last executing test programs: 3.574726054s ago: executing program 0 (id=317): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) r2 = gettid() rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8) tkill(r2, 0x7) 3.523631759s ago: executing program 1 (id=330): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)}, {&(0x7f0000000180)="83d2ff5f0000319fd2898a0cc6d6703b87eb29037b09bc7e64f918fa3be4664d327d90424d550300"/52, 0x34}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x82340) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000000)={0x2, 0xffffffff, 0x0, 0x8, 0x0, 0xfffffffc}) 3.5028754s ago: executing program 0 (id=320): socket(0x1a, 0x2, 0x9) socket(0x10, 0x803, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724040501", @ANYRES8=r0], 0x0) 2.183906027s ago: executing program 0 (id=337): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3f, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x50a3}}, @call={0x85, 0x0, 0x0, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x6, 0x4, 0xdd, 0x6}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 2.15136879s ago: executing program 0 (id=339): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80000001}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850) 2.1512402s ago: executing program 3 (id=340): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000017000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 2.052071688s ago: executing program 0 (id=341): write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0xf0e2f1f3a3745b29, 0x0, {0x7, 0x1f, 0x8, 0x840, 0x1ff, 0x80, 0x7, 0x0, 0x0, 0x0, 0x20, 0x8}}, 0x50) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40383d0c, &(0x7f0000000040)={0x8}) 2.051857529s ago: executing program 3 (id=342): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) socket(0x10, 0x803, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getrusage(0x0, &(0x7f00000000c0)) 2.012547882s ago: executing program 0 (id=343): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000002030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000060000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x10, 0xa08, 0x0, 0xb, 0x445, 0x5, 0xa, 0x2004, 0x200, 0xd, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.769409994s ago: executing program 1 (id=344): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.671706642s ago: executing program 1 (id=345): syz_read_part_table(0x635, &(0x7f0000000000)="$eJzs3D9oXeUbB/DvSe899yaFtr8fTl1SncViZ28NSHqpdKp061IVJFQc4lSx5Ea6mCGDg7NLEbLUumjo4KAt4iROoYNacRWkqNQiPXLuOfdPBEFsOwifz5Dzvs953vd5n5yTMSf8py2kmxTjYS+dJMdf/kvGZiYJ6df5Sapue+/czuqp01VVVUWdcz7dPPn5oetJOu2S/nSbqqo2ppOTufrB0o13i1F353Zd9ObWgTq82BzjSPL0wbI/3mZuh1TVvoP1HuXvgX/n2uBWUVwp29lTvzxYST76efXs7pmt966/2IY3ki+T+vm/U78Xk+y3cvHYhc54WD/lN+f3/bW5lLPI7HEvprPvDKMr68PtlcHa3iRwdLjz6WvP/X7sRqoT+arsLExuFLP9ymT08O3X/R+u3/7tS4O1veHlxemNJ97//xdZbid3qypH6pL/y/hPZ/kRVAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HG4NriVZDTcTtb2hr02unp298xWmeSFV/tt6Pj8qgPt9WIu3KmvG1lPfvgk3fmkov4xjiyku9LEvl+unhkPOpP6vcVmcGmwtje8v5TcefbB0WGzKjc/OzErtzHdeTfPt6N7VWM82fy7JtsS1eEm7+v78/0XnWR9uD2uf/nHotM0/HExmh5zIcnrvbzSNFPdK9u1f8zaAAAAAAAAAAAAAAAAAAAAgIeyeur0G3fb8fl+kp/eXqjHVa/5L/diqdiX/20vWTyZXO2nGK0kuf3Sb+U3h7a+az8dMEovoyQHP9w81y4p920w/URAkap8nJ3xT/wZAAD//8Wbezo=") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000240000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4988a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f6324bb7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9226e3550ee5520211d9370175fba303f003073afd1ec9f7c6133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80eff7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc0584b8e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cd43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c2e88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387f74d1ffbd1da497613174f76a656ba5bacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f009f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459110500a09b75885cd79ba32776e4a511c8a4ad922b000000000002ef507ec6fc7f5dc431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477effff26af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8e45c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cade7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5f0436ead88d7acf0166dbd9f30a9b259c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c0057addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cfe9e2f505e833217557abb257d61a73a758543651b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d11c9b4be91c60932bae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3c99e3f1310d41ab328c1f351b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000fd267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a845e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d04d3fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b552a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7000000000000000000d43d07d546acb7009c0c4f6e57b8577d2113bfca1939b9bf757265e175c1863a7c8d7640675830dc11d5d59546daf2385a7074f770c8333b21e2fb660141bc4f1ed45f703da6ac2557ab6952bd0c300000000000000000005b44bff4e3966fdfc9b720412bec09936b08e440c774e2224f2d338fab2ae59379378ca34eeedbd9a323a889f295e5d3bae64fc48ba123668e6a0be1e732aa5e2a0d4373a0b76d84f018d45bdf6f12d6d5d23a0331c3ae5e99a2bcdb52386135ea15890007e1cba5e52a04971139272012ae5542ba109a9d2f49798ce2fc6f639735e0222cd08075418239042bfe47c363973d3245ce507e838dfd90ae442a96fa1343029be56de31c2eff226c05f0ae3dbe2281e7bc02db39342d5b54ad3616733a5aa7753613423a0c5e2844a6e08fa5b76e18f7e24e967f6f83c546718d0f20959376427cdd449a4be3d75fd3e51e1b7f8690855af8eddbd3fd556b4460d0091e3623933f1a11db14aea54af6c49725bfa51fed222dc379995f48b1aab94441767c8bccbfd966d814715203bd8f549cd57d6a87295bf16aa25fb4e7fcaa8cec5e5c03b0095861bf2fed70ffb46bbb78ba90ca272ead9b3d2959fd9dbaabd1d51a60b474cef4c700faf718b810e4d3527a4663ee9fbc0000000000000000000000000000000000000000000000000061abf7a66b7b3f57ff83"], &(0x7f0000000340)='GPL\x00'}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, 0x0, &(0x7f0000001c40)}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x204, 0xfffff000, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.671592613s ago: executing program 3 (id=346): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000380)=[@wrmsr={0x65, 0x20, {0x40000096, 0x2}}], 0x20}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x7fff, 0x0, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.543484344s ago: executing program 3 (id=347): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) lseek(0xffffffffffffffff, 0xfffffffffffffffe, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r2, 0x0, 0x40000000, 0xffffffffffffffff) 1.375593099s ago: executing program 2 (id=348): r0 = inotify_init() pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0xce) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) close_range(r0, 0xffffffffffffffff, 0x0) 1.375076179s ago: executing program 1 (id=358): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f0000000100)=0x3, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000340)='\x00', 0x1, 0x4c001, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000003fc0)=""/39, 0x27, 0x14162, 0x0, 0x0) 1.333335633s ago: executing program 3 (id=349): socket(0x1a, 0x2, 0x9) socket(0x10, 0x803, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724040501", @ANYRES8=r0], 0x0) 1.332881732s ago: executing program 1 (id=360): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x11c1, 0x103) sched_setscheduler(0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) 1.278439947s ago: executing program 2 (id=350): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r1}, 0x18) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r2 = open(&(0x7f0000000140)='./file1\x00', 0x14d840, 0x0) fstatfs(r2, &(0x7f0000000000)=""/116) 1.219467662s ago: executing program 2 (id=351): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3f, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x50a3}}, @call={0x85, 0x0, 0x0, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x6, 0x4, 0xdd, 0x6}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 1.187970995s ago: executing program 2 (id=352): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000017000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.182572636s ago: executing program 4 (id=364): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/vlan/vlan0\x00') preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/216, 0xd8}], 0x1, 0xa3, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[], 0x6a) 1.170720666s ago: executing program 2 (id=353): write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0xf0e2f1f3a3745b29, 0x0, {0x7, 0x1f, 0x8, 0x840, 0x1ff, 0x80, 0x7, 0x0, 0x0, 0x0, 0x20, 0x8}}, 0x50) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) r1 = dup(r0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40383d0c, &(0x7f0000000040)={0x8}) 1.161037108s ago: executing program 4 (id=354): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) socket(0x10, 0x803, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getrusage(0x0, &(0x7f00000000c0)) 1.149707439s ago: executing program 2 (id=355): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)}, {&(0x7f0000000180)="83d2ff5f0000319fd2898a0cc6d6703b87eb29037b09bc7e64f918fa3be4664d327d90424d550300"/52, 