last executing test programs: 4.383883112s ago: executing program 1 (id=4692): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0200000004000000ff0f0000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000020007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@noload}, {@mblk_io_submit}, {@data_err_abort}, {@auto_da_alloc}, {@block_validity}, {@quota}]}, 0x3, 0x449, &(0x7f0000000740)="$eJzs28trXNUfAPDvnSR995f8Sn30oUarGHwkTfqwCzeKggsLgi7qMiZpqZ020kSwpWgVqUspuC8uBf8CV7oRdSW41b0UimTTKghX7sy9ycxkJp2Jk0zrfD5wk3PuPZNzvnPvuXPOPZkA+tZo9iOJ2BURv0bEcDVbX2C0+uvO0pWZP5euzCSRpm/+kVTK3V66MlMULV63s8gMRpQ+TeJAk3oXLl0+N10uz13M8xOL59+bWLh0+fmz56fPzJ2ZuzB14sTRI5MvHJ861pU4s7hu7/9w/uC+196+fnLm1PV3fvw6KeJviKNLRtc6+FSadrm63tpdk04GVx/ftpmNoW0D1W4aQ5X+PxwDsXLyhuPVT3raOGBDpWmaPtj68NUU+A9LotctAHqj+KDP5r/FtklDj3vCrZeqE6As7jv5Vj0yGKW8zFDD/LabRiPi1NW/bmRbbMxzCACAOt9m45/nmo3/SlH7XOh/+RrKSET8PyL2RMTxiNgbEQ9EVMo+FBEPd1h/4yLJ6vFP6ea6AmtTNv57MV/bqh//FaO/GBnIc7sr8Q8lp8+W5w7n78lYDG3N8pNr1PHdK7983upY7fgv27L6i7Fg3o6bg1vrXzM7vTj9b2KudevjiP2DzeJPllcCkojYFxH711nH2We+OtjqWJP4/07T9EZbf7jJOlOn0i8jnq6e/6vREH8hWXt9cmJblOcOTxRXxWo//XztjVb13/38b6zs/O9oev0vxz+S1K7XLnRex7XfPms5p1nv9b8leatu3wfTi4sXJyO2JK8PRX6fWt4/1VBuaqV8Fv/Yoeb9f0+svBMHIiK7iB+JiEcj4rG87Y9HxBMRcWiN+H94+cl363aM7eog/o2VxT/b0flfSWyJxj3NEwPnvv+mrtKR6CD+7PwfraTG8j3t3P/aadf6rmYAAAC4/5QiYlckpfHldKk0Pl79H/69saNUnl9YfPb0/PsXZqvfERiJoVLxpGu45nnoZD6tL/JTDfkj+XPjLwa2V/LjM/Pl2V4HD31uZ4v+n/l9oNetAzZcF9bRgPuU/g/9S/+H/qX/Q/9q0v+396IdwOZr9vn/UQ/aAWy+hv5v2Q/6iPk/9C/9H/qX/g99aWF73P1L8hISqxJRuieaIdFJ4uSxtgv3+s4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHf8EAAD//yeb6Hg=") setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000100), &(0x7f00000001c0)=ANY=[], 0x386, 0x0) 4.28374881s ago: executing program 1 (id=4693): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x40000000004) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x33) 3.490611146s ago: executing program 4 (id=4699): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_clone(0x40b04000, 0x0, 0x0, 0x0, 0x0, 0x0) 3.297860363s ago: executing program 4 (id=4703): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) r0 = userfaultfd(0x1) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x4) io_setup(0x7, &(0x7f0000007f00)=0x0) io_submit(r1, 0x1, &(0x7f0000000000)=[&(0x7f0000007f80)={0x0, 0x0, 0x8, 0x0, 0x0, r0, 0x0}]) 3.2089021s ago: executing program 4 (id=4704): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$tty20(0xc, 0x4, 0x1) 2.539216387s ago: executing program 2 (id=4720): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000640)={0x2c, 0x0, &(0x7f0000000cc0)={0x0, 0x3, 0x4, @string={0x0, 0x3, "dea1ad5e27d106e952a1d5ed74e58fa0efb756caf023c222dbe0d8eb236da204b60ea0581e7243d35689e36d67c866499de993fb195f87d34ce6027bbb53e8d5a525f9bbfc6cfa9fd46e8d6a5e31d0464f3f2d761a43a54600de9f59dcdb75578210216663f3b93be20c448ace9439d248b5a4072b36fdbdf6bc83031a5ec5975644387e13390e950777a0336413307412844ed244a9c68cf1ddaf107a046af7b0e234cd40382cc71ed148f9783e8c540e8bf78832c0a45e58195d11536f43aee38b35f898eacb807cf2f5eb3781e882645b272eface"}}, 0x0, 0x0, 0x0}, 0x0) 2.468688233s ago: executing program 3 (id=4723): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) 2.468540633s ago: executing program 0 (id=4724): open(&(0x7f0000000140)='./bus\x00', 0x14937e, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r0, 0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x80104592, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"}) 2.468367213s ago: executing program 3 (id=4725): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)='%-010d \x00'}, 0x20) 2.465767313s ago: executing program 0 (id=4726): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000084c05e60c00000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001980)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="20013f"], 0x0}) 2.458761873s ago: executing program 3 (id=4727): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x74000000, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000600060000000000060009"], 0x4c}}, 0x0) 2.356666312s ago: executing program 3 (id=4728): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000680)=ANY=[@ANYBLOB='\x00\x00\v'], 0x0, 0x0, 0x0, 0x0}, 0x0) 2.196546825s ago: executing program 1 (id=4729): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 2.187629396s ago: executing program 1 (id=4730): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8) 2.168744008s ago: executing program 1 (id=4731): syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000480)='./file0\x00', 0x18090, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES32, @ANYRES8, @ANYRES16=0x0, @ANYRES64], 0x8, 0x2ee, &(0x7f00000004c0)="$eJzs3L9PE2EYwPGHtpS2BMpgNJoY3uiiywWqs9IYSIxNJEiNPxKTA67a9GzJXYOpMaKTq/GPcCCMbCTKP8DipouLG4uJgwzGM73eUSgHaFtahO8nIfdwz/vcvW9ayPM2bTfuvX1ayNlaTi9LKKakR0RkU2RIQuLr8Y4hN47Kdq/kcv+Pz+fv3H9wK53JjE8pNZGevpJSSg0Of3j2Iu4NW+2T9aFHG99T39ZPr5/d+D39JG+rvK2KpbLS1Uzpa1mfMQ01l7cLmlKTpqHbhsoXbcOq5Uu1fM4szc9XlF6cG0jMW4ZtK71YUQWjosolVbYqKvxYzxeVpmlqICE4SHZpakpPN1k82+bJ4JBYVloPi0h8Vya71JUJAQCArmrs/0Oi2tn/L19YK/ffXRn0+v/VaFD/f/VL7Vo7+v+YiAT2//79A/t//d/6/90d0cnSUv+Po2E4uutUTz2sJq20nvD+fl2vHy6PuAH9PwAAAAAAAAAAAAAAAAAAAAAA/4NNx0k6jpP0j/5Pn4jERMT/PaA0LCLXuzBltFELjz+OgfoH9yKDIuabhexCtnb0BqyJiCmGjEhSfrnPB0819j95pKqG5KO56NUvLmTDbia96NWPSrJXGusdZ+JmZnxU1eys75VEtT4nebc+JUk5FVyfCqyPyqWL2+o1ScqnWSmJKXPuPOr1L0eVunE701Afd8cBAAAAAHAcaGpL4P5d0/bK1+q39teNrw+E6/vrkcD9eUTORbq7dgAAAAAATgq78rygm6Zh7RPE5eAxzQeRPVKxFq/sr/Bvq/z3MhzeSvcJ/JvvSMW8k229l3hfD9vidULSTNVwdTWq1VX4LxvtNUYmxzr/CLrBmXfvf7bvgtdWYgestPkgvP8ToLdj/4AAAAAAdEy96ffPjHV3QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnECd+Ha0bq8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCr+BAAA//9SBASM") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000300)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x13, r0, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 2.100879043s ago: executing program 1 (id=4732): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x64, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x0, 0xca8}]}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.219256627s ago: executing program 4 (id=4733): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r1}, 0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) close(r0) 1.148531974s ago: executing program 4 (id=4734): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) munlockall() 1.080798339s ago: executing program 4 (id=4735): syz_clone(0x19040800, 0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000340)) eventfd(0x0) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56e, 0x10c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x29}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 506.124327ms ago: executing program 2 (id=4736): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0xa, 0x3, 0x6) getsockopt$bt_BT_SECURITY(r0, 0x29, 0x24, 0x0, 0x2054dfff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, 0xffffffffffffffff, 0x0) 498.301468ms ago: executing program 2 (id=4737): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) socketpair(0xa, 0x1, 0x0, &(0x7f0000000000)) 478.90643ms ago: executing program 2 (id=4738): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007ed, &(0x7f0000008400)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000180)=[{0x20, 0x2, 0x0, 0xfffff010}, {0x28, 0x0, 0x0, 0x7ffff021}, {0x6, 0x0, 0x9}]}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="03", 0x1, 0x0, 0x0, 0x0) 478.49871ms ago: executing program 2 (id=4739): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000cc0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="8ec1cc54649640be1983f79c5bfe88cd6a6afd5570ab59578db363f4892559f334d436138406b699de69db13fd73742880", 0x31}, {&(0x7f0000000340)="b0fef28adda655a00a8ce0bb7d504206000000000000001abe0a88f67472c3cd975c9884ae01084df2b7f556e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab1fe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f7094ca640633ba7e0793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c898340102268c474bf8b7db27c8787b34cae8a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b033a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf57774d0c993f5524409672b4f35409a8720dc2b78f83198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4c79ff80f6938e0560d9d8e925bdc4fffffffffffffff8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9ba1ee447b5bfd5b9d3711b3ea5c6361a97d4d46b8b406091be9433f950613083805aa4ae31e3aef57eb8d299548df54dffb7c4af7f00a869c6bdbc6c2bd1a83262981638ae365b2611d2b50c5f000000d620e2a52db4283dc9", 0x217}, {&(0x7f0000000f00)="1b3b351333f3a3b13679144b7cd8a483d6dbc75ded5829aceff163e19496e9ba6875841285b877fac97b183e950017761d4433127df4ffeab47d3545970ac2571b8775e05a2ec30dbc2154f17ddb1de319411d093471a30c77ca0d06d1576a43cbd48ecc22dd81c5aeeef4a0a53a5d93a9b5b000bba7223848aa6b97abe164077f7737311f187ffdfefdae072f6c3d59bf", 0x91}], 0x3}, 0x0) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0) close(r0) 465.002671ms ago: executing program 3 (id=4740): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) 416.826495ms ago: executing program 3 (id=4741): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000081008010000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f0000000afc1a9b"], 0x0}, 0x0) 416.577195ms ago: executing program 2 (id=4742): r0 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) syz_usb_disconnect(r0) 31.095007ms ago: executing program 0 (id=4743): r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x40142, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xfffffffffffffe43}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) copy_file_range(r1, &(0x7f00000001c0), r0, 0x0, 0x0, 0x700000000000000) 24.354618ms ago: executing program 0 (id=4744): rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x5, 0x4, @tid=r0}, &(0x7f0000000300)) r1 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8) timer_settime(0x0, 0x3, &(0x7f000004a000)={{0x0, 0x1}, {0x7, 0xe4c}}, 0x0) readv(r1, &(0x7f0000000340)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000000280)=""/75, 0x4b}], 0x2) 17.734199ms ago: executing program 0 (id=4745): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20380}}}}}}]}, 0x48}}, 0x0) 0s ago: executing program 0 (id=4746): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) kernel console output (not intermixed with test programs): , /dev/loop3p3, 10) failed: No such file or directory [ 226.213140][ T430] udevd[430]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 226.225332][ T321] udevd[321]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 226.244636][ T313] usb 5-1: USB disconnect, device number 67 [ 226.251427][ T9679] input: syz0 as /devices/virtual/input/input114 [ 226.262195][ T316] usb 1-1: USB disconnect, device number 64 [ 226.270182][ T316] usblp0: removed [ 226.289115][ T9683] loop3: detected capacity change from 0 to 128 [ 226.295554][ T9683] EXT4-fs: Ignoring removed nobh option [ 226.302959][ T9683] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 226.311684][ T9683] ext4 filesystem being mounted at /188/mnt supports timestamps until 2038 (0x7fffffff) [ 226.329860][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 226.506516][ T9720] loop3: detected capacity change from 0 to 1024 [ 226.513085][ T9720] EXT4-fs: Ignoring removed mblk_io_submit option [ 226.520787][ T9720] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 226.538702][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 226.564774][ T9725] loop3: detected capacity change from 0 to 1024 [ 226.571595][ T9725] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 226.581276][ T9725] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 226.592250][ T9725] EXT4-fs error (device loop3): ext4_get_journal_inode:5720: inode #5: comm syz.3.4045: unexpected bad inode w/o EXT4_IGET_BAD [ 226.605551][ T9725] EXT4-fs (loop3): no journal found [ 226.616172][ T9725] EXT4-fs (loop3): can't get journal size [ 226.622702][ T9725] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 226.647063][ T9725] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.4045: bg 0: block 32: padding at end of block bitmap is not set [ 226.667933][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 226.679971][ T9743] loop3: detected capacity change from 0 to 128 [ 226.689086][ T9743] FAT-fs (loop3): Directory bread(block 32) failed [ 226.695839][ T9743] FAT-fs (loop3): Directory bread(block 33) failed [ 226.702276][ T9743] FAT-fs (loop3): Directory bread(block 34) failed [ 226.708612][ T9743] FAT-fs (loop3): Directory bread(block 35) failed [ 226.715601][ T9743] FAT-fs (loop3): Directory bread(block 36) failed [ 226.722227][ T9743] FAT-fs (loop3): Directory bread(block 37) failed [ 226.733369][ T9743] FAT-fs (loop3): Directory bread(block 38) failed [ 226.739716][ T9743] FAT-fs (loop3): Directory bread(block 39) failed [ 226.746459][ T9743] FAT-fs (loop3): Directory bread(block 40) failed [ 226.754858][ T9743] FAT-fs (loop3): Directory bread(block 41) failed [ 226.812650][ T9743] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 226.815021][ T9762] syz.0.4059[9762] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 226.820127][ T9743] FAT-fs (loop3): Filesystem has been set read-only [ 226.820269][ T9762] syz.0.4059[9762] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 226.872986][ T9768] loop0: detected capacity change from 0 to 256 [ 226.890466][ T9768] exfat: Deprecated parameter 'utf8' [ 226.895810][ T9768] exfat: Deprecated parameter 'namecase' [ 226.905815][ T9768] exfat: Deprecated parameter 'utf8' [ 226.914481][ T9768] /dev/loop0: Can't open blockdev [ 227.190975][ T313] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 227.220980][ T316] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 227.276864][ T9827] loop0: detected capacity change from 0 to 1024 [ 227.283539][ T9827] /dev/loop0: Can't open blockdev [ 227.500889][ T316] usb 2-1: Using ep0 maxpacket: 8 [ 227.540941][ T5698] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 227.571364][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 227.583416][ T9851] loop0: detected capacity change from 0 to 1024 [ 227.597722][ T9851] /dev/loop0: Can't open blockdev [ 227.602687][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 227.612429][ T313] usb 5-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 227.621925][ T316] usb 2-1: config 0 has no interfaces? [ 227.627450][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.635920][ T313] usb 5-1: config 0 descriptor?? [ 227.790950][ T316] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 227.805248][ T316] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.814918][ T316] usb 2-1: Product: syz [ 227.819064][ T316] usb 2-1: Manufacturer: syz [ 227.823712][ T316] usb 2-1: SerialNumber: syz [ 227.838117][ T316] usb 2-1: config 0 descriptor?? [ 227.910963][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 227.920624][ T5698] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 227.929577][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.938114][ T5698] usb 4-1: config 0 descriptor?? [ 228.090966][ T2620] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 228.093860][ T19] usb 2-1: USB disconnect, device number 61 [ 228.104746][ T313] pantherlord 0003:0F30:0111.00D0: item fetching failed at offset 6/7 [ 228.113436][ T313] pantherlord 0003:0F30:0111.00D0: parse failed [ 228.119497][ T313] pantherlord: probe of 0003:0F30:0111.00D0 failed with error -22 [ 228.240958][ T316] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 228.307064][ T313] usb 5-1: USB disconnect, device number 68 [ 228.421638][ T5698] lenovo 0003:17EF:6047.00D1: item fetching failed at offset 2/5 [ 228.429350][ T5698] lenovo 0003:17EF:6047.00D1: hid_parse failed [ 228.435435][ T5698] lenovo: probe of 0003:17EF:6047.00D1 