last executing test programs: 5.73404905s ago: executing program 4 (id=2041): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) 5.713602261s ago: executing program 4 (id=2042): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x6005}, @void, @eth={@multicast, @remote, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x26, 0x29, 0x68, 0x0, 0x9, 0x4, 0x0, @private=0xa010101, @multicast1}, "a93a88c19c640ec98e51b5683ee58e25bfcdb2ba7d"}}}}}, 0x3f) 5.665933853s ago: executing program 4 (id=2043): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12011001daa18c4089612d187301010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) ptrace$ARCH_SHSTK_ENABLE(0x1e, 0x0, 0x2, 0x5001) 3.545985335s ago: executing program 4 (id=2119): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r0) mount$9p_fd(0x0, &(0x7f0000002180)='./file0\x00', &(0x7f00000021c0), 0x210000, &(0x7f0000002400)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 2.694551622s ago: executing program 4 (id=2140): r0 = syz_usb_connect$cdc_ncm(0x5, 0x76, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x64, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x857a, 0xfffe, 0x80, 0x2}, {0x6}, [@mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x4, 0x6}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0xd}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0xfe}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x8}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.661145074s ago: executing program 2 (id=2145): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000040)={0x4000000000000229, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]}) 2.546304089s ago: executing program 2 (id=2147): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b95002000066baa10066b80f0066efb9a6080000b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x69}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.422174785s ago: executing program 2 (id=2150): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000380)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="827d", 0x2}], 0x1}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000180)="6985bc3e5de8fe91a5eaa35b02afb61f42aa8d5fc78833c025b9", 0x1a, 0x3b00, 0x0, 0x0) 2.421822715s ago: executing program 0 (id=2152): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000202000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000e58500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380"], 0x44}}, 0x20008000) 2.421604705s ago: executing program 2 (id=2153): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x1) 2.360116897s ago: executing program 2 (id=2154): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./bus\x00', 0x2218050, &(0x7f0000000140)=ANY=[], 0x1, 0x1528, &(0x7f0000001800)="$eJzs3Au4TtX2MPAx5pyLTS5vkvsacyze5DJJklwScqkkSUjuCUmSJKnEJrckJEmuO8l1h9zTTu73W+6hnSNJkpCQZH7PTn061fn6n/PvHH1nj9/zrGfPsdYac421x/u+a633efb+suvQGo1qVq3PzPCv0D8P8OKPRABIAIABAJAdAAIAKJOjTI607Zk0Jv5LBxH/Jg2mXe4KxOUk/U/fpP/pm/Q/fZP+p2/S//RN+p++Sf/TN+m/EOlact4rZUm/i3z///859b9Jluv/fx/E3676R/tK///b6H9qb+l/upHh91ZK/9OL378ESP/TN+l/ehZc7gLEZSbv//RN+i9Euvanf6e87uw/s3/wb6nhP7xouPw1/KuLEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgjxH3DWX2IA4Ofx5a5LCCGEEEIIIYQQfx7/zuWuQAghhBBCCCGEEP9+CAo0GAggA2SEBMgEmeEKyAJZIRtkhxhcCTngKsgJV0MuyA15IC/kg/xQAEIgsMAQQUEoBHG4BgrDtVAEikIxKA4OSkBJuA5KwfVQGm6AMnAjlIWboByUhwpQEW6GSnALVIYqUBVuhWpQHWpATbgNboc7oBbcCbXhLqgDd0NduAfqwb1QHxpAQ7gPGsH90BiaQFNoBs2hBbT8g/yk7L+X/yx0h+egB/SEROgFveF56AN9oR/0hwHwAgyEF2EQvASDYQgMhZdhGLwCw+FVGAGvwUh4HUbBaBgDY2EcjIckeAMmwJswEd66PytMhikwFabBdEiGt2EGzIRZ8A7MhjkwF5IyzYcFsBDehUXwHqTA+7AYPoAlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi3wIWyFbbAddsBO2AW74SPYA3thH3wMqfjJP5l/5u/zoRsCAipUaNBgBsyACZiAmTEzZsEsmA2zYQxjmANzYE7MibkwF+bBPJgP82EBLICEhIyMBbEgxjGOhbEwFsEiWAyLoUOHJbEklsLrsTSWxjJYBstiWSyH5bE8VsSKWAkrYWWsjFWxKlbDalgDa+BteBvegbWwFtbG2lgH62BdrIv1sB7Wx/rYEBtiI2yEjbExNsWm2BybY0tsia2wFbbG1tgW22I7bIftsT12wA7YETtiJ+yEnbEzdsEu2BW7Yjd8Gp/GZ/FZfA6fw55YTfXC3tgb+2Af7If9sT++gAPxRXwRX8LBOASH4sv4Mr6Cw/E0jsDXcCSOxEpqNI7BschqPCZhEmaECTgRJ+IknIyTcSpOw+mYjMk4A2fiTHwHZ+McnIPzcB4uwIW4EBfhe5iCKbgYz+ASXIrLcDmuwJW4AlfjGlyN63A9rsONuBE342b8ED/EbbgNd+AO3IW78CP8CPfiXhyMqZiK+3E/HsADeBAP4iE8hIfxMB7BI3gUj+IxPIbH8QSexBN4Ck/haTyDZwHgHJ7D83geL+CFtDe/SmOUURlUBpWgElRmlVllUVlUNpVNxVRM5VA5VE6VU+VSuVQelUflU/lUAVVAkSLFKlIFVUEVV3FVWBVWRVQRVUwVU045VVKVVKVUKVValVZl1I1ny6qbVDlVXrVxFVVFVUm1dZVVFVVVVVXVVHVVQ9VUNdXt6nZVS9VStVVtVUfVUXXVPaqe6oX9sIFK60wjNQQbq6HYVDVTzVUL9Qo+oFqp4dhatVFt1UPqNRyB7VUr10E9qjqqMdhJPa7G4hOqixqPXdVTqpt6Wj2jnlXdVWvXQ/VUk7CX6q2mYh/VV/VT/dUMrK7SOlZDvaQGqyFqqHpZLcBX1HD16l68+IGpRqnRaowaq8ap8SpJvaEmqDfVRPWWmqQmqylqqpqmpqtk9baaoWaqWeodNVvNUXPVPDVfLVAL1btqkXpPpaj31WL1gVqilqplarlaoVaqVWq1WqPWqnVqvdqgNqpNarPaoj5UW9U2tV3tUDvVLrVbfaT2qL1qn/pYpapP1H71N3VAfaoOqs/UIfW5Oqy+UEfUl+qo+kodU1+r4+qEOqm+UafUt+q0OqPOqu/UOfW9Oq9+UBeUV6BRK6210YHOoDPqBJ1JZ9ZX6Cw6q86ms+uYvlLn0FfpnPpqnUvn1nlMXp1P59cFdKhJW8060gV1IR3X1+jC+lpdRBfVxXRx7XQJXVJfp0vp63VpfYMuo2/UZfVNupwuryt40DfrSvoWXVlX0VX1rbqarq5r6Jr6Nn27vkPX0nfq2vouXUffrevqe3Q9fa+urxvohvo+3UjfrxvrJrqpbqab6xa6pX5At9IP6kC30W31Q7qdfli314/oDvpR3VE/pjvpx3Vn/YTuop/UXfVTupuuAgA/6Ava6x66p07UvXRv/bzuo/vqfrq/HqBf0AP1i3qQfkkP1kP0UP2yHqZf0cP1q3qEfk2P1K/rUXq0HqPH6nF6vE7Sb+gJ+k09Ub+lJ+nJeoqeqqfp6bpf2kygLr5i/iD/zd/JH/Tj0TfrLfpDvVVv09v1Dr1T79K79W69R+/R+/Q+napT9X69Xx/QB/RBfVAf0of0YX1YH9FH9FF9VB/Tx/RxfUJ/p7/Rp/S3+rQ+o8/o7/Q5fU6f1xd/B2DQKKONMYHJYDKaBJPJZDZXmCwmq8lmspuYudLkMFeZnOZqk8vkNnlMXpPP5DcFTGjIWMMmMgVNIRM315jC5lpTxBQ1xUxx40wJU9Jc97/O/6P6WpqWppVpZVqb1qataWvamXamvWlvOpgOpqPpaDqZTqaz6Wy6mC6mq+lquplu5hnzjOluupsepodJNImmt3ne9DF9TT/T3wwwL5iBZqAZZAaZwWawGWqGmmFmmBluhpsRCT/dMplRZowZY8aZcSbJZzcTzAQz0Uw0k8wkM2VAdjPNTDPJJtnMMDPMLDPLzDazzVwz18w3881Cs9AsMotMikkxi81is8QsNUvNcrPcrDQrzWqz2qw1a816s95sNBvNErPFbDFbzVaz3Ww3O81Os9vsNnvMHrPP7DOpJtXsN/vNAXPAHDQHzSFzyBw2h80Rc8QcNUfNMXPMHDfHzUlz0pwyp8xpc9qcNWfNOXPOnDfnzQVzIe22L1CBCkxgggxBhiAhSAgyB5mDLEGWIFuQLYgFsSBHkCPIGVwd5ApyB3mCvEG+IH9QIAgDCmzAQRQUDAoF8eCaoHBwbVAkKBoUC4oHLigRlAyuC0oF1welgxuCMsGNQdngpqBcUD6oEFQMbg4qBbcElYMqQdXg1qBaUD2oEdQMbgtuD+4IagV3BrWDu4I6wd1B3eCeoF5wb1A/aBA0DO4LGgX3B42DJkHToFnQPGgRtPxT5/f+dO4HXY+wZ5gY9gp7h8+HfcK+Yb+wfzggfCEcGL4YDgpfCgeHQ8Kh4cvhsPCVcHj4ajgifC0cGb4ejgpHh2PCseG4cHyYFL4RTgjfDCeGb4WTwsnhlGBqOC2cHiaHb4czwpnhrPCdcHY4J5wbzgvnhwtC/OnikhK+Hy4OPwiXhEvDZeHycEW4MlwVrg7XhGvDdeH6cEO4sczAi7uGW8Nt4fZwR7gz3BXuDj8K94R7w33hx2Fq+Em4P/xbeCD8NDwYfhYeCj8PD4dfhEfCL8Oj4VfhsfDr8Hh4IhOE34Snwm/D0+GZ8Gz4XXgu/D48H/4QXgh92s192uWdDBnKQBkogRIoM2WmLJSFslE2ilGMclAOykk5KRflojyUh/JRPipABSgNE1NBKkhxilNhKkxFqAgVo2LkyFFJKkmlqBSVptJUhspQWSpL5chSBapAN9PNdAvdQlWoCt1Kt1J1qk41qSYh3k61qBbVptpUh+pQXapL9age1af61JAaUiNqRI2pMTWlptScmlNLakmtqBW1ptbUltpSO2pH7ak9daAO1JE6UifqRJ2pM3WhLtSVulI36kbP0DPUnbpTD+pBiZRIvak39aE+1I/60QAaQANpIA2iQTSYBtNQGkrDaBgNp+E0gl6jkfQ6jaLRNIbG0jgaT0mURBNoAk2kiTSJJtEUmkLTaBolUzLNoBk0i2bRbJpNc2kuzaf5tJAW0iJaRCmUQotpMS2hJbSMltEKWkGraBWtoTW0jtbRBtpAm2gTbaEttJW20nbaTjtpJ+2m3bSH9tA+2keplEr7aT8doAN0kA7SITpEh+kwHaEjdJSO0jE6RsfpOJ2kk3SKTtFpOk1n6Sydo+/pPP1AF8hTgs1kM9srbBab1Waz2e2v4zw2r81n89sCNrS5bG6bCQB+jslaW8QWtcVscetsCVvSXvebuJwtbyvYivZmW8neYivbcjYT/DK+3d5ha9k7bW17l61pb/u7uI6929a199t6tomtb5vZhraFbWTvt41tE9vUNrPNbQvbzj5s29tHbAf7qO1oH/tNvMi+Z9fYtXadXW/32L32rP3OHrFf2nP2e9vD9rQD7At2oH3RDrIv2cF2yN/HAHakfd2OsqPtGDvWjrPjfxNPsVPtNDvdJtu37Qw78zfxQvuunW1T7Fw7z863C36M02pKse/bxfYD7723y+xyu8KutKvs6v9b63K70W6ym+1u+5HdarfZ7XaH3Wl3/Rinncc++7FNtZ/Yw/YLe8B+ag/ao/aQ/fzHOO38jtqv7DH7tT1uT9iT9ht7yn5rT9szP55/2rl/Y3+wF6y3wMiKNRsOOANn5ATOxJn5Cs7CWTkbZ+cYX8k5+CrOyVdzLs7NeTgv5+P8XIBDJrbMHHFBLsRxvoYL87VchItyMS7OjktwSb6OS/H1XJpv4DJ8I5flm7gcl+cKXJFv5kp8C1fmKlyVb+VqXH3bHRc/7fgOrsV3cm2+i+vw3VyX7+F6fC/X5wbckO/jRnw/N+Ym3JSbcXNuwS35AW7FD3JrbsNt+SFuxw9ze36EO/Cj3JEf4078OHfmJ7gLP8ld+Snuxk/zM/wsd+fnuAf35ETuxb35ee7Dfbkf9+cB/AIP5Bd5EL/Eg3kID+WXmfkVHs6v8gh+jUfy6zyKR/MYHsvjeDwn8Rs8gd/kifwWT+LJPIWn8jSezsn8Ns/gmTyL3+HZPIfn8jyezwt4Ib/Li/g9TuH3eTF/wEt4KS/j5byCV/IqXs1reC2v4/W8gTfyJt7MW/hD3srbeDvv4J28i3fzR7yH9/I+/phT+RPez3/jA/wpH+TP+BB/zof5Cz7CX/JR/oqP8dd8nE/wSf6GT/G3fJrP8Fn+js/x93yef+AL7BkijFSkIxMFUYYoY5QQZYoyR1dEWaKsUbYoexSLroxyRFdFOaOro1xR7ihPlDfKF+WPCkRhRJGNOIqiglGhKB5dExWOro2KREWjYlHxyEUlopLRdVGp6PqodHRDVCa6MSob3RSVi8pHFaKK0c1RpeiWqHJUJaoa3RpVi6pHNaKa0W3R7dEdUa3ozqh2dFdUOro7qhvdE9WL7o3qRw2ihtF9UaPo/qhx1CRqGjWLmkctopbRA1Gr6MGoddQmahs9FLWLHo7aR49EHaJHo47RY5e2Fw0uvr5+tT0x6hXpn2737tTz4wviC+PvxhfF34unxN+PL45/EF8SXxpfFl8eXxFfGV8VXx1fE18bXxdfH98Q3xjfFN8c975mRnCY9iAMxgUug8voElwml9ld4bK4rC6by+5i7kqXw13lcrqrXS6X2+VxeV0+l98VcKEjZx27yBV0hVzcXeMKu2tdEVfUFXPFnXMlXEnXwrV0LV0r96Br7dq4tu4h95B72D3sHnGPuEddR/eY6+Qed53dE66Le9I96Z5y3dzT7hn3rOvunnM9XE+X6BJdb9fb9XF9XD/Xzw1wA9xAN9ANcoPcYDfYDXVD3TA3zA13w90IN8KNdCPdKDfKjXFj3Dg3ziW5JDfBTXAT3UQ3yU1yU9wUN81Nc8ku2c1wM9wsN8vNdrPdXDfXzXfz3UK30C1yi1yKS3GL3WK3xC1xy9wyt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcVvdVrfdbXc73U632+12e9wet8/tc6ku1e13+90Bd8AddJ+5Q+5zd9h94Y64L91R95U75r52x90Jd9J94065b91pd8addd+5c+57d9794C4475Jib8QmxN6MTYy9FZsUmxybEpsamxabHkuOvR2bEZsZmxV7JzY7Nic2NzYvNj+2ILYw9m5sUey9WErs/dji2AexJbGlsWWx5bEVsZUx7/NvjXxBX8jH/TW+sL/WF/FFfTFf3Dtfwpf01/lS/npf2t/gy/gbfVl/ky/ny/sKvolv6pv55r6Fb+kf8K38g761b+Pb+od8O/+wb+8f8R38o76jf8x38o/7zv4J38U/6bv6p+b89PL03f1zvofv6RN9L9/bP+/7+L6+n+/vB/gX/ED/oh/kX/KD/RA/1L/sh/lX/HD/qh/hX/Mj/et+lB/tx/ixfpwf75P8G36Cf9NP9G/5SX6yn+Kn+ml+uk/2b/sZfqaf5d/xs/0cP9fP8/P9Ar/Qv+sX+fd8in/fL/Yf+CV+qV/ml/sVfqVf5Vf7NX6tX+fX+w1+o9/kN/stPiNs9dv8dr/D7/S7/G7/kd/j9/p9/mOf6j/x+/3f/AH/qT/oP/OH/Of+sP/CH/Ff+qP+K3/Mf+2P+xP+pP/Gn/Lf+tP+jD/rv/Pn/Pf+vP/BX5C/WRNCCCGE+B9J/IPtvX5nnfppMQDQGwCybst76Jfb056bNuS6OO6r9nSMAcCjPbs2+Hlp0CAx8efjLtEQFJoHALFL+RngUrwU2sLDP45K/W59fVUF5F/NH/xie9r88RsBMgNk+nldAvwY/2L+DtAGrv8H8zd599fz/7r++DyAIoUu5aQd6Of40vyl/8H8u9r9wfyZPk0CaP2LnCxwKb40f0l4EB6DDn+3pxBCCCGEEEIIcVFfda7bHz3fpj2f5zOXcjLCpfjS8+fvP5//gcp/xjkIIYQQQgghhBDi/+2Jp5955IEOHdp0/m8eZPxrlPEXGCAA/AXKkMFff3C5P5mEEEIIIYQQf7ZLN/2XuxIhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECL9+tf/Q5j6H+/8y+Ppy3eqQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxGXzfwIAAP//mQVHMg==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="120100010038d408f01002204ddc0102030109022d"], 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='./file0/file0\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 2.359950767s ago: executing program 0 (id=2155): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) bind$tipc(r0, 0x0, 0x0) 2.359819217s ago: executing program 0 (id=2156): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000200)={0x3, {{0x2, 0x4e23, @multicast2}}}, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4893a, 0x904a}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x4, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 2.359489987s ago: executing program 0 (id=2157): r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12015001020000102505a1a440000102030109025c0002010000000904000001020d00000524060001052400a2000d240f01f9fffffffdff08000006241a0000080905810300040000000904010000000000000904010102020d00000905820210000000000905030240"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x80, 0x1c, {0x6d, 0x105, 0x4, 0x11, 0x400, 0x8, 0x2, 0x80089, 0x8, 0x2, 0x1, 0x9}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, 0x0, &(0x7f0000000540)={0x0, 0x3, 0xb, @string={0xb, 0x3, "d95d9728c45b9a11d6"}}, 0x0, 0x0, 0x0}, &(0x7f0000000c00)={0x84, &(0x7f0000000780)={0x20, 0x11, 0x3, "7a5106"}, 0x0, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x40, 0x19, 0x2, "fbe1"}, 0x0, 0x0, 0x0, 0x0}) 2.30696386s ago: executing program 2 (id=2158): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'netdevsim0\x00', 0x5005}) r1 = socket$nl_route(0x10, 0x3, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x84, &(0x7f0000000040)) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="020304000100090104006bd648c610112f01fe80000000000000000000000000002eff020000000000000000000000000001042088be"], 0x1043) 2.306868289s ago: executing program 32 (id=2158): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'netdevsim0\x00', 0x5005}) r1 = socket$nl_route(0x10, 0x3, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x84, &(0x7f0000000040)) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="020304000100090104006bd648c610112f01fe80000000000000000000000000002eff020000000000000000000000000001042088be"], 0x1043) 899.908831ms ago: executing program 5 (id=2172): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00', r0}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) 760.773477ms ago: executing program 5 (id=2175): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00', r1}, 0x10) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1) 699.775279ms ago: executing program 5 (id=2178): r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) symlinkat(&(0x7f0000000400)='./file1\x00', r1, &(0x7f0000001200)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0) 627.158412ms ago: executing program 5 (id=2179): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="12000000810000000800000002"], 0x14) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r0, &(0x7f00000004c0), &(0x7f0000000400)=@udp6=r1}, 0x3f) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC=0x0]) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000007c0)={r0, &(0x7f0000000000), &(0x7f0000000780)=@udp6=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f00000000c0)=@udp6}, 0x20) 605.942513ms ago: executing program 5 (id=2181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'nicvf0\x00', 0x2}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$UHID_INPUT(r1, &(0x7f0000003700)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df30b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c067603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e741030000000000000000000055f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff0520152e9f0119467f61288bf042a8f3c2e0f8b49b92aa0fcfa75afc265489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280000051e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a08a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de4a2bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000600)) 454.28122ms ago: executing program 5 (id=2183): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000040)={0x1, 0xffffffff, 0x7, 0x7, 0x2, 0x3}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x45, 0x0, 0xfe, 0x9}]}) 368.670294ms ago: executing program 4 (id=2187): bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x1, 0x0, 0x1, 0x9}, 0x14) r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r2, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 310.002987ms ago: executing program 1 (id=2193): r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000480)=""/65, 0x41}], 0x1, 0x60, 0x6) 294.762527ms ago: executing program 1 (id=2195): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000000000000050000000000000000000000030000000000f100ffffffff"]) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x0, 0x1000000}) 196.158861ms ago: executing program 1 (id=2198): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000) 146.979693ms ago: executing program 1 (id=2199): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_clone3(&(0x7f0000000200)={0xc001000, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008504"]) 145.140323ms ago: executing program 3 (id=2200): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x339) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) 71.542627ms ago: executing program 0 (id=2201): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000400)={[{@name={'name', 0x3d, 'user__'}}, {@name={'name', 0x3d, 'user_.'