last executing test programs: 16.224246474s ago: executing program 1 (id=65): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12015001020000082505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000c6f400000006241a0000080905810340000000000904010000020d00000904010102020d0000090582030002fa0000090503"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000001c0)={0x44, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x1000, 0x2, 0x1, 0x0, 0x0, 0x10000, 0x81, 0x1, 0x100}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 14.049015761s ago: executing program 1 (id=118): r0 = epoll_create1(0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x2, r1, 0x0) 14.015425271s ago: executing program 1 (id=119): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) setpgid(0x0, 0x0) 13.949367532s ago: executing program 1 (id=132): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240), 0xfe, 0x54b, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNF1Gk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvebNmaNGmXrZn5fOC259x70nNP7v2enpOTkACG1mT2oxDxakR8m0Qcajk2GvnByY1y6w+uzWVbEvX6Z38lkeT7muWT/Pd4nnklIn77OuJEYXO91dW1xVK5nC7n+ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dvbX3z3D8/fHrno9PfHFv//pd7h28lcSYO5sda2/EUrrdmJmMyf07G4swTBaf7UNkgSXb7BNiRkTzOxyLrAw7FSB71wP/fVxFRB4ZUIv5hSDXHAc25fZ/mwS+M+x9uTIA2tz/ZeG0k9jXmRgfWk8dmRtl8d6IP9Wd1/Prn7VvZFv17HQKgq+s3IuLU6Gjn/m/nTvVQ5sk69H/w/NzJxj9vtRv/FB6Of6LN+Ge8TezuRPf4L9zrQzUdZeO/D9qOfx8uWk2M5LmXGmO+seTCxXKa9W0vR8TxGNub5bdazzm9frfe6Vjr+C/bsvqbY8H8PO6N7n38MfOlWulp2tzq/o2I17qMf5M21z97Ps71WMfR9PbrnY51b/+zVf854o221//Rilay9frkVON+mGreFZv9ffPo753q3+32Z9f/wNbtn0ha12ur26/jp33/pp2OTSb5ouk27/89yeeN9J5839VSrbY8HbEn+WTz/plHj23mm+Wz9h8/tnX/1+7+3x8RX/TY/ptHbnYsOgjXf35b13/7ibsff/ljp/p76//ebqSO53t66f96PcGnee4AAAAAAABg0BQi4mAkheLDdKFQLG68v+NIHCiUK9XaiQuVlUvz0fis7ESMFZor3eMt74eYzt8P28zPPJGfjYjDEfHdyP5GvjhXKc/vduMBAAAAAAAAAAAAAAAAAABgQIx3+Px/5o+R3T474Jnzld8wvLrGfz++6QkYSP7/w/AS/zC8xD8ML/EPw0v8w/AS/zC8xD8ML/EPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXXu7Nlsq68/uDaX5eevrK4sVq6cnE+ri8WllbniXGX5cnGhUlkop8W5ylK3v1euVC5Pz8TK1alaWq1NVVfXzi9VVi7Vzl9cKi2k59Ox59IqAAAAAAAAAAAAAAAAAAAAeLFUV9cWS+VyuiwhsaPE6GCchkSfE7vdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI/8FAAD//wZvNao=") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x8) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}, {@metacopy_on}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/76, 0xff0d}], 0x1, 0x0, 0x0) 13.842093613s ago: executing program 1 (id=128): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x2000002, &(0x7f0000000600)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c646973636172640061727365743d63703835322c757466383d2023d6ffff756d7461696c3d302c6e6f6e75617461696c696f6368619615f9a9d8fc34fd234143727365743d69736f383835392d322c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c757466b83d312c756e695f786c6174653d302c756e695f786c6174653d302c73686f72746e616d653d6d697865642c726f6469722c756e695f786c8e380b24aa44b2a03f9d01000080000000002c4fb4e27388a38ca91b346d2e5535414e8214d26a8c3700"/241], 0x1, 0x368, &(0x7f0000000180)="$eJzs3U9oI9UfAPBvOmnSXfj9tjdREKI3Qct2b3qxRbqw2ItK8M9BDG5XJa1Ci8X2sG09KB4Fj3rypqAHD+JRBEW8efDqCrIqHrS3BRefTCaTTJu02y5WKX4+0PTlvfed73cmQzINyetzc9G9PBlXdnevx9RULepzj8zFjVpMRxal7RjVGNMHAJwON1KK31PhiCG1Ey4JADhhvdf/FyKiFdNFz+tfHjY/efUHgFOv//f/mcPmTB008MqJlAQAnLCR9//v3TPc6P3Uy7v1yqcCAIDT6omnn3l0fjHi8VZrKmLlzfX2ejseGo7PX4mXYjmW4nyci5sRxYVCflPr3V68tLhwvtVqbcVP09GOiIl+YLu4UpjPevHNmB2MDK42UkrZxU8WF2ZbPRGxvdXLHyu19fZknO3n//5sLA0vPKbLIqJ3c2lx4UKrv4H2Shm/FbEzfN8ir38mzsW3zw82k1L5CcbFhauzE/07w/j1djMuD47Cge+AAAAAAAAAAAAAAAAAAAAAAADAbZlpDUwP1s9J+e9ipZyZmTHjvfVxivj++kA7xfpAqZkipd9ee6D9VhZ71gfavz7PuoUEAQAAAAAAAAAAAAAAAAAAYGBtoxGd5eWl1bWNzW61sbW6tjEREXnPy19/9MWZGJ1zi0a9SNGMGKRo9dNudjspKyenLGI0PMuTlz0ffDqouDqnOdiLsWU0xw/tRt743z0/vjscujsrt/zncHIW43cwq5Tx8L6kK/8vSjrOgRo0LlR7mqPZr6WUKj1vVMOvPju6wahF1I//wG12J+LgOSlvfHX9xTvLo9/5PBXuu//ck9feef+Xbmc5zxy9R7CxunYzdTu1cvLxDkt+qMueWhSNWvVMqB8WvrO3p5N99+tTd739zdGyp2rPq/n5vG9OVuzOx/vDG0UjLzNvNIZny5lh+GR/J5aXJsec/Ldq3MZjesd7n32Y0g8/HzlFIa9+YuRpo/b3PQMBAAAAAAAAAAAAAAAAAAClynfF+/pf9p08LOrBx06+MgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD45wz//3+lsbMd+3qO0vhja0xUc2l1LaLxb+8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/cX8FAAD//zbhVeI=") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000100)=""/155, 0x9b) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 13.459197036s ago: executing program 1 (id=139): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x33, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x1, 0x2, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), 0x10, 0x3, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f0000000580), &(0x7f0000001580)=""/92}, 0x20) 13.438891575s ago: executing program 32 (id=139): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x33, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x1, 0x2, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), 0x10, 0x3, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f0000000580), &(0x7f0000001580)=""/92}, 0x20) 2.691617919s ago: executing program 5 (id=404): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r3, 0x4188aea7, &(0x7f0000000240)={0x1, 0x0, [{0x0, 0x0, 0x1}]}) 2.632262389s ago: executing program 2 (id=407): creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c09425, &(0x7f0000000280)={"06528e9c6b2f3dfd54c3915912385b2b", 0x0, 0x0, {0xf, 0x15}, {0x3, 0x7}, 0xce50, [0x2, 0x200, 0xfffffffeffffffff, 0x4, 0x5, 0x1, 0x80000000008, 0x5, 0x0, 0x4ffff, 0xa, 0x1000, 0x2, 0x7, 0x1ff, 0x7]}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 2.609311559s ago: executing program 2 (id=410): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10) rt_sigsuspend(0x0, 0x0) 2.57645098s ago: executing program 5 (id=412): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0) 2.57617351s ago: executing program 2 (id=413): prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0, 0x0) 2.428709021s ago: executing program 2 (id=416): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 2.066341213s ago: executing program 5 (id=418): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect(0x0, 