last executing test programs: 14.0436872s ago: executing program 2 (id=6126): unshare(0x400) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000001580)={'syz1\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x7]}, 0x45c) r1 = dup(r0) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) 14.04350259s ago: executing program 2 (id=6127): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) 14.04343076s ago: executing program 2 (id=6128): iopl(0x3) bpf$MAP_CREATE(0x300000000000018, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 14.03937689s ago: executing program 2 (id=6129): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0xe) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f00000005c0)={[{@noauto_da_alloc}, {@errors_remount}, {@dioread_nolock}]}, 0x3, 0x4cf, &(0x7f0000000740)="$eJzs3E9sFNUfAPDvbFta/v3YHyIKohbR2EhsoaBwMDEYTTxoYsSDHpu2EKRQQ0siBM2SGDwaEu/Go1cPXtULMZ5MvOLRxJAQwwUwMa6Z3Znudpltabvt2vTzSZZ5b/699+bNm33zXpcANqzB9J+kHr4ZETsiotS6w2B9ce/OlfH7d66MR6VaPflnUjvsbhrPZKeJrVlkqBRR+ixpbGgyc+ny2bGpqckLWXxk9txHIzOXLr945tzY6cnTk+dHjx8/euTwsZdHX1p6oQrSS8t1d++n0/v2vPnB9bfHe/P1A9myuRydMhiDRVmpea7TiXXZ9qZw0tvFjLAk6f2fVldfrf3viJ5QebBRVKvVan/7zZVqq6sPrAHWrSS6nQOgO/Iv+vT9N/8UdQQ2rU73o+tun6i/AKXlvpd9Ip6urczHQfpa3m87aTAi3q/89VX6iVUahwAAaPbDibwn2NL/K9dnRv6+eOPVdPm/bA6lHBH/j4idEfFIROyKiEcjYndEPBYRj7ecvyciqgukP9gSn0t/bhKqdKtDRS2U9v9eyea2Gv2/eRko92Sx7RF5h3nyUHZNhqKv/9SZqcnDC6Tx4+u/ftFuW3P/L/2k6ed9wSwft3pbBugmxmbHll3gFrevRuztbS1/0huRzM0EJBGxJyL2LuG85abwmRe+2TcX6Zu/3+Llr6kWzqN1YKqi+nXE8/X6r8S8+m+kmCw8PzkyEFOTh0bSu+BQYRo//3LtnXbpL1r+735vPeSNY9+fzFrWyqX1v6Xp/o98/rZR/nISkczN184sPY1rv33e9p1muff/puS9Wjh/L/14bHb2wuGITclbD64fbRybx9NlVOrlHzpQ3P53ZsekV+KJiEhv4icj4qmovyGmed8fEc9ExIEFyv/Ta89+uPzyr660/BOFz7959d+Yr28XSCr1vQs29Zzdf/N+m4fHw9X/0VpoKFtT/PxL5j0i2uU0/7ZL1/yz0osHAAAA60QpIrY1jSVti1JpeLg+BrQrtpSmpmdmD56avnh+It0WUY6+Uj7SVR8P7kvy8c9yU3y0JX4kGzf+smdzLT48Pj010dWSA1trbT4pDWdjcXn7T/3RmSFm4L/MT35g41qo/aed+N3X1zAzwJp6+O//G5+sakaANdfU/ittdqks4+++gHXA+z/Q0K4b0OCZAetfVVuGDW1J7f/g4n0DYP3ojXfnwqWu5gRYa/r/sCEt+rv+FQWq/cWbBuLBnWNg4RP2xPKysbkgra4E0p5VV1LfvJyj8v9Noe0+UVraCfujM3V6aoVXo3Jh5vTujt/81exv5Ttdg9+uSTstCnTlcQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBx/wYAAP//J+Xi2A==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x0, 0x100) 13.716661149s ago: executing program 2 (id=6134): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x1f, "ffff01e03d64a831683fdc3fd440829c82cfc400", 0x0, 0x0, 0x6}, 0x3c) 13.558260519s ago: executing program 2 (id=6135): syz_usb_connect(0x2, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d8"], 0x0) 13.521372268s ago: executing program 32 (id=6135): syz_usb_connect(0x2, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e105080411250102030109021b00010000000009040000012ec25d000905d8"], 0x0) 5.883483022s ago: executing program 1 (id=6231): fsopen(&(0x7f0000000000)='cifs\x00', 0x0) r0 = fsopen(&(0x7f0000000040)='exofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b///o\\\xea\x95\x9a/\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r3}, 0x38) 3.851165158s ago: executing program 1 (id=6244): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) signalfd4(r0, &(0x7f0000000000)={[0x1]}, 0x8, 0x80000) 3.789357908s ago: executing program 1 (id=6245): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x3, 0x88000) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000001c0)) ioctl$EVIOCGRAB(r0, 0x40044590, 0x0) 3.779412408s ago: executing program 1 (id=6246): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) setgroups(0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r2) setresuid(r1, r1, 0x0) setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 3.704807318s ago: executing program 1 (id=6247): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0x6) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x95, 0x35, 0x40, 0x5ac, 0x242, 0x7028, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xdf, 0x0, 0x0, 0x3, 0xac, 0x2}}]}}]}}, 0x0) shutdown(r0, 0x1) 3.183678186s ago: executing program 0 (id=6250): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x39, 0x4, @tid=r0}, &(0x7f0000000480)) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e0, 0x1b0, 0xc8, 0x8, 0x1b0, 0x5803, 0x310, 0x2e8, 0x2e8, 0x310, 0x2e8, 0x3, 0x0, {[{{@ipv6={@loopback, @mcast1, [], [], 'erspan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1b0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67442c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1}}, @common=@inet=@socket1={{0x28}, 0xa490f54eab606508}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @mcast2, [], [], 'macvtap0\x00', 'syzkaller1\x00'}, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440) 1.991255034s ago: executing program 0 (id=6254): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000240)='//\xf2/\x06\b//\\o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$SIOCGSTAMP(r2, 0x8906, &(0x7f0000000300)) io_uring_setup(0x488, &(0x7f0000000080)) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x30, 0x3b, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x9, 0x2, 0x0, 0x1, [@generic="8d437a5771"]}]}, 0x30}}, 0xc000) 1.047241312s ago: executing program 0 (id=6263): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x11}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}}}, 0xb8}}, 0x20004800) syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6000000000303a00fe880000000000000000000000000001ff0200000000000000000000000000010300"], 0x0) 1.023858592s ago: executing program 0 (id=6264): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x94, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x80, 0x1, [@m_tunnel_key={0x32, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4, 0x2, 0x0, 0x0}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x8004) 960.978722ms ago: executing program 0 (id=6265): sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000001800000001000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r1}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20) sendmsg(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1, 0x0, 0x0, 0xa4}, 0x0) 899.583661ms ago: executing program 5 (id=6266): unshare(0x2000400) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, 0x0, 0x0) 899.356741ms ago: executing program 3 (id=6267): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0xf00, 0x0, 0x2, 0x300, 0x0}) 899.073102ms ago: executing program 3 (id=6268): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) 868.402181ms ago: executing program 5 (id=6269): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000ffffffffff00"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 860.589752ms ago: executing program 3 (id=6270): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000020000000200000004"], 0x2d) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000002c0)}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000a17000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b40000000000000061114800000000004600feff000000009500000000000000a791b6caf188b135dae91befc71304caf1d9933825001fca9ec2f102fae8e94ba4151e3c339fb5c94488d1f37aec7221eeb38bacc68c328363c7678d729849d6f7a41c979bd47d44f0aa3940feb779f2"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0xffffff33, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 803.651691ms ago: executing program 5 (id=6271): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, 0x0, 0x0) syz_io_uring_setup(0x2d5b, &(0x7f0000000140), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet_udp(0x2, 0x2, 0x0) 803.468911ms ago: executing program 5 (id=6272): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) syz_clone3(&(0x7f0000000ac0)={0x200020100, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[0x0], 0x1, {r0}}, 0x58) 478.34139ms ago: executing program 5 (id=6273): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = eventfd2(0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$ITER_CREATE(0xb, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) 477.916811ms ago: executing program 3 (id=6274): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_128={{0x303}, "0400", "0d07080d7f4fcf0000e8ffffff00", '\x00', "8657e2b7e43b34e4"}, 0x28) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000100)=0x704, 0x4) 370.690221ms ago: executing program 1 (id=6275): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000140)={[{@abort}, {@grpid}]}, 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x9, 0x3, 0x80000001}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) 307.59232ms ago: executing program 3 (id=6276): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe000bb00, @dev={0xac, 0x14, 0x14, 0x1e}, @dev}, 0xc) 0s ago: executing program 3 (id=6277): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x191, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{0x1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b0, @void, @value}, 0x94) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1, 0x0, 0x81}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540), 0xfffffdd8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r3, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40480, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n, priority 0 [ 1714.966455][T21673] tipc: Disabling bearer [ 1715.503761][T21683] loop4: detected capacity change from 0 to 8192 [ 1716.555950][T21691] hub 2-0:1.0: USB hub found [ 1716.561450][T21691] hub 2-0:1.0: 1 port detected [ 1717.745563][T21707] loop4: detected capacity change from 0 to 256 [ 1718.125154][T21712] hub 2-0:1.0: USB hub found [ 1718.129910][T21712] hub 2-0:1.0: 1 port detected [ 1718.726923][T21718] fuse: Bad value for 'fd' [ 1719.213554][T21723] loop0: detected capacity change from 0 to 128 [ 1719.287861][T21723] FAT-fs (loop0): Unrecognized mount option "˙0xffffffffffffffff˙˙˙˙˙˙˙˙" or missing value [ 1720.871738][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 1720.871758][ T30] audit: type=1400 audit(1736989875.265:8719): avc: denied { create } for pid=21738 comm="syz.4.5783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1721.260179][T21744] syz.0.5778[21744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1721.260611][T21744] syz.0.5778[21744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1722.028444][ T30] audit: type=1400 audit(1736989875.295:8720): avc: denied { setopt } for pid=21738 comm="syz.4.5783" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1722.060637][ T30] audit: type=1400 audit(1736989875.305:8721): avc: denied { write } for pid=21738 comm="syz.4.5783" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1722.109747][T21751] fuse: Bad value for 'fd' [ 1722.115954][T21751] loop3: detected capacity change from 0 to 256 [ 1722.137636][ T30] audit: type=1400 audit(1736989875.305:8722): avc: denied { read } for pid=21738 comm="syz.4.5783" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1722.277021][ T30] audit: type=1400 audit(1736989875.335:8723): avc: denied { read write } for pid=21738 comm="syz.4.5783" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1722.311375][ T30] audit: type=1400 audit(1736989875.335:8724): avc: denied { open } for pid=21738 comm="syz.4.5783" path="/dev/loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1722.322955][T21749] loop4: detected capacity change from 0 to 8192 [ 1722.341571][T21753] device syzkaller0 entered promiscuous mode [ 1722.342590][T21757] syz.1.5785[21757] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1722.348030][T21757] syz.1.5785[21757] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1722.359475][ T30] audit: type=1400 audit(1736989875.555:8725): avc: denied { ioctl } for pid=21738 comm="syz.4.5783" path="/dev/loop-control" dev="devtmpfs" ino=111 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1722.397911][ T30] audit: type=1400 audit(1736989876.525:8726): avc: denied { ioctl } for pid=21752 comm="syz.2.5786" path="socket:[75120]" dev="sockfs" ino=75120 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1722.495742][T21758] loop0: detected capacity change from 0 to 512 [ 1722.500417][ T30] audit: type=1326 audit(1736989876.885:8727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21755 comm="syz.0.5788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9495f6ed29 code=0x7ffc0000 [ 1722.526189][ T30] audit: type=1326 audit(1736989876.885:8728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21755 comm="syz.0.5788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9495f6ed29 code=0x7ffc0000 [ 1722.584903][T21758] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1722.591960][T21758] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.5788: bg 0: block 248: padding at end of block bitmap is not set [ 1722.606632][T21758] EXT4-fs error (device loop0): ext4_acquire_dquot:6188: comm syz.0.5788: Failed to acquire dquot type 1 [ 1722.619408][T21758] EXT4-fs (loop0): 1 truncate cleaned up [ 1722.625166][T21758] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1722.823678][T21766] hub 2-0:1.0: USB hub found [ 1722.828788][T21766] hub 2-0:1.0: 1 port detected [ 1723.209846][T21770] loop3: detected capacity change from 0 to 8192 [ 