}}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) 59.944537ms ago: executing program 0 (id=2202): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r0, 0x4, 0x42000) read$FUSE(r0, &(0x7f0000006100)={0x2020}, 0x2020) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x10113}], 0x1) 51.928688ms ago: executing program 3 (id=2203): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) 51.302368ms ago: executing program 1 (id=2204): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x490, 0x360, 0xa, 0x148, 0x360, 0x60, 0x3f8, 0x2a8, 0x2a8, 0x3f8, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x4, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x20, 0x8601, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x6, 0x3, 0x81, 'snmp_trap\x00', 'syz0\x00', {0x30f6a663}}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f0) 593.27µs ago: executing program 3 (id=2205): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000023c0)={'veth1_to_batadv\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000c80)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8}]}]}, 0x2c}}, 0x0) 378.92µs ago: executing program 1 (id=2206): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x415a, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/33, 0x21}, 0x4}], 0x3d5, 0x45833af92e4b38ff, 0x0) 272.14µs ago: executing program 3 (id=2207): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2b, &(0x7f0000000700)={0xa0000, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x4e22, @empty}}}, 0x108) 158.75µs ago: executing program 3 (id=2208): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) ioctl$MON_IOCX_GET(r0, 0x40189206, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd29, 0x25dfdbfe, {{@in6=@dev={0xfe, 0x80, '\x00', 0x17}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x3, 0x0, 0x2, 0xfffffffffffffffd}, {0x0, 0x800, 0x6}, 0x0, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x24008040}, 0x8000) syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 0s ago: executing program 3 (id=2215): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @mcast2, 0x5}, 0x1c) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0xff, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x1, 0x1000, 0xc, 0x9, 0x4, 0xc4, 0x0, 0x5, 0x6a, 0x3, 0x0, 0xfb}, {0x1, 0xd000, 0x8, 0x0, 0x1, 0x0, 0x9, 0x0, 0x8, 0x4, 0x4}, {0x6000, 0x100000, 0xf, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x3e}, {0xeefe0000, 0x0, 0x0, 0x78, 0x8, 0x0, 0x2, 0x0, 0x40, 0xfe, 0x5}, {0x0, 0xeeee8000, 0x0, 0x4, 0x4, 0x2, 0xa1, 0x20}, {0xf000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x8}, {0x80a0000, 0x3}, {0xdddd1000}, 0xddf8ffcf, 0x0, 0x0, 0x122, 0x0, 0x800, 0x0, [0x80000001, 0x0, 0x1]}) kernel console output (not intermixed with test programs): hanging to 11 [ 60.714127][ T612] usb 3-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 60.723552][ T612] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.732373][ T612] usb 3-1: config 0 descriptor?? [ 60.849713][ T1582] Bluetooth: hci0: command 0x1003 tx timeout [ 60.855860][ T1113] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 60.898377][ T2685] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1007'. [ 60.925653][ T2687] loop1: detected capacity change from 0 to 512 [ 60.958511][ T2687] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 60.971849][ T2689] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.983797][ T2687] EXT4-fs (loop1): invalid journal inode [ 60.989770][ T2689] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.996808][ T2689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.004959][ T2687] EXT4-fs (loop1): can't get journal size [ 61.020871][ T2687] EXT4-fs (loop1): 1 truncate cleaned up [ 61.026578][ T2687] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 61.047067][ T222] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 61.070800][ T2687] EXT4-fs warning (device loop1): verify_group_input:151: Cannot add at group 9 (only 1 groups) [ 61.096875][ T284] EXT4-fs (loop1): unmounting filesystem. [ 61.103287][ T2697] loop3: detected capacity change from 0 to 512 [ 61.130075][ T2697] EXT4-fs: Ignoring removed bh option [ 61.161782][ T2697] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 61.178810][ T2697] EXT4-fs (loop3): 1 truncate cleaned up [ 61.184694][ T2697] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 61.229686][ T222] usb 5-1: Using ep0 maxpacket: 8 [ 61.235015][ T2697] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1012: invalid indirect mapped block 4294901760 (level 0) [ 61.250161][ T222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 61.262473][ T222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 61.273232][ T2706] syz.1.1016[2706] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.273300][ T2706] syz.1.1016[2706] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.284983][ T222] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 61.305978][ T2697] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1012: invalid indirect mapped block 4294967295 (level 1) [ 61.358170][ T285] EXT4-fs (loop3): unmounting filesystem. [ 61.363954][ T222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 61.391291][ T222] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 61.410029][ T222] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 61.426834][ T222] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.450527][ T222] usb 5-1: config 0 descriptor?? [ 61.479726][ T361] usb 3-1: USB disconnect, device number 7 [ 61.481581][ T2719] loop1: detected capacity change from 0 to 128 [ 61.531263][ T2719] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 61.544259][ T2719] ext4 filesystem being mounted at /162/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 61.572198][ T284] EXT4-fs (loop1): unmounting filesystem. [ 61.618166][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 61.666173][ T442] usb 5-1: USB disconnect, device number 7 [ 61.888348][ T28] audit: type=1326 audit(1763708506.858:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.2.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 61.942670][ T2116] kernel write not supported for file bpf-prog (pid: 2116 comm: kworker/0:5) [ 62.021454][ T612] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 62.056198][ T2767] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1044'. [ 62.210675][ T612] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.221591][ T612] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 62.231365][ T612] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 62.244258][ T612] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 62.253298][ T612] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.262128][ T612] usb 2-1: config 0 descriptor?? [ 62.609947][ T361] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 62.628063][ T361] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 62.669916][ T612] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 62.685556][ T612] plantronics 0003:047F:FFFF.000B: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 62.870542][ T6] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 62.940304][ T361] usb 2-1: USB disconnect, device number 12 [ 63.049583][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 63.055877][ T6] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 63.064599][ T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 63.074767][ T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 63.085095][ T6] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 63.094414][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.102411][ T6] usb 4-1: Product: syz [ 63.106576][ T6] usb 4-1: Manufacturer: syz [ 63.111179][ T6] usb 4-1: SerialNumber: syz [ 63.452106][ T2818] loop1: detected capacity change from 0 to 128 [ 63.481835][ T2818] FAT-fs (loop1): error, clusters badly computed (2 != 0) [ 63.489090][ T2818] FAT-fs (loop1): Filesystem has been set read-only [ 63.496411][ T2818] FAT-fs (loop1): error, clusters badly computed (3 != 1) [ 63.512034][ T2824] loop0: detected capacity change from 0 to 512 [ 63.518464][ T6] usb 4-1: 0:2 : does not exist [ 63.549812][ T2824] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 63.557141][ T2832] input: syz1 as /devices/virtual/input/input11 [ 63.562097][ T2824] ext4 filesystem being mounted at /203/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.600811][ T286] EXT4-fs (loop0): unmounting filesystem. [ 63.641707][ T2840] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem [ 63.674453][ T2844] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 63.681793][ T2844] IPv6: NLM_F_CREATE should be set when creating new route [ 63.691153][ T2844] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 63.765693][ T2862] loop4: detected capacity change from 0 to 1024 [ 63.773692][ T2862] EXT4-fs: Ignoring removed orlov option [ 63.796413][ T2862] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 63.822398][ T289] EXT4-fs (loop4): unmounting filesystem. [ 64.007559][ T2894] overlayfs: workdir and upperdir must be separate subtrees [ 64.098151][ T2888] loop4: detected capacity change from 0 to 40427 [ 64.101192][ T2904] loop0: detected capacity change from 0 to 512 [ 64.115580][ T2888] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 64.116793][ T2904] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 64.122634][ T2888] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 64.146036][ T6] usb 4-1: 1:0: failed to get current value for ch 0 (-22) [ 64.156094][ T2888] F2FS-fs (loop4): Found nat_bits in checkpoint [ 64.162606][ T2904] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 64.171508][ T6] usb 4-1: USB disconnect, device number 8 [ 64.183420][ T2904] ext4 filesystem being mounted at /221/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.202103][ T2888] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 64.209248][ T2888] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 64.225567][ T286] EXT4-fs (loop0): unmounting filesystem. [ 64.239644][ T2116] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 64.247293][ T289] syz-executor: attempt to access beyond end of device [ 64.247293][ T289] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 64.315094][ T2914] input: syz1 as /devices/virtual/input/input12 [ 64.369923][ T2906] udevd[2906]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 64.416877][ T2931] netlink: 'syz.4.1115': attribute type 4 has an invalid length. [ 64.424752][ T2931] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.1115'. [ 64.434838][ T2116] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 64.445795][ T2116] usb 3-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x98, skipping [ 64.456714][ T2116] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 64.469683][ T2116] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 64.478711][ T2116] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.487821][ T2890] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 64.496756][ T2116] snd-usb-audio: probe of 3-1:27.0 failed with error -2 [ 64.530282][ T2906] udevd[2906]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 64.629491][ T6] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 64.699377][ T2116] usb 3-1: USB disconnect, device number 8 [ 64.749508][ T612] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 64.757282][ T2947] loop3: detected capacity change from 0 to 40427 [ 64.766896][ T2947] F2FS-fs (loop3): invalid crc value [ 64.774108][ T2947] F2FS-fs (loop3): Found nat_bits in checkpoint [ 64.799235][ T2947] F2FS-fs (loop3): Start checkpoint disabled! [ 64.806021][ T2947] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 64.827120][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.837069][ T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 64.849971][ T6] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 64.851319][ T348] kworker/u4:4: attempt to access beyond end of device [ 64.851319][ T348] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 64.858996][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.859885][ T6] usb 1-1: config 0 descriptor?? [ 64.929557][ T612] usb 5-1: Using ep0 maxpacket: 16 [ 64.935890][ T612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.947280][ T612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.950555][ T28] kauditd_printk_skb: 71 callbacks suppressed [ 64.950568][ T28] audit: type=1400 audit(1763708509.919:527): avc: denied { create } for pid=2950 comm="syz.3.1123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 64.958403][ T612] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 64.978275][ T28] audit: type=1400 audit(1763708509.939:528): avc: denied { connect } for pid=2950 comm="syz.3.1123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 64.985638][ T612] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 65.025599][ T612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.034135][ T28] audit: type=1400 audit(1763708509.939:529): avc: denied { ioctl } for pid=2950 comm="syz.3.1123" path="socket:[27494]" dev="sockfs" ino=27494 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 65.035636][ T612] usb 5-1: config 0 descriptor?? [ 65.248259][ T2957] loop2: detected capacity change from 0 to 1024 [ 65.249347][ T2959] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 65.256647][ T2957] EXT4-fs: Ignoring removed orlov option [ 65.261872][ T2959] IPv6: NLM_F_CREATE should be set when creating new route [ 65.286566][ T2959] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 65.295850][ T6] kovaplus 0003:1E7D:2D50.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0 [ 65.306253][ T2957] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 65.336358][ T287] EXT4-fs (loop2): unmounting filesystem. [ 65.340139][ T28] audit: type=1400 audit(1763708510.319:530): avc: denied { create } for pid=2963 comm="syz.3.1128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 65.361511][ T28] audit: type=1400 audit(1763708510.319:531): avc: denied { read } for pid=2963 comm="syz.3.1128" path="socket:[26524]" dev="sockfs" ino=26524 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 65.384716][ T28] audit: type=1400 audit(1763708510.349:532): avc: denied { watch watch_reads } for pid=2965 comm="syz.2.1127" path="/259/file1" dev="tmpfs" ino=1371 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 65.471015][ T28] audit: type=1400 audit(1763708510.449:533): avc: denied { load_policy } for pid=2972 comm="syz.1.1131" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 65.475517][ T2973] SELinux: failed to load policy [ 65.497392][ T612] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0 [ 65.505074][ T612] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0 [ 65.519465][ T612] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0 [ 65.530749][ T612] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000D/input/input13 [ 65.560531][ T28] audit: type=1400 audit(1763708510.539:534): avc: denied { bind } for pid=2978 comm="syz.1.1133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.598864][ T28] audit: type=1400 audit(1763708510.539:535): avc: denied { read } for pid=2979 comm="syz.2.1134" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 65.621858][ T28] audit: type=1400 audit(1763708510.539:536): avc: denied { open } for pid=2979 comm="syz.2.1134" path="/dev/kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 65.716961][ T612] microsoft 0003:045E:07DA.000D: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 65.731781][ T612] usb 5-1: USB disconnect, device number 8 [ 65.751759][ T2987] fido_id[2987]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 65.811183][ T2992] loop2: detected capacity change from 0 to 512 [ 65.830787][ T2992] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 65.839923][ T2992] EXT4-fs (loop2): invalid journal inode [ 65.845637][ T2992] EXT4-fs (loop2): can't get journal size [ 65.852326][ T2992] EXT4-fs (loop2): 1 truncate cleaned up [ 65.858024][ T2992] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 65.871265][ T2992] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 9 (only 1 groups) [ 65.886993][ T287] EXT4-fs (loop2): unmounting filesystem. [ 65.897136][ T6] kovaplus 0003:1E7D:2D50.000C: couldn't init struct kovaplus_device [ 65.907815][ T6] kovaplus 0003:1E7D:2D50.000C: couldn't install mouse [ 65.916128][ T6] kovaplus: probe of 0003:1E7D:2D50.000C failed with error -71 [ 65.925685][ T6] usb 1-1: USB disconnect, device number 9 [ 65.946187][ T2998] fido_id[2998]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 66.210016][ T2116] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 66.361783][ T3019] loop4: detected capacity change from 0 to 512 [ 66.372254][ T3019] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 66.378856][ T3021] netlink: 35 bytes leftover after parsing attributes in process `syz.3.1151'. [ 66.390054][ T3019] EXT4-fs (loop4): invalid journal inode [ 66.390549][ T3021] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1151'. [ 66.395800][ T3019] EXT4-fs (loop4): can't get journal size [ 66.412033][ T2116] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 66.431008][ T3019] EXT4-fs (loop4): 1 truncate cleaned up [ 66.438018][ T2116] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 66.446098][ T3019] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 66.493448][ T2116] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 66.498204][ T3019] EXT4-fs warning (device loop4): verify_group_input:151: Cannot add at group 9 (only 1 groups) [ 66.524956][ T2116] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 66.534782][ T2116] usb 3-1: SerialNumber: syz [ 66.544056][ T289] EXT4-fs (loop4): unmounting filesystem. [ 66.753371][ T2116] usb 3-1: 0:2 : does not exist [ 66.765215][ T2116] usb 3-1: USB disconnect, device number 9 [ 66.799404][ T361] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 66.918411][ T3039] loop3: detected capacity change from 0 to 131072 [ 66.928091][ T3039] F2FS-fs (loop3): invalid crc value [ 66.935008][ T3039] F2FS-fs (loop3): Found nat_bits in checkpoint [ 66.963163][ T3039] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 67.009362][ T361] usb 2-1: Using ep0 maxpacket: 16 [ 67.015639][ T361] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.026776][ T361] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.038081][ T361] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 67.049375][ T6] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 67.050908][ T361] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 67.067863][ T361] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.086655][ T361] usb 2-1: config 0 descriptor?? [ 67.249378][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 67.255739][ T6] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.266958][ T6] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.285196][ T6] usb 5-1: config 0 interface 0 has no altsetting 0 [ 67.295363][ T6] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 67.305410][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.319747][ T6] usb 5-1: config 0 descriptor?? [ 67.495990][ T361] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 67.503470][ T361] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 67.510876][ T361] microsoft 0003:045E:07DA.000E: unknown main item tag 0x0 [ 67.545725][ T361] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000E/input/input14 [ 67.599327][ T612] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 67.697466][ T361] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 67.712013][ T361] usb 2-1: USB disconnect, device number 13 [ 67.712824][ T2906] udevd[2906]: failed to send result of seq 7746 to main daemon: Connection refused [ 67.737038][ T6] hid (null): unknown global tag 0xc [ 67.742428][ T6] hid (null): unknown global tag 0xc [ 67.747720][ T6] hid (null): bogus close delimiter [ 67.759085][ T6] hid-generic 0003:060B:500A.000F: unexpected long global item [ 67.766830][ T6] hid-generic: probe of 0003:060B:500A.000F failed with error -22 [ 67.781800][ T612] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.792735][ T612] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.803244][ T612] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 67.813713][ T2319] udevd[2319]: failed to send result of seq 7755 to main daemon: Transport endpoint is not connected [ 67.825918][ T612] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 67.834553][ T612] usb 3-1: Manufacturer: syz [ 67.840455][ T2319] printk: udevd: 1 output lines suppressed due to ratelimiting [ 67.849679][ T612] usb 3-1: config 0 descriptor?? [ 67.941573][ T6] usb 5-1: USB disconnect, device number 9 [ 67.999343][ T222] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 68.179294][ T222] usb 1-1: Using ep0 maxpacket: 16 [ 68.185843][ T222] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 68.194597][ T222] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 68.204709][ T222] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 68.215042][ T222] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 68.224124][ T222] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.232126][ T222] usb 1-1: Product: syz [ 68.236285][ T222] usb 1-1: Manufacturer: syz [ 68.240901][ T222] usb 1-1: SerialNumber: syz [ 68.258545][ T3104] loop1: detected capacity change from 0 to 16 [ 68.265368][ T3104] erofs: (device loop1): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 68.276023][ T3104] erofs: (device loop1): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 68.287416][ T3104] erofs: (device loop1): mounted with root inode @ nid 36. [ 68.298809][ T3104] syz.1.1186: attempt to access beyond end of device [ 68.298809][ T3104] loop1: rw=0, sector=4294967295, nr_sectors = 1 limit=16 [ 68.330371][ T3104] syz.1.1186: attempt to access beyond end of device [ 68.330371][ T3104] loop1: rw=0, sector=4294967295, nr_sectors = 1 limit=16 [ 68.452730][ T3105] loop3: detected capacity change from 0 to 40427 [ 68.468301][ T3105] F2FS-fs (loop3): invalid crc value [ 68.477959][ T3105] F2FS-fs (loop3): Found nat_bits in checkpoint [ 68.521885][ T3105] F2FS-fs (loop3): Start checkpoint disabled! [ 68.533745][ T3105] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 68.590184][ T3124] SELinux: failed to load policy [ 68.656723][ T222] usb 1-1: 0:2 : does not exist [ 68.663554][ T612] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0010/input/input15 [ 68.697495][ T612] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0010/input/input16 [ 68.730191][ T612] input: syz Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0010/input/input17 [ 68.750336][ T612] input: syz Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0010/input/input18 [ 68.773271][ T612] uclogic 0003:256C:006D.0010: input,hiddev96,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.2-1/input0 [ 68.865901][ T442] usb 3-1: USB disconnect, device number 10 [ 68.877997][ T3150] incfs: Backing dir is not set, filesystem can't be mounted. [ 68.886693][ T3150] incfs: mount failed -2 [ 68.950925][ T3165] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 69.094409][ T3189] loop4: detected capacity change from 0 to 512 [ 69.263194][ T222] usb 1-1: 1:0: failed to get current value for ch 0 (-22) [ 69.275346][ T222] usb 1-1: USB disconnect, device number 10 [ 69.349258][ T612] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 69.382147][ T3194] device veth0_vlan left promiscuous mode [ 69.442095][ T3202] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1229'. [ 69.451141][ T3202] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1229'. [ 69.530305][ T612] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 69.540232][ T612] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 69.557471][ T3204] loop2: detected capacity change from 0 to 32768 [ 69.559455][ T612] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 69.574784][ T612] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 69.582995][ T612] usb 2-1: SerialNumber: syz [ 69.598097][ T612] cdc_acm 2-1:1.0: skipping garbage [ 69.603473][ T612] cdc_acm: probe of 2-1:1.0 failed with error -12 [ 69.630466][ T3211] loop3: detected capacity change from 0 to 128 [ 69.638792][ T3211] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 69.646811][ T3211] FAT-fs (loop3): Filesystem has been set read-only [ 69.756136][ T3225] device veth0 entered promiscuous mode [ 69.762409][ T3225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1240'. [ 69.793017][ T2116] usb 2-1: USB disconnect, device number 14 [ 69.843957][ T3239] loop0: detected capacity change from 0 to 1024 [ 69.856475][ T3239] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 69.870494][ T3241] loop2: detected capacity change from 0 to 1024 [ 69.879298][ T3239] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 69.890498][ T3239] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 69.894193][ T3241] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 69.900868][ T3239] EXT4-fs error (device loop0): ext4_get_journal_inode:5724: inode #17: comm syz.0.1246: iget: bad i_size value: 4398046511204 [ 69.921904][ T3239] EXT4-fs (loop0): no journal found [ 69.927636][ T3241] ext4 filesystem being mounted at /279/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.950200][ T287] EXT4-fs (loop2): unmounting filesystem. [ 69.962731][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 69.962744][ T28] audit: type=1400 audit(1763708514.939:577): avc: denied { create } for pid=3250 comm="syz.2.1251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 69.993137][ T28] audit: type=1400 audit(1763708514.939:578): avc: denied { write } for pid=3250 comm="syz.2.1251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 70.014405][ T3256] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1254'. [ 70.016243][ T3254] loop0: detected capacity change from 0 to 128 [ 70.030562][ T3254] EXT4-fs: Ignoring removed nobh option [ 70.050082][ T3262] loop4: detected capacity change from 0 to 512 [ 70.057456][ T3254] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 70.066640][ T3262] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 70.073622][ T3254] ext4 filesystem being mounted at /237/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 70.075060][ T3262] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c019, mo2=0102] [ 70.093615][ T3262] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 70.103326][ T3262] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 70.112351][ T3262] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 70.127132][ T286] EXT4-fs (loop0): unmounting filesystem. [ 70.138443][ T289] EXT4-fs (loop4): unmounting filesystem. [ 70.148668][ T28] audit: type=1400 audit(1763708515.119:579): avc: denied { read write } for pid=3270 comm="syz.4.1260" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.172216][ T28] audit: type=1400 audit(1763708515.129:580): avc: denied { open } for pid=3270 comm="syz.4.1260" path="/dev/rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.207007][ T28] audit: type=1326 audit(1763708515.179:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3266 comm="syz.2.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 70.230837][ T28] audit: type=1326 audit(1763708515.179:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3266 comm="syz.2.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 70.254582][ T28] audit: type=1326 audit(1763708515.179:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3266 comm="syz.2.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 70.277974][ T28] audit: type=1326 audit(1763708515.179:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3266 comm="syz.2.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 70.301325][ T28] audit: type=1326 audit(1763708515.179:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3266 comm="syz.2.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 70.718816][ T3279] loop3: detected capacity change from 0 to 16 [ 70.725540][ T3279] erofs: (device loop3): mounted with root inode @ nid 36. [ 70.734688][ T3279] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 70.744317][ T3279] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 70.753047][ T3279] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 70.762611][ T3279] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 70.772370][ T3279] erofs: (device loop3): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 70.781605][ T3279] erofs: (device loop3): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 70.790893][ T3279] syz.3.1263: attempt to access beyond end of device [ 70.790893][ T3279] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 70.804561][ T3279] syz.3.1263: attempt to access beyond end of device [ 70.804561][ T3279] loop3: rw=524288, sector=14425508768, nr_sectors = 8 limit=16 [ 70.819718][ T3279] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -24 in[52, 4044] out[3749] [ 72.404997][ T28] audit: type=1400 audit(1763708517.379:586): avc: denied { mounton } for pid=3284 comm="syz.3.1264" path="/233/file0" dev="tmpfs" ino=1238 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 72.599548][ T3308] SELinux: failed to load policy [ 72.600780][ T3288] loop0: detected capacity change from 0 to 40427 [ 72.624407][ T3288] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 72.633692][ T3313] loop2: detected capacity change from 0 to 512 [ 72.643013][ T3288] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 72.659628][ T3313] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 72.669926][ T3288] F2FS-fs (loop0): invalid crc value [ 72.679706][ T3313] EXT4-fs (loop2): 1 truncate cleaned up [ 72.685678][ T3313] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 72.698375][ T3288] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 72.727753][ T287] EXT4-fs (loop2): unmounting filesystem. [ 72.735418][ T3288] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 72.746819][ T3288] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 72.754411][ T361] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 72.804100][ T3288] syz.0.1265: attempt to access beyond end of device [ 72.804100][ T3288] loop0: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 72.844545][ T3336] Zero length message leads to an empty skb [ 72.860890][ T286] syz-executor: attempt to access beyond end of device [ 72.860890][ T286] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 72.959116][ T361] usb 2-1: Using ep0 maxpacket: 32 [ 72.964741][ T361] usb 2-1: too many configurations: 42, using maximum allowed: 8 [ 72.996653][ T361] usb 2-1: New USB device found, idVendor=054c, idProduct=0025, bcdDevice= 1.00 [ 73.008617][ T3347] loop0: detected capacity change from 0 to 1024 [ 73.016085][ T3344] SELinux: failed to load policy [ 73.021115][ T361] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.029658][ T3347] EXT4-fs: Ignoring removed orlov option [ 73.039000][ T361] usb 2-1: Product: syz [ 73.049251][ T361] usb 2-1: Manufacturer: syz [ 73.056588][ T361] usb 2-1: SerialNumber: syz [ 73.064930][ T3347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 73.079331][ T361] usb 2-1: config 0 descriptor?? [ 73.085064][ T361] cdc_acm 2-1:0.0: Zero length descriptor references [ 73.093468][ T361] cdc_acm: probe of 2-1:0.0 failed with error -22 [ 73.100355][ T361] usb-storage 2-1:0.0: USB Mass Storage device detected [ 73.135623][ T361] usb-storage 2-1:0.0: Quirks match for vid 054c pid 0025: 1 [ 73.297368][ T2116] usb 2-1: USB disconnect, device number 15 [ 73.329354][ T3364] loop3: detected capacity change from 0 to 32768 [ 73.394154][ T286] EXT4-fs (loop0): unmounting filesystem. [ 73.469163][ T3375] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 73.507865][ T3382] loop2: detected capacity change from 0 to 512 [ 73.530238][ T3382] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.1304: casefold flag without casefold feature [ 73.544977][ T3380] loop3: detected capacity change from 0 to 8192 [ 73.546697][ T3368] loop4: detected capacity change from 0 to 40427 [ 73.558402][ T3368] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 73.558417][ T3382] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1304: couldn't read orphan inode 15 (err -117) [ 73.564818][ T3368] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 73.581383][ T3382] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 73.586329][ T3368] F2FS-fs (loop4): invalid crc value [ 73.612423][ T3368] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 73.642816][ T3368] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 73.647135][ T3392] loop3: detected capacity change from 0 to 256 [ 73.650081][ T3368] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 73.663928][ T3392] FAT-fs (loop3): Directory bread(block 1285) failed [ 73.681103][ T3392] FAT-fs (loop3): Directory bread(block 1285) failed [ 73.689282][ T287] EXT4-fs (loop2): unmounting filesystem. [ 73.689499][ T3368] syz.4.1299: attempt to access beyond end of device [ 73.689499][ T3368] loop4: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 73.695355][ T3392] FAT-fs (loop3): Directory bread(block 1285) failed [ 73.720582][ T3392] FAT-fs (loop3): Directory bread(block 1285) failed [ 73.727871][ T289] syz-executor: attempt to access beyond end of device [ 73.727871][ T289] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 73.988940][ T612] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 74.178938][ T612] usb 3-1: Using ep0 maxpacket: 32 [ 74.185137][ T612] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 74.193541][ T612] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 74.202397][ T612] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 74.211533][ T612] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 74.221225][ T612] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 74.230932][ T612] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 74.242090][ T612] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 74.252134][ T612] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 74.265205][ T612] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 74.274288][ T612] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.282897][ T612] usb 3-1: config 0 descriptor?? [ 74.288162][ T3394] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 74.438926][ T2116] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 74.498019][ T612] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 74.618914][ T2116] usb 4-1: Using ep0 maxpacket: 8 [ 74.625171][ T2116] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 74.633283][ T2116] usb 4-1: config 0 has no interface number 0 [ 74.640787][ T2116] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 74.649894][ T2116] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.657931][ T2116] usb 4-1: Product: syz [ 74.662122][ T2116] usb 4-1: Manufacturer: syz [ 74.666715][ T2116] usb 4-1: SerialNumber: syz [ 74.671999][ T2116] usb 4-1: config 0 descriptor?? [ 74.701655][ T3420] loop1: detected capacity change from 0 to 1024 [ 74.708605][ T361] usb 3-1: USB disconnect, device number 11 [ 74.715568][ T361] usblp0: removed [ 74.721446][ T3424] syz.4.1321[3424] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.721515][ T3424] syz.4.1321[3424] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 74.730471][ T3420] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 74.815603][ T284] EXT4-fs (loop1): unmounting filesystem. [ 74.879104][ T2116] usb 4-1: USB disconnect, device number 9 [ 74.891054][ T3428] loop4: detected capacity change from 0 to 40427 [ 74.898002][ T3428] F2FS-fs (loop4): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 74.907171][ T3428] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 74.915589][ T3428] F2FS-fs (loop4): fault_type options not supported [ 74.922444][ T3428] F2FS-fs (loop4): fault_injection options not supported [ 74.929560][ T3428] F2FS-fs (loop4): Image doesn't support compression [ 74.936936][ T3428] F2FS-fs (loop4): invalid crc value [ 74.943272][ T3428] F2FS-fs (loop4): Found nat_bits in checkpoint [ 74.978014][ T3428] F2FS-fs (loop4): Start checkpoint disabled! [ 74.990859][ T3428] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 74.997953][ T3428] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 75.043537][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 75.043551][ T28] audit: type=1400 audit(1763708520.019:603): avc: denied { ioctl } for pid=3427 comm="syz.4.1322" path="/315/file2/file1" dev="loop4" ino=10 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 75.103854][ T348] kworker/u4:4: attempt to access beyond end of device [ 75.103854][ T348] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 75.166065][ T3439] loop0: detected capacity change from 0 to 512 [ 75.179222][ T3439] EXT4-fs: Ignoring removed bh option [ 75.188336][ T28] audit: type=1400 audit(1763708520.159:604): avc: denied { name_bind } for pid=3440 comm="syz.4.1325" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 75.189198][ T3439] EXT4-fs: Ignoring removed mblk_io_submit option [ 75.222845][ T28] audit: type=1400 audit(1763708520.189:605): avc: denied { node_bind } for pid=3440 comm="syz.4.1325" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 75.243595][ T3439] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.263607][ T28] audit: type=1400 audit(1763708520.239:606): avc: denied { create } for pid=3446 comm="syz.1.