.270886][ T7180] ? get_mm_exe_file+0xd5/0x100 [ 157.275573][ T7180] audit_log_d_path_exe+0x42/0x70 [ 157.280440][ T7180] audit_log_task+0x20d/0x2e0 [ 157.284954][ T7180] ? audit_core_dumps+0x100/0x100 [ 157.289813][ T7180] ? migrate_enable+0x1c1/0x2a0 [ 157.294497][ T7180] audit_seccomp+0x7a/0x1e0 [ 157.298834][ T7180] __seccomp_filter+0xc08/0x1c60 [ 157.303610][ T7180] ? __secure_computing+0x300/0x300 [ 157.308651][ T7180] __secure_computing+0xf0/0x300 [ 157.313413][ T7180] syscall_enter_from_user_mode+0xd5/0x1b0 [ 157.319064][ T7180] do_syscall_64+0x1e/0xb0 [ 157.323313][ T7180] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 157.329041][ T7180] RIP: 0033:0x7fd605e486bc [ 157.333297][ T7180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 157.352827][ T7180] RSP: 002b:00007fd6050cb040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 157.361069][ T7180] RAX: ffffffffffffffda RBX: 00007fd605fd7f60 RCX: 00007fd605e486bc [ 157.368881][ T7180] RDX: 000000000000000f RSI: 00007fd6050cb0b0 RDI: 0000000000000006 [ 157.376692][ T7180] RBP: 00007fd6050cb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 157.384591][ T7180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.392399][ T7180] R13: 000000000000000b R14: 00007fd605fd7f60 R15: 00007fffa9a9b838 [ 157.400212][ T7180] [ 157.415616][ T39] usb 3-1: USB disconnect, device number 35 [ 157.421800][ T39] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM [ 157.457580][ T6044] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 157.557573][ T6044] usbhid 1-1:0.0: can't add hid device: -71 [ 157.563549][ T6044] usbhid: probe of 1-1:0.0 failed with error -71 [ 157.717516][ T26] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 157.777696][ T6044] usb 1-1: reset high-speed USB device number 26 using dummy_hcd [ 157.817562][ T6044] usb 1-1: device reset changed ep0 maxpacket size! [ 157.824173][ T6044] usb 1-1: USB disconnect, device number 26 [ 158.087555][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.098411][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.108230][ T7204] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 158.116770][ T7204] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 158.128226][ T7204] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 158.136399][ T26] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 158.145312][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.153970][ T26] usb 5-1: config 0 descriptor?? [ 158.197513][ T6044] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 158.458042][ T39] usb 2-1: USB disconnect, device number 29 [ 158.477744][ T6044] usb 1-1: Using ep0 maxpacket: 8 [ 158.617575][ T6044] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 158.629631][ T6044] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.638685][ T26] hid-led 0003:27B8:01ED.002F: item fetching failed at offset 3/5 [ 158.646686][ T26] hid-led: probe of 0003:27B8:01ED.002F failed with error -22 [ 158.649757][ T6044] usb 1-1: config 0 descriptor?? [ 158.659695][ T7213] binder: 7210:7213 ioctl 541b 20000000 returned -22 [ 158.848521][ T311] usb 5-1: USB disconnect, device number 29 [ 159.157516][ T26] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 159.557756][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.569098][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.579730][ T26] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 159.589059][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.600329][ T26] usb 3-1: config 0 descriptor?? [ 159.747504][ T310] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 159.874341][ T7186] loop0: detected capacity change from 0 to 2048 [ 159.928191][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 159.928205][ T30] audit: type=1400 audit(1720346049.215:402): avc: denied { mounton } for pid=7185 comm="syz.0.2808" path="/syzcgroup/unified/syz0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 159.968361][ T7186] EXT4-fs (loop0): bad geometry: first data block 0 is beyond end of filesystem (0) [ 160.064996][ T310] usb 2-1: Using ep0 maxpacket: 32 [ 160.071208][ T26] logitech-hidpp-device 0003:046D:C086.0030: item fetching failed at offset 2/5 [ 160.080277][ T26] logitech-hidpp-device 0003:046D:C086.0030: hidpp_probe:parse failed [ 160.088285][ T26] logitech-hidpp-device: probe of 0003:046D:C086.0030 failed with error -22 [ 160.197663][ T310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.226616][ T310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.241101][ T310] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 160.249985][ T310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.258640][ T310] usb 2-1: config 0 descriptor?? [ 160.272007][ T533] usb 3-1: USB disconnect, device number 36 [ 160.307874][ T310] hub 2-1:0.0: USB hub found [ 160.397591][ T6044] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 160.407504][ T6044] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 160.417417][ T6044] asix: probe of 1-1:0.0 failed with error -71 [ 160.424294][ T6044] usb 1-1: USB disconnect, device number 27 [ 160.507489][ T311] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 161.025850][ T7242] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 161.034431][ T7242] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 161.045905][ T7242] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 161.054242][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.057511][ T26] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 161.064962][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.081888][ T311] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 161.090885][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.099160][ T311] usb 5-1: config 0 descriptor?? [ 161.307511][ T26] usb 3-1: Using ep0 maxpacket: 32 [ 161.427545][ T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.437543][ T26] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 161.446238][ T26] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 161.455359][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.463768][ T26] usb 3-1: config 0 descriptor?? [ 161.588564][ T311] hid-led 0003:27B8:01ED.0031: item fetching failed at offset 3/5 [ 161.596348][ T311] hid-led: probe of 0003:27B8:01ED.0031 failed with error -22 [ 161.791298][ T6044] usb 5-1: USB disconnect, device number 30 [ 162.497545][ T310] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 162.597526][ T310] usbhid 2-1:0.0: can't add hid device: -71 [ 162.603324][ T310] usbhid: probe of 2-1:0.0 failed with error -71 [ 162.827630][ T310] usb 2-1: reset high-speed USB device number 30 using dummy_hcd [ 162.887638][ T310] usb 2-1: device reset changed ep0 maxpacket size! [ 162.894205][ T310] usb 2-1: USB disconnect, device number 30 [ 162.957521][ T26] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 163.287515][ T310] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 163.367654][ T26] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.378854][ T26] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 163.557541][ T26] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 163.566444][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.574263][ T26] usb 1-1: Product: syz [ 163.578210][ T26] usb 1-1: Manufacturer: syz [ 163.582615][ T26] usb 1-1: SerialNumber: syz [ 163.697536][ T310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.708356][ T310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.718026][ T310] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 163.726829][ T310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.735210][ T310] usb 2-1: config 0 descriptor?? [ 163.828381][ T39] usb 3-1: USB disconnect, device number 37 [ 164.208514][ T310] hid-led 0003:27B8:01ED.0032: item fetching failed at offset 3/5 [ 164.216325][ T310] hid-led: probe of 0003:27B8:01ED.0032 failed with error -22 [ 164.399764][ T7275] FAULT_INJECTION: forcing a failure. [ 164.399764][ T7275] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 164.412962][ T7275] CPU: 1 PID: 7275 Comm: syz.4.2833 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 164.422613][ T7275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 164.432495][ T7275] Call Trace: [ 164.435626][ T7275] [ 164.438397][ T7275] dump_stack_lvl+0x151/0x1b7 [ 164.442918][ T7275] ? io_uring_drop_tctx_refs+0x190/0x190 [ 164.448376][ T7275] ? irqentry_exit_cond_resched+0x2a/0x30 [ 164.453933][ T7275] dump_stack+0x15/0x17 [ 164.457921][ T7275] should_fail+0x3c6/0x510 [ 164.462177][ T7275] should_fail_alloc_page+0x5a/0x80 [ 164.467211][ T7275] prepare_alloc_pages+0x15c/0x700 [ 164.472153][ T7275] ? __alloc_pages+0x8f0/0x8f0 [ 164.476756][ T7275] ? __alloc_pages_bulk+0xe40/0xe40 [ 164.481789][ T7275] __alloc_pages+0x18c/0x8f0 [ 164.486216][ T7275] ? prep_new_page+0x110/0x110 [ 164.490814][ T7275] ? __kasan_kmalloc+0x9/0x10 [ 164.495334][ T7275] ? __kmalloc+0x13a/0x270 [ 164.499587][ T7275] __vmalloc_node_range+0x482/0x8d0 [ 164.504619][ T7275] ? n_tty_open+0x1d/0x150 [ 164.508869][ T7275] vzalloc+0x78/0x90 [ 164.512599][ T7275] ? n_tty_open+0x1d/0x150 [ 164.516850][ T7275] n_tty_open+0x1d/0x150 [ 164.520931][ T7275] tty_ldisc_setup+0xe2/0x340 [ 164.525444][ T7275] tty_init_dev+0x269/0x4f0 [ 164.529787][ T7275] tty_open+0xbf4/0x11b0 [ 164.533863][ T7275] ? kobject_get_unless_zero+0x229/0x320 [ 164.539331][ T7275] ? tty_compat_ioctl+0x560/0x560 [ 164.544289][ T7275] ? preempt_schedule_thunk+0x16/0x18 [ 164.549411][ T7275] ? kobject_get_unless_zero+0x229/0x320 [ 164.554867][ T7275] chrdev_open+0x4f7/0x620 [ 