failed with error -22 [ 228.451011][ T2620] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 228.459021][ T2620] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 228.469707][ T2620] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 228.482460][ T2620] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 228.491070][ T316] usb 1-1: Using ep0 maxpacket: 8 [ 228.491294][ T2620] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.504578][ T2620] usb 3-1: config 0 descriptor?? [ 228.623747][ T5698] usb 4-1: USB disconnect, device number 62 [ 228.811016][ T316] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= b.64 [ 228.822112][ T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.830340][ T316] usb 1-1: Product: syz [ 228.834718][ T316] usb 1-1: Manufacturer: syz [ 228.839337][ T316] usb 1-1: SerialNumber: syz [ 228.845789][ T316] usb 1-1: config 0 descriptor?? [ 228.870940][ T314] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 228.881549][ T316] usb-storage 1-1:0.0: USB Mass Storage device detected [ 228.888941][ T316] usb-storage 1-1:0.0: This device (0595,4343,0b64 S 05 P 17) has an unneeded SubClass entry in unusual_devs.h (kernel 6.1.99-syzkaller-00050-gadd3d68602a0) [ 228.888941][ T316] Please send a copy of this message to and [ 228.981774][ T2620] plantronics 0003:047F:FFFF.00D2: unknown main item tag 0xd [ 228.989734][ T2620] plantronics 0003:047F:FFFF.00D2: No inputs registered, leaving [ 228.998836][ T2620] plantronics 0003:047F:FFFF.00D2: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 229.082350][ T2620] usb 1-1: USB disconnect, device number 65 [ 229.230996][ T314] usb 2-1: config 0 has an invalid interface number: 32 but max is 0 [ 229.239125][ T314] usb 2-1: config 0 has no interface number 0 [ 229.245333][ T314] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.256172][ T314] usb 2-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.265888][ T314] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 229.266508][ T313] usb 3-1: USB disconnect, device number 63 [ 229.276358][ T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.290042][ T314] usb 2-1: config 0 descriptor?? [ 229.490935][ T316] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 229.597380][ T9887] bridge0: port 3(syz_tun) entered blocking state [ 229.603689][ T9887] bridge0: port 3(syz_tun) entered disabled state [ 229.733854][ T316] usb 4-1: Using ep0 maxpacket: 16 [ 229.771740][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.782491][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.790814][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.798914][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.807108][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.815231][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.823334][ T314] logitech-djreceiver 0003:046D:C71B.00D3: unknown main item tag 0x0 [ 229.832080][ T314] logitech-djreceiver 0003:046D:C71B.00D3: hidraw0: USB HID v0.00 Device [HID 046d:c71b] on usb-dummy_hcd.1-1/input32 [ 229.978031][ T314] usb 2-1: USB disconnect, device number 62 [ 229.989156][ T9924] loop2: detected capacity change from 0 to 40427 [ 229.989469][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 229.989481][ T28] audit: type=1326 audit(2000000288.651:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.024871][ T28] audit: type=1326 audit(2000000288.691:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.048232][ T28] audit: type=1326 audit(2000000288.691:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.048519][ T9924] F2FS-fs (loop2): fault_injection options not supported [ 230.071812][ T28] audit: type=1326 audit(2000000288.691:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.083507][ T9924] F2FS-fs (loop2): heap/no_heap options were deprecated [ 230.101646][ T28] audit: type=1326 audit(2000000288.691:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.108368][ T316] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 230.132199][ T9924] F2FS-fs (loop2): invalid crc value [ 230.145316][ T28] audit: type=1326 audit(2000000288.691:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.169003][ T316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.169076][ T28] audit: type=1326 audit(2000000288.691:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.199908][ T316] usb 4-1: Product: syz [ 230.199928][ T316] usb 4-1: Manufacturer: syz [ 230.199940][ T316] usb 4-1: SerialNumber: syz [ 230.213402][ T316] r8152-cfgselector 4-1: config 0 descriptor?? [ 230.213405][ T28] audit: type=1400 audit(2000000288.691:605): avc: denied { sqpoll } for pid=9932 comm="syz.4.4135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 230.213428][ T28] audit: type=1326 audit(2000000288.691:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.262794][ T9924] F2FS-fs (loop2): Found nat_bits in checkpoint [ 230.316059][ T28] audit: type=1326 audit(2000000288.691:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9932 comm="syz.4.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f0c03b7dff9 code=0x7ffc0000 [ 230.371854][ T9924] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 230.486632][ T9962] syz.4.4147[9962] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 230.486680][ T9962] syz.4.4147[9962] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 230.504444][ T5316] bio_check_eod: 35 callbacks suppressed [ 230.504456][ T5316] syz-executor: attempt to access beyond end of device [ 230.504456][ T5316] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 230.650482][ T9978] loop1: detected capacity change from 0 to 256 [ 230.659367][ T9978] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 230.709304][ T316] r8152-cfgselector 4-1: Unknown version 0x0000 [ 230.720355][ T316] r8152-cfgselector 4-1: bad CDC descriptors [ 230.744036][ T316] r8152-cfgselector 4-1: Unknown version 0x0000 [ 230.757814][ T316] r8152-cfgselector 4-1: USB disconnect, device number 63 [ 230.820919][ T314] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 230.889309][ T9997] bridge0: port 3(syz_tun) entered blocking state [ 230.895582][ T9997] bridge0: port 3(syz_tun) entered disabled state [ 230.902263][ T9997] device syz_tun entered promiscuous mode [ 230.907842][ T9997] bridge0: port 3(syz_tun) entered blocking state [ 230.914247][ T9997] bridge0: port 3(syz_tun) entered forwarding state [ 230.944830][T10002] loop2: detected capacity change from 0 to 2048 [ 230.962138][T10002] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 230.970465][T10002] ext4 filesystem being mounted at /415/file0 supports timestamps until 2038 (0x7fffffff) [ 230.988129][ T5316] EXT4-fs (loop2): unmounting filesystem. [ 231.020949][ T2620] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 231.031114][ T5698] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 231.060970][ T314] usb 1-1: Using ep0 maxpacket: 32 [ 231.180970][ T314] usb 1-1: config 0 has an invalid interface number: 219 but max is 0 [ 231.188941][ T314] usb 1-1: config 0 has no interface number 0 [ 231.195092][ T314] usb 1-1: config 0 interface 219 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 231.205629][ T314] usb 1-1: config 0 interface 219 altsetting 0 has an invalid endpoint with address 0xDB, skipping [ 231.216165][ T314] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023 [ 231.226032][ T314] usb 1-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 231.271069][ T5698] usb 5-1: Using ep0 maxpacket: 16 [ 231.380922][ T2620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.391763][ T314] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 231.400679][ T5698] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 231.410895][ T2620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.417138][T10028] loop2: detected capacity change from 0 to 512 [ 231.420631][ T314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.434633][ T5698] usb 5-1: config 0 has no interfaces? [ 231.434887][T10028] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 231.439964][ T5698] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 231.451936][T10028] EXT4-fs (loop2): 1 truncate cleaned up [ 231.458468][ T2620] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 231.464486][T10028] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 231.472852][ T314] usb 1-1: Product: syz [ 231.485068][ T2620] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.493042][ T314] usb 1-1: Manufacturer: syz [ 231.497377][ T5698] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.497543][T10028] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 231.505246][ T314] usb 1-1: SerialNumber: syz [ 231.516423][ T2620] usb 2-1: config 0 descriptor?? [ 231.521855][ T5698] usb 5-1: config 0 descriptor?? [ 231.526824][T10028] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 231.533602][ T314] usb 1-1: config 0 descriptor?? [ 231.539784][ T5316] EXT4-fs (loop2): unmounting filesystem. [ 231.551013][ T9965] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 231.558074][ T9965] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 231.760055][T10052] loop2: detected capacity change from 0 to 40427 [ 231.768133][T10052] F2FS-fs (loop2): invalid crc value [ 231.779306][T10052] F2FS-fs (loop2): Found nat_bits in checkpoint [ 231.787757][ T6] usb 5-1: USB disconnect, device number 69 [ 231.808741][T10052] F2FS-fs (loop2): Start checkpoint disabled! [ 231.819347][T10052] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 231.819368][ T314] usb 1-1: USB disconnect, device number 66 [ 231.851028][ T329] kworker/u4:3: attempt to access beyond end of device [ 231.851028][ T329] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 231.942459][T10056] loop2: detected capacity change from 0 to 512 [ 231.950423][T10056] EXT4-fs (loop2): orphan cleanup on readonly fs [ 231.957243][T10056] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.4185: bg 0: block 248: padding at end of block bitmap is not set [ 231.971646][T10056] EXT4-fs error (device loop2): ext4_acquire_dquot:6764: comm syz.2.4185: Failed to acquire dquot type 1 [ 231.983323][T10056] EXT4-fs (loop2): 1 truncate cleaned up [ 231.989056][T10056] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 231.998427][ T2620] keytouch 0003:0926:3333.00D4: fixing up Keytouch IEC report descriptor [ 232.008190][ T2620] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.00D4/input/input116 [ 232.012434][T10056] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 232.031324][T10056] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 232.046790][ T5316] EXT4-fs (loop2): unmounting filesystem. [ 232.082953][ T2620] keytouch 0003:0926:3333.00D4: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 232.206706][ T316] usb 2-1: USB disconnect, device number 63 [ 232.330948][ T6] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 232.451029][ T2620] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 232.710976][ T6] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 232.724687][ T6] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 232.736122][ T6] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 232.745248][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.771010][T10062] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 232.810965][ T2620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.821751][ T2620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.831493][ T2620] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 232.851171][ T2620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.866903][T10094] loop0: detected capacity change from 0 to 2048 [ 232.873960][ T2620] usb 4-1: config 0 descriptor?? [ 232.879201][T10094] EXT4-fs: Ignoring removed bh option [ 232.886113][T10094] EXT4-fs: Ignoring removed nomblk_io_submit option [ 232.893181][T10094] EXT4-fs: Ignoring removed nobh option [ 232.900527][T10094] /dev/loop0: Can't open blockdev [ 232.958049][T10092] loop1: detected capacity change from 0 to 40427 [ 232.965931][T10096] input: syz1 as /devices/virtual/input/input118 [ 232.966610][T10092] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 232.978926][T10092] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 232.989390][T10092] F2FS-fs (loop1): invalid crc value [ 233.001043][ T6] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 233.012166][ T6] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input117 [ 233.021217][ T5698] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 233.021660][T10092] F2FS-fs (loop1): Found nat_bits in checkpoint [ 233.034017][ T6] usb 3-1: USB disconnect, device number 64 [ 233.050879][ C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 233.086866][T10092] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 233.094036][T10092] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 233.109065][T10092] syz.1.4201: attempt to access beyond end of device [ 233.109065][T10092] loop1: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 233.127474][ T772] syz-executor: attempt to access beyond end of device [ 233.127474][ T772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 233.322234][T10118] loop1: detected capacity change from 0 to 40427 [ 233.334429][T10118] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 233.341574][T10118] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 233.342296][ T2620] hid-thrustmaster 0003:044F:B65D.00D5: unbalanced collection at end of report description [ 233.350530][T10118] F2FS-fs (loop1): invalid crc value [ 233.359683][ T2620] hid-thrustmaster 0003:044F:B65D.00D5: parse failed with error -22 [ 233.366356][T10118] F2FS-fs (loop1): Found nat_bits in checkpoint [ 233.372492][ T2620] hid-thrustmaster: probe of 0003:044F:B65D.00D5 failed with error -22 [ 233.391710][ T5698] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.406656][ T5698] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.408486][T10118] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 233.416545][ T5698] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 233.416583][ T5698] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 233.416605][ T5698] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.423691][T10118] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 233.439621][ T5698] usb 5-1: config 0 descriptor?? [ 233.458146][T10118] syz.1.4212: attempt to access beyond end of device [ 233.458146][T10118] loop1: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 233.510917][ T313] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 233.573248][ T6] usb 4-1: USB disconnect, device number 64 [ 233.750911][ T313] usb 1-1: Using ep0 maxpacket: 8 [ 233.941712][ T5698] plantronics 0003:047F:FFFF.00D6: unknown main item tag 0x0 [ 233.949026][ T5698] plantronics 0003:047F:FFFF.00D6: unknown main item tag 0x0 [ 233.956551][ T5698] plantronics 0003:047F:FFFF.00D6: No inputs registered, leaving [ 233.965044][ T5698] plantronics 0003:047F:FFFF.00D6: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 234.020984][ T2620] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 234.070999][ T313] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d [ 234.079934][ T313] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.088230][ T313] usb 1-1: Product: syz [ 234.092451][ T313] usb 1-1: Manufacturer: syz [ 234.096873][ T313] usb 1-1: SerialNumber: syz [ 234.101907][ T313] usb 1-1: config 0 descriptor?? [ 234.151531][ T313] usb_ehset_test: probe of 1-1:0.0 failed with error -32 [ 234.221471][ T314] usb 5-1: USB disconnect, device number 70 [ 234.260973][ T2620] usb 3-1: Using ep0 maxpacket: 16 [ 234.350932][ T5698] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 234.360783][ T313] usb 1-1: USB disconnect, device number 67 [ 234.381054][ T2620] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 234.391915][ T2620] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.401870][ T2620] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 234.411055][ T2620] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.426194][ T2620] usb 3-1: config 0 descriptor?? [ 234.449710][T10155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4226'. [ 234.458603][T10155] device bridge_slave_1 left promiscuous mode [ 234.464892][T10155] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.472495][T10155] device bridge_slave_0 left promiscuous mode [ 234.478408][T10155] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.602514][T10157] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4227'. [ 234.711077][ T5698] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 234.719106][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 234.730168][ T5698] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 234.738869][T10161] syz.4.4229[10161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 234.741268][T10161] syz.4.4229[10161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 234.741360][ T5698] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 234.776540][ T5698] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 234.785363][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.793758][ T5698] usb 4-1: config 0 descriptor?? [ 234.811037][T10146] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 234.864969][T10164] netem: change failed [ 234.901761][ T2620] savu 0003:1E7D:2D5A.00D7: item fetching failed at offset 2/5 [ 234.909466][ T2620] savu 0003:1E7D:2D5A.00D7: parse failed [ 234.915533][ T2620] savu: probe of 0003:1E7D:2D5A.00D7 failed with error -22 [ 234.940978][ T314] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 235.105170][ T313] usb 3-1: USB disconnect, device number 65 [ 235.180969][ T314] usb 2-1: Using ep0 maxpacket: 16 [ 235.200953][ T2620] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 235.271611][ T5698] plantronics 0003:047F:FFFF.00D8: unknown main item tag 0xd [ 235.279570][ T5698] plantronics 0003:047F:FFFF.00D8: No inputs registered, leaving [ 235.288302][ T5698] plantronics 0003:047F:FFFF.00D8: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 235.301082][ T314] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 235.461128][ T314] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 235.470117][ T314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.478122][ T314] usb 2-1: Product: syz [ 235.482332][ T314] usb 2-1: Manufacturer: syz [ 235.486738][ T314] usb 2-1: SerialNumber: syz [ 235.492217][ T314] usb 2-1: config 0 descriptor?? [ 235.530972][ T5702] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 235.538869][ T314] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 235.546502][ T314] usb 2-1: Detected FT232R [ 235.571965][ T5698] usb 4-1: USB disconnect, device number 65 [ 235.710108][T10187] loop2: detected capacity change from 0 to 40427 [ 235.717941][T10187] F2FS-fs (loop2): invalid crc value [ 235.720961][ T2620] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 235.728523][T10187] F2FS-fs (loop2): Found nat_bits in checkpoint [ 235.732217][ T2620] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.746098][ T314] ftdi_sio ttyUSB0: Unable to read latency timer: -121 [ 235.752842][ T2620] usb 1-1: Product: syz [ 235.756870][ T2620] usb 1-1: Manufacturer: syz [ 235.761603][ T2620] usb 1-1: SerialNumber: syz [ 235.767051][ T2620] r8152-cfgselector 1-1: config 0 descriptor?? [ 235.768114][T10187] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 235.782765][ T5702] usb 5-1: Using ep0 maxpacket: 8 [ 235.794719][ T5316] syz-executor: attempt to access beyond end of device [ 235.794719][ T5316] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 235.892999][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 235.893015][ T28] audit: type=1400 audit(2000000294.561:612): avc: denied { bind } for pid=10192 comm="syz.2.4241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 235.902388][ T5702] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.930137][ T5702] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.939835][ T5702] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 235.954424][ T5702] usb 5-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 235.963348][ T5702] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.971251][ T314] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 235.978808][ T5702] usb 5-1: config 0 descriptor?? [ 235.990934][ T314] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 235.997634][ T314] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 236.006654][ T314] usb 2-1: USB disconnect, device number 64 [ 236.013006][ T314] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 236.022882][ T314] ftdi_sio 2-1:0.0: device disconnected [ 236.094206][T10202] xt_hashlimit: size too large, truncated to 1048576 [ 236.231773][T10175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.240100][T10175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.248717][T10175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.258601][T10175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.270945][ T2620] r8152-cfgselector 1-1: Unknown version 0x0000 [ 236.282337][ T2620] r8152-cfgselector 1-1: bad CDC descriptors [ 236.311000][ T2620] r8152-cfgselector 1-1: Unknown version 0x0000 [ 236.321485][ T5702] usbhid 5-1:0.0: can't add hid device: -71 [ 236.330961][ T5702] usbhid: probe of 5-1:0.0 failed with error -71 [ 236.337650][ T2620] r8152-cfgselector 1-1: USB disconnect, device number 68 [ 236.349101][ T5702] usb 5-1: USB disconnect, device number 71 [ 236.401987][T10225] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4255'. [ 236.462716][T10231] loop2: detected capacity change from 0 to 16 [ 236.479656][T10231] erofs: (device loop2): mounted with root inode @ nid 36. [ 236.492146][T10231] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 236.510962][T10231] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 236.530237][T10231] erofs: (device loop2): z_erofs_readahead: readahead error at page 31 @ nid 36 [ 236.539253][T10231] erofs: (device loop2): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 236.558289][T10231] erofs: (device loop2): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 236.578499][T10231] erofs: (device loop2): z_erofs_readahead: readahead error at page 19 @ nid 36 [ 236.598729][T10231] syz.2.4258: attempt to access beyond end of device [ 236.598729][T10231] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16 [ 236.630987][T10231] syz.2.4258: attempt to access beyond end of device [ 236.630987][T10231] loop2: rw=524288, sector=13478624032, nr_sectors = 72 limit=16 [ 236.679602][T10237] loop3: detected capacity change from 0 to 40427 [ 236.695957][T10237] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 236.711279][T10237] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 236.749226][T10237] F2FS-fs (loop3): Found nat_bits in checkpoint [ 236.752179][T10235] loop1: detected capacity change from 0 to 40427 [ 236.791252][T10235] F2FS-fs (loop1): Found nat_bits in checkpoint [ 236.840745][T10237] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 236.855472][T10237] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 236.872267][ T28] audit: type=1400 audit(2000000295.541:613): avc: denied { write } for pid=10263 comm="syz.4.4270" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 236.901048][T10235] F2FS-fs (loop1): Start checkpoint disabled! [ 236.925904][T10235] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 236.943744][T10271] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 237.033999][ T345] kworker/u4:4: attempt to access beyond end of device [ 237.033999][ T345] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 237.057137][T10285] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4282'. [ 237.146601][T10291] netlink: 'syz.0.4284': attribute type 4 has an invalid length. [ 237.183242][T10291] netlink: 'syz.0.4284': attribute type 4 has an invalid length. [ 237.284758][T10281] loop2: detected capacity change from 0 to 40427 [ 237.291913][T10281] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 237.298764][T10281] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 237.310369][T10281] F2FS-fs (loop2): invalid crc value [ 237.321933][T10281] F2FS-fs (loop2): Found nat_bits in checkpoint [ 237.326017][T10308] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 237.383407][T10281] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 237.390406][T10281] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 237.411732][T10281] syz.2.4280: attempt to access beyond end of device [ 237.411732][T10281] loop2: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 237.521621][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 237.610941][ T5702] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 237.650994][ T2620] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 237.772870][T10342] syz.3.4304[10342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.772946][T10342] syz.3.4304[10342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.794255][T10346] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4306'. [ 237.982825][ T5702] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.993960][ T5702] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.004845][ T5702] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 238.018049][ T5702] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 238.027052][ T5702] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.038146][ T5702] usb 1-1: config 0 descriptor?? [ 238.051512][ T2620] usb 2-1: unable to get BOS descriptor or descriptor too short [ 238.131054][ T2620] usb 2-1: config 174 has an invalid interface number: 178 but max is 0 [ 238.139349][ T2620] usb 2-1: config 174 has an invalid descriptor of length 0, skipping remainder of the config [ 238.149748][ T2620] usb 2-1: config 174 has no interface number 0 [ 238.155772][ T2620] usb 2-1: config 174 interface 178 has no altsetting 0 [ 238.321135][ T2620] usb 2-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice= 8.ae [ 238.330087][ T2620] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.337839][ T2620] usb 2-1: Product: syz [ 238.341859][ T2620] usb 2-1: Manufacturer: syz [ 238.346217][ T2620] usb 2-1: SerialNumber: syz [ 238.350944][ T316] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 238.521486][ T5702] logitech 0003:046D:C293.00D9: item fetching failed at offset 5/7 [ 238.529625][ T5702] logitech 0003:046D:C293.00D9: parse failed [ 238.535632][ T5702] logitech: probe of 0003:046D:C293.00D9 failed with error -22 [ 238.601097][ T316] usb 4-1: Using ep0 maxpacket: 16 [ 238.671225][ T2620] cdc_ether 2-1:174.178: skipping garbage [ 238.676918][ T2620] usb 2-1: bad CDC descriptors [ 238.683623][ T2620] usb 2-1: unsupported MDLM descriptors [ 238.689265][ T2620] cdc_acm 2-1:174.178: skipping garbage [ 238.697495][ T2620] usb 2-1: USB disconnect, device number 65 [ 238.722258][ T5702] usb 1-1: USB disconnect, device number 69 [ 238.731408][ T316] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.900986][ T316] usb 4-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 238.909928][ T316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.917715][ T316] usb 4-1: Product: syz [ 238.921685][ T316] usb 4-1: Manufacturer: syz [ 238.926075][ T316] usb 4-1: SerialNumber: syz [ 238.931669][ T316] usb 4-1: config 0 descriptor?? [ 239.411065][ T316] usb 4-1: Found UVC 0.00 device syz (045e:0721) [ 239.417533][ T316] usb 4-1: No valid video chain found. [ 239.422862][ T6] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 239.560935][ T2196] Bluetooth: hci0: command 0x1003 tx timeout [ 239.560980][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 239.580936][ T316] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 239.612737][ T313] usb 4-1: USB disconnect, device number 66 [ 239.644489][T10412] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 239.692290][ T28] audit: type=1400 audit(2000000298.361:614): avc: denied { map } for pid=10415 comm="syz.4.4338" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 239.716675][ T28] audit: type=1400 audit(2000000298.361:615): avc: denied { execute } for pid=10415 comm="syz.4.4338" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 239.821023][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.831783][ T316] usb 1-1: Using ep0 maxpacket: 32 [ 239.836672][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.846314][ T6] usb 2-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 239.855383][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.860938][ T5702] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 239.871181][ T6] usb 2-1: config 0 descriptor?? [ 239.884141][T10422] syz.4.4341[10422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 239.884191][T10422] syz.4.4341[10422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 240.110971][ T5702] usb 3-1: Using ep0 maxpacket: 16 [ 240.130824][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.136508][ T316] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 240.138483][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.147031][ T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.154497][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.162348][ T316] usb 1-1: Product: syz [ 240.169637][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.173942][ T316] usb 1-1: Manufacturer: syz [ 240.181103][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.185190][ T316] usb 1-1: SerialNumber: syz [ 240.192589][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.197450][ T316] usb 1-1: config 0 descriptor?? [ 240.204190][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.215958][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.223154][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.230386][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.237619][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.240915][ T313] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 240.245240][ T5702] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.263285][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.270463][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.277915][ T5702] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.287526][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.294697][ T5702] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 240.307376][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.314622][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.321821][ T5702] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 240.330631][ T5702] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.338490][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.342022][ T6] pantherlord 0003:0F30:0111.00DB: item fetching failed at offset 6/7 [ 240.345706][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.354403][ T6] pantherlord 0003:0F30:0111.00DB: parse failed [ 240.361381][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.367547][ T6] pantherlord: probe of 0003:0F30:0111.00DB failed with error -22 [ 240.374476][ T5702] usb 3-1: config 0 descriptor?? [ 