1723.359871][T21784] syz.2.5791[21784] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1723.359980][T21784] syz.2.5791[21784] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1723.536852][T18227] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1723.936919][T18227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1723.998899][T18227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1724.126093][T18227] usb 5-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 1724.147835][T18227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1724.157146][T18227] usb 5-1: config 0 descriptor?? [ 1724.431938][T21803] loop3: detected capacity change from 0 to 8192 [ 1724.546914][T18227] usbhid 5-1:0.0: can't add hid device: -71 [ 1724.553117][T18227] usbhid: probe of 5-1:0.0 failed with error -71 [ 1724.560292][T18227] usb 5-1: USB disconnect, device number 29 [ 1725.036184][T21810] fuse: Bad value for 'fd' [ 1725.061078][T21810] loop4: detected capacity change from 0 to 256 [ 1725.214558][T21814] loop2: detected capacity change from 0 to 512 [ 1725.549143][T21814] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1725.559619][T21814] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.5805: bg 0: block 248: padding at end of block bitmap is not set [ 1725.575175][T21814] EXT4-fs error (device loop2): ext4_acquire_dquot:6188: comm syz.2.5805: Failed to acquire dquot type 1 [ 1725.718025][T21819] hub 2-0:1.0: USB hub found [ 1725.723860][T21819] hub 2-0:1.0: 1 port detected [ 1725.912089][T21814] EXT4-fs (loop2): 1 truncate cleaned up [ 1725.928164][T21814] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1726.734840][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 1726.734858][ T30] audit: type=1400 audit(1736989881.125:8755): avc: denied { bind } for pid=21817 comm="syz.0.5806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1726.806864][ T30] audit: type=1400 audit(1736989881.165:8756): avc: denied { setopt } for pid=21817 comm="syz.0.5806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1727.123377][T21828] syz.4.5807[21828] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1727.123468][T21828] syz.4.5807[21828] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1727.135731][T21828] fuse: Bad value for 'fd' [ 1727.203027][T21830] loop3: detected capacity change from 0 to 256 [ 1727.722267][T21839] hub 2-0:1.0: USB hub found [ 1727.727892][T21839] hub 2-0:1.0: 1 port detected [ 1729.139108][T21849] loop4: detected capacity change from 0 to 256 [ 1729.897634][T21856] syz.2.5815[21856] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1729.899654][T21856] syz.2.5815[21856] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1730.839484][ T30] audit: type=1400 audit(1736989885.235:8757): avc: denied { write } for pid=21858 comm="syz.3.5818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1731.413260][T21862] hub 2-0:1.0: USB hub found [ 1731.418826][T21862] hub 2-0:1.0: 1 port detected [ 1731.669422][T21863] loop1: detected capacity change from 0 to 8192 [ 1731.682040][T21870] loop3: detected capacity change from 0 to 8192 [ 1731.814671][T21874] loop4: detected capacity change from 0 to 512 [ 1731.975476][T21874] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1731.984984][T21874] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5822: bg 0: block 248: padding at end of block bitmap is not set [ 1732.011711][T21874] Quota error (device loop4): write_blk: dquota write failed [ 1732.019192][T21874] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1732.029063][T21874] EXT4-fs error (device loop4): ext4_acquire_dquot:6188: comm syz.4.5822: Failed to acquire dquot type 1 [ 1732.045125][T21874] EXT4-fs (loop4): 1 truncate cleaned up [ 1732.051637][T21874] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1732.887880][ T30] audit: type=1400 audit(1736989887.285:8758): avc: denied { setopt } for pid=21884 comm="syz.1.5826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1733.058233][T21894] syz.3.5825[21894] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1733.058353][T21894] syz.3.5825[21894] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1733.071876][T21894] fuse: Bad value for 'fd' [ 1734.409162][T21907] syz.0.5829[21907] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1734.409260][T21907] syz.0.5829[21907] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1734.748718][T21905] loop4: detected capacity change from 0 to 8192 [ 1735.040788][T21915] loop1: detected capacity change from 0 to 8192 [ 1735.440086][T21919] loop4: detected capacity change from 0 to 8192 [ 1735.703740][T21926] loop0: detected capacity change from 0 to 512 [ 1735.925115][T21926] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1735.934114][T21926] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.5839: bg 0: block 248: padding at end of block bitmap is not set [ 1735.950210][T21926] Quota error (device loop0): write_blk: dquota write failed [ 1735.957644][T21926] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 1735.967483][T21926] EXT4-fs error (device loop0): ext4_acquire_dquot:6188: comm syz.0.5839: Failed to acquire dquot type 1 [ 1735.982228][T21926] EXT4-fs (loop0): 1 truncate cleaned up [ 1735.988780][T21926] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1737.333342][T21941] syz.2.5843[21941] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1737.333432][T21941] syz.2.5843[21941] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1737.345730][T21941] fuse: Bad value for 'fd' [ 1737.826850][T17070] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1737.889595][T21954] loop4: detected capacity change from 0 to 1024 [ 1737.968571][T21955] syz.1.5840[21955] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1737.968711][T21955] syz.1.5840[21955] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1737.985430][ T30] audit: type=1400 audit(1736989892.375:8759): avc: denied { append } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=16 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1738.077269][T21954] EXT4-fs (loop4): barriers disabled [ 1738.095224][T21954] JBD2: no valid journal superblock found [ 1738.133834][T21954] EXT4-fs (loop4): error loading journal [ 1738.264696][ T30] audit: type=1400 audit(1736989892.465:8760): avc: denied { mounton } for pid=21953 comm="syz.4.5848" path="/24/file0" dev="tmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1738.287628][ T30] audit: type=1400 audit(1736989892.475:8761): avc: denied { read write } for pid=11391 comm="syz-executor" name="loop2" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1738.637203][ T30] audit: type=1400 audit(1736989892.475:8762): avc: denied { open } for pid=11391 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1738.661656][ T30] audit: type=1400 audit(1736989892.475:8763): avc: denied { ioctl } for pid=11391 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1738.692944][ T30] audit: type=1400 audit(1736989892.515:8764): avc: denied { map_create } for pid=21956 comm="syz.2.5849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1738.712828][ T30] audit: type=1400 audit(1736989892.535:8765): avc: denied { prog_load } for pid=21956 comm="syz.2.5849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1738.732067][ T30] audit: type=1400 audit(1736989892.535:8766): avc: denied { bpf } for pid=21956 comm="syz.2.5849" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1738.766207][ T30] audit: type=1400 audit(1736989892.535:8767): avc: denied { perfmon } for pid=21956 comm="syz.2.5849" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1738.799838][ T30] audit: type=1400 audit(1736989892.535:8768): avc: denied { confidentiality } for pid=21956 comm="syz.2.5849" lockdown_reason="use of bpf to read kernel RAM" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 1738.856999][T17070] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1738.871345][T17070] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1738.883427][T17070] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1738.893095][T17070] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1738.926939][T21948] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1739.024918][T21973] loop4: detected capacity change from 0 to 256 [ 1739.077730][T21975] loop2: detected capacity change from 0 to 8192 [ 1739.546957][ T26] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1739.765618][T17070] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 1739.773716][T17070] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input12 [ 1739.793525][T17070] usb 4-1: USB disconnect, device number 16 [ 1739.799318][ C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1739.997294][ T26] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1740.044416][ T26] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1740.104526][ T26] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1740.152229][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1740.238226][T21964] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1740.244837][T21987] fuse: Bad value for 'fd' [ 1740.251310][T21987] loop3: detected capacity change from 0 to 256 [ 1740.793962][ T26] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 1740.907477][ T26] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input13 [ 1740.968176][ T26] usb 2-1: USB disconnect, device number 20 [ 1741.017958][T21997] syz.0.5859[21997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1741.018362][T21997] syz.0.5859[21997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1742.076448][T21999] loop3: detected capacity change from 0 to 8192 [ 1742.207300][T22007] loop0: detected capacity change from 0 to 256 [ 1742.286771][T22012] syz.4.5861[22012] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1742.286906][T22012] syz.4.5861[22012] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1742.394128][T22015] loop2: detected capacity change from 0 to 256 [ 1742.517192][T22016] hub 2-0:1.0: USB hub found [ 1742.523229][T22016] hub 2-0:1.0: 1 port detected [ 1742.753083][T22018] loop1: detected capacity change from 0 to 256 [ 1743.019364][T22020] hub 2-0:1.0: USB hub found [ 1743.024398][T22020] hub 2-0:1.0: 1 port detected [ 1743.379045][T22023] fuse: Bad value for 'fd' [ 1744.402353][T22023] loop0: detected capacity change from 0 to 256 [ 1744.437904][T22031] loop1: detected capacity change from 0 to 256 [ 1744.444212][ T30] kauditd_printk_skb: 71 callbacks suppressed [ 1744.444250][ T30] audit: type=1400 audit(1736989898.805:8840): avc: denied { write } for pid=22028 comm="syz.3.5868" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1744.476313][ T30] audit: type=1400 audit(1736989898.805:8841): avc: denied { open } for pid=22028 comm="syz.3.5868" path="/dev/vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1744.539168][ T30] audit: type=1400 audit(1736989898.935:8842): avc: denied { map_read map_write } for pid=22032 comm="syz.2.5870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1744.569894][ T30] audit: type=1400 audit(1736989898.965:8843): avc: denied { prog_run } for pid=22032 comm="syz.2.5870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1744.615905][T22035] loop2: detected capacity change from 0 to 256 [ 1744.747431][T22036] hub 2-0:1.0: USB hub found [ 1744.751961][T22036] hub 2-0:1.0: 1 port detected [ 1745.511051][T22044] hub 2-0:1.0: USB hub found [ 1745.516427][T22044] hub 2-0:1.0: 1 port detected [ 1745.824254][ T30] audit: type=1400 audit(1736989900.195:8844): avc: denied { confidentiality } for pid=22028 comm="syz.3.5868" lockdown_reason="use of bpf to read kernel RAM" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 1745.886970][ T30] audit: type=1400 audit(1736989900.265:8845): avc: denied { mount } for pid=22045 comm="syz.0.5873" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1745.925726][ T30] audit: type=1400 audit(1736989900.265:8846): avc: denied { create } for pid=22049 comm="syz.1.5874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1745.991077][T22056] loop2: detected capacity change from 0 to 256 [ 1745.996918][ T30] audit: type=1400 audit(1736989900.265:8847): avc: denied { write } for pid=22049 comm="syz.1.5874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1746.045515][T22052] loop1: detected capacity change from 0 to 8192 [ 1746.056854][ T30] audit: type=1400 audit(1736989900.355:8848): avc: denied { read write } for pid=11391 comm="syz-executor" name="loop2" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1746.112272][T22058] loop0: detected capacity change from 0 to 8192 [ 1746.118854][ T30] audit: type=1400 audit(1736989900.355:8849): avc: denied { open } for pid=11391 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1746.324274][T22060] hub 2-0:1.0: USB hub found [ 1746.330956][T22060] hub 2-0:1.0: 1 port detected [ 1747.484498][T22070] loop1: detected capacity change from 0 to 256 [ 1747.736325][T22078] syz.0.5883[22078] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1747.736659][T22078] syz.0.5883[22078] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1748.388955][T22084] hub 2-0:1.0: USB hub found [ 1748.405280][T22084] hub 2-0:1.0: 1 port detected [ 1748.779881][T22098] loop1: detected capacity change from 0 to 128 [ 1748.850599][T22098] FAT-fs (loop1): Unrecognized mount option "˙0xffffffffffffffff˙˙˙˙˙˙˙˙" or missing value [ 1748.938737][T22103] syz.2.5891[22103] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1748.938816][T22103] syz.2.5891[22103] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1748.951705][T22103] fuse: Bad value for 'fd' [ 1749.199537][T22114] syz.1.5890[22114] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1749.199977][T22114] syz.1.5890[22114] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1749.515659][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 1749.515713][ T30] audit: type=1400 audit(1736989903.635:8900): avc: denied { write } for pid=22097 comm="syz.1.5890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1750.134294][T22109] loop0: detected capacity change from 0 to 8192 [ 1750.192453][ T30] audit: type=1400 audit(1736989904.515:8901): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1750.216873][ T30] audit: type=1400 audit(1736989904.515:8902): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1750.238985][ T30] audit: type=1400 audit(1736989904.515:8903): avc: denied { open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=16 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1750.261742][ T30] audit: type=1400 audit(1736989904.515:8904): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=16 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1750.300505][ T30] audit: type=1400 audit(1736989904.655:8905): avc: denied { mount } for pid=22107 comm="syz.0.5892" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 1750.434991][ T30] audit: type=1400 audit(1736989904.825:8906): avc: denied { read write } for pid=22120 comm="syz.4.5896" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1750.458786][ T30] audit: type=1400 audit(1736989904.825:8907): avc: denied { open } for pid=22120 comm="syz.4.5896" path="/dev/raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1750.482768][ T30] audit: type=1400 audit(1736989904.825:8908): avc: denied { ioctl } for pid=22120 comm="syz.4.5896" path="/dev/raw-gadget" dev="devtmpfs" ino=250 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1750.508224][ T30] audit: type=1400 audit(1736989904.825:8909): avc: denied { unmount } for pid=12267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 1750.540254][T22123] loop3: detected capacity change from 0 to 256 [ 1750.589163][T22129] loop0: detected capacity change from 0 to 256 [ 1750.610796][T22127] loop1: detected capacity change from 0 to 8192 [ 1750.748886][T18520] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1751.123786][T22131] hub 2-0:1.0: USB hub found [ 1751.129567][T22131] hub 2-0:1.0: 1 port detected [ 1751.594567][T22133] hub 2-0:1.0: USB hub found [ 1751.599232][T22133] hub 2-0:1.0: 1 port detected [ 1751.963996][T22136] loop3: detected capacity change from 0 to 256 [ 1752.136966][T18520] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1752.149967][T18520] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1752.161877][T18520] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1752.184285][T18520] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1752.205239][T22151] hub 2-0:1.0: USB hub found [ 1752.210302][T22151] hub 2-0:1.0: 1 port detected [ 1752.448479][T22121] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1752.886495][T22159] loop0: detected capacity change from 0 to 8192 [ 1753.096971][T18520] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 1753.105896][T18520] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input14 [ 1753.135912][T18520] usb 5-1: USB disconnect, device number 30 [ 1753.141708][ C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 1753.262307][T22173] fuse: Bad value for 'fd' [ 1753.273822][T22173] loop1: detected capacity change from 0 to 256 [ 1753.483126][T22176] loop0: detected capacity change from 0 to 1024 [ 1753.681057][T22180] hub 2-0:1.0: USB hub found [ 1753.686724][T22180] hub 2-0:1.0: 1 port detected [ 1754.886930][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1754.886946][ T30] audit: type=1400 audit(1736989908.225:8919): avc: denied { name_bind } for pid=22177 comm="syz.2.5914" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 1754.917398][ T30] audit: type=1400 audit(1736989908.225:8920): avc: denied { node_bind } for pid=22177 comm="syz.2.5914" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 1754.939997][T22176] EXT4-fs (loop0): barriers disabled [ 1754.945882][T22176] JBD2: no valid journal superblock found [ 1754.966981][T22176] EXT4-fs (loop0): error loading journal [ 1755.056749][ T30] audit: type=1400 audit(1736989909.445:8921): avc: denied { create } for pid=22189 comm="syz.4.5919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1755.100524][ T30] audit: type=1400 audit(1736989909.485:8922): avc: denied { write } for pid=22189 comm="syz.4.5919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1755.150896][ T30] audit: type=1400 audit(1736989909.485:8923): avc: denied { read } for pid=22189 comm="syz.4.5919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1755.551936][T22192] loop2: detected capacity change from 0 to 8192 [ 1755.641580][ T30] audit: type=1400 audit(1736989910.035:8924): avc: denied { ioctl } for pid=22201 comm="syz.0.5922" path="socket:[75768]" dev="sockfs" ino=75768 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1755.687281][T22204] loop4: detected capacity change from 0 to 256 [ 1755.993766][T22207] hub 2-0:1.0: USB hub found [ 1755.999037][T22207] hub 2-0:1.0: 1 port detected [ 1756.240000][T22214] loop1: detected capacity change from 0 to 256 [ 1756.306639][T22218] fuse: Bad value for 'fd' [ 1756.313175][T22218] loop2: detected capacity change from 0 to 256 [ 1756.339554][ T30] audit: type=1400 audit(1736989910.735:8925): avc: denied { create } for pid=22215 comm="syz.0.5928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1756.444679][ T30] audit: type=1400 audit(1736989910.735:8926): avc: denied { setopt } for pid=22215 comm="syz.0.5928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1756.676619][T22228] hub 2-0:1.0: USB hub found [ 1756.682247][T22228] hub 2-0:1.0: 1 port detected [ 1757.002342][T22236] hub 2-0:1.0: USB hub found [ 1757.007415][T22236] hub 2-0:1.0: 1 port detected [ 1757.521883][T22242] loop0: detected capacity change from 0 to 8192 [ 1757.711038][ T30] audit: type=1400 audit(1736989912.105:8927): avc: denied { read } for pid=22251 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1757.783247][ T30] audit: type=1400 audit(1736989912.125:8928): avc: denied { open } for pid=22251 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1757.812761][T22248] loop3: detected capacity change from 0 to 8192 [ 1757.938311][T22251] bridge0: port 1(bridge_slave_0) entered blocking state [ 1757.977977][T22251] bridge0: port 1(bridge_slave_0) entered disabled state [ 1758.004355][T22251] device bridge_slave_0 entered promiscuous mode [ 1758.033702][T22251] bridge0: port 2(bridge_slave_1) entered blocking state [ 1758.064043][T22251] bridge0: port 2(bridge_slave_1) entered disabled state [ 1758.128928][T22251] device bridge_slave_1 entered promiscuous mode [ 1758.555983][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1758.576757][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1758.617230][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1758.641886][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1758.669145][ T3805] bridge0: port 1(bridge_slave_0) entered blocking state [ 1758.676010][ T3805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1758.703616][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1758.724070][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1758.761672][ T3805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1758.768555][ T3805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1758.809471][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1758.963349][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1759.079769][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1759.105318][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1759.113406][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1759.129358][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1759.144925][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1759.165801][T22251] device veth0_vlan entered promiscuous mode [ 1759.189023][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1759.201861][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1759.224859][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1759.245778][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1759.275785][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1759.295590][T22251] device veth1_macvtap entered promiscuous mode [ 1759.316673][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1759.330116][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1759.355156][ T463] device bridge_slave_1 left promiscuous mode [ 1759.362867][ T463] bridge0: port 2(bridge_slave_1) entered disabled state [ 1759.377313][ T463] device bridge_slave_0 left promiscuous mode [ 1759.393496][ T463] bridge0: port 1(bridge_slave_0) entered disabled state [ 1759.449304][ T463] device veth1_macvtap left promiscuous mode [ 1759.461366][ T463] device veth0_vlan left promiscuous mode [ 1760.484550][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1760.492890][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1760.564497][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 1760.564513][ T30] audit: type=1400 audit(1736989914.955:8940): avc: denied { mounton } for pid=22251 comm="syz-executor" path="/root/syzkaller.DaIOqZ/syz-tmp" dev="sda1" ino=1962 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 1760.608938][T22283] loop0: detected capacity change from 0 to 512 [ 1760.626848][ T30] audit: type=1400 audit(1736989914.955:8941): avc: denied { mount } for pid=22251 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1760.665314][ T30] audit: type=1400 audit(1736989914.955:8942): avc: denied { mount } for pid=22251 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1760.687689][ T30] audit: type=1400 audit(1736989914.965:8943): avc: denied { mounton } for pid=22251 comm="syz-executor" path="/root/syzkaller.DaIOqZ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 1760.724664][ T30] audit: type=1400 audit(1736989914.965:8944): avc: denied { mounton } for pid=22251 comm="syz-executor" path="/root/syzkaller.DaIOqZ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=77828 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 1760.770063][ T30] audit: type=1400 audit(1736989914.965:8945): avc: denied { unmount } for pid=22251 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1760.790093][T22283] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 1760.798934][ T30] audit: type=1400 audit(1736989914.985:8946): avc: denied { mounton } for pid=22251 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 1760.810298][T22283] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1760.828606][ T30] audit: type=1400 audit(1736989915.055:8947): avc: denied { mount } for pid=22251 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1760.859421][T22297] loop1: detected capacity change from 0 to 128 [ 1760.867589][ T30] audit: type=1400 audit(1736989915.055:8948): avc: denied { mounton } for pid=22251 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1760.891903][ T30] audit: type=1400 audit(1736989915.065:8949): avc: denied { read } for pid=22289 comm="syz.2.5934" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1760.914960][T22283] System zones: 0-1, 15-15, 18-18, 34-34 [ 1760.921072][T22283] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1760.927373][T22283] EXT4-fs warning (device loop0): ext4_enable_quotas:6423: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1760.932815][T22297] FAT-fs (loop1): Unrecognized mount option "˙0xffffffffffffffff˙˙˙˙˙˙˙˙" or missing value [ 1760.941778][T22283] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 1760.958504][T22283] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.5948: bg 0: block 40: padding at end of block bitmap is not set [ 1760.985856][T22283] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 1760.995960][T22283] EXT4-fs (loop0): 1 truncate cleaned up [ 1761.002894][T22283] EXT4-fs (loop0): mounted filesystem without journal. Opts: nojournal_checksum,data=writeback,,errors=continue. Quota mode: writeback. [ 1761.260920][T22312] syz.1.5950[22312] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1761.261296][T22312] syz.1.5950[22312] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1764.680578][T22326] loop2: detected capacity change from 0 to 8192 [ 1764.923162][T22336] loop4: detected capacity change from 0 to 512 [ 1765.600111][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 1766.171405][ T30] audit: type=1326 audit(1736989919.745:8975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f1e67744597 code=0x7ffc0000 [ 1766.229851][T22336] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1766.239103][T22336] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5962: bg 0: block 248: padding at end of block bitmap is not set [ 1766.254549][T22336] Quota error (device loop4): write_blk: dquota write failed [ 1766.262004][T22336] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1766.271843][T22336] EXT4-fs error (device loop4): ext4_acquire_dquot:6188: comm syz.4.5962: Failed to acquire dquot type 1 [ 1766.286605][T22336] EXT4-fs (loop4): 1 truncate cleaned up [ 1766.295056][T22336] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1767.956915][ T30] audit: type=1326 audit(1736989919.775:8976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f1e677474ca code=0x7ffc0000 [ 1767.980574][ T30] audit: type=1326 audit(1736989920.695:8977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1e67744690 code=0x7ffc0000 [ 1768.003952][ T30] audit: type=1326 audit(1736989920.705:8978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f1e67744a77 code=0x7ffc0000 [ 1768.027323][ T30] audit: type=1326 audit(1736989920.705:8979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1e67744690 code=0x7ffc0000 [ 1768.079570][ T30] audit: type=1326 audit(1736989920.705:8980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1e6774592b code=0x7ffc0000 [ 1768.175370][ T30] audit: type=1326 audit(1736989920.705:8981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f1e6774498a code=0x7ffc0000 [ 1768.209727][ T30] audit: type=1326 audit(1736989920.705:8982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22327 comm="syz.4.5962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e67745d29 code=0x7ffc0000 [ 1768.565381][T22364] syz.2.5968[22364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1768.565468][T22364] syz.2.5968[22364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1768.739863][T22368] loop4: detected capacity change from 0 to 512 [ 1768.837214][T22368] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1768.898403][T22368] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5972: bg 0: block 248: padding at end of block bitmap is not set [ 1768.919484][T22368] EXT4-fs error (device loop4): ext4_acquire_dquot:6188: comm syz.4.5972: Failed to acquire dquot type 1 [ 1768.939846][T22368] EXT4-fs (loop4): 1 truncate cleaned up [ 1768.949125][T22368] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1771.040941][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 1771.040958][ T30] audit: type=1400 audit(1736989925.435:9003): avc: denied { read write } for pid=22393 comm="syz.3.5981" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1771.176866][ T30] audit: type=1400 audit(1736989925.435:9004): avc: denied { open } for pid=22393 comm="syz.3.5981" path="/dev/loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1771.229371][T22404] fuse: Bad value for 'fd' [ 1771.238367][T22404] loop1: detected capacity change from 0 to 256 [ 1771.248912][ T30] audit: type=1400 audit(1736989925.475:9005): avc: denied { ioctl } for pid=22393 comm="syz.3.5981" path="/dev/loop-control" dev="devtmpfs" ino=111 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1771.360030][T22407] fuse: Bad value for 'group_id' [ 1771.366945][T22407] loop2: detected capacity change from 0 to 256 [ 1771.581200][T22409] hub 2-0:1.0: USB hub found [ 1771.586158][T22409] hub 2-0:1.0: 1 port detected [ 1771.936829][T22421] hub 2-0:1.0: USB hub found [ 1771.944466][T22421] hub 2-0:1.0: 1 port detected [ 1772.176852][ T571] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1772.452112][T21254] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1772.649752][T22434] loop2: detected capacity change from 0 to 8192 [ 1772.752785][T22436] syz.1.5993[22436] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1772.753130][T22436] syz.1.5993[22436] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1772.825305][ T30] audit: type=1400 audit(1736989927.215:9006): avc: denied { ioctl } for pid=22419 comm="syz.3.5990" path="/dev/raw-gadget" dev="devtmpfs" ino=250 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1773.057207][ T571] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 1773.109277][ T571] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 1773.209456][ T571] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1773.387771][ T571] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1773.528825][ T30] audit: type=1400 audit(1736989927.395:9007): avc: denied { read write } for pid=21561 comm="syz-executor" name="loop4" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1773.586910][T22417] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1773.617026][ T30] audit: type=1400 audit(1736989927.395:9008): avc: denied { open } for pid=21561 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1773.691389][ T30] audit: type=1400 audit(1736989927.395:9009): avc: denied { ioctl } for pid=21561 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=116 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1773.761567][ T30] audit: type=1400 audit(1736989927.425:9010): avc: denied { append } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=16 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1773.789192][ T30] audit: type=1400 audit(1736989927.625:9011): avc: denied { mount } for pid=22433 comm="syz.2.5994" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 1773.815609][ T30] audit: type=1400 audit(1736989927.685:9012): avc: denied { name_bind } for pid=22437 comm="syz.4.5995" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 1773.847018][T18520] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1773.887454][T21254] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1773.898199][T21254] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1773.907760][T21254] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 1773.916913][T21254] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1773.931705][T21254] usb 4-1: config 0 descriptor?? [ 1774.067007][ T571] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 1774.075232][ T571] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input15 [ 1774.087404][T18520] usb 5-1: Using ep0 maxpacket: 8 [ 1774.102039][ T571] usb 1-1: USB disconnect, device number 22 [ 1774.148436][T22470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6009'. [ 1774.217600][T18520] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1774.276858][T18520] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1774.276885][T21254] usbhid 4-1:0.0: can't add hid device: -71 [ 1774.288195][T21254] usbhid: probe of 4-1:0.0 failed with error -71 [ 1774.298503][T18520] usb 5-1: can't read configurations, error -71 [ 1774.313617][T21254] usb 4-1: USB disconnect, device number 17 [ 1774.394411][T22477] bridge0: port 1(bridge_slave_0) entered blocking state [ 1774.401508][T22477] bridge0: port 1(bridge_slave_0) entered disabled state [ 1774.409111][T22477] device bridge_slave_0 entered promiscuous mode [ 1774.416118][T22477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1774.423293][T22477] bridge0: port 2(bridge_slave_1) entered disabled state [ 1774.430901][T22477] device bridge_slave_1 entered promiscuous mode [ 1774.498885][T22477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1774.505760][T22477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1774.512915][T22477] bridge0: port 1(bridge_slave_0) entered blocking state [ 1774.519781][T22477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1774.546678][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1774.554419][ T3892] bridge0: port 1(bridge_slave_0) entered disabled state [ 1774.561948][ T3892] bridge0: port 2(bridge_slave_1) entered disabled state [ 1774.585537][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1774.600289][ T3892] bridge0: port 1(bridge_slave_0) entered blocking state [ 1774.607182][ T3892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1774.615127][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1774.623229][ T3892] bridge0: port 2(bridge_slave_1) entered blocking state [ 1774.630114][ T3892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1774.638502][ T463] tipc: Left network mode [ 1774.643653][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1774.651567][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1774.677227][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1774.710334][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1774.718904][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1774.726486][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1774.738500][T22477] device veth0_vlan entered promiscuous mode [ 1774.773858][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1774.783696][T22477] device veth1_macvtap entered promiscuous mode [ 1774.795333][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1774.811469][ T3892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1774.896205][T22492] loop0: detected capacity change from 0 to 40427 [ 1774.937734][T22492] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1774.945323][T22492] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1774.958013][T22492] F2FS-fs (loop0): invalid crc value [ 1775.004280][T22519] loop2: detected capacity change from 0 to 256 [ 1775.026992][T22492] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1775.111973][T22492] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1775.118901][T22492] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1775.129137][T22517] loop4: detected capacity change from 0 to 40427 [ 1775.132798][T22531] loop1: detected capacity change from 0 to 128 [ 1775.153851][T17159] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1775.165420][T17159] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1775.177413][T22517] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1775.184990][T22517] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1775.194910][T22517] F2FS-fs (loop4): invalid crc value [ 1775.207936][ T463] device bridge_slave_1 left promiscuous mode [ 1775.214001][ T463] bridge0: port 2(bridge_slave_1) entered disabled state [ 1775.242700][T22517] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1775.287196][ T463] device bridge_slave_0 left promiscuous mode [ 1775.293169][ T463] bridge0: port 1(bridge_slave_0) entered disabled state [ 1775.303422][T22517] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1775.310381][T22517] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1775.383155][T17159] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1775.400891][T17159] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1775.675968][T22554] netlink: 56 bytes leftover after parsing attributes in process `syz.2.6041'. [ 1775.829947][T22568] loop4: detected capacity change from 0 to 512 [ 1775.867562][T22568] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1775.897542][T22568] EXT4-fs (loop4): failed to initialize system zone (-117) [ 1775.904694][T22568] EXT4-fs (loop4): mount failed [ 1776.049474][ T30] kauditd_printk_skb: 70 callbacks suppressed [ 1776.049492][ T30] audit: type=1400 audit(2000000000.490:9083): avc: denied { read } for pid=22574 comm="syz.0.6050" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1776.108140][ T30] audit: type=1400 audit(2000000000.490:9084): avc: denied { open } for pid=22574 comm="syz.0.6050" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1776.152846][ T30] audit: type=1400 audit(2000000000.520:9085): avc: denied { ioctl } for pid=22574 comm="syz.0.6050" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1776.185721][T21254] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1776.204643][ T30] audit: type=1400 audit(2000000000.520:9086): avc: denied { unlink } for pid=22582 comm="syz.1.6054" name="#d7" dev="tmpfs" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 1776.227796][ T30] audit: type=1400 audit(2000000000.570:9087): avc: denied { create } for pid=22587 comm="syz.3.6056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1776.260803][T22601] loop4: detected capacity change from 0 to 256 [ 1776.261883][ T30] audit: type=1400 audit(2000000000.570:9088): avc: denied { unmount } for pid=22477 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1776.288052][ T30] audit: type=1400 audit(2000000000.580:9089): avc: denied { create } for pid=22589 comm="syz.1.6055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1776.311671][ T30] audit: type=1400 audit(2000000000.580:9090): avc: denied { read } for pid=22589 comm="syz.1.6055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1776.342446][T22601] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3f486145, utbl_chksum : 0xe619d30d) [ 1776.345115][ T30] audit: type=1400 audit(2000000000.580:9091): avc: denied { read write } for pid=22587 comm="syz.3.6056" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1776.391362][ T30] audit: type=1400 audit(2000000000.580:9092): avc: denied { open } for pid=22587 comm="syz.3.6056" path="/dev/loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1776.466831][T21254] usb 3-1: Using ep0 maxpacket: 16 [ 1776.616963][T17070] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1776.617080][T21254] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 1776.857015][T21254] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1776.866402][T21254] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1776.875267][T21254] usb 3-1: Product: syz [ 1776.880220][T21254] usb 3-1: Manufacturer: syz [ 1776.884935][T21254] usb 3-1: SerialNumber: syz [ 1776.895206][T21254] usb 3-1: config 0 descriptor?? [ 1776.936962][T17070] usb 4-1: Using ep0 maxpacket: 16 [ 1777.066992][T17070] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 1777.075379][T17070] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 