164.559120][ T7275] ? cd_forget+0x170/0x170 [ 164.563372][ T7275] ? fsnotify_perm+0x4ba/0x5d0 [ 164.567980][ T7275] ? cd_forget+0x170/0x170 [ 164.572225][ T7275] do_dentry_open+0x81c/0xfd0 [ 164.576743][ T7275] vfs_open+0x73/0x80 [ 164.580558][ T7275] path_openat+0x26f0/0x2f40 [ 164.584986][ T7275] ? plist_del+0x40e/0x420 [ 164.589239][ T7275] ? finish_task_switch+0x167/0x7b0 [ 164.594273][ T7275] ? do_filp_open+0x460/0x460 [ 164.598782][ T7275] ? __schedule+0xcd4/0x1590 [ 164.603388][ T7275] ? __sched_text_start+0x8/0x8 [ 164.608076][ T7275] ? irqentry_exit_cond_resched+0x2a/0x30 [ 164.613626][ T7275] do_filp_open+0x21c/0x460 [ 164.617972][ T7275] ? vfs_tmpfile+0x2c0/0x2c0 [ 164.622395][ T7275] ? do_sys_openat2+0x12c/0x830 [ 164.627082][ T7275] ? do_filp_open+0x8/0x460 [ 164.631508][ T7275] do_sys_openat2+0x13f/0x830 [ 164.636020][ T7275] ? do_sys_open+0x220/0x220 [ 164.640445][ T7275] ? __schedule+0xcd4/0x1590 [ 164.644874][ T7275] __x64_sys_openat+0x243/0x290 [ 164.649558][ T7275] ? __ia32_sys_open+0x270/0x270 [ 164.654332][ T7275] ? __kasan_check_read+0x11/0x20 [ 164.659191][ T7275] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 164.664661][ T7275] do_syscall_64+0x3d/0xb0 [ 164.668913][ T7275] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 164.674773][ T7275] RIP: 0033:0x7fd605e48610 [ 164.679019][ T7275] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 79 8d 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 cc 8d 02 00 8b 44 [ 164.698462][ T7275] RSP: 002b:00007fd605088b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 164.706703][ T7275] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd605e48610 [ 164.714515][ T7275] RDX: 0000000000000002 RSI: 00007fd605088c20 RDI: 00000000ffffff9c [ 164.722326][ T7275] RBP: 00007fd605088c20 R08: 0000000000000000 R09: 00007fd605088997 [ 164.730135][ T7275] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 164.737948][ T7275] R13: 000000000000006e R14: 00007fd605fd8110 R15: 00007fffa9a9b838 [ 164.745764][ T7275] [ 164.748797][ T7275] tty tty3: ldisc open failed (-12), clearing slot 2 [ 164.757904][ T7274] loop4: detected capacity change from 0 to 512 [ 164.768565][ T310] usb 2-1: USB disconnect, device number 31 [ 164.793652][ T7279] loop2: detected capacity change from 0 to 256 [ 164.840863][ T7279] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 164.853421][ T7274] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 164.859366][ T30] audit: type=1400 audit(1720346054.145:403): avc: denied { write } for pid=7278 comm="syz.2.2834" path="/21/file1/bus/bus" dev="loop2" ino=1048613 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 164.864748][ T7274] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 164.891377][ T7279] exFAT-fs (loop2): hint_cluster is invalid (17) [ 164.898081][ T7274] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.2833: Corrupt directory, running e2fsck is recommended [ 164.921316][ T7279] overlayfs: failed to resolve './file1': -2 [ 164.924791][ T7274] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 164.927223][ T30] audit: type=1400 audit(1720346054.205:404): avc: denied { mounton } for pid=7278 comm="syz.2.2834" path="/21/file1/bus/file0/bus" dev="loop2" ino=1048613 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 164.935003][ T7274] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.2833: corrupted in-inode xattr [ 164.935395][ T7274] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.2833: couldn't read orphan inode 15 (err -117) [ 164.969294][ T7259] loop0: detected capacity change from 0 to 16 [ 164.971199][ T7274] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.nouid32,auto_da_alloc,jqfmt=vfsv1,i_version,,,errors=continue. Quota mode: writeback. [ 164.994232][ T7259] erofs: (device loop0): mounted with root inode @ nid 36. [ 165.018346][ T7274] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 165.029806][ T7274] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 165.030091][ T7259] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -1027 in[4096, 0] out[4096] [ 165.039645][ T7274] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.2833: Corrupt directory, running e2fsck is recommended [ 165.071339][ T7274] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 165.082850][ T7274] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 165.087524][ T26] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 165.092744][ T7274] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz.4.2833: Corrupt directory, running e2fsck is recommended [ 165.112062][ T7274] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 3: comm syz.4.2833: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 165.112415][ T26] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 165.138328][ T26] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 165.343410][ T26] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 165.647707][ T6017] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 165.668648][ T311] usb 1-1: USB disconnect, device number 28 [ 165.687535][ T311] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 165.727496][ T6044] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 165.977512][ T6044] usb 5-1: Using ep0 maxpacket: 32 [ 166.027575][ T6017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.038412][ T6017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.047974][ T6017] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 166.056827][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.065211][ T6017] usb 3-1: config 0 descriptor?? [ 166.117619][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.128335][ T6044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.137978][ T6044] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 166.146794][ T6044] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.155607][ T6044] usb 5-1: config 0 descriptor?? [ 166.198325][ T6044] hub 5-1:0.0: USB hub found [ 166.237009][ T45] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 166.246757][ T45] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 166.283513][ T7324] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.290461][ T7324] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.297748][ T7324] device bridge_slave_0 entered promiscuous mode [ 166.304704][ T7324] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.312322][ T7324] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.322905][ T7324] device bridge_slave_1 entered promiscuous mode [ 166.518741][ T6017] hid-led 0003:27B8:01ED.0033: item fetching failed at offset 3/5 [ 166.526557][ T6017] hid-led: probe of 0003:27B8:01ED.0033 failed with error -22 [ 166.547540][ T310] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 166.720404][ T26] usb 3-1: USB disconnect, device number 38 [ 166.749487][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.764843][ T492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.797560][ T6044] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 166.811962][ T310] usb 1-1: Using ep0 maxpacket: 32 [ 166.821928][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.830326][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.838621][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.845471][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.852786][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.861139][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.869167][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.876026][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.894014][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.901313][ T6044] usbhid 5-1:0.0: can't add hid device: -71 [ 166.907026][ T6044] usbhid: probe of 5-1:0.0 failed with error -71 [ 166.913714][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.922625][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.927544][ T310] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.942267][ T310] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 166.949539][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 166.951654][ T310] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 166.959422][ T6044] usb 5-1: USB disconnect, device number 31 [ 166.968522][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.982392][ T7324] device veth0_vlan entered promiscuous mode [ 166.985673][ T310] usb 1-1: config 0 descriptor?? [ 166.991445][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 167.001771][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 167.009116][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 167.061464][ T7324] device veth1_macvtap entered promiscuous mode [ 167.071638][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 167.086269][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 167.095002][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 167.214030][ T7347] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 167.222755][ T7347] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 167.234218][ T7347] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 167.248277][ T328] device bridge_slave_1 left promiscuous mode [ 167.260043][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.268532][ T328] device bridge_slave_0 left promiscuous mode [ 167.274587][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.282981][ T328] device veth1_macvtap left promiscuous mode [ 167.288916][ T328] device veth0_vlan left promiscuous mode [ 167.640249][ T310] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 167.650174][ T30] audit: type=1400 