0x34}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x82340) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000000)={0x2, 0xffffffff, 0x0, 0x8, 0x0, 0xfffffffc}) 1.13457798s ago: executing program 4 (id=356): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) 1.053548897s ago: executing program 4 (id=357): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) 1.02188905s ago: executing program 4 (id=359): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000788000/0x1000)=nil, &(0x7f00007bc000/0x1000)=nil, 0x1000, 0x2}) 3.583601ms ago: executing program 4 (id=361): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000380)=[@wrmsr={0x65, 0x20, {0x40000096, 0x2}}], 0x20}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x7fff, 0x0, 0x31237648, 0x6, 0x2, 0x80}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.95531ms ago: executing program 1 (id=372): socket(0x1a, 0x2, 0x9) socket(0x10, 0x803, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc) syz_usb_connect(0x0, 0x62, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724040501", @ANYRES8=r0], 0x0) 0s ago: executing program 3 (id=373): mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x11c1, 0x103) sched_setscheduler(0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts. [ 22.459780][ T28] audit: type=1400 audit(1767816896.297:64): avc: denied { mounton } for pid=274 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.463640][ T274] cgroup: Unknown subsys name 'net' [ 22.482788][ T28] audit: type=1400 audit(1767816896.297:65): avc: denied { mount } for pid=274 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.511155][ T28] audit: type=1400 audit(1767816896.327:66): avc: denied { unmount } for pid=274 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.511642][ T274] cgroup: Unknown subsys name 'devices' [ 22.654216][ T274] cgroup: Unknown subsys name 'hugetlb' [ 22.659994][ T274] cgroup: Unknown subsys name 'rlimit' [ 22.766739][ T28] audit: type=1400 audit(1767816896.607:67): avc: denied { setattr } for pid=274 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.790020][ T28] audit: type=1400 audit(1767816896.607:68): avc: denied { mounton } for pid=274 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.815784][ T28] audit: type=1400 audit(1767816896.607:69): avc: denied { mount } for pid=274 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.844021][ T276] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.853789][ T28] audit: type=1400 audit(1767816896.697:70): avc: denied { relabelto } for pid=276 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.882245][ T28] audit: type=1400 audit(1767816896.697:71): avc: denied { write } for pid=276 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.912719][ T28] audit: type=1400 audit(1767816896.757:72): avc: denied { read } for pid=274 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.914005][ T274] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.939520][ T28] audit: type=1400 audit(1767816896.757:73): avc: denied { open } for pid=274 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.793397][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.800494][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.808276][ T282] device bridge_slave_0 entered promiscuous mode [ 23.817821][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.825094][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.832868][ T282] device bridge_slave_1 entered promiscuous mode [ 23.871466][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.878982][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.888832][ T283] device bridge_slave_0 entered promiscuous mode [ 23.896558][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.903968][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.911912][ T283] device bridge_slave_1 entered promiscuous mode [ 23.939618][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.946766][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.954668][ T285] device bridge_slave_0 entered promiscuous mode [ 23.972047][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.979748][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.987724][ T285] device bridge_slave_1 entered promiscuous mode [ 24.043080][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.050703][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.059479][ T284] device bridge_slave_0 entered promiscuous mode [ 24.079909][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.087413][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.095158][ T284] device bridge_slave_1 entered promiscuous mode [ 24.134411][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.141684][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.149323][ T286] device bridge_slave_0 entered promiscuous mode [ 24.156459][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.163995][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.171494][ T286] device bridge_slave_1 entered promiscuous mode [ 24.300889][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.308269][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.316221][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.323999][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.399116][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.406241][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.414543][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.421609][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.439894][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.447145][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.454490][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.461550][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.481863][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.489221][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.497259][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.504842][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.513601][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.521193][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.528701][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.554398][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.562773][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.569859][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.603277][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.611797][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.618944][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.627170][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.635800][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.643528][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.670640][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.678910][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.688056][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.695158][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.705090][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.724142][ T283] device veth0_vlan entered promiscuous mode [ 24.732612][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.740839][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.749740][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.758106][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.765887][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.773704][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.782306][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.789483][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.797368][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.805769][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.812864][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.820497][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.828941][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.836108][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.844295][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.852640][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.859950][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.869723][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.878280][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.902957][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.912675][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.920931][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.928073][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.936949][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.944809][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.952943][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.961237][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.969472][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.977723][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.986147][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.994396][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.002819][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.011181][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.019583][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.026825][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.038275][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.047110][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.060915][ T283] device veth1_macvtap entered promiscuous mode [ 25.069563][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.077828][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.087453][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.095643][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.104523][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.113106][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.120179][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.129391][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.137770][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.151484][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.159990][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.169222][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.177960][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.199488][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.208906][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.222922][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.231536][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.248400][ T286] device veth0_vlan entered promiscuous mode [ 25.267672][ T285] device veth0_vlan entered promiscuous mode [ 25.275038][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.283908][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.291553][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.300282][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.308945][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.318070][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.326686][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.335112][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.343777][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.352533][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.361109][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.369881][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.378156][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.386602][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.394541][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.407624][ T282] device veth0_vlan entered promiscuous mode [ 25.418454][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.426771][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.434970][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.443423][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.451115][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.468857][ T282] device veth1_macvtap entered promiscuous mode [ 25.478168][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.486810][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 25.487318][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.503063][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.511580][ T286] device veth1_macvtap entered promiscuous mode [ 25.530327][ T284] device veth0_vlan entered promiscuous mode [ 25.543560][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.558201][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.568230][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.577244][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.585987][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.595189][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.603976][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.612645][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.637740][ T285] device veth1_macvtap entered promiscuous mode [ 25.657203][ T284] device veth1_macvtap entered promiscuous mode [ 25.667073][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.676423][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.684780][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.692820][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.701295][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.710349][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.719503][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.728467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.737352][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.777812][ T343] Driver unsupported XDP return value 0 on prog (id 5) dev N/A, expect packet loss! [ 25.788448][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.800079][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.809692][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.818185][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.827142][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.842158][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.850667][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.859737][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.871759][ T345] loop3: detected capacity change from 0 to 16 [ 25.881587][ T345] ======================================================= [ 25.881587][ T345] WARNING: The mand mount option has been deprecated and [ 25.881587][ T345] and is ignored by this kernel. Remove the mand [ 25.881587][ T345] option from the mount to silence this warning. [ 25.881587][ T345] ======================================================= [ 25.927854][ T345] erofs: (device loop3): mounted with root inode @ nid 36. [ 25.982735][ T348] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.049556][ T356] binder: 355:356 ioctl c0306201 2000000004c0 returned -14 [ 26.159878][ T361] incfs: Options parsing error. -22 [ 26.169518][ T361] incfs: mount failed -22 [ 26.331707][ T375] xt_hashlimit: size too large, truncated to 1048576 [ 26.335525][ T357] netlink: 'syz.3.8': attribute type 12 has an invalid length. [ 26.360070][ T357] netlink: 'syz.3.8': attribute type 29 has an invalid length. [ 26.377074][ T357] netlink: 148 bytes leftover after parsing attributes in process `syz.3.8'. [ 26.397295][ T357] netlink: 59 bytes leftover after parsing attributes in process `syz.3.8'. [ 26.418863][ T357] Zero length message leads to an empty skb [ 26.425813][ T379] device pim6reg1 entered promiscuous mode [ 26.968769][ T382] loop4: detected capacity change from 0 to 40427 [ 26.991131][ T382] F2FS-fs (loop4): fault_injection options not supported [ 27.014690][ T382] F2FS-fs (loop4): invalid crc value [ 27.057539][ T371] syz.2.14 (371) used greatest stack depth: 20896 bytes left [ 27.066673][ T382] F2FS-fs (loop4): Found nat_bits in checkpoint [ 27.114233][ T408] device veth0 entered promiscuous mode [ 27.136546][ T408] device veth0 left promiscuous mode [ 27.167866][ T382] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 27.204879][ T413] loop2: detected capacity change from 0 to 512 [ 27.232247][ T413] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 27.290021][ T413] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 27.330139][ T286] syz-executor: attempt to access beyond end of device [ 27.330139][ T286] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 27.366756][ T413] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 27.400165][ T413] EXT4-fs (loop2): 1 truncate cleaned up [ 27.409316][ T413] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.448178][ T285] EXT4-fs (loop2): unmounting filesystem. [ 27.516890][ T28] kauditd_printk_skb: 75 callbacks suppressed [ 27.516906][ T28] audit: type=1326 audit(1767816901.357:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=439 comm="syz.0.40" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa49198f749 code=0x0 [ 27.604037][ T447] syz.4.36 uses obsolete (PF_INET,SOCK_PACKET) [ 27.629585][ T450] loop3: detected capacity change from 0 to 512 [ 27.636203][ T28] audit: type=1400 audit(1767816901.477:150): avc: denied { read } for pid=446 comm="syz.4.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 27.670678][ T450] EXT4-fs (loop3): orphan cleanup on readonly fs [ 27.684760][ T450] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.43: bg 0: block 248: padding at end of block bitmap is not set [ 27.703942][ T450] Quota error (device loop3): write_blk: dquota write failed [ 27.717793][ T450] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 27.728252][ T450] EXT4-fs error (device loop3): ext4_acquire_dquot:6796: comm syz.3.43: Failed to acquire dquot type 1 [ 27.740544][ T450] EXT4-fs (loop3): 1 truncate cleaned up [ 27.746798][ T450] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 27.774097][ T441] loop2: detected capacity change from 0 to 40427 [ 27.790943][ T450] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 27.794335][ T441] F2FS-fs (loop2): invalid crc value [ 27.806621][ T450] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 0 [ 27.816967][ T28] audit: type=1400 audit(1767816901.657:151): avc: denied { write } for pid=455 comm="syz.1.45" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 27.838572][ T441] F2FS-fs (loop2): Found nat_bits in checkpoint [ 27.846848][ T28] audit: type=1400 audit(1767816901.657:152): avc: denied { read write } for pid=455 comm="syz.1.45" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.875394][ T28] audit: type=1400 audit(1767816901.657:153): avc: denied { open } for pid=455 comm="syz.1.45" path="/dev/raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.917829][ T282] EXT4-fs (loop3): unmounting filesystem. [ 27.921990][ T441] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 27.928384][ T28] audit: type=1400 audit(1767816901.657:154): avc: denied { ioctl } for pid=455 comm="syz.1.45" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.003242][ T28] audit: type=1400 audit(1767816901.847:155): avc: denied { create } for pid=463 comm="syz.3.