0x4d, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000735aca105e042107c4900102030109023b00010000000009040000000e010000052406000105240300000d240f0100000000000000000006"], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000001a80)={0x24, 0x0, &(0x7f00000008c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) 2.038452374s ago: executing program 4 (id=420): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) unshare(0x20000600) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000080)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0000) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000002540)=0x1) 1.969823604s ago: executing program 4 (id=421): clock_adjtime(0x0, &(0x7f0000001100)={0xd77, 0x2000000000000000, 0x0, 0x0, 0x0, 0x4b, 0xf2, 0x0, 0x0, 0xa12, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xefe, 0x4}) unshare(0x22020600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x400000}, [@map_fd={0x18, 0x0, 0x1, 0x0, r1}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0xea, &(0x7f0000000340)=""/234, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.932533165s ago: executing program 4 (id=422): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000016218110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) 1.893580615s ago: executing program 4 (id=423): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x300, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.799136255s ago: executing program 4 (id=424): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000401904000600000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000950000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0xffffffffffffff37, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x22, 0xb}, 0x0}, 0x0) 822.019563ms ago: executing program 3 (id=437): r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_TTY(r0, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x30010000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x84, 0x464, 0x1, 0x70bd25, 0x25dfdbfe, "f7d4cd9a62c8f8fc91511634111df48f849151d96e27b0acae54c5a0a7909b863120291733272024480c0c6232bc7bdf98635b2998bc6b0366ca563623922217e0435d741a498a106de5fd2d395ee8b6dc9eafe2594f81804c7c53f143f72df3325925ff64b8f9f00c55322bec4bccb953920799", ["", "", "", "", ""]}, 0x84}, 0x1, 0x0, 0x0, 0x4000000}, 0x4060010) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x130, r2, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_FWMARK={0x8}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_PEERS={0xd4, 0x8, 0x0, 0x1, [{0x58, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @remote}}]}, {0x70, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "5d75c94e190c846a92efb742a93e9cb73a0d971146d295095c7d05cba4baf434"}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "a68ba5d6b57c1fb2a0d2cdf6934483df383eecfdc7582bd28418b68d48ab2752"}]}]}, @WGDEVICE_A_FLAGS={0x8}]}, 0x130}}, 0x0) 782.737844ms ago: executing program 3 (id=438): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000040000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001e40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000580)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61128b000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000007126000000000000bf670000000000005601000000ff07ad6706000002000000070300000ee60000bf250000000000002d350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000160400000400f9ffad3001000000000084000000000000004500000001f0ffff95000000000000006e8ad524a56600a5585b7351ca1136aef2e9407e5c2501d11900db85604036883647b1fb3f1403b816f511c8c56e56e40b01005505f8a89dae4293b10f3631b25fc9f189084c7fddccff01361d355f6cce8ec2abcdf1bc9040daef2cfa2046e2091e269f4734ffa55eb2d4e8de20b38c8808b365b46bd54c68cd30139a8c3827a7dd6d6e2b5fea3906f8456b0000000000ff07efffffff0047018ae79db613d2aec070f718ab629b4975320dd7a7da532281fd22c7b835005bf52715396669836db6000000005b4f0591ee7c8cd263dd172b28d01c4d8ddaf2cdad3d1a74a2f078aa6402483856a6e495408d0b33047f06aec2cc590df28efc7dbec6857db922195a271af103f03e1155197e067b2ebf4e2dae06e394c9639564f000fc3cdd05a157544d0200000000000000ee48f5287123a0d246c0c4c00fe979dbc09ed4db22d7172adc6ae8faa5f9ad188e07000000000000008d88a0b4684559d46cae41db1b914e93f1f88e80ef80c6ed3e1ff91ff111000000000000000000e33de432e488ad0e724c2d14a1e770e116984a5700afb8a1f3d47277ef0e33e7e00ec5f74e10937ba0e321346977b7d1b18013f509675b5b0f352e30dffda780e95c301f4fc7d5a76475ace6b128b02bfd71023daffdf748a6bd356fcbacec96373d1101000736ac0bbcb5f4836bddfe8bf46308000000ade9e59fcf271bb98bd0b8b5216b858b414c31682f9f3db2e4d8e5898e445fe55ac56c0ddd932d838ff651023853d42210642986f8bbc7340bc8393f774318c9fc9b05788de2c6e601b50777e8dff581de1d5ae3d801ead7eba31126e2172fa1eadf5f3bec81004d00000000c8e4692e051c731f9ac766b7fd66278d40f0760f23e8c7d1f47cd8e02504e85e152955ad8acd989c0b2eea71414f533f5685c3904bfe1d0011ffc1ba5398f3d68124674478186edd036f15bf847c33f79e1a0ad3d2b5080ecb01420c9f1b534e969fce97ffff07000009000000bfe0ed7c5853a665c0805752dca0e571d75cac5a5d8e4f6e05055b6dec5a9a5696f053a92d81fd9e5f2b9dbbe24f38e745b5a95d45003d0600e413dc623f3e6b096c8b0ad7438c6631388a92c55b0671140afbfb83bba415f729fea4c8a8a86189dceedad84cdd17c46bdd847a1f4b0facd3744f5bbb06abb319204fca4bcd4297fe7b4cee75abf43e14fe861224799c0f12702964fc890a176fdafa2c9387280b5693c000c0304cece48642649375dae0b7979b229f708a97349e96e783af9a23cd3980a2c29d3d62875e5319cd51bdd224878a0b25edf0e83c930633bd9a823e28f359608ea326c77a1aa17318f392a0ec6c188916f4149c503027feccfd68ec8278a90252693fb133c4615801077e1d75420017c03990b855fe485a20b4919bb11c6d737b6545ef140a0fc339bb53953662f1454f9852e7c4e17eb8e68f076c659f56d6c7f97a94d604f45cfe88b30c170000000001000000ef931f137967de563c29d81aacb3d48226a4e4b6670900000000000000fa68bff3693afc44db2248bb38b31a14ffcddd92c38f6b6d86a0e56d47a82bad5d2a6dce4c4d353261260c9d7a6bd9f2c872c4172a3d2ac80dfb718cc159e6423065624f1300007d6072f0cf120ad2ba519afdd43a14000000000000000000000000007ef2f3c58d045f0700000094069acbe333aebd10f2118fbfeda3fa5500d52cd5241588d2b68a332edfef6d701c8936a25d68b841f982511392cc0d3a78616f8ce0f2877d099258bf85866d0ee7f803fa50fd41ef62b028d12028a7b497d92f544523290f520b0d000000000000000000007758b1267669ded883b5867c5916a74843b784955108f750c57744c76a09629dd0aaca5cb0f14f49db80a1aa2692c18fbb31cbdb3f2e138e6d5ba3491fc3617b511f24bad26466407e39000000000080d7a1bf4624d31c13a6840f45a7f4e01a50d790132abb36915e35b1ac35bf3921357f638684bba17b8fe1e2123153ecd6d1f76820d4f8fa0b96b50c457ae8d5f2351cdb7bc8170380557bc11cf6ee3395974e37018a2a7473312cb32affb8ff72a253e0d36099e460f13694b9891af526d9608271838e83d17103887f34210dd4c0cf60dec608b4ca5ba2f3037bf381e7b5d5b27820000000000000000000000b719bd34f3244730f708fdd532640edc6b82dd4ad72ecbaccafef806f5447aba2246d56a601bbd8c24ba1e16dda3296ce10de6830942eb83c24a44c48c6a5890f6441f14162e08fb3d964aa5ac94d9d5703749409deba3a702d4121547644dd581a2b34f9686dcd06"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 