audit(1720346056.935:405): avc: denied { mounton } for pid=7354 comm="syz.4.2846" path="/proc/1170/task" dev="proc" ino=39294 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 168.017542][ T310] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.028440][ T310] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.038304][ T310] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 168.047339][ T310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.055765][ T310] usb 3-1: config 0 descriptor?? [ 168.207879][ T39] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 168.277525][ T311] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 168.528153][ T311] usb 4-1: Using ep0 maxpacket: 32 [ 168.567635][ T39] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.578433][ T39] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 168.687867][ T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.698651][ T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.708233][ T311] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 168.717092][ T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.725787][ T311] usb 4-1: config 0 descriptor?? [ 168.767724][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 168.776658][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.778522][ T311] hub 4-1:0.0: USB hub found [ 168.786559][ T39] usb 2-1: Product: syz [ 168.792853][ T39] usb 2-1: Manufacturer: syz [ 168.797235][ T39] usb 2-1: SerialNumber: syz [ 168.801778][ T310] usbhid 3-1:0.0: can't add hid device: -71 [ 168.807646][ T310] usbhid: probe of 3-1:0.0 failed with error -71 [ 168.814742][ T310] usb 3-1: USB disconnect, device number 39 [ 168.877554][ T26] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 169.257661][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.268605][ T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.278278][ T26] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 169.287326][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.307573][ T26] usb 5-1: config 0 descriptor?? [ 169.350970][ T60] usb 1-1: USB disconnect, device number 29 [ 169.757527][ T60] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 169.798672][ T26] logitech-hidpp-device 0003:046D:C086.0034: item fetching failed at offset 2/5 [ 169.807712][ T26] logitech-hidpp-device 0003:046D:C086.0034: hidpp_probe:parse failed [ 169.815694][ T26] logitech-hidpp-device: probe of 0003:046D:C086.0034 failed with error -22 [ 169.999368][ T26] usb 5-1: USB disconnect, device number 32 [ 170.025426][ T7365] loop1: detected capacity change from 0 to 16 [ 170.107825][ T7365] erofs: (device loop1): mounted with root inode @ nid 36. [ 170.115941][ T7365] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -1027 in[4096, 0] out[4096] [ 170.134894][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.152894][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.197483][ T39] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 170.204098][ T39] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 170.211491][ T60] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 170.220538][ T39] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 170.226177][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.234716][ T60] usb 1-1: config 0 descriptor?? [ 170.405747][ T39] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 170.695226][ T657] usb 2-1: USB disconnect, device number 32 [ 170.707613][ T657] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 170.777547][ T60] usbhid 1-1:0.0: can't add hid device: -71 [ 170.783373][ T60] usbhid: probe of 1-1:0.0 failed with error -71 [ 170.790634][ T60] usb 1-1: USB disconnect, device number 30 [ 170.807552][ T7386] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 171.094850][ T311] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 171.109796][ T7423] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7423 comm=syz.3.2861 [ 171.153777][ T7426] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 171.162398][ T7426] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 171.173943][ T7426] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 171.198033][ T7386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.208845][ T7386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.219226][ T311] usbhid 4-1:0.0: can't add hid device: -71 [ 171.219985][ T7386] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 171.225435][ T311] usbhid: probe of 4-1:0.0 failed with error -71 [ 171.233992][ T7386] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.248477][ T7386] usb 5-1: config 0 descriptor?? [ 171.467679][ T311] usb 4-1: reset high-speed USB device number 24 using dummy_hcd [ 171.507596][ T311] usb 4-1: device reset changed ep0 maxpacket size! [ 171.514112][ T311] usb 4-1: USB disconnect, device number 24 [ 171.547508][ T60] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 171.617514][ T6044] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 171.728615][ T7386] logitech-hidpp-device 0003:046D:C086.0035: item fetching failed at offset 2/5 [ 171.737682][ T7386] logitech-hidpp-device 0003:046D:C086.0035: hidpp_probe:parse failed [ 171.745649][ T7386] logitech-hidpp-device: probe of 0003:046D:C086.0035 failed with error -22 [ 171.867540][ T6044] usb 2-1: Using ep0 maxpacket: 32 [ 171.887695][ T311] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 171.907722][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.919135][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.928729][ T60] usb 1-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 171.930639][ T6] usb 5-1: USB disconnect, device number 33 [ 171.937733][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.951826][ T60] usb 1-1: config 0 descriptor?? [ 171.997563][ T6044] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.007623][ T6044] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 172.016431][ T6044] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 172.025531][ T6044] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.033889][ T6044] usb 2-1: config 0 descriptor?? [ 172.267571][ T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.278340][ T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.288434][ T311] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 172.297354][ T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.309023][ T311] usb 4-1: config 0 descriptor?? [ 172.687513][ T60] usbhid 1-1:0.0: can't add hid device: -71 [ 172.693833][ T60] usbhid: probe of 1-1:0.0 failed with error -71 [ 172.707486][ T60] usb 1-1: USB disconnect, device number 31 [ 172.730520][ T7444] FAULT_INJECTION: forcing a failure. [ 172.730520][ T7444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.743485][ T7444] CPU: 1 PID: 7444 Comm: syz.4.2868 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 172.753285][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 172.763187][ T7444] Call Trace: [ 172.766300][ T7444] [ 172.769090][ T7444] dump_stack_lvl+0x151/0x1b7 [ 172.773591][ T7444] ? io_uring_drop_tctx_refs+0x190/0x190 [ 172.779062][ T7444] ? irqentry_exit_cond_resched+0x2a/0x30 [ 172.784615][ T7444] ? sysvec_reschedule_ipi+0x7d/0x150 [ 172.789823][ T7444] dump_stack+0x15/0x17 [ 172.793815][ T7444] should_fail+0x3c6/0x510 [ 172.798071][ T7444] should_fail_usercopy+0x1a/0x20 [ 172.802971][ T7444] _copy_from_user+0x20/0xd0 [ 172.807354][ T7444] sock_setsockopt+0x2d9/0x2eb0 [ 172.812042][ T7444] ? __sock_set_mark+0x160/0x160 [ 172.816809][ T7444] ? selinux_socket_setsockopt+0x260/0x360 [ 172.822452][ T7444] ? selinux_socket_getsockopt+0x340/0x340 [ 172.828090][ T7444] ? sysvec_reschedule_ipi+0x7d/0x150 [ 172.833307][ T7444] ? security_socket_setsockopt+0x82/0xb0 [ 172.838857][ T7444] __sys_setsockopt+0x423/0x840 [ 172.843545][ T7444] ? __ia32_sys_recv+0xb0/0xb0 [ 172.848144][ T7444] ? switch_fpu_return+0x1ed/0x3d0 [ 172.853094][ T7444] ? __kasan_check_read+0x11/0x20 [ 172.857950][ T7444] __x64_sys_setsockopt+0xbf/0xd0 [ 172.862814][ T7444] do_syscall_64+0x3d/0xb0 [ 172.867063][ T7444] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 172.872795][ T7444] RIP: 0033:0x7fd605e49bd9 [ 172.877386][ T7444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.896836][ T7444] RSP: 002b:00007fd605089048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 172.905174][ T7444] RAX: ffffffffffffffda RBX: 00007fd605fd8110 RCX: 00007fd605e49bd9 [ 172.913155][ T7444] RDX: 0000000000000034 RSI: 0000000000000001 RDI: 0000000000000005 [ 172.920961][ T7444] RBP: 00007fd6050890a0 R08: 0000000000000010 R09: 0000000000000000 [ 172.928785][ T7444] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000001 [ 172.936586][ T7444] R13: 000000000000006e R14: 00007fd605fd8110 R15: 00007fffa9a9b838 [ 172.944406][ T7444] [ 173.018462][ T311] logitech-hidpp-device 0003:046D:C086.0036: item fetching failed at offset 2/5 [ 173.027504][ T311] logitech-hidpp-device 0003:046D:C086.0036: hidpp_probe:parse failed [ 173.035503][ T311] logitech-hidpp-device: probe of 0003:046D:C086.0036 failed with error -22 [ 173.225764][ T311] usb 4-1: USB disconnect, device number 25 [ 173.232013][ T6017] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 173.617551][ T6017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.628292][ T6017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.637950][ T6017] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 173.646879][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.658703][ T6017] usb 3-1: config 0 descriptor?? [ 173.737490][ T311] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 