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 28.029954][ T28] audit: type=1400 audit(1767816901.847:156): avc: denied { write } for pid=463 comm="syz.3.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 28.091900][ T19] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 28.244225][ T483] loop2: detected capacity change from 0 to 8192 [ 28.251177][ T487] netlink: 'syz.3.58': attribute type 15 has an invalid length. [ 28.259468][ T487] netlink: 24 bytes leftover after parsing attributes in process `syz.3.58'. [ 28.283040][ T19] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 28.297635][ T19] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 28.307143][ T489] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=489 comm=syz.3.59 [ 28.326484][ T19] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 28.345415][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 28.364734][ T19] usb 2-1: SerialNumber: syz [ 28.458006][ T502] serio: Serial port ptm1 [ 28.577790][ T19] usb 2-1: 0:2 : does not exist [ 28.597217][ T19] usb 2-1: USB disconnect, device number 2 [ 28.644601][ T515] loop0: detected capacity change from 0 to 512 [ 28.661970][ T287] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 28.697807][ T515] EXT4-fs warning (device loop0): ext4_xattr_inode_get:509: inode #11: comm syz.0.71: EA inode hash validation failed [ 28.711179][ T528] syz.4.77 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 28.722003][ T515] EXT4-fs error (device loop0): ext4_do_update_inode:5270: inode #15: comm syz.0.71: corrupted inode contents [ 28.734837][ T515] EXT4-fs error (device loop0): ext4_dirty_inode:6135: inode #15: comm syz.0.71: mark_inode_dirty error [ 28.746801][ T515] EXT4-fs error (device loop0): ext4_do_update_inode:5270: inode #15: comm syz.0.71: corrupted inode contents [ 28.759076][ T515] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2964: inode #15: comm syz.0.71: mark_inode_dirty error [ 28.775640][ T515] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2967: inode #15: comm syz.0.71: mark inode dirty (error -117) [ 28.788507][ T515] EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117) [ 28.797974][ T515] EXT4-fs (loop0): 1 orphan inode deleted [ 28.803995][ T515] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 28.813173][ T428] udevd[428]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 28.835612][ T515] EXT4-fs (loop0): unmounting filesystem. [ 28.852954][ T287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 28.868722][ T287] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.885267][ T287] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 28.898063][ T287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.907000][ T287] usb 4-1: config 0 descriptor?? [ 28.913779][ T287] hub 4-1:0.0: USB hub found [ 29.113544][ T287] hub 4-1:0.0: 1 port detected [ 29.122884][ T558] netlink: 12 bytes leftover after parsing attributes in process `syz.1.90'. [ 29.314297][ T287] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 29.322137][ T287] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 29.341108][ T287] usbhid 4-1:0.0: can't add hid device: -71 [ 29.351145][ T287] usbhid: probe of 4-1:0.0 failed with error -71 [ 29.392231][ T287] usb 4-1: USB disconnect, device number 2 [ 29.436196][ T581] sch_fq: defrate 4294967295 ignored. [ 29.521890][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 29.651966][ T583] loop2: detected capacity change from 0 to 40427 [ 29.664482][ T583] F2FS-fs (loop2): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 29.674306][ T583] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 29.684743][ T583] F2FS-fs (loop2): fault_type options not supported [ 29.692340][ T583] F2FS-fs (loop2): fault_injection options not supported [ 29.699992][ T583] F2FS-fs (loop2): Image doesn't support compression [ 29.713137][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.730836][ T583] F2FS-fs (loop2): invalid crc value [ 29.738260][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.749072][ T39] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 29.758744][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.768704][ T583] F2FS-fs (loop2): Found nat_bits in checkpoint [ 29.778669][ T39] usb 2-1: config 0 descriptor?? [ 29.849376][ T583] F2FS-fs (loop2): Start checkpoint disabled! [ 29.872572][ T583] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 29.879988][ T587] loop3: detected capacity change from 0 to 8192 [ 29.886623][ T583] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 29.932714][ T587] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 29.951882][ T587] loop3: partition table partially beyond EOD, truncated [ 29.965470][ T587] loop3: p1 start 100663296 is beyond EOD, truncated [ 29.989205][ T587] loop3: p2 size 134217732 extends beyond EOD, truncated [ 30.007944][ T587] loop3: p4 size 14876672 extends beyond EOD, truncated [ 30.026130][ T587] loop3: p5 size 134217732 extends beyond EOD, truncated [ 30.062201][ T587] loop3: p6 size 14876672 extends beyond EOD, truncated [ 30.199614][ T39] hid-steam 0003:28DE:1142.0001: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 30.234169][ T39] hid-steam 0003:28DE:1142.0002: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 30.259584][ T42] kworker/u4:2: attempt to access beyond end of device [ 30.259584][ T42] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 30.276841][ T42] kworker/u4:2: attempt to access beyond end of device [ 30.276841][ T42] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 30.298225][ T601] netlink: 96 bytes leftover after parsing attributes in process `syz.4.110'. [ 30.322105][ T39] hid-steam 0003:28DE:1142.0001: Steam wireless receiver connected [ 30.354664][ T605] loop0: detected capacity change from 0 to 1024 [ 30.358154][ T428] udevd[428]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 30.365147][ T605] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 30.379715][ T605] EXT4-fs (loop0): orphan cleanup on readonly fs [ 30.386622][ T605] EXT4-fs error (device loop0): ext4_free_blocks:6205: comm syz.0.111: Freeing blocks not in datazone - block = 0, count = 4096 [ 30.386993][ T427] udevd[427]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 30.402362][ T605] EXT4-fs (loop0): 1 orphan inode deleted [ 30.416864][ T605] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 30.426072][ T337] udevd[337]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 30.437746][ T353] udevd[353]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory [ 30.449003][ T430] udevd[430]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory [ 30.467496][ T284] EXT4-fs (loop0): unmounting filesystem. [ 30.478684][ T428] udevd[428]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 30.490203][ T427] udevd[427]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 30.490285][ T607] udevd[607]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 30.511371][ T337] udevd[337]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory [ 30.611991][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 30.794975][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.807908][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.818874][ T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 30.834199][ T39] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 30.843696][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.853267][ T39] usb 5-1: config 0 descriptor?? [ 30.894376][ T630] loop3: detected capacity change from 0 to 2048 [ 30.903613][ T287] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.925159][ T630] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 30.961089][ T282] EXT4-fs (loop3): unmounting filesystem. [ 31.051793][ T346] usb 2-1: USB disconnect, device number 3 [ 31.059335][ T346] hid-steam 0003:28DE:1142.0001: Steam wireless receiver disconnected [ 31.091975][ T287] usb 3-1: Using ep0 maxpacket: 32 [ 31.112533][ T287] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.123652][ T287] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.134175][ T287] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 31.144039][ T287] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.153353][ T287] usb 3-1: config 0 descriptor?? [ 31.251992][ T19] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 31.272867][ T39] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 31.283115][ T39] plantronics 0003:047F:FFFF.0003: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 31.432941][ T19] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.444134][ T19] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 31.455369][ T19] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 31.467606][ T19] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 