last executing test programs: 4.140410456s ago: executing program 0 (id=1): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x40000000004) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 2.69712011s ago: executing program 3 (id=57): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002540)={{r0}, &(0x7f00000024c0), &(0x7f0000002500)}, 0x20) unshare(0x2c060000) getpgrp(0xffffffffffffffff) 2.64718251s ago: executing program 3 (id=61): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x3ef, 0x0) 2.64682403s ago: executing program 3 (id=62): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioprio_set$pid(0x2, 0x0, 0x2000) 2.57845412s ago: executing program 3 (id=66): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x3, 0xff) bind$inet6(r1, &(0x7f0000000880)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r2 = dup2(r1, r1) write$P9_RSTATFS(r2, &(0x7f00000000c0)={0x43, 0x9, 0x0, {0x8, 0xffffffff, 0x0, 0xfffc, 0xfc, 0xabce, 0x0, 0x3, 0x9}}, 0x43) 2.56164204s ago: executing program 3 (id=68): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x6f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setgid(0x0) 2.51748461s ago: executing program 3 (id=71): r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="1201500102000040fbffffff40000102030109025c0002010030000904000001020d0000052406000105240000000d240f01fdfffffffdff08000006241a0000080905810340000000000904010000020d00000904010102020d0000090582021000000000090503020004"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000400)={0x0, 0xe, 0x14, "e2f3a71e8269f9c4c5506efae55ece069351947f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.501159729s ago: executing program 2 (id=72): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) socket$inet_udp(0x2, 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0xfc30, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800040000000000050017"], 0x44}}, 0x0) 2.466140429s ago: executing program 2 (id=73): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x6f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0)={[{@grpquota}, {@nodiscard}, {@noquota}, {@resuid}, {@errors_remount}, {@nobh}, {@sysvgroups}, {@delalloc}, {@usrjquota_path={'usrjquota', 0x3d, './file1'}}]}, 0x10, 0x4d0, &(0x7f0000000ec0)="$eJzs3c9rHG0dAPDvTLJvf+U1qXqoBdtiK2nR7iaNbYOHWkHsqaDWe43JJoRssiG7aZtQJMW7gogKnjx5EfwPpH+CCAW9SxVFtNWDB3VlZ2f7I+42kW53+iafD0zneZ7Z3e/3adiZeWYedgI4tM5FxM2IGImISxExnren+XKrXdnpvO75s4fz7SWJVuvOX5NI8rbuZyX5+kTnLXE0Ir5xK+Lbyf/GbWxtr8zVatWNvF5prq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTg2knxMRceMrf/zR93/+1Ru/+vz939/988XvtNMay7e/2o9B6nS9lP1fdI1GxMa7CFaAkXxd6rP9eyNDTAYAgD21z/E/HhGfyc7/x2MkOzsFAAAADpLWl8biX0lECwAAADiw0mwObJKW87kAY5Gm5XJnDu8n43haqzean1usb64tdObKTkQpXVyuVafyucITUUra9el8jm23fmVXfSYiTkbED8ePZfXyfL22UPTFDwAAADgkTuwa//9jPBv/Hyk6LwAAAGDAJopOAAAAAHjnjP8BAADg4DP+BwAAgAPta7dvt5dW9/nXC/e2Nlfq9y4vVBsr5dXN+fJ8fWO9vFSvL2W/2be61+fV6vX1L8Ta5oNKs9poVhpb23dX65trzbvLrz0CGwAAABiik2cf/y6JiJ0vHsuWtg+KTgoYimSP7dlDQp7mlT8MISFgaEaKTgAozGjRCQCFKRWdAFC4va4D9J288+vB5wIAALwbk5/qf//ftQE42NKiEwAAhs79fzi8Sq/PALxaXCZAUT62x/a3v//fav1fCQEAAAM3li1JWs7vBY5FmpbLER9mjwUoJYvLtepUPj747XjpSLs+nb0z2XPOMAAAAAAAAAAAAAAAAAAAAAAAAADQ0Wol0QIAAAAOtIj0T0n2a/4Rk+MXxnZfH/gg+ed4to6I+z+98+MHc83mxnS7/W8v2ps/yduvdFsAAACAInXH6d1xPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM0vNnD+e7yzDj/uXLETHRM/7Zo9nqaJQi4vjfkxh95X1JRIwMIP7Oo4g41St+0k4rJqKTRa/4xwqMn0bEiQHEh8PscXv/c7PX9y+Nc9m69/dvNF/eVv/9Xxrd/d9In/3Ph/uMcfrJLyt94z+KOD3ae//TjZ/0iX9+n/G/9c3t7X7bWj+LmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMX7w6fjPm/p/vE/8iT36f2Gf/f/3kwfPPtEplnrFv3i+9/H3VJ/4aX7s+2xebm+f7JZ3OuVXnfnFb868qf8Lffr/4u/f40Dbjnlxn/2/9PXvPt3nSwGAIWhsba/M1WrVjY9iIY33Ig2FgRSOvGxJ34d8Dnmh6D0TAAAwaC9P+ovOBAAAAAAAAAAAAAAAAAAAAA6vYfyc2O6YO8V0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf4bAAD//xAA2Eo=") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1\x00', &(0x7f0000000180), 0x0, 0x0, 0x0) 2.273046289s ago: executing program 2 (id=80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2.116863168s ago: executing program 2 (id=81): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1201000000000040d90470a000000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0022080000000403"], 0x0}, 0x0) 1.064418884s ago: executing program 1 (id=92): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x4e04, 0x0, 0x0, 0x0, {0xa, 0x4e22, 0xa, @private2={0xfc, 0x2, '\x00', 0x1}, 0x77f}}}, 0x32) 1.054801194s ago: executing program 1 (id=94): timer_create(0x7, 0x0, &(0x7f0000000180)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 998.803864ms ago: executing program 1 (id=95): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b708000000005aab7b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x20}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 690.354213ms ago: executing program 4 (id=100): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00', r1}, 0x10) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) 595.855892ms ago: executing program 4 (id=101): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)=""/153, 0x99}, 0xffffffff}, {{&(0x7f0000001480)=@qipcrtr, 0x80, &(0x7f0000001500)}, 0x8}], 0x2, 0x22, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000100)={0x87}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 535.707272ms ago: executing program 4 (id=102): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000040)=@x86={0xd, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") 362.764601ms ago: executing program 4 (id=103): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r1, r0, 0x2}, 0x10) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x2, 0x0, @void}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) 360.968671ms ago: executing program 4 (id=104): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f00000002c0)=[{0x6}]}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) write$binfmt_misc(r0, &(0x7f0000001280), 0x6) 350.290332ms ago: executing program 4 (id=105): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) readv(r0, &(0x7f0000000840)=[{&(0x7f0000000080)=""/45, 0x2d}], 0x1) 153.65765ms ago: executing program 1 (id=106): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$packet(0x11, 0x2, 0x300) getdents(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@xino_auto}, {@nfs_export_on}]}) 146.121401ms ago: executing program 2 (id=107): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0xfc5e) umount2(&(0x7f00000005c0)='./file0\x00', 0x2) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x29, 0x3, 0x84004, 0x0, 0x0, 0x429, 0x1}}, 0x50) 129.92879ms ago: executing program 1 (id=108): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000092900000000000000000001850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00') r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff) close(r2) r3 = openat$binfmt_register(0xffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r3, &(0x7f0000000040)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x0, 0x3a, 'syz2', 0x3a, 'Y$*@', 0x3a, './file0', 0x3a, [0x46]}, 0x30) 120.33144ms ago: executing program 1 (id=109): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r2, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120) readv(r2, &(0x7f0000002980)=[{&(0x7f0000000700)=""/163, 0xa3}], 0x1) 0s ago: executing program 2 (id=110): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) syz_usb_connect$hid(0x0, 0x51, &(0x7f00000003c0)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. [ 24.862591][ T30] audit: type=1400 audit(1734360313.233:66): avc: denied { integrity } for pid=285 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 24.885909][ T30] audit: type=1400 audit(1734360313.253:67): avc: denied { mounton } for pid=285 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.887092][ T285] cgroup: Unknown subsys name 'net' [ 24.908366][ T30] audit: type=1400 audit(1734360313.253:68): avc: denied { mount } for pid=285 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.935277][ T30] audit: type=1400 audit(1734360313.283:69): avc: denied { unmount } for pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.935427][ T285] cgroup: Unknown subsys name 'devices' [ 25.107807][ T285] cgroup: Unknown subsys name 'hugetlb' [ 25.113209][ T285] cgroup: Unknown subsys name 'rlimit' [ 25.310641][ T30] audit: type=1400 audit(1734360313.683:70): avc: denied { setattr } for pid=285 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.333588][ T30] audit: type=1400 audit(1734360313.683:71): avc: denied { mounton } for pid=285 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.358122][ T30] audit: type=1400 audit(1734360313.683:72): avc: denied { mount } for pid=285 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 25.363708][ T288] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 25.389540][ T30] audit: type=1400 audit(1734360313.763:73): avc: denied { relabelto } for pid=288 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.414724][ T30] audit: type=1400 audit(1734360313.763:74): avc: denied { write } for pid=288 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.445532][ T30] audit: type=1400 audit(1734360313.813:75): avc: denied { read } for pid=285 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.470898][ T285] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.307390][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.314238][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.321542][ T295] device bridge_slave_0 entered promiscuous mode [ 26.330830][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.337677][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.344896][ T296] device bridge_slave_0 entered promiscuous mode [ 26.352478][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.359368][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.366539][ T296] device bridge_slave_1 entered promiscuous mode [ 26.372850][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.379695][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.386848][ T295] device bridge_slave_1 entered promiscuous mode [ 26.421618][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.428575][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.435548][ T297] device bridge_slave_0 entered promiscuous mode [ 26.443186][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.450032][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.457297][ T297] device bridge_slave_1 entered promiscuous mode [ 26.527527][ T298] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.534370][ T298] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.541576][ T298] device bridge_slave_0 entered promiscuous mode [ 26.561049][ T298] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.567926][ T298] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.574975][ T298] device bridge_slave_1 entered promiscuous mode [ 26.628276][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.635121][ T299] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.642447][ T299] device bridge_slave_0 entered promiscuous mode [ 26.660000][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.666895][ T299] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.673922][ T299] device bridge_slave_1 entered promiscuous mode [ 26.748584][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.755442][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.763866][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.770823][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.777955][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.784694][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.800801][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.807659][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.814753][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.821558][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.847731][ T298] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.854576][ T298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.861691][ T298] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.868481][ T298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.903167][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.911267][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.918480][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.925460][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.932530][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.939684][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.946693][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.953655][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.963040][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.970995][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.977827][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.990210][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.010335][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.017586][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.024899][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.032416][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.040685][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.048785][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.055601][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.062996][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.071128][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.077970][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.085121][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.093100][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.099927][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.107103][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.114989][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.121754][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.140604][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.148307][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.155968][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.164187][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.171043][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.186833][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.194515][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.203728][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.211820][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.218663][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.233937][ T295] device veth0_vlan entered promiscuous mode [ 27.244401][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.252220][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.259670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.267082][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.281651][ T295] device veth1_macvtap entered promiscuous mode [ 27.298458][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.306608][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.314468][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.322025][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.330666][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.338726][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.346721][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.354408][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.362637][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.370708][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.377544][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.384863][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.392252][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.399614][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.407761][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.415651][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.422425][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.429718][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.437689][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.445361][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.453613][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.461799][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.468627][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.475841][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.483888][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.491671][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 