173.903799][ T7460] EXT4-fs warning (device sda1): verify_group_input:147: Cannot add at group 2 (only 8 groups) [ 173.987501][ T311] usb 5-1: Using ep0 maxpacket: 32 [ 174.107572][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.118528][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.135226][ T6017] logitech-hidpp-device 0003:046D:C086.0037: item fetching failed at offset 2/5 [ 174.144319][ T311] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 174.153827][ T6017] logitech-hidpp-device 0003:046D:C086.0037: hidpp_probe:parse failed [ 174.162058][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.170452][ T6017] logitech-hidpp-device: probe of 0003:046D:C086.0037 failed with error -22 [ 174.185332][ T311] usb 5-1: config 0 descriptor?? [ 174.237934][ T311] hub 5-1:0.0: USB hub found [ 174.332269][ T7386] usb 3-1: USB disconnect, device number 40 [ 174.389761][ T7470] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 174.398954][ T7470] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 174.410689][ T7470] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 174.419370][ T60] usb 2-1: USB disconnect, device number 33 [ 174.469398][ T7474] FAULT_INJECTION: forcing a failure. [ 174.469398][ T7474] name failslab, interval 1, probability 0, space 0, times 0 [ 174.482018][ T7474] CPU: 1 PID: 7474 Comm: syz.1.2880 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 174.491753][ T7474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 174.501618][ T7474] Call Trace: [ 174.504744][ T7474] [ 174.507519][ T7474] dump_stack_lvl+0x151/0x1b7 [ 174.512031][ T7474] ? io_uring_drop_tctx_refs+0x190/0x190 [ 174.517516][ T7474] dump_stack+0x15/0x17 [ 174.521493][ T7474] should_fail+0x3c6/0x510 [ 174.525745][ T7474] __should_failslab+0xa4/0xe0 [ 174.530356][ T7474] ? ioctx_alloc+0x10d/0x710 [ 174.534958][ T7474] should_failslab+0x9/0x20 [ 174.539291][ T7474] slab_pre_alloc_hook+0x37/0xd0 [ 174.544061][ T7474] ? ioctx_alloc+0x10d/0x710 [ 174.548485][ T7474] kmem_cache_alloc+0x44/0x200 [ 174.553091][ T7474] ioctx_alloc+0x10d/0x710 [ 174.557341][ T7474] __se_sys_io_setup+0x72/0x230 [ 174.562026][ T7474] __x64_sys_io_setup+0x5b/0x70 [ 174.566714][ T7474] do_syscall_64+0x3d/0xb0 [ 174.570963][ T7474] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 174.576691][ T7474] RIP: 0033:0x7f3004ca5bd9 [ 174.580947][ T7474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.600389][ T7474] RSP: 002b:00007f3003f27048 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 174.608710][ T7474] RAX: ffffffffffffffda RBX: 00007f3004e33f60 RCX: 00007f3004ca5bd9 [ 174.616443][ T7474] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000202 [ 174.624254][ T7474] RBP: 00007f3003f270a0 R08: 0000000000000000 R09: 0000000000000000 [ 174.632066][ T7474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.639879][ T7474] R13: 000000000000000b R14: 00007f3004e33f60 R15: 00007ffc92396228 [ 174.647790][ T7474] [ 174.663673][ T7478] loop1: detected capacity change from 0 to 512 [ 174.697980][ T311] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 174.717522][ T310] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 174.759438][ T7478] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 174.770398][ T7478] ext4 filesystem being mounted at /539/file0 supports timestamps until 2038 (0x7fffffff) [ 174.786093][ T30] audit: type=1400 audit(1720346064.075:406): avc: denied { bind } for pid=7477 comm="syz.1.2881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 174.805437][ T30] audit: type=1400 audit(1720346064.075:407): avc: denied { node_bind } for pid=7477 comm="syz.1.2881" saddr=255.255.255.255 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 174.818900][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 174.828001][ T311] usbhid 5-1:0.0: can't add hid device: -71 [ 174.848492][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 174.855580][ T30] audit: type=1400 audit(1720346064.075:408): avc: denied { mounton } for pid=7477 comm="syz.1.2881" path="/539/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 174.874743][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 174.897151][ T311] usbhid: probe of 5-1:0.0 failed with error -71 [ 174.918757][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 174.944805][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 174.965470][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 174.966752][ T311] usb 5-1: USB disconnect, device number 34 [ 174.989454][ T1809] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /539/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 175.012877][ T1809] EXT4-fs error (device loop1): ext4_map_blocks:602: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 175.107540][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.118493][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.128079][ T310] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 175.136904][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.151378][ T7488] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.158293][ T7488] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.160131][ T310] usb 1-1: config 0 descriptor?? [ 175.165547][ T7488] device bridge_slave_0 entered promiscuous mode [ 175.182875][ T7488] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.190081][ T7488] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.197684][ T7488] device bridge_slave_1 entered promiscuous mode [ 175.288304][ T7488] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.295170][ T7488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.302280][ T7488] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.309043][ T7488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.327479][ T60] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 175.334400][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 175.343101][ T6017] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.350426][ T6017] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.368923][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.376932][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.383822][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.391971][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.400052][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.406903][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.414156][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 175.435695][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 175.445528][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.455825][ T7488] device veth0_vlan entered promiscuous mode [ 175.466185][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 175.474511][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 175.482457][ T6017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 175.496257][ T7488] device veth1_macvtap entered promiscuous mode [ 175.505914][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 175.517618][ T6] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 175.527574][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 175.535917][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 175.547710][ T10] device bridge_slave_1 left promiscuous mode [ 175.553661][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.562273][ T10] device bridge_slave_0 left promiscuous mode [ 175.568456][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.576367][ T10] device veth1_macvtap left promiscuous mode [ 175.582603][ T10] device veth0_vlan left promiscuous mode [ 175.681573][ T310] logitech-hidpp-device 0003:046D:C086.0038: item fetching failed at offset 2/5 [ 175.690745][ T310] logitech-hidpp-device 0003:046D:C086.0038: hidpp_probe:parse failed [ 175.698934][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.709836][ T310] logitech-hidpp-device: probe of 0003:046D:C086.0038 failed with error -22 [ 175.718499][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.730155][ T60] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 175.740513][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.749628][ T7501] loop1: detected capacity change from 0 to 512 [ 175.750522][ T60] usb 3-1: config 0 descriptor?? [ 175.770229][ T7501] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.2886: casefold flag without casefold feature [ 175.783078][ T7501] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.2886: missing EA_INODE flag [ 175.794690][ T6] usb 5-1: Using ep0 maxpacket: 32 [ 175.794836][ T7501] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.2886: error while reading EA inode 12 err=-117 [ 175.812443][ T7501] EXT4-fs (loop1): 1 orphan inode deleted [ 175.818012][ T7501] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 175.834880][ T30] audit: type=1400 audit(1720346065.115:409): avc: denied { setopt } for pid=7500 comm="syz.1.