last executing test programs: 7.78225797s ago: executing program 0 (id=284): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setsig(0x4203, r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x9}) 6.549128369s ago: executing program 0 (id=284): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setsig(0x4203, r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x9}) 4.927135762s ago: executing program 0 (id=284): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setsig(0x4203, r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x9}) 3.511661483s ago: executing program 0 (id=284): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setsig(0x4203, r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x9}) 2.358436751s ago: executing program 3 (id=376): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000005640)=[{&(0x7f0000000040)="e0", 0x1}], 0x1}, 0x0) recvmmsg(r1, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000003c0)=""/26, 0x1a}], 0x1, &(0x7f0000000340)=""/5, 0x5}, 0x2}], 0x1, 0x21, 0x0) 2.306006382s ago: executing program 3 (id=377): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0) 2.240128732s ago: executing program 3 (id=378): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) munlock(&(0x7f0000ee5000/0x1000)=nil, 0x1000) munlock(&(0x7f0000f4b000/0x2000)=nil, 0x2000) mremap(&(0x7f0000e1b000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000f2b000/0x4000)=nil) munlockall() 2.218645963s ago: executing program 3 (id=379): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x44, &(0x7f0000000080)=[@efer={0x2, 0xc00}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.987908154s ago: executing program 3 (id=383): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x81b}) 1.908124115s ago: executing program 0 (id=284): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setsig(0x4203, r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x9}) 1.051200342s ago: executing program 3 (id=387): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x80000) syz_usb_disconnect(r0) r1 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)=ANY=[@ANYBLOB="120100000200001025050008000001020301090244000101000000090400eb0302060000052406000005240000000d240f01000000000000000000090581030004a7030309058202ff0300000009050302ff"], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) syz_usb_control_io(r1, 0x0, 0x0) 904.365603ms ago: executing program 4 (id=398): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ID={0x8, 0x6, 0xffffffff}, @NHA_OIF={0x8, 0x5, r2}]}, 0x28}}, 0x0) 875.415653ms ago: executing program 4 (id=400): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000a2f000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f00005b7000/0x3000)=nil) madvise(&(0x7f000056f000/0x2000)=nil, 0x2000, 0x1) mremap(&(0x7f0000371000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) 857.940723ms ago: executing program 4 (id=401): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) io_setup(0x7ff, &(0x7f0000002080)=0x0) io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000040)=[{}], 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) io_submit(r0, 0x1, &(0x7f0000000680)=[&(0x7f0000002140)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 631.578245ms ago: executing program 4 (id=404): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0xfdcd, 0x0, @wg=@data}}}}}, 0x0) 558.351426ms ago: executing program 4 (id=408): syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @random="9d6f61fa0700", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}}}}}}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001439) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x2000000b) 461.654566ms ago: executing program 4 (id=413): syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0xe, 0x141341) syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc00c5512, &(0x7f0000000200)) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000b40)={{{0x1, 0x1}}, 0x0, 0x8000, 0x0}) 204.780838ms ago: executing program 2 (id=419): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)={0x20, r1, 0x333, 0x0, 0x0, {0x1c}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0) 191.988788ms ago: executing program 1 (id=420): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) getpriority(0x2, 0x0) 159.705279ms ago: executing program 2 (id=421): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r1}, 0x10) socketpair(0x11, 0xa, 0x0, &(0x7f0000001080)) 144.889079ms ago: executing program 1 (id=422): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000004000000df7f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) getrandom(0x0, 0x0, 0x3) 110.376829ms ago: executing program 2 (id=423): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) write$tcp_congestion(r0, 0x0, 0x0) 97.368949ms ago: executing program 1 (id=424): r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) r3 = pidfd_getfd(r1, r2, 0x0) readlinkat(r3, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) 75.950039ms ago: executing program 2 (id=425): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x18) timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 67.020459ms ago: executing program 1 (id=426): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000fc0)=@nat={'nat\x00', 0x19, 0x3, 0xcaa, [0x20000300, 0x0, 0x0, 0x20000330, 0x20000360], 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000008000000808a67656e6576653100000000000000000070696d36726567300000000000000000677265746170300000000000000000007866726d300000000000000000000000000000000000ffffff00ffffaaaaaaaaaabbff0000ff0000ae000000ae000000e600000071756f74610000000000000000000000000000000000000000000000000000001800000000000000010000000000000006000000000000000900000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff00001000000000000000110000000100000000106361696630000000000000000000000070696d72656730000000000000000000766c616e30000000000000000000000076657468305f746f5f62617461647600bbbbbbbbbbbbff0000000000bbbbbbbbbbbbff00ffff00ff2e090000660900009e0900003830325f330000000000000000000000000000000000000000000000000000000800000000000000bc00000704040000616d6f6e6700000000000000000000000000000000000000000000000000000068080000000000000c000000000000000200000009000000050000000900000002000000060000000600000001000000bf0000003f6c000009000000040000008554000008000000e20000000e00000002000000c90b000004000000030000000100010001040000f0fc00000000000003000000050000000900000062000000413d000000000000050000003a04000003000000000800000a00000007000000080000001df9ffff06000000ff1200008100000002000000090000000900000003000000ffffffff1f0000000200000002000000010000007e0000001b33406805000000060000000300000004000000ff0100000100000007000000020000000400000000000100"]}, 0x3b4) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x46, 0x2}}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x1b18) ioctl$EVIOCGKEY(r0, 0x80404518, 0x0) 39.521539ms ago: executing program 2 (id=427): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x9) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x7fffffff, 0x0, 0x0, 0x0, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"}) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xd) 32.996769ms ago: executing program 1 (id=428): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) eventfd2(0xf, 0x1) 17.9935ms ago: executing program 0 (id=284): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setsig(0x4203, r0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x9}) 7.087409ms ago: executing program 1 (id=429): openat(0xffffffffffffff9c, 0x0, 0x2000, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = memfd_create(&(0x7f0000000c00)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5Zy\xc2\x964\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0\xeb\v\xf8r\x10 >p\x95=N\xbepd\x99\xf9\x86k\xdf\xc7w\xff\x8f\x98\xd8\xe0C\xb2-[}\xb6\x88E5\xa0\xf9\x9f@I;\fn\xed\'\xe2\xf0\xe7_\xfa\x91\xba\x81\xbb\xda\xde\\\x98#g\xd1\xbb2\xd1WI\f\x9e\t\xe8\x1c{\xcd\x905\f=\xfe\'\x1ax\x91\xb7sB\xecN\x8e\x97$75\x16\xaaJ\x1e\'P\x12_D\xa2\x19dC(\xb4\xb8\x87]\x91\xefggP\x7f\xc4\a\xff\xcc\x19\x15\xae8m;nH\x9c\xda\x95\xf6\xe8F\x99\x99\x92M\xd0\xe5:\xcb\x19\xb4\xd2\xc5V\x8f\x8a\x1f\xe6\xc0\xfb$\xe9d\xe3\v', 0x0) write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0', [{}, {}]}, 0xd) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 0s ago: executing program 2 (id=430): syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffec, 0x0, 0x0, 0x0, 0x80}}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x203, @dev={0xfe, 0x80, '\x00', 0x34}}, 0x1c) setsockopt$inet6_buf(r0, 0x29, 0x22, &(0x7f0000000000), 0x6b) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. [ 21.889247][ T28] audit: type=1400 audit(1733167933.215:66): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.890492][ T282] cgroup: Unknown subsys name 'net' [ 21.911737][ T28] audit: type=1400 audit(1733167933.215:67): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.938628][ T28] audit: type=1400 audit(1733167933.235:68): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.938774][ T282] cgroup: Unknown subsys name 'devices' [ 22.080565][ T282] cgroup: Unknown subsys name 'hugetlb' [ 22.086105][ T282] cgroup: Unknown subsys name 'rlimit' [ 22.221492][ T28] audit: type=1400 audit(1733167933.545:69): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.244475][ T28] audit: type=1400 audit(1733167933.545:70): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.268941][ T28] audit: type=1400 audit(1733167933.545:71): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.297763][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.306811][ T28] audit: type=1400 audit(1733167933.635:72): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.332056][ T28] audit: type=1400 audit(1733167933.635:73): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.372091][ T28] audit: type=1400 audit(1733167933.695:74): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.397471][ T28] audit: type=1400 audit(1733167933.695:75): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.397590][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.285276][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.292212][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.299551][ T295] device bridge_slave_0 entered promiscuous mode [ 23.320513][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.327360][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.334741][ T295] device bridge_slave_1 entered promiscuous mode [ 23.341177][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.348015][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.355335][ T296] device bridge_slave_0 entered promiscuous mode [ 23.363366][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.370229][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.377408][ T294] device bridge_slave_0 entered promiscuous mode [ 23.389145][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.395984][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.403327][ T296] device bridge_slave_1 entered promiscuous mode [ 23.411396][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.418239][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.425626][ T294] device bridge_slave_1 entered promiscuous mode [ 23.475166][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.482096][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.489611][ T293] device bridge_slave_0 entered promiscuous mode [ 23.496240][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.503148][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.510476][ T292] device bridge_slave_0 entered promiscuous mode [ 23.524507][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.531421][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.538758][ T293] device bridge_slave_1 entered promiscuous mode [ 23.545075][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.551968][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.559428][ T292] device bridge_slave_1 entered promiscuous mode [ 