31.481752][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.489859][ T19] usb 4-1: Product: syz [ 31.494126][ T19] usb 4-1: Manufacturer: syz [ 31.498786][ T19] usb 4-1: SerialNumber: syz [ 31.562992][ T287] savu 0003:1E7D:2D5A.0004: hiddev97,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 31.652890][ T650] input: syz1 as /devices/virtual/input/input5 [ 31.815436][ T657] loop0: detected capacity change from 0 to 16 [ 31.829187][ T657] erofs: (device loop0): mounted with root inode @ nid 36. [ 32.171878][ T287] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 32.171889][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.353073][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.363341][ T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 32.364030][ T287] usb 2-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.374852][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.382976][ T287] usb 2-1: config 0 interface 0 has no altsetting 0 [ 32.395264][ T24] usb 1-1: config 0 descriptor?? [ 32.402033][ T287] usb 2-1: New USB device found, idVendor=056a, idProduct=00d2, bcdDevice= 0.00 [ 32.411624][ T287] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.420692][ T287] usb 2-1: config 0 descriptor?? [ 32.514569][ T19] cdc_ncm 4-1:1.0: bind() failure [ 32.522005][ T19] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 32.528920][ T19] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 32.537182][ T19] usb 4-1: USB disconnect, device number 3 [ 32.584051][ T636] usb 3-1: USB disconnect, device number 2 [ 32.808665][ T24] lenovo 0003:17EF:6047.0005: hidraw1: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0 [ 32.829920][ T287] wacom 0003:056A:00D2.0006: Unknown device_type for 'HID 056a:00d2'. Assuming pen. [ 32.840304][ T287] wacom 0003:056A:00D2.0006: hidraw2: USB HID v8.00 Device [HID 056a:00d2] on usb-dummy_hcd.1-1/input0 [ 32.852260][ T287] input: Wacom Bamboo Craft Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00D2.0006/input/input6 [ 33.058346][ T668] usb 2-1: USB disconnect, device number 4 [ 33.321943][ T287] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 33.402253][ T39] usb 5-1: USB disconnect, device number 2 [ 33.503067][ T287] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.515452][ T287] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 33.524727][ T287] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 33.532989][ T287] usb 4-1: Product: syz [ 33.537424][ T287] usb 4-1: SerialNumber: syz [ 33.591010][ T687] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=687 comm=syz.1.141 [ 33.608852][ T24] lenovo 0003:17EF:6047.0005: Sensitivity setting failed: -71 [ 33.627967][ T24] usb 1-1: USB disconnect, device number 2 [ 33.683212][ T692] fido_id[692]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 34.681815][ C1] sched: RT throttling activated [ 34.758109][ T704] loop2: detected capacity change from 0 to 2048 [ 34.771316][ T28] kauditd_printk_skb: 106 callbacks suppressed [ 34.771331][ T28] audit: type=1400 audit(1767816908.607:263): avc: denied { create } for pid=705 comm="syz.4.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 34.799401][ T704] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.819903][ T285] EXT4-fs (loop2): unmounting filesystem. [ 34.831977][ T636] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 34.926579][ T714] IPv6: sit1: Disabled Multicast RS [ 34.985057][ T716] SELinux: Context Ü is not valid (left unmapped). [ 35.014030][ T721] syz.2.154[721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.014276][ T721] syz.2.154[721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.030203][ T28] audit: type=1400 audit(1767816908.877:264): avc: denied { read } for pid=720 comm="syz.2.154" name="file0" dev="incremental-fs" ino=209 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 35.065084][ T636] usb 2-1: Using ep0 maxpacket: 16 [ 35.070611][ T346] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 35.078679][ T28] audit: type=1400 audit(1767816908.877:265): avc: denied { open } for pid=720 comm="syz.2.154" path="/36/file0/file0" dev="incremental-fs" ino=209 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 35.103591][ T28] audit: type=1400 audit(1767816908.927:266): avc: denied { unmount } for pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 35.123971][ T636] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.133809][ T636] usb 2-1: config 0 interface 0 has no altsetting 0 [ 35.140575][ T636] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 35.149726][ T636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.158778][ T636] usb 2-1: config 0 descriptor?? [ 35.174622][ T726] input: syz1 as /devices/virtual/input/input9 [ 35.200192][ T28] audit: type=1400 audit(1767816909.037:267): avc: denied { read write } for pid=727 comm="syz.2.157" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 35.219037][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.226303][ T28] audit: type=1400 audit(1767816909.037:268): avc: denied { open } for pid=727 comm="syz.2.157" path="/dev/uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 35.254472][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.261978][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.269567][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x4 [ 35.277521][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.285137][ T346] usb 5-1: Using ep0 maxpacket: 8 [ 35.291192][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.299405][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.307380][ T346] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 35.315624][ T287] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 35.322381][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x2 [ 35.329847][ T6] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 35.337632][ T287] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 35.345253][ T346] usb 5-1: config 0 has no interface number 0 [ 35.351436][ T287] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 35.358808][ T346] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 35.368321][ T6] hid-generic 00A0:0006:0003.0007: hidraw0: HID v0.05 Device [syz1] on syz0 [ 35.378196][ T346] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.388333][ T346] usb 5-1: Product: syz [ 35.396244][ T346] usb 5-1: Manufacturer: syz [ 35.400923][ T346] usb 5-1: SerialNumber: syz [ 35.418846][ T346] usb 5-1: config 0 descriptor?? [ 35.447767][ T731] fido_id[731]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 35.498594][ T28] audit: type=1400 audit(1767816909.337:269): avc: denied { mounton } for pid=739 comm="syz.2.162" path="/43/file0" dev="tmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 35.526247][ T287] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 35.547847][ T287] usb 4-1: USB disconnect, device number 4 [ 35.559413][ T287] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 35.572725][ T636] hid (null): unknown global tag 0xd [ 35.578126][ T636] hid (null): invalid report_size 2088884844 [ 35.596357][ T636] hid-generic 0003:060B:500A.0008: unexpected long global item [ 35.604291][ T636] hid-generic: probe of 0003:060B:500A.0008 failed with error -22 [ 35.633126][ T346] usb 5-1: Found UVC 0.04 device syz (046d:08c3) [ 35.639649][ T346] usb 5-1: No valid video chain found. [ 35.652285][ T28] audit: type=1400 audit(1767816909.487:270): avc: denied { read } for pid=141 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 35.667225][ T346] usb 5-1: USB disconnect, device number 3 [ 35.707782][ T28] audit: type=1400 audit(1767816909.547:271): avc: denied { map } for pid=744 comm="syz.2.164" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=17374 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 35.736839][ T28] audit: type=1400 audit(1767816909.547:272): avc: denied { read write } for pid=744 comm="syz.2.164" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=17374 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 35.793064][ T741] usb 2-1: USB disconnect, device number 5 [ 36.001930][ T636] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 36.123661][ T758] xt_bpf: check failed: parse error [ 36.191897][ T636] usb 3-1: Using ep0 maxpacket: 8 [ 36.203272][ T636] usb 3-1: config 125 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.229009][ T636] usb 3-1: config 125 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.244255][ T636] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 36.262171][ T636] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.282548][ T770] loop4: detected capacity change from 0 to 512 [ 36.341261][ T770] EXT4-fs (loop4): orphan cleanup on readonly fs [ 36.351647][ T770] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 36.366754][ T770] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 36.384280][ T770] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.174: attempt to clear invalid blocks 2 len 1 [ 36.409721][ T770] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.174: invalid indirect mapped block 1819239214 (level 0) [ 36.423853][ T341] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 36.450061][ T770] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.174: invalid indirect mapped block 1819239214 (level 