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 175.884179][ T533] usb 1-1: USB disconnect, device number 32 [ 175.937778][ T6] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 175.947795][ T6] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 175.956542][ T6] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 175.965471][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.974050][ T6] usb 5-1: config 0 descriptor?? [ 176.253204][ T60] logitech-hidpp-device 0003:046D:C086.0039: item fetching failed at offset 2/5 [ 176.262344][ T60] logitech-hidpp-device 0003:046D:C086.0039: hidpp_probe:parse failed [ 176.270403][ T60] logitech-hidpp-device: probe of 0003:046D:C086.0039 failed with error -22 [ 176.367477][ T310] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 176.526194][ T6] usb 3-1: USB disconnect, device number 41 [ 176.609066][ T7518] FAULT_INJECTION: forcing a failure. [ 176.609066][ T7518] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.621981][ T7518] CPU: 0 PID: 7518 Comm: syz.0.2895 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 176.631746][ T7518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.641642][ T7518] Call Trace: [ 176.644938][ T7518] [ 176.647718][ T7518] dump_stack_lvl+0x151/0x1b7 [ 176.652236][ T7518] ? io_uring_drop_tctx_refs+0x190/0x190 [ 176.657703][ T7518] dump_stack+0x15/0x17 [ 176.661687][ T7518] should_fail+0x3c6/0x510 [ 176.665945][ T7518] should_fail_usercopy+0x1a/0x20 [ 176.670822][ T7518] _copy_to_user+0x20/0x90 [ 176.675054][ T7518] simple_read_from_buffer+0xc7/0x150 [ 176.680263][ T7518] proc_fail_nth_read+0x1a3/0x210 [ 176.685127][ T7518] ? proc_fault_inject_write+0x390/0x390 [ 176.690805][ T7518] ? fsnotify_perm+0x470/0x5d0 [ 176.695403][ T7518] ? security_file_permission+0x86/0xb0 [ 176.700887][ T7518] ? proc_fault_inject_write+0x390/0x390 [ 176.706339][ T7518] vfs_read+0x27d/0xd40 [ 176.710331][ T7518] ? kernel_read+0x1f0/0x1f0 [ 176.714849][ T7518] ? __kasan_check_write+0x14/0x20 [ 176.719794][ T7518] ? mutex_lock+0xb6/0x1e0 [ 176.724045][ T7518] ? wait_for_completion_killable_timeout+0x10/0x10 [ 176.730469][ T7518] ? __fdget_pos+0x2e7/0x3a0 [ 176.734894][ T7518] ? ksys_read+0x77/0x2c0 [ 176.739061][ T7518] ksys_read+0x199/0x2c0 [ 176.743139][ T7518] ? vfs_write+0x1110/0x1110 [ 176.747564][ T7518] ? debug_smp_processor_id+0x17/0x20 [ 176.752774][ T7518] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 176.758674][ T7518] __x64_sys_read+0x7b/0x90 [ 176.763014][ T7518] do_syscall_64+0x3d/0xb0 [ 176.767268][ T7518] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 176.772994][ T7518] RIP: 0033:0x7f1ba650d6bc [ 176.777249][ T7518] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 176.777564][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.796780][ T7518] RSP: 002b:00007f1ba576f040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 176.796809][ T7518] RAX: ffffffffffffffda RBX: 00007f1ba669d038 RCX: 00007f1ba650d6bc [ 176.796821][ T7518] RDX: 000000000000000f RSI: 00007f1ba576f0b0 RDI: 0000000000000005 [ 176.796832][ T7518] RBP: 00007f1ba576f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 176.796847][ T7518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.796857][ T7518] R13: 000000000000006e R14: 00007f1ba669d038 R15: 00007ffea73c8008 [ 176.796873][ T7518] [ 176.807593][ T310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.869271][ T657] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 176.877268][ T310] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 176.888605][ T310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.900982][ T310] usb 4-1: config 0 descriptor?? [ 176.975962][ T7522] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 176.984650][ T7522] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 176.996228][ T7522] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 177.227532][ T657] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.238327][ T657] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.248003][ T657] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 177.256931][ T657] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.265836][ T657] usb 2-1: config 0 descriptor?? [ 177.378437][ T310] hid-led 0003:27B8:01ED.003A: item fetching failed at offset 3/5 [ 177.386228][ T310] hid-led: probe of 0003:27B8:01ED.003A failed with error -22 [ 177.557514][ T6] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 177.581583][ T310] usb 4-1: USB disconnect, device number 26 [ 177.748436][ T657] logitech-hidpp-device 0003:046D:C086.003B: item fetching failed at offset 2/5 [ 177.764605][ T657] logitech-hidpp-device 0003:046D:C086.003B: hidpp_probe:parse failed [ 177.780886][ T657] logitech-hidpp-device: probe of 0003:046D:C086.003B failed with error -22 [ 177.807724][ T6] usb 3-1: Using ep0 maxpacket: 32 [ 177.955458][ T657] usb 2-1: USB disconnect, device number 34 [ 177.957520][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.972244][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.981875][ T6] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 177.992283][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.003703][ T6] usb 3-1: config 0 descriptor?? [ 178.057927][ T6] hub 3-1:0.0: USB hub found [ 178.350766][ T657] usb 5-1: USB disconnect, device number 35 [ 178.581973][ T7543] loop1: detected capacity change from 0 to 512 [ 178.679502][ T7543] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.2903: casefold flag without casefold feature [ 178.695859][ T7543] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.2903: missing EA_INODE flag [ 178.707618][ T7543] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.2903: error while reading EA inode 12 err=-117 [ 178.719943][ T7543] EXT4-fs (loop1): 1 orphan inode deleted [ 178.725756][ T7543] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 178.738121][ T657] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 178.997504][ T7386] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 179.005474][ T7551] FAULT_INJECTION: forcing a failure. [ 179.005474][ T7551] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 179.018646][ T7551] CPU: 1 PID: 7551 Comm: syz.3.2906 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 179.028342][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 179.038363][ T7551] Call Trace: [ 179.041472][ T7551] [ 179.044252][ T7551] dump_stack_lvl+0x151/0x1b7 [ 179.048778][ T7551] ? io_uring_drop_tctx_refs+0x190/0x190 [ 179.054246][ T7551] ? arch_stack_walk+0xf3/0x140 [ 179.058948][ T7551] dump_stack+0x15/0x17 [ 179.062916][ T7551] should_fail+0x3c6/0x510 [ 179.067166][ T7551] should_fail_alloc_page+0x5a/0x80 [ 179.072207][ T7551] prepare_alloc_pages+0x15c/0x700 [ 179.077148][ T7551] ? __alloc_pages_bulk+0xe40/0xe40 [ 179.082178][ T7551] ? kmem_cache_free+0x116/0x2e0 [ 179.086964][ T7551] __alloc_pages+0x18c/0x8f0 [ 179.091389][ T7551] ? prep_new_page+0x110/0x110 [ 179.095980][ T7551] ? kstrtouint_from_user+0x20a/0x2a0 [ 179.101195][ T7551] ? kstrtol_from_user+0x310/0x310 [ 179.106136][ T7551] kmalloc_order+0x4a/0x160 [ 179.110491][ T7551] kmalloc_order_trace+0x1a/0xb0 [ 179.115257][ T7551] __kmalloc+0x19c/0x270 [ 179.119335][ T7551] ? __kasan_check_write+0x14/0x20 [ 179.124272][ T7551] ? proc_fail_nth_write+0x20b/0x290 [ 179.129397][ T7551] kvmalloc_node+0x1f0/0x4d0 [ 179.133841][ T7551] ? check_stack_object+0x114/0x130 [ 179.138856][ T7551] ? vm_mmap+0xb0/0xb0 [ 179.142760][ T7551] vmemdup_user+0x26/0xe0 [ 179.146925][ T7551] setxattr+0x185/0x2e0 [ 179.150919][ T7551] ? path_setxattr+0x2a0/0x2a0 [ 179.155526][ T7551] ? mnt_want_write_file+0x23a/0x440 [ 179.160638][ T7551] __se_sys_fsetxattr+0x18d/0x200 [ 179.165500][ T7551] __x64_sys_fsetxattr+0xbf/0xd0 [ 179.170274][ T7551] do_syscall_64+0x3d/0xb0 [ 179.174525][ T7551] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 179.180255][ T7551] RIP: 0033:0x7f943fbc1bd9 [ 179.184507][ T7551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.203956][ T7551] RSP: 002b:00007f943ee43048 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 179.212369][ T7551] RAX: ffffffffffffffda RBX: 00007f943fd4ff60 RCX: 00007f943fbc1bd9 [ 179.220184][ T7551] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 0000000000000007 [ 179.227991][ T7551] RBP: 00007f943ee430a0 R08: 0000000000000000 R09: 0000000000000000 [ 179.235804][ T7551] R10: 000000000000fe44 R11: 0000000000000246 R12: 0000000000000001 [ 179.243613][ T7551] R13: 000000000000000b R14: 00007f943fd4ff60 R15: 00007fff2db33858 [ 179.251517][ T7551] [ 179.337565][ T657] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.348312][ T657] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.358047][ T657] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 179.367106][ T657] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.399282][ T657] usb 5-1: config 0 descriptor?? [ 179.637548][ T7386] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.648412][ T7386] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.658006][ T7386] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 179.666825][ T7386] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.675510][ T7386] usb 1-1: config 0 descriptor?? [ 179.857506][ T6017] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 179.929142][ T657] hid-led 0003:1D34:000A.003C: unknown main item tag 0x0 [ 180.148070][ T657] hid-led 0003:1D34:000A.003C: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0 [ 180.160141][ T7386] logitech-hidpp-device 0003:046D:C086.003D: item fetching failed at offset 2/5 [ 180.177626][ T7386] logitech-hidpp-device 0003:046D:C086.003D: hidpp_probe:parse failed [ 180.185640][ T7386] logitech-hidpp-device: probe of 0003:046D:C086.003D failed with error -22 [ 180.195135][ T657] hid-led 0003:1D34:000A.003C: Dream Cheeky Webmail Notifier initialized [ 180.247568][ T6017] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.258370][ T6017] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 180.317562][ T6] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 180.349988][ T7386] usb 5-1: USB disconnect, device number 36 [ 180.361259][ T533] usb 1-1: USB disconnect, device number 33 [ 180.607779][ T6] usbhid 3-1:0.0: can't add hid device: -71 [ 180.613538][ T6] usbhid: probe of 3-1:0.0 failed with error -71 [ 