23.772109][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.778982][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.786078][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.792880][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.805373][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.812248][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.819342][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.826115][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.837465][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.844331][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.851434][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.858285][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.873696][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.880557][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.887646][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.894456][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.933616][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.940712][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.947654][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.955096][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.962553][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.969691][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.977053][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.984317][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.991736][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.017759][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.025992][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.032845][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.040146][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.048134][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.054986][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.075624][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.083405][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.100454][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.107918][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.116093][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.122942][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.130207][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.137460][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.159345][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.167447][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.175545][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.182381][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.189738][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.197473][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.206982][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.215681][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.222528][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.240468][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.247705][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.255069][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.263132][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.269987][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.277648][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.285751][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.292599][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.318534][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.325871][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.333293][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.343126][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.351418][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.358409][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.365704][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.373508][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.381404][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.389857][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.397895][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.404748][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.411996][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.420452][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.428498][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.435338][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.442719][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.450682][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.458614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.466453][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.474321][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.481781][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.489259][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.496652][ T293] device veth0_vlan entered promiscuous mode [ 24.512954][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.521398][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.534591][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.542894][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.551291][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.566930][ T295] device veth0_vlan entered promiscuous mode [ 24.576509][ T293] device veth1_macvtap entered promiscuous mode [ 24.585720][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.593679][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.601831][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.610211][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.618724][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.626340][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.634369][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.641752][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.654891][ T296] device veth0_vlan entered promiscuous mode [ 24.666984][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.674879][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.683470][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.691615][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.699612][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.707469][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.715555][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.722959][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.730851][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.738892][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.753044][ T296] device veth1_macvtap entered promiscuous mode [ 24.760271][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.768912][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.777085][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.785358][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.793561][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.801149][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.809520][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.823918][ T295] device veth1_macvtap entered promiscuous mode [ 24.842761][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.851211][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.860365][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.868903][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.877003][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.888677][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.896767][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.907519][ T294] device veth0_vlan entered promiscuous mode [ 24.928267][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.936899][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.945668][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.954672][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.963215][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.971862][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.992624][ T294] device veth1_macvtap entered promiscuous mode [ 25.000746][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.008749][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.016052][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.024315][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.032675][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.041246][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.049454][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.057082][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.065177][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.072533][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.082845][ T292] device veth0_vlan entered promiscuous mode [ 25.108633][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.126014][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.135781][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.145556][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.164563][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.191550][ T292] device veth1_macvtap entered promiscuous mode [ 25.199859][ T328] netlink: 'syz.3.4': attribute type 15 has an invalid length. [ 25.211075][ T328] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 25.238286][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.246523][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.257775][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.280373][ T343] x_tables: duplicate underflow at hook 4 [ 25.281465][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.363496][ T354] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.386952][ T357] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 25.420217][ T359] syz.4.20 (359) used greatest stack depth: 20552 bytes left [ 25.808863][ T409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.43'. [ 25.834047][ T409] netlink: 48 bytes leftover after parsing attributes in process `syz.4.43'. [ 26.007801][ T385] loop1: detected capacity change from 0 to 40427 [ 26.064967][ T385] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 26.079152][ T385] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 26.101408][ T385] F2FS-fs (loop1): invalid crc value [ 26.124901][ T385] F2FS-fs (loop1): Found nat_bits in checkpoint [ 26.134059][ T398] loop0: detected capacity change from 0 to 40427 [ 26.162944][ T398] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 26.183152][ T398] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.211479][ T398] F2FS-fs (loop0): invalid crc value [ 26.237870][ T385] F2FS-fs (loop1): Start checkpoint disabled! [ 26.254774][ T398] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 26.269812][ T385] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 26.276719][ T385] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 26.325892][ T398] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 26.335723][ T398] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 26.401394][ T444] loop4: detected capacity change from 0 to 1024 [ 26.440618][ T444] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 26.501872][ T296] EXT4-fs (loop4): unmounting filesystem. [ 26.553820][ T10] kworker/u4:1: attempt to access beyond end of device [ 26.553820][ T10] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 26.812276][ T460] loop1: detected capacity change from 0 to 4096 [ 26.827634][ T460] EXT4-fs: Ignoring removed nomblk_io_submit option [ 26.848820][ T460] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 26.889329][ T460] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 26.916930][ T28] kauditd_printk_skb: 87 callbacks suppressed [ 26.916946][ T28] audit: type=1400 audit(1733167938.235:163): avc: denied { remove_name } for pid=459 comm="syz.1.58" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 26.946995][ T460] EXT4-fs error (device loop1): ext4_get_first_dir_block:3603: inode #12: block 80: comm syz.1.58: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 27.018990][ T472] loop0: detected capacity change from 0 to 1024 [ 27.054278][ T460] EXT4-fs (loop1): Remounting filesystem read-only [ 27.071178][ T474] loop2: detected capacity change from 0 to 512 [ 27.076081][ T28] audit: type=1400 audit(1733167938.265:164): avc: denied { rename } for pid=459 comm="syz.1.58" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.099379][ T472] EXT4-fs: Ignoring removed nomblk_io_submit option [ 27.100409][ T460] EXT4-fs error (device loop1): ext4_get_first_dir_block:3605: inode #12: comm syz.1.58: directory missing '..' [ 27.117647][ T472] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.131849][ T472] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 27.145188][ T460] EXT4-fs (loop1): Remounting filesystem read-only [ 27.152982][ T474] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 27.154076][ T452] loop4: detected capacity change from 0 to 40427 [ 27.164438][ T472] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 27.168661][ T28] audit: type=1400 audit(1733167938.265:165): avc: denied { unlink } for pid=459 comm="syz.1.58" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.178446][ T474] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 27.221656][ T474] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 27.235580][ T28] audit: type=1400 audit(1733167938.265:166): avc: denied { rename } for pid=459 comm="syz.1.58" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.257912][ T294] EXT4-fs (loop2): unmounting filesystem. [ 27.258485][ T452] F2FS-fs (loop4): fault_injection options not supported [ 27.270640][ T452] F2FS-fs (loop4): Image doesn't support compression [ 27.277524][ T452] F2FS-fs (loop4): fault_type options not supported [ 27.285818][ T292] EXT4-fs (loop1): unmounting filesystem. [ 27.286653][ T28] audit: type=1400 audit(1733167938.265:167): avc: denied { rmdir } for pid=459 comm="syz.1.58" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.314657][ T28] audit: type=1400 audit(1733167938.545:168): avc: denied { remount } for pid=473 comm="syz.2.68" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 27.333831][ T452] F2FS-fs (loop4): invalid crc value [ 27.341356][ T28] audit: type=1400 audit(1733167938.545:169): avc: denied { read } for pid=471 comm="syz.0.67" name="file0" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.363432][ T293] EXT4-fs (loop0): unmounting filesystem. [ 27.370323][ T28] audit: type=1400 audit(1733167938.545:170): avc: denied { watch watch_reads } for pid=471 comm="syz.0.67" path="/20/bus/file0/file0" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 27.401313][ T452] F2FS-fs (loop4): Found nat_bits in checkpoint [ 27.458723][ T28] audit: type=1400 audit(1733167938.545:171): avc: denied { mounton } for pid=471 comm="syz.0.67" path="/20/bus/file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.502854][ T28] audit: type=1400 audit(1733167938.545:172): avc: denied { create } for pid=471 comm="syz.0.67" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 27.549573][ T452] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 27.629070][ T495] loop3: detected capacity change from 0 to 512 [ 27.635827][ T495] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 27.649283][ T296] syz-executor: attempt to access beyond end of device [ 27.649283][ T296] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 27.663305][ T495] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 27.683823][ T495] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c019, mo2=0002] [ 27.697893][ T495] System zones: 1-12 [ 27.704513][ T495] EXT4-fs (loop3): 1 truncate cleaned up [ 27.712772][ T495] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 27.713876][ T498] loop1: detected capacity change from 0 to 128 [ 27.728607][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.758154][ T295] EXT4-fs (loop3): unmounting filesystem. [ 27.800279][ T498] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 27.809851][ T498] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 27.828582][ T498] ext2 filesystem being mounted at /9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 27.887328][ T292] EXT4-fs (loop1): unmounting filesystem. [ 27.908409][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 27.923092][ T24] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 27.946435][ T514] netlink: 8 bytes leftover after parsing attributes in process `syz.4.75'. [ 27.959831][ T24] usb 1-1: config 179 has no interface number 0 [ 27.964678][ T514] netlink: 8 bytes leftover after parsing attributes in process `syz.4.75'. [ 27.966363][ T24] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 27.985435][ T514] netlink: 2 bytes leftover after parsing attributes in process `syz.4.75'. [ 28.000325][ T24] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 28.025237][ T24] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 28.042420][ T24] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 28.070385][ T24] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 28.083887][ T24] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 28.097931][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.128634][ T484] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 28.225567][ T539] loop4: detected capacity change from 0 to 1024 [ 28.257026][ T539] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 28.315464][ T539] EXT4-fs (loop4): shut down requested (0) [ 28.353585][ T24] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input4 [ 28.368158][ T296] EXT4-fs (loop4): unmounting filesystem. [ 28.397333][ T558] loop1: detected capacity change from 0 to 256 [ 28.438057][ T558] FAT-fs (loop1): Directory bread(block 64) failed [ 28.450949][ T558] FAT-fs (loop1): Directory bread(block 65) failed [ 28.460331][ T558] FAT-fs (loop1): Directory bread(block 66) failed [ 28.466865][ T558] FAT-fs (loop1): Directory bread(block 67) failed [ 28.473690][ T558] FAT-fs (loop1): Directory bread(block 68) failed [ 28.480463][ T558] FAT-fs (loop1): Directory bread(block 69) failed [ 28.501976][ T558] FAT-fs (loop1): Directory bread(block 70) failed [ 28.508700][ T558] FAT-fs (loop1): Directory bread(block 71) failed [ 28.515144][ T558] FAT-fs (loop1): Directory bread(block 72) failed [ 28.522078][ T558] FAT-fs (loop1): Directory bread(block 73) failed [ 28.558613][ T484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 28.575554][ T484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 28.668215][ T572] overlayfs: invalid origin (0000) [ 28.675797][ T574] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=574 comm=syz.1.108 [ 28.736088][ T576] ======================================================= [ 28.736088][ T576] WARNING: The mand mount option has been deprecated and [ 28.736088][ T576] and is ignored by this kernel. Remove the mand [ 28.736088][ T576] option from the mount to silence this warning. [ 28.736088][ T576] ======================================================= [ 28.803639][ T24] usb 1-1: USB disconnect, device number 2 [ 28.803679][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 28.817513][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 28.881415][ T24] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 28.900827][ T39] kernel write not supported for file /input/event0 (pid: 39 comm: kworker/1:1) [ 29.031678][ T610] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 29.054761][ T610] F2FS-fs (loop7): Unable to read 1th superblock [ 29.061945][ T610] I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 29.071267][ T610] F2FS-fs (loop7): Unable to read 2th superblock [ 29.111783][ T617] loop1: detected capacity change from 0 to 128 [ 29.124172][ T618] loop3: detected capacity change from 0 to 512 [ 29.142403][ T618] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 29.153458][ T621] input input5: cannot allocate more than FF_MAX_EFFECTS effects [ 29.161760][ T617] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 29.188813][ T617] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.207137][ T618] EXT4-fs (loop3): 1 truncate cleaned up [ 29.213038][ T618] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 29.263686][ T292] EXT4-fs (loop1): unmounting filesystem. [ 29.305662][ T295] EXT4-fs (loop3): unmounting filesystem. [ 29.428649][ T645] loop1: detected capacity change from 0 to 1024 [ 29.430943][ T644] cgroup: fork rejected by pids controller in /syz0 [ 29.457254][ T568] loop2: detected capacity change from 0 to 131072 [ 29.482622][ T645] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 29.500152][ T568] F2FS-fs (loop2): Found nat_bits in checkpoint [ 29.527748][ T645] EXT4-fs (loop1): shut down requested (0) [ 29.568566][ T292] EXT4-fs (loop1): unmounting filesystem. [ 29.583272][ T568] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 29.654071][ T670] IPv6: NLM_F_CREATE should be specified when creating new route [ 29.758363][ T318] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 29.884745][ T675] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.892302][ T675] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.899832][ T675] device bridge_slave_0 entered promiscuous mode [ 29.909162][ T675] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.916375][ T675] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.924181][ T675] device bridge_slave_1 entered promiscuous mode [ 29.949507][ T318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 29.967154][ T318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.976898][ T318] usb 4-1: New USB device found, idVendor=1b96, idProduct=0004, bcdDevice= 0.00 [ 29.986591][ T318] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.997212][ T318] usb 4-1: config 0 descriptor?? [ 30.010204][ T687] netlink: 24 bytes leftover after parsing attributes in process `syz.2.154'. [ 30.036831][ T691] loop2: detected capacity change from 0 to 256 [ 30.053073][ T691] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 30.095788][ T675] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.102689][ T675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.109776][ T675] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.116535][ T675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.129838][ T333] device bridge_slave_1 left promiscuous mode [ 30.135874][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.143867][ T333] device bridge_slave_0 left promiscuous mode [ 30.150153][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.158092][ T333] device veth1_macvtap left promiscuous mode [ 30.163970][ T333] device veth0_vlan left promiscuous mode [ 30.283222][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.291003][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.298672][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.308209][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.316550][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.323424][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.332756][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.340888][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.347720][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.362145][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.368421][ T19] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.379797][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.397739][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.410194][ T318] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 30.413928][ T675] device veth0_vlan entered promiscuous mode [ 30.416920][ T318] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 30.424411][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.437727][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.439960][ T696] loop4: detected capacity change from 0 to 256 [ 30.445964][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.457901][ T318] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 30.466141][ T318] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 30.466646][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.476572][ T696] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 30.482222][ T675] device veth1_macvtap entered promiscuous mode [ 30.499228][ T318] ntrig 0003:1B96:0004.0001: hidraw0: USB HID v40.00 Device [HID 1b96:0004] on usb-dummy_hcd.3-1/input0 [ 30.512239][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.534642][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.552099][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.573057][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.595010][ T19] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 30.607291][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.624770][ T318] usb 4-1: USB disconnect, device number 2 [ 30.636338][ T19] usb 3-1: config 0 descriptor?? [ 30.753854][ T720] input: syz1 as /devices/virtual/input/input6 [ 30.857662][ T732] netlink: 16 bytes leftover after parsing attributes in process `syz.4.170'. [ 30.867365][ T732] Zero length message leads to an empty skb [ 31.046058][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 31.054237][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 