763.668713ms ago: executing program 3 (id=439): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r1}, 0x10) socketpair(0x11, 0xa, 0x0, &(0x7f0000001080)) 726.346344ms ago: executing program 3 (id=440): prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0, 0x0) 556.884515ms ago: executing program 2 (id=441): r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x74, 0x101301) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f00000001c0), 0xed) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0x8008551c, &(0x7f0000000040)=@usbdevfs_connect) 556.490155ms ago: executing program 3 (id=442): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) unlink(0x0) 546.493356ms ago: executing program 5 (id=443): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 530.824876ms ago: executing program 3 (id=444): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_usb_connect(0x0, 0x10e, &(0x7f0000000380)=ANY=[@ANYBLOB="120100006a249f08ec1888323a3f010203010902fc0001870000000904e600030e01000006240600011005240008000d240f01000000000000a0010606241a0000000c241b000000000000ff01000424020c90"], 0x0) 512.892765ms ago: executing program 2 (id=445): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, "08405af3"}, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "6fe695cd"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000100)={0x3, 0x100, 0xe}) 510.069076ms ago: executing program 5 (id=446): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) rt_tgsigqueueinfo(0x0, 0x0, 0xa, 0x0) 491.534166ms ago: executing program 5 (id=447): r0 = epoll_create1(0x0) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) close(r1) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 481.735566ms ago: executing program 0 (id=448): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0xadd, 0x5, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r1, &(0x7f0000000300), 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000300)={r1, &(0x7f0000000240), 0x0}, 0x20) 465.487996ms ago: executing program 0 (id=449): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vlan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="02030e00d3fc02000000ab5d71acedd7c9560385dcb186dd", 0x18, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) 453.826866ms ago: executing program 0 (id=450): r0 = timerfd_create(0x9, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000002300)='auxv\x00') read$FUSE(r1, &(0x7f00000002c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(0x0, r2) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) 442.286276ms ago: executing program 0 (id=451): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000060000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) waitid(0x0, 0x0, &(0x7f0000002ff9), 0x0, 0x0) 428.881396ms ago: executing program 0 (id=452): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002300)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000300)={'#! ', './file1/file0', [{0x20, 'memory.events\x00'}], 0xa, "d161050000000000000074bdca9720dfcc73de5b223a3c160f225bcf4c83ef6cefab8104649d48cdb9a6c7669fce915c6e7588a6259b6eb774f58cd31674f96d061a0a52557ef17ec0c8dd11d285470d6593ad67b8abeffaefcf36c8627e38b8b9bcee53"}, 0x84) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000080), 0x4) 11.36496ms ago: executing program 4 (id=453): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 0s ago: executing program 0 (id=463): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='sched_kthread_work_queue_work\x00', r0}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.24' (ED25519) to the list of known hosts. [ 20.910215][ T28] audit: type=1400 audit(1733167931.332:66): avc: denied { mounton } for pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.911498][ T280] cgroup: Unknown subsys name 'net' [ 20.932696][ T28] audit: type=1400 audit(1733167931.332:67): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.959886][ T28] audit: type=1400 audit(1733167931.352:68): avc: denied { unmount } for pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.960182][ T280] cgroup: Unknown subsys name 'devices' [ 21.102683][ T280] cgroup: Unknown subsys name 'hugetlb' [ 21.108098][ T280] cgroup: Unknown subsys name 'rlimit' [ 21.214069][ T28] audit: type=1400 audit(1733167931.632:69): avc: denied { setattr } for pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.234148][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 21.237221][ T28] audit: type=1400 audit(1733167931.632:70): avc: denied { mounton } for pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.270144][ T28] audit: type=1400 audit(1733167931.632:71): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.293134][ T28] audit: type=1400 audit(1733167931.662:72): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.293783][ T280] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.318356][ T28] audit: type=1400 audit(1733167931.662:73): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.318388][ T28] audit: type=1400 audit(1733167931.712:74): avc: denied { read } for pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.377568][ T28] audit: type=1400 audit(1733167931.712:75): avc: denied { open } for pid=280 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.257940][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.264862][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.272297][ T290] device bridge_slave_0 entered promiscuous mode [ 22.279099][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.286206][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.293678][ T290] device bridge_slave_1 entered promiscuous mode [ 22.320679][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.327533][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.334889][ T292] device bridge_slave_0 entered promiscuous mode [ 22.357917][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.364839][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.372198][ T292] device bridge_slave_1 entered promiscuous mode [ 22.380355][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.387208][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.394601][ T291] device bridge_slave_0 entered promiscuous mode [ 22.401608][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.408453][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.415866][ T291] device bridge_slave_1 entered promiscuous mode [ 22.460037][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.466892][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.474351][ T294] device bridge_slave_0 entered promiscuous mode [ 22.497172][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.504167][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.511519][ T294] device bridge_slave_1 entered promiscuous mode [ 22.530767][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.537624][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.544957][ T293] device bridge_slave_0 entered promiscuous mode [ 22.570114][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.577109][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.584509][ T293] device bridge_slave_1 entered promiscuous mode [ 22.759398][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.766279][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.773389][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.780156][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.792503][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.799367][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.806500][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.813289][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.836376][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.843258][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.850388][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.857225][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.878605][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.885479][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.892585][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.899433][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.909773][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.916646][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.923766][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.930654][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.966725][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.973908][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.981119][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.988156][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.995669][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.002991][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.010208][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.017281][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.024392][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.031481][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.039790][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.047167][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.071123][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.078920][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.087086][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.093939][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.101307][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.109295][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.116146][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.124974][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.133430][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.140311][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.160250][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.168659][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.177107][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.183962][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.191235][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.199253][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.206115][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.213838][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.221724][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.229677][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.236537][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.243765][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.270332][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.277710][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.285055][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.293767][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.302052][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.308891][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.316198][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.323536][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.331185][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.339036][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.347821][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.355947][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.373474][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.381998][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.390905][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.397748][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.405171][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.413596][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.421706][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.428536][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.435884][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.443802][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.467045][ T291] device veth0_vlan entered promiscuous mode [ 