27.509501][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.517747][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.525821][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.533804][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.547294][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.555442][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.563791][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.571983][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.582285][ T296] device veth0_vlan entered promiscuous mode [ 27.591039][ T297] device veth0_vlan entered promiscuous mode [ 27.597083][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.604924][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.613227][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.621382][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.629269][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.636897][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.644584][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.651957][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.659164][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.666584][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.681328][ T298] device veth0_vlan entered promiscuous mode [ 27.687431][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.695475][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.703761][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.712013][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.720561][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.728395][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.736410][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.743643][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.759952][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.768057][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.776120][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.784006][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.795076][ T297] device veth1_macvtap entered promiscuous mode [ 27.805310][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.813225][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.820626][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.828058][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.835414][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.851535][ T299] device veth0_vlan entered promiscuous mode [ 27.853026][ T295] request_module fs-gadgetfs succeeded, but still no fs? [ 27.863568][ T299] device veth1_macvtap entered promiscuous mode [ 27.873167][ T296] device veth1_macvtap entered promiscuous mode [ 27.879875][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.888168][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.896012][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.904208][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.912220][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.920960][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.929194][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.937304][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.962748][ T298] device veth1_macvtap entered promiscuous mode [ 27.970598][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.979733][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.988772][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.996341][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.004409][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.013077][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.021479][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.031987][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.040239][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.048445][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.057319][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.108386][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.122324][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.131010][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.139377][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.179910][ T333] loop3: detected capacity change from 0 to 1024 [ 28.234947][ T333] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 28.243856][ T333] EXT4-fs (loop3): orphan cleanup on readonly fs [ 28.251321][ T333] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5837: Corrupt filesystem [ 28.261411][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.267958][ T333] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #3: comm syz.3.4: mark_inode_dirty error [ 28.279678][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.295821][ T333] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.4: Invalid block bitmap block 3 in block_group 0 [ 28.295995][ T335] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.310821][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.335738][ T333] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5837: Corrupt