31.063493][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 31.071677][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 31.079872][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 31.090802][ T19] logitech-hidpp-device 0003:046D:C086.0002: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.2-1/input0 [ 31.139133][ T760] random: crng reseeded on system resumption [ 31.254971][ T39] usb 3-1: USB disconnect, device number 2 [ 31.309366][ T783] loop4: detected capacity change from 0 to 256 [ 31.320103][ T783] exfat: Deprecated parameter 'utf8' [ 31.330170][ T783] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 31.343120][ T788] Illegal XDP return value 4294967274 on prog (id 79) dev syz_tun, expect packet loss! [ 31.464928][ T807] netlink: 12 bytes leftover after parsing attributes in process `syz.3.204'. [ 31.608141][ T808] loop4: detected capacity change from 0 to 40427 [ 31.615624][ T808] F2FS-fs (loop4): fault_injection options not supported [ 31.627707][ T808] F2FS-fs (loop4): invalid crc value [ 31.634011][ T808] F2FS-fs (loop4): Found nat_bits in checkpoint [ 31.669361][ T808] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 31.693997][ T808] syz.4.205: attempt to access beyond end of device [ 31.693997][ T808] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 31.713442][ T296] syz-executor: attempt to access beyond end of device [ 31.713442][ T296] loop4: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 31.918523][ T28] kauditd_printk_skb: 88 callbacks suppressed [ 31.918538][ T28] audit: type=1400 audit(1733167943.245:261): avc: denied { lock } for pid=836 comm="syz.2.216" path="socket:[18605]" dev="sockfs" ino=18605 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 31.959120][ T839] syz.3.217 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 31.981594][ T841] loop3: detected capacity change from 0 to 512 [ 31.988237][ T841] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 31.999150][ T841] EXT4-fs (loop3): orphan cleanup on readonly fs [ 32.013360][ T841] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:511: comm syz.3.218: Block bitmap for bg 0 marked uninitialized [ 32.027377][ T841] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 32.036860][ T841] EXT4-fs (loop3): 1 orphan inode deleted [ 32.041893][ T848] loop1: detected capacity change from 0 to 512 [ 32.042892][ T841] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 32.064099][ T848] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 32.073075][ T848] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.104741][ T854] input: syz0 as /devices/virtual/input/input7 [ 32.111231][ T295] EXT4-fs (loop3): unmounting filesystem. [ 32.119545][ T848] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 32.144129][ T858] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 32.153955][ T292] EXT4-fs (loop1): unmounting filesystem. [ 32.298371][ T700] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 32.427043][ T860] loop0: detected capacity change from 0 to 40427 [ 32.433996][ T860] F2FS-fs (loop0): fault_injection options not supported [ 32.441694][ T860] F2FS-fs (loop0): Image doesn't support compression [ 32.448242][ T860] F2FS-fs (loop0): Image doesn't support compression [ 32.455644][ T860] F2FS-fs (loop0): invalid crc value [ 32.462298][ T860] F2FS-fs (loop0): Found nat_bits in checkpoint [ 32.478432][ T700] usb 5-1: Using ep0 maxpacket: 32 [ 32.490779][ T700] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 32.510066][ T700] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.518048][ T700] usb 5-1: Product: syz [ 32.522403][ T700] usb 5-1: Manufacturer: syz [ 32.526834][ T700] usb 5-1: SerialNumber: syz [ 32.533080][ T860] F2FS-fs (loop0): Start checkpoint disabled! [ 32.539683][ T860] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 32.542136][ T700] usb 5-1: config 0 descriptor?? [ 32.609211][ T8] kworker/u4:0: attempt to access beyond end of device [ 32.609211][ T8] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 32.638508][ T39] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 32.716270][ T883] loop1: detected capacity change from 0 to 512 [ 32.724366][ T28] audit: type=1400 audit(1733167944.045:262): avc: denied { write } for pid=884 comm="syz.0.236" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 32.749885][ T883] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 32.762974][ T883] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 32.776445][ T883] EXT4-fs (loop1): 1 truncate cleaned up [ 32.782088][ T883] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 32.801013][ T28] audit: type=1400 audit(1733167944.125:263): avc: denied { ioctl } for pid=882 comm="syz.1.235" path="/59/bus/file1" dev="loop1" ino=15 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.825910][ T292] EXT4-fs (loop1): unmounting filesystem. [ 32.831609][ T39] usb 4-1: Using ep0 maxpacket: 8 [ 32.837729][ T39] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 32.855113][ T889] loop1: detected capacity change from 0 to 512 [ 32.861577][ T39] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 32.871568][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 32.879807][ T39] usb 4-1: SerialNumber: syz [ 32.882153][ T889] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 32.885064][ T39] usb 4-1: config 0 descriptor?? [ 32.893095][ T889] ext4 filesystem being mounted at /60/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.899893][ T39] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 32.917383][ T39] usb 4-1: No valid video chain found. [ 32.920683][ T889] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.237: corrupted inode contents [ 32.935500][ T889] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #2: comm syz.1.237: mark_inode_dirty error [ 32.952203][ T889] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.237: corrupted inode contents [ 32.964060][ T889] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.237: mark_inode_dirty error [ 32.987831][ T292] EXT4-fs (loop1): unmounting filesystem. [ 33.106683][ T318] usb 4-1: USB disconnect, device number 3 [ 33.133077][ T911] loop0: detected capacity change from 0 to 512 [ 33.140121][ T911] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 33.160870][ T911] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 33.169919][ T911] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.180987][ T700] (unnamed net_device) (uninitialized): Assigned a random MAC address: a6:8a:a9:b6:1a:f8 [ 33.192621][ T700] rtl8150 5-1:0.0: eth1: rtl8150 is detected [ 33.200704][ T700] usb 5-1: USB disconnect, device number 2 [ 33.206351][ T28] audit: type=1400 audit(1733167944.525:264): avc: denied { read } for pid=140 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 33.233988][ T911] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 33.249228][ T911] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 32768 with max blocks 1 with error 28 [ 33.261751][ T911] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.261751][ T911] [ 33.275780][ T911] EXT4-fs (loop0): Total free blocks count 0 [ 33.281823][ T911] EXT4-fs (loop0): Free/Dirty block details [ 33.288081][ T911] EXT4-fs (loop0): free_blocks=39626 [ 33.293394][ T911] EXT4-fs (loop0): dirty_blocks=1 [ 33.298499][ T911] EXT4-fs (loop0): Block reservation details [ 33.304384][ T911] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 33.308423][ T19] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 33.326542][ T675] EXT4-fs (loop0): unmounting filesystem. [ 33.488393][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 33.490212][ T28] audit: type=1400 audit(1733167944.815:265): avc: denied { execute } for pid=944 comm="syz.0.247" path="/18/cpu.stat" dev="tmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 33.493399][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 33.517437][ T28] audit: type=1400 audit(1733167944.845:266): avc: denied { getopt } for pid=944 comm="syz.0.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 33.524840][ T19] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 33.562818][ T19] usb 3-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 33.577294][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.585200][ T19] usb 3-1: Product: syz [ 33.589169][ T19] usb 3-1: Manufacturer: syz [ 33.593529][ T19] usb 3-1: SerialNumber: syz [ 33.599270][ T19] usb 3-1: config 0 descriptor?? [ 33.666332][ T28] audit: type=1400 audit(1733167944.985:267): avc: denied { setopt } for pid=955 comm="syz.3.252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 33.674325][ T958] loop0: detected capacity change from 0 to 256 [ 33.698426][ T6] usb 2-1: Using ep0 maxpacket: 8 [ 33.711280][ T6] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 33.711652][ T28] audit: type=1400 audit(1733167945.035:268): avc: denied { ioctl } for pid=959 comm=6C2586CE36DB0CCF197CC94F7FCE8F path="socket:[18374]" dev="sockfs" ino=18374 ioctlcmd=0x48e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 33.733152][ T6] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.57 [ 33.759661][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 33.767886][ T6] usb 2-1: SerialNumber: syz [ 33.789099][ T6] cdc_ether 2-1:1.0: skipping garbage [ 33.794336][ T6] usb 2-1: bad CDC descriptors [ 34.009177][ T19] usb 3-1: Found UVC 0.00 device syz (045e:0721) [ 34.015398][ T19] usb 3-1: No valid video chain found. [ 34.028261][ T19] usb 3-1: USB disconnect, device number 3 [ 34.205708][ T897] raw-gadget.0 gadget.1: fail, usb_ep_set_wedge returned -11 [ 34.213386][ T594] usb 2-1: USB disconnect, device number 2 [ 34.399954][ T28] audit: type=1326 audit(1733167945.725:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=967 comm="syz.4.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50d17ff19 code=0x7fc00000 [ 34.535674][ T28] audit: type=1400 audit(1733167945.855:270): avc: denied { append } for pid=971 comm="syz.2.258" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 34.647574][ T979] mmap: syz.2.261 (979) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 34.722913][ T986] device wireguard0 entered promiscuous mode [ 34.790078][ T993] loop0: detected capacity change from 0 to 16 [ 34.805166][ T993] erofs: (device loop0): mounted with root inode @ nid 36. [ 35.098455][ T39] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 35.218428][ T19] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 35.278417][ T39] usb 3-1: Using ep0 maxpacket: 8 [ 35.284499][ T39] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 35.292981][ T39] usb 3-1: config 179 has no interface number 0 [ 35.299130][ T39] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 35.310025][ T39] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 35.321622][ T39] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 35.332693][ T39] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 35.343885][ T39] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 35.357044][ T39] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 35.365907][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.374672][ T997] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 35.411759][ T19] usb 1-1: unable to get BOS descriptor or descriptor too short [ 35.419991][ T19] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 35.427475][ T19] usb 1-1: can't read configurations, error -71 [ 35.528399][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 35.591296][ T39] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input8 [ 35.728516][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 35.734524][ T24] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 35.743527][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.752341][ T24] usb 5-1: config 0 descriptor?? [ 35.794610][ T997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.804701][ T997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.019948][ T39] usb 3-1: USB disconnect, device number 4 [ 36.025647][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 36.025689][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 36.061060][ T39] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 36.170992][ T1031] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.177918][ T1031] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.185289][ T1031] device bridge_slave_0 entered promiscuous mode [ 36.192258][ T1031] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.199567][ T1031] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.206880][ T1031] device bridge_slave_1 entered promiscuous mode [ 36.289960][ T1031] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.296848][ T1031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.304074][ T1031] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.311040][ T1031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.341788][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.349441][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.356699][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.375635][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.383748][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.390652][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.398877][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.406951][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.413836][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.440219][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.448152][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.450912][ T1036] loop1: detected capacity change from 0 to 40427 [ 36.476136][ T1036] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 36.483764][ T1036] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 36.483953][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.493402][ T1036] F2FS-fs (loop1): invalid crc value [ 36.505466][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.513710][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.515329][ T1036] F2FS-fs (loop1): Found nat_bits in checkpoint [ 36.521548][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.539090][ T1031] device veth0_vlan entered promiscuous mode [ 36.561199][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.570528][ T1040] x_tables: ip_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 36.581272][ T1031] device veth1_macvtap entered promiscuous mode [ 36.592610][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.619863][ T8] device bridge_slave_1 left promiscuous mode [ 36.626077][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.633840][ T1036] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 36.634146][ T8] device bridge_slave_0 left promiscuous mode [ 36.643922][ T1036] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 36.647231][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.674467][ T8] device veth1_macvtap left promiscuous mode [ 36.680803][ T8] device veth0_vlan left promiscuous mode [ 36.700050][ T1036] syz.1.285: attempt to access beyond end of device [ 36.700050][ T1036] loop1: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 36.714064][ T1036] syz.1.285: attempt to access beyond end of device [ 36.714064][ T1036] loop1: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 36.728680][ T1036] F2FS-fs (loop1): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 36.728712][ T1036] F2FS-fs (loop1): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 36.761290][ T24] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 36.792130][ T24] asix: probe of 5-1:0.0 failed with error -71 [ 36.799551][ T24] usb 5-1: USB disconnect, device number 3 [ 36.843576][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.964118][ T1058] loop2: detected capacity change from 0 to 512 [ 36.971181][ T1058] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 36.981837][ T1058] EXT4-fs (loop2): invalid journal inode [ 36.989451][ T1058] EXT4-fs (loop2): can't get journal size [ 36.996460][ T1058] EXT4-fs (loop2): 1 truncate cleaned up [ 37.002554][ T1058] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 37.013661][ T1058] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 3 (only 1 groups) [ 37.039055][ T294] EXT4-fs (loop2): unmounting filesystem. [ 37.105176][ T1062] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.112210][ T1062] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.119227][ T6] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 37.127142][ T1062] device bridge_slave_0 entered promiscuous mode [ 37.139027][ T1062] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.145930][ T1062] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.153519][ T1062] device bridge_slave_1 entered promiscuous mode [ 37.226864][ T1062] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.227291][ T1064] loop2: detected capacity change from 0 to 40427 [ 37.233765][ T1062] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.245991][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 37.246008][ T28] audit: type=1400 audit(1733167948.565:282): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 37.247182][ T1062] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.253417][ T28] audit: type=1400 audit(1733167948.565:283): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.275245][ T1062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.308398][ T6] usb 2-1: Using ep0 maxpacket: 8 [ 37.317323][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.324550][ T1064] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 37.326265][ T6] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.336495][ T1064] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 37.343149][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 37.351245][ T28] audit: type=1400 audit(1733167948.565:284): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.356748][ T1020] Bluetooth: hci0: command 0x1003 tx timeout [ 37.383250][ T6] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 250, changing to 11 [ 37.395228][ T6] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 37.405114][ T1064] F2FS-fs (loop2): invalid crc value [ 37.406992][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.420056][ T6] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 37.429238][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.437902][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.445589][ T1064] F2FS-fs (loop2): Found nat_bits in checkpoint [ 37.446390][ T6] usb 2-1: Product: syz [ 37.462808][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.478406][ T6] usb 2-1: Manufacturer: syz [ 37.482985][ T6] usb 2-1: SerialNumber: syz [ 37.503919][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.513361][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.533680][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.542445][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.549614][ T1064] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 37.553214][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.556485][ T1064] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 37.578932][ T1062] device veth0_vlan entered promiscuous mode [ 37.602270][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.614717][ T1062] device veth1_macvtap entered promiscuous mode [ 37.641740][ T28] audit: type=1400 audit(1733167948.965:285): avc: denied { setattr } for pid=1063 comm="syz.2.294" name="file0" dev="loop2" ino=455 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 37.664074][ T1064] capability: warning: `syz.2.294' uses deprecated v2 capabilities in a way that may be insecure [ 37.681880][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.702438][ T668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.711852][ T333] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 37.722710][ T333] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 37.783249][ T28] audit: type=1400 audit(1733167949.105:286): avc: denied { setopt } for pid=1090 comm="syz.4.304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 37.970211][ T8] device bridge_slave_1 left promiscuous mode [ 37.976272][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.002780][ T8] device bridge_slave_0 left promiscuous mode [ 38.031747][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.052782][ T8] device veth1_macvtap left promiscuous mode [ 38.065085][ T8] device veth0_vlan left promiscuous mode [ 38.303284][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.310283][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.318142][ T1107] device bridge_slave_0 entered promiscuous mode [ 38.325339][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.332265][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.338375][ T298] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 38.339811][ T1107] device bridge_slave_1 entered promiscuous mode [ 38.377115][ T1088] loop3: detected capacity change from 0 to 131072 [ 38.385730][ T1088] F2FS-fs (loop3): Invalid log_blocksize (0), supports only 12 [ 38.393478][ T1088] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 38.401905][ T1088] F2FS-fs (loop3): Test dummy encryption mode enabled [ 38.411823][ T1088] F2FS-fs (loop3): Can't change test_dummy_encryption on remount [ 38.449073][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.456051][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.463191][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.470055][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.507025][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.515216][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.523194][ T6] cdc_ncm 2-1:1.0: bind() failure [ 38.530246][ T6] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 38.536953][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.544328][ T6] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 38.548366][ T298] usb 5-1: Using ep0 maxpacket: 16 [ 38.552643][ T6] usb 2-1: USB disconnect, device number 3 [ 38.555652][ T39] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 38.581322][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.589075][ T298] usb 5-1: unable to get BOS descriptor or descriptor too short [ 38.589576][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.597412][ T298] usb 5-1: config 0 has no interfaces? [ 38.603499][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.617267][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.620169][ T298] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 38.637230][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.644142][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.644365][ T298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.663878][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.672008][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.678352][ T298] usb 5-1: Product: syz [ 38.683915][ T298] usb 5-1: Manufacturer: syz [ 38.688730][ T298] usb 5-1: SerialNumber: syz [ 38.693252][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.693915][ T298] usb 5-1: config 0 descriptor?? [ 38.706821][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.716880][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.724980][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.736422][ T1107] device veth0_vlan entered promiscuous mode [ 38.749638][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.758498][ T39] usb 3-1: Using ep0 maxpacket: 16 [ 38.760130][ T1107] device veth1_macvtap entered promiscuous mode [ 38.764645][ T39] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 38.775809][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.788717][ T39] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 38.804140][ T39] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 38.815328][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.825429][ T39] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 38.835223][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.843336][ T39] usb 3-1: Product: syz [ 38.847353][ T39] usb 3-1: Manufacturer: syz [ 38.852183][ T39] usb 3-1: SerialNumber: syz [ 38.875749][ T1116] loop3: detected capacity change from 0 to 1024 [ 38.889832][ T1116] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 38.911717][ T295] EXT4-fs (loop3): unmounting filesystem. [ 38.962107][ T1113] usb 5-1: USB disconnect, device number 4 [ 39.139039][ T8] device bridge_slave_1 left promiscuous mode [ 39.145027][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.152489][ T8] device bridge_slave_0 left promiscuous mode [ 39.158664][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.166615][ T8] device veth1_macvtap left promiscuous mode [ 39.172579][ T8] device veth0_vlan left promiscuous mode [ 39.261268][ T39] usb 3-1: 0:2 : does not exist [ 39.549952][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.556875][ T1131] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.564549][ T1131] device bridge_slave_0 entered promiscuous mode [ 39.572155][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.579270][ T1131] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.586629][ T1131] device bridge_slave_1 entered promiscuous mode [ 39.652333][ T1146] netlink: 'syz.1.321': attribute type 29 has an invalid length. [ 39.689158][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.691905][ T19] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 39.696064][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.710485][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.717337][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.765370][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.775682][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.789842][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.808872][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.825393][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.832301][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.846227][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.857175][ T1162] xt_hashlimit: size too large, truncated to 1048576 [ 39.859482][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.868246][ T39] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 39.870600][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.886224][ T1160] tipc: Started in network mode [ 39.888429][ T19] usb 4-1: Using ep0 maxpacket: 16 [ 39.891536][ T1160] tipc: Node identity 7f000001, cluster identity 4711 [ 39.903813][ T1160] tipc: Enabled bearer , priority 10 [ 39.905450][ T19] usb 4-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 39.921283][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.925123][ T39] usb 3-1: USB disconnect, device number 5 [ 39.942766][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.952596][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.963258][ T19] usb 4-1: Product: syz [ 39.976139][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.984240][ T19] usb 4-1: Manufacturer: syz [ 39.994350][ T19] usb 4-1: SerialNumber: syz [ 39.999136][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.010894][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.021145][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.031430][ T1131] device veth0_vlan entered promiscuous mode [ 40.049297][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.059652][ T1131] device veth1_macvtap entered promiscuous mode [ 40.072634][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.087500][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.219603][ T8] device bridge_slave_1 left promiscuous mode [ 40.225584][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.233135][ T8] device bridge_slave_0 left promiscuous mode [ 40.239575][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.247553][ T8] device veth1_macvtap left promiscuous mode [ 40.253582][ T8] device veth0_vlan left promiscuous mode [ 40.288413][ T318] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 40.469541][ T318] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 40.479148][ T318] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 40.489261][ T318] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 40.503573][ T318] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 40.512525][ T318] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.520310][ T318] usb 2-1: Product: syz [ 40.524250][ T318] usb 2-1: Manufacturer: syz [ 40.528729][ T318] usb 2-1: SerialNumber: syz [ 40.736940][ T318] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 40.814436][ T19] snd-usb-audio: probe of 4-1:222.0 failed with error -2 [ 40.823279][ T28] audit: type=1400 audit(1733170530.150:287): avc: denied { block_suspend } for pid=1176 comm="syz.4.334" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 40.865206][ T485] udevd[485]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:222.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 40.898335][ T39] tipc: Node number set to 2130706433 [ 40.931584][ T1184] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 40.942594][ T28] audit: type=1400 audit(1733170530.260:288): avc: denied { read write } for pid=1165 comm="syz.1.330" name="lp0" dev="devtmpfs" ino=614 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 40.967146][ T39] usb 2-1: USB disconnect, device number 4 [ 40.972071][ T28] audit: type=1400 audit(1733170530.280:289): avc: denied { open } for pid=1165 comm="syz.1.330" path="/dev/usb/lp0" dev="devtmpfs" ino=614 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 40.978408][ T39] usblp0: removed [ 41.021810][ T318] usb 4-1: USB disconnect, device number 4 [ 41.034078][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.043195][ T1178] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.050929][ T1178] device bridge_slave_0 entered promiscuous mode [ 41.057913][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.063452][ T28] audit: type=1400 audit(1733170530.370:290): avc: denied { audit_write } for pid=1194 comm="syz.2.341" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 41.064879][ T1178] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.093357][ T1178] device bridge_slave_1 entered promiscuous mode [ 41.134321][ T333] Bluetooth: hci0: Frame reassembly failed (-84) [ 41.169403][ T8] device bridge_slave_1 left promiscuous mode [ 41.175520][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.182873][ T8] device bridge_slave_0 left promiscuous mode [ 41.189002][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.196815][ T8] device veth1_macvtap left promiscuous mode [ 41.202869][ T8] device veth0_vlan left promiscuous mode [ 41.302033][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.308904][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.315990][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.322804][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.345528][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.353201][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.360630][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.370110][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.378474][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.386422][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.393268][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.402504][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.410813][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.418813][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.425644][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.436935][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.445069][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.454293][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.462407][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.476683][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.484869][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.497263][ T1178] device veth0_vlan entered promiscuous mode [ 41.510738][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.519506][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.531213][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.538638][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.556123][ T1178] device veth1_macvtap entered promiscuous mode [ 41.566070][ T1204] loop1: detected capacity change from 0 to 128 [ 41.575144][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.583025][ T28] audit: type=1400 audit(1733170530.900:291): avc: denied { mounton } for pid=1203 comm="syz.1.345" path="/77/file0/bus" dev="loop1" ino=1048631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 41.591628][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.626939][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.670304][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.681633][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.690086][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.698524][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.948100][ T1220] loop1: detected capacity change from 0 to 40427 [ 41.965247][ T1220] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 41.972932][ T1220] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 41.983473][ T1220] F2FS-fs (loop1): Found nat_bits in checkpoint [ 42.030536][ T1220] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 42.037402][ T1220] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 42.197281][ T1216] loop3: detected capacity change from 0 to 131072 [ 42.221543][ T1216] F2FS-fs (loop3): Found nat_bits in checkpoint [ 42.256808][ T1216] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 42.283309][ T1216] F2FS-fs (loop3): lookup inode (7) has corrupted xattr [ 42.290804][ T1216] F2FS-fs (loop3): lookup inode (7) has corrupted xattr [ 42.297658][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 42.297669][ T28] audit: type=1400 audit(1733170531.610:294): avc: denied { setattr } for pid=1215 comm="syz.3.351" name="file1" dev="loop3" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 42.307520][ T1216] F2FS-fs (loop3): list inode (7) has corrupted xattr [ 42.332591][ T43] device bridge_slave_1 left promiscuous mode [ 42.338759][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.346257][ T43] device bridge_slave_0 left promiscuous mode [ 42.352367][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.360617][ T43] device veth1_macvtap left promiscuous mode [ 42.366514][ T43] device veth0_vlan left promiscuous mode [ 42.505556][ T1234] netlink: 80 bytes leftover after parsing attributes in process `syz.1.354'. [ 42.529614][ T1234] netlink: 80 bytes leftover after parsing attributes in process `syz.1.354'. [ 42.558393][ T1234] netlink: 80 bytes leftover after parsing attributes in process `syz.1.354'. [ 42.723155][ T1246] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.730217][ T1246] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.737563][ T1246] device bridge_slave_0 entered promiscuous mode [ 42.751131][ T1246] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.758135][ T1246] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.765513][ T1246] device bridge_slave_1 entered promiscuous mode [ 42.834741][ T1246] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.841628][ T1246] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.848763][ T1246] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.855610][ T1246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.884232][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.892040][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.900753][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.910400][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.918517][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.925347][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.934452][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.942651][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.942720][ T19] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 42.949523][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.970420][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.978148][ T39] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 42.989057][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.003201][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.014750][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.022909][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.030372][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.038422][ T1246] device veth0_vlan entered promiscuous mode [ 43.050136][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.064622][ T1246] device veth1_macvtap entered promiscuous mode [ 43.078619][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.091244][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.118394][ T1268] loop1: detected capacity change from 0 to 2048 [ 43.129336][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.140104][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.149647][ T19] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 43.149878][ T1268] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 43.158714][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.167937][ T1019] Bluetooth: hci0: command 0x1003 tx timeout [ 43.175948][ T1268] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.180746][ T39] usb 3-1: Using ep0 maxpacket: 32 [ 43.191170][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 43.202710][ T19] usb 4-1: config 0 descriptor?? [ 43.226558][ T1268] fs-verity: sha512 using implementation "sha512-avx2" [ 43.228420][ T39] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 43.256791][ T292] EXT4-fs (loop1): unmounting filesystem. [ 43.262425][ T39] usb 3-1: config 0 has no interface number 0 [ 43.285048][ T39] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 43.294085][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.301974][ T39] usb 3-1: Product: syz [ 43.305878][ T39] usb 3-1: Manufacturer: syz [ 43.310351][ T39] usb 3-1: SerialNumber: syz [ 43.316128][ T39] usb 3-1: config 0 descriptor?? [ 43.325128][ T39] smsc95xx v2.0.0 [ 43.613412][ T19] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 43.620350][ T19] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 43.627133][ T19] samsung 0003:0419:0600.0003: unknown main item tag 0x1 [ 43.634446][ T19] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 43.641417][ T19] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 43.649309][ T19] samsung 0003:0419:0600.0003: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0 [ 43.749250][ T315] device bridge_slave_1 left promiscuous mode [ 43.755341][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.762793][ T315] device bridge_slave_0 left promiscuous mode [ 43.769196][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.777239][ T315] device veth1_macvtap left promiscuous mode [ 43.783264][ T315] device veth0_vlan left promiscuous mode [ 43.827389][ T1113] usb 4-1: USB disconnect, device number 5 [ 44.003342][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 44.110901][ T1280] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.117817][ T1280] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.125144][ T1280] device bridge_slave_0 entered promiscuous mode [ 44.131754][ T39] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 44.132265][ T1280] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.148342][ T1280] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.160905][ T1280] device bridge_slave_1 entered promiscuous mode [ 44.167951][ T28] audit: type=1400 audit(1733170533.480:295): avc: denied { setopt } for pid=1285 comm="syz.4.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 44.240656][ T1288] loop4: detected capacity change from 0 to 128 [ 44.276926][ T1290] loop4: detected capacity change from 0 to 1024 [ 44.281891][ T1280] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.290061][ T1280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.297182][ T1280] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.303969][ T1280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.309975][ T1290] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 44.331989][ T39] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 44.340858][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.351216][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.360298][ T296] EXT4-fs (loop4): unmounting filesystem. [ 44.366205][ T39] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 44.371736][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.379637][ T39] usb 3-1: USB disconnect, device number 6 [ 44.385320][ T28] audit: type=1400 audit(1733170533.700:296): avc: denied { bind } for pid=1294 comm="syz.3.376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 44.418189][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.428857][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.435763][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.447713][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.457111][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.458489][ T1299] netlink: 12 bytes leftover after parsing attributes in process `syz.3.377'. [ 44.464021][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.481355][ T1300] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 44.493932][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.502307][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.523872][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.543884][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.552954][ T1307] loop4: detected capacity change from 0 to 256 [ 44.559638][ T1307] exfat: Deprecated parameter 'utf8' [ 44.564934][ T1307] exfat: Deprecated parameter 'utf8' [ 44.570161][ T1307] exfat: Deprecated parameter 'utf8' [ 44.571795][ T1280] device veth0_vlan entered promiscuous mode [ 44.581694][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.590259][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.598826][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.606732][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.615175][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.622959][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.623460][ T1307] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 44.651247][ T1280] device veth1_macvtap entered promiscuous mode [ 44.657731][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.667749][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.675930][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.688396][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.701516][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.716112][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.726564][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.268343][ T315] device bridge_slave_1 left promiscuous mode [ 45.274295][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.281625][ T315] device bridge_slave_0 left promiscuous mode [ 45.287573][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.295376][ T315] device veth1_macvtap left promiscuous mode [ 45.301255][ T315] device veth0_vlan left promiscuous mode [ 45.879018][ T28] audit: type=1326 audit(1733170535.201:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 45.902221][ T28] audit: type=1326 audit(1733170535.211:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 45.926662][ T28] audit: type=1326 audit(1733170535.211:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 45.950254][ T28] audit: type=1326 audit(1733170535.211:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 45.973580][ T28] audit: type=1326 audit(1733170535.211:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 45.974395][ T1343] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.996675][ T28] audit: type=1326 audit(1733170535.261:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 46.003932][ T1343] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.026706][ T28] audit: type=1326 audit(1733170535.261:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1358 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff50d17ff19 code=0x7ffc0000 [ 46.034537][ T1343] device bridge_slave_0 entered promiscuous mode [ 46.057378][ T1020] Bluetooth: hci0: command 0x1003 tx timeout [ 46.063014][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 46.074914][ T1277] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 46.088169][ T1343] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.099560][ T1343] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.107056][ T1343] device bridge_slave_1 entered promiscuous mode [ 46.120603][ T1369] __vm_enough_memory: pid: 1369, comm: syz.2.405, no enough memory for the allocation [ 46.178888][ T19] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 46.278672][ T1343] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.285568][ T1343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.292648][ T1343] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.299423][ T1343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.322884][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.330768][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.338219][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.367703][ T19] usb 4-1: Using ep0 maxpacket: 16 [ 46.368083][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.374251][ T19] usb 4-1: config 1 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 167, changing to 11 [ 46.381726][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.398458][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.406557][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.412938][ T19] usb 4-1: config 1 interface 0 altsetting 235 bulk endpoint 0x82 has invalid maxpacket 1023 [ 46.414957][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.431222][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.435723][ T19] usb 4-1: config 1 interface 0 altsetting 235 bulk endpoint 0x3 has invalid maxpacket 255 [ 46.458144][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.466307][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.475606][ T19] usb 4-1: config 1 interface 0 has no altsetting 0 [ 46.480050][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.492847][ T19] usb 4-1: New USB device found, idVendor=0525, idProduct=0800, bcdDevice= 0.00 [ 46.508005][ T1343] device veth0_vlan entered promiscuous mode [ 46.514028][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.522701][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.530946][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.538193][ T19] usb 4-1: Product: syz [ 46.542247][ T19] usb 4-1: Manufacturer: syz [ 46.546985][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.554564][ T19] usb 4-1: SerialNumber: syz [ 46.565822][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.575542][ T1324] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 46.582832][ T1324] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 46.594665][ T1343] device veth1_macvtap entered promiscuous mode [ 46.607957][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.621251][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.646079][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.670336][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.729826][ T1420] process 'syz.1.429' launched '/dev/fd/3' with NULL argv: empty string added [ 46.802100][ T1324] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 46.809241][ T1324] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 47.017402][ T19] cdc_ether: probe of 4-1:1.0 failed with error -71 [ 47.024841][ T19] usb 4-1: USB disconnect, device number 6 [ 47.067752][ T318] ================================================================== [ 47.075646][ T318] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480 [ 47.082496][ T318] Write of size 8 at addr ffff8881308e4a00 by task kworker/0:3/318 [ 47.090220][ T318] [ 47.092406][ T318] CPU: 0 PID: 318 Comm: kworker/0:3 Not tainted 6.1.115-syzkaller-00042-gcdea241bf6f9 #0 [ 47.102024][ T318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 47.111924][ T318] Workqueue: ipv6_addrconf addrconf_dad_work [ 47.117739][ T318] Call Trace: [ 47.120870][ T318] [ 47.123641][ T318] dump_stack_lvl+0x151/0x1b7 [ 47.128151][ T318] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 47.133446][ T318] ? _printk+0xd1/0x111 [ 47.137437][ T318] ? __virt_addr_valid+0x242/0x2f0 [ 47.142385][ T318] print_report+0x158/0x4e0 [ 47.146724][ T318] ? __virt_addr_valid+0x242/0x2f0 [ 47.151673][ T318] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 47.157746][ T318] ? enqueue_timer+0xa6/0x480 [ 47.162259][ T318] kasan_report+0x13c/0x170 [ 47.166611][ T318] ? enqueue_timer+0xa6/0x480 [ 47.171114][ T318] __asan_report_store8_noabort+0x17/0x20 [ 47.176668][ T318] enqueue_timer+0xa6/0x480 [ 47.181008][ T318] __mod_timer+0x8d3/0xcf0 [ 47.185262][ T318] ? mod_timer_pending+0x30/0x30 [ 47.190035][ T318] ? __kasan_check_write+0x14/0x20 [ 47.194978][ T318] ? try_to_grab_pending+0x1de/0x5d0 [ 47.200100][ T318] ? ip6_output+0x4c0/0x4c0 [ 47.204444][ T318] add_timer+0x68/0x80 [ 47.208351][ T318] __queue_delayed_work+0x16d/0x1f0 [ 47.213380][ T318] mod_delayed_work_on+0xee/0x190 [ 47.218243][ T318] ? __queue_delayed_work+0x1f0/0x1f0 [ 47.223451][ T318] ? __kasan_check_write+0x14/0x20 [ 47.228399][ T318] ? _raw_spin_lock+0xa4/0x1b0 [ 47.232998][ T318] ? _raw_spin_trylock_bh+0x190/0x190 [ 47.238208][ T318] addrconf_mod_dad_work+0x81/0x120 [ 