last executing test programs: 5.451260701s ago: executing program 0 (id=185): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) utimes(&(0x7f0000000180)='./file0\x00', 0x0) 5.438938272s ago: executing program 0 (id=186): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$can_raw(0x1d, 0x3, 0x1) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, 0x0, &(0x7f0000000040)) 5.427871044s ago: executing program 0 (id=187): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000380)=r1}, 0x20) recvmsg$unix(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000009c0)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1000000}, 0x100000000000000) shutdown(r0, 0x0) 5.36155023s ago: executing program 0 (id=188): syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c00a3a2a4e7417e941910c27d130b55ac2d5f7a61e59ec6d5de07239091924c32eeb367d16409d6d3ec1fb755f9a7989ebc4e96918e268f0b7acebf67c07bc4731250f87d27b5e9e61000e70f0c6a4e2432073d0d3e18f864e9ef64637d14e5485f36e53c821cb5898685c055a367ea51b653eff6581710f6c3824bc667bd24219163c60803099f985567be0d978e301b4f6603628606afadb04eee58f42f1853f2e8598a5e250e0f4c9a"], 0x1, 0x14fe, &(0x7f0000002ac0)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c) 5.340287432s ago: executing program 0 (id=189): mkdir(&(0x7f0000000040)='./file0\x00', 0x6c) mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0xac) r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) ioctl$SNAPSHOT_ATOMIC_RESTORE(r1, 0x3304) 5.328918373s ago: executing program 0 (id=190): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) 2.777043275s ago: executing program 4 (id=213): prlimit64(0x0, 0x9, &(0x7f0000000140)={0x7, 0x3ff}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) 2.732678119s ago: executing program 4 (id=214): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000"], 0x1, 0x17d, &(0x7f00000004c0)="$eJzsmD9P6lAYxp/TciH35iY6u2giCTBY2qJGBgdmB038FzeJVIIWMdBB2PwUzn4CZ+JC4sfQQZ1ccHNyqGl7gAP+HdTE+PyG9zzv6dvTc94mT5OCEPJrub15uD5LJS90AP+RRELO3+mDGk2pb489Zi4ry+cn5v1Vu7OUH11PAPD9jz8/BqBT0OHJ3PeH707KcQ1aX69DQ0bqTQgYUm9Dw4bUDgS2pN5TdC2oN4zdiusYOzW3FAgzCFYQ7CDkRvfXPRYoKfsTyvVGs7VfdF2n/oXivf51CxoWlf2p76vXG1PpnwUNltQ5CKxKvYBErzdRS5TzT8QG6+vffH4KCoqfJgb+5J8KpBR/iin+kfWqh9lGszVTqRbLTtk5sO3cvDlrmnN2NjSiKL7hf39Df/qnrP/nldq4iOOo6Hl1K4r93I7iS44bD/1PQ3o6yoWcUwm/B+NiKhjSuswJIYQQQgghhBBCCCHk05mECP+CDpF/NmWvhNVPAQAA//94vnZt") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0) read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) 2.62317417s ago: executing program 4 (id=217): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x1c, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0x8, 0x8, 0x0, 0x0, @fd}]}, 0x1c}}, 0x0) 2.573183635s ago: executing program 3 (id=219): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r0}, 0x10) setitimer(0x1, 0x0, 0x0) 2.562608597s ago: executing program 4 (id=220): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0xffffffc0}) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000200)) close(r1) 2.538900849s ago: executing program 3 (id=221): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 2.538390129s ago: executing program 4 (id=222): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000004c0)={0x34, &(0x7f00000001c0)={0x0, 0x1, 0x2, "8e9e"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000500)={0x40, 0x18, 0x8, "58c2b81b8832160b"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.52687086s ago: executing program 3 (id=223): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000f80)=ANY=[@ANYBLOB="120100038ee3710889076001fe8201020301090212000107d1102d0904"], &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000140)={0x40, 0x10, 0x6, "90c1afebdac3"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002d00)={0x44, &(0x7f0000000000)={0x20, 0x16, 0x2, "99d9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 994.405331ms ago: executing program 1 (id=256): unshare(0x2040400) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) 975.280373ms ago: executing program 1 (id=258): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc020000000000000000000000000000140004"], 0x84}}, 0x0) r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0) 932.648298ms ago: executing program 1 (id=260): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) readahead(r1, 0x0, 0x101) 890.318722ms ago: executing program 1 (id=262): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x23, @loopback, 0x22}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)="182c", 0x2}], 0x1}}], 0x1, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/25, 0x19, 0x1, 0x0}, &(0x7f00000000c0)=0x40) 873.424633ms ago: executing program 1 (id=264): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x88842, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000001c0)="b95b0a0000b8026f00000f01c90f300f23b3b9ce000000ba070000001b6b0f30658154fea900600000c182fd3f0000c8b950020000b80100000066baf80cb82e9f8e80ef66bafc0c66b8000066ef0f300fc79d53bf0000c4e16dd3010f2202", 0x80}], 0xd7, 0x4d, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 810.34369ms ago: executing program 2 (id=267): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000080)={r1, 0x1, 0x6, @multicast}, 0x10) 778.015903ms ago: executing program 2 (id=268): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 766.879423ms ago: executing program 1 (id=269): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f00000000c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f00000006c0)=""/83, 0x53, 0x0, 0x0, 0x0, 0x43, 0x10000000}}, 0x120) add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) writev(r0, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e000000", 0x4}, {&(0x7f00000006c0), 0x1000000}], 0x2) 740.540926ms ago: executing program 2 (id=270): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) sendmsg$inet(r2, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x0) 646.856946ms ago: executing program 2 (id=271): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f00000001c0)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000480)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @multicast1}, 0x2, 0x1, 0x0, 0x1}}, 0x80, &(0x7f0000000a00)=[{&(0x7f0000000500)="c5125994", 0x4}], 0x1}, 0x48040) 631.430317ms ago: executing program 2 (id=272): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000580), 0x5, 0x4f3, &(0x7f00000005c0)="$eJzs3d1rW+cZAPBHku3YibN8bIwkgyWQQfZBLH8wYm+DsattF4GxwG42yDxb8TLLkbHkLDa5cLa7XOxibLRQetH7/gW9aa4aAqXXLb3tVUloUxfakoKKjiTHH5KjtraU+Px+cKJzzqvoeV/Zz+uj97xHJ4DUOlf7JxMxHBHvRMSx+ubWJ5yrP6w/vj1TWzJRrV75KJM8r7bdfGrz/x2JiLWIGIyIP/424m+ZnXHLK6vz08ViYamxna8sLObLK6sXry9MzxXmCjfGJi9NTU2OToxP7Vlb7/7nH3cvv/H7gdc/+/fD+/99681atYYbZZvbsZfqTe+PE5v29UXEr/YjWA/kGu0Z6nVF+EZqP7/vRsT5JP+PRS75aXbmyb7WDNhv1Wq1+mX1ULvitSpwYGWTY+BMdiQi6uvZ7MhI/Rj+e3E4WyyVKz+7Vlq+MVs/Vj4e/dlr14uF0cZnhePRn6ltjyXrT7fHt21PRCTHwP/LDSXbIzOl4mx3uzpgmyPb8v/TXD3/gZTo/CM/cNDIf0gv+Q/pJf8hveQ/pJf8h/SS/5Be8h/SS/5DerXK/6M9qAfQfbv9/R/oYj2ArvrD5cu1pdq8/n325sryfOnmxdlCeX5kYXlmZKa0tDgyVyrNJdfsLDzr9Yql0uLYz2P5Vr5SKFfy5ZXVqwul5RuVq8l1/VcL/V1pFdCJE2fvvZeJiLVfDCVLbPqTL1fhYKtWM9Hra5CB3sj1ugMCesapP0ivr/EZv+2XhAEvthZf0bth8Ejbol/H4r5UB+iC7G6FTx50ryJA11047fwfpJXxf0gv4/+QXo7xgd3G/6NxL7+WjP/DC2vX8X/gQBtuc/+vo5vu3TUaEd+JiHdz/Yea9/oCDoLsh5nG8f+FYz8a3l46kPk8OUUwEBH/fOXKS7emK5Wlsdr+jzf2V15u7B/vRf2B9raO8DXztJnHAEB6rT++PdNcuhn30W/qkxB2xu9rjE0OJkcwh9czW+YqZPZo7sLanYg41Sp+pnG/8/qZj8PruR3xTzYeM/WXSOrbl9w3vTvxT2+K/8NN8c9863cF0uFerf8ZbZV/2SSnYyP/tvY/w3s0d6LZ/zXnXG+O3+z/cm36v7Mdxvj7q/9qdXo3mez96E7EmZb9bzPeYBJre/xa3S50GP/hX/70/XZl1dfqr9MqflNtLV9ZWMyXV1YvXm/WYvLS1NTk6MT4VD4Zo843R6p3+uWpt++3i19rf0Ob9r+/o/1DjTr9pMP2f/GDB38+t0v8H59v/ft3Mnnc9v5Xqxt1+GmH8T8Z/+Cv7cpq8WfbvP/ZVvGjWRox0WH88v9/59phAHiOlFdW56eLxcKSFStWnu+Vvuhi0Gf1HGvd6aCAffM06XtdEwAAAAAAAAAAAKBT7Wb/3tvD6cS9biMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEHwVQAAAP//QUvQlg==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0xa0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000600)={0x23e3, 0x0, 0xd, 0x2}) mknod$loop(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 449.931425ms ago: executing program 2 (id=273): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 142.205015ms ago: executing program 3 (id=274): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf80, 0x3}, 