240.386779][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.393974][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.401319][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.408432][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.415741][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.423327][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.430518][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.437758][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.445056][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.452277][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.459464][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.466705][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.473893][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.481087][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.488275][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.495507][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.502702][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.509875][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.517106][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.524313][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.531519][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.538699][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.546137][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.553306][ T5698] hid-generic 0000:0000:0000.00DA: unknown main item tag 0x0 [ 240.561837][ T5698] hid-generic 0000:0000:0000.00DA: hidraw0: HID v0.00 Device [syz0] on syz0 [ 240.588886][ T5698] usb 2-1: USB disconnect, device number 66 [ 240.598333][ T329] Bluetooth: hci0: Frame reassembly failed (-84) [ 240.620998][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 240.632370][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 240.643403][ T313] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 240.656270][ T313] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 240.666113][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.674631][ T313] usb 5-1: config 0 descriptor?? [ 240.691012][T10428] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 240.861657][ T5702] koneplus 0003:1E7D:2E22.00DC: unknown main item tag 0x0 [ 240.869166][ T5702] koneplus 0003:1E7D:2E22.00DC: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input0 [ 240.882327][ T316] rtl8150 1-1:0.0: eth1: rtl8150 is detected [ 241.121935][ T5702] usb 1-1: USB disconnect, device number 70 [ 241.141792][ T313] plantronics 0003:047F:FFFF.00DD: unknown main item tag 0xd [ 241.150204][ T313] plantronics 0003:047F:FFFF.00DD: No inputs registered, leaving [ 241.169364][ T313] plantronics 0003:047F:FFFF.00DD: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 241.293678][ T2620] usb 3-1: USB disconnect, device number 66 [ 241.411883][ T5702] usb 5-1: USB disconnect, device number 72 [ 241.930074][T10501] loop1: detected capacity change from 0 to 256 [ 241.946544][T10501] FAT-fs (loop1): bogus number of FAT sectors [ 241.952484][T10501] FAT-fs (loop1): Can't find a valid FAT filesystem [ 242.110885][ T313] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 242.200991][ T6] usb 3-1: new full-speed USB device number 67 using dummy_hcd [ 242.337363][ T28] audit: type=1400 audit(2000000301.001:616): avc: denied { write } for pid=10515 comm="syz.4.4371" name="usbmon2" dev="devtmpfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 242.361103][ T313] usb 1-1: Using ep0 maxpacket: 16 [ 242.440945][ T5702] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 242.600902][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 242.601060][ T2196] Bluetooth: hci0: command 0x1003 tx timeout [ 242.621994][ T28] audit: type=1400 audit(2000000301.291:617): avc: denied { getopt } for pid=10520 comm="syz.3.4372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 242.648359][ T28] audit: type=1400 audit(2000000301.311:618): avc: denied { setattr } for pid=10522 comm="syz.3.4373" name="AF_VSOCK" dev="sockfs" ino=63074 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 242.671272][ T6] usb 3-1: unable to get BOS descriptor or descriptor too short [ 242.681076][ T313] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 242.690158][ T313] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.698320][ T313] usb 1-1: Product: syz [ 242.702336][ T313] usb 1-1: Manufacturer: syz [ 242.706717][ T313] usb 1-1: SerialNumber: syz [ 242.711236][ T6] usb 3-1: not running at top speed; connect to a high speed hub [ 242.719146][ T313] usb 1-1: config 0 descriptor?? [ 242.772101][ T313] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 242.779686][ T313] usb 1-1: Detected FT232H [ 242.820947][ T6] usb 3-1: config 1 has an invalid interface number: 3 but max is 2 [ 242.820964][ T5702] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 242.820999][ T6] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.828778][ T5702] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.856438][ T5702] usb 2-1: config 0 descriptor?? [ 242.856673][ T6] usb 3-1: config 1 has no interface number 1 [ 242.867237][ T6] usb 3-1: too many endpoints for config 1 interface 3 altsetting 8: 142, using maximum allowed: 30 [ 242.878004][ T6] usb 3-1: config 1 interface 3 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 142 [ 242.879867][T10529] loop3: detected capacity change from 0 to 40427 [ 242.891073][ T6] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 242.907496][T10529] F2FS-fs (loop3): Found nat_bits in checkpoint [ 242.907971][ T6] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 1023 [ 242.924997][ T6] usb 3-1: config 1 interface 3 has no altsetting 0 [ 242.938925][T10529] F2FS-fs (loop3): Start checkpoint disabled! [ 242.945607][T10529] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 242.994040][ T8] kworker/u4:0: attempt to access beyond end of device [ 242.994040][ T8] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 243.131013][ T6] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 243.140036][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.147994][ T6] usb 3-1: Product: syz [ 243.151995][ T6] usb 3-1: Manufacturer: syz [ 243.156363][ T6] usb 3-1: SerialNumber: syz [ 243.200972][ T313] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 243.231034][ T313] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 243.237930][ T313] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 243.246966][ T313] usb 1-1: USB disconnect, device number 71 [ 243.253421][ T313] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 243.262720][ T313] ftdi_sio 1-1:0.0: device disconnected [ 243.402307][ T28] audit: type=1400 audit(2000000302.071:619): avc: denied { create } for pid=10502 comm="syz.2.4365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 243.711049][ T6] usb 3-1: 2:1 : no UAC_FORMAT_TYPE desc [ 243.773708][ T6] usb 3-1: USB disconnect, device number 67 [ 243.981018][ T5702] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 243.992051][ T430] udevd[430]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 244.081162][T10560] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4388'. [ 244.107249][T10541] loop3: detected capacity change from 0 to 40427 [ 244.126947][T10541] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 244.127329][T10564] loop2: detected capacity change from 0 to 512 [ 244.133956][T10541] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 244.154199][T10541] F2FS-fs (loop3): invalid crc value [ 244.155248][T10564] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 244.160520][T10541] F2FS-fs (loop3): Found nat_bits in checkpoint [ 244.168128][T10564] ext4 filesystem being mounted at /468/file0 supports timestamps until 2038 (0x7fffffff) [ 244.191859][ T5702] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 244.201925][ T5702] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 244.212480][ T5702] asix: probe of 2-1:0.0 failed with error -71 [ 244.217486][ T28] audit: type=1400 audit(2000000302.881:620): avc: denied { mounton } for pid=10563 comm="syz.2.4391" path="/468/file0/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 244.232726][ T5702] usb 2-1: USB disconnect, device number 67 [ 244.247157][T10541] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 244.254293][T10541] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 244.256068][T10564] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 244.281643][T10541] syz.3.4380: attempt to access beyond end of device [ 244.281643][T10541] loop3: rw=2049, sector=40960, nr_sectors = 48 limit=40427 [ 244.295766][ T5316] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1) [ 244.310033][ T5316] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 244.319512][ T5316] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor: mark_inode_dirty error [ 244.339069][T10035] EXT4-fs (loop2): unmounting filesystem. [ 244.344921][T10035] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 244.354620][T10035] EXT4-fs error (device loop2): ext4_quota_off:7053: inode #4: comm syz.2.4176: mark_inode_dirty error [ 244.375469][T10035] bridge0: port 3(syz_tun) entered disabled state [ 244.382902][T10035] device syz_tun left promiscuous mode [ 244.388279][T10035] bridge0: port 3(syz_tun) entered disabled state [ 244.413173][ T6] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 244.443566][ T8] tipc: Disabling bearer [ 244.450975][ T8] tipc: Left network mode [ 244.607683][T10586] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.614782][T10586] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.622704][T10586] device bridge_slave_0 entered promiscuous mode [ 244.631297][T10586] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.638212][T10586] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.645523][T10586] device bridge_slave_1 entered promiscuous mode [ 244.722857][T10586] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.729746][T10586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.736889][T10586] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.743763][T10586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.777940][T10606] loop1: detected capacity change from 0 to 256 [ 244.779032][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.794445][ T6] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 244.806182][T10606] syz.1.4406: attempt to access beyond end of device [ 244.806182][T10606] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 244.806466][ T6] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 244.820824][T10606] syz.1.4406: attempt to access beyond end of device [ 244.820824][T10606] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 244.831270][ T6] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 244.851422][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.858572][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.871102][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.878054][T10610] loop1: detected capacity change from 0 to 512 [ 244.891972][ T5702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.900297][ T5702] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.902178][T10610] EXT4-fs (loop1): 1 orphan inode deleted [ 244.907212][ T5702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.913098][ T43] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 244.920829][ T5702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.929592][ T43] EXT4-fs error (device loop1): ext4_release_dquot:6787: comm kworker/u4:2: Failed to release dquot type 1 [ 244.937780][ T5702] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.955155][ T5702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.962450][ T5698] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 244.962486][T10610] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 244.978809][T10610] ext4 filesystem being mounted at /805/file1 supports timestamps until 2038 (0x7fffffff) [ 245.000030][ T772] EXT4-fs (loop1): unmounting filesystem. [ 245.015493][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 245.025448][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.033619][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.046133][T10586] device veth0_vlan entered promiscuous mode [ 245.057256][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 245.070618][T10586] device veth1_macvtap entered promiscuous mode [ 245.077859][ T5702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 245.086107][ T5702] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 245.093787][ T5702] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 245.102132][ T8] device bridge_slave_1 left promiscuous mode [ 245.108163][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.115836][ T8] device bridge_slave_0 left promiscuous mode [ 245.121980][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.129583][ T8] device veth0_vlan left promiscuous mode [ 245.200166][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 245.208500][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 245.226541][T10620] can0: slcan on ptm0. [ 245.237632][ T28] audit: type=1400 audit(2000000303.901:621): avc: denied { setattr } for pid=10621 comm="syz.2.4398" name="file0" dev="incremental-fs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 245.320977][ T5698] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 245.332112][ T5698] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 245.343844][ T5698] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 245.352876][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.380994][T10598] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 245.403139][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): can0: link becomes ready [ 245.410981][ T6] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 245.418711][ T6] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input121 [ 245.440223][ T6] input: failed to attach handler kbd to device input121, error: -5 [ 245.463946][ T6] usb 1-1: USB disconnect, device number 72 [ 245.621007][ T5698] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 245.628319][ T5698] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input122 [ 245.638767][ T5698] usb 4-1: USB disconnect, device number 67 [ 245.740936][ T313] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 246.000972][ T313] usb 5-1: Using ep0 maxpacket: 16 [ 246.041643][T10619] can0 (unregistered): slcan off ptm0. [ 246.200944][ T6] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 246.310962][ T313] usb 5-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=9c.25 [ 246.324945][ T313] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.333083][ T313] usb 5-1: Product: syz [ 246.337096][ T313] usb 5-1: Manufacturer: syz [ 246.341521][ T313] usb 5-1: SerialNumber: syz [ 246.354084][ T313] usb 5-1: config 0 descriptor?? [ 246.411002][ T19] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 246.591033][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.631071][ T313] usb 5-1: Found UVC 0.00 device syz (045e:0721) [ 246.637351][ T313] usb 5-1: No valid video chain found. [ 246.644694][ T313] usb 5-1: USB disconnect, device number 73 [ 246.681428][ T316] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 246.701043][ T2620] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 246.761011][ T6] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 246.769941][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.777817][ T6] usb 1-1: Product: syz [ 246.781844][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 246.792809][ T6] usb 1-1: Manufacturer: syz [ 246.797201][ T6] usb 1-1: SerialNumber: syz [ 246.801825][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 246.813084][ T19] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 246.826124][ T19] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 246.835006][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.843580][ T19] usb 3-1: config 0 descriptor?? [ 246.860967][T10682] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 246.931035][ T316] usb 2-1: Using ep0 maxpacket: 32 [ 247.060994][ T316] usb 2-1: config 0 has no interfaces? [ 247.060998][ T2620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.061024][ T2620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.086550][ T2620] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 247.101615][ T2620] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 247.110482][ T2620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.119109][ T2620] usb 4-1: config 0 descriptor?? [ 247.241825][ T316] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 247.250728][ T316] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.258662][ T316] usb 2-1: Product: syz [ 247.262649][ T316] usb 2-1: Manufacturer: syz [ 247.267015][ T316] usb 2-1: SerialNumber: syz [ 247.272632][ T316] usb 2-1: config 0 descriptor?? [ 247.301825][ T19] plantronics 0003:047F:FFFF.00DE: unknown main item tag 0xd [ 247.309785][ T19] plantronics 0003:047F:FFFF.00DE: No inputs registered, leaving [ 247.325780][ T19] plantronics 0003:047F:FFFF.00DE: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 247.520732][ T19] usb 2-1: USB disconnect, device number 68 [ 247.530026][T10725] serio: Serial port pts0 [ 247.571827][ T5698] usb 3-1: USB disconnect, device number 68 [ 247.601587][ T2620] plantronics 0003:047F:FFFF.00DF: unknown main item tag 0x0 [ 247.608835][ T2620] plantronics 0003:047F:FFFF.00DF: unknown main item tag 0x0 [ 247.616253][ T2620] plantronics 0003:047F:FFFF.00DF: No inputs registered, leaving [ 247.625123][ T2620] plantronics 0003:047F:FFFF.00DF: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 247.871807][ T5698] usb 4-1: USB disconnect, device number 68 [ 247.950999][ T6] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 247.957361][ T6] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 247.964677][ T6] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 248.161016][ T6] cdc_ncm 1-1:1.0: setting tx_max = 184 [ 248.167626][ T6] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 248.179717][ T6] usb 1-1: USB disconnect, device number 73 [ 248.186566][ T6] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 248.290942][ T2620] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 248.371022][ T19] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 248.379127][T10764] overlayfs: failed to resolve './file0': -2 [ 248.530972][ T2620] usb 2-1: Using ep0 maxpacket: 16 [ 248.650940][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 248.651065][ T2620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.666828][ T2620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.676575][ T2620] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 248.689868][ T2620] usb 2-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00 [ 248.698908][ T2620] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.707589][ T2620] usb 2-1: config 0 descriptor?? [ 248.710934][ T313] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 248.960903][ T313] usb 5-1: Using ep0 maxpacket: 32 [ 249.570961][ T313] usb 5-1: device descriptor read/all, error -71 [ 250.051014][ T19] usb 3-1: string descriptor 0 read error: -71 [ 250.057070][ T19] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 250.066514][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.076055][ T19] usb 3-1: config 0 descriptor?? [ 250.101037][ T19] usb 3-1: can't set config #0, error -71 [ 250.108260][T10798] 9pnet: p9_errstr2errno: server reported unknown error ť@íÎhQI¸ĄŠ [ 250.108812][ T19] usb 3-1: USB disconnect, device number 69 [ 250.370748][T10814] loop3: detected capacity change from 0 to 2048 [ 250.383563][T10814] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 250.401022][ T316] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 250.413008][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 250.481908][T10828] loop3: detected capacity change from 0 to 512 [ 250.489794][T10828] EXT4-fs (loop3): orphan cleanup on readonly fs [ 250.496419][T10828] EXT4-fs warning (device loop3): ext4_enable_quotas:6999: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 250.511071][T10828] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 250.517751][T10828] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz.3.4469: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 250.536326][T10828] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.4469: couldn't read orphan inode 13 (err -117) [ 250.552857][T10828] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 250.567582][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 250.781020][ T316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.791885][ T316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.801424][ T316] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 250.810249][ T316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.818642][ T316] usb 1-1: config 0 descriptor?? [ 250.820889][ T5698] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 250.940921][ T314] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 251.083228][T10846] SELinux: policydb version -570608695 does not match my version range 15-33 [ 251.092435][T10846] SELinux: failed to load policy [ 251.129512][T10852] syz.1.4479[10852] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.129559][T10852] syz.1.4479[10852] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.140952][ T2620] usbhid 2-1:0.0: can't add hid device: -71 [ 251.158278][ T2620] usbhid: probe of 2-1:0.0 failed with error -71 [ 251.165610][ T2620] usb 2-1: USB disconnect, device number 69 [ 251.231005][ T5698] usb 3-1: unable to get BOS descriptor or descriptor too short [ 251.311007][ T5698] usb 3-1: config 174 has an invalid interface number: 178 but max is 0 [ 251.319261][ T5698] usb 3-1: config 174 has an invalid descriptor of length 0, skipping remainder of the config [ 251.329435][ T314] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.332031][ T316] lg-g15 0003:046D:C222.00E0: unknown main item tag 0x0 [ 251.340294][ T5698] usb 3-1: config 174 has no interface number 0 [ 251.348325][ T316] lg-g15 0003:046D:C222.00E0: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.0-1/input0 [ 251.353123][ T314] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 251.353163][ T314] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 251.382640][ T5698] usb 3-1: config 174 interface 178 has no altsetting 0 [ 251.389368][ T314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.397744][ T314] usb 5-1: config 0 descriptor?? [ 251.540987][ T5698] usb 3-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice= 8.ae [ 251.549911][ T5698] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.557752][ T5698] usb 3-1: Product: syz [ 251.561829][ T5698] usb 3-1: Manufacturer: syz [ 251.566237][ T5698] usb 3-1: SerialNumber: syz [ 251.571302][ T5702] usb 1-1: USB disconnect, device number 74 [ 251.630994][ T2620] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 251.881728][ T314] samsung 0003:0419:0600.00E1: item fetching failed at offset 4/5 [ 251.889512][ T314] samsung 0003:0419:0600.00E1: parse failed [ 251.895661][ T5698] cdc_ether 3-1:174.178: skipping garbage [ 251.901241][ T5698] usb 3-1: bad CDC descriptors [ 251.905960][ T5698] usb 3-1: unsupported MDLM descriptors [ 251.911703][ T314] samsung: probe of 0003:0419:0600.00E1 failed with error -22 [ 251.920603][ T5698] cdc_acm 3-1:174.178: skipping garbage [ 251.927366][ T5698] usb 3-1: USB disconnect, device number 70 [ 251.990965][ T2620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.001748][ T2620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 252.011214][ T2620] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 252.023951][ T2620] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 252.032839][ T2620] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.041352][ T2620] usb 2-1: config 0 descriptor?? [ 252.086049][ T6] usb 5-1: USB disconnect, device number 76 [ 252.521802][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0xe [ 252.529096][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x7 [ 252.536255][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.543478][ T5698] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 252.551011][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.558213][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.565517][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.572756][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.579914][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.587311][ T2620] plantronics 0003:047F:FFFF.00E2: unknown main item tag 0x0 [ 252.594855][ T2620] plantronics 0003:047F:FFFF.00E2: No inputs registered, leaving [ 252.606498][ T2620] plantronics 0003:047F:FFFF.00E2: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 252.621570][ T314] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 252.791805][ T2620] usb 2-1: USB disconnect, device number 70 [ 252.900979][ T5698] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 252.911996][ T5698] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 252.921656][ T5698] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 252.930490][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.992319][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.004064][ T314] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.013685][ T314] usb 3-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 253.022578][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.033306][ T314] usb 3-1: config 0 descriptor?? [ 253.401004][ T5698] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 253.408259][ T5698] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input124 [ 253.417454][ T5698] input: failed to attach handler kbd to device input124, error: -5 [ 253.426773][ T5698] usb 4-1: USB disconnect, device number 69 [ 253.512126][ T314] uclogic 0003:5543:0042.00E3: No inputs registered, leaving [ 253.519836][ T314] uclogic 0003:5543:0042.00E3: hidraw0: USB HID v0.00 Device [HID 5543:0042] on usb-dummy_hcd.2-1/input0 [ 253.581020][ T5702] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 253.631005][ T476] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 253.714412][ T6] usb 3-1: USB disconnect, device number 71 [ 253.750955][ T2620] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 253.830978][ T5702] usb 2-1: Using ep0 maxpacket: 16 [ 253.961045][ T5702] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.972395][ T5702] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.982220][ T5702] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 253.991440][ T5702] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.001020][ T476] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.011848][ T2620] usb 5-1: Using ep0 maxpacket: 16 [ 254.017199][ T5702] usb 2-1: config 0 descriptor?? [ 254.131018][ T2620] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.141854][ T2620] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 254.142073][T10926] loop3: detected capacity change from 0 to 40427 [ 254.151967][ T2620] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 254.166571][T10926] F2FS-fs (loop3): invalid crc value [ 254.167595][ T2620] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 254.173630][T10926] F2FS-fs (loop3): Found nat_bits in checkpoint [ 254.182528][ T2620] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 254.202281][ T476] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 254.211989][ T476] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.217871][T10926] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 254.220003][ T476] usb 1-1: Product: syz [ 254.231800][ T476] usb 1-1: Manufacturer: syz [ 254.236356][ T476] usb 1-1: SerialNumber: syz [ 254.257595][ T7174] syz-executor: attempt to access beyond end of device [ 254.257595][ T7174] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 254.300997][ T2620] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 254.315182][ T2620] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 254.323379][ T2620] usb 5-1: SerialNumber: syz [ 254.341141][T10911] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 254.361451][ T2620] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 254.369871][ T2620] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 254.440818][T10941] loop2: detected capacity change from 0 to 16 [ 254.447505][T10941] erofs: (device loop2): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 66300) [ 254.513150][ T5702] input: HID 28bd:0935 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0935.00E4/input/input126 [ 254.526994][ T5702] uclogic 0003:28BD:0935.00E4: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.1-1/input0 [ 254.579582][T10951] input: syz1 as /devices/virtual/input/input127 [ 254.595889][ T6] usb 5-1: USB disconnect, device number 77 [ 254.715144][ T5702] usb 2-1: USB disconnect, device number 71 [ 254.730972][ T316] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 254.910931][ T2620] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 255.090993][ T316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.101746][ T316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.111343][ T316] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 255.126234][ T316] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 255.135518][ T316] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.144074][ T316] usb 4-1: config 0 descriptor?? [ 255.171042][ T2620] usb 3-1: Using ep0 maxpacket: 8 [ 255.241100][ T28] audit: type=1400 audit(2000000313.911:622): avc: denied { ioctl } for pid=10962 comm="syz.1.4526" path="socket:[65057]" dev="sockfs" ino=65057 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 255.241220][T10963] device lo entered promiscuous mode [ 255.277077][T10962] device lo left promiscuous mode [ 255.381040][ T476] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 255.387309][ T476] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 255.394767][ T476] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 255.481091][ T2620] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55 [ 255.490140][ T2620] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.497947][ T2620] usb 3-1: Product: syz [ 255.501899][ T2620] usb 3-1: Manufacturer: syz [ 255.506289][ T2620] usb 3-1: SerialNumber: syz [ 255.511271][ T2620] usb 3-1: config 0 descriptor?? [ 255.601174][ T476] cdc_ncm 1-1:1.0: setting tx_max = 72 [ 255.607637][ T476] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 255.622244][ T316] plantronics 0003:047F:FFFF.00E5: unknown main item tag 0x0 [ 255.624199][ T476] usb 1-1: USB disconnect, device number 75 [ 255.636021][ T316] plantronics 0003:047F:FFFF.00E5: No inputs registered, leaving [ 255.636472][ T476] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 255.645972][ T316] plantronics 0003:047F:FFFF.00E5: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 255.768932][ T28] audit: type=1400 audit(2000000314.431:623): avc: denied { create } for pid=10954 comm="syz.2.4523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 255.788921][ T2620] usb 3-1: USB disconnect, device number 72 [ 256.012365][ T28] audit: type=1326 audit(2000000314.681:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11001 comm="syz.4.4530" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c03b7dff9 code=0x0 [ 256.204563][T11009] loop1: detected capacity change from 0 to 16 [ 256.211375][T11009] erofs: (device loop1): mounted with root inode @ nid 36. [ 256.223381][ T28] audit: type=1400 audit(2000000314.891:625): avc: denied { write } for pid=11008 comm="syz.1.4533" name="file0" dev="overlay" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 256.246014][ T28] audit: type=1400 audit(2000000314.891:626): avc: denied { remove_name } for pid=11008 comm="syz.1.4533" name="file0" dev="overlay" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 256.268765][ T28] audit: type=1400 audit(2000000314.891:627): avc: denied { rename } for pid=11008 comm="syz.1.4533" name="file0" dev="overlay" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 256.291061][ T28] audit: type=1400 audit(2000000314.891:628): avc: denied { create } for pid=11008 comm="syz.1.4533" name="#1b" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 256.314453][ T28] audit: type=1400 audit(2000000314.891:629): avc: denied { associate } for pid=11008 comm="syz.1.4533" name="#1b" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 256.338832][ T28] audit: type=1400 audit(2000000314.891:630): avc: denied { setattr } for pid=11008 comm="syz.1.4533" name="#1b" dev="tmpfs" ino=4361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 256.339605][T11013] loop1: detected capacity change from 0 to 16 [ 256.361224][ T28] audit: type=1400 audit(2000000314.891:631): avc: denied { rename } for pid=11008 comm="syz.1.4533" name="#1b" dev="tmpfs" ino=4361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 256.390066][T11013] erofs: (device loop1): mounted with root inode @ nid 36. [ 256.397249][ T316] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 256.429370][T11017] cgroup: fork rejected by pids controller in /syz1 [ 256.482948][T11028] syz.2.4541[11028] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.483024][T11028] syz.2.4541[11028] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.510067][T11030] loop2: detected capacity change from 0 to 1024 [ 256.531570][ T43] tipc: Disabling bearer [ 256.536819][ T43] tipc: Disabling bearer [ 256.547585][ T43] tipc: Left network mode [ 256.557714][T11030] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 256.620526][T10586] EXT4-fs (loop2): unmounting filesystem. [ 256.663931][T11035] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.670945][T11035] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.678084][T11035] device bridge_slave_0 entered promiscuous mode [ 256.685401][T11035] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.692466][T11035] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.700085][T11035] device bridge_slave_1 entered promiscuous mode [ 256.712369][T11043] 9pnet: p9_errstr2errno: server reported unknown error ść [ 256.771021][ T316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.771117][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 256.788867][ T316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.789469][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 256.798822][ T316] usb 1-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 256.814724][ T316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.823742][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 256.826730][ T316] usb 1-1: config 0 descriptor?? [ 256.832633][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.845376][ T2620] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.852252][ T2620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.859580][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 256.867877][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 256.876171][ T2620] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.883034][ T2620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.890245][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 256.909120][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.917371][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 256.925126][ T2620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 256.938028][T11035] device veth0_vlan entered promiscuous mode [ 256.944799][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 256.953394][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 256.960540][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 256.973398][T11035] device veth1_macvtap entered promiscuous mode [ 256.980021][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 256.992214][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 256.997081][T11053] input: syz1 as /devices/virtual/input/input128 [ 257.031701][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 257.131826][T11073] loop2: detected capacity change from 0 to 2048 [ 257.138298][T11073] EXT4-fs: Ignoring removed orlov option [ 257.155837][T11073] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 257.178288][T10586] EXT4-fs (loop2): unmounting filesystem. [ 257.242154][ T43] device veth0_vlan left promiscuous mode [ 257.310946][ T313] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 257.321796][ T316] pantherlord 0003:0F30:0111.00E6: item fetching failed at offset 6/7 [ 257.330058][ T316] pantherlord 0003:0F30:0111.00E6: parse failed [ 257.340184][ T316] pantherlord: probe of 0003:0F30:0111.00E6 failed with error -22 [ 257.367494][T11092] loop2: detected capacity change from 0 to 2048 [ 257.383530][T11092] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 257.456686][T11092] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.4564: bg 0: block 234: padding at end of block bitmap is not set [ 257.472486][T11092] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 257.477322][T11102] syz.3.4567[11102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.485502][T11102] syz.3.4567[11102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.486318][T11092] EXT4-fs (loop2): This should not happen!! Data will be lost [ 257.486318][T11092] [ 257.518285][T11092] EXT4-fs (loop2): Total free blocks count 0 [ 257.524410][T11092] EXT4-fs (loop2): Free/Dirty block details [ 257.530121][T11092] EXT4-fs (loop2): free_blocks=0 [ 257.535156][T11092] EXT4-fs (loop2): dirty_blocks=2960 [ 257.540273][T11092] EXT4-fs (loop2): Block reservation details [ 257.546764][T11092] EXT4-fs (loop2): i_reserved_data_blocks=185 [ 257.560900][ T313] usb 5-1: Using ep0 maxpacket: 8 [ 257.575653][ T8] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 894 with error 28 [ 257.579537][ T316] usb 1-1: USB disconnect, device number 76 [ 257.681080][ T313] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 257.691277][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 257.700745][ T313] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 257.751331][ T2620] usb 4-1: USB disconnect, device number 70 [ 257.871042][ T313] usb 5-1: New USB device found, idVendor=0582, idProduct=00f0, bcdDevice=c7.3d [ 257.879968][ T313] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.887778][ T313] usb 5-1: Product: syz [ 257.891754][ T313] usb 5-1: Manufacturer: syz [ 257.896125][ T313] usb 5-1: SerialNumber: syz [ 257.901026][ T19] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 257.909177][ T313] usb 5-1: config 0 descriptor?? [ 257.980961][ T294] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 257.982370][T11143] loop3: detected capacity change from 0 to 2048 [ 258.002636][T11143] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 258.067585][T11143] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.4585: bg 0: block 234: padding at end of block bitmap is not set [ 258.081906][T11143] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 258.094229][T11143] EXT4-fs (loop3): This should not happen!! Data will be lost [ 258.094229][T11143] [ 258.103620][T11143] EXT4-fs (loop3): Total free blocks count 0 [ 258.109388][T11143] EXT4-fs (loop3): Free/Dirty block details [ 258.115547][T11143] EXT4-fs (loop3): free_blocks=0 [ 258.120310][T11143] EXT4-fs (loop3): dirty_blocks=4784 [ 258.125657][T11143] EXT4-fs (loop3): Block reservation details [ 258.131474][T11143] EXT4-fs (loop3): i_reserved_data_blocks=299 [ 258.155114][ T8] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 258.221013][ T294] usb 3-1: Using ep0 maxpacket: 16 [ 258.233168][ T313] usb 5-1: USB disconnect, device number 78 [ 258.238648][ T430] udevd[430]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 258.260958][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.271983][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.282506][ T19] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 258.291872][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.300796][ T19] usb 2-1: config 0 descriptor?? [ 258.351005][ T294] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.362165][ T294] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.371843][ T294] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 258.380925][ T294] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.392174][ T294] usb 3-1: config 0 descriptor?? [ 258.590929][ T2620] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 258.781616][ T19] sony 0003:054C:0268.00E7: unknown main item tag 0x0 [ 258.788283][ T19] sony 0003:054C:0268.00E7: item fetching failed at offset 1/5 [ 258.795971][ T19] sony 0003:054C:0268.00E7: parse failed [ 258.801642][ T19] sony: probe of 0003:054C:0268.00E7 failed with error -22 [ 258.872771][ T294] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.00E8/input/input129 [ 258.901103][ T476] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 258.951924][ T294] appleir 0003:05AC:8241.00E8: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0 [ 258.970990][ T2620] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 258.987238][ T2620] usb 4-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 259.000395][ T2620] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 259.009664][ T2620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.019118][ T314] usb 2-1: USB disconnect, device number 72 [ 259.281058][ T476] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.291820][ T476] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.301373][ T2620] usb 4-1: string descriptor 0 read error: -71 [ 259.307646][ T2620] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 259.316582][ T5702] usb 5-1: new full-speed USB device number 79 using dummy_hcd [ 259.324199][ T476] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 259.333119][ T476] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.343894][ T2620] usb 4-1: USB disconnect, device number 71 [ 259.351205][ T476] usb 1-1: config 0 descriptor?? [ 259.661853][ T2620] usb 3-1: USB disconnect, device number 73 [ 259.721017][ T5702] usb 5-1: config 1 interface 0 has no altsetting 0 [ 259.825185][ T476] input: HID 054c:03d5 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:03D5.00E9/input/input131 [ 259.851806][ T476] sony 0003:054C:03D5.00E9: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.0-1/input0 [ 259.900959][ T5702] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 259.909870][ T5702] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.917697][ T5702] usb 5-1: Product: syz [ 259.921654][ T5702] usb 5-1: Manufacturer: syz [ 259.926079][ T5702] usb 5-1: SerialNumber: syz [ 260.030350][ T294] usb 1-1: USB disconnect, device number 77 [ 260.213996][T11212] loop2: detected capacity change from 0 to 256 [ 260.280891][ T313] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 260.500894][ T6] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 260.520953][ T313] usb 4-1: Using ep0 maxpacket: 8 [ 260.592502][T11225] loop1: detected capacity change from 0 to 256 [ 260.616222][T11229] loop1: detected capacity change from 0 to 1024 [ 260.623014][T11229] EXT4-fs: Ignoring removed orlov option [ 260.628583][T11229] EXT4-fs: Ignoring removed nomblk_io_submit option [ 260.635691][ T5702] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 79 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 260.641097][ T313] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 260.651526][T11229] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 260.662967][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.676242][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.685965][ T313] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 260.699480][ T313] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 260.708557][ T313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.717309][ T313] usb 4-1: config 0 descriptor?? [ 260.727386][T11035] EXT4-fs (loop1): unmounting filesystem. [ 260.740922][ T6] usb 3-1: Using ep0 maxpacket: 8 [ 260.769697][T11242] syz.0.4626[11242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 260.769742][T11242] syz.0.4626[11242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 260.838135][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 260.838153][ T28] audit: type=1400 audit(2000000319.501:642): avc: denied { ioctl } for pid=11189 comm="syz.4.4604" path="/dev/usb/lp0" dev="devtmpfs" ino=2134 ioctlcmd=0xae46 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 260.881765][ T5698] usb 5-1: USB disconnect, device number 79 [ 260.888739][ T5698] usblp0: removed [ 260.901000][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.911744][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.921537][ T6] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 260.930395][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.939547][ T6] usb 3-1: config 0 descriptor?? [ 261.090953][ T294] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 261.201675][ T313] hid-thrustmaster 0003:044F:B65D.00EA: item fetching failed at offset 3/7 [ 261.210248][ T313] hid-thrustmaster 0003:044F:B65D.00EA: parse failed with error -22 [ 261.221000][ T313] hid-thrustmaster: probe of 0003:044F:B65D.00EA failed with error -22 [ 261.256985][T11268] syz.0.4636 (11268) used greatest stack depth: 19464 bytes left [ 261.330931][ T294] usb 2-1: Using ep0 maxpacket: 8 [ 261.421750][ T6] kone 0003:1E7D:2CED.00EB: collection stack underflow [ 261.429319][ T6] kone 0003:1E7D:2CED.00EB: item 0 1 0 12 parsing failed [ 261.436566][ T6] kone 0003:1E7D:2CED.00EB: parse failed [ 261.442241][ T6] kone: probe of 0003:1E7D:2CED.00EB failed with error -22 [ 261.450947][ T294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.462040][ T6] usb 4-1: USB disconnect, device number 72 [ 261.467774][ T294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.478943][ T294] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 261.488066][ T294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.496848][ T294] usb 2-1: config 0 descriptor?? [ 261.624357][ T19] usb 3-1: USB disconnect, device number 74 [ 261.661157][ T5702] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 261.780943][ T313] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 261.982255][ T294] kone 0003:1E7D:2CED.00EC: collection stack underflow [ 261.991452][ T294] kone 0003:1E7D:2CED.00EC: item 0 1 0 12 parsing failed [ 261.998510][ T294] kone 0003:1E7D:2CED.00EC: parse failed [ 262.004888][ T294] kone: probe of 0003:1E7D:2CED.00EC failed with error -22 [ 262.020886][ T313] usb 5-1: Using ep0 maxpacket: 16 [ 262.020959][ T5702] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.036682][ T5702] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.046720][ T5702] usb 1-1: New USB device found, idVendor=04c7, idProduct=0030, bcdDevice= 0.00 [ 262.055859][ T5702] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.058292][T11296] loop3: detected capacity change from 0 to 512 [ 262.064394][ T5702] usb 1-1: config 0 descriptor?? [ 262.076999][T11296] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 262.085322][T11296] EXT4-fs (loop3): 1 truncate cleaned up [ 262.090761][T11296] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 262.150956][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.167431][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 262.173729][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.184887][ T313] usb 5-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 262.194380][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.202950][ T294] usb 2-1: USB disconnect, device number 73 [ 262.216574][ T313] usb 5-1: config 0 descriptor?? [ 262.233492][T11309] loop3: detected capacity change from 0 to 256 [ 262.240665][T11309] exfat: Deprecated parameter 'utf8' [ 262.249022][T11309] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xcc9b7de9, utbl_chksum : 0xe619d30d) [ 262.470964][ T2620] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 262.541896][ T5702] hid-generic 