1) [ 36.490948][ T770] EXT4-fs (loop4): 1 truncate cleaned up [ 36.497928][ T770] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 36.522119][ T770] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 36.531711][ T770] EXT4-fs error (device loop4): __ext4_remount:6605: comm syz.4.174: Abort forced by user [ 36.557041][ T770] EXT4-fs (loop4): Remounting filesystem read-only [ 36.567310][ T770] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 36.596931][ T286] EXT4-fs (loop4): unmounting filesystem. [ 36.613137][ T341] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 36.621642][ T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.634479][ T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.644599][ T341] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 36.657888][ T341] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 36.667317][ T341] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.685250][ T636] kone 0003:1E7D:2CED.0009: unknown main item tag 0x0 [ 36.691416][ T341] usb 4-1: config 0 descriptor?? [ 36.692446][ T636] kone 0003:1E7D:2CED.0009: unknown main item tag 0x0 [ 36.731895][ T636] kone 0003:1E7D:2CED.0009: unknown main item tag 0x0 [ 36.738760][ T636] kone 0003:1E7D:2CED.0009: unknown main item tag 0x0 [ 36.741994][ T24] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 36.761590][ T636] kone 0003:1E7D:2CED.0009: unknown main item tag 0x0 [ 36.774561][ T636] kone 0003:1E7D:2CED.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.2-1/input0 [ 36.905458][ T636] usb 3-1: USB disconnect, device number 3 [ 36.942964][ T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 36.957944][ T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 36.968232][ T796] netlink: 'syz.1.184': attribute type 1 has an invalid length. [ 36.976448][ T796] netlink: 'syz.1.184': attribute type 6 has an invalid length. [ 36.984512][ T796] netlink: 52 bytes leftover after parsing attributes in process `syz.1.184'. [ 36.994670][ T24] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 37.007263][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.020017][ T24] usb 1-1: Product: syz [ 37.024599][ T24] usb 1-1: Manufacturer: syz [ 37.029499][ T24] usb 1-1: SerialNumber: syz [ 37.115068][ T341] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xd [ 37.127025][ T341] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 37.142593][ T341] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 37.247635][ T24] usb 1-1: 0:2 : does not exist [ 37.255136][ T24] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 37.266329][ T24] usb 1-1: USB disconnect, device number 3 [ 37.392817][ T346] usb 4-1: USB disconnect, device number 5 [ 37.472257][ T428] udevd[428]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 37.523944][ T822] netlink: 96 bytes leftover after parsing attributes in process `syz.1.195'. [ 37.555823][ T824] loop2: detected capacity change from 0 to 1024 [ 37.556833][ T826] loop4: detected capacity change from 0 to 512 [ 37.564122][ T824] EXT4-fs: Ignoring removed nobh option [ 37.574744][ T824] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 37.587053][ T826] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 37.600120][ T824] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 37.614154][ T826] EXT4-fs (loop4): 1 truncate cleaned up [ 37.627363][ T826] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 37.635562][ T824] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.196: Allocating blocks 385-513 which overlap fs metadata [ 37.684410][ T824] EXT4-fs (loop2): pa ffff888117d175e8: logic 16, phys. 129, len 24 [ 37.690635][ T286] EXT4-fs (loop4): unmounting filesystem. [ 37.692505][ T824] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 8 [ 37.736142][ T285] EXT4-fs (loop2): unmounting filesystem. [ 37.770547][ T847] syz.4.206[847] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.770627][ T847] syz.4.206[847] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.831485][ T856] loop0: detected capacity change from 0 to 512 [ 37.852374][ T856] EXT4-fs: Ignoring removed oldalloc option [ 37.858487][ T856] EXT4-fs: Ignoring removed bh option [ 37.872542][ T856] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2196: inode #15: comm syz.0.209: corrupted in-inode xattr [ 37.888438][ T856] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.209: couldn't read orphan inode 15 (err -117) [ 37.900849][ T856] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 37.933017][ T856] EXT4-fs error (device loop0): ext4_map_blocks:635: inode #2: block 12: comm syz.0.209: lblock 3 mapped to illegal pblock 12 (length 1) [ 37.977492][ T284] EXT4-fs (loop0): unmounting filesystem. [ 38.148396][ T887] tmpfs: Too small a size for current use [ 38.159325][ T885] loop2: detected capacity change from 0 to 256 [ 38.242359][ T897] netlink: 8 bytes leftover after parsing attributes in process `syz.4.227'. [ 38.327303][ T909] loop0: detected capacity change from 0 to 16 [ 38.334803][ T903] loop3: detected capacity change from 0 to 2048 [ 38.356726][ T903] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 38.365258][ T909] erofs: (device loop0): erofs_read_inode: unsupported chunk format ffff of nid 36 [ 38.379131][ T914] syz.2.235[914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.379264][ T914] syz.2.235[914] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.448008][ T427] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 38.654980][ T940] loop2: detected capacity change from 0 to 16 [ 38.685546][ T940] erofs: (device loop2): mounted with root inode @ nid 36. [ 39.158511][ T958] IPv6: sit1: Disabled Multicast RS [ 39.391691][ T970] SELinux: Context ÷ is not valid (left unmapped). [ 39.570121][ T981] loop3: detected capacity change from 0 to 2048 [ 39.603526][ T981] loop3: p1 < > p3 [ 39.622251][ T981] loop3: p3 size 134217728 extends beyond EOD, truncated [ 39.906314][ T1003] loop1: detected capacity change from 0 to 2048 [ 39.960613][ T1003] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 40.025199][ T283] EXT4-fs (loop1): unmounting filesystem. [ 40.043521][ T1019] syz.2.281[1019] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.043622][ T1019] syz.2.281[1019] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.141729][ T1024] loop1: detected capacity change from 0 to 2048 [ 40.191487][ T1024] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 40.263370][ T1032] loop2: detected capacity change from 0 to 512 [ 40.274539][ T1034] syz.1.288[1034] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.274642][ T1034] syz.1.288[1034] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.288060][ T1032] EXT4-fs (loop2): orphan cleanup on readonly fs [ 40.316428][ T1032] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 40.346779][ T1032] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 40.361769][ T1032] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.287: attempt to clear invalid blocks 2 len 1 [ 40.382074][ T1032] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.287: invalid indirect mapped block 1819239214 (level 0) [ 40.412930][ T1032] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.287: invalid indirect mapped block 1819239214 (level 1) [ 40.427452][ T1032] EXT4-fs (loop2): 1 truncate cleaned up [ 40.433458][ T1032] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 40.448852][ T1032] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 40.459352][ T1032] EXT4-fs error (device loop2): __ext4_remount:6605: comm syz.2.287: Abort forced by user [ 40.479017][ T1032] EXT4-fs (loop2): Remounting filesystem read-only [ 40.485922][ T1032] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 40.514970][ T285] EXT4-fs (loop2): unmounting filesystem. [ 40.781894][ T636] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 40.861871][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 40.983024][ T636] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 40.992662][ T636] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 41.003994][ T636] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.014513][ T636] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 41.027892][ T636] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 41.037342][ T636] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.049301][ T636] usb 1-1: config 0 descriptor?? [ 41.052027][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 41.063468][ T24] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 41.081916][ T24] usb 3-1: config 0 has no interface number 0 [ 41.085195][ T1075] loop1: detected capacity change from 0 to 512 [ 41.097203][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 41.116070][ T1075] EXT4-fs (loop1): orphan cleanup on readonly fs [ 41.122519][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.130633][ T24] usb 3-1: Product: syz [ 41.135272][ T1075] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 41.142177][ T346] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 41.144143][ T24] usb 3-1: Manufacturer: syz [ 41.155879][ T24] usb 3-1: SerialNumber: syz [ 41.161138][ T1075] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 41.176019][ T24] usb 3-1: config 0 descriptor?? [ 41.182623][ T1075] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.306: attempt to clear invalid blocks 2 len 1 [ 41.196201][ T1075] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.306: invalid indirect mapped block 1819239214 (level 0) [ 41.210622][ T1075] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.306: invalid indirect mapped block 1819239214 (level 1) [ 41.225307][ T1075] EXT4-fs (loop1): 1 truncate cleaned up [ 41.231068][ T1075] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 41.263992][ T1075] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 41.276333][ T1075] EXT4-fs error (device loop1): __ext4_remount:6605: comm syz.1.306: Abort forced by user [ 41.286743][ T1075] EXT4-fs (loop1): Remounting filesystem read-only [ 41.294121][ T1075] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 41.322260][ T283] EXT4-fs (loop1): unmounting filesystem. [ 41.333071][ T346] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.355253][ T346] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 41.372443][ T346] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.384772][ T24] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 41.391225][ T24] usb 3-1: No valid video chain found. [ 41.398757][ T346] usb 5-1: config 0 descriptor?? [ 41.410844][ T24] usb 3-1: USB disconnect, device number 4 [ 41.477556][ T636] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd [ 41.487373][ T636] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 41.502608][ T636] plantronics 0003:047F:FFFF.000B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 41.772646][ T24] usb 1-1: USB disconnect, device number 4 [ 41.808774][ T346] lenovo 0003:17EF:6047.000C: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 42.609612][ T346] lenovo 0003:17EF:6047.000C: Sensitivity setting failed: -71 [ 42.620421][ T346] usb 5-1: USB disconnect, device number 4 [ 42.621991][ T39] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 42.641893][ T636] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 42.653528][ T1118] fido_id[1118]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 42.813022][ T39] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 42.821232][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.821968][ T636] usb 1-1: Using ep0 maxpacket: 8 [ 42.832253][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.843653][ T636] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 42.847188][ T39] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 42.865539][ T636] usb 1-1: config 0 has no interface number 0 [ 42.868858][ T39] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 42.883556][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.888018][ T636] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 42.894188][ T39] usb 2-1: config 0 descriptor?? [ 42.921934][ T636] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.930507][ T636] usb 1-1: Product: syz [ 42.935120][ T636] usb 1-1: Manufacturer: syz [ 42.939782][ T636] usb 1-1: SerialNumber: syz [ 42.948789][ T636] usb 1-1: config 0 descriptor?? [ 43.163968][ T636] usb 1-1: Found UVC 0.04 device syz (046d:08c3) [ 43.171900][ T636] usb 1-1: No valid video chain found. [ 43.190452][ T636] usb 1-1: USB disconnect, device number 5 [ 43.190995][ T1127] loop2: detected capacity change from 0 to 2048 [ 43.245912][ T1127] loop2: p1 < > p3 [ 43.252151][ T1127] loop2: p3 size 134217728 extends beyond EOD, truncated [ 43.310355][ T39] plantronics 0003:047F:FFFF.000D: unknown main item tag 0xd [ 43.329261][ T39] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 43.351413][ T39] plantronics 0003:047F:FFFF.000D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 43.593626][ T636] usb 2-1: USB disconnect, device number 6 [ 43.634345][ T1150] loop3: detected capacity change from 0 to 2048 [ 43.659026][ T1150] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 43.707384][ T282] EXT4-fs (loop3): unmounting filesystem. [ 44.141890][ T636] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 44.244204][ T1178] loop1: detected capacity change from 0 to 2048 [ 44.292487][ T1178] loop1: p1 < > p3 [ 44.297579][ T1178] loop1: p3 size 134217728 extends beyond EOD, truncated [ 44.339158][ T636] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.362993][ T636] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 44.382178][ T636] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 44.390344][ T636] usb 1-1: Product: syz [ 44.404904][ T636] usb 1-1: SerialNumber: syz [ 44.615911][ T1192] loop2: detected capacity change from 0 to 2048 [ 44.634623][ T1192] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 44.653992][ T285] EXT4-fs (loop2): unmounting filesystem. [ 44.748002][ T1208] syz.4.356[1208] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.748099][ T1208] syz.4.356[1208] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.821896][ T346] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 45.001902][ T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 45.031899][ T346] usb 4-1: Using ep0 maxpacket: 8 [ 45.038078][ T346] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 45.046583][ T346] usb 4-1: config 0 has no interface number 0 [ 45.054159][ T346] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 45.063301][ T346] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.071322][ T346] usb 4-1: Product: syz [ 45.075535][ T346] usb 4-1: Manufacturer: syz [ 45.080162][ T346] usb 4-1: SerialNumber: syz [ 45.085863][ T346] usb 4-1: config 0 descriptor?? [ 45.183001][ T6] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 45.191164][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.202173][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.212019][ T6] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 45.225090][ T6] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 45.234308][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.243389][ T6] usb 3-1: config 0 descriptor?? [ 45.293903][ T346] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 45.300378][ T346] usb 4-1: No valid video chain found. [ 45.306874][ T346] usb 4-1: USB disconnect, device number 6 [ 45.448901][ T636] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 45.455551][ T636] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 45.463041][ T636] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 45.652841][ T636] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 45.664690][ T6] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd [ 45.678583][ T636] usb 1-1: USB disconnect, device number 6 [ 45.683472][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 45.683512][ T28] audit: type=1400 audit(1767816919.517:308): avc: denied { search } for pid=141 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 45.685456][ T636] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 45.698048][ T28] audit: type=1400 audit(1767816919.527:309): avc: denied { read } for pid=141 comm="dhcpcd" name="n16" dev="tmpfs" ino=2622 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.726949][ T6] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 45.751930][ T28] audit: type=1400 audit(1767816919.527:310): avc: denied { open } for pid=141 comm="dhcpcd" path="/run/udev/data/n16" dev="tmpfs" ino=2622 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.784240][ T28] audit: type=1400 audit(1767816919.527:311): avc: denied { getattr } for pid=141 comm="dhcpcd" path="/run/udev/data/n16" dev="tmpfs" ino=2622 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 45.784989][ T6] plantronics 0003:047F:FFFF.000E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 45.845324][ T28] audit: type=1400 audit(1767816919.687:312): avc: denied { read } for pid=1216 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=494 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 45.884955][ T28] audit: type=1400 audit(1767816919.707:313): avc: denied { open } for pid=1216 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=494 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 45.903511][ T6] ================================================================== [ 45.918101][ T6] BUG: KASAN: use-after-free in worker_thread+0x9ff/0x11f0 [ 45.925355][ T6] Read of size 8 at addr ffff88810ff04ce0 by task kworker/0:0/6 [ 45.933020][ T6] [ 45.935381][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Not tainted syzkaller #0 [ 45.939674][ T28] audit: type=1400 audit(1767816919.707:314): avc: denied { getattr } for pid=1216 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=494 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 45.942597][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 45.942612][ T6] Workqueue: 0x0 (usb_hub_wq) [ 45.982804][ T6] Call Trace: [ 45.986111][ T6] [ 45.989093][ T6] __dump_stack+0x21/0x24 [ 45.993470][ T6] dump_stack_lvl+0xee/0x150 [ 45.998098][ T6] ? __cfi_dump_stack_lvl+0x8/0x8 [ 46.003193][ T6] ? __cfi__printk+0x8/0x8 [ 46.007663][ T6] ? _raw_spin_lock_irq+0x8f/0xe0 [ 46.013007][ T6] ? worker_thread+0x9ff/0x11f0 [ 46.017897][ T6] print_address_description+0x71/0x200 [ 46.023452][ T6] print_report+0x4a/0x60 [ 46.027785][ T6] kasan_report+0x122/0x150 [ 46.032293][ T6] ? worker_thread+0x9ff/0x11f0 [ 46.037153][ T6] __asan_report_load8_noabort+0x14/0x20 [ 46.042908][ T6] worker_thread+0x9ff/0x11f0 [ 46.047644][ T6] kthread+0x281/0x320 [ 