1777.083512][T17070] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 1777.091903][T17070] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 1777.100003][T17070] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1777.108825][T17070] usb 4-1: config 0 has no interface number 0 [ 1777.114995][T17070] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1777.126329][T17070] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1777.136092][T17070] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1777.145963][T17070] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1777.158911][T17070] usb 4-1: config 0 interface 125 has no altsetting 0 [ 1777.165567][T17070] usb 4-1: config 0 interface 125 has no altsetting 2 [ 1777.402185][T22626] loop1: detected capacity change from 0 to 256 [ 1777.436958][T17070] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1777.446677][T17070] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1777.454804][T22626] exfat: Unknown parameter 'keep_last_dots' [ 1777.460828][T17070] usb 4-1: Product: syz [ 1777.465020][T17070] usb 4-1: Manufacturer: syz [ 1777.469558][T17070] usb 4-1: SerialNumber: syz [ 1777.475690][T17070] usb 4-1: config 0 descriptor?? [ 1777.519952][T22639] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6077'. [ 1777.730544][T18520] usb 4-1: USB disconnect, device number 18 [ 1777.790288][T22655] device veth0_vlan left promiscuous mode [ 1777.796185][T22655] device veth0_vlan entered promiscuous mode [ 1777.846978][ T519] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1778.086883][ T519] usb 5-1: Using ep0 maxpacket: 8 [ 1778.207129][ T519] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1778.217184][ T519] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1778.226019][ T519] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1778.240940][ T519] usb 5-1: config 0 descriptor?? [ 1778.259229][T22681] loop3: detected capacity change from 0 to 512 [ 1778.286871][T17070] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1778.291268][T22681] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 1778.316148][T22681] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 1778.327138][T22681] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002] [ 1778.335491][T22681] System zones: 0-2, 18-18, 34-34 [ 1778.345743][T22681] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1054: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 1778.360578][T22681] EXT4-fs (loop3): 1 truncate cleaned up [ 1778.366047][T22681] EXT4-fs (loop3): mounted filesystem without journal. Opts: nomblk_io_submit,quota,errors=remount-ro,grpquota,jqfmt=vfsv1,nogrpid,. Quota mode: writeback. [ 1778.386749][T22681] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.6094: corrupted xattr block 19 [ 1778.399690][T22681] EXT4-fs (loop3): Remounting filesystem read-only [ 1778.406048][T22681] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 1778.415225][T22681] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.6094: corrupted xattr block 19 [ 1778.427351][T22681] EXT4-fs (loop3): Remounting filesystem read-only [ 1778.433691][T22681] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 1778.442750][T22681] EXT4-fs error (device loop3): ext4_xattr_block_find:1857: inode #15: comm syz.3.6094: corrupted xattr block 19 [ 1778.454906][T22681] EXT4-fs (loop3): Remounting filesystem read-only [ 1778.567029][T17070] usb 1-1: Using ep0 maxpacket: 16 [ 1778.807069][T21254] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 1778.862994][ T572] usb 3-1: USB disconnect, device number 22 [ 1778.887593][T17070] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1778.896569][T17070] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1778.904716][T17070] usb 1-1: Product: syz [ 1778.909182][T17070] usb 1-1: Manufacturer: syz [ 1778.913601][T17070] usb 1-1: SerialNumber: syz [ 1778.922994][T17070] r8152-cfgselector 1-1: config 0 descriptor?? [ 1779.217355][T21254] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 1779.226624][T21254] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1779.251031][T21254] usb 2-1: config 0 descriptor?? [ 1779.407213][T17070] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1779.414620][T17070] r8152-cfgselector 1-1: bad CDC descriptors [ 1779.436967][T17070] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1779.452355][T17070] r8152-cfgselector 1-1: USB disconnect, device number 23 [ 1779.962408][T22739] input: syz1 as /devices/virtual/input/input17 [ 1779.976847][T21254] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1780.076861][ T26] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1780.226851][T21254] usb 4-1: Using ep0 maxpacket: 16 [ 1780.316903][ T26] usb 3-1: Using ep0 maxpacket: 16 [ 1780.366958][T21254] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 1780.436917][ T26] usb 3-1: config 0 has an invalid interface number: 80 but max is 0 [ 1780.444919][ T26] usb 3-1: config 0 has no interface number 0 [ 1780.450767][ T26] usb 3-1: config 0 interface 80 has no altsetting 0 [ 1780.556904][T21254] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1780.570411][T21254] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1780.587134][T21254] usb 4-1: Product: syz [ 1780.610293][T21254] usb 4-1: Manufacturer: syz [ 1780.615065][T21254] usb 4-1: SerialNumber: syz [ 1780.616953][ T26] usb 3-1: New USB device found, idVendor=090a, idProduct=1200, bcdDevice=60.fa [ 1780.620822][ T572] usb 5-1: USB disconnect, device number 33 [ 1780.638080][T21254] usb 4-1: config 0 descriptor?? [ 1780.650797][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1780.666808][ T26] usb 3-1: Product: syz [ 1780.671259][ T26] usb 3-1: Manufacturer: syz [ 1780.675802][ T26] usb 3-1: SerialNumber: syz [ 1780.692983][ T26] usb 3-1: config 0 descriptor?? [ 1780.698433][T22747] bridge0: port 1(bridge_slave_0) entered blocking state [ 1780.705429][T22747] bridge0: port 1(bridge_slave_0) entered disabled state [ 1780.720068][T22747] device bridge_slave_0 entered promiscuous mode [ 1780.733709][T22747] bridge0: port 2(bridge_slave_1) entered blocking state [ 1780.741275][ T26] usb-storage 3-1:0.80: USB Mass Storage device detected [ 1780.748968][T22747] bridge0: port 2(bridge_slave_1) entered disabled state [ 1780.756302][T22747] device bridge_slave_1 entered promiscuous mode [ 1780.834632][T22747] bridge0: port 2(bridge_slave_1) entered blocking state [ 1780.841509][T22747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1780.848621][T22747] bridge0: port 1(bridge_slave_0) entered blocking state [ 1780.855364][T22747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1780.876591][ T3805] bridge0: port 1(bridge_slave_0) entered disabled state [ 1780.883947][ T3805] bridge0: port 2(bridge_slave_1) entered disabled state [ 1780.892334][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1780.899888][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1780.909449][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1780.917622][T17159] bridge0: port 1(bridge_slave_0) entered blocking state [ 1780.924454][T17159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1780.933386][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1780.941940][T17159] bridge0: port 2(bridge_slave_1) entered blocking state [ 1780.942930][T18520] usb 3-1: USB disconnect, device number 23 [ 1780.948816][T17159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1780.972271][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1780.981619][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1780.999363][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1781.011591][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1781.019826][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1781.027565][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1781.037655][T22747] device veth0_vlan entered promiscuous mode [ 1781.049214][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1781.059701][T22747] device veth1_macvtap entered promiscuous mode [ 1781.069669][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1781.079935][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1781.116928][ T572] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1781.317532][ T3805] device bridge_slave_1 left promiscuous mode [ 1781.323549][ T3805] bridge0: port 2(bridge_slave_1) entered disabled state [ 1781.331220][ T3805] device bridge_slave_0 left promiscuous mode [ 1781.337244][ T3805] bridge0: port 1(bridge_slave_0) entered disabled state [ 1781.344764][ T3805] device veth0_vlan left promiscuous mode [ 1781.396862][ T572] usb 5-1: Using ep0 maxpacket: 16 [ 1781.406979][T17070] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1781.456538][T22766] input: syz1 as /devices/virtual/input/input18 [ 1781.504199][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 1781.504216][ T30] audit: type=1400 audit(2000000005.940:9128): avc: denied { create } for pid=22771 comm="syz.2.6129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 1781.510691][T22772] loop2: detected capacity change from 0 to 512 [ 1781.546899][ T572] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 1781.551376][T22772] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1781.567924][T12817] usb 2-1: USB disconnect, device number 21 [ 1781.582545][T22772] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.6129: invalid indirect mapped block 4294967295 (level 1) [ 1781.584269][ T30] audit: type=1400 audit(2000000006.020:9129): avc: denied { execute } for pid=22773 comm="syz.1.6130" path="/31/cgroup.stat" dev="tmpfs" ino=183 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1781.598426][T22772] EXT4-fs (loop2): Remounting filesystem read-only [ 1781.626157][T22772] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.6129: invalid indirect mapped block 4294967295 (level 1) [ 1781.640905][T22772] EXT4-fs (loop2): Remounting filesystem read-only [ 1781.647691][T22772] EXT4-fs (loop2): 2 truncates cleaned up [ 1781.656946][T22772] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,dioread_nolock,. Quota mode: writeback. [ 1781.676825][T17070] usb 1-1: Using ep0 maxpacket: 8 [ 1781.689708][ T30] audit: type=1400 audit(2000000006.130:9130): avc: denied { read } for pid=22781 comm="syz.1.6132" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1781.694529][T22782] binder: 22781:22782 ioctl c0306201 20000100 returned -14 [ 1781.713356][ T30] audit: type=1400 audit(2000000006.130:9131): avc: denied { open } for pid=22781 comm="syz.1.6132" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1781.743498][ T30] audit: type=1400 audit(2000000006.130:9132): avc: denied { ioctl } for pid=22781 comm="syz.1.6132" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1781.769228][ T30] audit: type=1400 audit(2000000006.150:9133): avc: denied { mounton } for pid=22771 comm="syz.2.6129" path="/28/file0/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1781.773285][T22251] EXT4-fs error (device loop2): ext4_lookup:1858: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 1781.804790][ T572] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1781.807198][T22251] EXT4-fs (loop2): Remounting filesystem read-only [ 1781.813852][ T572] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1781.820622][T22251] EXT4-fs error (device loop2): ext4_lookup:1858: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 1781.828989][ T572] usb 5-1: Product: syz [ 1781.844227][ T572] usb 5-1: Manufacturer: syz [ 1781.848806][T17070] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1781.857917][ T572] usb 5-1: SerialNumber: syz [ 1781.857929][T22251] EXT4-fs (loop2): Remounting filesystem read-only [ 1781.869957][ T572] usb 5-1: config 0 descriptor?? [ 1781.988881][ T572] usb 4-1: USB disconnect, device number 19 [ 1782.028587][T22788] loop3: detected capacity change from 0 to 512 [ 1782.067075][T17070] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1782.076440][T17070] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1782.084423][T17070] usb 1-1: Product: syz [ 1782.088512][T17070] usb 1-1: Manufacturer: syz [ 1782.092975][T17070] usb 1-1: SerialNumber: syz [ 1782.118841][T22788] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1782.129838][T22788] ext4 filesystem being mounted at /586/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1782.130399][T22789] bridge0: port 1(bridge_slave_0) entered blocking state [ 1782.149690][T22788] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.6137: bg 0: block 18: invalid block bitmap [ 1782.150610][T22789] bridge0: port 1(bridge_slave_0) entered disabled state [ 1782.169378][T12817] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1782.174608][T22789] device bridge_slave_0 entered promiscuous mode [ 1782.183843][T22789] bridge0: port 2(bridge_slave_1) entered blocking state [ 1782.190854][T22789] bridge0: port 2(bridge_slave_1) entered disabled state [ 1782.198122][T22789] device bridge_slave_1 entered promiscuous mode [ 1782.258309][T22789] bridge0: port 2(bridge_slave_1) entered blocking state [ 1782.265158][T22789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1782.272316][T22789] bridge0: port 1(bridge_slave_0) entered blocking state [ 1782.279169][T22789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1782.295680][ T30] audit: type=1400 