filesystem [ 28.349112][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.357427][ T333] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #3: comm syz.3.4: mark_inode_dirty error [ 28.368652][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.375603][ T333] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 1: comm syz.3.4: lblock 6 mapped to illegal pblock 1 (length 1) [ 28.391510][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.397989][ T333] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 48: comm syz.3.4: lblock 0 mapped to illegal pblock 48 (length 1) [ 28.418775][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.425906][ T333] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.4: Failed to acquire dquot type 0 [ 28.440485][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.447032][ T333] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #3: block 49: comm syz.3.4: lblock 1 mapped to illegal pblock 49 (length 1) [ 28.463237][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.475782][ T333] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.4: Failed to acquire dquot type 0 [ 28.486886][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.487306][ T345] process 'syz.4.8' launched './file0' with NULL argv: empty string added [ 28.502844][ T333] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5837: Corrupt filesystem [ 28.512605][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.519180][ T333] EXT4-fs error (device loop3): ext4_evict_inode:283: inode #15: comm syz.3.4: mark_inode_dirty error [ 28.530299][ T333] EXT4-fs (loop3): Remounting filesystem read-only [ 28.542204][ T333] EXT4-fs warning (device loop3): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 28.553113][ T333] EXT4-fs (loop3): 1 orphan inode deleted [ 28.559041][ T333] EXT4-fs (loop3): mounted filesystem without journal. Opts: abort,stripe=0x0000000000000e47,noinit_itable,errors=remount-ro,nombcache,noblock_validity,dioread_lock,min_batch_time=0x0000000000000577,. Quota mode: none. [ 28.591011][ T333] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #2: block 16: comm syz.3.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 28.605333][ T333] EXT4-fs error (device loop3): ext4_map_blocks:629: inode #2: block 16: comm syz.3.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 28.631389][ T333] syz.3.4 (333) used greatest stack depth: 19824 bytes left [ 28.742222][ T379] loop3: detected capacity change from 0 to 128 [ 28.819455][ T379] attempt to access beyond end of device [ 28.819455][ T379] loop3: rw=0, want=1041, limit=128 [ 28.958168][ T389] syz.1.25[389] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.958240][ T389] syz.1.25[389] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.986326][ T300] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 29.018117][ T394] serio: Serial port ptm0 [ 29.123639][ T409] loop2: detected capacity change from 0 to 128 [ 29.150848][ T414] loop1: detected capacity change from 0 to 256 [ 29.177086][ T414] FAT-fs (loop1): Unrecognized mount option "sb…£¸name=win95" or missing value [ 29.197083][ T409] attempt to access beyond end of device [ 29.197083][ T409] loop2: rw=2049, want=1041, limit=128 [ 29.281024][ T427] serio: Serial port ptm0 [ 29.356255][ T300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.372767][ T300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.396244][ T300] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 29.414845][ T300] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 29.424519][ T300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.433529][ T300] usb 5-1: config 0 descriptor?? [ 29.586568][ T472] syz.3.62[472] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.586642][ T472] syz.3.62[472] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.745348][ T495] loop2: detected capacity change from 0 to 512 [ 29.791930][ T20] kernel write not supported for file /59/attr/fscreate (pid: 20 comm: kworker/0:1) [ 29.821431][ T495] EXT4-fs (loop2): Ignoring removed nobh option [ 29.829072][ T495] EXT4-fs (loop2): Journaled quota options ignored when QUOTA feature is enabled [ 29.851731][ T495] EXT4-fs (loop2): 1 orphan inode deleted [ 29.857828][ T495] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nodiscard,noquota,resuid=0x0000000000000000,errors=remount-ro,nobh,sysvgroups,delalloc,usrjquota=./file1,. Quota mode: writeback. [ 29.877741][ T495] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.897368][ T300] dragonrise 0003:0079:0011.0001: item fetching failed at offset 1/5 [ 29.898014][ T30] kauditd_printk_skb: 204 callbacks suppressed [ 29.898027][ T30] audit: type=1400 audit(1734360318.273:274): avc: denied { setattr } for pid=494 comm="syz.2.73" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 29.905406][ T300] dragonrise 0003:0079:0011.0001: parse failed [ 29.940347][ T300] dragonrise: probe of 0003:0079:0011.0001 failed with error -22 [ 29.944584][ T30] audit: type=1400 audit(1734360318.313:275): avc: denied { read write } for pid=511 comm="syz.1.79" name="fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 29.972085][ T30] audit: type=1400 audit(1734360318.313:276): avc: denied { open } for pid=511 comm="syz.1.79" path="/dev/fuse" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 29.996020][ T30] audit: type=1400 audit(1734360318.313:277): avc: denied { mounton } for pid=511 comm="syz.1.79" path="/30/file0" dev="tmpfs" ino=170 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 29.996408][ T39] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 30.143060][ T520] usb 5-1: USB disconnect, device number 2 [ 30.326124][ T358] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.376181][ T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 30.387036][ T39] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 30.556218][ T39] usb 4-1: New USB device found, idVendor=fffb, idProduct=ffff, bcdDevice= 0.40 [ 30.565173][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.573068][ T39] usb 4-1: Product: syz [ 30.576985][ T39] usb 4-1: Manufacturer: syz [ 30.581375][ T39] usb 4-1: SerialNumber: syz [ 30.695193][ T30] audit: type=1326 audit(1734360319.063:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4360dd19 code=0x7ffc0000 [ 30.718296][ T30] audit: type=1326 audit(1734360319.063:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4360dd19 code=0x7ffc0000 [ 30.726395][ T358] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.742426][ T30] audit: type=1326 audit(1734360319.063:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe4360dd19 code=0x7ffc0000 [ 30.775130][ T358] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.781323][ T30] audit: type=1326 audit(1734360319.093:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4360dd19 code=0x7ffc0000 [ 30.807541][ T358] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 30.808103][ T30] audit: type=1326 audit(1734360319.133:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe4360dd19 code=0x7ffc0000 [ 30.843178][ T358] usb 3-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 30.851324][ T30] audit: type=1326 audit(1734360319.133:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=526 comm="syz.4.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe4360dd19 code=0x7ffc0000 [ 30.855162][ T491] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 30.882200][ T358] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.893341][ T529] loop1: detected capacity change from 0 to 512 [ 30.899717][ T358] usb 3-1: config 0 descriptor?? [ 30.926420][ T531] netlink: 96 bytes leftover after parsing attributes in process `syz.4.86'. [ 30.942948][ T533] loop4: detected capacity change from 0 to 256 [ 30.956862][ T529] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 30.964014][ T529] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 30.972174][ T529] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 30.980045][ T529] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 30.988699][ T529] EXT4-fs (loop1): 1 truncate cleaned up [ 30.991238][ T533] FAT-fs (loop4): bogus sectors per cluster 0 [ 30.994349][ T529] EXT4-fs (loop1): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,mblk_io_submit,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback. [ 31.005244][ T533] FAT-fs (loop4): Can't find a valid FAT filesystem [ 31.153076][ T544] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 31.195814][ T550] loop4: detected capacity change from 0 to 2048 [ 31.277230][ T550] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 31.334025][ T557] loop4: detected capacity change from 0 to 512 [ 31.356750][ T358] holtek_mouse 0003:04D9:A070.0002: item fetching failed at offset 1/5 [ 31.364960][ T358] holtek_mouse 0003:04D9:A070.0002: hid parse failed: -22 [ 31.372600][ T358] holtek_mouse: probe of 0003:04D9:A070.0002 failed with error -22 [ 31.427490][ T557] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 31.438383][ T557] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.573736][ T358] usb 3-1: USB disconnect, device number 2 [ 31.698401][ T573] loop4: detected capacity change from 0 to 128 [ 31.736824][ T573] ======================================================= [ 31.736824][ T573] WARNING: The mand mount option has been deprecated and [ 31.736824][ T573] and is ignored by this kernel. Remove the mand [ 31.736824][ T573] option from the mount to silence this warning. [ 31.736824][ T573] ======================================================= [ 31.777246][ T573] EXT4-fs (loop4): Test dummy encryption mode enabled [ 31.784775][ T573] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 31.797232][ T573] ext4 filesystem being mounted at /22/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 31.807602][ T491] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 32.036223][ T39] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 32.042592][ T39] cdc_ncm 4-1:1.0: setting rx_max = 16384 [ 32.088696][ T584] overlayfs: failed to resolve './file1': -2 [ 32.115825][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x1 [ 32.123108][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.130403][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.137803][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.145100][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.152672][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.159910][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x4 [ 32.167119][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.174280][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x2 [ 32.181528][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.188722][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.195898][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.203334][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.210836][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x4 [ 32.218213][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.225408][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.232826][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.240342][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.247708][ T39] cdc_ncm 4-1:1.0: setting tx_max = 16384 [ 32.253416][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.260794][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.269225][ T39] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 32.279166][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.288726][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.295934][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.303406][ T39] usb 4-1: USB disconnect, device number 2 [ 32.309262][ T39] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 32.317483][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.324609][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.333152][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.340427][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.347610][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.354781][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.362032][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.371098][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.378444][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.385649][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.392878][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.400083][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.407330][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.414456][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.421787][ T520] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 32.429570][ T520] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 32.439156][ T358] ================================================================== [ 32.447027][ T358] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120 [ 32.454663][ T358] Read of size 8 at addr ffff8881164e8c70 by task kworker/1:3/358 [ 32.462295][ T358] [ 32.464474][ T358] CPU: 1 PID: 358 Comm: kworker/1:3 Not tainted 5.15.173-syzkaller-00161-gb4bd207b0380 #0 [ 32.474193][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 32.484094][ T358] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 32.490423][ T358] Call Trace: [ 32.493542][ T358] [ 32.496323][ T358] dump_stack_lvl+0x151/0x1c0 [ 32.500833][ T358] ? io_uring_drop_tctx_refs+0x190/0x190 [ 32.506305][ T358] ? panic+0x760/0x760 [ 32.510206][ T358] print_address_description+0x87/0x3b0 [ 32.515595][ T358] kasan_report+0x179/0x1c0 [ 32.519934][ T358] ? __kasan_check_write+0x14/0x20 [ 32.524877][ T358] ? __list_del_entry_valid+0xa6/0x120 [ 32.530170][ T358] ? __list_del_entry_valid+0xa6/0x120 [ 32.535463][ T358] __asan_report_load8_noabort+0x14/0x20 [ 32.540933][ T358] __list_del_entry_valid+0xa6/0x120 [ 32.546054][ T358] process_one_work+0x458/0xc10 [ 32.550739][ T358] worker_thread+0xad5/0x12a0 [ 32.555264][ T358] ? _raw_spin_lock+0x1b0/0x1b0 [ 32.559957][ T358] kthread+0x421/0x510 [ 32.563843][ T358] ? worker_clr_flags+0x180/0x180 [ 32.568706][ T358] ? kthread_blkcg+0xd0/0xd0 [ 32.573132][ T358] ret_from_fork+0x1f/0x30 [ 32.577386][ T358] [ 32.580247][ T358] [ 32.582418][ T358] Allocated by task 39: [ 32.586408][ T358] ____kasan_kmalloc+0xdb/0x110 [ 32.591099][ T358] __kasan_kmalloc+0x9/0x10 [ 32.595439][ T358] __kmalloc+0x13f/0x2c0 [ 32.599517][ T358] kvmalloc_node+0x1f0/0x4d0 [ 32.604114][ T358] alloc_netdev_mqs+0x8c/0xc90 [ 32.608715][ T358] alloc_etherdev_mqs+0x33/0x40 [ 32.613403][ T358] usbnet_probe+0x1fa/0x2860 [ 32.617828][ T358] usb_probe_interface+0x5b6/0xa90 [ 32.622780][ T358] really_probe+0x28d/0x970 [ 32.627118][ T358] __driver_probe_device+0x1a0/0x310 [ 32.632236][ T358] driver_probe_device+0x54/0x3d0 [ 32.637097][ T358] __device_attach_driver+0x2c5/0x470 [ 32.642303][ T358] bus_for_each_drv+0x183/0x200 [ 32.646994][ T358] __device_attach+0x312/0x510 [ 32.651590][ T358] device_initial_probe+0x1a/0x20 [ 32.656450][ T358] bus_probe_device+0xbe/0x1e0 [ 32.661052][ T358] device_add+0xb60/0xf10 [ 32.665218][ T358] usb_set_configuration+0x190f/0x1e80 [ 32.670513][ T358] usb_generic_driver_probe+0x8b/0x150 [ 32.675803][ T358] usb_probe_device+0x144/0x260 [ 32.680491][ T358] really_probe+0x28d/0x970 [ 32.684831][ T358] __driver_probe_device+0x1a0/0x310 [ 32.689951][ T358] driver_probe_device+0x54/0x3d0 [ 32.694812][ T358] __device_attach_driver+0x2c5/0x470 [ 32.700019][ T358] bus_for_each_drv+0x183/0x200 [ 32.704705][ T358] __device_attach+0x312/0x510 [ 32.709306][ T358] device_initial_probe+0x1a/0x20 [ 32.714166][ T358] bus_probe_device+0xbe/0x1e0 [ 32.718768][ T358] device_add+0xb60/0xf10 [ 32.722932][ T358] usb_new_device+0x1038/0x1c00 [ 32.727619][ T358] hub_event+0x2def/0x4770 [ 32.731872][ T358] process_one_work+0x6bb/0xc10 [ 32.736559][ T358] worker_thread+0xad5/0x12a0 [ 32.741074][ T358] kthread+0x421/0x510 [ 32.744982][ T358] ret_from_fork+0x1f/0x30 [ 32.749230][ T358] [ 32.751402][ T358] Freed by task 39: [ 32.755047][ T358] kasan_set_track+0x4b/0x70 [ 32.759471][ T358] kasan_set_free_info+0x23/0x40 [ 32.764245][ T358] ____kasan_slab_free+0x126/0x160 [ 