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 75.283809][ T28] audit: type=1400 audit(1763708520.259:607): avc: denied { setopt } for pid=3446 comm="syz.1.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 75.319936][ T3439] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 75.339839][ T28] audit: type=1400 audit(1763708520.319:608): avc: denied { remount } for pid=3452 comm="syz.2.1331" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 75.360067][ T3439] ext4 filesystem being mounted at /247/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 75.387635][ T3457] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1333'. [ 75.407596][ T3443] loop4: detected capacity change from 0 to 40427 [ 75.422133][ T3443] F2FS-fs (loop4): invalid crc value [ 75.430106][ T28] audit: type=1400 audit(1763708520.409:609): avc: denied { create } for pid=3458 comm="syz.1.1334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 75.451887][ T3443] F2FS-fs (loop4): Found nat_bits in checkpoint [ 75.461830][ T3466] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1336'. [ 75.471580][ T3466] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1336'. [ 75.472723][ T286] EXT4-fs (loop0): unmounting filesystem. [ 75.523966][ T3443] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 75.544105][ T28] audit: type=1400 audit(1763708520.519:610): avc: denied { create } for pid=3476 comm="syz.3.1340" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 75.581048][ T28] audit: type=1400 audit(1763708520.519:611): avc: denied { read write } for pid=3476 comm="syz.3.1340" name="file0" dev="tmpfs" ino=1370 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 75.608071][ T28] audit: type=1400 audit(1763708520.519:612): avc: denied { open } for pid=3476 comm="syz.3.1340" path="/257/file0" dev="tmpfs" ino=1370 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 75.632028][ T3485] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1345'. [ 75.646295][ T3485] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) ! [ 75.654121][ T289] syz-executor: attempt to access beyond end of device [ 75.654121][ T289] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 75.655321][ T3488] loop1: detected capacity change from 0 to 256 [ 75.696315][ T3490] incfs: Options parsing error. -22 [ 75.702172][ T3490] incfs: mount failed -22 [ 75.719539][ T3492] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3492 comm=syz.3.1349 [ 75.846240][ T3488] FAT-fs (loop1): error, fat_get_cluster: detected the cluster chain loop (i_pos 194) [ 75.856432][ T3488] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 194) [ 76.020757][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.027873][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.121144][ T3554] tipc: Started in network mode [ 76.135241][ T3554] tipc: Node identity 4, cluster identity 4711 [ 76.158654][ T3554] tipc: Node number set to 4 [ 76.266016][ T3568] loop3: detected capacity change from 0 to 1024 [ 76.278834][ T222] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 76.297576][ T3568] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 76.317873][ T285] EXT4-fs (loop3): unmounting filesystem. [ 76.384619][ T3590] loop2: detected capacity change from 0 to 512 [ 76.400352][ T3590] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 76.409352][ T3590] ext4 filesystem being mounted at /321/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.423980][ T3590] EXT4-fs error (device loop2): ext4_do_update_inode:5256: inode #18: comm syz.2.1390: corrupted inode contents [ 76.436106][ T3590] EXT4-fs error (device loop2): ext4_dirty_inode:6121: inode #18: comm syz.2.1390: mark_inode_dirty error [ 76.447800][ T3590] EXT4-fs error (device loop2): ext4_do_update_inode:5256: inode #18: comm syz.2.1390: corrupted inode contents [ 76.460027][ T3590] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2963: inode #18: comm syz.2.1390: mark_inode_dirty error [ 76.472472][ T3590] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2966: inode #18: comm syz.2.1390: mark inode dirty (error -117) [ 76.485930][ T3590] EXT4-fs warning (device loop2): ext4_evict_inode:299: xattr delete (err -117) [ 76.495253][ T222] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 76.511601][ T222] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 76.521463][ T287] EXT4-fs (loop2): unmounting filesystem. [ 76.528118][ T222] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 76.537385][ T361] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 76.545018][ T222] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 76.553343][ T222] usb 2-1: SerialNumber: syz [ 76.631989][ T40] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 76.668822][ T442] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 76.760076][ T361] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.772252][ T361] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 76.782704][ T222] usb 2-1: 0:2 : does not exist [ 76.787591][ T222] usb 2-1: unit 255 not found! [ 76.793413][ T361] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 76.802716][ T361] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 76.810853][ T361] usb 5-1: Manufacturer: syz [ 76.815976][ T361] usb 5-1: config 0 descriptor?? [ 76.821181][ T222] usb 2-1: 5:0: cannot get min/max values for control 7 (id 5) [ 76.830867][ T222] usb 2-1: 5:0: cannot get min/max values for control 9 (id 5) [ 76.839740][ T222] usb 2-1: USB disconnect, device number 16 [ 76.846123][ T40] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.858533][ T40] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 76.868425][ T40] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 76.888793][ T442] usb 1-1: Using ep0 maxpacket: 32 [ 76.894054][ T40] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 76.903426][ T40] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.911991][ T442] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 76.920683][ T40] usb 4-1: config 0 descriptor?? [ 76.925732][ T442] usb 1-1: config 0 has no interface number 0 [ 76.931987][ T442] usb 1-1: config 0 interface 184 has no altsetting 0 [ 76.941138][ T442] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 76.950292][ T442] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.958286][ T442] usb 1-1: Product: syz [ 76.962462][ T442] usb 1-1: Manufacturer: syz [ 76.967059][ T442] usb 1-1: SerialNumber: syz [ 76.972327][ T442] usb 1-1: config 0 descriptor?? [ 76.978011][ T442] smsc75xx v1.0.0 [ 76.981722][ T442] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 76.991953][ T442] smsc75xx: probe of 1-1:0.184 failed with error -22 [ 77.179944][ T2116] usb 1-1: USB disconnect, device number 11 [ 77.340909][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.348370][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.355834][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.363320][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.370782][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.378382][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.386021][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.393525][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.401136][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.408621][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.416102][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.423587][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.431215][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.438843][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.441891][ T3620] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1401'. [ 77.446320][ T40] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 77.462868][ T40] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 77.471761][ T40] plantronics 0003:047F:FFFF.0012: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 77.496146][ T3624] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 77.505694][ T3624] FAT-fs (loop3): unable to read boot sector [ 77.608667][ T3628] serio: Serial port ptm0 [ 77.619315][ T222] usb 4-1: USB disconnect, device number 10 [ 77.788193][ T3650] loop1: detected capacity change from 0 to 256 [ 77.807956][ T3652] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1415'. [ 77.817241][ T3652] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 77.839943][ T361] uclogic 0003:256C:006D.0011: v1 frame probing failed: -71 [ 77.847550][ T361] uclogic 0003:256C:006D.0011: failed probing parameters: -71 [ 77.855401][ T361] uclogic: probe of 0003:256C:006D.0011 failed with error -71 [ 77.864191][ T361] usb 5-1: USB disconnect, device number 10 [ 77.938396][ T3655] loop1: detected capacity change from 0 to 40427 [ 77.945830][ T3655] F2FS-fs (loop1): invalid crc value [ 77.952668][ T3655] F2FS-fs (loop1): Found nat_bits in checkpoint [ 77.977890][ T3655] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 78.014803][ T3655] syz.1.1416: attempt to access beyond end of device [ 78.014803][ T3655] loop1: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 78.033545][ T284] syz-executor: attempt to access beyond end of device [ 78.033545][ T284] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 78.135126][ T3673] netlink: 'syz.1.1422': attribute type 4 has an invalid length. [ 78.148464][ T3673] netlink: 'syz.1.1422': attribute type 4 has an invalid length. [ 78.157669][ T3675] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1423'. [ 78.167286][ T3675] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1423'. [ 78.174971][ T3673] syz.1.1422 (3673) used greatest stack depth: 20736 bytes left [ 78.259449][ T3686] netem: incorrect gi model size [ 78.264494][ T3686] netem: change failed [ 78.357360][ T3704] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1436'. [ 78.518580][ T3747] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1457'. [ 78.604010][ T3767] loop1: detected capacity change from 0 to 1024 [ 78.610790][ T3767] EXT4-fs: Ignoring removed orlov option [ 78.618264][ T3767] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 78.642336][ T3772] loop3: detected capacity change from 0 to 512 [ 78.651386][ T3772] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 78.718379][ T3785] loop3: detected capacity change from 0 to 512 [ 78.730452][ T3785] EXT4-fs: Ignoring removed mblk_io_submit option [ 78.737121][ T3785] EXT4-fs: Ignoring removed mblk_io_submit option [ 78.744260][ T3785] EXT4-fs (loop3): Test dummy encryption mode enabled [ 78.748718][ T612] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 78.751403][ T3785] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 78.789215][ T3785] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c028, mo2=0002] [ 78.797202][ T3785] System zones: 1-12 [ 78.805187][ T3785] EXT4-fs (loop3): 1 truncate cleaned up [ 78.817917][ T3785] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 78.843647][ T3785] fscrypt: AES-256-XTS using blk-crypto-fallback [ 78.911247][ T285] EXT4-fs (loop3): unmounting filesystem. [ 78.918588][ T3796] device veth1_macvtap left promiscuous mode [ 78.960858][ T612] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.978908][ T612] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 79.000552][ T612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.028538][ T612] usb 5-1: config 0 descriptor?? [ 80.357555][ T612] keytouch 0003:0926:3333.0013: fixing up Keytouch IEC report descriptor [ 80.379074][ T612] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0013/input/input19 [ 80.400371][ T284] EXT4-fs (loop1): unmounting filesystem. [ 80.432794][ T28] kauditd_printk_skb: 53 callbacks suppressed [ 80.432808][ T28] audit: type=1400 audit(1763708525.410:666): avc: denied { connect } for pid=3813 comm="syz.2.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.357345][ T612] keytouch 0003:0926:3333.0013: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 82.370674][ T612] usb 5-1: USB disconnect, device number 11 [ 82.377279][ T28] audit: type=1400 audit(1763708527.330:667): avc: denied { write } for pid=3813 comm="syz.2.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.448807][ T3828] __nla_validate_parse: 5 callbacks suppressed [ 82.448824][ T3828] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1490'. [ 82.460674][ T3830] loop2: detected capacity change from 0 to 512 [ 82.481646][ T3830] journal_path: Lookup failure for './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 82.520264][ T3830] EXT4-fs: error: could not find journal device path [ 82.528153][ T3840] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1496'. [ 82.538880][ T3840] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1496'. [ 82.675500][ T28] audit: type=1400 audit(1763708527.650:668): avc: denied { mount } for pid=3858 comm="syz.1.1504" name="/" dev="configfs" ino=14360 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 82.698358][ T2116] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 82.706516][ T28] audit: type=1400 audit(1763708527.650:669): avc: denied { search } for pid=3858 comm="syz.1.1504" name="/" dev="configfs" ino=14360 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 82.731948][ T28] audit: type=1400 audit(1763708527.710:670): avc: denied { read } for pid=3864 comm="syz.3.1506" name="/" dev="configfs" ino=14360 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 82.746166][ T3867] loop4: detected capacity change from 0 to 256 [ 82.760364][ T28] audit: type=1400 audit(1763708527.710:671): avc: denied { open } for pid=3864 comm="syz.3.1506" path="/" dev="configfs" ino=14360 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 82.800188][ T3872] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1509'. [ 82.800896][ T3867] FAT-fs (loop4): Directory bread(block 64) failed [ 82.817910][ T3867] FAT-fs (loop4): Directory bread(block 65) failed [ 82.818769][ T3872] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1509'. [ 82.824599][ T3867] FAT-fs (loop4): Directory bread(block 66) failed [ 82.843904][ T3867] FAT-fs (loop4): Directory bread(block 67) failed [ 82.851856][ T3867] FAT-fs (loop4): Directory bread(block 68) failed [ 82.858562][ T3867] FAT-fs (loop4): Directory bread(block 69) failed [ 82.868526][ T3867] FAT-fs (loop4): Directory bread(block 70) failed [ 82.878503][ T3867] FAT-fs (loop4): Directory bread(block 71) failed [ 82.889579][ T2116] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 82.896327][ T3867] FAT-fs (loop4): Directory bread(block 72) failed [ 82.908042][ T2116] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 82.914895][ T3867] FAT-fs (loop4): Directory bread(block 73) failed [ 82.949286][ T3882] syz.2.1514[3882] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.949378][ T3882] syz.2.1514[3882] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.961286][ T2116] usb 1-1: config 220 contains an unexpected descriptor of type 0x1, skipping [ 82.985753][ T3880] user requested TSC rate below hardware speed [ 82.995455][ T2116] usb 1-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config [ 83.029443][ T2116] usb 1-1: config 220 has no interface number 2 [ 83.029655][ T3885] syz.4.1516[3885] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.035755][ T2116] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 83.035875][ T3885] syz.4.1516[3885] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 83.053809][ T2116] usb 1-1: config 220 interface 0 has no altsetting 0 [ 83.080128][ T2116] usb 1-1: config 220 interface 76 has no altsetting 0 [ 83.087291][ T2116] usb 1-1: config 220 interface 1 has no altsetting 0 [ 83.104424][ T2116] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 83.114379][ T2116] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.122570][ T2116] usb 1-1: Product: syz [ 83.126825][ T2116] usb 1-1: Manufacturer: syz [ 83.131837][ T2116] usb 1-1: SerialNumber: syz [ 83.158803][ T28] audit: type=1400 audit(1763708528.140:672): avc: denied { mount } for pid=3897 comm="syz.4.1520" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 83.345779][ T2116] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 83.354877][ T2116] usb 1-1: No valid video chain found. [ 83.364996][ T2116] usb 1-1: selecting invalid altsetting 0 [ 83.377897][ T2116] usb 1-1: USB disconnect, device number 12 [ 83.462455][ T3905] loop1: detected