180.627565][ T6017] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 180.636431][ T6017] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.644534][ T6017] usb 2-1: Product: syz [ 180.648983][ T6] usb 3-1: USB disconnect, device number 42 [ 180.655279][ T6017] usb 2-1: Manufacturer: syz [ 180.660259][ T6017] usb 2-1: SerialNumber: syz [ 180.737815][ T6044] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 280.927490][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 280.934279][ C0] (detected by 0, t=10002 jiffies, g=28113, q=111) [ 280.940691][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10002 (4294965312-4294955310), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 280.953889][ C0] rcu: rcu_preempt kthread starved for 10002 jiffies! g28113 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 280.965006][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 280.975148][ C0] rcu: RCU grace-period kthread stack dump: [ 280.980879][ C0] task:rcu_preempt state:R running task stack:28288 pid: 14 ppid: 2 flags:0x00004000 [ 280.991477][ C0] Call Trace: [ 280.994595][ C0] [ 280.997378][ C0] __schedule+0xccc/0x1590 [ 281.001625][ C0] ? __sched_text_start+0x8/0x8 [ 281.006304][ C0] ? __kasan_check_write+0x14/0x20 [ 281.011253][ C0] ? __kasan_check_write+0x14/0x20 [ 281.016198][ C0] schedule+0x11f/0x1e0 [ 281.020196][ C0] schedule_timeout+0x18c/0x370 [ 281.024878][ C0] ? __update_idle_core+0x2a0/0x2a0 [ 281.029913][ C0] ? console_conditional_schedule+0x30/0x30 [ 281.035767][ C0] ? update_process_times+0x200/0x200 [ 281.040966][ C0] ? prepare_to_swait_event+0x308/0x320 [ 281.046348][ C0] rcu_gp_fqs_loop+0x2af/0xf80 [ 281.050951][ C0] ? debug_smp_processor_id+0x17/0x20 [ 281.056152][ C0] ? __note_gp_changes+0x4ab/0x920 [ 281.061101][ C0] ? rcu_gp_init+0xc30/0xc30 [ 281.065526][ C0] ? _raw_spin_unlock_irq+0x4e/0x70 [ 281.070560][ C0] ? rcu_gp_init+0x9cf/0xc30 [ 281.074992][ C0] rcu_gp_kthread+0xa4/0x350 [ 281.079415][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 281.084098][ C0] ? wake_nocb_gp+0x1e0/0x1e0 [ 281.088615][ C0] ? __kasan_check_read+0x11/0x20 [ 281.093473][ C0] ? __kthread_parkme+0xb2/0x200 [ 281.098292][ C0] kthread+0x421/0x510 [ 281.102151][ C0] ? wake_nocb_gp+0x1e0/0x1e0 [ 281.106665][ C0] ? kthread_blkcg+0xd0/0xd0 [ 281.111093][ C0] ret_from_fork+0x1f/0x30 [ 281.115346][ C0] [ 281.118296][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 281.124473][ C0] NMI backtrace for cpu 0 [ 281.128633][ C0] CPU: 0 PID: 7573 Comm: syz.4.2913 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 281.138347][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 281.148245][ C0] Call Trace: [ 281.151403][ C0] [ 281.154191][ C0] dump_stack_lvl+0x151/0x1b7 [ 281.158700][ C0] ? io_uring_drop_tctx_refs+0x190/0x190 [ 281.164167][ C0] dump_stack+0x15/0x17 [ 281.168161][ C0] nmi_cpu_backtrace+0x2f7/0x300 [ 281.173065][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 281.179045][ C0] ? panic+0x751/0x751 [ 281.182950][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 281.188853][ C0] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 281.194667][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 281.200570][ C0] arch_trigger_cpumask_backtrace+0x10/0x20 [ 281.206388][ C0] rcu_check_gp_kthread_starvation+0x1e3/0x250 [ 281.212380][ C0] print_other_cpu_stall+0x112d/0x1340 [ 281.217673][ C0] ? print_cpu_stall+0x5f0/0x5f0 [ 281.222447][ C0] rcu_sched_clock_irq+0xaec/0x12f0 [ 281.227482][ C0] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 281.233469][ C0] ? hrtimer_run_queues+0x15f/0x440 [ 281.238502][ C0] update_process_times+0x198/0x200 [ 281.243536][ C0] tick_sched_timer+0x188/0x240 [ 281.248226][ C0] ? tick_setup_sched_timer+0x480/0x480 [ 281.253607][ C0] __hrtimer_run_queues+0x41a/0xad0 [ 281.258641][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 281.263587][ C0] ? clockevents_program_event+0x22f/0x300 [ 281.269228][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 281.275303][ C0] hrtimer_interrupt+0x40c/0xaa0 [ 281.280080][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 281.285812][ C0] sysvec_apic_timer_interrupt+0x95/0xc0 [ 281.291273][ C0] [ 281.294049][ C0] [ 281.296826][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 281.302649][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 281.307424][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 4b 02 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 281.326857][ C0] RSP: 0018:ffffc900009a6340 EFLAGS: 00000246 [ 281.332847][ C0] RAX: 0000000000000003 RBX: 1ffff92000134c6c RCX: ffffffff8154fbbf [ 281.340661][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810b8a2a98 [ 281.348474][ C0] RBP: ffffc900009a63f0 R08: dffffc0000000000 R09: ffffed1021714554 [ 281.356282][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 281.364098][ C0] R13: ffff88810b8a2a98 R14: 0000000000000003 R15: 1ffff92000134c70 [ 281.371999][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 281.378072][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 281.384053][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 281.389001][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 281.395084][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 281.400985][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 281.407231][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 281.412011][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 281.417038][ C0] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 281.422331][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 281.427456][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 281.432834][ C0] bpf_trace_run4+0x13f/0x270 [ 281.437344][ C0] ? bpf_trace_run3+0x250/0x250 [ 281.442035][ C0] __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 281.447333][ C0] __alloc_pages+0x3cb/0x8f0 [ 281.451756][ C0] ? prep_new_page+0x110/0x110 [ 281.456358][ C0] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 281.461824][ C0] ? stack_trace_save+0x113/0x1c0 [ 281.466693][ C0] __stack_depot_save+0x38d/0x470 [ 281.471548][ C0] ? __change_page_attr_set_clr+0x1ec2/0x2480 [ 281.477446][ C0] stack_depot_save+0xe/0x10 [ 281.482217][ C0] save_stack+0x104/0x1e0 [ 281.486383][ C0] ? sched_clock_cpu+0x18/0x3b0 [ 281.491070][ C0] ? __reset_page_owner+0x190/0x190 [ 281.496108][ C0] ? post_alloc_hook+0x1a3/0x1b0 [ 281.500879][ C0] ? prep_new_page+0x1b/0x110 [ 281.505387][ C0] ? get_page_from_freelist+0x3550/0x35d0 [ 281.510943][ C0] ? __alloc_pages+0x27e/0x8f0 [ 281.515542][ C0] ? __stack_depot_save+0x38d/0x470 [ 281.520577][ C0] ? kasan_set_track+0x5d/0x70 [ 281.525177][ C0] ? kasan_set_free_info+0x23/0x40 [ 281.530212][ C0] ? ____kasan_slab_free+0x126/0x160 [ 281.535332][ C0] ? __kasan_slab_free+0x11/0x20 [ 281.540105][ C0] ? slab_free_freelist_hook+0xbd/0x190 [ 281.545486][ C0] ? kfree+0xc8/0x220 [ 281.549309][ C0] ? sock_map_unref+0x352/0x4d0 [ 281.553993][ C0] ? sock_hash_delete_elem+0x274/0x2f0 [ 281.559288][ C0] ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 281.564841][ C0] ? bpf_trace_run4+0x13f/0x270 [ 281.569529][ C0] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 281.574999][ C0] ? post_alloc_hook+0x1a3/0x1b0 [ 281.579857][ C0] ? prep_new_page+0x1b/0x110 [ 281.584373][ C0] __set_page_owner+0x28/0x2e0 [ 281.589232][ C0] ? kernel_init_free_pages+0xda/0xf0 [ 281.594533][ C0] post_alloc_hook+0x1a3/0x1b0 [ 281.599126][ C0] prep_new_page+0x1b/0x110 [ 281.603464][ C0] get_page_from_freelist+0x3550/0x35d0 [ 281.608851][ C0] ? native_flush_tlb_global+0x86/0x140 [ 281.614238][ C0] ? native_flush_tlb_one_user+0x100/0x100 [ 281.619876][ C0] ? lruvec_init+0x150/0x150 [ 281.624299][ C0] ? __alloc_pages+0x8f0/0x8f0 [ 281.628899][ C0] ? __alloc_pages_bulk+0xe40/0xe40 [ 281.633934][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 281.638877][ C0] __alloc_pages+0x27e/0x8f0 [ 281.643304][ C0] ? prep_new_page+0x110/0x110 [ 281.647906][ C0] ? stack_trace_save+0x113/0x1c0 [ 281.652764][ C0] ? __x64_sys_clone+0x23f/0x290 [ 281.657551][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 281.662483][ C0] __stack_depot_save+0x38d/0x470 [ 281.667349][ C0] ? kfree+0xc8/0x220 [ 281.671164][ C0] kasan_set_track+0x5d/0x70 [ 281.675591][ C0] ? kasan_set_track+0x4b/0x70 [ 281.680190][ C0] ? kasan_set_free_info+0x23/0x40 [ 281.685136][ C0] ? ____kasan_slab_free+0x126/0x160 [ 281.690256][ C0] ? __kasan_slab_free+0x11/0x20 [ 281.695031][ C0] ? slab_free_freelist_hook+0xbd/0x190 [ 281.700411][ C0] ? kfree+0xc8/0x220 [ 281.704231][ C0] ? sock_map_unref+0x352/0x4d0 [ 281.708918][ C0] ? sock_hash_delete_elem+0x274/0x2f0 [ 281.714213][ C0] ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 281.719770][ C0] ? bpf_trace_run4+0x13f/0x270 [ 281.724453][ C0] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 281.729920][ C0] ? __alloc_pages+0x3cb/0x8f0 [ 281.734519][ C0] ? __get_free_pages+0x10/0x30 [ 281.739208][ C0] ? kasan_populate_vmalloc_pte+0x39/0x130 [ 281.744848][ C0] ? __apply_to_page_range+0x8dd/0xbe0 [ 281.750233][ C0] ? apply_to_page_range+0x3b/0x50 [ 281.755178][ C0] ? kasan_populate_vmalloc+0x65/0x70 [ 281.760384][ C0] ? alloc_vmap_area+0x192f/0x1a80 [ 281.765333][ C0] ? __get_vm_area_node+0x158/0x360 [ 281.770366][ C0] ? __vmalloc_node_range+0xe2/0x8d0 [ 281.775488][ C0] ? dup_task_struct+0x416/0xc60 [ 281.780262][ C0] ? copy_process+0x5c4/0x3290 [ 281.784861][ C0] ? kernel_clone+0x21e/0x9e0 [ 281.789376][ C0] ? __x64_sys_clone+0x23f/0x290 [ 281.794148][ C0] ? do_syscall_64+0x3d/0xb0 [ 281.798573][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 