0003:04C7:0030.00ED: item fetching failed at offset 5/7 [ 262.550049][ T5702] hid-generic: probe of 0003:04C7:0030.00ED failed with error -22 [ 262.701878][ T313] samsung 0003:0419:0001.00EE: unknown main item tag 0x0 [ 262.708792][ T313] samsung 0003:0419:0001.00EE: unknown main item tag 0x0 [ 262.715811][ T313] samsung 0003:0419:0001.00EE: item fetching failed at offset 3/5 [ 262.723524][ T313] samsung 0003:0419:0001.00EE: parse failed [ 262.729227][ T313] samsung: probe of 0003:0419:0001.00EE failed with error -22 [ 262.753084][ T313] usb 1-1: USB disconnect, device number 78 [ 262.860947][ T2620] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.871815][ T2620] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.881300][ T2620] usb 3-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 262.890149][ T2620] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.898605][ T2620] usb 3-1: config 0 descriptor?? [ 262.906408][ T294] usb 5-1: USB disconnect, device number 80 [ 262.990925][ T5702] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 263.230897][ T5702] usb 2-1: Using ep0 maxpacket: 8 [ 263.317015][T11325] loop3: detected capacity change from 0 to 2048 [ 263.323815][T11325] EXT4-fs: Ignoring removed orlov option [ 263.332306][T11325] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 263.352645][ T7174] EXT4-fs (loop3): unmounting filesystem. [ 263.371595][ T2620] dragonrise 0003:0079:0011.00EF: unknown global tag 0xd [ 263.378675][ T2620] dragonrise 0003:0079:0011.00EF: item 0 2 1 13 parsing failed [ 263.386190][ T5702] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 263.397189][ T5702] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.408026][ T2620] dragonrise 0003:0079:0011.00EF: parse failed [ 263.414048][ T2620] dragonrise: probe of 0003:0079:0011.00EF failed with error -22 [ 263.425217][ T5702] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.437000][ T5702] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 263.450134][ T5702] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 263.459106][ T5702] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.475799][ T5702] usb 2-1: config 0 descriptor?? [ 263.512383][ T28] audit: type=1326 audit(2000000322.181:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.543279][ T28] audit: type=1326 audit(2000000322.181:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.570289][ T28] audit: type=1326 audit(2000000322.211:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.575106][ T313] usb 3-1: USB disconnect, device number 75 [ 263.594549][ T28] audit: type=1326 audit(2000000322.211:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.623674][ T28] audit: type=1326 audit(2000000322.211:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.647397][ T28] audit: type=1326 audit(2000000322.211:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.676415][ T28] audit: type=1326 audit(2000000322.211:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.710056][ T28] audit: type=1326 audit(2000000322.211:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11341 comm="syz.0.4667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe32537dff9 code=0x7ffc0000 [ 263.845085][T11362] overlayfs: failed to resolve './file0': -2 [ 263.851925][T11362] overlayfs: failed to resolve './file1': -2 [ 263.866163][T11364] loop3: detected capacity change from 0 to 256 [ 263.877137][T11364] FAT-fs (loop3): Directory bread(block 64) failed [ 263.883713][T11364] FAT-fs (loop3): Directory bread(block 65) failed [ 263.890139][T11364] FAT-fs (loop3): Directory bread(block 66) failed [ 263.896570][T11364] FAT-fs (loop3): Directory bread(block 67) failed [ 263.900894][ T2620] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 263.904264][T11364] FAT-fs (loop3): Directory bread(block 68) failed [ 263.916849][T11364] FAT-fs (loop3): Directory bread(block 69) failed [ 263.923234][T11364] FAT-fs (loop3): Directory bread(block 70) failed [ 263.929730][T11364] FAT-fs (loop3): Directory bread(block 71) failed [ 263.936186][T11364] FAT-fs (loop3): Directory bread(block 72) failed [ 263.942560][T11364] FAT-fs (loop3): Directory bread(block 73) failed [ 263.962829][T11364] syz.3.4677: attempt to access beyond end of device [ 263.962829][T11364] loop3: rw=524288, sector=1736, nr_sectors = 32 limit=256 [ 263.976608][T11364] syz.3.4677: attempt to access beyond end of device [ 263.976608][T11364] loop3: rw=0, sector=1736, nr_sectors = 8 limit=256 [ 263.977381][ T5702] hid-thrustmaster 0003:044F:B65D.00F0: item fetching failed at offset 3/7 [ 263.998684][ T5702] hid-thrustmaster 0003:044F:B65D.00F0: parse failed with error -22 [ 264.006570][ T5702] hid-thrustmaster: probe of 0003:044F:B65D.00F0 failed with error -22 [ 264.036034][T11368] loop3: detected capacity change from 0 to 2048 [ 264.062194][T11368] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 264.123701][T11371] EXT4-fs (loop3): shut down requested (0) [ 264.162494][T11368] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.4679: bg 0: block 234: padding at end of block bitmap is not set [ 264.176733][ T5702] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 264.184314][T11368] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 264.196834][T11368] EXT4-fs (loop3): This should not happen!! Data will be lost [ 264.196834][T11368] [ 264.197035][ T294] usb 2-1: USB disconnect, device number 74 [ 264.206466][T11368] EXT4-fs (loop3): Total free blocks count 0 [ 264.217926][T11368] EXT4-fs (loop3): Free/Dirty block details [ 264.223569][T11368] EXT4-fs (loop3): free_blocks=0 [ 264.228319][T11368] EXT4-fs (loop3): dirty_blocks=8192 [ 264.233648][T11368] EXT4-fs (loop3): Block reservation details [ 264.239441][T11368] EXT4-fs (loop3): i_reserved_data_blocks=512 [ 264.290960][ T2620] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.302073][ T2620] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.325739][ T2620] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 264.350896][ T2620] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 264.359757][ T2620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.368783][ T2620] usb 1-1: config 0 descriptor?? [ 264.440941][ T5702] usb 5-1: Using ep0 maxpacket: 32 [ 264.560982][ T5702] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 264.571992][ T5702] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 264.583092][ T5702] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 264.591942][ T5702] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.600239][ T5702] usb 5-1: config 0 descriptor?? [ 264.621025][T11366] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 264.641449][ T5702] hub 5-1:0.0: USB hub found [ 264.650935][ T5698] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 264.650973][ T6] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 264.733362][T11389] loop1: detected capacity change from 0 to 512 [ 264.740211][T11389] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 264.748622][T11389] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 264.758555][T11389] EXT4-fs (loop1): orphan cleanup on readonly fs [ 264.765804][T11389] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3845: comm syz.1.4687: Allocating blocks 41-42 which overlap fs metadata [ 264.779654][T11389] Quota error (device loop1): write_blk: dquota write failed [ 264.787042][T11389] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.4687: Failed to acquire dquot type 0 [ 264.798569][T11389] EXT4-fs (loop1): 1 truncate cleaned up [ 264.804327][T11389] EXT4-fs (loop1): pa ffff8881113af2a0: logic 1, phys. 41, len 23 [ 264.812047][T11389] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23 [ 264.822227][T11389] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 264.831960][T11389] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 264.851352][T11389] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 264.861007][T11035] EXT4-fs (loop1): unmounting filesystem. [ 264.871961][ T2620] plantronics 0003:047F:FFFF.00F1: No inputs registered, leaving [ 264.879936][ T5702] hub 5-1:0.0: 2 ports detected [ 264.887240][ T2620] plantronics 0003:047F:FFFF.00F1: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 264.902896][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 265.021039][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 265.021162][ T5698] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 265.032254][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 265.042511][ T5698] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 265.052077][ T6] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 265.069642][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.083650][T11403] loop1: detected capacity change from 0 to 512 [ 265.090083][T11403] EXT4-fs: Ignoring removed mblk_io_submit option [ 265.097103][T11403] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 265.099446][ T6] usb 3-1: config 0 descriptor?? [ 265.108747][T11403] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz.1.4692: corrupted in-inode xattr [ 265.123641][T11403] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.4692: couldn't read orphan inode 15 (err -117) [ 265.135821][T11403] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 265.144659][ T5698] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 265.154007][ T5698] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 265.162078][ T5698] usb 4-1: SerialNumber: syz [ 265.170328][T11035] EXT4-fs (loop1): unmounting filesystem. [ 265.185051][T11406] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 265.351050][ T5702] hub 5-1:0.0: set hub depth failed [ 265.401701][ T5702] usb 5-1: USB disconnect, device number 81 [ 265.451493][ T5698] usb 4-1: 0:2 : does not exist [ 265.493514][ T5698] usb 4-1: USB disconnect, device number 73 [ 265.571704][T11387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.580039][T11387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.588285][T11387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.596632][T11387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.611981][ T6] hid (null): unknown global tag 0xc [ 265.617210][ T6] hid (null): unknown global tag 0xd [ 265.622414][ T6] hid (null): invalid report_count 14028 [ 265.627947][ T6] hid (null): invalid report_size 4696984 [ 265.635041][ T6] hid-generic 0003:0158:0100.00F2: unknown main item tag 0x1 [ 265.642673][ T6] hid-generic 0003:0158:0100.00F2: unexpected long global item [ 265.650130][ T6] hid-generic: probe of 0003:0158:0100.00F2 failed with error -22 [ 265.721629][ T496] udevd[496]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 265.834427][ T6] usb 3-1: USB disconnect, device number 76 [ 266.530897][ T5698] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 266.673563][T11458] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4714'. [ 266.696007][T11460] loop2: detected capacity change from 0 to 2048 [ 266.712427][T11460] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 266.724801][T11460] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 266.739717][T11460] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 266.752108][T11460] EXT4-fs (loop2): This should not happen!! Data will be lost [ 266.752108][T11460] [ 266.762256][T11460] EXT4-fs (loop2): Total free blocks count 0 [ 266.830732][T11460] EXT4-fs (loop2): Free/Dirty block details [ 266.831517][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 266.831529][ T28] audit: type=1400 audit(2000000325.491:651): avc: denied { execute } for pid=11459 comm="syz.2.4715" path="/60/file0/cgroup.stat" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 266.843008][T11460] EXT4-fs (loop2): free_blocks=2415919104 [ 266.872126][T11460] EXT4-fs (loop2): dirty_blocks=16 [ 266.877458][T11460] EXT4-fs (loop2): Block reservation details [ 266.883593][T11460] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 266.921708][T10586] EXT4-fs (loop2): unmounting filesystem. [ 266.926873][T11475] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4721'. [ 267.000988][ T5698] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.011853][ T5698] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.021984][ T5698] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 267.031078][ T5698] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.041606][ T5698] usb 5-1: config 0 descriptor?? [ 267.210920][ T294] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 267.240889][ T2196] Bluetooth: hci0: command 0x1003 tx timeout [ 267.240909][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 267.289457][T11497] loop1: detected capacity change from 0 to 256 [ 267.370904][ T5702] usb 1-1: reset high-speed USB device number 79 using dummy_hcd [ 267.370907][ T19] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 267.431136][ T5702] usb 1-1: device reset changed ep0 maxpacket size! [ 267.437741][ T6] usb 1-1: USB disconnect, device number 79 [ 267.502008][ T5698] pyra 0003:1E7D:2CF6.00F3: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0 [ 267.570964][ T294] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 267.581000][ T294] usb 3-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 267.589755][ T294] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 267.590945][ T314] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 267.598700][ T6] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 267.613467][ T294] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.721036][ T5698] pyra 0003:1E7D:2CF6.00F3: couldn't init struct pyra_device [ 267.728315][ T5698] pyra 0003:1E7D:2CF6.00F3: couldn't install mouse [ 267.730949][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.735397][ T5698] pyra: probe of 0003:1E7D:2CF6.00F3 failed with error -71 [ 267.745768][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.754772][ T5698] usb 5-1: USB disconnect, device number 82 [ 267.762976][ T19] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 267.776600][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.785027][ T19] usb 4-1: config 0 descriptor?? [ 267.860897][ T6] usb 1-1: Using ep0 maxpacket: 8 [ 267.981025][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.991785][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.001426][ T6] usb 1-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 268.010287][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.020619][ T6] usb 1-1: config 0 descriptor?? [ 268.031081][ T314] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.201070][ T314] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 268.209996][ T314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.217786][ T314] usb 2-1: Product: syz [ 268.221827][ T314] usb 2-1: Manufacturer: syz [ 268.224216][ T294] usb 3-1: string descriptor 0 read error: -22 [ 268.226136][ T314] usb 2-1: SerialNumber: syz [ 268.262222][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.269077][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.276150][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.283425][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.290406][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.297472][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.304664][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.312211][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.318997][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.326118][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.333175][ T19] lg-g15 0003:046D:C222.00F4: unknown main item tag 0x0 [ 268.340626][ T19] lg-g15 0003:046D:C222.00F4: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0 [ 268.435087][ T476] usb 3-1: USB disconnect, device number 77 [ 268.476182][ T5702] usb 4-1: USB disconnect, device number 74 [ 