0x1c) writev(0xffffffffffffffff, &(0x7f0000001740)=[{&(0x7f0000002080)="c2f742b15efaf3b42f712a35930152325cffed3ae8c8d3f31bb0bb166b3f05bf170f31099dce058c3b100048ac18b2fc7aa421fd3a2c974e4c1b2bdf6b0aeac7847f79edc9442b4ee34666d67e1df6eee3f2a0a14d709922dab3de0a02ec83c0626199dc3294c00e84cb42a354b87b933644b3c6bd27e24c21af58f878a2b0826eb434c405061aa14292278956bef40ff1316fd7bfb0d5befe2155570817a17a9498c5a2caae355e81015a10fcc78258f1d9dc6bc87375bcb311242038f5a8a01b341d276cad374b301827b8932faff3d6462d28f2605f9b88b787aab1b735edaeb9ba6979152c36ad73be96ab77b7cf6501bfd89aa9dacfdc55a921a5ed910882304c5c2be59e58947d02c754fa78800f04a4d02f142525f8f5ae0a98f000001ec276ff2e182ec8303056a515d0c3c15cf25fc155cc078de38eac55a6106e10fcee5e2404237cd7a951665140ad8596bb17b39e12bc0677b42cce532b03a69c13b064fde504f58d6414890b170d806142cf7267c16a6026ca07ae7cd9526905510a7515abc223f1c8abd2af566d4b9e9822341f76874c90f0254e11a826bc17828ed228abcf8c849b3386103aaec4332f2d88f654793205df3c78c5eb3203e30b016af5322e3aa7231c4f132d740eedf3286c66424a85f2fc73c23332a44af0a96ce4136c61a4dca2082279e021a0308b367ba21accd1039cca666dac81e1a7c346d7723c5d5f165d4533eaab122093ffef76ddfd03646d3d946d6e35bb25dc152421c54aaf53145d4da3959c56f5f6a28efa5ce8c84b63a20e57571cf8cba399257b475048ae39e4d22a145b7ca74813ba22f8ccd3970ee90910c18e2ec7478efdc81199067036e9de6261547e35039b00eb4dc5b8f7113e1f2bf54a1dcd977073d8f335c6f79c36cb4f5a958c4ee3a97308af4143106f0cf48b3db94034d01d110ffd63a2d62fd657fccd2e9e149f0a232f209944f16738793d88fcbd6e2794c80aba8b1488b7d121dfcc7e67c53941bfc8271d157a5c577c14c7b5ddf67ca228ec716d5cecc78423fd18f126b33b211944a4c3421fa3fef7602b90819c35c850d8455100000000000000002fdad381a0b19fe5b11a132782666cdf54b33cc71d16e38b354e9586654c009de5affc23434d1426a94adbcbe5f7554dd143a3b05cf8747115fff9d660a402ced3c831a459fd15f12a188b8f8df4cf01ec84297860174ede6b2b2b8becd064bb07aed64b33cdf826be2c692b97e8fa52547e53c612ff1965f381284194c540c50dde298ad0352ddc3d54da2ae320f56a049c4bd208970dd2be1abac17345ccea3ed6f0e7d0b022ba6a198a5ca5aa27d1d43b28506f2015258ed1557bc28455967d1fb1f70730cb24eb3b52be7f9eb81fe76c17449dd474ea40064208292b6a35017c8e9fd64762f8b9ecddecd334a63fae3e36caf442ef734fc7bbd684089ad955b5cb6250472dbf84550a8e7dbcc6953812e5d4eb95e4ce20593d30779593e0ee41a7643384582d10274a0948997fa4e7d559690856ba75ca86ede4ee5ed777ee01cfda2bff124142189bc43cce5184b07b8b787ccb3a72504175d0c3789fe2227f8418ef3e145143d869bff85b0620e0e4c3fb6df818a779d389b6cf2d8551474b21e2c16fe8e2b157233699ece13991b0784e051885768a7639ac55f77c72124cb005f40164e069cc04c4d134d4fab18564edb0e249282ba00268be07ffa506d8d7283bbce5ce1da00f75a7b7cf7263159024cf1766921b88721e0eda34456eca168a4d4c16b8fbb013369367e5aa69d299a0afd4aa05cfe9c334e9a16345544e4859f915db3465b7ff34140d0558487c4a946c0bd241473b262c6e4a3a2d5b713aa49d13b3fa487cb1ba453f4b70d76be3cf50a4f1b41ad7ac6e07618ba55723f772adac19fc956d85e44419ee591323ca1fb27151626b951d929ea002805e84fc2c2a1bb0ec8d6468f7362f57f4955e47a12ed2c94a9fd85ecf0cf9f8eccfdd070648811fc2f2549f6fad247b5694ebfb7eda35e0fde2ab2d84db9cbbb501c355d14c1a09b08e1606c7a124f969f63bc5111d43e0cf0c9558f19536f0dba888d197bba908085594cc9a51b95954235a9eea285522d94f45e1a43ae87ddc518c9f615afdf3a3e6f6b2553e044538e2b99d1e225a1fd4d3b571877c6052238159b96a50d18f141e594568de107238790f3b6a06ba32c2b86aa38278f97351c43830be7c9afaa6cb2769219a72b5d77911fdf3008b85dbe5b0744ced650aba16b39daba1f7c480a3ada039e48dedebb59c2069c450440aeddff2430edf851a67df31d5b775239a4e65353a934458e8c10ee9d145ca95df8cc90f45353cc27b268700d972eae2a7688b9de0c129460f5d03f7e949df388dcd859b695863c5267ded7623157e6f6a522c206b318d3bd19c868d5af103e6c93f40071be87b53b44f319523a87654514d9b56d1bf6c833e90d45082dcdf4b9bc7d60aa09f453d5f591038d330727c7a901c210f8dcadba479df737e1a20a3084cba76578593bf9220863b89a1d77a42bc505a04a9e6476a4c9afabab521c2036fdeb6791058a4da745fdd580a1630da7988dd0698081e43682acb4b46eeb80880ff6cd7ecb0fc032490c9f9a414c21942cb5bdd1e8606ba8ec1b86d94652bae2206f2f5872ce7e70191d08521c4855917f2383ac05873f22639217811dea291e4899390accde8f6fb7408324ef785da1fd83ae6b0190c1220173b1ab11f58e909f330f504b99cf3bc77ff8d57cec47da7bbdeaf8c22837898cf50e2b832100e0a54ac7fef2db966ed4d731abf5afb1df997359d79301c8287197c34fc0645614a458726aec773cbc0b09642d77b4ef9bf422d9f8c9ac318953a0d1a7e5ef657174bd223d3e39b28bf8390029420e7442c45236d924aa4dcd50056471efac90f78ac2b038c7a7e021355a2504f81bb13bdc932d9d3ae42cc3096392c9eecba6bc2f7652f93376978405ccdb242f943f70cc5384e918acf1f5d43649cae159c3e7995eedd37d8f1568c1dd6d7c7d9cd09be943e737126e461f63cfbd64053863ec3ba75b03334a9372b56f89e130b846db84eab2d0262a56208f96809bdd3d26b8a9324274cbbd323c6bec2dd11769ffb96aa2d1583f1a5518fdce1c4de9bd8b15d99ffed8e123dea58c9a50758dccc5f733f8f3fc448157b74d71fb8e5543a88e708dc6bda3bab420987f2ee1fdeaeaeece826494ff4d7d0ceb799df210f091b7e5bac850352c141050c5e2298eec8ff8338b703b00fb538af4ddd82057bea268534610ce8e6fff40e6a23febd734b16abcf7eeb6f10b90fd664d87e2f9a1c83eac76ad21e100e9cdc696a6a9f1a674b87e306f2f96fdce358b4dae8d2e50190b1831cbde1501cefa698cd06742958588ed49998c37f433ef186d88bf889dd3de8740e4fcb160159c1d49406ed702e00c6a1c10db952771262f6a23e8ccb14056c252697ddff65caf2d1f20c1e7fec1436e67143ae527562e47e2b57423c24c201889fb4426ad8a6e26061028863f4efa495d4c045010463247942b6e6fa6eb1e906d03b0dac3f11f07d096db06a2e596021ef8d84e64ecb5a45a2a40d77c8b7a21dde2a02ebe89348ce44f0aee58db0d75c0a38a786ca5a1055ee1654a9fcd29e2fb7a7306a75a28622679cdc0198e3bebad1da3d0568860d8a9f200503d4965c33f62cb2e3dc79bf6da6affa7d94dcc61766f66de229a3d6ea83e9c896717e975906d9d694979c66e8b66f08b9292ed6d5f0af09852df2effce0eb003e39d105b9d726134281569393d7270cb49d9a061a4ee1fe0ee231f0fb0032f2a8dbf0f72bd0554522cab86e2fa8e438d0c221caa473b721ac1fc20e576ea122babd65aa25c3a91c9fa90180ba56f2301046e35640fc10da26cccfe2de37a1560ea1b8aa194607f4ef3930b91c1855c26b6727009434d39db30f470a5987c74082d6b9ec85493c485809158a1d23b31bad735e61cf32611ba83d786f2993228c8797ea49d74a994ae4712324b55d47f3210970122d6f7bf046e5ea7aa5db4cf016897feb9a25ab16e948720e0079bfffb3b1c07f827d462189b4ab30594dc8be03991237729c69482f232eb0340c1cd791dff5b64f5cb7e98bcd46e9436abceaf2e0ae6237e2d995077a3b5d13fa9d5e4c55e4a083a54736cd5258ba6b1206c22937886170ed6df20daabf9a5a65a04d59f363d3fe1ec9c42206226d49187ac9396174a4e76255083e9cc55bdb5ee3ca7a124c39", 0xbd6}], 0x1) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000000)=0x1, 0x4) syz_emit_ethernet(0x102b, &(0x7f0000002c40)=ANY=[], 0x0) 105.724089ms ago: executing program 3 (id=275): r0 = socket$netlink(0x10, 0x3, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@delneigh={0x1c, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x80, 0x2}}, 0x1c}}, 0x0) 80.487352ms ago: executing program 3 (id=276): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffa}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001200)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f07df33c9f7b986", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 4 (id=277): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_uid}]}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts. [ 22.451042][ T30] audit: type=1400 audit(1760693374.280:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.452443][ T273] cgroup: Unknown subsys name 'net' [ 22.473701][ T30] audit: type=1400 audit(1760693374.280:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.501002][ T30] audit: type=1400 audit(1760693374.310:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.501181][ T273] cgroup: Unknown subsys name 'devices' [ 22.639614][ T273] cgroup: Unknown subsys name 'hugetlb' [ 22.645345][ T273] cgroup: Unknown subsys name 'rlimit' [ 22.846422][ T30] audit: type=1400 audit(1760693374.670:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.869620][ T30] audit: type=1400 audit(1760693374.670:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.876982][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.894671][ T30] audit: type=1400 audit(1760693374.670:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.926375][ T30] audit: type=1400 audit(1760693374.730:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.952526][ T30] audit: type=1400 audit(1760693374.730:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.955043][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.978391][ T30] audit: type=1400 audit(1760693374.780:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.012447][ T30] audit: type=1400 audit(1760693374.780:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.559148][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.566221][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.573733][ T282] device bridge_slave_0 entered promiscuous mode [ 23.588193][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.595240][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.602668][ T282] device bridge_slave_1 entered promiscuous mode [ 23.630026][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.637085][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.644657][ T281] device bridge_slave_0 entered promiscuous mode [ 23.656070][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.663148][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.670631][ T285] device bridge_slave_0 entered promiscuous mode [ 23.677505][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.684585][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.692046][ T285] device bridge_slave_1 entered promiscuous mode [ 23.698679][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.705730][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.713251][ T281] device bridge_slave_1 entered promiscuous mode [ 23.768454][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.775525][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.783021][ T283] device bridge_slave_0 entered promiscuous mode [ 23.797657][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.804712][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.812229][ T283] device bridge_slave_1 entered promiscuous mode [ 23.860735][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.867848][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.875190][ T284] device bridge_slave_0 entered promiscuous mode [ 23.895453][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.902543][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.910241][ T284] device bridge_slave_1 entered promiscuous mode [ 