281.804491][ C0] ? post_alloc_hook+0x1a3/0x1b0 [ 281.809253][ C0] kasan_set_free_info+0x23/0x40 [ 281.814034][ C0] ____kasan_slab_free+0x126/0x160 [ 281.819066][ C0] __kasan_slab_free+0x11/0x20 [ 281.823788][ C0] slab_free_freelist_hook+0xbd/0x190 [ 281.828957][ C0] ? sock_map_unref+0x352/0x4d0 [ 281.833727][ C0] kfree+0xc8/0x220 [ 281.837548][ C0] sock_map_unref+0x352/0x4d0 [ 281.842055][ C0] sock_hash_delete_elem+0x274/0x2f0 [ 281.847176][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 281.852559][ C0] bpf_trace_run4+0x13f/0x270 [ 281.857278][ C0] ? bpf_trace_run3+0x250/0x250 [ 281.861975][ C0] __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 281.867254][ C0] __alloc_pages+0x3cb/0x8f0 [ 281.871692][ C0] ? do_syscall_64+0x3d/0xb0 [ 281.876131][ C0] ? prep_new_page+0x110/0x110 [ 281.880710][ C0] __get_free_pages+0x10/0x30 [ 281.885221][ C0] kasan_populate_vmalloc_pte+0x39/0x130 [ 281.890687][ C0] ? __apply_to_page_range+0x8ca/0xbe0 [ 281.895981][ C0] __apply_to_page_range+0x8dd/0xbe0 [ 281.901103][ C0] ? kasan_populate_vmalloc+0x70/0x70 [ 281.906308][ C0] ? kasan_populate_vmalloc+0x70/0x70 [ 281.911606][ C0] apply_to_page_range+0x3b/0x50 [ 281.916377][ C0] kasan_populate_vmalloc+0x65/0x70 [ 281.921411][ C0] alloc_vmap_area+0x192f/0x1a80 [ 281.926185][ C0] ? vm_map_ram+0xa90/0xa90 [ 281.930523][ C0] ? kmem_cache_alloc_trace+0x115/0x210 [ 281.935917][ C0] ? __get_vm_area_node+0x117/0x360 [ 281.940938][ C0] __get_vm_area_node+0x158/0x360 [ 281.945801][ C0] __vmalloc_node_range+0xe2/0x8d0 [ 281.950756][ C0] ? copy_process+0x5c4/0x3290 [ 281.955366][ C0] ? slab_post_alloc_hook+0x72/0x2c0 [ 281.960572][ C0] ? dup_task_struct+0x53/0xc60 [ 281.965358][ C0] dup_task_struct+0x416/0xc60 [ 281.969960][ C0] ? copy_process+0x5c4/0x3290 [ 281.974684][ C0] ? __kasan_check_write+0x14/0x20 [ 281.979632][ C0] copy_process+0x5c4/0x3290 [ 281.984055][ C0] ? __kasan_check_write+0x14/0x20 [ 281.989004][ C0] ? preempt_count_add+0x92/0x1a0 [ 281.993861][ C0] ? fd_install+0x144/0x250 [ 281.998202][ C0] ? bpf_link_settle+0xc0/0x150 [ 282.002889][ C0] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 282.007835][ C0] ? map_freeze+0x370/0x370 [ 282.012175][ C0] kernel_clone+0x21e/0x9e0 [ 282.016626][ C0] ? create_io_thread+0x1e0/0x1e0 [ 282.021492][ C0] ? security_bpf+0x82/0xb0 [ 282.025825][ C0] __x64_sys_clone+0x23f/0x290 [ 282.030427][ C0] ? __do_sys_vfork+0x130/0x130 [ 282.035128][ C0] ? switch_fpu_return+0x1ed/0x3d0 [ 282.040147][ C0] ? __kasan_check_read+0x11/0x20 [ 282.045010][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 282.050476][ C0] do_syscall_64+0x3d/0xb0 [ 282.054728][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 282.060456][ C0] RIP: 0033:0x7fd605e49bd9 [ 282.064749][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.084341][ C0] RSP: 002b:00007fd6050caff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 282.092584][ C0] RAX: ffffffffffffffda RBX: 00007fd605fd7f60 RCX: 00007fd605e49bd9 [ 282.100394][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000630c1000 [ 282.108207][ C0] RBP: 00007fd605eb8aa1 R08: 0000000000000000 R09: 0000000000000000 [ 282.116019][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 282.124003][ C0] R13: 000000000000000b R14: 00007fd605fd7f60 R15: 00007fffa9a9b838 [ 282.131818][ C0] [ 331.054658][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 144s! [syz.0.2904:7546] [ 331.062813][ C1] Modules linked in: [ 331.066670][ C1] CPU: 1 PID: 7546 Comm: syz.0.2904 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 331.076415][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 331.086283][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 331.091054][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 4b 02 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 331.111320][ C1] RSP: 0018:ffffc90000cb6f20 EFLAGS: 00000246 [ 331.117217][ C1] RAX: 0000000000000001 RBX: 1ffff92000196de8 RCX: 1ffffffff0d1aa9c [ 331.125200][ C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7138ad4 [ 331.133013][ C1] RBP: ffffc90000cb6fd0 R08: dffffc0000000000 R09: ffffed103ee2715b [ 331.140819][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 331.148631][ C1] R13: ffff8881f7138ad4 R14: 0000000000000001 R15: 1ffff92000196dec [ 331.156450][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 331.165209][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 331.171632][ C1] CR2: 000000110c2bb73c CR3: 0000000119046000 CR4: 00000000003506a0 [ 331.179544][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 331.187553][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 331.195364][ C1] Call Trace: [ 331.198488][ C1] [ 331.201177][ C1] ? show_regs+0x58/0x60 [ 331.205268][ C1] ? watchdog_timer_fn+0x4b1/0x5f0 [ 331.210202][ C1] ? proc_watchdog_cpumask+0xd0/0xd0 [ 331.215321][ C1] ? __hrtimer_run_queues+0x41a/0xad0 [ 331.220553][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 331.225601][ C1] ? clockevents_program_event+0x22f/0x300 [ 331.231233][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 331.237137][ C1] ? hrtimer_interrupt+0x40c/0xaa0 [ 331.242084][ C1] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 331.247984][ C1] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 331.253627][ C1] [ 331.256401][ C1] [ 331.259179][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 331.265176][ C1] ? kvm_wait+0x147/0x180 [ 331.269421][ C1] ? asm_common_interrupt+0x27/0x40 [ 331.274456][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 331.279410][ C1] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 331.285305][ C1] ? get_page_from_freelist+0x3550/0x35d0 [ 331.290865][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 331.297110][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 331.301885][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 331.306915][ C1] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 331.312209][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 331.317243][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 331.322624][ C1] bpf_trace_run4+0x13f/0x270 [ 331.327659][ C1] ? bpf_trace_run3+0x250/0x250 [ 331.332345][ C1] __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 331.337764][ C1] __alloc_pages+0x3cb/0x8f0 [ 331.342176][ C1] ? page_remove_rmap+0xe36/0x1420 [ 331.347148][ C1] ? prep_new_page+0x110/0x110 [ 331.351722][ C1] ? page_remove_rmap+0xebe/0x1420 [ 331.356753][ C1] ? page_add_file_rmap+0x8e0/0x8e0 [ 331.361709][ C1] ? mark_page_accessed+0x56b/0xbf0 [ 331.366756][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 331.371340][ C1] __get_free_pages+0x10/0x30 [ 331.375854][ C1] __tlb_remove_page_size+0x178/0x300 [ 331.381070][ C1] unmap_page_range+0x1226/0x1ed0 [ 331.385927][ C1] ? mmu_notifier_invalidate_range_end+0xe0/0xe0 [ 331.392108][ C1] ? __pagevec_lru_add+0xcde/0xd70 [ 331.397031][ C1] ? uprobe_munmap+0x18d/0x450 [ 331.401635][ C1] ? lru_cache_add+0x540/0x540 [ 331.406229][ C1] unmap_vmas+0x389/0x560 [ 331.410401][ C1] ? unmap_page_range+0x1ed0/0x1ed0 [ 331.415430][ C1] ? tlb_gather_mmu_fullmm+0x165/0x210 [ 331.420731][ C1] exit_mmap+0x3e4/0x940 [ 331.424802][ C1] ? exit_aio+0x25e/0x3c0 [ 331.428972][ C1] ? vm_brk+0x30/0x30 [ 331.432792][ C1] ? mutex_unlock+0xb2/0x260 [ 331.437217][ C1] ? uprobe_clear_state+0x2cd/0x320 [ 331.442251][ C1] __mmput+0x95/0x310 [ 331.446068][ C1] mmput+0x5b/0x170 [ 331.449714][ C1] do_exit+0xb9c/0x2ca0 [ 331.453708][ C1] ? put_task_struct+0x80/0x80 [ 331.458305][ C1] ? __schedule+0xcd4/0x1590 [ 331.462731][ C1] ? __kasan_check_write+0x14/0x20 [ 331.467678][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 331.472623][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 331.478006][ C1] do_group_exit+0x141/0x310 [ 331.482433][ C1] get_signal+0x7a3/0x1630 [ 331.486690][ C1] ? do_nanosleep+0x555/0x6a0 [ 331.491202][ C1] arch_do_signal_or_restart+0xbd/0x1680 [ 331.496666][ C1] ? hrtimer_nanosleep+0x107/0x3f0 [ 331.501615][ C1] ? hrtimer_nanosleep+0x306/0x3f0 [ 331.506562][ C1] ? nanosleep_copyout+0x120/0x120 [ 331.511510][ C1] ? __remove_hrtimer+0x4d0/0x4d0 [ 331.516367][ C1] ? get_sigframe_size+0x10/0x10 [ 331.521149][ C1] ? __se_sys_futex+0x37b/0x3e0 [ 331.525831][ C1] ? fpu_flush_thread+0xf0/0xf0 [ 331.530515][ C1] exit_to_user_mode_loop+0xa0/0xe0 [ 331.535548][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 331.540846][ C1] syscall_exit_to_user_mode+0x26/0x160 [ 331.546233][ C1] do_syscall_64+0x49/0xb0 [ 331.550477][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 331.556205][ C1] RIP: 0033:0x7f1ba650ebd9 [ 331.560463][ C1] Code: Unable to access opcode bytes at RIP 0x7f1ba650ebaf. [ 331.567663][ C1] RSP: 002b:00007f1ba57900f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 331.575907][ C1] RAX: fffffffffffffe00 RBX: 00007f1ba669cf68 RCX: 00007f1ba650ebd9 [ 331.583719][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1ba669cf68 [ 331.591549][ C1] RBP: 00007f1ba669cf60 R08: 00007f1ba57906c0 R09: 00007f1ba57906c0 [ 331.599345][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ba669cf6c [ 331.607151][ C1] R13: 000000000000000b R14: 00007ffea73c7f20 R15: 00007ffea73c8008 [ 331.615233][ C1] [ 331.618093][ C1] Sending NMI from CPU 1 to CPUs 0: [ 331.623158][ C0] NMI backtrace for cpu 0 [ 331.623169][ C0] CPU: 0 PID: 7573 Comm: syz.4.2913 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 331.623187][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 331.623196][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 331.623219][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 4b 02 