23.475558][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.483877][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.491930][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.500706][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.508670][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.515526][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.523363][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.531416][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.539511][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.548011][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.556240][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.564039][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.572083][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.580034][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.587835][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.595303][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.610580][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.618874][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.627240][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.635593][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.643834][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.652020][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.668517][ T291] device veth1_macvtap entered promiscuous mode [ 23.679659][ T294] device veth0_vlan entered promiscuous mode [ 23.688330][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.696457][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.704604][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.712307][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.719559][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.727662][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.741960][ T290] device veth0_vlan entered promiscuous mode [ 23.757019][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.765981][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.774140][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.782527][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.790962][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.799115][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.806953][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.814965][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.822377][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.832010][ T293] device veth0_vlan entered promiscuous mode [ 23.844925][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.853104][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.861009][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.868740][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.881054][ T294] device veth1_macvtap entered promiscuous mode [ 23.893309][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.904523][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.912975][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.930996][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.942820][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.951612][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.959809][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.968534][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.976829][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.986919][ T293] device veth1_macvtap entered promiscuous mode [ 23.998582][ T292] device veth0_vlan entered promiscuous mode [ 24.006823][ T290] device veth1_macvtap entered promiscuous mode [ 24.020094][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.028100][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.029245][ T322] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.036263][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.075187][ T292] device veth1_macvtap entered promiscuous mode [ 24.093509][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.102423][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.109660][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.117129][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.125506][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.133917][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.142269][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.150565][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.158704][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.167152][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.175479][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.210772][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.230252][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.243451][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.257468][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.505609][ T364] syz.1.21 (364) used greatest stack depth: 21928 bytes left [ 24.531649][ T369] tipc: Started in network mode [ 24.548697][ T369] tipc: Node identity 7f000001, cluster identity 4711 [ 24.555804][ T369] tipc: Enabled bearer , priority 10 [ 24.562296][ T376] netlink: 80 bytes leftover after parsing attributes in process `syz.2.27'. [ 24.571033][ T376] netlink: 80 bytes leftover after parsing attributes in process `syz.2.27'. [ 24.580543][ T376] netlink: 80 bytes leftover after parsing attributes in process `syz.2.27'. [ 24.637808][ T383] loop4: detected capacity change from 0 to 1024 [ 24.647137][ T387] tun0: tun_chr_ioctl cmd 1074025675 [ 24.659254][ T387] tun0: persist enabled [ 24.676340][ T387] tun0: tun_chr_ioctl cmd 1074025675 [ 24.683500][ T387] tun0: persist enabled [ 24.689120][ T383] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 24.737080][ T293] EXT4-fs (loop4): unmounting filesystem. [ 24.920021][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.952518][ T422] netlink: 'syz.4.45': attribute type 29 has an invalid length. [ 25.111478][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 25.121150][ T6] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 25.130698][ T6] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 25.146084][ T6] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 25.155039][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.162958][ T6] usb 1-1: Product: syz [ 25.167007][ T6] usb 1-1: Manufacturer: syz [ 25.171443][ T6] usb 1-1: SerialNumber: syz [ 25.257602][ T404] loop2: detected capacity change from 0 to 131072 [ 25.264930][ T404] F2FS-fs (loop2): Invalid log_blocksize (0), supports only 12 [ 25.272725][ T404] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 25.282599][ T404] F2FS-fs (loop2): Test dummy encryption mode enabled [ 25.296428][ T404] F2FS-fs (loop2): Can't change test_dummy_encryption on remount [ 25.381295][ T6] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 25.509428][ T443] loop2: detected capacity change from 0 to 40427 [ 25.516322][ T443] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 25.526473][ T443] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 25.535995][ T443] F2FS-fs (loop2): invalid crc value [ 25.542949][ T443] F2FS-fs (loop2): Found nat_bits in checkpoint [ 25.578766][ T443] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 25.585731][ T443] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 25.590568][ T24] usb 1-1: USB disconnect, device number 2 [ 25.602273][ T24] usblp0: removed [ 25.623409][ T443] capability: warning: `syz.2.53' uses deprecated v2 capabilities in a way that may be insecure [ 25.640708][ T317] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 25.649873][ T317] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 25.690454][ T298] tipc: Node number set to 2130706433 [ 25.992348][ T462] loop2: detected capacity change from 0 to 40427 [ 25.999077][ T462] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 26.006861][ T462] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 26.015411][ T462] F2FS-fs (loop2): invalid crc value [ 26.021820][ T462] F2FS-fs (loop2): Found nat_bits in checkpoint [ 26.080602][ T462] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 26.087469][ T462] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 26.118609][ T462] syz.2.59: attempt to access beyond end of device [ 26.118609][ T462] loop2: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 26.132406][ T462] syz.2.59: attempt to access beyond end of device [ 26.132406][ T462] loop2: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 26.146631][ T462] F2FS-fs (loop2): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 26.146661][ T462] F2FS-fs (loop2): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 26.215604][ T28] kauditd_printk_skb: 93 callbacks suppressed [ 26.215620][ T28] audit: type=1400 audit(1733167936.632:169): avc: denied { append } for pid=488 comm="syz.2.70" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.251715][ T298] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.283525][ T28] audit: type=1400 audit(1733167936.702:170): avc: denied { write } for pid=492 comm="syz.4.71" name="event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.337291][ T28] audit: type=1400 audit(1733167936.752:171): avc: denied { ioctl } for pid=492 comm="syz.4.71" path="/dev/input/event0" dev="devtmpfs" ino=256 ioctlcmd=0x4506 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.364887][ T496] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.372397][ T496] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.429952][ T298] usb 2-1: Using ep0 maxpacket: 8 [ 26.434903][ T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 26.443446][ T298] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.454493][ T298] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 250, changing to 11 [ 26.465759][ T298] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 26.480190][ T342] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.486154][ T298] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 26.512708][ T298] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.535977][ T298] usb 2-1: Product: syz [ 26.549839][ T298] usb 2-1: Manufacturer: syz [ 26.561129][ T298] usb 2-1: SerialNumber: syz [ 26.619976][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 26.626186][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 26.637014][ T28] audit: type=1400 audit(1733167937.052:172): avc: denied { append } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.671985][ T24] usb 1-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 26.680833][ T28] audit: type=1400 audit(1733167937.052:173): avc: denied { open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.680872][ T28] audit: type=1400 audit(1733167937.052:174): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.779997][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.787941][ T24] usb 1-1: Product: syz [ 26.804056][ T24] usb 1-1: Manufacturer: syz [ 26.808519][ T24] usb 1-1: SerialNumber: syz [ 26.830801][ T24] usb 1-1: config 0 descriptor?? [ 26.895270][ T505] loop2: detected capacity change from 0 to 40427 [ 26.911085][ T505] F2FS-fs (loop2): fault_injection options not supported [ 26.918061][ T505] F2FS-fs (loop2): Image doesn't support compression [ 26.925399][ T505] F2FS-fs (loop2): Image doesn't support compression [ 26.933849][ T516] netlink: 12 bytes leftover after parsing attributes in process `syz.3.81'. [ 26.943089][ T505] F2FS-fs (loop2): invalid crc value [ 26.959641][ T28] audit: type=1400 audit(1733167937.372:175): avc: denied { name_bind } for pid=518 comm="syz.3.82" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 26.962609][ T505] F2FS-fs (loop2): Found nat_bits in checkpoint [ 26.983350][ T28] audit: type=1400 audit(1733167937.402:176): avc: denied { create } for pid=518 comm="syz.3.82" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 27.024564][ T28] audit: type=1400 audit(1733167937.402:177): avc: denied { connect } for pid=518 comm="syz.3.82" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 27.100115][ T505] F2FS-fs (loop2): Start checkpoint disabled! [ 27.108060][ T505] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 27.136022][ T28] audit: type=1400 audit(1733167937.552:178): avc: denied { append } for pid=528 comm="syz.4.86" name="001" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 27.183571][ T317] kworker/u4:3: attempt to access beyond end of device [ 27.183571][ T317] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 27.239492][ T24] usb 1-1: Found UVC 0.00 device syz (045e:0721) [ 