46.051713][ T6] ? __cfi_worker_thread+0x10/0x10 [ 46.056820][ T6] ? __cfi_kthread+0x10/0x10 [ 46.061433][ T6] ret_from_fork+0x1f/0x30 [ 46.065853][ T6] [ 46.068956][ T6] [ 46.071277][ T6] Allocated by task 636: [ 46.075509][ T6] kasan_set_track+0x4b/0x70 [ 46.080103][ T6] kasan_save_alloc_info+0x25/0x30 [ 46.085223][ T6] __kasan_kmalloc+0x95/0xb0 [ 46.089813][ T6] __kmalloc_node+0xb2/0x1e0 [ 46.094505][ T6] kvmalloc_node+0x294/0x480 [ 46.099115][ T6] alloc_netdev_mqs+0x8d/0xf90 [ 46.104034][ T6] alloc_etherdev_mqs+0x37/0x40 [ 46.108900][ T6] usbnet_probe+0x20c/0x2780 [ 46.113505][ T6] usb_probe_interface+0x610/0xaf0 [ 46.118732][ T6] really_probe+0x2cb/0x960 [ 46.123252][ T6] __driver_probe_device+0x198/0x280 [ 46.128538][ T6] driver_probe_device+0x54/0x3e0 [ 46.133562][ T6] __device_attach_driver+0x2e9/0x4a0 [ 46.139018][ T6] bus_for_each_drv+0x183/0x210 [ 46.143884][ T6] __device_attach+0x2a2/0x400 [ 46.148642][ T6] device_initial_probe+0x1a/0x20 [ 46.153677][ T6] bus_probe_device+0xc0/0x1f0 [ 46.158528][ T6] device_add+0xb4d/0xef0 [ 46.162850][ T6] usb_set_configuration+0x19c2/0x1f10 [ 46.168335][ T6] usb_generic_driver_probe+0x91/0x150 [ 46.173799][ T6] usb_probe_device+0x159/0x270 [ 46.178645][ T6] really_probe+0x2cb/0x960 [ 46.183210][ T6] __driver_probe_device+0x198/0x280 [ 46.188577][ T6] driver_probe_device+0x54/0x3e0 [ 46.193595][ T6] __device_attach_driver+0x2e9/0x4a0 [ 46.198999][ T6] bus_for_each_drv+0x183/0x210 [ 46.203849][ T6] __device_attach+0x2a2/0x400 [ 46.208690][ T6] device_initial_probe+0x1a/0x20 [ 46.213708][ T6] bus_probe_device+0xc0/0x1f0 [ 46.218471][ T6] device_add+0xb4d/0xef0 [ 46.222815][ T6] usb_new_device+0xa70/0x1520 [ 46.227595][ T6] hub_event+0x2850/0x4350 [ 46.232041][ T6] process_one_work+0x71f/0xc40 [ 46.236918][ T6] worker_thread+0xa29/0x11f0 [ 46.241592][ T6] kthread+0x281/0x320 [ 46.245669][ T6] ret_from_fork+0x1f/0x30 [ 46.250089][ T6] [ 46.252405][ T6] Freed by task 636: [ 46.256300][ T6] kasan_set_track+0x4b/0x70 [ 46.260891][ T6] kasan_save_free_info+0x31/0x50 [ 46.266021][ T6] ____kasan_slab_free+0x132/0x180 [ 46.271127][ T6] __kasan_slab_free+0x11/0x20 [ 46.275889][ T6] slab_free_freelist_hook+0xc2/0x190 [ 46.281264][ T6] __kmem_cache_free+0xb7/0x1b0 [ 46.286116][ T6] kfree+0x6f/0xf0 [ 46.289845][ T6] kvfree+0x35/0x40 [ 46.293652][ T6] netdev_freemem+0x3f/0x60 [ 46.298354][ T6] netdev_release+0x7f/0xb0 [ 46.302886][ T6] device_release+0xa4/0x1d0 [ 46.307475][ T6] kobject_put+0x19d/0x280 [ 46.311886][ T6] put_device+0x1f/0x30 [ 46.316034][ T6] free_netdev+0x392/0x490 [ 46.320452][ T6] usbnet_disconnect+0x25a/0x3b0 [ 46.325395][ T6] usb_unbind_interface+0x223/0x8d0 [ 46.330594][ T6] device_release_driver_internal+0x508/0x820 [ 46.336739][ T6] device_release_driver+0x19/0x20 [ 46.341865][ T6] bus_remove_device+0x2ee/0x350 [ 46.346820][ T6] device_del+0x6a4/0xeb0 [ 46.351147][ T6] usb_disable_device+0x3a8/0x750 [ 46.356178][ T6] usb_disconnect+0x31e/0x860 [ 46.360916][ T6] hub_event+0x1a78/0x4350 [ 46.365424][ T6] process_one_work+0x71f/0xc40 [ 46.370274][ T6] worker_thread+0xd2e/0x11f0 [ 46.374950][ T6] kthread+0x281/0x320 [ 46.379051][ T6] ret_from_fork+0x1f/0x30 [ 46.383475][ T6] [ 46.385794][ T6] Last potentially related work creation: [ 46.391498][ T6] kasan_save_stack+0x3a/0x60 [ 46.396179][ T6] __kasan_record_aux_stack+0xb6/0xc0 [ 46.401554][ T6] kasan_record_aux_stack_noalloc+0xb/0x10 [ 46.407391][ T6] insert_work+0x51/0x300 [ 46.411714][ T6] __queue_work+0x9b1/0xd30 [ 46.416240][ T6] queue_work_on+0xd2/0x140 [ 46.420750][ T6] usbnet_link_change+0x189/0x1b0 [ 46.425780][ T6] usbnet_probe+0x1d55/0x2780 [ 46.430456][ T6] usb_probe_interface+0x610/0xaf0 [ 46.435586][ T6] really_probe+0x2cb/0x960 [ 46.440086][ T6] __driver_probe_device+0x198/0x280 [ 46.445544][ T6] driver_probe_device+0x54/0x3e0 [ 46.450570][ T6] __device_attach_driver+0x2e9/0x4a0 [ 46.455960][ T6] bus_for_each_drv+0x183/0x210 [ 46.460820][ T6] __device_attach+0x2a2/0x400 [ 46.465578][ T6] device_initial_probe+0x1a/0x20 [ 46.470614][ T6] bus_probe_device+0xc0/0x1f0 [ 46.475430][ T6] device_add+0xb4d/0xef0 [ 46.479810][ T6] usb_set_configuration+0x19c2/0x1f10 [ 46.485302][ T6] usb_generic_driver_probe+0x91/0x150 [ 46.490805][ T6] usb_probe_device+0x159/0x270 [ 46.495705][ T6] really_probe+0x2cb/0x960 [ 46.500202][ T6] __driver_probe_device+0x198/0x280 [ 46.505518][ T6] driver_probe_device+0x54/0x3e0 [ 46.510638][ T6] __device_attach_driver+0x2e9/0x4a0 [ 46.516442][ T6] bus_for_each_drv+0x183/0x210 [ 46.521297][ T6] __device_attach+0x2a2/0x400 [ 46.526407][ T6] device_initial_probe+0x1a/0x20 [ 46.531429][ T6] bus_probe_device+0xc0/0x1f0 [ 46.536206][ T6] device_add+0xb4d/0xef0 [ 46.540623][ T6] usb_new_device+0xa70/0x1520 [ 46.545410][ T6] hub_event+0x2850/0x4350 [ 46.549820][ T6] process_one_work+0x71f/0xc40 [ 46.554664][ T6] worker_thread+0xa29/0x11f0 [ 46.559375][ T6] kthread+0x281/0x320 [ 46.563447][ T6] ret_from_fork+0x1f/0x30 [ 46.567881][ T6] [ 46.570198][ T6] The buggy address belongs to the object at ffff88810ff04000 [ 46.570198][ T6] which belongs to the cache kmalloc-4k of size 4096 [ 46.584256][ T6] The buggy address is located 3296 bytes inside of [ 46.584256][ T6] 4096-byte region [ffff88810ff04000, ffff88810ff05000) [ 46.597829][ T6] [ 46.600325][ T6] The buggy address belongs to the physical page: [ 46.606737][ T6] page:ffffea00043fc000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ff00 [ 46.617187][ T6] head:ffffea00043fc000 order:3 compound_mapcount:0 compound_pincount:0 [ 46.625522][ T6] flags: 0x4000000000010200(slab|head|zone=1) [ 46.631705][ T6] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 46.640391][ T6] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 46.649030][ T6] page dumped because: kasan: bad access detected [ 46.655490][ T6] page_owner tracks the page as allocated [ 46.661420][ T6] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 285, tgid 285 (syz-executor), ts 24130786319, free_ts 24123397310 [ 46.684443][ T6] post_alloc_hook+0x1f5/0x210 [ 46.689245][ T6] prep_new_page+0x1c/0x110 [ 46.693750][ T6] get_page_from_freelist+0x2c7b/0x2cf0 [ 46.699300][ T6] __alloc_pages+0x1c3/0x450 [ 46.703891][ T6] alloc_slab_page+0x6e/0xf0 [ 46.708490][ T6] new_slab+0x98/0x3d0 [ 46.712565][ T6] ___slab_alloc+0x6bd/0xb20 [ 46.717176][ T6] __slab_alloc+0x5e/0xa0 [ 46.721538][ T6] __kmem_cache_alloc_node+0x203/0x2c0 [ 46.727001][ T6] __kmalloc_node+0xa1/0x1e0 [ 46.731599][ T6] kvmalloc_node+0x294/0x480 [ 46.736184][ T6] alloc_netdev_mqs+0x8d/0xf90 [ 46.740970][ T6] rtnl_create_link+0x319/0xb10 [ 46.745843][ T6] rtnl_newlink+0x13b1/0x2030 [ 46.750538][ T6] rtnetlink_rcv_msg+0x9f4/0xcf0 [ 46.755481][ T6] netlink_rcv_skb+0x1f2/0x440 [ 46.760337][ T6] page last free stack trace: [ 46.765026][ T6] free_unref_page_prepare+0x742/0x750 [ 46.770510][ T6] free_unref_page+0x8f/0x530 [ 46.775182][ T6] __free_pages+0x67/0x100 [ 46.779598][ T6] __free_slab+0xca/0x1a0 [ 46.784363][ T6] __unfreeze_partials+0x160/0x190 [ 46.789576][ T6] put_cpu_partial+0xa9/0x100 [ 46.794262][ T6] __slab_free+0x1c4/0x280 [ 46.798679][ T6] ___cache_free+0xbf/0xd0 [ 46.803091][ T6] qlist_free_all+0xc6/0x140 [ 46.807693][ T6] kasan_quarantine_reduce+0x14a/0x170 [ 46.813192][ T6] __kasan_slab_alloc+0x24/0x80 [ 46.818078][ T6] slab_post_alloc_hook+0x4f/0x2d0 [ 46.823296][ T6] kmem_cache_alloc_node+0x181/0x340 [ 46.828606][ T6] __alloc_skb+0xea/0x4b0 [ 46.832939][ T6] netlink_ack+0x372/0x1100 [ 46.837438][ T6] netlink_rcv_skb+0x277/0x440 [ 46.842199][ T6] [ 46.844533][ T6] Memory state around the buggy address: [ 46.850167][ T6] ffff88810ff04b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.858679][ T6] ffff88810ff04c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.866741][ T6] >ffff88810ff04c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.874812][ T6] ^ [ 46.882059][ T6] ffff88810ff04d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.890219][ T6] ffff88810ff04d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.898304][ T6] ================================================================== [ 46.906364][ T6] Disabling lock debugging due to kernel taint [ 46.931881][ T28] audit: type=1400 audit(1767816920.757:315): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 46.980746][ T28] audit: type=1400 audit(1767816920.757:316): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 47.002720][ T28] audit: type=1400 audit(1767816920.757:317): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 47.034285][ T39] usb 3-1: USB disconnect, device number 5 [ 47.171900][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 47.351869][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 47.358277][ T24] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 47.366810][ T24] usb 2-1: config 0 has no interface number 0 [ 47.374713][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 47.383830][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 47.391980][ T24] usb 2-1: Product: syz [ 47.396149][ T24] usb 2-1: Manufacturer: syz [ 47.400738][ T24] usb 2-1: SerialNumber: syz [ 47.406459][ T24] usb 2-1: config 0 descriptor?? [ 47.614465][ T24] usb 2-1: Found UVC 0.04 device syz (046d:08c3) [ 47.620881][ T24] usb 2-1: No valid video chain found. [ 47.627144][ T24] usb 2-1: USB disconnect, device number 7