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 331.623232][ C0] RSP: 0018:ffffc900009a6340 EFLAGS: 00000246 [ 331.623246][ C0] RAX: 0000000000000003 RBX: 1ffff92000134c6c RCX: ffffffff8154fbbf [ 331.623258][ C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff88810b8a2a98 [ 331.623269][ C0] RBP: ffffc900009a63f0 R08: dffffc0000000000 R09: ffffed1021714554 [ 331.623281][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 331.623292][ C0] R13: ffff88810b8a2a98 R14: 0000000000000003 R15: 1ffff92000134c70 [ 331.623303][ C0] FS: 00007fd6050cb6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 331.623317][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 331.623328][ C0] CR2: 0000000000000000 CR3: 0000000113b9a000 CR4: 00000000003506b0 [ 331.623342][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 331.623357][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 331.623367][ C0] Call Trace: [ 331.623373][ C0] [ 331.623382][ C0] ? show_regs+0x58/0x60 [ 331.623398][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 331.623417][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 331.623436][ C0] ? kvm_wait+0x147/0x180 [ 331.623450][ C0] ? kvm_wait+0x147/0x180 [ 331.623473][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 331.623491][ C0] ? nmi_handle+0xa8/0x280 [ 331.623506][ C0] ? kvm_wait+0x147/0x180 [ 331.623520][ C0] ? default_do_nmi+0x69/0x160 [ 331.623537][ C0] ? exc_nmi+0xaf/0x120 [ 331.623551][ C0] ? end_repeat_nmi+0x16/0x31 [ 331.623567][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 331.623586][ C0] ? kvm_wait+0x147/0x180 [ 331.623600][ C0] ? kvm_wait+0x147/0x180 [ 331.623614][ C0] ? kvm_wait+0x147/0x180 [ 331.623628][ C0] [ 331.623633][ C0] [ 331.623638][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 331.623654][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 331.623669][ C0] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 331.623688][ C0] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 331.623706][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 331.623726][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 331.623744][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 331.623761][ C0] ? sock_hash_bucket_hash+0x31c/0x7e0 [ 331.623780][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 331.623798][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 331.623812][ C0] bpf_trace_run4+0x13f/0x270 [ 331.623830][ C0] ? bpf_trace_run3+0x250/0x250 [ 331.623848][ C0] __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 331.623870][ C0] __alloc_pages+0x3cb/0x8f0 [ 331.623886][ C0] ? prep_new_page+0x110/0x110 [ 331.623903][ C0] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 331.623918][ C0] ? stack_trace_save+0x113/0x1c0 [ 331.623936][ C0] __stack_depot_save+0x38d/0x470 [ 331.623950][ C0] ? __change_page_attr_set_clr+0x1ec2/0x2480 [ 331.623968][ C0] stack_depot_save+0xe/0x10 [ 331.623981][ C0] save_stack+0x104/0x1e0 [ 331.623994][ C0] ? sched_clock_cpu+0x18/0x3b0 [ 331.624010][ C0] ? __reset_page_owner+0x190/0x190 [ 331.624023][ C0] ? post_alloc_hook+0x1a3/0x1b0 [ 331.624038][ C0] ? prep_new_page+0x1b/0x110 [ 331.624053][ C0] ? get_page_from_freelist+0x3550/0x35d0 [ 331.624069][ C0] ? __alloc_pages+0x27e/0x8f0 [ 331.624084][ C0] ? __stack_depot_save+0x38d/0x470 [ 331.624097][ C0] ? kasan_set_track+0x5d/0x70 [ 331.624111][ C0] ? kasan_set_free_info+0x23/0x40 [ 331.624126][ C0] ? ____kasan_slab_free+0x126/0x160 [ 331.624140][ C0] ? __kasan_slab_free+0x11/0x20 [ 331.624154][ C0] ? slab_free_freelist_hook+0xbd/0x190 [ 331.624171][ C0] ? kfree+0xc8/0x220 [ 331.624185][ C0] ? sock_map_unref+0x352/0x4d0 [ 331.624200][ C0] ? sock_hash_delete_elem+0x274/0x2f0 [ 331.624216][ C0] ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 331.624228][ C0] ? bpf_trace_run4+0x13f/0x270 [ 331.624243][ C0] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 331.624258][ C0] ? post_alloc_hook+0x1a3/0x1b0 [ 331.624274][ C0] ? prep_new_page+0x1b/0x110 [ 331.624290][ C0] __set_page_owner+0x28/0x2e0 [ 331.624303][ C0] ? kernel_init_free_pages+0xda/0xf0 [ 331.624320][ C0] post_alloc_hook+0x1a3/0x1b0 [ 331.624336][ C0] prep_new_page+0x1b/0x110 [ 331.624351][ C0] get_page_from_freelist+0x3550/0x35d0 [ 331.624372][ C0] ? native_flush_tlb_global+0x86/0x140 [ 331.624387][ C0] ? native_flush_tlb_one_user+0x100/0x100 [ 331.624404][ C0] ? lruvec_init+0x150/0x150 [ 331.624426][ C0] ? __alloc_pages+0x8f0/0x8f0 [ 331.624444][ C0] ? __alloc_pages_bulk+0xe40/0xe40 [ 331.624459][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 331.624476][ C0] __alloc_pages+0x27e/0x8f0 [ 331.624491][ C0] ? prep_new_page+0x110/0x110 [ 331.624508][ C0] ? stack_trace_save+0x113/0x1c0 [ 331.624523][ C0] ? __x64_sys_clone+0x23f/0x290 [ 331.624541][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 331.624557][ C0] __stack_depot_save+0x38d/0x470 [ 331.624572][ C0] ? kfree+0xc8/0x220 [ 331.624586][ C0] kasan_set_track+0x5d/0x70 [ 331.624600][ C0] ? kasan_set_track+0x4b/0x70 [ 331.624613][ C0] ? kasan_set_free_info+0x23/0x40 [ 331.624627][ C0] ? ____kasan_slab_free+0x126/0x160 [ 331.624642][ C0] ? __kasan_slab_free+0x11/0x20 [ 331.624656][ C0] ? slab_free_freelist_hook+0xbd/0x190 [ 331.624673][ C0] ? kfree+0xc8/0x220 [ 331.624691][ C0] ? sock_map_unref+0x352/0x4d0 [ 331.624706][ C0] ? sock_hash_delete_elem+0x274/0x2f0 [ 331.624723][ C0] ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 331.624735][ C0] ? bpf_trace_run4+0x13f/0x270 [ 331.624750][ C0] ? __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 331.624764][ C0] ? __alloc_pages+0x3cb/0x8f0 [ 331.624780][ C0] ? __get_free_pages+0x10/0x30 [ 331.624795][ C0] ? kasan_populate_vmalloc_pte+0x39/0x130 [ 331.624811][ C0] ? __apply_to_page_range+0x8dd/0xbe0 [ 331.624825][ C0] ? apply_to_page_range+0x3b/0x50 [ 331.624840][ C0] ? kasan_populate_vmalloc+0x65/0x70 [ 331.624859][ C0] ? alloc_vmap_area+0x192f/0x1a80 [ 331.624877][ C0] ? __get_vm_area_node+0x158/0x360 [ 331.624892][ C0] ? __vmalloc_node_range+0xe2/0x8d0 [ 331.624907][ C0] ? dup_task_struct+0x416/0xc60 [ 331.624922][ C0] ? copy_process+0x5c4/0x3290 [ 331.624938][ C0] ? kernel_clone+0x21e/0x9e0 [ 331.624953][ C0] ? __x64_sys_clone+0x23f/0x290 [ 331.624969][ C0] ? do_syscall_64+0x3d/0xb0 [ 331.624983][ C0] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 331.625003][ C0] ? post_alloc_hook+0x1a3/0x1b0 [ 331.625018][ C0] kasan_set_free_info+0x23/0x40 [ 331.625033][ C0] ____kasan_slab_free+0x126/0x160 [ 331.625049][ C0] __kasan_slab_free+0x11/0x20 [ 331.625062][ C0] slab_free_freelist_hook+0xbd/0x190 [ 331.625080][ C0] ? sock_map_unref+0x352/0x4d0 [ 331.625095][ C0] kfree+0xc8/0x220 [ 331.625112][ C0] sock_map_unref+0x352/0x4d0 [ 331.625129][ C0] sock_hash_delete_elem+0x274/0x2f0 [ 331.625146][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x48c [ 331.625159][ C0] bpf_trace_run4+0x13f/0x270 [ 331.625175][ C0] ? bpf_trace_run3+0x250/0x250 [ 331.625194][ C0] __bpf_trace_mm_page_alloc+0xbf/0xf0 [ 331.625209][ C0] __alloc_pages+0x3cb/0x8f0 [ 331.625225][ C0] ? do_syscall_64+0x3d/0xb0 [ 331.625239][ C0] ? prep_new_page+0x110/0x110 [ 331.625258][ C0] __get_free_pages+0x10/0x30 [ 331.625274][ C0] kasan_populate_vmalloc_pte+0x39/0x130 [ 331.625290][ C0] ? __apply_to_page_range+0x8ca/0xbe0 [ 331.625305][ C0] __apply_to_page_range+0x8dd/0xbe0 [ 331.625320][ C0] ? kasan_populate_vmalloc+0x70/0x70 [ 331.625339][ C0] ? kasan_populate_vmalloc+0x70/0x70 [ 331.625354][ C0] apply_to_page_range+0x3b/0x50 [ 331.625369][ C0] kasan_populate_vmalloc+0x65/0x70 [ 331.625385][ C0] alloc_vmap_area+0x192f/0x1a80 [ 331.625404][ C0] ? vm_map_ram+0xa90/0xa90 [ 331.625418][ C0] ? kmem_cache_alloc_trace+0x115/0x210 [ 331.625434][ C0] ? __get_vm_area_node+0x117/0x360 [ 331.625450][ C0] __get_vm_area_node+0x158/0x360 [ 331.625466][ C0] __vmalloc_node_range+0xe2/0x8d0 [ 331.625480][ C0] ? copy_process+0x5c4/0x3290 [ 331.625496][ C0] ? slab_post_alloc_hook+0x72/0x2c0 [ 331.625513][ C0] ? dup_task_struct+0x53/0xc60 [ 331.625531][ C0] dup_task_struct+0x416/0xc60 [ 331.625546][ C0] ? copy_process+0x5c4/0x3290 [ 331.625562][ C0] ? __kasan_check_write+0x14/0x20 [ 331.625579][ C0] copy_process+0x5c4/0x3290 [ 331.625594][ C0] ? __kasan_check_write+0x14/0x20 [ 331.625610][ C0] ? preempt_count_add+0x92/0x1a0 [ 331.625626][ C0] ? fd_install+0x144/0x250 [ 331.625641][ C0] ? bpf_link_settle+0xc0/0x150 [ 331.625657][ C0] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 331.625674][ C0] ? map_freeze+0x370/0x370 [ 331.625689][ C0] kernel_clone+0x21e/0x9e0 [ 331.625706][ C0] ? create_io_thread+0x1e0/0x1e0 [ 331.625723][ C0] ? security_bpf+0x82/0xb0 [ 331.625738][ C0] __x64_sys_clone+0x23f/0x290 [ 331.625755][ C0] ? __do_sys_vfork+0x130/0x130 [ 331.625770][ C0] ? switch_fpu_return+0x1ed/0x3d0 [ 331.625788][ C0] ? __kasan_check_read+0x11/0x20 [ 331.625804][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 331.625820][ C0] do_syscall_64+0x3d/0xb0 [ 331.625834][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 331.625849][ C0] RIP: 0033:0x7fd605e49bd9 [ 331.625866][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.625879][ C0] RSP: 002b:00007fd6050caff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 331.625895][ C0] RAX: ffffffffffffffda RBX: 00007fd605fd7f60 RCX: 00007fd605e49bd9 [ 331.625907][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000630c1000 [ 331.625917][ C0] RBP: 00007fd605eb8aa1 R08: 0000000000000000 R09: 0000000000000000 [ 331.625927][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 331.625936][ C0] R13: 000000000000000b R14: 00007fd605fd7f60 R15: 00007fffa9a9b838 [ 331.625950][ C0]