32.769193][ T358] __kasan_slab_free+0x11/0x20 [ 32.773794][ T358] slab_free_freelist_hook+0xbd/0x190 [ 32.779019][ T358] kfree+0xcc/0x270 [ 32.782653][ T358] kvfree+0x35/0x40 [ 32.786300][ T358] netdev_freemem+0x3f/0x60 [ 32.790633][ T358] netdev_release+0x7f/0xb0 [ 32.794973][ T358] device_release+0x95/0x1c0 [ 32.799402][ T358] kobject_put+0x178/0x260 [ 32.803649][ T358] put_device+0x1f/0x30 [ 32.807645][ T358] free_netdev+0x34f/0x440 [ 32.811897][ T358] usbnet_disconnect+0x25f/0x3b0 [ 32.816670][ T358] usb_unbind_interface+0x1fa/0x8c0 [ 32.821702][ T358] device_release_driver_internal+0x50b/0x7d0 [ 32.827603][ T358] device_release_driver+0x19/0x20 [ 32.832552][ T358] bus_remove_device+0x2f8/0x360 [ 32.837333][ T358] device_del+0x663/0xe90 [ 32.841492][ T358] usb_disable_device+0x380/0x720 [ 32.846353][ T358] usb_disconnect+0x32a/0x890 [ 32.850864][ T358] hub_event+0x1d42/0x4770 [ 32.855117][ T358] process_one_work+0x6bb/0xc10 [ 32.859805][ T358] worker_thread+0xe02/0x12a0 [ 32.864319][ T358] kthread+0x421/0x510 [ 32.868224][ T358] ret_from_fork+0x1f/0x30 [ 32.872475][ T358] [ 32.874652][ T358] Last potentially related work creation: [ 32.880205][ T358] kasan_save_stack+0x3b/0x60 [ 32.884714][ T358] __kasan_record_aux_stack+0xd3/0xf0 [ 32.889923][ T358] kasan_record_aux_stack_noalloc+0xb/0x10 [ 32.895565][ T358] insert_work+0x56/0x320 [ 32.899729][ T358] __queue_work+0x92a/0xcd0 [ 32.904074][ T358] queue_work_on+0x105/0x170 [ 32.908499][ T358] usbnet_link_change+0x182/0x1a0 [ 32.913358][ T358] usbnet_probe+0x1dad/0x2860 [ 32.917868][ T358] usb_probe_interface+0x5b6/0xa90 [ 32.922829][ T358] really_probe+0x28d/0x970 [ 32.927158][ T358] __driver_probe_device+0x1a0/0x310 [ 32.932276][ T358] driver_probe_device+0x54/0x3d0 [ 32.937137][ T358] __device_attach_driver+0x2c5/0x470 [ 32.942346][ T358] bus_for_each_drv+0x183/0x200 [ 32.947229][ T358] __device_attach+0x312/0x510 [ 32.951817][ T358] device_initial_probe+0x1a/0x20 [ 32.956678][ T358] bus_probe_device+0xbe/0x1e0 [ 32.961277][ T358] device_add+0xb60/0xf10 [ 32.965442][ T358] usb_set_configuration+0x190f/0x1e80 [ 32.970744][ T358] usb_generic_driver_probe+0x8b/0x150 [ 32.976030][ T358] usb_probe_device+0x144/0x260 [ 32.980718][ T358] really_probe+0x28d/0x970 [ 32.985057][ T358] __driver_probe_device+0x1a0/0x310 [ 32.990178][ T358] driver_probe_device+0x54/0x3d0 [ 32.995041][ T358] __device_attach_driver+0x2c5/0x470 [ 33.000246][ T358] bus_for_each_drv+0x183/0x200 [ 33.004932][ T358] __device_attach+0x312/0x510 [ 33.009532][ T358] device_initial_probe+0x1a/0x20 [ 33.014394][ T358] bus_probe_device+0xbe/0x1e0 [ 33.018993][ T358] device_add+0xb60/0xf10 [ 33.023161][ T358] usb_new_device+0x1038/0x1c00 [ 33.027847][ T358] hub_event+0x2def/0x4770 [ 33.032098][ T358] process_one_work+0x6bb/0xc10 [ 33.036796][ T358] worker_thread+0xad5/0x12a0 [ 33.041303][ T358] kthread+0x421/0x510 [ 33.045206][ T358] ret_from_fork+0x1f/0x30 [ 33.049458][ T358] [ 33.051628][ T358] The buggy address belongs to the object at ffff8881164e8000 [ 33.051628][ T358] which belongs to the cache kmalloc-4k of size 4096 [ 33.065515][ T358] The buggy address is located 3184 bytes inside of [ 33.065515][ T358] 4096-byte region [ffff8881164e8000, ffff8881164e9000) [ 33.078796][ T358] The buggy address belongs to the page: [ 33.084276][ T358] page:ffffea0004593a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1164e8 [ 33.094330][ T358] head:ffffea0004593a00 order:3 compound_mapcount:0 compound_pincount:0 [ 33.102487][ T358] flags: 0x4000000000010200(slab|head|zone=1) [ 33.108397][ T358] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 33.116815][ T358] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 33.125228][ T358] page dumped because: kasan: bad access detected [ 33.131485][ T358] page_owner tracks the page as allocated [ 33.137036][ T358] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 112, ts 4302584680, free_ts 0 [ 33.154917][ T358] post_alloc_hook+0x1a3/0x1b0 [ 33.159511][ T358] prep_new_page+0x1b/0x110 [ 33.163849][ T358] get_page_from_freelist+0x3550/0x35d0 [ 33.169234][ T358] __alloc_pages+0x27e/0x8f0 [ 33.173659][ T358] new_slab+0x9a/0x4e0 [ 33.177565][ T358] ___slab_alloc+0x39e/0x830 [ 33.181990][ T358] __slab_alloc+0x4a/0x90 [ 33.186156][ T358] kmem_cache_alloc_trace+0x147/0x270 [ 33.191362][ T358] uevent_show+0x160/0x330 [ 33.195616][ T358] dev_attr_show+0x56/0xd0 [ 33.199869][ T358] sysfs_kf_seq_show+0x265/0x3e0 [ 33.204642][ T358] kernfs_seq_show+0x119/0x160 [ 33.209242][ T358] seq_read_iter+0x430/0xd00 [ 33.213669][ T358] kernfs_fop_read_iter+0x145/0x470 [ 33.218703][ T358] vfs_read+0xa81/0xd40 [ 33.222695][ T358] ksys_read+0x199/0x2c0 [ 33.226774][ T358] page_owner free stack trace missing [ 33.231983][ T358] [ 33.234149][ T358] Memory state around the buggy address: [ 33.239623][ T358] ffff8881164e8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.247521][ T358] ffff8881164e8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.255420][ T358] >ffff8881164e8c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.263321][ T358] ^ [ 33.270870][ T358] ffff8881164e8c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.278851][ T358] ffff8881164e8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.286749][ T358] ================================================================== [ 33.294647][ T358] Disabling lock debugging due to kernel taint