capacity change from 0 to 1024 [ 83.533391][ T3928] loop2: detected capacity change from 0 to 512 [ 83.540354][ T3928] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 83.568061][ T3934] input: syz1 as /devices/virtual/input/input20 [ 83.568596][ T3928] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 83.584510][ T3928] FAT-fs (loop2): Filesystem has been set read-only [ 83.586219][ T3936] tipc: Can't bind to reserved service type 1 [ 83.595855][ T3928] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 83.606281][ T3928] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 548) [ 83.617049][ T3928] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 83.634336][ T3928] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 83.645223][ T3943] serio: Serial port ttyS3 [ 83.768664][ T3966] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1551'. [ 84.003438][ T28] audit: type=1326 audit(1763708528.980:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3983 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4738f749 code=0x7ffc0000 [ 84.029433][ T28] audit: type=1326 audit(1763708529.000:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3983 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b4738f749 code=0x7ffc0000 [ 84.053442][ T28] audit: type=1326 audit(1763708529.010:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3983 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4738f749 code=0x7ffc0000 [ 84.158399][ T40] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 84.205109][ T4000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1565'. [ 84.208533][ T6] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 84.257944][ T4002] SELinux: failed to load policy [ 84.338361][ T40] usb 1-1: Using ep0 maxpacket: 16 [ 84.344666][ T40] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.355681][ T40] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.365538][ T40] usb 1-1: config 0 interface 0 has no altsetting 0 [ 84.372287][ T40] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 84.381789][ T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.398849][ T40] usb 1-1: config 0 descriptor?? [ 84.419330][ T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 84.429515][ T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 84.439161][ T6] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 84.448249][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 84.457401][ T6] usb 4-1: SerialNumber: syz [ 84.574023][ T4038] loop1: detected capacity change from 0 to 512 [ 84.581115][ T4038] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 84.600388][ T4038] EXT4-fs (loop1): 1 truncate cleaned up [ 84.606670][ T4038] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 84.630466][ T284] EXT4-fs (loop1): unmounting filesystem. [ 84.664560][ T6] usb 4-1: 0:2 : does not exist [ 84.669618][ T6] usb 4-1: unit 1 not found! [ 84.685879][ T6] usb 4-1: USB disconnect, device number 11 [ 84.696090][ T4046] user requested TSC rate below hardware speed [ 84.742926][ T4046] kvm [4045]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x5054 [ 84.751348][ T4046] kvm [4045]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0xb6f2 [ 84.770143][ T4046] kvm [4045]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x67a9 [ 84.778498][ T4046] kvm [4045]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0xee13 [ 84.815002][ T40] hid (null): unknown global tag 0xc [ 84.820468][ T40] hid (null): unknown global tag 0xc [ 84.825812][ T40] hid (null): bogus close delimiter [ 84.838804][ T40] hid-generic 0003:060B:500A.0014: unexpected long global item [ 84.846690][ T40] hid-generic: probe of 0003:060B:500A.0014 failed with error -22 [ 84.954321][ T4053] loop2: detected capacity change from 0 to 256 [ 84.965016][ T4053] FAT-fs (loop2): Directory bread(block 64) failed [ 84.971601][ T4053] FAT-fs (loop2): Directory bread(block 65) failed [ 84.978115][ T4053] FAT-fs (loop2): Directory bread(block 66) failed [ 84.984650][ T4053] FAT-fs (loop2): Directory bread(block 67) failed [ 84.991198][ T4053] FAT-fs (loop2): Directory bread(block 68) failed [ 84.997696][ T4053] FAT-fs (loop2): Directory bread(block 69) failed [ 85.004350][ T4053] FAT-fs (loop2): Directory bread(block 70) failed [ 85.011026][ T4053] FAT-fs (loop2): Directory bread(block 71) failed [ 85.017611][ T4053] FAT-fs (loop2): Directory bread(block 72) failed [ 85.024142][ T4053] FAT-fs (loop2): Directory bread(block 73) failed [ 85.033502][ T6] usb 1-1: USB disconnect, device number 13 [ 85.113917][ T612] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 85.122009][ T612] hid-generic 0000:0000:0000.0015: hidraw0: HID v0.00 Device [syz1] on syz0 [ 85.632556][ T4082] loop3: detected capacity change from 0 to 512 [ 85.653726][ T4082] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 85.683889][ T4082] EXT4-fs (loop3): 1 truncate cleaned up [ 85.696158][ T4082] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 85.747158][ T285] EXT4-fs (loop3): unmounting filesystem. [ 85.761030][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 85.761044][ T28] audit: type=1400 audit(1763708530.740:688): avc: denied { watch_reads } for pid=4090 comm="syz.0.1605" path="/274" dev="tmpfs" ino=1448 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 85.819619][ T4093] tmpfs: Unknown parameter 'nolazytime5' [ 85.868991][ T4098] loop3: detected capacity change from 0 to 256 [ 85.884363][ T4098] exfat: Deprecated parameter 'namecase' [ 85.908649][ T4098] exfat: Deprecated parameter 'namecase' [ 85.931850][ T4098] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 85.957861][ T28] audit: type=1400 audit(1763708530.930:689): avc: denied { write } for pid=4097 comm="syz.3.1608" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 85.979700][ T4098] exFAT-fs (loop3): invalid start cluster (4278190088) [ 85.998281][ T28] audit: type=1400 audit(1763708530.930:690): avc: denied { remove_name } for pid=4097 comm="syz.3.1608" name="file1" dev="loop3" ino=1048657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 86.024697][ T28] audit: type=1400 audit(1763708530.930:691): avc: denied { unlink } for pid=4097 comm="syz.3.1608" name="file1" dev="loop3" ino=1048657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 86.050647][ T28] audit: type=1400 audit(1763708530.970:692): avc: denied { rename } for pid=4097 comm="syz.3.1608" name="file0" dev="loop3" ino=1048658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 86.050736][ T4100] _swap_info_get: Bad swap file entry 7800000000000001 [ 86.073502][ T28] audit: type=1400 audit(1763708530.970:693): avc: denied { add_name } for pid=4097 comm="syz.3.1608" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 86.080213][ T4100] _swap_info_get: Bad swap file entry 7800000000000001 [ 86.080233][ T4100] _swap_info_get: Bad swap file entry 7800000000000001 [ 86.080249][ T4100] _swap_info_get: Bad swap file entry 7800000000000001 [ 86.318332][ T361] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 86.398240][ T40] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 86.518232][ T361] usb 4-1: Using ep0 maxpacket: 16 [ 86.524412][ T361] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.535425][ T361] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.545204][ T361] usb 4-1: config 0 interface 0 has no altsetting 0 [ 86.548274][ T612] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 86.551874][ T361] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 86.568649][ T361] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.577463][ T361] usb 4-1: config 0 descriptor?? [ 86.599307][ T40] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.624860][ T40] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 86.634261][ T40] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 86.642284][ T40] usb 2-1: Product: syz [ 86.646489][ T40] usb 2-1: SerialNumber: syz [ 86.652037][ T4126] user requested TSC rate below hardware speed [ 86.688101][ T4126] kvm [4125]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x5054 [ 86.696619][ T4126] kvm [4125]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0xb6f2 [ 86.714387][ T4126] kvm [4125]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x67a9 [ 86.722669][ T4126] kvm [4125]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0xee13 [ 86.749281][ T612] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 86.759284][ T612] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 86.770333][ T612] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 86.779416][ T612] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 86.787406][ T612] usb 5-1: SerialNumber: syz [ 86.793127][ T612] cdc_acm 5-1:1.0: skipping garbage [ 86.798393][ T612] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 86.988489][ T361] hid (null): unknown global tag 0xc [ 86.993843][ T361] hid (null): unknown global tag 0xc [ 86.999197][ T361] hid (null): bogus close delimiter [ 87.003731][ T612] usb 5-1: USB disconnect, device number 12 [ 87.012520][ T361] hid-generic 0003:060B:500A.0016: unexpected long global item [ 87.020236][ T361] hid-generic: probe of 0003:060B:500A.0016 failed with error -22 [ 87.201339][ T361] usb 4-1: USB disconnect, device number 12 [ 87.651546][ T4136] loop2: detected capacity change from 0 to 40427 [ 87.658643][ T4136] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 87.666568][ T4136] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 87.666682][ T40] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 87.675626][ T4136] F2FS-fs (loop2): invalid crc value [ 87.689994][ T40] cdc_ncm 2-1:1.0: setting rx_max = 16384 [ 87.718969][ T4136] F2FS-fs (loop2): Found nat_bits in checkpoint [ 87.759043][ T4136] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 87.766591][ T4136] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 87.807625][ T4136] syz.2.1624: attempt to access beyond end of device [ 87.807625][ T4136] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 87.838603][ T348] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 87.853291][ T348] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 87.875187][ T40] cdc_ncm 2-1:1.0: setting tx_max = 16384 [ 87.888187][ T40] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 87.920124][ T40] usb 2-1: USB disconnect, device number 17 [ 87.928454][ T40] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 87.978200][ T2116] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 88.214323][ T2116] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.236537][ T2116] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 88.252173][ T2116] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.267985][ T2116] usb 1-1: config 0 descriptor?? [ 88.326327][ T4155] loop4: detected capacity change from 0 to 40427 [ 88.334352][ T4155] F2FS-fs (loop4): invalid crc value [ 88.341213][ T4155] F2FS-fs (loop4): Found nat_bits in checkpoint [ 88.380668][ T4168] netlink: 'syz.2.1635': attribute type 12 has an invalid length. [ 88.402629][ T4155] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 88.416812][ T4155] syz.4.1629: attempt to access beyond end of device [ 88.416812][ T4155] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 88.454498][ T4155] syz.4.1629: attempt to access beyond end of device [ 88.454498][ T4155] loop4: rw=0, sector=53248, nr_sectors = 8 limit=40427 [ 88.485937][ T289] syz-executor: attempt to access beyond end of device [ 88.485937][ T289] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 88.680122][ T2116] keytouch 0003:0926:3333.0017: fixing up Keytouch IEC report descriptor [ 88.701668][ T4185] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 88.710344][ T2116] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0017/input/input21 [ 88.810574][ T4185] syz.3.1651 (4185) used greatest stack depth: 20704 bytes left [ 88.819092][ T2116] keytouch 0003:0926:3333.0017: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 88.892828][ T4143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.901517][ T4196] tipc: Started in network mode [ 88.906392][ T4196] tipc: Node identity 4, cluster identity 4711 [ 88.921295][ T4143] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.924859][ T4196] tipc: Node number set to 4 [ 88.988736][ T4201] loop1: detected capacity change from 0 to 1024 [ 88.996952][ T4201] EXT4-fs: Ignoring removed orlov option [ 89.010009][ T4201] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 89.023357][ T28] audit: type=1400 audit(1763708534.000:694): avc: denied { watch } for pid=4200 comm="syz.1.1648" path="/288/file1/control" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 89.058202][ T284] EXT4-fs (loop1): unmounting filesystem. [ 89.058237][ T4198] loop4: detected capacity change from 0 to 32768 [ 89.109253][ T4198] loop4: p1 p3 < > [ 89.118863][ T28] audit: type=1400 audit(1763708534.100:695): avc: denied { mounton } for pid=4197 comm="syz.4.1647" path="/proc/781/task" dev="proc" ino=34166 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 89.149893][ T612] usb 1-1: USB disconnect, device number 14 [ 89.167198][ T28] audit: type=1400 audit(1763708534.140:696): avc: denied { append } for pid=4221 comm="syz.1.1658" name="001" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 89.278251][ T4232] serio: Serial port ttyS3 [ 89.617362][ T4247] loop1: detected capacity change from 0 to 128 [ 89.640201][ T4249] loop1: detected capacity change from 0 to 512 [ 89.668552][ T4249] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 89.676336][ T4249] System zones: 0-2, 18-18, 34-34 [ 89.683726][ T4249] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #3: comm syz.1.1668: corrupted inode contents [ 89.697330][ T4249] EXT4-fs error (device loop1): ext4_dirty_inode:6121: inode #3: comm syz.1.1668: mark_inode_dirty error [ 89.709053][ T4249] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #3: comm syz.1.1668: corrupted inode contents [ 89.721076][ T4249] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.1668: mark_inode_dirty error [ 89.733688][ T4249] Quota error (device loop1): write_blk: dquota write failed [ 89.747025][ T4249] EXT4-fs error (device loop1): ext4_acquire_dquot:6803: comm syz.1.1668: Failed to acquire dquot type 0 [ 89.771294][ T4249] EXT4-fs (loop1): 1 orphan inode deleted [ 89.781478][ T4249] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 89.790707][ T43] EXT4-fs error (device loop1): ext4_release_dquot:6839: comm kworker/u4:2: Failed to release dquot type 1 [ 89.805091][ T4249] ext4 filesystem being mounted at /298/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 89.810521][ T4228] loop2: detected capacity change from 0 to 131072 [ 89.845056][ T4228] F2FS-fs (loop2): invalid crc value [ 89.851960][ T4228] F2FS-fs (loop2): Found nat_bits in checkpoint [ 89.873790][ T284] EXT4-fs (loop1): unmounting filesystem. [ 89.891621][ T4228] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 90.222068][ T4292] loop3: detected capacity change from 0 to 128 [ 90.238697][ T4292] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 90.258398][ T4292] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 90.293506][ T43] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 90.338040][ T442] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 90.449930][ T2116] hid-generic 0000:0004:0000.0018: unknown main item tag 0x0 [ 90.457403][ T2116] hid-generic 0000:0004:0000.0018: unknown main item tag 0x0 [ 90.464856][ T2116] hid-generic 0000:0004:0000.0018: unknown main item tag 0x0 [ 90.472739][ T2116] hid-generic 0000:0004:0000.0018: hidraw0: HID v0.00 Device [syz0] on syz0 [ 90.518020][ T442] usb 5-1: Using ep0 maxpacket: 16 [ 90.524250][ T442] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 90.535695][ T442] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 90.545865][ T442] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 90.558321][ T4310] loop3: detected capacity change from 0 to 256 [ 90.559254][ T442] usb 5-1: config 1 interface 0 has no altsetting 0 [ 90.568470][ T4310] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 90.573233][ T442] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 90.591546][ T442] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.599755][ T442] usb 5-1: Product: syz [ 90.602451][ T4310] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 90.604821][ T442] usb 5-1: Manufacturer: syz [ 90.617235][ T442] usb 5-1: SerialNumber: syz [ 90.629245][ T4310] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 90.707282][ T4318] loop2: detected capacity change from 0 to 256 [ 90.718697][ T4318] exfat: Deprecated parameter 'namecase' [ 90.730912][ T4318] exfat: Deprecated parameter 'namecase' [ 90.739640][ T4320] loop1: detected capacity change from 0 to 256 [ 90.749498][ T4318] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 90.762499][ T4320] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 90.792961][ T4318] exFAT-fs (loop2): invalid start cluster (4278190088) [ 90.806793][ T4320] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 90.829820][ T4320] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 90.830406][ T442] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 90.880505][ T4326] SELinux: policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c [ 90.896350][ T4326] SELinux: failed to load policy [ 90.916962][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 91.092566][ T2116] usb 5-1: USB disconnect, device number 13 [ 91.103455][ T2116] usblp0: removed [ 91.109875][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 91.109889][ T28] audit: type=1400 audit(1763708536.090:703): avc: denied { getopt } for pid=4343 comm="syz.0.