audit(2000000006.730:9134): avc: denied { setopt } for pid=22796 comm="syz.3.6138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1782.328961][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1782.332740][ T30] audit: type=1400 audit(2000000006.760:9135): avc: denied { create } for pid=22798 comm="syz.3.6139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1782.356290][ T3805] bridge0: port 1(bridge_slave_0) entered disabled state [ 1782.364063][ T3805] bridge0: port 2(bridge_slave_1) entered disabled state [ 1782.389848][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1782.398598][ T3805] bridge0: port 1(bridge_slave_0) entered blocking state [ 1782.405473][ T3805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1782.413779][ T3805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1782.422426][ T3805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1782.429338][ T3805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1782.440793][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1782.448877][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1782.465514][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1782.477855][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1782.485808][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1782.493538][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1782.504509][T22789] device veth0_vlan entered promiscuous mode [ 1782.516176][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1782.525512][T22789] device veth1_macvtap entered promiscuous mode [ 1782.527100][T12817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1782.542575][T12817] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1782.544486][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1782.552598][T12817] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1782.561877][ T463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1782.569953][T12817] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1782.585257][T17159] device bridge_slave_1 left promiscuous mode [ 1782.585820][T12817] usb 2-1: config 0 descriptor?? [ 1782.591658][T17159] bridge0: port 2(bridge_slave_1) entered disabled state [ 1782.603733][T17159] device bridge_slave_0 left promiscuous mode [ 1782.609818][T17159] bridge0: port 1(bridge_slave_0) entered disabled state [ 1782.618164][T17159] device veth1_macvtap left promiscuous mode [ 1782.624060][T17159] device veth0_vlan left promiscuous mode [ 1782.720793][T22808] loop5: detected capacity change from 0 to 1024 [ 1782.737060][ T26] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1782.818354][T22808] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1782.828932][T22808] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1782.842055][ T30] audit: type=1400 audit(2000000007.280:9136): avc: denied { read write } for pid=22807 comm="syz.5.6136" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1782.866051][ T30] audit: type=1400 audit(2000000007.280:9137): avc: denied { open } for pid=22807 comm="syz.5.6136" path="/0/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1783.006944][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 1783.047802][T12817] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor [ 1783.057532][T12817] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.000F/input/input19 [ 1783.137384][ T26] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1783.140900][T12817] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 1783.148351][ T26] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1783.170071][ T26] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1783.176737][ T26] usb 4-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00 [ 1783.185812][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1783.201178][ T519] usb 5-1: USB disconnect, device number 34 [ 1783.207078][T18520] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1783.221887][ T26] usb 4-1: config 0 descriptor?? [ 1783.239244][T22820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6146'. [ 1783.259635][T22820] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22820 comm=syz.4.6146 [ 1783.263972][T18227] usb 2-1: USB disconnect, device number 22 [ 1783.346050][T22824] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6147'. [ 1783.456891][T18520] usb 6-1: Using ep0 maxpacket: 32 [ 1783.586969][T18520] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1783.597741][T18520] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1783.607403][T18520] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1783.616285][T18520] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1783.624939][T18520] usb 6-1: config 0 descriptor?? [ 1783.708775][ T26] hid-generic 0003:0458:500F.0010: hidraw0: USB HID vff.fd Device [HID 0458:500f] on usb-dummy_hcd.3-1/input0 [ 1783.909409][T12817] usb 4-1: USB disconnect, device number 20 [ 1784.099491][T18520] savu 0003:1E7D:2D5A.0011: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 1784.129919][T18520] usb 1-1: USB disconnect, device number 24 [ 1784.145341][T22838] loop4: detected capacity change from 0 to 128 [ 1784.164187][T22838] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1784.174829][ T26] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1784.177715][T22838] ext4 filesystem being mounted at /82/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1784.200353][T22838] EXT4-fs warning (device loop4): __ext4_ioctl:881: Setting inode version is not supported with metadata_csum enabled. [ 1784.368094][ T519] usb 6-1: USB disconnect, device number 2 [ 1784.426888][ T26] usb 2-1: Using ep0 maxpacket: 8 [ 1784.518326][T22858] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1784.546911][T18520] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1784.556987][ T26] usb 2-1: config 2 has an invalid interface number: 169 but max is 0 [ 1784.570704][ T26] usb 2-1: config 2 has no interface number 0 [ 1784.576631][ T26] usb 2-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92 [ 1784.585792][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1784.686850][ T572] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 1784.786850][T18520] usb 1-1: Using ep0 maxpacket: 16 [ 1784.839950][T17070] usb 2-1: USB disconnect, device number 23 [ 1784.906970][T18520] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1784.916617][T18520] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 1784.925686][T18520] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1784.926845][ T572] usb 5-1: Using ep0 maxpacket: 8 [ 1784.935372][T18520] usb 1-1: config 0 descriptor?? [ 1785.146849][T12817] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 1785.216896][ T572] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1785.225881][ T572] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1785.233744][ T572] usb 5-1: Product: syz [ 1785.237810][ T572] usb 5-1: Manufacturer: syz [ 1785.242180][ T572] usb 5-1: SerialNumber: syz [ 1785.247461][ T572] usb 5-1: config 0 descriptor?? [ 1785.419352][T18520] hid-multitouch 0003:1FD2:6007.0012: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 1785.536916][T12817] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1785.547547][T12817] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1785.624535][T21254] usb 1-1: USB disconnect, device number 25 [ 1785.677217][T22887] bridge0: port 1(bridge_slave_0) entered blocking state [ 1785.684197][T22887] bridge0: port 1(bridge_slave_0) entered disabled state [ 1785.692048][T22887] device bridge_slave_0 entered promiscuous mode [ 1785.699958][T22887] bridge0: port 2(bridge_slave_1) entered blocking state [ 1785.707051][T22887] bridge0: port 2(bridge_slave_1) entered disabled state [ 1785.714507][T22887] device bridge_slave_1 entered promiscuous mode [ 1785.720935][T12817] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1785.734533][T12817] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1785.750716][T12817] usb 6-1: Product: syz [ 1785.757181][T12817] usb 6-1: Manufacturer: syz [ 1785.770453][T12817] usb 6-1: SerialNumber: syz [ 1785.789339][T22896] usb usb8: usbfs: process 22896 (syz.1.6175) did not claim interface 0 before use [ 1785.852058][T22887] bridge0: port 2(bridge_slave_1) entered blocking state [ 1785.858953][T22887] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1785.866080][T22887] bridge0: port 1(bridge_slave_0) entered blocking state [ 1785.872968][T22887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1785.906559][T17159] bridge0: port 1(bridge_slave_0) entered disabled state [ 1785.914606][T17159] bridge0: port 2(bridge_slave_1) entered disabled state [ 1785.922460][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1785.930842][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1785.950161][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1785.958616][T17159] bridge0: port 1(bridge_slave_0) entered blocking state [ 1785.965477][T17159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1785.973259][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1785.982633][T17159] bridge0: port 2(bridge_slave_1) entered blocking state [ 1785.989543][T17159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1786.009217][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1786.018878][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1786.033418][T22887] device veth0_vlan entered promiscuous mode [ 1786.042655][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1786.051428][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1786.060311][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1786.068364][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1786.084968][T22887] device veth1_macvtap entered promiscuous mode [ 1786.092306][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1786.106981][T12817] usb 6-1: 0:2 : does not exist [ 1786.120887][T12817] usb 6-1: USB disconnect, device number 3 [ 1786.121101][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1786.137948][T17159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1786.189857][T22911] loop1: detected capacity change from 0 to 128 [ 1786.215496][T22918] loop0: detected capacity change from 0 to 512 [ 1786.260536][T22911] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 1786.268237][T22911] FAT-fs (loop1): Filesystem has been set read-only [ 1786.288651][T22918] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 1786.303348][T22918] EXT4-fs (loop0): mounted filesystem without journal. Opts: stripe=0x0000000000000010,stripe=0x0000000000000004,dioread_nolock,mblk_io_submit,discard,nogrpid,,errors=continue. Quota mode: none. [ 1786.325900][T22918] fs-verity: sha512 using implementation "sha512-avx2" [ 1786.332931][T22918] EXT4-fs warning (device loop0): ext4_begin_enable_verity:136: inode #13: comm syz.0.6182: verity is only allowed on extent-based files [ 1786.348419][T15170] udevd[15170]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1786.367839][ T3892] device bridge_slave_1 left promiscuous mode [ 1786.373788][ T3892] bridge0: port 2(bridge_slave_1) entered disabled state [ 1786.381366][ T3892] device bridge_slave_0 left promiscuous mode [ 1786.387360][ T3892] bridge0: port 1(bridge_slave_0) entered disabled state [ 1786.506932][T21254] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1786.565996][ T519] usb 5-1: USB disconnect, device number 35 [ 1786.577235][ T572] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1786.583550][T22931] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 1786.597910][T22933] loop5: detected capacity change from 0 to 256 [ 1786.608448][T22933] exfat: Deprecated parameter 'namecase' [ 1786.625913][T22933] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 1786.647908][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 1786.647926][ T30] audit: type=1400 audit(2000000011.090:9145): avc: denied { write } for pid=22932 comm="syz.5.6188" name="/" dev="loop5" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1786.653393][T22933] exFAT-fs (loop5): hint_cluster is invalid (1) [ 1786.653814][ T30] audit: type=1400 audit(2000000011.090:9146): avc: denied { add_name } for pid=22932 comm="syz.5.6188" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1786.676311][T22933] exFAT-fs (loop5): error, invalid access to exfat cache (entry 0x00000000) [ 1786.682141][ T30] audit: type=1400 audit(2000000011.090:9147): avc: denied { associate } for pid=22932 comm="syz.5.6188" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1786.702687][T18520] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 1786.739129][ T30] audit: type=1400 audit(2000000011.090:9148): avc: denied { read write } for pid=22932 comm="syz.5.6188" name="file1" dev="loop5" ino=1049029 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1786.746095][T22933] exFAT-fs (loop5): error, failed to bmap (inode : ffff88812849dab0 iblock : 9, err : -5) [ 1786.765086][ T30] audit: type=1400 audit(2000000011.090:9149): avc: denied { open } for pid=22932 comm="syz.5.6188" path="/5/file0/file1" dev="loop5" ino=1049029 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1786.795712][T22933] attempt to access beyond end of device [ 1786.795712][T22933] loop5: rw=2049, want=34359738496, limit=256 [ 1786.807761][T21254] usb 4-1: device descriptor read/64, error -71 [ 1786.866829][ T572] usb 