24.028692][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.035750][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.043078][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.050148][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.075528][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.082603][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.089911][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.096944][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.109254][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.116310][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.123618][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.130675][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.164342][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.171407][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.178692][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.185722][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.203039][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.211404][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.219037][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.226274][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.233768][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.241234][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.248536][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.255713][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.262973][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.278322][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.285776][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.313600][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.321903][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.328955][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.336566][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.344826][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.351883][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.359280][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.367414][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.374470][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.381872][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.390076][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.397399][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.412231][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.421689][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.436116][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.444511][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.461777][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.470244][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.479662][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.488036][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.495082][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.503110][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.510640][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.534708][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.545520][ T282] device veth0_vlan entered promiscuous mode [ 24.561088][ T285] device veth0_vlan entered promiscuous mode [ 24.578416][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.586690][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.593880][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.602436][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.610390][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.618553][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.626827][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.635076][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.642169][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.649979][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.658294][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.666424][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.673471][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.680845][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.688499][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.695918][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.703905][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.712041][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.720524][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.728858][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.735888][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.743324][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.751655][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.759915][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.766943][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.774394][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.782760][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.790933][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.799023][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.806943][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.815466][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.823923][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.832151][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.840416][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.847981][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.855485][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.863212][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.870685][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.879889][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.888301][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.899862][ T282] device veth1_macvtap entered promiscuous mode [ 24.910297][ T285] device veth1_macvtap entered promiscuous mode [ 24.924956][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.932929][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.941508][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.950041][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.958191][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.967238][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.975611][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.995223][ T283] device veth0_vlan entered promiscuous mode [ 25.005115][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.013461][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.021542][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.030227][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.038787][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.047221][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.055680][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.064220][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.072516][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.080873][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.089365][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.097431][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.105136][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.125928][ T285] request_module fs-gadgetfs succeeded, but still no fs? [ 25.126568][ T283] device veth1_macvtap entered promiscuous mode [ 25.147005][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.161454][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.174688][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.183010][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.191785][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.204123][ T281] device veth0_vlan entered promiscuous mode [ 25.230399][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.239859][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.254216][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.263570][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.270037][ T339] netlink: 'syz.3.6': attribute type 1 has an invalid length. [ 25.271483][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.286781][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.295439][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.303902][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.323291][ T284] device veth0_vlan entered promiscuous mode [ 25.332629][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.342133][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.350205][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.357882][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.366037][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.374702][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.388803][ T281] device veth1_macvtap entered promiscuous mode [ 25.408497][ T284] device veth1_macvtap entered promiscuous mode [ 25.423084][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.447901][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.471736][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.486650][ T335] loop4: detected capacity change from 0 to 40427 [ 25.496888][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.506967][ T335] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 25.515739][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.524423][ T335] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 25.534681][ T335] F2FS-fs (loop4): invalid crc value [ 25.543792][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.552289][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.561245][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.570166][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.586373][ T335] F2FS-fs (loop4): Found nat_bits in checkpoint [ 25.718282][ T335] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 25.729422][ T335] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 25.899773][ T360] loop0: detected capacity change from 0 to 128 [ 25.944799][ T360] EXT4-fs (loop0): Ignoring removed nobh option [ 26.010206][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,noauto_da_alloc,,errors=continue. Quota mode: none. [ 26.087954][ T360] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 26.194569][ T286] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 26.215753][ T286] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 26.281783][ T389] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.359208][ T395] loop4: detected capacity change from 0 to 128 [ 26.388605][ T395] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 26.422536][ T395] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 26.512962][ T45] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 26.576140][ T404] kernel profiling enabled (shift: 63) [ 26.590519][ T404] profiling shift: 63 too large [ 26.635429][ T411] netlink: 96 bytes leftover after parsing attributes in process `syz.0.31'. [ 26.780457][ T424] syz.4.36 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 26.857730][ T20] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 26.896124][ T431] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=431 comm=syz.4.40 [ 26.913260][ T431] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=431 comm=syz.4.40 [ 27.021036][ T441] loop3: detected capacity change from 0 to 512 [ 27.066891][ T441] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 27.081351][ T441] EXT4-fs (loop3): orphan cleanup on readonly fs [ 27.088649][ T441] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 27.104079][ T441] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 27.111054][ T441] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #13: comm syz.3.45: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 27.129456][ T441] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.45: couldn't read orphan inode 13 (err -117) [ 27.141987][ T441] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noblock_validity,min_batch_time=0x000000000000082f,grpquota,debug,journal_dev=0x0000000000000001,grpid,inode_readahead_blks=0x0000000000002000,,errors=continue. Quota mode: writeback. [ 27.201656][ T441] EXT4-fs error (device loop3): ext4_lookup:1858: comm syz.3.45: inode #15: comm syz.3.45: iget: illegal inode # [ 27.237719][ T20] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 27.252758][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.264140][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.274336][ T20] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 27.407736][ T20] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 27.437044][ T20] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 27.449720][ T20] usb 3-1: Manufacturer: syz [ 27.457696][ T30] kauditd_printk_skb: 4231 callbacks suppressed [ 27.457710][ T30] audit: type=1326 audit(1760693379.290:4305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.465499][ T20] usb 3-1: config 0 descriptor?? [ 27.498764][ T30] audit: type=1326 audit(1760693379.320:4306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.540527][ T30] audit: type=1326 audit(1760693379.320:4307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.554846][ T478] loop3: detected capacity change from 0 to 256 [ 27.576678][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 27.588104][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 27.606176][ T30] audit: type=1326 audit(1760693379.320:4308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.630825][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 27.643680][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 27.652360][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 27.660699][ T30] audit: type=1326 audit(1760693379.320:4309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.664543][ T478] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 27.684751][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 27.705878][ T30] audit: type=1326 audit(1760693379.320:4310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.729537][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 27.737910][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 27.746679][ T30] audit: type=1400 audit(1760693379.320:4311): avc: denied { read } for pid=471 comm="syz.0.59" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.776457][ T30] audit: type=1400 audit(1760693379.320:4312): avc: denied { open } for pid=471 comm="syz.0.59" path="/16/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.804588][ T30] audit: type=1326 audit(1760693379.320:4313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.829387][ T30] audit: type=1326 audit(1760693379.320:4314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=351 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7face225f099 code=0x7ffc0000 [ 27.854191][ T476] syz.0.61 (476) used greatest stack depth: 22336 bytes left [ 27.904958][ T484] netlink: 36 bytes leftover after parsing attributes in process `syz.0.64'. [ 27.951118][ T486] loop3: detected capacity change from 0 to 2048 [ 28.006176][ T479] loop4: detected capacity change from 0 to 40427 [ 28.025361][ T479] F2FS-fs (loop4): invalid crc value [ 28.038653][ T20] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 28.045951][ T20] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 28.058794][ T486] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.070482][ T20] appleir 0003:05AC:8243.0002: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 28.083489][ T479] F2FS-fs (loop4): Found nat_bits in checkpoint [ 28.086074][ T486] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.127084][ T479] F2FS-fs (loop4): Start checkpoint disabled! [ 28.134456][ T479] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 28.172144][ T486] fs-verity: sha512 using implementation "sha512-avx2" [ 28.228094][ T479] attempt to access beyond end of device [ 28.228094][ T479] loop4: rw=2049, want=77960, limit=40427 [ 28.290621][ T480] attempt to access beyond end of device [ 28.290621][ T480] loop4: rw=1, want=77960, limit=40427 [ 28.321126][ T480] attempt to access beyond end of device [ 28.321126][ T480] loop4: rw=2049, want=40976, limit=40427 [ 28.379578][ T39] usb 3-1: USB disconnect, device number 2 [ 28.589349][ T486] fs-verity (loop3, inode 13): Error -28 writing Merkle tree block 128 [ 28.607857][ T486] fs-verity (loop3, inode 13): Error -28 building Merkle tree [ 28.741139][ T486] syz.3.65 (486) used greatest stack depth: 22304 bytes left [ 28.907114][ T520] binfmt_misc: register: failed to install interpreter file ./file0 [ 29.223131][ T544] loop1: detected capacity change from 0 to 1024 [ 29.244843][ T544] ======================================================= [ 29.244843][ T544] WARNING: The mand mount option has been deprecated and [ 29.244843][ T544] and is ignored by this kernel. Remove the mand [ 29.244843][ T544] option from the mount to silence this warning. [ 29.244843][ T544] ======================================================= [ 29.339494][ T544] EXT4-fs (loop1): Ignoring removed nobh option [ 29.347103][ T544] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.422163][ T544] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,grpid,barrier=0x0000000000000001,i_version,nouid32,max_dir_size_kb=0x00000000004007b1,abort,nodelalloc,nobh,user_xattr,dioread_lock,dioread_nolock,,errors=continue. Quota mode: none. [ 29.475795][ T552] netlink: 64 bytes leftover after parsing attributes in process `syz.0.90'. [ 29.504586][ T556] 9pnet: p9_errstr2errno: server reported unknown error @í0x0000000000000004 [ 29.583211][ T544] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3871: comm syz.1.87: Allocating blocks 449-513 which overlap fs metadata [ 29.627141][ T547] loop2: detected capacity change from 0 to 40427 [ 29.662407][ T543] EXT4-fs (loop1): pa ffff888111592690: logic 48, phys. 177, len 21 [ 29.670555][ T543] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 4 [ 29.712006][ T547] F2FS-fs (loop2): invalid crc value [ 29.728447][ T547] F2FS-fs (loop2): invalid journal entries nats 0 sits 518 [ 29.735708][ T547] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-22) [ 29.762098][ T573] loop3: detected capacity change from 0 to 16 [ 29.817646][ T577] loop1: detected capacity change from 0 to 128 [ 29.825611][ T573] erofs: (device loop3): mounted with root inode @ nid 36. [ 29.872135][ T577] attempt to access beyond end of device [ 29.872135][ T577] loop1: rw=2049, want=250, limit=128 [ 29.907894][ T577] attempt to access beyond end of device [ 29.907894][ T577] loop1: rw=2049, want=154, limit=128 [ 30.050988][ T607] tun0: tun_chr_ioctl cmd 1074025675 [ 30.056435][ T607] tun0: persist disabled [ 30.072636][ T609] syz.2.115[609] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.072980][ T609] syz.2.115[609] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.157645][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 30.357770][ T500] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 30.377728][ T507] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 30.527755][ T39] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 30.538637][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.549571][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.559327][ T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 30.587750][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 30.647940][ T39] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 30.657062][ T39] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 30.665293][ T39] usb 5-1: Manufacturer: syz [ 30.670509][ T39] usb 5-1: config 0 descriptor?? [ 30.717737][ T500] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 30.728323][ T500] usb 2-1: too many endpoints for config 1 interface 0 altsetting 7: 255, using maximum allowed: 30 [ 30.739199][ T507] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 30.750017][ T500] usb 2-1: config 1 interface 0 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 30.763097][ T507] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.774037][ T500] usb 2-1: config 1 interface 0 has no altsetting 0 [ 30.780691][ T507] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.790490][ T507] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 30.824635][ T620] loop3: detected capacity change from 0 to 128 [ 30.827786][ T26] usb 1-1: Using ep0 maxpacket: 8 [ 30.832884][ T620] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 30.848123][ T620] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 30.867772][ T500] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 30.876999][ T332] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 30.877583][ T500] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 30.877966][ T507] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 30.903506][ T500] usb 2-1: SerialNumber: syz [ 30.908972][ T507] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 30.917108][ T507] usb 3-1: Manufacturer: syz [ 30.922746][ T507] usb 3-1: config 0 descriptor?? [ 30.947735][ T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 30.959251][ T26] usb 1-1: config 0 has no interfaces? [ 30.997210][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 31.005691][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 31.014207][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 31.022488][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 31.030734][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.039218][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 31.047412][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.056233][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 31.117781][ T26] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 31.126940][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.135820][ T39] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 31.142984][ T26] usb 1-1: Product: syz [ 31.147169][ T26] usb 1-1: Manufacturer: syz [ 31.152067][ T39] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 31.157434][ T20] usb 2-1: USB disconnect, device number 2 [ 31.159522][ T26] usb 1-1: SerialNumber: syz [ 31.172239][ T39] appleir 0003:05AC:8243.0003: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 31.184005][ T26] usb 1-1: config 0 descriptor?? [ 31.187285][ T630] loop3: detected capacity change from 0 to 512 [ 31.215323][ T630] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 31.348038][ T640] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=640 comm=syz.3.127 [ 31.408561][ T20] usb 5-1: USB disconnect, device number 2 [ 31.408683][ T507] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 31.427669][ T507] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 31.447563][ T507] appleir 0003:05AC:8243.0004: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 31.688258][ T507] usb 3-1: USB disconnect, device number 3 [ 31.923675][ T655] netlink: 'syz.4.133': attribute type 1 has an invalid length. [ 31.931379][ T655] netlink: 12 bytes leftover after parsing attributes in process `syz.4.133'. [ 31.986223][ T660] serio: Serial port ptm0 [ 32.179957][ T667] loop4: detected capacity change from 0 to 256 [ 32.205980][ T669] loop2: detected capacity change from 0 to 16 [ 32.264797][ T669] erofs: (device loop2): mounted with root inode @ nid 36. [ 32.384993][ T682] loop4: detected capacity change from 0 to 4096 [ 32.405434][ T682] EXT4-fs (loop4): Test dummy encryption mode enabled [ 32.439585][ T682] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 32.447832][ T682] System zones: 0-5 [ 32.453495][ T682] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 32.494583][ T30] kauditd_printk_skb: 2610 callbacks suppressed [ 32.494597][ T30] audit: type=1400 audit(1760693384.304:6925): avc: denied { write } for pid=681 comm="syz.4.145" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 32.496744][ T693] loop2: detected capacity change from 0 to 256 [ 32.501754][ T30] audit: type=1400 audit(1760693384.304:6926): avc: denied { add_name } for pid=681 comm="syz.4.145" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 32.530514][ T682] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 32.549210][ T30] audit: type=1400 audit(1760693384.304:6927): avc: denied { create } for pid=681 comm="syz.4.145" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 32.577714][ T30] audit: type=1400 audit(1760693384.388:6928): avc: denied { mounton } for pid=681 comm="syz.4.145" path="/31/file0/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 32.601374][ T695] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 32.601508][ T30] audit: type=1400 audit(1760693384.388:6929): avc: denied { setattr } for pid=681 comm="syz.4.145" name="work" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 32.630622][ T30] audit: type=1400 audit(1760693384.388:6930): avc: denied { write } for pid=681 comm="syz.4.145" name="work" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 32.652412][ T30] audit: type=1400 audit(1760693384.435:6931): avc: denied { add_name } for pid=681 comm="syz.4.145" name="#5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 32.683327][ T693] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.684205][ T682] syz.4.145 (682) used greatest stack depth: 20512 bytes left [ 32.715807][ T693] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 32.726398][ T30] audit: type=1400 audit(1760693384.435:6932): avc: denied { create } for pid=681 comm="syz.4.145" name="#5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.733468][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.751702][ T30] audit: type=1400 audit(1760693384.435:6933): avc: denied { remove_name } for pid=681 comm="syz.4.145" name="#5" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 32.761002][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.777158][ T693] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 32.796106][ T30] audit: type=1400 audit(1760693384.435:6934): avc: denied { rename } for pid=681 comm="syz.4.145" name="#5" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.805135][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.825614][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.833862][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x2 [ 32.841391][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.849038][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.858238][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.865653][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.873185][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.880632][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.888044][ T26] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 32.895930][ T26] hid-generic 00A0:0006:0003.0005: hidraw0: HID v0.05 Device [syz1] on syz0 [ 33.076761][ T715] syz.2.157[715] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.076837][ T715] syz.2.157[715] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.184292][ T507] usb 1-1: USB disconnect, device number 2 [ 33.201467][ T26] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 33.228652][ T735] loop2: detected capacity change from 0 to 512 [ 33.240652][ T735] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 33.248256][ T735] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 33.261338][ T735] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 33.279235][ T735] EXT4-fs (loop2): 1 truncate cleaned up [ 33.284994][ T735] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,dioread_lock,nodiscard,nomblk_io_submit,noblock_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none. [ 33.317929][ T6] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 33.371410][ T741] loop2: detected capacity change from 0 to 512 [ 33.404581][ T741] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 33.417133][ T741] EXT4-fs (loop2): 1 orphan inode deleted [ 33.422901][ T741] EXT4-fs (loop2): 1 truncate cleaned up [ 33.428786][ T741] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,noinit_itable,debug_want_extra_isize=0x000000000000002a,bsddf,bsddf,barrier=0x0000000000006d62,. Quota mode: none. [ 33.518078][ T752] loop2: detected capacity change from 0 to 128 [ 33.585818][ T26] usb 4-1: config 0 has no interfaces? [ 33.591350][ T26] usb 4-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 33.591649][ T759] Illegal XDP return value 4294967274, expect packet loss! [ 33.611514][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.625223][ T26] usb 4-1: config 0 descriptor?? [ 33.698013][ T771] netlink: 20 bytes leftover after parsing attributes in process `syz.2.183'. [ 33.745560][ T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 33.755706][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 33.909361][ T26] usb 4-1: USB disconnect, device number 2 [ 33.938030][ T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 33.947194][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.955925][ T6] usb 5-1: Product: syz [ 33.960279][ T6] usb 5-1: Manufacturer: syz [ 33.964931][ T6] usb 5-1: SerialNumber: syz [ 33.984377][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 34.333717][ T6] usb 5-1: 0:2 : does not exist [ 34.340599][ T6] usb 5-1: USB disconnect, device number 3 [ 34.493921][ T409] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 34.558706][ T579] udevd[579]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 34.771846][ T20] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 34.782632][ T409] usb 2-1: Using ep0 maxpacket: 16 [ 34.803495][ T826] loop2: detected capacity change from 0 to 512 [ 34.804553][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.818146][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.825975][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.833434][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.838248][ T826] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 34.841240][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x2 [ 34.851952][ T826] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 34.859473][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.876952][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.883867][ T826] EXT4-fs error (device loop2): ext4_do_update_inode:5235: inode #2: comm syz.2.208: corrupted inode contents [ 34.884860][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.896347][ T826] EXT4-fs error (device loop2): ext4_dirty_inode:6071: inode #2: comm syz.2.208: mark_inode_dirty error [ 34.903892][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.914936][ T826] EXT4-fs error (device loop2): ext4_do_update_inode:5235: inode #2: comm syz.2.208: corrupted inode contents [ 34.922267][ T409] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.933943][ T826] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.208: mark_inode_dirty error [ 34.953603][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.963096][ T409] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 34.972352][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.975439][ T826] SELinux: Context system_u:object_r:gpg_exec_t:s0 is not valid (left unmapped). [ 34.980060][ T6] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 34.992868][ T826] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 21: comm syz.2.208: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=19, rec_len=1, size=2048 fake=0 [ 34.996719][ T409] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.016109][ T826] EXT4-fs error (device loop2) in ext4_resetent:3739: Corrupt filesystem [ 35.028796][ T6] hid-generic 00A0:0006:0003.0006: hidraw0: HID v0.05 Device [syz1] on syz0 [ 35.032679][ T826] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2941: inode #19: comm syz.2.208: corrupted xattr block 21 [ 35.041810][ T20] usb 4-1: Using ep0 maxpacket: 16 [ 35.059374][ T826] EXT4-fs warning (device loop2): ext4_evict_inode:303: xattr delete (err -117) [ 35.059401][ T409] usb 2-1: config 0 descriptor?? [ 35.199496][ T20] usb 4-1: config index 0 descriptor too short (expected 58660, got 36) [ 35.208079][ T20] usb 4-1: config 0 has an invalid interface number: 146 but max is -1 [ 35.216378][ T20] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 35.225313][ T20] usb 4-1: config 0 has no interface number 0 [ 35.231408][ T20] usb 4-1: config 0 interface 146 altsetting 188 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.242793][ T20] usb 4-1: config 0 interface 146 altsetting 188 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.252915][ T20] usb 4-1: config 0 interface 146 has no altsetting 0 [ 35.259723][ T20] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 35.268807][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.277600][ T20] usb 4-1: config 0 descriptor?? [ 35.317132][ T810] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 35.413292][ T39] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 35.585105][ T409] konepure 0003:1E7D:2DBE.0007: item fetching failed at offset 1/5 [ 35.593157][ T409] konepure 0003:1E7D:2DBE.0007: parse failed [ 35.599274][ T409] konepure: probe of 0003:1E7D:2DBE.0007 failed with error -22 [ 35.701976][ T810] usb 5-1: config 0 has no interfaces? [ 35.707473][ T810] usb 5-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 35.716544][ T810] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.725391][ T810] usb 5-1: config 0 descriptor?? [ 35.798184][ T39] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 35.799506][ T20] logitech-djreceiver 0003:046D:C71B.0008: unknown main item tag 0x0 [ 35.812393][ T20] logitech-djreceiver 0003:046D:C71B.0008: unknown main item tag 0x0 [ 35.828801][ T20] logitech-djreceiver 0003:046D:C71B.0008: unknown main item tag 0x0 [ 35.837439][ T20] logitech-djreceiver 0003:046D:C71B.0008: unknown main item tag 0x0 [ 35.842274][ T39] usb 3-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 35.845747][ T20] logitech-djreceiver 0003:046D:C71B.0008: unknown main item tag 0x0 [ 35.858775][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.864614][ T20] logitech-djreceiver 0003:046D:C71B.0008: hidraw1: USB HID v0.05 Device [HID 046d:c71b] on usb-dummy_hcd.3-1/input146 [ 35.871453][ T507] usb 2-1: USB disconnect, device number 3 [ 35.889771][ T39] usb 3-1: config 0 descriptor?? [ 35.982706][ T20] usb 5-1: USB disconnect, device number 4 [ 36.029352][ T286] usb 4-1: USB disconnect, device number 3 [ 36.173035][ T507] Bluetooth: hci0: command 0x1003 tx timeout [ 36.179152][ T789] Bluetooth: hci0: sending frame failed (-49) [ 36.408542][ T39] ntrig 0003:1B96:0010.0009: item fetching failed at offset 5/7 [ 36.420271][ T39] ntrig 0003:1B96:0010.0009: parse failed [ 36.426206][ T39] ntrig: probe of 0003:1B96:0010.0009 failed with error -22 [ 36.559540][ T846] loop4: detected capacity change from 0 to 16 [ 36.578985][ T848] loop3: detected capacity change from 0 to 512 [ 36.590931][ T846] erofs: (device loop4): mounted with root inode @ nid 36. [ 36.600707][ T49] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 36.621937][ T846] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 36.664802][ T20] usb 3-1: USB disconnect, device number 4 [ 36.706821][ T409] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 37.059632][ T39] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 37.070508][ T810] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 37.091744][ T409] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 37.101886][ T409] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 37.187968][ T409] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 37.197093][ T409] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 37.205433][ T409] usb 2-1: SerialNumber: syz [ 37.337573][ T810] usb 4-1: Using ep0 maxpacket: 8 [ 37.337602][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 37.383086][ T883] input: syz0 as /devices/virtual/input/input5 [ 37.445548][ T891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.235'. [ 37.509399][ T810] usb 4-1: unable to get BOS descriptor or descriptor too short [ 37.520176][ T409] usb 2-1: 0:2 : does not exist [ 37.526532][ T409] usb 2-1: USB disconnect, device number 4 [ 37.669142][ T39] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 37.678313][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.686375][ T39] usb 5-1: Product: syz [ 37.690709][ T39] usb 5-1: Manufacturer: syz [ 37.695328][ T39] usb 5-1: SerialNumber: syz [ 37.700593][ T39] usb 5-1: config 0 descriptor?? [ 37.744307][ T579] udevd[579]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 37.744838][ T39] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 37.768034][ T39] usb 5-1: Detected FT232H [ 37.861477][ T810] usb 4-1: string descriptor 0 read error: -22 [ 37.867714][ T810] usb 4-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe [ 37.876972][ T810] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.979068][ T39] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 38.041190][ T911] /dev/loop0: Can't open blockdev [ 38.057704][ T30] kauditd_printk_skb: 104 callbacks suppressed [ 38.057719][ T30] audit: type=1400 audit(1760693389.514:7039): avc: denied { create } for pid=912 comm="syz.1.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 38.083462][ T30] audit: type=1400 audit(1760693389.514:7040): avc: denied { setopt } for pid=912 comm="syz.1.