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 91.157620][ T4350] incfs: Backing dir is not set, filesystem can't be mounted. [ 91.167089][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 91.174641][ T4350] incfs: mount failed -2 [ 91.246563][ T4358] loop1: detected capacity change from 0 to 2048 [ 91.255679][ T4362] device batadv_slave_1 entered promiscuous mode [ 91.263205][ T4361] device batadv_slave_1 left promiscuous mode [ 91.274107][ T4358] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 91.283145][ T28] audit: type=1400 audit(1763708536.260:704): avc: denied { mount } for pid=4365 comm="syz.3.1716" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 91.306795][ T28] audit: type=1400 audit(1763708536.270:705): avc: denied { unmount } for pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 91.332344][ T284] EXT4-fs (loop1): unmounting filesystem. [ 91.423554][ T4383] loop1: detected capacity change from 0 to 2048 [ 91.430282][ T4383] EXT4-fs: Ignoring removed bh option [ 91.436297][ T4380] incfs: Backing dir is not set, filesystem can't be mounted. [ 91.443854][ T4380] incfs: mount failed -2 [ 91.459910][ T4383] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 91.470783][ T4383] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 91.486150][ T4383] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 1 with error 28 [ 91.498964][ T4383] EXT4-fs (loop1): This should not happen!! Data will be lost [ 91.498964][ T4383] [ 91.509162][ T4383] EXT4-fs (loop1): Total free blocks count 0 [ 91.515334][ T4383] EXT4-fs (loop1): Free/Dirty block details [ 91.521775][ T4383] EXT4-fs (loop1): free_blocks=2415919104 [ 91.527610][ T4383] EXT4-fs (loop1): dirty_blocks=16 [ 91.532832][ T4383] EXT4-fs (loop1): Block reservation details [ 91.538902][ T4383] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 91.545685][ T4399] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 22 with error 28 [ 91.686428][ T4415] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1738'. [ 91.697969][ T4415] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1738'. [ 91.880016][ T4425] loop3: detected capacity change from 0 to 256 [ 91.897775][ T28] audit: type=1400 audit(1763708536.870:706): avc: denied { remount } for pid=4424 comm="syz.3.1741" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 91.957339][ T4417] loop4: detected capacity change from 0 to 40427 [ 91.985410][ T4417] F2FS-fs (loop4): invalid crc value [ 91.995522][ T4417] F2FS-fs (loop4): Found nat_bits in checkpoint [ 92.058149][ T4417] F2FS-fs (loop4): Start checkpoint disabled! [ 92.079838][ T4417] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 92.552148][ T28] audit: type=1400 audit(1763708537.530:707): avc: denied { map } for pid=4447 comm="syz.3.1748" path="/dev/ashmem" dev="devtmpfs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 92.577263][ T4450] loop1: detected capacity change from 0 to 512 [ 92.585694][ T4450] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 92.603193][ T4450] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 92.613159][ T4450] FAT-fs (loop1): Filesystem has been set read-only [ 92.622101][ T4450] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 92.632753][ T4450] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 92.643644][ T4450] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 92.652945][ T4450] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 92.727904][ T2116] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 92.907964][ T2116] usb 1-1: Using ep0 maxpacket: 16 [ 92.914228][ T2116] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 92.928052][ T1113] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 92.934621][ T2116] usb 1-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 92.960617][ T2116] usb 1-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 92.974434][ T2116] usb 1-1: config 1 interface 0 has no altsetting 0 [ 92.989406][ T2116] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 93.007900][ T2116] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.012702][ T4470] loop1: detected capacity change from 0 to 40427 [ 93.015983][ T2116] usb 1-1: Product: syz [ 93.031707][ T2116] usb 1-1: Manufacturer: syz [ 93.038739][ T4470] F2FS-fs (loop1): invalid crc value [ 93.047872][ T2116] usb 1-1: SerialNumber: syz [ 93.056306][ T4470] F2FS-fs (loop1): Found nat_bits in checkpoint [ 93.105769][ T4488] loop4: detected capacity change from 0 to 512 [ 93.112846][ T4488] EXT4-fs: Ignoring removed bh option [ 93.116275][ T4470] F2FS-fs (loop1): Start checkpoint disabled! [ 93.125083][ T4488] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 93.134352][ T4488] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 93.134371][ T4470] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 93.154516][ T4488] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 93.174675][ T4488] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 93.185769][ T4488] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 93.209373][ T4488] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #12: block 32: comm syz.4.1767: bad entry in directory: directory entry overrun - offset=24, inode=13, rec_len=2320, size=2048 fake=0 [ 93.217927][ T28] audit: type=1400 audit(1763708538.190:708): avc: denied { rmdir } for pid=4487 comm="syz.4.1767" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 93.253199][ T289] EXT4-fs (loop4): unmounting filesystem. [ 93.274691][ T2116] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 93.360091][ T4513] loop3: detected capacity change from 0 to 512 [ 93.369122][ T4513] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 93.378197][ T4513] ext4 filesystem being mounted at /375/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.393974][ T28] audit: type=1400 audit(1763708538.370:709): avc: denied { lock } for pid=4512 comm="syz.3.1779" path="/375/file0/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 93.424242][ T285] EXT4-fs (loop3): unmounting filesystem. [ 93.430329][ T28] audit: type=1400 audit(1763708538.390:710): avc: denied { link } for pid=4512 comm="syz.3.1779" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 93.511900][ T65] usb 1-1: USB disconnect, device number 15 [ 93.519018][ T65] usblp0: removed [ 93.595275][ T4541] netlink: 'syz.3.1789': attribute type 12 has an invalid length. [ 93.769445][ T4558] loop1: detected capacity change from 0 to 256 [ 93.792009][ T4558] FAT-fs (loop1): Directory bread(block 64) failed [ 93.799901][ T4558] FAT-fs (loop1): Directory bread(block 65) failed [ 93.806481][ T4558] FAT-fs (loop1): Directory bread(block 66) failed [ 93.827832][ T4558] FAT-fs (loop1): Directory bread(block 67) failed [ 93.834423][ T4558] FAT-fs (loop1): Directory bread(block 68) failed [ 93.844315][ T4558] FAT-fs (loop1): Directory bread(block 69) failed [ 93.852424][ T4558] FAT-fs (loop1): Directory bread(block 70) failed [ 93.860281][ T4558] FAT-fs (loop1): Directory bread(block 71) failed [ 93.867049][ T4558] FAT-fs (loop1): Directory bread(block 72) failed [ 93.874749][ T4558] FAT-fs (loop1): Directory bread(block 73) failed [ 93.881486][ T4560] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1798'. [ 93.903730][ T4560] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1798'. [ 93.912863][ T28] audit: type=1400 audit(1763708538.890:711): avc: denied { name_bind } for pid=4561 comm="syz.1.1799" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 93.917881][ T4332] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 93.947470][ T28] audit: type=1400 audit(1763708538.920:712): avc: denied { validate_trans } for pid=4563 comm="syz.4.1801" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 93.990425][ T4570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1803'. [ 94.000366][ T4570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1803'. [ 94.014328][ T4574] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1805'. [ 94.128274][ T4593] netlink: 'syz.1.1813': attribute type 8 has an invalid length. [ 94.144156][ T4591] loop3: detected capacity change from 0 to 1024 [ 94.158085][ T4591] EXT4-fs: Ignoring removed orlov option [ 94.167874][ T4591] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 94.211053][ T4603] loop4: detected capacity change from 0 to 512 [ 94.217739][ T4603] EXT4-fs: Ignoring removed mblk_io_submit option [ 94.224515][ T4603] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.239177][ T4603] EXT4-fs error (device loop4): __ext4_iget:5079: inode #11: block 1: comm syz.4.1818: invalid block [ 94.247819][ T65] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 94.258013][ T4603] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1818: couldn't read orphan inode 11 (err -117) [ 94.277480][ T4603] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 94.295752][ T4603] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #2: comm syz.4.1818: Directory hole found for htree leaf block 0 [ 94.320459][ T289] EXT4-fs (loop4): unmounting filesystem. [ 94.450316][ T4625] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1827'. [ 94.468907][ T65] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.479245][ T65] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 94.493899][ T65] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 94.520463][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 94.538032][ T65] usb 3-1: SerialNumber: syz [ 94.754082][ T65] usb 3-1: 0:2 : does not exist [ 94.759127][ T65] usb 3-1: unit 1 not found! [ 94.768854][ T65] usb 3-1: USB disconnect, device number 12 [ 94.987782][ T2116] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 95.012665][ T4636] loop4: detected capacity change from 0 to 512 [ 95.038066][ T4636] EXT4-fs: Ignoring removed oldalloc option [ 95.091398][ T4636] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 95.130394][ T4636] ext4 filesystem being mounted at /407/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 95.152980][ T285] EXT4-fs (loop3): unmounting filesystem. [ 95.178834][ T2116] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 95.192082][ T4640] loop3: detected capacity change from 0 to 256 [ 95.197753][ T2116] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 95.218152][ T4640] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 95.218157][ T2116] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 95.247758][ T2116] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 95.255766][ T2116] usb 2-1: SerialNumber: syz [ 95.258793][ T4640] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 95.270136][ T289] EXT4-fs (loop4): unmounting filesystem. [ 95.279994][ T4640] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 95.308601][ T4640] exFAT-fs (loop3): abnormal access to deleted source dentry [ 95.475772][ T2116] usb 2-1: 0:2 : does not exist [ 95.483458][ T2116] usb 2-1: USB disconnect, device number 18 [ 95.577793][ T612] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 95.597603][ T4668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1846'. [ 95.607382][ T4668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1846'. [ 95.647780][ T442] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 95.767759][ T612] usb 5-1: Using ep0 maxpacket: 16 [ 95.774007][ T612] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 95.784555][ T612] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 95.794992][ T612] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 95.804075][ T612] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.812100][ T612] usb 5-1: Product: syz [ 95.816359][ T612] usb 5-1: Manufacturer: syz [ 95.820979][ T612] usb 5-1: SerialNumber: syz [ 95.828726][ T442] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.841555][ T442] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 95.850829][ T442] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.859340][ T442] usb 3-1: config 0 descriptor?? [ 95.897733][ T65] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 96.027930][ T612] usb 5-1: cannot find UAC_HEADER [ 96.038198][ T612] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 96.045875][ T612] usb 5-1: USB disconnect, device number 14 [ 96.078797][ T65] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.089842][ T65] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.100366][ T65] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 96.109447][ T65] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 96.117442][ T65] usb 4-1: Manufacturer: syz [ 96.122615][ T65] usb 4-1: config 0 descriptor?? [ 96.267244][ T442] keytouch 0003:0926:3333.0019: fixing up Keytouch IEC report descriptor [ 96.276771][ T442] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0019/input/input22 [ 96.359288][ T442] keytouch 0003:0926:3333.0019: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 96.476338][ T4656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.484887][ T4656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 96.586333][ T4702] loop4: detected capacity change from 0 to 512 [ 96.609165][ T4702] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 96.618258][ T4702] ext4 filesystem being mounted at /411/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 96.630998][ T4702] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #2: comm syz.4.1862: corrupted inode contents [ 96.643121][ T4702] EXT4-fs error (device loop4): ext4_dirty_inode:6121: inode #2: comm syz.4.1862: mark_inode_dirty error [ 96.654690][ T4702] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #2: comm syz.4.1862: corrupted inode contents [ 96.666661][ T4702] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.1862: mark_inode_dirty error [ 96.685031][ T289] EXT4-fs (loop4): unmounting filesystem. [ 96.706305][ T442] usb 3-1: USB disconnect, device number 13 [ 96.713913][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 96.713935][ T28] audit: type=1326 audit(1763708541.690:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.728766][ T4712] input: syz0 as /devices/virtual/input/input23 [ 96.744342][ T28] audit: type=1326 audit(1763708541.690:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.773419][ T28] audit: type=1326 audit(1763708541.690:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.796872][ T28] audit: type=1326 audit(1763708541.690:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.820965][ T28] audit: type=1326 audit(1763708541.690:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.846573][ T28] audit: type=1326 audit(1763708541.690:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.870104][ T28] audit: type=1326 audit(1763708541.690:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.894832][ T28] audit: type=1326 audit(1763708541.690:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.918762][ T28] audit: type=1326 audit(1763708541.690:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.942558][ T28] audit: type=1326 audit(1763708541.690:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5178f749 code=0x7fc00000 [ 96.975205][ T65] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input24 [ 96.986870][ T65] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input25 [ 96.999817][ T65] input: syz Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input26 [ 97.021104][ T65] input: syz Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.001A/input/input27 [ 97.037475][ T65] uclogic 0003:256C:006D.001A: input,hiddev96,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.3-1/input0 [ 97.191076][ T361] usb 4-1: USB disconnect, device number 13 [ 97.266162][ T4741] loop2: detected capacity change from 0 to 128 [ 97.403707][ T4757] __nla_validate_parse: 2 callbacks suppressed [ 97.403723][ T4757] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1884'. [ 97.442828][ T4762] loop1: detected capacity change from 0 to 512 [ 97.449528][ T4762] EXT4-fs: Ignoring removed mblk_io_submit option [ 97.456304][ T4762] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 97.469039][ T4762] EXT4-fs error (device loop1): __ext4_iget:5079: inode #11: block 1: comm syz.1.1886: invalid block [ 97.483583][ T4762] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1886: couldn't read orphan inode 11 (err -117) [ 97.495700][ T4762] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 97.508774][ T4762] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #2: comm syz.1.1886: Directory hole found for htree leaf block 0 [ 97.529135][ T284] EXT4-fs (loop1): unmounting filesystem. [ 97.551461][ T4776] loop2: detected capacity change from 0 to 256 [ 97.558601][ T4776] FAT-fs (loop2): bogus number of FAT sectors [ 97.564889][ T4776] FAT-fs (loop2): Can't find a valid FAT filesystem [ 97.807621][ T442] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 98.018636][ T442] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.035047][ T442] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 98.053853][ T442] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.071283][ T442] usb 