47.243243][ T318] addrconf_dad_work+0xa0b/0x16b0 [ 47.248101][ T318] ? ipv6_get_saddr_eval+0xf00/0xf00 [ 47.253223][ T318] ? __kasan_check_write+0x14/0x20 [ 47.258169][ T318] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 47.263119][ T318] ? __kasan_check_read+0x11/0x20 [ 47.267979][ T318] ? read_word_at_a_time+0x12/0x20 [ 47.272924][ T318] ? strscpy+0x9c/0x260 [ 47.276918][ T318] process_one_work+0x73d/0xcb0 [ 47.281607][ T318] worker_thread+0xa60/0x1260 [ 47.286126][ T318] kthread+0x26d/0x300 [ 47.290023][ T318] ? worker_clr_flags+0x1a0/0x1a0 [ 47.294886][ T318] ? kthread_blkcg+0xd0/0xd0 [ 47.299399][ T318] ret_from_fork+0x1f/0x30 [ 47.303656][ T318] [ 47.306518][ T318] [ 47.308684][ T318] Allocated by task 1277: [ 47.312852][ T318] kasan_set_track+0x4b/0x70 [ 47.317277][ T318] kasan_save_alloc_info+0x1f/0x30 [ 47.322222][ T318] __kasan_kmalloc+0x9c/0xb0 [ 47.326649][ T318] __kmalloc+0xb4/0x1e0 [ 47.330641][ T318] hci_alloc_dev_priv+0x27/0x1c00 [ 47.335502][ T318] hci_uart_tty_ioctl+0x401/0xa70 [ 47.340362][ T318] tty_ioctl+0x903/0xc50 [ 47.344440][ T318] __se_sys_ioctl+0x114/0x190 [ 47.348953][ T318] __x64_sys_ioctl+0x7b/0x90 [ 47.353378][ T318] x64_sys_call+0x98/0x9a0 [ 47.357635][ T318] do_syscall_64+0x3b/0xb0 [ 47.361885][ T318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 47.367615][ T318] [ 47.369783][ T318] Freed by task 1277: [ 47.373604][ T318] kasan_set_track+0x4b/0x70 [ 47.378030][ T318] kasan_save_free_info+0x2b/0x40 [ 47.382893][ T318] ____kasan_slab_free+0x131/0x180 [ 47.387838][ T318] __kasan_slab_free+0x11/0x20 [ 47.392438][ T318] __kmem_cache_free+0x21d/0x410 [ 47.397220][ T318] kfree+0x7a/0xf0 [ 47.400774][ T318] hci_release_dev+0x14d3/0x1640 [ 47.405556][ T318] bt_host_release+0x83/0xa0 [ 47.409974][ T318] device_release+0x95/0x1c0 [ 47.414399][ T318] kobject_put+0x178/0x260 [ 47.418652][ T318] put_device+0x1f/0x30 [ 47.422644][ T318] hci_dev_cmd+0x2be/0x9b0 [ 47.426895][ T318] hci_sock_ioctl+0x415/0x7f0 [ 47.431411][ T318] sock_do_ioctl+0x152/0x450 [ 47.435837][ T318] sock_ioctl+0x455/0x740 [ 47.440004][ T318] __se_sys_ioctl+0x114/0x190 [ 47.444516][ T318] __x64_sys_ioctl+0x7b/0x90 [ 47.448941][ T318] x64_sys_call+0x98/0x9a0 [ 47.453194][ T318] do_syscall_64+0x3b/0xb0 [ 47.457450][ T318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 47.463185][ T318] [ 47.465346][ T318] Last potentially related work creation: [ 47.470903][ T318] kasan_save_stack+0x3b/0x60 [ 47.475415][ T318] __kasan_record_aux_stack+0xb4/0xc0 [ 47.480627][ T318] kasan_record_aux_stack_noalloc+0xb/0x10 [ 47.486397][ T318] insert_work+0x56/0x310 [ 47.490559][ T318] __queue_work+0x9b6/0xd70 [ 47.494896][ T318] queue_work_on+0x105/0x170 [ 47.499325][ T318] __hci_cmd_sync_sk+0xc2a/0xf70 [ 47.504097][ T318] hci_cmd_sync_status+0x52/0x130 [ 47.508958][ T318] hci_dev_cmd+0x771/0x9b0 [ 47.513207][ T318] hci_sock_ioctl+0x415/0x7f0 [ 47.517719][ T318] sock_do_ioctl+0x152/0x450 [ 47.522146][ T318] sock_ioctl+0x455/0x740 [ 47.526313][ T318] __se_sys_ioctl+0x114/0x190 [ 47.530835][ T318] __x64_sys_ioctl+0x7b/0x90 [ 47.535252][ T318] x64_sys_call+0x98/0x9a0 [ 47.539509][ T318] do_syscall_64+0x3b/0xb0 [ 47.543759][ T318] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 47.549490][ T318] [ 47.551657][ T318] Second to last potentially related work creation: [ 47.558082][ T318] kasan_save_stack+0x3b/0x60 [ 47.562593][ T318] __kasan_record_aux_stack+0xb4/0xc0 [ 47.567802][ T318] kasan_record_aux_stack_noalloc+0xb/0x10 [ 47.573446][ T318] insert_work+0x56/0x310 [ 47.577611][ T318] __queue_work+0x9b6/0xd70 [ 47.581949][ T318] queue_work_on+0x105/0x170 [ 47.586378][ T318] hci_cmd_timeout+0x199/0x200 [ 47.590980][ T318] process_one_work+0x73d/0xcb0 [ 47.595665][ T318] worker_thread+0xa60/0x1260 [ 47.600177][ T318] kthread+0x26d/0x300 [ 47.604085][ T318] ret_from_fork+0x1f/0x30 [ 47.608341][ T318] [ 47.610505][ T318] The buggy address belongs to the object at ffff8881308e4000 [ 47.610505][ T318] which belongs to the cache kmalloc-8k of size 8192 [ 47.624399][ T318] The buggy address is located 2560 bytes inside of [ 47.624399][ T318] 8192-byte region [ffff8881308e4000, ffff8881308e6000) [ 47.637671][ T318] [ 47.639843][ T318] The buggy address belongs to the physical page: [ 47.646094][ T318] page:ffffea0004c23800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1308e0 [ 47.656438][ T318] head:ffffea0004c23800 order:3 compound_mapcount:0 compound_pincount:0 [ 47.664595][ T318] flags: 0x4000000000010200(slab|head|zone=1) [ 47.670503][ T318] raw: 4000000000010200 ffffea000428fc00 dead000000000006 ffff888100043500 [ 47.678920][ T318] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 47.687329][ T318] page dumped because: kasan: bad access detected [ 47.693587][ T318] page_owner tracks the page as allocated [ 47.699131][ T318] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 675, tgid 675 (syz-executor), ts 30277476887, free_ts 30270764043 [ 47.721527][ T318] post_alloc_hook+0x213/0x220 [ 47.726124][ T318] prep_new_page+0x1b/0x110 [ 47.730463][ T318] get_page_from_freelist+0x2980/0x2a10 [ 47.735844][ T318] __alloc_pages+0x234/0x610 [ 47.740271][ T318] alloc_slab_page+0x6c/0xf0 [ 47.744698][ T318] new_slab+0x90/0x3e0 [ 47.748606][ T318] ___slab_alloc+0x6f9/0xb80 [ 47.753062][ T318] __slab_alloc+0x5d/0xa0 [ 47.757198][ T318] __kmem_cache_alloc_node+0x207/0x2a0 [ 47.762493][ T318] __kmalloc_node+0xa3/0x1e0 [ 47.766920][ T318] kvmalloc_node+0x221/0x640 [ 47.771346][ T318] pfifo_fast_init+0x25e/0x7a0 [ 47.775946][ T318] qdisc_create_dflt+0x144/0x3e0 [ 47.780720][ T318] dev_activate+0x2fd/0x1130 [ 47.785146][ T318] __dev_open+0x3c7/0x4e0 [ 47.789316][ T318] __dev_change_flags+0x1db/0x6e0 [ 47.794172][ T318] page last free stack trace: [ 47.798689][ T318] free_unref_page_prepare+0x83d/0x850 [ 47.803985][ T318] free_unref_page+0xb2/0x5c0 [ 47.808496][ T318] __free_pages+0x61/0xf0 [ 47.812664][ T318] __free_slab+0xce/0x1a0 [ 47.816826][ T318] __unfreeze_partials+0x165/0x1a0 [ 47.821778][ T318] put_cpu_partial+0xa9/0x100 [ 47.826286][ T318] __slab_free+0x1c8/0x280 [ 47.830543][ T318] ___cache_free+0xc6/0xd0 [ 47.834792][ T318] qlist_free_all+0xc5/0x140 [ 47.839219][ T318] kasan_quarantine_reduce+0x15a/0x180 [ 47.844515][ T318] __kasan_slab_alloc+0x24/0x80 [ 47.849200][ T318] slab_post_alloc_hook+0x53/0x2c0 [ 47.854147][ T318] __kmem_cache_alloc_node+0x193/0x2a0 [ 47.859442][ T318] kmalloc_trace+0x2a/0xa0 [ 47.863693][ T318] inet_rtm_newaddr+0x2c1/0x1780 [ 47.868466][ T318] rtnetlink_rcv_msg+0x9a5/0xca0 [ 47.873243][ T318] [ 47.875420][ T318] Memory state around the buggy address: [ 47.880971][ T318] ffff8881308e4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.888992][ T318] ffff8881308e4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.896883][ T318] >ffff8881308e4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.904783][ T318] ^ [ 47.908689][ T318] ffff8881308e4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 47.916583][ T318] ffff8881308e4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.924478][ T318] ================================================================== [ 47.932379][ T318] Disabling lock debugging due to kernel taint [ 48.117494][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 48.129040][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 48.137287][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.1.115-syzkaller-00042-gcdea241bf6f9 #0 [ 48.148046][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 48.157940][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 48.163058][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6 [ 48.182504][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 48.188404][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0 [ 48.196213][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 48.204024][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007 [ 48.211839][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881308e49c8 [ 48.219651][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881308e49e0 [ 48.227462][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 48.236227][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.242648][ C0] CR2: 00007fff0dd58538 CR3: 000000000700f000 CR4: 00000000003506b0 [ 48.250464][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.258273][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.266086][ C0] Call Trace: [ 48.269209][ C0] [ 48.271900][ C0] ? __die_body+0x62/0xb0 [ 48.276067][ C0] ? die_addr+0x9f/0xd0 [ 48.280060][ C0] ? exc_general_protection+0x317/0x4c0 [ 48.285445][ C0] ? cpu_curr_snapshot+0x200/0x200 [ 48.290389][ C0] ? asm_exc_general_protection+0x27/0x30 [ 48.295942][ C0] ? __queue_work+0x28b/0xd70 [ 48.300457][ C0] ? __queue_work+0x4f1/0xd70 [ 48.304967][ C0] ? __queue_work+0x29c/0xd70 [ 48.309483][ C0] delayed_work_timer_fn+0x61/0x80 [ 48.314432][ C0] ? queue_work_node+0x1d0/0x1d0 [ 48.319204][ C0] call_timer_fn+0x3b/0x2d0 [ 48.323545][ C0] ? queue_work_node+0x1d0/0x1d0 [ 48.328315][ C0] __run_timers+0x756/0xa10 [ 48.332659][ C0] ? calc_index+0x270/0x270 [ 48.336995][ C0] ? sched_clock+0x9/0x10 [ 48.341160][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 48.345936][ C0] run_timer_softirq+0x69/0xf0 [ 48.350540][ C0] handle_softirqs+0x1db/0x650 [ 48.355134][ C0] ? irqtime_account_irq+0xdc/0x260 [ 48.360170][ C0] __irq_exit_rcu+0x52/0xf0 [ 48.364507][ C0] irq_exit_rcu+0x9/0x10 [ 48.368587][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 48.374067][ C0] [ 48.376833][ C0] [ 48.379612][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 48.385428][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760 [ 48.390807][ C0] Code: 89 de 48 83 e6 08 31 ff e8 27 1c 54 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 d3 17 54 fc 0f 00 2d bc eb ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30 [ 48.410255][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3 [ 48.416150][ C0] RAX: ffffffff85216edd RBX: 0000000000000000 RCX: ffffffff8701d4c0 [ 48.423961][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.431780][ C0] RBP: ffffffff87007c10 R08: ffffffff85216ec9 R09: fffffbfff0e03a99 [ 48.439592][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 48.447394][ C0] R13: ffff888109bcc004 R14: dffffc0000000000 R15: ffff8881097d1064 [ 48.455210][ C0] ? acpi_idle_enter+0x3f9/0x760 [ 48.459983][ C0] ? acpi_idle_enter+0x40d/0x760 [ 48.464756][ C0] ? intel_idle_xstate+0xa0/0xa0 [ 48.469531][ C0] cpuidle_enter_state+0x5eb/0x17f0 [ 48.474567][ C0] ? cpuidle_enter_s2idle+0x600/0x600 [ 48.479781][ C0] ? menu_enable_device+0x380/0x380 [ 48.484824][ C0] ? debug_smp_processor_id+0x17/0x20 [ 48.490017][ C0] cpuidle_enter+0x5f/0xa0 [ 48.494270][ C0] do_idle+0x3d1/0x580 [ 48.498174][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 48.503211][ C0] ? radix_tree_lookup+0x23a/0x290 [ 48.508156][ C0] ? debug_smp_processor_id+0x17/0x20 [ 48.513363][ C0] cpu_startup_entry+0x44/0x60 [ 48.517964][ C0] rest_init+0x10b/0x130 [ 48.522040][ C0] ? time_init+0x38/0x38 [ 48.526120][ C0] arch_call_rest_init+0xe/0xe [ 48.530720][ C0] start_kernel+0x46c/0x4d8 [ 48.535059][ C0] x86_64_start_reservations+0x2a/0x2c [ 48.540355][ C0] x86_64_start_kernel+0x7c/0x81 [ 48.545128][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 48.550875][ C0] [ 48.553726][ C0] Modules linked in: [ 48.557455][ C0] ---[ end trace 0000000000000000 ]--- [ 48.562747][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 48.567868][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6 [ 48.587309][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 48.593210][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0 [ 48.601020][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 48.608835][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007 [ 48.616654][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881308e49c8 [ 48.624490][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881308e49e0 [ 48.633323][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 48.642088][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.648511][ C0] CR2: 00007fff0dd58538 CR3: 000000000700f000 CR4: 00000000003506b0 [ 48.656325][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.664131][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.671944][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 48.679272][ C0] Kernel Offset: disabled [ 48.683409][ C0] Rebooting in 86400 seconds..