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 38.105132][ T30] audit: type=1400 audit(1760693389.514:7041): avc: denied { bind } for pid=912 comm="syz.1.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 38.124352][ T30] audit: type=1400 audit(1760693389.514:7042): avc: denied { relabelfrom } for pid=914 comm="syz.1.246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 38.145741][ T30] audit: type=1400 audit(1760693389.514:7043): avc: denied { relabelto } for pid=914 comm="syz.1.246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 38.188021][ T30] audit: type=1400 audit(1760693389.627:7044): avc: denied { mount } for pid=920 comm="syz.2.249" name="/" dev="configfs" ino=13152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 38.213504][ T30] audit: type=1400 audit(1760693389.627:7045): avc: denied { search } for pid=920 comm="syz.2.249" name="/" dev="configfs" ino=13152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 38.240353][ T30] audit: type=1400 audit(1760693389.627:7046): avc: denied { read } for pid=920 comm="syz.2.249" name="/" dev="configfs" ino=13152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 38.262604][ T30] audit: type=1400 audit(1760693389.627:7047): avc: denied { open } for pid=920 comm="syz.2.249" path="/" dev="configfs" ino=13152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 38.286085][ T30] audit: type=1400 audit(1760693389.636:7048): avc: denied { read } for pid=922 comm="syz.1.250" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 38.337642][ T938] netlink: 92 bytes leftover after parsing attributes in process `syz.1.258'. [ 38.352735][ T941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.259'. [ 38.362881][ T941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.259'. [ 38.387293][ T945] netlink: 16 bytes leftover after parsing attributes in process `syz.2.261'. [ 38.396319][ T286] Bluetooth: hci0: command 0x1001 tx timeout [ 38.396365][ T789] Bluetooth: hci0: sending frame failed (-49) [ 38.438775][ T949] binfmt_misc: register: failed to install interpreter file ./file1 [ 38.478277][ T951] kvm: MWAIT instruction emulated as NOP! [ 38.487062][ T39] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 38.506247][ T958] device batadv_slave_1 entered promiscuous mode [ 38.514098][ T957] device batadv_slave_1 left promiscuous mode [ 38.550363][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.558367][ T963] UHID_CREATE from different security context by process 78 (syz.1.269), this is not allowed. [ 38.569413][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.577274][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.585330][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.592815][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.600328][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.607747][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.615309][ T810] asix 4-1:7.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 38.625476][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.633207][ T810] asix 4-1:7.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 38.643449][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.650976][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.658419][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.665897][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.673294][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.680790][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.682352][ T969] loop2: detected capacity change from 0 to 512 [ 38.688329][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.688353][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.688374][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.688396][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.688417][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.722994][ T500] usb 5-1: USB disconnect, device number 5 [ 38.724326][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.733442][ T500] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 38.743605][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.745911][ T500] ftdi_sio 5-1:0.0: device disconnected [ 38.754471][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.772593][ T969] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 38.774646][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.785983][ T969] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.793187][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.811087][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.818520][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.825987][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.833371][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.840789][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.848436][ T810] asix 4-1:7.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 38.858598][ T810] asix 4-1:7.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 38.868858][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.876257][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.883696][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.891107][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.898671][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.906073][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.914707][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.922166][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.929571][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.936983][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.944390][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.951789][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.959251][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.966648][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.974037][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.981428][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.988825][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 38.996337][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.003716][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.011125][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.018544][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.025918][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.033324][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.040929][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.048391][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.055794][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.064649][ T810] asix 4-1:7.0 eth1: register 'asix' at usb-dummy_hcd.3-1, ASIX AX88178 USB 2.0 Ethernet, 90:c1:af:eb:da:c3 [ 39.076591][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.084765][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.092251][ T810] usb 4-1: USB disconnect, device number 4 [ 39.098202][ T810] asix 4-1:7.0 eth1: unregister 'asix' usb-dummy_hcd.3-1, ASIX AX88178 USB 2.0 Ethernet [ 39.108003][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.115436][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.122829][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.131803][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.139229][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.146652][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.154046][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.161482][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.169006][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.176462][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.183907][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.191362][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.199405][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.206644][ T976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.275'. [ 39.207525][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.223064][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.230508][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.237922][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.245370][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.252794][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.260207][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.267633][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.275126][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.282525][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.289952][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.297366][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.305394][ T6] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 39.315040][ T409] ================================================================== [ 39.323132][ T409] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120 [ 39.330971][ T409] Read of size 8 at addr ffff888106584c70 by task kworker/0:3/409 [ 39.338790][ T409] [ 39.341137][ T409] CPU: 0 PID: 409 Comm: kworker/0:3 Not tainted syzkaller #0 [ 39.348521][ T409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 39.358612][ T409] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 39.365132][ T409] Call Trace: [ 39.368415][ T409] [ 39.371352][ T409] __dump_stack+0x21/0x30 [ 39.375696][ T409] dump_stack_lvl+0xee/0x150 [ 39.380293][ T409] ? show_regs_print_info+0x20/0x20 [ 39.385497][ T409] ? load_image+0x3a0/0x3a0 [ 39.390019][ T409] print_address_description+0x7f/0x2c0 [ 39.395668][ T409] ? __list_del_entry_valid+0xa6/0x120 [ 39.401134][ T409] kasan_report+0xf1/0x140 [ 39.405561][ T409] ? __list_del_entry_valid+0xa6/0x120 [ 39.411044][ T409] __asan_report_load8_noabort+0x14/0x20 [ 39.416698][ T409] __list_del_entry_valid+0xa6/0x120 [ 39.422001][ T409] process_one_work+0x453/0xba0 [ 39.426872][ T409] worker_thread+0xa59/0x1200 [ 39.431560][ T409] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 39.437034][ T409] kthread+0x411/0x500 [ 39.441116][ T409] ? worker_clr_flags+0x190/0x190 [ 39.446153][ T409] ? kthread_blkcg+0xd0/0xd0 [ 39.450754][ T409] ret_from_fork+0x1f/0x30 [ 39.455181][ T409] [ 39.458205][ T409] [ 39.460534][ T409] Allocated by task 810: [ 39.464772][ T409] __kasan_kmalloc+0xda/0x110 [ 39.469448][ T409] __kmalloc+0x13d/0x2c0 [ 39.473693][ T409] kvmalloc_node+0x206/0x300 [ 39.478374][ T409] alloc_netdev_mqs+0x8d/0xc90 [ 39.483146][ T409] alloc_etherdev_mqs+0x34/0x40 [ 39.488012][ T409] usbnet_probe+0x219/0x2860 [ 39.492613][ T409] usb_probe_interface+0x5ff/0xae0 [ 39.497731][ T409] really_probe+0x285/0x970 [ 39.502255][ T409] __driver_probe_device+0x198/0x280 [ 39.507566][ T409] driver_probe_device+0x54/0x3e0 [ 39.512607][ T409] __device_attach_driver+0x2a6/0x460 [ 39.517988][ T409] bus_for_each_drv+0x175/0x200 [ 39.522855][ T409] __device_attach+0x2a2/0x400 [ 39.527632][ T409] device_initial_probe+0x1a/0x20 [ 39.532671][ T409] bus_probe_device+0xc0/0x1e0 [ 39.537445][ T409] device_add+0xb31/0xed0 [ 39.541774][ T409] usb_set_configuration+0x19c2/0x1f10 [ 39.547236][ T409] usb_generic_driver_probe+0x91/0x150 [ 39.552704][ T409] usb_probe_device+0x148/0x260 [ 39.557562][ T409] really_probe+0x285/0x970 [ 39.562061][ T409] __driver_probe_device+0x198/0x280 [ 39.567342][ T409] driver_probe_device+0x54/0x3e0 [ 39.572361][ T409] __device_attach_driver+0x2a6/0x460 [ 39.577732][ T409] bus_for_each_drv+0x175/0x200 [ 39.582583][ T409] __device_attach+0x2a2/0x400 [ 39.587345][ T409] device_initial_probe+0x1a/0x20 [ 39.592371][ T409] bus_probe_device+0xc0/0x1e0 [ 39.597138][ T409] device_add+0xb31/0xed0 [ 39.601470][ T409] usb_new_device+0xd06/0x1620 [ 39.606263][ T409] hub_event+0x29c4/0x4480 [ 39.610713][ T409] process_one_work+0x6be/0xba0 [ 39.615575][ T409] worker_thread+0xa59/0x1200 [ 39.620253][ T409] kthread+0x411/0x500 [ 39.624326][ T409] ret_from_fork+0x1f/0x30 [ 39.628749][ T409] [ 39.631088][ T409] Freed by task 810: [ 39.634999][ T409] kasan_set_track+0x4a/0x70 [ 39.639604][ T409] kasan_set_free_info+0x23/0x40 [ 39.644694][ T409] ____kasan_slab_free+0x125/0x160 [ 39.649812][ T409] __kasan_slab_free+0x11/0x20 [ 39.654574][ T409] slab_free_freelist_hook+0xc2/0x190 [ 39.659950][ T409] kfree+0xc4/0x270 [ 39.663761][ T409] kvfree+0x35/0x40 [ 39.667674][ T409] netdev_freemem+0x3f/0x60 [ 39.672175][ T409] netdev_release+0x7f/0xb0 [ 39.676759][ T409] device_release+0x96/0x1c0 [ 39.681344][ T409] kobject_put+0x18a/0x270 [ 39.685756][ T409] put_device+0x1f/0x30 [ 39.689905][ T409] free_netdev+0x34b/0x450 [ 39.694487][ T409] usbnet_disconnect+0x24b/0x3a0 [ 39.699420][ T409] usb_unbind_interface+0x212/0x8c0 [ 39.704620][ T409] device_release_driver_internal+0x4c1/0x760 [ 39.710788][ T409] device_release_driver+0x19/0x20 [ 39.715921][ T409] bus_remove_device+0x2dd/0x340 [ 39.720874][ T409] device_del+0x696/0xe90 [ 39.725204][ T409] usb_disable_device+0x3a8/0x750 [ 39.730275][ T409] usb_disconnect+0x31e/0x850 [ 39.734958][ T409] hub_event+0x1a96/0x4480 [ 39.739380][ T409] process_one_work+0x6be/0xba0 [ 39.744291][ T409] worker_thread+0xd7b/0x1200 [ 39.748968][ T409] kthread+0x411/0x500 [ 39.753035][ T409] ret_from_fork+0x1f/0x30 [ 39.757451][ T409] [ 39.759771][ T409] Last potentially related work creation: [ 39.765493][ T409] kasan_save_stack+0x3a/0x60 [ 39.770183][ T409] __kasan_record_aux_stack+0xd2/0x100 [ 39.775659][ T409] kasan_record_aux_stack_noalloc+0xb/0x10 [ 39.781471][ T409] insert_work+0x51/0x310 [ 39.785800][ T409] __queue_work+0x8e5/0xc60 [ 39.790309][ T409] queue_work_on+0xd2/0x140 [ 39.794940][ T409] usbnet_link_change+0x189/0x1b0 [ 39.799971][ T409] usbnet_probe+0x1dfd/0x2860 [ 39.804662][ T409] usb_probe_interface+0x5ff/0xae0 [ 39.809816][ T409] really_probe+0x285/0x970 [ 39.814323][ T409] __driver_probe_device+0x198/0x280 [ 39.819604][ T409] driver_probe_device+0x54/0x3e0 [ 39.824631][ T409] __device_attach_driver+0x2a6/0x460 [ 39.830006][ T409] bus_for_each_drv+0x175/0x200 [ 39.834870][ T409] __device_attach+0x2a2/0x400 [ 39.839642][ T409] device_initial_probe+0x1a/0x20 [ 39.844671][ T409] bus_probe_device+0xc0/0x1e0 [ 39.849441][ T409] device_add+0xb31/0xed0 [ 39.853767][ T409] usb_set_configuration+0x19c2/0x1f10 [ 39.859229][ T409] usb_generic_driver_probe+0x91/0x150 [ 39.864683][ T409] usb_probe_device+0x148/0x260 [ 39.869534][ T409] really_probe+0x285/0x970 [ 39.874037][ T409] __driver_probe_device+0x198/0x280 [ 39.879988][ T409] driver_probe_device+0x54/0x3e0 [ 39.885015][ T409] __device_attach_driver+0x2a6/0x460 [ 39.890388][ T409] bus_for_each_drv+0x175/0x200 [ 39.895246][ T409] __device_attach+0x2a2/0x400 [ 39.900018][ T409] device_initial_probe+0x1a/0x20 [ 39.905051][ T409] bus_probe_device+0xc0/0x1e0 [ 39.909831][ T409] device_add+0xb31/0xed0 [ 39.914191][ T409] usb_new_device+0xd06/0x1620 [ 39.918974][ T409] hub_event+0x29c4/0x4480 [ 39.923533][ T409] process_one_work+0x6be/0xba0 [ 39.928494][ T409] worker_thread+0xa59/0x1200 [ 39.933181][ T409] kthread+0x411/0x500 [ 39.937249][ T409] ret_from_fork+0x1f/0x30 [ 39.941665][ T409] [ 39.943980][ T409] The buggy address belongs to the object at ffff888106584000 [ 39.943980][ T409] which belongs to the cache kmalloc-4k of size 4096 [ 39.958026][ T409] The buggy address is located 3184 bytes inside of [ 39.958026][ T409] 4096-byte region [ffff888106584000, ffff888106585000) [ 39.971476][ T409] The buggy address belongs to the page: [ 39.977122][ T409] page:ffffea0004196000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106580 [ 39.987374][ T409] head:ffffea0004196000 order:3 compound_mapcount:0 compound_pincount:0 [ 39.995699][ T409] flags: 0x4000000000010200(slab|head|zone=1) [ 40.001786][ T409] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380 [ 40.010376][ T409] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 40.018963][ T409] page dumped because: kasan: bad access detected [ 40.025376][ T409] page_owner tracks the page as allocated [ 40.031086][ T409] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 810, ts 37925769217, free_ts 37761538378 [ 40.051614][ T409] post_alloc_hook+0x192/0x1b0 [ 40.056501][ T409] prep_new_page+0x1c/0x110 [ 40.061013][ T409] get_page_from_freelist+0x2cc5/0x2d50 [ 40.066559][ T409] __alloc_pages+0x18f/0x440 [ 40.071141][ T409] new_slab+0xa1/0x4d0 [ 40.075202][ T409] ___slab_alloc+0x381/0x810 [ 40.079793][ T409] __slab_alloc+0x49/0x90 [ 40.084118][ T409] kmem_cache_alloc_trace+0x146/0x270 [ 40.089492][ T409] kobject_uevent_env+0x272/0x700 [ 40.094544][ T409] kobject_uevent+0x1d/0x30 [ 40.099051][ T409] device_add+0xa40/0xed0 [ 40.103382][ T409] usb_set_configuration+0x19c2/0x1f10 [ 40.108849][ T409] usb_generic_driver_probe+0x91/0x150 [ 40.114313][ T409] usb_probe_device+0x148/0x260 [ 40.119192][ T409] really_probe+0x285/0x970 [ 40.123705][ T409] __driver_probe_device+0x198/0x280 [ 40.128998][ T409] page last free stack trace: [ 40.133705][ T409] free_unref_page_prepare+0x542/0x550 [ 40.139175][ T409] free_unref_page+0xa2/0x550 [ 40.143863][ T409] __free_pages+0x6c/0x100 [ 40.148282][ T409] __free_slab+0xe8/0x1e0 [ 40.152610][ T409] __unfreeze_partials+0x160/0x190 [ 40.157721][ T409] put_cpu_partial+0xc6/0x120 [ 40.162472][ T409] __slab_free+0x1d4/0x290 [ 40.166891][ T409] ___cache_free+0x104/0x120 [ 40.171483][ T409] qlink_free+0x4d/0x90 [ 40.175643][ T409] qlist_free_all+0x5f/0xb0 [ 40.180148][ T409] kasan_quarantine_reduce+0x14a/0x170 [ 40.185607][ T409] __kasan_slab_alloc+0x2f/0xf0 [ 40.190458][ T409] slab_post_alloc_hook+0x4f/0x2b0 [ 40.195587][ T409] kmem_cache_alloc+0xf7/0x260 [ 40.200353][ T409] getname_flags+0xb9/0x500 [ 40.204859][ T409] getname+0x19/0x20 [ 40.208768][ T409] [ 40.211184][ T409] Memory state around the buggy address: [ 40.216928][ T409] ffff888106584b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.224988][ T409] ffff888106584b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.233090][ T409] >ffff888106584c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.241144][ T409] ^ [ 40.248859][ T409] ffff888106584c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.256921][ T409] ffff888106584d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.264973][ T409] ================================================================== [ 40.273023][ T409] Disabling lock debugging due to kernel taint [ 40.293852][ T6] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.43 Device [syz1] on syz1 [ 40.365368][ T983] fido_id[983]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 40.619603][ T39] Bluetooth: hci0: command 0x1009 tx timeout