2-1: config 0 descriptor?? [ 98.448666][ T4803] loop4: detected capacity change from 0 to 128 [ 98.485492][ T442] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor [ 98.506168][ T442] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001B/input/input28 [ 98.523366][ T4807] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1905'. [ 98.526229][ T4808] loop5: detected capacity change from 0 to 12151 [ 98.587890][ T4811] loop5: detected capacity change from 12151 to 18183 [ 98.609784][ T442] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 98.716868][ T4772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.734716][ T4772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.791818][ T4826] loop4: detected capacity change from 0 to 1024 [ 98.799220][ T4826] EXT4-fs: Ignoring removed orlov option [ 98.818255][ T4826] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 98.834401][ T4823] kvm: MWAIT instruction emulated as NOP! [ 98.840886][ T4826] EXT4-fs (loop4): unmounting filesystem. [ 98.861271][ T4832] netlink: 'syz.2.1916': attribute type 4 has an invalid length. [ 98.987398][ T65] usb 2-1: USB disconnect, device number 19 [ 99.220743][ T4894] loop3: detected capacity change from 0 to 256 [ 99.231088][ T4896] hub 6-0:1.0: USB hub found [ 99.235868][ T4896] hub 6-0:1.0: 1 port detected [ 99.270256][ T4900] loop4: detected capacity change from 0 to 1024 [ 99.272103][ T4898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1945'. [ 99.287690][ T4900] EXT4-fs: Ignoring removed orlov option [ 99.308142][ T4900] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 100.445721][ T289] EXT4-fs (loop4): unmounting filesystem. [ 100.490928][ T5120] loop4: detected capacity change from 0 to 512 [ 100.504356][ T5120] EXT4-fs: Ignoring removed mblk_io_submit option [ 100.513511][ T5120] EXT4-fs (loop4): Test dummy encryption mode enabled [ 100.521115][ T5120] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.533091][ T5120] EXT4-fs (loop4): 1 truncate cleaned up [ 100.538995][ T5120] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 100.559078][ T289] EXT4-fs (loop4): unmounting filesystem. [ 100.687446][ T442] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 100.868570][ T442] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.887594][ T442] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.907427][ T442] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 100.927420][ T442] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 100.946066][ T442] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.962434][ T442] usb 3-1: config 0 descriptor?? [ 101.380951][ T442] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 101.402932][ T442] plantronics 0003:047F:FFFF.001C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 101.721050][ T5206] loop2: detected capacity change from 0 to 512 [ 101.729183][ T5205] x_tables: duplicate underflow at hook 4 [ 101.740627][ T5206] EXT4-fs (loop2): 1 truncate cleaned up [ 101.746390][ T5206] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 101.800793][ T5220] xt_bpf: check failed: parse error [ 102.063786][ T5226] loop4: detected capacity change from 0 to 40427 [ 102.073326][ T5226] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 102.088112][ T5226] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 102.113048][ T5226] F2FS-fs (loop4): Found nat_bits in checkpoint [ 102.148650][ T5226] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 102.155814][ T5226] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 102.226007][ T289] syz-executor: attempt to access beyond end of device [ 102.226007][ T289] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 102.446684][ T5236] 9pnet: p9_errstr2errno: server reported unknown error n$[ [ 102.446684][ T5236] [ 102.697396][ C0] plantronics 0003:047F:FFFF.001C: usb_submit_urb(ctrl) failed: -1 [ 103.218026][ T287] EXT4-fs (loop2): unmounting filesystem. [ 103.377062][ T5260] loop2: detected capacity change from 0 to 1024 [ 103.385552][ T5260] EXT4-fs: Ignoring removed orlov option [ 103.404645][ T5260] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 103.429952][ T287] EXT4-fs (loop2): unmounting filesystem. [ 103.455984][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 103.455999][ T28] audit: type=1400 audit(1763708548.431:742): avc: denied { read write } for pid=5268 comm="syz.0.2028" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 103.485416][ T28] audit: type=1400 audit(1763708548.431:743): avc: denied { open } for pid=5268 comm="syz.0.2028" path="/dev/binderfs/binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 103.577323][ T612] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 103.611063][ T5288] loop4: detected capacity change from 0 to 256 [ 103.618476][ T5288] FAT-fs (loop4): bogus number of FAT sectors [ 103.624803][ T5288] FAT-fs (loop4): Can't find a valid FAT filesystem [ 103.737884][ T5292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=5292 comm=syz.0.2038 [ 103.750719][ T5292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2038'. [ 103.759661][ T5292] device erspan0 entered promiscuous mode [ 103.768426][ T612] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.779502][ T612] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 103.788595][ T612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.797266][ T612] usb 4-1: config 0 descriptor?? [ 103.807280][ T65] usb 3-1: reset high-speed USB device number 14 using dummy_hcd [ 103.997594][ T65] usb 3-1: device firmware changed [ 104.002897][ T6] usb 3-1: USB disconnect, device number 14 [ 104.157245][ T442] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 104.157245][ T6] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 104.209866][ T612] keytouch 0003:0926:3333.001D: fixing up Keytouch IEC report descriptor [ 104.219151][ T612] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001D/input/input29 [ 104.298603][ T612] keytouch 0003:0926:3333.001D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 104.338269][ T6] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 104.349176][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.349735][ T442] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 104.358953][ T6] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 104.368341][ T442] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.389266][ T442] usb 5-1: Product: syz [ 104.390679][ T6] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 104.395106][ T442] usb 5-1: Manufacturer: syz [ 104.402832][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.407690][ T442] usb 5-1: SerialNumber: syz [ 104.422963][ T6] usb 3-1: config 0 descriptor?? [ 104.425611][ T442] usb 5-1: config 0 descriptor?? [ 104.433604][ T5248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.442825][ T5248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.666330][ T361] usb 4-1: USB disconnect, device number 14 [ 104.738251][ T28] audit: type=1400 audit(1763708549.711:744): avc: denied { remount } for pid=5328 comm="syz.0.2055" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 104.743014][ T5329] overlayfs: upper fs does not support tmpfile. [ 104.757835][ T28] audit: type=1400 audit(1763708549.711:745): avc: denied { mounton } for pid=5328 comm="syz.0.2055" path="/374/file0/file0" dev="bpf" ino=38556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 104.844969][ T6] logitech 0003:046D:C295.001E: hidraw0: USB HID v10.01 Device [HID 046d:c295] on usb-dummy_hcd.2-1/input0 [ 104.856605][ T6] logitech 0003:046D:C295.001E: no inputs found [ 104.906008][ T28] audit: type=1400 audit(1763708549.871:746): avc: denied { mounton } for pid=5340 comm="syz.0.2061" path="/380/file0" dev="tmpfs" ino=2001 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 105.004132][ T5348] SELinux: ebitmap: map size 1734634335 does not match my size 64 (high bit was -403701735) [ 105.014956][ T5348] SELinux: failed to load policy [ 105.051609][ T28] audit: type=1400 audit(1763708550.021:747): avc: denied { write } for pid=5351 comm="syz.0.2066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 105.073171][ T361] usb 3-1: USB disconnect, device number 15 [ 105.078375][ T28] audit: type=1400 audit(1763708550.051:748): avc: denied { read } for pid=5351 comm="syz.0.2066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 105.197357][ T5366] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only [ 105.330278][ T5381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2080'. [ 105.379758][ T5393] hub 9-0:1.0: USB hub found [ 105.384476][ T5393] hub 9-0:1.0: 1 port detected [ 105.397497][ T5395] loop3: detected capacity change from 0 to 256 [ 105.434482][ T5405] loop3: detected capacity change from 0 to 512 [ 105.441744][ T442] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 105.452908][ T442] asix: probe of 5-1:0.0 failed with error -71 [ 105.461678][ T442] usb 5-1: USB disconnect, device number 15 [ 105.471056][ T5405] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 105.480079][ T5405] ext4 filesystem being mounted at /428/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 105.503318][ T5405] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #2: comm syz.3.2092: corrupted inode contents [ 105.516007][ T5405] EXT4-fs error (device loop3): ext4_dirty_inode:6121: inode #2: comm syz.3.2092: mark_inode_dirty error [ 105.527571][ T5405] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #2: comm syz.3.2092: corrupted inode contents [ 105.539703][ T5405] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.2092: mark_inode_dirty error [ 105.562449][ T5405] EXT4-fs error (device loop3): ext4_lookup:1855: inode #19: comm syz.3.2092: 'bus' linked to parent dir [ 105.601010][ T285] EXT4-fs (loop3): unmounting filesystem. [ 105.617651][ T5418] device pim6reg1 entered promiscuous mode [ 105.670034][ T5426] netlink: 'syz.0.2101': attribute type 12 has an invalid length. [ 105.890009][ T40] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0 [ 105.901174][ T40] hid-generic 0000:0000:0000.001F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 105.922309][ T28] audit: type=1326 audit(1763708550.891:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5478 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 105.959918][ T28] audit: type=1326 audit(1763708550.891:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5478 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 105.983829][ T28] audit: type=1326 audit(1763708550.891:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5478 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe0dfb8f749 code=0x7ffc0000 [ 106.057129][ T442] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 106.109403][ T5487] loop2: detected capacity change from 0 to 40427 [ 106.116307][ T5487] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 106.124186][ T5487] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 106.132928][ T5487] F2FS-fs (loop2): invalid crc value [ 106.139264][ T5487] F2FS-fs (loop2): Found nat_bits in checkpoint [ 106.160334][ T5487] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 106.167419][ T5487] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 106.187555][ T5039] kworker/u4:113: attempt to access beyond end of device [ 106.187555][ T5039] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 106.209356][ T287] syz-executor: attempt to access beyond end of device [ 106.209356][ T287] loop2: rw=2051, sector=45096, nr_sectors = 8 limit=40427 [ 106.223451][ T287] F2FS-fs (loop2): Issue discard(5637, 5637, 1) failed, ret: -5 [ 106.268232][ T442] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 106.286696][ T442] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.296574][ T442] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 106.309646][ T442] usb 4-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 106.318745][ T442] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.328167][ T442] usb 4-1: config 0 descriptor?? [ 106.382198][ T5503] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.389455][ T5503] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.470040][ T5504] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2125'. [ 106.585616][ T5513] SELinux: failed to load policy [ 106.629333][ T4982] Bluetooth: hci0: Frame reassembly failed (-84) [ 106.736365][ T442] logitech 0003:046D:C295.0020: hidraw0: USB HID v10.01 Device [HID 046d:c295] on usb-dummy_hcd.3-1/input0 [ 106.747944][ T442] logitech 0003:046D:C295.0020: no inputs found [ 106.875215][ T5506] kernel write not supported for file [eventfd] (pid: 5506 comm: kworker/0:9) [ 106.942104][ T5506] usb 4-1: USB disconnect, device number 15 [ 107.039414][ T5553] kvm [5552]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 107.047891][ T5553] kvm [5552]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 107.137070][ T19] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 107.173602][ T5571] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 107.181769][ T5571] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 107.301856][ T5575] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.308930][ T5575] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.316158][ T5575] device bridge_slave_0 entered promiscuous mode [ 107.323417][ T5575] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.323683][ T19] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.330581][ T5575] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.341385][ T19] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 107.342825][ T19] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 107.359033][ T5575] device bridge_slave_1 entered promiscuous mode [ 107.367544][ T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.381888][ T19] usb 5-1: Product: syz [ 107.386056][ T19] usb 5-1: Manufacturer: syz [ 107.390689][ T19] usb 5-1: SerialNumber: syz [ 107.431463][ T5575] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.438510][ T5575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.445759][ T5575] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.452770][ T5575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.471135][ T4982] tipc: Left network mode [ 107.477718][ T5506] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 107.477791][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.493491][ T4937] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.500871][ T4937] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.509727][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.517934][ T4937] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.524959][ T4937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.537872][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.546047][ T4937] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.553112][ T4937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.564923][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 107.576741][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 107.593388][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 107.598084][ T5542] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 107.613905][ T5575] device veth0_vlan entered promiscuous mode [ 107.621326][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 107.629741][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 107.638158][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 107.654466][ T5575] device veth1_macvtap entered promiscuous mode [ 107.661900][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 107.671001][ T5506] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 107.687205][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 107.695411][ T5506] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 107.701903][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 107.716391][ T5506] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 107.725854][ T5506] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.734046][ T5506] usb 1-1: Product: syz [ 107.735040][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 107.739013][ T5506] usb 1-1: Manufacturer: syz [ 107.739028][ T5506] usb 1-1: SerialNumber: syz [ 107.757195][ T5573] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 107.757357][ T4937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 108.027717][ T4982] device bridge_slave_1 left promiscuous mode [ 108.033888][ T4982] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.041413][ T4982] device bridge_slave_0 left promiscuous mode [ 108.047631][ T4982] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.055606][ T4982] device veth0_vlan left promiscuous mode [ 108.224838][ T5542] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 108.437431][ T19] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 108.443881][ T19] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 108.451399][ T19] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 108.633202][ T19] cdc_ncm 5-1:1.0: setting tx_max = 88 [ 108.640972][ T19] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 108.654513][ T19] usb 5-1: USB disconnect, device number 16 [ 108.660781][ T19] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 108.687362][ T1113] Bluetooth: hci0: command 0x1003 tx timeout [ 108.687492][ T1582] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 