2-1: Using ep0 maxpacket: 8 [ 1786.937461][T22941] loop4: detected capacity change from 0 to 40427 [ 1787.027495][T22941] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 1787.035146][T22941] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1787.044167][T22941] F2FS-fs (loop4): invalid crc value [ 1787.051037][T22941] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1787.082930][T22941] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1787.089995][T22941] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1787.112450][T17159] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1787.121620][T17159] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1787.136909][T18520] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1787.147781][T18520] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1787.157411][T18520] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1787.170229][T18520] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1787.177056][ T572] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1787.179158][T18520] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1787.188375][T10856] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1787.203729][T21254] usb 4-1: device descriptor read/64, error -71 [ 1787.210124][ T572] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1787.210588][T18520] usb 1-1: config 0 descriptor?? [ 1787.218189][ T572] usb 2-1: Product: syz [ 1787.227004][ T572] usb 2-1: Manufacturer: syz [ 1787.231426][ T572] usb 2-1: SerialNumber: syz [ 1787.236585][ T572] usb 2-1: config 0 descriptor?? [ 1787.325869][T22953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6196'. [ 1787.339192][T22953] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22953 comm=syz.4.6196 [ 1787.352747][ T30] audit: type=1400 audit(2000000011.790:9150): avc: denied { connect } for pid=22952 comm="syz.4.6196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1787.476888][T10856] usb 6-1: Using ep0 maxpacket: 8 [ 1787.496921][T21254] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1787.596972][T10856] usb 6-1: config 0 has an invalid interface number: 31 but max is 0 [ 1787.604876][T10856] usb 6-1: config 0 has no interface number 0 [ 1787.686978][ T26] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 1787.707814][T18520] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 1787.715286][T18520] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 1787.724547][T18520] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1787.777075][T21254] usb 4-1: device descriptor read/64, error -71 [ 1787.783707][T10856] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1787.792775][T10856] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1787.800615][T10856] usb 6-1: Product: syz [ 1787.804585][T10856] usb 6-1: Manufacturer: syz [ 1787.809061][T10856] usb 6-1: SerialNumber: syz [ 1787.815139][T10856] usb 6-1: config 0 descriptor?? [ 1787.936878][ T26] usb 5-1: Using ep0 maxpacket: 32 [ 1788.056909][ T26] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 1788.065028][ T26] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1788.076040][ T26] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1788.077054][T10856] usb 6-1: Found UVC 0.04 device syz (046d:08c3) [ 1788.087466][ T26] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 1788.093906][T10856] usb 6-1: No valid video chain found. [ 1788.103319][ T26] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1788.121356][ T26] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1788.177377][T21254] usb 4-1: device descriptor read/64, error -71 [ 1788.286924][ T26] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1788.292740][T10856] usb 6-1: USB disconnect, device number 4 [ 1788.295855][ T26] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1788.301717][T21254] usb usb4-port1: attempt power cycle [ 1788.310194][ T26] usb 5-1: Product: syz [ 1788.318934][ T26] usb 5-1: Manufacturer: syz [ 1788.323330][ T26] usb 5-1: SerialNumber: syz [ 1788.328790][ T26] usb 5-1: config 0 descriptor?? [ 1788.555966][ T26] usb 2-1: USB disconnect, device number 24 [ 1788.726968][T21254] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1788.906891][T21254] usb 4-1: device descriptor read/8, error -71 [ 1788.922035][T22981] loop5: detected capacity change from 0 to 40427 [ 1789.007461][T22981] F2FS-fs (loop5): fault_injection options not supported [ 1789.015721][T22981] F2FS-fs (loop5): invalid crc value [ 1789.022304][T22981] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1789.054620][T22981] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1789.077450][T22789] attempt to access beyond end of device [ 1789.077450][T22789] loop5: rw=2049, want=45104, limit=40427 [ 1789.210436][T22989] loop5: detected capacity change from 0 to 512 [ 1789.234170][ T30] audit: type=1400 audit(2000000013.670:9151): avc: denied { map } for pid=22990 comm="syz.3.6209" path="socket:[79831]" dev="sockfs" ino=79831 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 1789.257337][T21254] usb 4-1: device descriptor read/8, error -71 [ 1789.268872][ T30] audit: type=1400 audit(2000000013.710:9152): avc: denied { setopt } for pid=22992 comm="syz.3.6210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1789.289118][ T30] audit: type=1400 audit(2000000013.730:9153): avc: denied { write } for pid=22992 comm="syz.3.6210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1789.318109][T22989] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 1789.325977][T22989] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e028, mo2=0002] [ 1789.336265][T22989] System zones: 0-1, 15-15, 18-18, 34-34 [ 1789.342888][T22989] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1789.351784][T22989] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=0 [ 1789.361457][T22989] EXT4-fs warning (device loop5): ext4_enable_quotas:6423: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1789.376451][T22989] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 1789.383405][T22989] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.6208: bad orphan inode 16 [ 1789.393572][T22989] EXT4-fs (loop5): Remounting filesystem read-only [ 1789.399976][T22989] ext4_test_bit(bit=15, block=18) = 1 [ 1789.407471][T22989] is_bad_inode(inode)=0 [ 1789.411610][T22989] NEXT_ORPHAN(inode)=0 [ 1789.416404][T22989] max_ino=32 [ 1789.419697][T22989] i_nlink=2 [ 1789.422709][T22989] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,auto_da_alloc=0x0000000000000007,. Quota mode: writeback. [ 1789.444569][T22989] fscrypt (loop5, inode 16): Error -61 getting encryption context [ 1789.566062][T23020] device vlan2 entered promiscuous mode [ 1789.620820][T23028] loop0: detected capacity change from 0 to 2048 [ 1789.688744][T23028] EXT4-fs (loop0): mounted filesystem without journal. Opts: acl,,errors=continue. Quota mode: none. [ 1789.896888][ T26] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1789.927412][ T331] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 1789.968246][T18520] usb 1-1: USB disconnect, device number 26 [ 1790.066971][T21254] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1790.136914][ T26] usb 6-1: Using ep0 maxpacket: 32 [ 1790.256899][ T26] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1790.265890][ T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1790.276740][ T26] usb 6-1: config 0 descriptor?? [ 1790.287756][T21254] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1790.298615][T21254] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1790.309724][T21254] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1790.339106][T21254] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1790.352317][ T331] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1790.397211][ T331] usb 2-1: not running at top speed; connect to a high speed hub [ 1790.465083][T23026] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1790.479839][T23026] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 1790.491876][T23026] EXT4-fs (loop0): This should not happen!! Data will be lost [ 1790.491876][T23026] [ 1790.501361][T23026] EXT4-fs (loop0): Total free blocks count 0 [ 1790.507323][T23026] EXT4-fs (loop0): Free/Dirty block details [ 1790.513080][T23026] EXT4-fs (loop0): free_blocks=2415919104 [ 1790.518656][T23026] EXT4-fs (loop0): dirty_blocks=16 [ 1790.523578][T23026] EXT4-fs (loop0): Block reservation details [ 1790.529416][T23026] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 1790.545323][T18520] usb 5-1: USB disconnect, device number 36 [ 1790.600987][T23048] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6233'. [ 1790.642313][T21254] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1790.651503][T21254] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1790.659789][T21254] usb 4-1: Manufacturer: syz [ 1790.665331][T21254] usb 4-1: config 0 descriptor?? [ 1790.696916][ T331] usb 2-1: config 4 has an invalid interface number: 244 but max is 0 [ 1790.708309][ T331] usb 2-1: config 4 has no interface number 0 [ 1790.714424][ T331] usb 2-1: config 4 interface 244 has no altsetting 0 [ 1790.896889][ T331] usb 2-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice=9b.5e [ 1790.905759][ T331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1790.913858][ T331] usb 2-1: Product: syz [ 1790.918022][ T331] usb 2-1: Manufacturer: syz [ 1790.922805][ T331] usb 2-1: SerialNumber: syz [ 1791.147738][T21254] appleir 0003:05AC:8243.0014: unknown main item tag 0x0 [ 1791.154836][T21254] appleir 0003:05AC:8243.0014: No inputs registered, leaving [ 1791.163844][T21254] appleir 0003:05AC:8243.0014: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 1791.247253][ T331] usbhid 2-1:4.244: couldn't find an input interrupt endpoint [ 1791.257759][ T331] usb 2-1: USB disconnect, device number 25 [ 1791.596015][T23067] loop4: detected capacity change from 0 to 256 [ 1791.612562][T23067] exfat: Deprecated parameter 'namecase' [ 1791.618177][T23067] exfat: Deprecated parameter 'utf8' [ 1791.623219][T23071] loop0: detected capacity change from 0 to 1024 [ 1791.623466][T23067] exfat: Deprecated parameter 'namecase' [ 1791.635258][T23067] exfat: Deprecated parameter 'utf8' [ 1791.650543][T23067] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 1791.698569][T23071] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1791.718609][T23071] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 1791.733911][T23071] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 27 with max blocks 1 with error 28 [ 1791.746743][T23071] EXT4-fs (loop0): This should not happen!! Data will be lost [ 1791.746743][T23071] [ 1791.757217][T23071] EXT4-fs (loop0): Total free blocks count 0 [ 1791.763149][T23071] EXT4-fs (loop0): Free/Dirty block details [ 1791.769015][T23071] EXT4-fs (loop0): free_blocks=68451041280 [ 1791.774759][T23071] EXT4-fs (loop0): dirty_blocks=32 [ 1791.779849][T23071] EXT4-fs (loop0): Block reservation details [ 1791.785713][T23071] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 1791.802340][T23071] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 1791.814720][T23071] EXT4-fs (loop0): This should not happen!! Data will be lost [ 1791.814720][T23071] [ 1791.834274][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1791.834292][ T30] audit: type=1400 audit(2000000016.270:9159): avc: denied { ioctl } for pid=23070 comm="syz.0.6242" path="/11/file1/blkio.bfq.idle_time" dev="loop0" ino=18 ioctlcmd=0x587d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1792.169414][T23092] loop0: detected capacity change from 0 to 256 [ 1792.253177][T23092] FAT-fs (loop0): Directory bread(block 64) failed [ 1792.259677][T23092] FAT-fs (loop0): Directory bread(block 65) failed [ 1792.266125][T23092] FAT-fs (loop0): Directory bread(block 66) failed [ 1792.272572][T23092] FAT-fs (loop0): Directory bread(block 67) failed [ 1792.278995][T23092] FAT-fs (loop0): Directory bread(block 68) failed [ 1792.285288][T23092] FAT-fs (loop0): Directory bread(block 69) failed [ 1792.291649][T23092] FAT-fs (loop0): Directory bread(block 70) failed [ 1792.297944][T23092] FAT-fs (loop0): Directory bread(block 71) failed [ 1792.304303][T23092] FAT-fs (loop0): Directory bread(block 72) failed [ 1792.306842][ T331] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 1792.310654][T23092] FAT-fs (loop0): Directory bread(block 73) failed [ 1792.551213][T23096] xt_socket: unknown flags 0x8 [ 1792.717578][T21254] usb 6-1: USB disconnect, device number 5 [ 1792.943116][ T331] usb 2-1: config 0 has an invalid interface number: 223 but max is 0 [ 1792.984755][ T331] usb 2-1: config 0 has no interface number 0 [ 1793.437461][T23100] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1793.446049][T23100] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1793.565455][T23109] capability: warning: `syz.3.6253' uses deprecated v2 capabilities in a way that may be insecure [ 1793.668506][T23121] loop5: detected capacity change from 0 to 1024 [ 1793.687013][ T331] usb 2-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice=70.28 [ 1793.691983][T23121] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,resgid=0x0000000000000000,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 1793.698058][ T331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1793.735770][ T331] usb 2-1: Product: syz [ 1793.739979][ T331] usb 2-1: Manufacturer: syz [ 1793.744554][ T331] usb 2-1: SerialNumber: syz [ 1793.754030][ T331] usb 2-1: config 0 descriptor?? [ 1793.799097][ T331] usbhid 2-1:0.223: couldn't find an input interrupt endpoint [ 1793.837293][T18520] usb 4-1: USB disconnect, device number 24 [ 1794.154845][ T30] audit: type=1400 audit(2000000018.590:9160): avc: denied { create } for pid=23124 comm="syz.3.6262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1794.174567][ T26] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1794.340075][T18520] usb 2-1: USB disconnect, device number 26 [ 1794.522264][T23136] netlink: 30 bytes leftover after parsing attributes in process `syz.0.6264'. [ 1794.640563][ T30] audit: type=1400 audit(2000000019.080:9161): avc: denied { connect } for pid=23141 comm="syz.5.6266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1794.758858][ T30] audit: type=1400 audit(2000000019.200:9162): avc: denied { read } for pid=23148 comm="syz.3.6270" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1794.822001][ T26] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1794.840060][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1794.885782][ T26] usb 5-1: Product: syz [ 1794.908980][ T26] usb 5-1: Manufacturer: syz [ 1794.925199][ T30] audit: type=1400 audit(2000000019.200:9163): avc: denied { open } for pid=23148 comm="syz.3.6270" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1794.960595][ T26] usb 5-1: SerialNumber: syz [ 1794.977912][ T26] usb 5-1: config 0 descriptor?? [ 1795.062034][ T26] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1795.518336][T23165] loop1: detected capacity change from 0 to 2048 [ 1795.582579][T23165] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,grpid,,errors=continue. Quota mode: none. [ 1795.636220][T23165] ================================================================== [ 1795.644202][T23165] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0xb9d/0x3430 [ 1795.652182][T23165] Read of size 8 at addr ffff88810a7847c0 by task syz.1.6275/23165 [ 1795.659914][T23165] [ 1795.662078][T23165] CPU: 1 PID: 23165 Comm: syz.1.6275 Not tainted 5.15.176-syzkaller-00972-g829d9f138569 #0 [ 1795.671889][T23165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1795.681783][T23165] Call Trace: [ 1795.684906][T23165] [ 1795.687684][T23165] dump_stack_lvl+0x151/0x1c0 [ 1795.692198][T23165] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1795.697666][T23165] ? panic+0x760/0x760 [ 1795.701574][T23165] print_address_description+0x87/0x3b0 [ 1795.706953][T23165] kasan_report+0x179/0x1c0 [ 1795.711288][T23165] ? tc_setup_flow_action+0xb9d/0x3430 [ 1795.716589][T23165] ? tc_setup_flow_action+0xb9d/0x3430 [ 1795.721880][T23165] __asan_report_load8_noabort+0x14/0x20 [ 1795.727348][T23165] tc_setup_flow_action+0xb9d/0x3430 [ 1795.732474][T23165] mall_replace_hw_filter+0x394/0xc20 [ 1795.737676][T23165] ? mall_set_parms+0x4b0/0x4b0 [ 1795.742361][T23165] ? tcf_exts_destroy+0xb0/0xb0 [ 1795.747045][T23165] ? pcpu_memcg_post_alloc_hook+0x1b1/0x260 [ 1795.752777][T23165] ? pcpu_alloc+0xda0/0x13e0 [ 1795.757204][T23165] ? mall_set_parms+0x1c3/0x4b0 [ 1795.761890][T23165] mall_change+0x56e/0x780 [ 1795.766146][T23165] ? mall_get+0xb0/0xb0 [ 1795.770132][T23165] ? tcf_chain_tp_insert_unique+0xa90/0xbb0 [ 1795.775863][T23165] ? nla_strcmp+0xed/0x120 [ 1795.780114][T23165] ? mall_get+0xb0/0xb0 [ 1795.784105][T23165] tc_new_tfilter+0x151a/0x1c00 [ 1795.788800][T23165] ? tcf_gate_entry_destructor+0x20/0x20 [ 1795.794268][T23165] ? security_capable+0x87/0xb0 [ 1795.798951][T23165] ? ns_capable+0x89/0xe0 [ 1795.803117][T23165] ? netlink_net_capable+0x125/0x160 [ 1795.808234][T23165] ? tcf_gate_entry_destructor+0x20/0x20 [ 1795.813705][T23165] rtnetlink_rcv_msg+0x776/0xc40 [ 1795.818482][T23165] ? rtnetlink_bind+0x80/0x80 [ 1795.822989][T23165] ? stack_trace_save+0x1c0/0x1c0 [ 1795.827852][T23165] ? __kernel_text_address+0x9b/0x110 [ 1795.833059][T23165] ? unwind_get_return_address+0x4d/0x90 [ 1795.838525][T23165] ? avc_has_perm_noaudit+0x348/0x430 [ 1795.843744][T23165] ? memcpy+0x56/0x70 [ 1795.847556][T23165] ? avc_has_perm_noaudit+0x2dd/0x430 [ 1795.852773][T23165] ? avc_denied+0x1b0/0x1b0 [ 1795.857103][T23165] ? avc_has_perm+0x16f/0x260 [ 1795.861614][T23165] ? ____kasan_kmalloc+0xed/0x110 [ 1795.866477][T23165] ? avc_has_perm_noaudit+0x430/0x430 [ 1795.871681][T23165] ? x64_sys_call+0x16a/0x9a0 [ 1795.876205][T23165] netlink_rcv_skb+0x1cf/0x410 [ 1795.880798][T23165] ? rtnetlink_bind+0x80/0x80 [ 1795.885308][T23165] ? netlink_ack+0xb10/0xb10 [ 1795.889744][T23165] ? __netlink_lookup+0x37b/0x3a0 [ 1795.894598][T23165] rtnetlink_rcv+0x1c/0x20 [ 1795.898869][T23165] netlink_unicast+0x8df/0xac0 [ 1795.903557][T23165] ? netlink_detachskb+0x90/0x90 [ 1795.908311][T23165] ? security_netlink_send+0x7b/0xa0 [ 1795.913429][T23165] netlink_sendmsg+0xa0a/0xd20 [ 1795.918032][T23165] ? netlink_getsockopt+0x560/0x560 [ 1795.923067][T23165] ? security_socket_sendmsg+0x82/0xb0 [ 1795.928356][T23165] ? netlink_getsockopt+0x560/0x560 [ 1795.933389][T23165] ____sys_sendmsg+0x59e/0x8f0 [ 1795.937995][T23165] ? __sys_sendmsg_sock+0x40/0x40 [ 1795.942854][T23165] ? import_iovec+0xe5/0x120 [ 1795.947281][T23165] ___sys_sendmsg+0x252/0x2e0 [ 1795.951801][T23165] ? __sys_sendmsg+0x260/0x260 [ 1795.956397][T23165] ? check_stack_object+0xf4/0x130 [ 1795.961344][T23165] ? __fdget+0x1bc/0x240 [ 1795.965422][T23165] __se_sys_sendmsg+0x19a/0x260 [ 1795.970129][T23165] ? __x64_sys_sendmsg+0x90/0x90 [ 1795.974883][T23165] ? __kasan_check_write+0x14/0x20 [ 1795.979824][T23165] ? switch_fpu_return+0x15f/0x2e0 [ 1795.984773][T23165] __x64_sys_sendmsg+0x7b/0x90 [ 1795.989374][T23165] x64_sys_call+0x16a/0x9a0 [ 1795.993712][T23165] do_syscall_64+0x3b/0xb0 [ 1795.997967][T23165] ? clear_bhb_loop+0x35/0x90 [ 1796.002480][T23165] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1796.008217][T23165] RIP: 0033:0x7f4434eebd29 [ 1796.012459][T23165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1796.031902][T23165] RSP: 002b:00007f443355d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1796.040148][T23165] RAX: ffffffffffffffda RBX: 00007f44350dbfa0 RCX: 00007f4434eebd29 [ 1796.047969][T23165] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000005 [ 1796.055769][T23165] RBP: 00007f4434f67b08 R08: 0000000000000000 R09: 0000000000000000 [ 1796.063580][T23165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1796.071391][T23165] R13: 0000000000000000 R14: 00007f44350dbfa0 R15: 00007ffdc247df78 [ 1796.079211][T23165] [ 1796.082067][T23165] [ 1796.084238][T23165] Allocated by task 23165: [ 1796.088492][T23165] ____kasan_kmalloc+0xdb/0x110 [ 1796.093263][T23165] __kasan_kmalloc+0x9/0x10 [ 1796.097602][T23165] __kmalloc+0x13f/0x2c0 [ 1796.101687][T23165] tcf_idr_create+0x5f/0x780 [ 1796.106112][T23165] tcf_idr_create_from_flags+0x5f/0x70 [ 1796.111403][T23165] tcf_gact_init+0x3cd/0x6e0 [ 1796.115833][T23165] tcf_action_init_1+0x50f/0x7f0 [ 1796.120604][T23165] tcf_action_init+0x306/0x840 [ 1796.125206][T23165] tcf_exts_validate+0x236/0x520 [ 1796.129975][T23165] mall_set_parms+0x44/0x4b0 [ 1796.134403][T23165] mall_change+0x495/0x780 [ 1796.138657][T23165] tc_new_tfilter+0x151a/0x1c00 [ 1796.143345][T23165] rtnetlink_rcv_msg+0x776/0xc40 [ 1796.148115][T23165] netlink_rcv_skb+0x1cf/0x410 [ 1796.152716][T23165] rtnetlink_rcv+0x1c/0x20 [ 1796.156969][T23165] netlink_unicast+0x8df/0xac0 [ 1796.161572][T23165] netlink_sendmsg+0xa0a/0xd20 [ 1796.166168][T23165] ____sys_sendmsg+0x59e/0x8f0 [ 1796.170772][T23165] ___sys_sendmsg+0x252/0x2e0 [ 1796.175285][T23165] __se_sys_sendmsg+0x19a/0x260 [ 1796.179969][T23165] __x64_sys_sendmsg+0x7b/0x90 [ 1796.184568][T23165] x64_sys_call+0x16a/0x9a0 [ 1796.188911][T23165] do_syscall_64+0x3b/0xb0 [ 1796.193164][T23165] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1796.198890][T23165] [ 1796.201061][T23165] Last potentially related work creation: [ 1796.206617][T23165] kasan_save_stack+0x3b/0x60 [ 1796.211127][T23165] __kasan_record_aux_stack+0xd3/0xf0 [ 1796.216340][T23165] kasan_record_aux_stack_noalloc+0xb/0x10 [ 1796.221976][T23165] kvfree_call_rcu+0xb1/0x8b0 [ 1796.226491][T23165] fib_rule_put+0x5c/0xa0 [ 1796.230657][T23165] fib_nl_delrule+0x1c98/0x1e90 [ 1796.235346][T23165] rtnetlink_rcv_msg+0x951/0xc40 [ 1796.240116][T23165] netlink_rcv_skb+0x1cf/0x410 [ 1796.244716][T23165] rtnetlink_rcv+0x1c/0x20 [ 1796.248969][T23165] netlink_unicast+0x8df/0xac0 [ 1796.253569][T23165] netlink_sendmsg+0xa0a/0xd20 [ 1796.258170][T23165] ____sys_sendmsg+0x59e/0x8f0 [ 1796.262779][T23165] ___sys_sendmsg+0x252/0x2e0 [ 1796.267287][T23165] __se_sys_sendmsg+0x19a/0x260 [ 1796.271974][T23165] __x64_sys_sendmsg+0x7b/0x90 [ 1796.276571][T23165] x64_sys_call+0x16a/0x9a0 [ 1796.280910][T23165] do_syscall_64+0x3b/0xb0 [ 1796.285174][T23165] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1796.290896][T23165] [ 1796.293066][T23165] The buggy address belongs to the object at ffff88810a784700 [ 1796.293066][T23165] which belongs to the cache kmalloc-192 of size 192 [ 1796.306955][T23165] The buggy address is located 0 bytes to the right of [ 1796.306955][T23165] 192-byte region [ffff88810a784700, ffff88810a7847c0) [ 1796.320406][T23165] The buggy address belongs to the page: [ 1796.325872][T23165] page:ffffea000429e100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a784 [ 1796.335941][T23165] flags: 0x4000000000000200(slab|zone=1) [ 1796.341426][T23165] raw: 4000000000000200 ffffea0004177300 0000000300000003 ffff888100042c00 [ 1796.349835][T23165] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 1796.358243][T23165] page dumped because: kasan: bad access detected [ 1796.364505][T23165] page_owner tracks the page as allocated [ 1796.370054][T23165] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 660, ts 43823787467, free_ts 42269396140 [ 1796.385761][T23165] post_alloc_hook+0x1a3/0x1b0 [ 1796.390367][T23165] prep_new_page+0x1b/0x110 [ 1796.394703][T23165] get_page_from_freelist+0x3550/0x35d0 [ 1796.400077][T23165] __alloc_pages+0x27e/0x8f0 [ 1796.404504][T23165] new_slab+0x9a/0x4e0 [ 1796.408409][T23165] ___slab_alloc+0x39e/0x830 [ 1796.412837][T23165] __slab_alloc+0x4a/0x90 [ 1796.417002][T23165] kmem_cache_alloc_trace+0x147/0x270 [ 1796.422210][T23165] exfat_get_dentry_set+0x175/0x13a0 [ 1796.427330][T23165] __exfat_write_inode+0x215/0x6e0 [ 1796.432281][T23165] exfat_write_inode+0xae/0x130 [ 1796.436974][T23165] __writeback_single_inode+0x4c2/0xa70 [ 1796.442344][T23165] writeback_single_inode+0x22c/0x960 [ 1796.447554][T23165] sync_inode_metadata+0xba/0x110 [ 1796.452416][T23165] __generic_file_fsync+0x158/0x1a0 [ 1796.457458][T23165] exfat_file_fsync+0x7c/0x160 [ 1796.462050][T23165] page last free stack trace: [ 1796.466564][T23165] free_unref_page_prepare+0x7c8/0x7d0 [ 1796.471858][T23165] free_unref_page+0xe8/0x750 [ 1796.476371][T23165] __free_pages+0x61/0xf0 [ 1796.480535][T23165] __free_slab+0xec/0x1d0 [ 1796.484699][T23165] __unfreeze_partials+0x165/0x1a0 [ 1796.489647][T23165] put_cpu_partial+0xc4/0x120 [ 1796.494160][T23165] __slab_free+0x1c8/0x290 [ 1796.498415][T23165] ___cache_free+0x109/0x120 [ 1796.502839][T23165] qlink_free+0x4d/0x90 [ 1796.506836][T23165] qlist_free_all+0x44/0xb0 [ 1796.511173][T23165] kasan_quarantine_reduce+0x15a/0x180 [ 1796.516466][T23165] __kasan_slab_alloc+0x2f/0xe0 [ 1796.521241][T23165] slab_post_alloc_hook+0x53/0x2c0 [ 1796.526189][T23165] kmem_cache_alloc+0xf5/0x250 [ 1796.530792][T23165] getname_flags+0xba/0x520 [ 1796.535130][T23165] getname+0x19/0x20 [ 1796.538863][T23165] [ 1796.541027][T23165] Memory state around the buggy address: [ 1796.546503][T23165] ffff88810a784680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 1796.554408][T23165] ffff88810a784700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1796.562297][T23165] >ffff88810a784780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1796.570282][T23165] ^ [ 1796.576272][T23165] ffff88810a784800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1796.584174][T23165] ffff88810a784880: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 1796.592156][T23165] ================================================================== [ 1796.600051][T23165] Disabling lock debugging due to kernel taint [ 1796.662737][ T30] audit: type=1400 audit(2000000021.100:9164): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1796.674665][ T331] usb 5-1: USB disconnect, device number 37 [ 1796.685013][ T30] audit: type=1400 audit(2000000021.100:9165): avc: denied { remove_name } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=16 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1796.712418][ T30] audit: type=1400 audit(2000000021.100:9166): avc: denied { rename } for pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=16 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1796.734458][ T30] audit: type=1400 audit(2000000021.100:9167): avc: denied { add_name } for pid=83 comm="syslogd" name="messages.0" dev="tmpfs" ino=15 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1796.756865][ T30] audit: type=1400 audit(2000000021.100:9168): avc: denied { unlink } for pid=83 comm="syslogd" name="messages.0" dev="tmpfs" ino=15 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1