268.491952][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.499214][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.506485][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.513701][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.520905][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.528067][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.535291][ T6] playstation 0003:054C:0CE6.00F5: unknown main item tag 0x0 [ 268.543012][ T6] playstation 0003:054C:0CE6.00F5: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.0-1/input0 [ 268.600936][ T5698] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 268.700992][ T6] playstation 0003:054C:0CE6.00F5: Invalid reportID received, expected 9 got 0 [ 268.709822][ T6] playstation 0003:054C:0CE6.00F5: Failed to retrieve DualSense pairing info: -22 [ 268.718970][ T6] playstation 0003:054C:0CE6.00F5: Failed to get MAC address from DualSense [ 268.727418][ T6] playstation 0003:054C:0CE6.00F5: Failed to create dualsense. [ 268.735285][ T6] playstation: probe of 0003:054C:0CE6.00F5 failed with error -22 [ 268.911375][ T5702] usb 1-1: USB disconnect, device number 80 [ 269.000990][ T5698] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.011837][ T5698] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.021539][ T5698] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 269.034178][ T5698] usb 5-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00 [ 269.043479][ T5698] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.051892][ T5698] usb 5-1: config 0 descriptor?? [ 269.260971][ T2620] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 269.310966][ T6] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 269.360995][ T314] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 269.367321][ T314] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 269.374633][ T314] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 269.440637][T11529] device veth2 entered promiscuous mode [ 269.458226][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 269.500999][ T2620] usb 4-1: Using ep0 maxpacket: 8 [ 269.541598][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.548397][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.550936][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 269.555339][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.567210][ T314] cdc_ncm 2-1:1.0: setting tx_max = 184 [ 269.574019][ T314] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 269.584782][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.591630][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.598375][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.611117][ T314] usb 2-1: USB disconnect, device number 75 [ 269.617968][ T314] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 269.627726][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.634773][ T2620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.646145][ T2620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.657061][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.664007][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.670792][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.670979][ T6] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 269.677561][ T2620] usb 4-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 269.695212][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.702149][ T6] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 269.703595][ T2620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.719537][ T6] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 269.719833][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.730530][ T6] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 269.744198][ T2620] usb 4-1: config 0 descriptor?? [ 269.752266][ T6] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 269.760923][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.762531][ T6] usb 3-1: config 1 interface 0 has no altsetting 0 [ 269.768608][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.775708][ T6] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 269.782409][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.792040][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.806010][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.814279][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.821548][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.828327][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.835209][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.842032][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.848756][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.851332][ T6] ums-sddr09 3-1:1.0: USB Mass Storage device detected [ 269.855845][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.869050][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.876002][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.883275][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.890075][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.896900][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.903620][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.910363][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.917162][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.923908][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.930755][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.937872][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.944677][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.951447][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.958266][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.965196][ T5698] elecom 0003:056E:010C.00F6: unknown main item tag 0x0 [ 269.972343][ T5698] elecom 0003:056E:010C.00F6: hidraw0: USB HID v0.00 Device [HID 056e:010c] on usb-dummy_hcd.4-1/input0 [ 269.985954][ T5698] usb 5-1: USB disconnect, device number 83 [ 269.993195][ T314] ================================================================== [ 270.001067][ T314] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 270.008704][ T314] Read of size 8 at addr ffff88812caf4cf0 by task kworker/1:3/314 [ 270.016342][ T314] [ 270.018509][ T314] CPU: 1 PID: 314 Comm: kworker/1:3 Not tainted 6.1.99-syzkaller-00050-gadd3d68602a0 #0 [ 270.028061][ T314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 270.038039][ T314] Workqueue: wg-crypt-wg1 wg_packet_tx_worker [ 270.043952][ T314] Call Trace: [ 270.047068][ T314] [ 270.049845][ T314] dump_stack_lvl+0x151/0x1b7 [ 270.054358][ T314] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 270.059653][ T314] ? _printk+0xd1/0x111 [ 270.063654][ T314] ? __virt_addr_valid+0x242/0x2f0 [ 270.068588][ T314] print_report+0x158/0x4e0 [ 270.072937][ T314] ? __virt_addr_valid+0x242/0x2f0 [ 270.077875][ T314] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 270.083949][ T314] ? __list_del_entry_valid+0xa6/0x130 [ 270.089274][ T314] kasan_report+0x13c/0x170 [ 270.093583][ T314] ? __list_del_entry_valid+0xa6/0x130 [ 270.098880][ T314] __asan_report_load8_noabort+0x14/0x20 [ 270.104345][ T314] __list_del_entry_valid+0xa6/0x130 [ 270.109464][ T314] process_one_work+0x4d7/0xcb0 [ 270.114157][ T314] worker_thread+0xa60/0x1260 [ 270.118670][ T314] kthread+0x26d/0x300 [ 270.122574][ T314] ? worker_clr_flags+0x1a0/0x1a0 [ 270.127431][ T314] ? kthread_blkcg+0xd0/0xd0 [ 270.131867][ T314] ret_from_fork+0x1f/0x30 [ 270.136118][ T314] [ 270.138977][ T314] [ 270.141148][ T314] Allocated by task 314: [ 270.145227][ T314] kasan_set_track+0x4b/0x70 [ 270.149649][ T314] kasan_save_alloc_info+0x1f/0x30 [ 270.154602][ T314] __kasan_kmalloc+0x9c/0xb0 [ 270.159042][ T314] __kmalloc_node+0xb4/0x1e0 [ 270.163455][ T314] kvmalloc_node+0x221/0x640 [ 270.167879][ T314] alloc_netdev_mqs+0x8c/0xf90 [ 270.172478][ T314] alloc_etherdev_mqs+0x36/0x40 [ 270.177164][ T314] usbnet_probe+0x207/0x27c0 [ 270.181590][ T314] usb_probe_interface+0x5b6/0xa90 [ 270.186535][ T314] really_probe+0x2b8/0x920 [ 270.191051][ T314] __driver_probe_device+0x1a0/0x310 [ 270.196169][ T314] driver_probe_device+0x54/0x3d0 [ 270.201031][ T314] __device_attach_driver+0x2e3/0x490 [ 270.206238][ T314] bus_for_each_drv+0x183/0x200 [ 270.210923][ T314] __device_attach+0x312/0x510 [ 270.215529][ T314] device_initial_probe+0x1a/0x20 [ 270.220382][ T314] bus_probe_device+0xbe/0x1e0 [ 270.225328][ T314] device_add+0xb60/0xf10 [ 270.229499][ T314] usb_set_configuration+0x190f/0x1e80 [ 270.234793][ T314] usb_generic_driver_probe+0x8b/0x150 [ 270.240083][ T314] usb_probe_device+0x144/0x260 [ 270.244773][ T314] really_probe+0x2b8/0x920 [ 270.249216][ T314] __driver_probe_device+0x1a0/0x310 [ 270.254410][ T314] driver_probe_device+0x54/0x3d0 [ 270.259274][ T314] __device_attach_driver+0x2e3/0x490 [ 270.264485][ T314] bus_for_each_drv+0x183/0x200 [ 270.269184][ T314] __device_attach+0x312/0x510 [ 270.273766][ T314] device_initial_probe+0x1a/0x20 [ 270.278629][ T314] bus_probe_device+0xbe/0x1e0 [ 270.283393][ T314] device_add+0xb60/0xf10 [ 270.287591][ T314] usb_new_device+0xf2f/0x1820 [ 270.292175][ T314] hub_event+0x2db1/0x4830 [ 270.296440][ T314] process_one_work+0x73d/0xcb0 [ 270.301204][ T314] worker_thread+0xa60/0x1260 [ 270.305716][ T314] kthread+0x26d/0x300 [ 270.309907][ T314] ret_from_fork+0x1f/0x30 [ 270.314158][ T314] [ 270.316325][ T314] Freed by task 314: [ 270.320498][ T314] kasan_set_track+0x4b/0x70 [ 270.325011][ T314] kasan_save_free_info+0x2b/0x40 [ 270.329867][ T314] ____kasan_slab_free+0x131/0x180 [ 270.334814][ T314] __kasan_slab_free+0x11/0x20 [ 270.339412][ T314] __kmem_cache_free+0x218/0x3b0 [ 270.344186][ T314] kfree+0x7a/0xf0 [ 270.347743][ T314] kvfree+0x35/0x40 [ 270.351562][ T314] netdev_freemem+0x3f/0x60 [ 270.355903][ T314] netdev_release+0x7f/0xb0 [ 270.360241][ T314] device_release+0x95/0x1c0 [ 270.364668][ T314] kobject_put+0x178/0x260 [ 270.369191][ T314] put_device+0x1f/0x30 [ 270.373178][ T314] free_netdev+0x393/0x480 [ 270.377460][ T314] usbnet_disconnect+0x245/0x390 [ 270.382200][ T314] usb_unbind_interface+0x1fa/0x8c0 [ 270.387408][ T314] device_release_driver_internal+0x53e/0x870 [ 270.393397][ T314] device_release_driver+0x19/0x20 [ 270.398346][ T314] bus_remove_device+0x2fa/0x360 [ 270.403116][ T314] device_del+0x663/0xe90 [ 270.407282][ T314] usb_disable_device+0x380/0x720 [ 270.412157][ T314] usb_disconnect+0x32a/0x890 [ 270.416654][ T314] hub_event+0x1ed8/0x4830 [ 270.420907][ T314] process_one_work+0x73d/0xcb0 [ 270.425598][ T314] worker_thread+0xd71/0x1260 [ 270.430109][ T314] kthread+0x26d/0x300 [ 270.434014][ T314] ret_from_fork+0x1f/0x30 [ 270.438265][ T314] [ 270.440437][ T314] Last potentially related work creation: [ 270.445989][ T314] kasan_save_stack+0x3b/0x60 [ 270.450512][ T314] __kasan_record_aux_stack+0xb4/0xc0 [ 270.455721][ T314] kasan_record_aux_stack_noalloc+0xb/0x10 [ 270.461352][ T314] insert_work+0x56/0x310 [ 270.465516][ T314] __queue_work+0x9b6/0xd70 [ 270.469864][ T314] queue_work_on+0x105/0x170 [ 270.474289][ T314] usbnet_link_change+0xeb/0x100 [ 270.479093][ T314] usbnet_probe+0x1dbe/0x27c0 [ 270.483578][ T314] usb_probe_interface+0x5b6/0xa90 [ 270.488518][ T314] really_probe+0x2b8/0x920 [ 270.493030][ T314] __driver_probe_device+0x1a0/0x310 [ 270.498152][ T314] driver_probe_device+0x54/0x3d0 [ 270.503013][ T314] __device_attach_driver+0x2e3/0x490 [ 270.508221][ T314] bus_for_each_drv+0x183/0x200 [ 270.512909][ T314] __device_attach+0x312/0x510 [ 270.517509][ T314] device_initial_probe+0x1a/0x20 [ 270.522365][ T314] bus_probe_device+0xbe/0x1e0 [ 270.526972][ T314] device_add+0xb60/0xf10 [ 270.531133][ T314] usb_set_configuration+0x190f/0x1e80 [ 270.536429][ T314] usb_generic_driver_probe+0x8b/0x150 [ 270.541722][ T314] usb_probe_device+0x144/0x260 [ 270.546408][ T314] really_probe+0x2b8/0x920 [ 270.550746][ T314] __driver_probe_device+0x1a0/0x310 [ 270.555867][ T314] driver_probe_device+0x54/0x3d0 [ 270.560726][ T314] __device_attach_driver+0x2e3/0x490 [ 270.565933][ T314] bus_for_each_drv+0x183/0x200 [ 270.570621][ T314] __device_attach+0x312/0x510 [ 270.575220][ T314] device_initial_probe+0x1a/0x20 [ 270.580080][ T314] bus_probe_device+0xbe/0x1e0 [ 270.584682][ T314] device_add+0xb60/0xf10 [ 270.588848][ T314] usb_new_device+0xf2f/0x1820 [ 270.593448][ T314] hub_event+0x2db1/0x4830 [ 270.597703][ T314] process_one_work+0x73d/0xcb0 [ 270.602401][ T314] worker_thread+0xa60/0x1260 [ 270.606900][ T314] kthread+0x26d/0x300 [ 270.610805][ T314] ret_from_fork+0x1f/0x30 [ 270.615060][ T314] [ 270.617229][ T314] The buggy address belongs to the object at ffff88812caf4000 [ 270.617229][ T314] which belongs to the cache kmalloc-4k of size 4096 [ 270.631116][ T314] The buggy address is located 3312 bytes inside of [ 270.631116][ T314] 4096-byte region [ffff88812caf4000, ffff88812caf5000) [ 270.644395][ T314] [ 270.646569][ T314] The buggy address belongs to the physical page: [ 270.652826][ T314] page:ffffea0004b2bc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12caf0 [ 270.663019][ T314] head:ffffea0004b2bc00 order:3 compound_mapcount:0 compound_pincount:0 [ 270.671150][ T314] flags: 0x4000000000010200(slab|head|zone=1) [ 270.677085][ T314] raw: 4000000000010200 ffffea0004a65e00 dead000000000002 ffff888100043380 [ 270.685467][ T314] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 270.693890][ T314] page dumped because: kasan: bad access detected [ 270.700143][ T314] page_owner tracks the page as allocated [ 270.705687][ T314] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 290, tgid 290 (syz-executor), ts 21097399931, free_ts 0 [ 270.725826][ T314] post_alloc_hook+0x213/0x220 [ 270.730420][ T314] prep_new_page+0x1b/0x110 [ 270.734758][ T314] get_page_from_freelist+0x27ea/0x2870 [ 270.740139][ T314] __alloc_pages+0x3a1/0x780 [ 270.744572][ T314] alloc_slab_page+0x6c/0xf0 [ 270.748993][ T314] new_slab+0x90/0x3e0 [ 270.752904][ T314] ___slab_alloc+0x6f9/0xb80 [ 270.757323][ T314] __slab_alloc+0x5d/0xa0 [ 270.761492][ T314] __kmem_cache_alloc_node+0x1af/0x250 [ 270.766788][ T314] kmalloc_trace+0x2a/0xa0 [ 270.771036][ T314] kobject_uevent_env+0x262/0x720 [ 270.775898][ T314] kobject_uevent+0x1f/0x30 [ 270.780237][ T314] __kobject_del+0xee/0x300 [ 270.784582][ T314] kobject_put+0x1cc/0x260 [ 270.788915][ T314] netdev_queue_update_kobjects+0x406/0x4a0 [ 270.794644][ T314] netif_set_real_num_tx_queues+0x15c/0x770 [ 270.800381][ T314] page_owner free stack trace missing [ 270.805581][ T314] [ 270.807755][ T314] Memory state around the buggy address: [ 270.813222][ T314] ffff88812caf4b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 270.821291][ T314] ffff88812caf4c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 270.829193][ T314] >ffff88812caf4c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 270.837088][ T314] ^ [ 270.844639][ T314] ffff88812caf4d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 270.852538][ T314] ffff88812caf4d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 270.860433][ T314] ================================================================== [ 270.868426][ T314] Disabling lock debugging due to kernel taint [ 270.903062][ T6] ums-sddr09: probe of 3-1:1.0 failed with error -22 [ 270.912101][ T6] usb 3-1: USB disconnect, device number 78 [ 271.121596][T11519] syz.3.4741[11519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 271.121647][T11519] syz.3.4741[11519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 271.141835][ T2620] pantherlord 0003:0810:0001.00F7: item fetching failed at offset 3/5 [ 271.161215][ T2620] pantherlord 0003:0810:0001.00F7: parse failed [ 271.167164][ T2620] pantherlord: probe of 0003:0810:0001.00F7 failed with error -22 [ 271.358607][ T2620] usb 4-1: USB disconnect, device number 75 [ 271.481103][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 271.481243][ T7078] Bluetooth: hci0: command 0x1003 tx timeout