108.699922][ T5527] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 108.768315][ T5506] cdc_ncm 1-1:1.0: failed to get mac address [ 108.809771][ T5630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2176'. [ 108.828213][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 108.828225][ T28] audit: type=1400 audit(1763708553.801:774): avc: denied { read write } for pid=285 comm="syz-executor" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 108.859296][ T28] audit: type=1400 audit(1763708553.801:775): avc: denied { open } for pid=285 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 108.883255][ T28] audit: type=1400 audit(1763708553.801:776): avc: denied { ioctl } for pid=285 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=121 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 108.909015][ T28] audit: type=1400 audit(1763708553.811:777): avc: denied { bpf } for pid=5631 comm="syz.3.2177" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 108.930329][ T28] audit: type=1400 audit(1763708553.811:778): avc: denied { map_create } for pid=5631 comm="syz.3.2177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 108.950839][ T28] audit: type=1400 audit(1763708553.811:779): avc: denied { map_read map_write } for pid=5631 comm="syz.3.2177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 108.974350][ T5506] cdc_ncm 1-1:1.0: bind() failure [ 108.980327][ T28] audit: type=1400 audit(1763708553.811:780): avc: denied { prog_load } for pid=5631 comm="syz.3.2177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 108.999450][ T5506] cdc_ncm: probe of 1-1:1.1 failed with error -71 [ 109.006011][ T28] audit: type=1400 audit(1763708553.811:781): avc: denied { perfmon } for pid=5631 comm="syz.3.2177" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 109.027574][ T5506] cdc_mbim: probe of 1-1:1.1 failed with error -71 [ 109.035255][ T28] audit: type=1400 audit(1763708553.811:782): avc: denied { prog_run } for pid=5631 comm="syz.3.2177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 109.054338][ T5506] usb 1-1: USB disconnect, device number 16 [ 109.061191][ T28] audit: type=1400 audit(1763708553.821:783): avc: denied { mount } for pid=5633 comm="syz.5.2178" name="/" dev="ramfs" ino=40551 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 109.396982][ T5507] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 109.488988][ T5686] cgroup: name respecified [ 109.516225][ T5692] xt_bpf: check failed: parse error [ 109.579538][ T5507] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.593036][ T5507] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.604946][ T5507] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 109.618103][ T5507] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 109.627326][ T5507] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.636030][ T5507] usb 6-1: config 0 descriptor?? [ 110.043631][ T5507] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving [ 110.051952][ T5507] plantronics 0003:047F:FFFF.0021: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 110.766842][ C0] ================================================================== [ 110.774909][ C0] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0 [ 110.781932][ C0] Write of size 8 at addr ffff8881185f4a00 by task swapper/0/0 [ 110.789458][ C0] [ 110.791762][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 110.798754][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 110.808794][ C0] Call Trace: [ 110.812049][ C0] [ 110.814867][ C0] __dump_stack+0x21/0x24 [ 110.819176][ C0] dump_stack_lvl+0xee/0x150 [ 110.823740][ C0] ? __cfi_dump_stack_lvl+0x8/0x8 [ 110.828736][ C0] ? update_rq_clock+0x1c1/0x5c0 [ 110.833649][ C0] ? __run_timers+0x32b/0x9a0 [ 110.838299][ C0] print_address_description+0x71/0x200 [ 110.843812][ C0] print_report+0x4a/0x60 [ 110.848112][ C0] kasan_report+0x122/0x150 [ 110.852587][ C0] ? __run_timers+0x32b/0x9a0 [ 110.857240][ C0] __asan_report_store8_noabort+0x17/0x20 [ 110.862928][ C0] __run_timers+0x32b/0x9a0 [ 110.867405][ C0] ? sched_clock+0x9/0x10 [ 110.871708][ C0] ? sched_clock_cpu+0x6e/0x250 [ 110.876530][ C0] ? calc_index+0x200/0x200 [ 110.881009][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 110.886376][ C0] run_timer_softirq+0x6a/0xf0 [ 110.891121][ C0] handle_softirqs+0x1d7/0x600 [ 110.895860][ C0] ? irqtime_account_irq+0xc4/0x240 [ 110.901029][ C0] __irq_exit_rcu+0x52/0xf0 [ 110.905506][ C0] irq_exit_rcu+0x9/0x10 [ 110.909727][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 110.915363][ C0] [ 110.918273][ C0] [ 110.921178][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 110.927137][ C0] RIP: 0010:default_idle+0xf/0x20 [ 110.932133][ C0] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d b3 0f 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 110.951712][ C0] RSP: 0018:ffffffff86e07d58 EFLAGS: 00000257 [ 110.957752][ C0] RAX: ffff8881f7000000 RBX: ffffffff86e1c500 RCX: 30c9e20236343700 [ 110.965713][ C0] RDX: 0000000000000001 RSI: ffffffff85aa15c0 RDI: ffffffff85aa1580 [ 110.973656][ C0] RBP: ffffffff86e07d58 R08: dffffc0000000000 R09: ffffed103ee06917 [ 110.981610][ C0] R10: 0000000000000000 R11: ffffffff84f42280 R12: 0000000000000000 [ 110.989552][ C0] R13: 0000000000000000 R14: ffffffff86e1c500 R15: dffffc0000000000 [ 110.997499][ C0] ? __cfi_default_idle+0x10/0x10 [ 111.002508][ C0] arch_cpu_idle+0x1c/0x20 [ 111.006895][ C0] default_idle_call+0x71/0x1d0 [ 111.011723][ C0] do_idle+0x1a7/0x520 [ 111.015763][ C0] ? ct_irq_exit+0x9/0x10 [ 111.020070][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 111.025265][ C0] cpu_startup_entry+0x43/0x60 [ 111.030017][ C0] rest_init+0x10a/0x130 [ 111.034238][ C0] ? __cfi_x86_late_time_init+0x8/0x8 [ 111.039593][ C0] arch_call_rest_init+0xe/0x10 [ 111.044411][ C0] start_kernel+0x482/0x4f0 [ 111.048889][ C0] x86_64_start_reservations+0x2a/0x2c [ 111.054319][ C0] x86_64_start_kernel+0x7c/0x81 [ 111.059222][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 111.065085][ C0] [ 111.068084][ C0] [ 111.070818][ C0] Allocated by task 5527: [ 111.075112][ C0] kasan_set_track+0x4b/0x70 [ 111.079672][ C0] kasan_save_alloc_info+0x25/0x30 [ 111.084763][ C0] __kasan_kmalloc+0x95/0xb0 [ 111.089346][ C0] __kmalloc+0xb1/0x1e0 [ 111.093486][ C0] hci_alloc_dev_priv+0x27/0x1bd0 [ 111.098491][ C0] hci_uart_tty_ioctl+0x3d6/0xa20 [ 111.103492][ C0] tty_ioctl+0x8ef/0xc60 [ 111.107706][ C0] __se_sys_ioctl+0x12f/0x1b0 [ 111.112353][ C0] __x64_sys_ioctl+0x7b/0x90 [ 111.116910][ C0] x64_sys_call+0x58b/0x9a0 [ 111.121386][ C0] do_syscall_64+0x4c/0xa0 [ 111.125772][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 111.131637][ C0] [ 111.133935][ C0] Freed by task 5527: [ 111.137881][ C0] kasan_set_track+0x4b/0x70 [ 111.142442][ C0] kasan_save_free_info+0x31/0x50 [ 111.147441][ C0] ____kasan_slab_free+0x132/0x180 [ 111.152539][ C0] __kasan_slab_free+0x11/0x20 [ 111.157275][ C0] slab_free_freelist_hook+0xc2/0x190 [ 111.162621][ C0] __kmem_cache_free+0xb7/0x1b0 [ 111.167448][ C0] kfree+0x6f/0xf0 [ 111.171157][ C0] hci_release_dev+0x12a3/0x13b0 [ 111.176065][ C0] bt_host_release+0x82/0x90 [ 111.180629][ C0] device_release+0xa4/0x1d0 [ 111.185188][ C0] kobject_put+0x19d/0x280 [ 111.189577][ C0] put_device+0x1f/0x30 [ 111.193707][ C0] hci_dev_cmd+0x265/0x720 [ 111.198089][ C0] hci_sock_ioctl+0x41e/0x7f0 [ 111.202734][ C0] sock_do_ioctl+0x101/0x310 [ 111.207296][ C0] sock_ioctl+0x4d8/0x6e0 [ 111.211606][ C0] __se_sys_ioctl+0x12f/0x1b0 [ 111.216252][ C0] __x64_sys_ioctl+0x7b/0x90 [ 111.220827][ C0] x64_sys_call+0x58b/0x9a0 [ 111.225304][ C0] do_syscall_64+0x4c/0xa0 [ 111.229698][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 111.235567][ C0] [ 111.237864][ C0] Last potentially related work creation: [ 111.243543][ C0] kasan_save_stack+0x3a/0x60 [ 111.248190][ C0] __kasan_record_aux_stack+0xb6/0xc0 [ 111.253533][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 111.259308][ C0] insert_work+0x51/0x300 [ 111.263607][ C0] __queue_work+0x9b1/0xd30 [ 111.268079][ C0] queue_work_on+0xd2/0x140 [ 111.272552][ C0] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 111.277459][ C0] hci_cmd_sync_status+0x53/0x120 [ 111.282485][ C0] hci_dev_cmd+0x628/0x720 [ 111.286896][ C0] hci_sock_ioctl+0x41e/0x7f0 [ 111.291554][ C0] sock_do_ioctl+0x101/0x310 [ 111.296117][ C0] sock_ioctl+0x4d8/0x6e0 [ 111.300418][ C0] __se_sys_ioctl+0x12f/0x1b0 [ 111.305066][ C0] __x64_sys_ioctl+0x7b/0x90 [ 111.309632][ C0] x64_sys_call+0x58b/0x9a0 [ 111.314109][ C0] do_syscall_64+0x4c/0xa0 [ 111.318495][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 111.324358][ C0] [ 111.326666][ C0] Second to last potentially related work creation: [ 111.333217][ C0] kasan_save_stack+0x3a/0x60 [ 111.337864][ C0] __kasan_record_aux_stack+0xb6/0xc0 [ 111.343215][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 111.348995][ C0] insert_work+0x51/0x300 [ 111.353290][ C0] __queue_work+0x9b1/0xd30 [ 111.357764][ C0] queue_work_on+0xd2/0x140 [ 111.362234][ C0] hci_cmd_timeout+0x191/0x200 [ 111.366985][ C0] process_one_work+0x71f/0xc40 [ 111.371804][ C0] worker_thread+0xa29/0x11f0 [ 111.376452][ C0] kthread+0x281/0x320 [ 111.380490][ C0] ret_from_fork+0x1f/0x30 [ 111.384876][ C0] [ 111.387172][ C0] The buggy address belongs to the object at ffff8881185f4000 [ 111.387172][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 111.401264][ C0] The buggy address is located 2560 bytes inside of [ 111.401264][ C0] 8192-byte region [ffff8881185f4000, ffff8881185f6000) [ 111.414713][ C0] [ 111.417017][ C0] The buggy address belongs to the physical page: [ 111.423412][ C0] page:ffffea0004617c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1185f0 [ 111.433635][ C0] head:ffffea0004617c00 order:3 compound_mapcount:0 compound_pincount:0 [ 111.441933][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 111.447986][ C0] raw: 4000000000010200 ffffea000464da00 dead000000000002 ffff888100043500 [ 111.456540][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 111.465088][ C0] page dumped because: kasan: bad access detected [ 111.471470][ C0] page_owner tracks the page as allocated [ 111.477151][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 487, tgid 486 (syz.2.57), ts 24914421507, free_ts 24909990232 [ 111.497261][ C0] post_alloc_hook+0x1f5/0x210 [ 111.502024][ C0] prep_new_page+0x1c/0x110 [ 111.506499][ C0] get_page_from_freelist+0x2c7b/0x2cf0 [ 111.512015][ C0] __alloc_pages+0x1c3/0x450 [ 111.516582][ C0] alloc_slab_page+0x6e/0xf0 [ 111.521145][ C0] new_slab+0x98/0x3d0 [ 111.525185][ C0] ___slab_alloc+0x6bd/0xb20 [ 111.529759][ C0] __slab_alloc+0x5e/0xa0 [ 111.534060][ C0] __kmem_cache_alloc_node+0x203/0x2c0 [ 111.539496][ C0] kmalloc_trace+0x29/0xb0 [ 111.543881][ C0] audit_log_d_path+0xc6/0x240 [ 111.548615][ C0] common_lsm_audit+0x1d5/0x16d0 [ 111.553525][ C0] slow_avc_audit+0x1ac/0x220 [ 111.558172][ C0] avc_has_perm+0x1e6/0x240 [ 111.562644][ C0] selinux_mount+0x3a5/0x4e0 [ 111.567200][ C0] security_sb_mount+0x97/0xd0 [ 111.571934][ C0] page last free stack trace: [ 111.576574][ C0] free_unref_page_prepare+0x742/0x750 [ 111.582010][ C0] free_unref_page+0x8f/0x530 [ 111.586662][ C0] __free_pages+0x67/0x100 [ 111.591049][ C0] __free_slab+0xca/0x1a0 [ 111.595351][ C0] discard_slab+0x29/0x40 [ 111.599650][ C0] __slab_free+0x201/0x280 [ 111.604036][ C0] ___cache_free+0xbf/0xd0 [ 111.608423][ C0] qlist_free_all+0xc6/0x140 [ 111.612983][ C0] kasan_quarantine_reduce+0x14a/0x170 [ 111.618419][ C0] __kasan_slab_alloc+0x24/0x80 [ 111.623240][ C0] slab_post_alloc_hook+0x4f/0x2d0 [ 111.628340][ C0] kmem_cache_alloc_node+0x181/0x340 [ 111.633604][ C0] __alloc_skb+0xea/0x4b0 [ 111.637913][ C0] alloc_skb_with_frags+0xa8/0x620 [ 111.642994][ C0] sock_alloc_send_pskb+0x853/0x980 [ 111.648166][ C0] unix_dgram_sendmsg+0x592/0x16d0 [ 111.653261][ C0] [ 111.655570][ C0] Memory state around the buggy address: [ 111.661178][ C0] ffff8881185f4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.669213][ C0] ffff8881185f4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.677254][ C0] >ffff8881185f4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.685294][ C0] ^ [ 111.689327][ C0] ffff8881185f4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.697356][ C0] ffff8881185f4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.705712][ C0] ================================================================== [ 111.713741][ C0] Disabling lock debugging due to kernel taint [ 111.720021][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 111.731716][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 111.740109][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0 [ 111.748594][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 111.758630][ C0] RIP: 0010:__queue_work+0x575/0xd30 [ 111.763912][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 e0 28 00 4c 89 ff e8 b0 09 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 fc 54 6d 00 49 8b 7d 00 e8 93 05 [ 111.783499][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046 [ 111.789546][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c500 [ 111.797496][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 111.805444][ C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007 [ 111.813395][ C0] R10: ffffed10230be939 R11: 1ffff110230be939 R12: dffffc0000000000 [ 111.821347][ C0] R13: 0000000000000000 R14: ffff8881185f49c8 R15: 0000000000000008 [ 111.829295][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 111.838200][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.844760][ C0] CR2: 00007f127c7f6f98 CR3: 000000011f288000 CR4: 00000000003506b0 [ 111.852713][ C0] DR0: 0000000000000006 DR1: ffffffffffffffff DR2: 00000000000075f1 [ 111.860661][ C0] DR3: 0000000032f0fc45 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 111.868611][ C0] Call Trace: [ 111.871868][ C0] [ 111.874697][ C0] delayed_work_timer_fn+0x61/0x80 [ 111.879795][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 111.885581][ C0] call_timer_fn+0x46/0x2a0 [ 111.890067][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 111.895852][ C0] __run_timers+0x667/0x9a0 [ 111.900339][ C0] ? calc_index+0x200/0x200 [ 111.904825][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 111.910008][ C0] run_timer_softirq+0x6a/0xf0 [ 111.914760][ C0] handle_softirqs+0x1d7/0x600 [ 111.919526][ C0] ? irqtime_account_irq+0xc4/0x240 [ 111.924731][ C0] __irq_exit_rcu+0x52/0xf0 [ 111.929221][ C0] irq_exit_rcu+0x9/0x10 [ 111.933443][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 111.939067][ C0] [ 111.941980][ C0] [ 111.944893][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 111.950869][ C0] RIP: 0010:default_idle+0xf/0x20 [ 111.955894][ C0] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d b3 0f 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90 [ 111.975490][ C0] RSP: 0018:ffffffff86e07d58 EFLAGS: 00000257 [ 111.981562][ C0] RAX: ffff8881f7000000 RBX: ffffffff86e1c500 RCX: 30c9e20236343700 [ 111.989538][ C0] RDX: 0000000000000001 RSI: ffffffff85aa15c0 RDI: ffffffff85aa1580 [ 111.997536][ C0] RBP: ffffffff86e07d58 R08: dffffc0000000000 R09: ffffed103ee06917 [ 112.005518][ C0] R10: 0000000000000000 R11: ffffffff84f42280 R12: 0000000000000000 [ 112.013485][ C0] R13: 0000000000000000 R14: ffffffff86e1c500 R15: dffffc0000000000 [ 112.021456][ C0] ? __cfi_default_idle+0x10/0x10 [ 112.026477][ C0] arch_cpu_idle+0x1c/0x20 [ 112.030875][ C0] default_idle_call+0x71/0x1d0 [ 112.035708][ C0] do_idle+0x1a7/0x520 [ 112.039757][ C0] ? ct_irq_exit+0x9/0x10 [ 112.044067][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 112.049258][ C0] cpu_startup_entry+0x43/0x60 [ 112.054003][ C0] rest_init+0x10a/0x130 [ 112.058223][ C0] ? __cfi_x86_late_time_init+0x8/0x8 [ 112.063585][ C0] arch_call_rest_init+0xe/0x10 [ 112.068413][ C0] start_kernel+0x482/0x4f0 [ 112.072899][ C0] x86_64_start_reservations+0x2a/0x2c [ 112.078335][ C0] x86_64_start_kernel+0x7c/0x81 [ 112.083249][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 112.089136][ C0] [ 112.092150][ C0] Modules linked in: [ 112.096041][ C0] ---[ end trace 0000000000000000 ]--- [ 112.101478][ C0] RIP: 0010:__queue_work+0x575/0xd30 [ 112.106765][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 e0 28 00 4c 89 ff e8 b0 09 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 fc 54 6d 00 49 8b 7d 00 e8 93 05 [ 112.126365][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046 [ 112.132462][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c500 [ 112.140420][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 112.148377][ C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007 [ 112.156346][ C0] R10: ffffed10230be939 R11: 1ffff110230be939 R12: dffffc0000000000 [ 112.164302][ C0] R13: 0000000000000000 R14: ffff8881185f49c8 R15: 0000000000000008 [ 112.172429][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 112.181344][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.187918][ C0] CR2: 00007f127c7f6f98 CR3: 000000011f288000 CR4: 00000000003506b0 [ 112.195873][ C0] DR0: 0000000000000006 DR1: ffffffffffffffff DR2: 00000000000075f1 [ 112.203824][ C0] DR3: 0000000032f0fc45 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 112.211777][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 112.219170][ C0] Kernel Offset: disabled [ 112.223482][ C0] Rebooting in 86400 seconds..