27.246910][ T24] usb 1-1: No valid video chain found. [ 27.262137][ T24] usb 1-1: USB disconnect, device number 3 [ 27.387868][ T551] loop4: detected capacity change from 0 to 256 [ 27.402031][ T551] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x726052d3, utbl_chksum : 0xe619d30d) [ 27.527159][ T565] loop2: detected capacity change from 0 to 256 [ 27.533569][ T565] ======================================================= [ 27.533569][ T565] WARNING: The mand mount option has been deprecated and [ 27.533569][ T565] and is ignored by this kernel. Remove the mand [ 27.533569][ T565] option from the mount to silence this warning. [ 27.533569][ T565] ======================================================= [ 27.573274][ T565] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 27.600925][ T298] cdc_ncm 2-1:1.0: bind() failure [ 27.613249][ T298] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 27.620552][ T298] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 27.628242][ T298] usb 2-1: USB disconnect, device number 2 [ 27.909978][ T19] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.048758][ T592] loop0: detected capacity change from 0 to 1024 [ 28.072193][ T592] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 28.083974][ T592] EXT4-fs (loop0): shut down requested (0) [ 28.090979][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 28.097114][ T19] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 28.105949][ T19] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 28.120773][ T290] EXT4-fs (loop0): unmounting filesystem. [ 28.123691][ T19] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 28.150884][ T19] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 28.161889][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.172111][ T19] usb 3-1: Product: syz [ 28.176107][ T19] usb 3-1: Manufacturer: syz [ 28.185244][ T19] usb 3-1: SerialNumber: syz [ 28.235769][ T614] loop1: detected capacity change from 0 to 1024 [ 28.284802][ T614] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 28.340760][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.369144][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.382348][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.400656][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.420145][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.450026][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.462937][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.482093][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.500748][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.534682][ T291] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #11: comm syz-executor: invalid size [ 28.597613][ T19] usb 3-1: 0:2 : does not exist [ 28.643290][ T291] EXT4-fs (loop1): unmounting filesystem. [ 28.873627][ T668] incfs: iterate_incfs_dir / -22 [ 29.006585][ T681] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=681 comm=syz.3.154 [ 29.025180][ T682] overlayfs: invalid origin (0000) [ 29.098194][ T673] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.105115][ T673] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.112559][ T673] device bridge_slave_0 entered promiscuous mode [ 29.119534][ T673] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.126884][ T673] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.134422][ T673] device bridge_slave_1 entered promiscuous mode [ 29.189617][ T320] device bridge_slave_1 left promiscuous mode [ 29.196614][ T703] loop3: detected capacity change from 0 to 128 [ 29.207059][ T19] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 29.215352][ T320] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.221554][ T701] input: syz1 as /devices/virtual/input/input4 [ 29.222720][ T703] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 29.238165][ T19] usb 3-1: USB disconnect, device number 2 [ 29.263151][ T320] device bridge_slave_0 left promiscuous mode [ 29.273136][ T703] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 29.284269][ T320] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.293196][ T703] ext2 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 29.326328][ T320] device veth1_macvtap left promiscuous mode [ 29.333377][ T320] device veth0_vlan left promiscuous mode [ 29.353652][ T714] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 29.365819][ T714] F2FS-fs (loop9): Unable to read 1th superblock [ 29.373439][ T294] EXT4-fs (loop3): unmounting filesystem. [ 29.373984][ T714] I/O error, dev loop9, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 29.388496][ T714] F2FS-fs (loop9): Unable to read 2th superblock [ 29.458259][ T718] input input5: cannot allocate more than FF_MAX_EFFECTS effects [ 29.507459][ T706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.164'. [ 29.516332][ T706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.164'. [ 29.527597][ T706] netlink: 2 bytes leftover after parsing attributes in process `syz.0.164'. [ 29.602204][ T727] loop0: detected capacity change from 0 to 128 [ 29.609263][ T716] loop3: detected capacity change from 0 to 40427 [ 29.623802][ T716] F2FS-fs (loop3): fault_injection options not supported [ 29.631973][ T727] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 29.641169][ T716] F2FS-fs (loop3): invalid crc value [ 29.646615][ T727] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.689865][ T716] F2FS-fs (loop3): Found nat_bits in checkpoint [ 29.715521][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.729321][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.746990][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 29.773403][ T290] EXT4-fs (loop0): unmounting filesystem. [ 29.793684][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.810697][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.817604][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.848991][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 29.857621][ T741] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 29.865869][ T716] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 29.901924][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.919090][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.926022][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.940527][ T749] loop2: detected capacity change from 0 to 512 [ 29.949494][ T716] syz.3.168: attempt to access beyond end of device [ 29.949494][ T716] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 29.954999][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.972389][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 29.983191][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.992994][ T749] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 30.002056][ T737] netlink: 24 bytes leftover after parsing attributes in process `syz.0.175'. [ 30.007992][ T749] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.021372][ T294] syz-executor: attempt to access beyond end of device [ 30.021372][ T294] loop3: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 30.035893][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.045605][ T749] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.181: corrupted inode contents [ 30.057618][ T749] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #2: comm syz.2.181: mark_inode_dirty error [ 30.069647][ T749] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.181: corrupted inode contents [ 30.089697][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.104501][ T749] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.181: corrupted inode contents [ 30.108624][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.127057][ T758] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 30.137019][ T749] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #2: comm syz.2.181: mark_inode_dirty error [ 30.144769][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.162004][ T749] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.181: corrupted inode contents [ 30.177869][ T673] device veth0_vlan entered promiscuous mode [ 30.195261][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.206596][ T673] device veth1_macvtap entered promiscuous mode [ 30.213945][ T749] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.181: mark_inode_dirty error [ 30.235964][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.243906][ T749] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.181: corrupted inode contents [ 30.247032][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.272377][ T749] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #2: comm syz.2.181: mark_inode_dirty error [ 30.277287][ T6] kernel write not supported for file /input/event0 (pid: 6 comm: kworker/0:0) [ 30.303722][ T292] EXT4-fs (loop2): unmounting filesystem. [ 30.352722][ T772] loop5: detected capacity change from 0 to 1024 [ 30.359204][ T772] EXT4-fs: Ignoring removed nomblk_io_submit option [ 30.380342][ T772] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.406846][ T772] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 30.432424][ T772] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 30.496377][ T673] EXT4-fs (loop5): unmounting filesystem. [ 30.635762][ T792] loop5: detected capacity change from 0 to 1024 [ 30.651250][ T792] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 30.662989][ T792] EXT4-fs (loop5): shut down requested (0) [ 30.675579][ T673] EXT4-fs (loop5): unmounting filesystem. [ 30.726390][ T802] loop2: detected capacity change from 0 to 128 [ 30.902336][ T819] loop5: detected capacity change from 0 to 512 [ 30.911066][ T819] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 30.924161][ T819] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 30.935039][ T819] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c019, mo2=0002] [ 30.946097][ T819] System zones: 1-12 [ 30.950770][ T819] EXT4-fs (loop5): 1 truncate cleaned up [ 30.962699][ T819] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 30.990012][ T298] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 31.007731][ T828] loop2: detected capacity change from 0 to 512 [ 31.019510][ T673] EXT4-fs (loop5): unmounting filesystem. [ 31.032858][ T828] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 31.042044][ T828] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 31.058616][ T828] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 31.076455][ T292] EXT4-fs (loop2): unmounting filesystem. [ 31.091469][ T838] netlink: 8 bytes leftover after parsing attributes in process `syz.5.216'. [ 31.108897][ T838] netlink: 64 bytes leftover after parsing attributes in process `syz.5.216'. [ 31.118608][ T838] Zero length message leads to an empty skb [ 31.144370][ T843] loop5: detected capacity change from 0 to 512 [ 31.151476][ T843] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 31.169359][ T843] EXT4-fs (loop5): 1 truncate cleaned up [ 31.175131][ T843] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 31.190066][ T298] usb 1-1: Using ep0 maxpacket: 32 [ 31.197738][ T298] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 31.206843][ T298] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.214768][ T298] usb 1-1: Product: syz [ 31.218964][ T298] usb 1-1: Manufacturer: syz [ 31.223478][ T298] usb 1-1: SerialNumber: syz [ 31.229176][ T298] usb 1-1: config 0 descriptor?? [ 31.292490][ T673] EXT4-fs (loop5): unmounting filesystem. [ 31.412364][ T865] netlink: 16 bytes leftover after parsing attributes in process `syz.5.226'. [ 31.462335][ T28] kauditd_printk_skb: 73 callbacks suppressed [ 31.462351][ T28] audit: type=1400 audit(1733167941.882:252): avc: denied { create } for pid=868 comm="syz.5.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 31.489595][ T28] audit: type=1400 audit(1733167941.902:253): avc: denied { bind } for pid=868 comm="syz.5.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 31.731581][ T28] audit: type=1400 audit(1733167942.152:254): avc: denied { write } for pid=885 comm="syz.5.235" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 31.731592][ T886] random: crng reseeded on system resumption [ 31.815102][ T892] loop5: detected capacity change from 0 to 1024 [ 31.824406][ T892] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 31.838291][ T298] (unnamed net_device) (uninitialized): Assigned a random MAC address: de:9e:02:5f:db:27 [ 31.851027][ T673] EXT4-fs (loop5): unmounting filesystem. [ 31.852768][ T298] rtl8150 1-1:0.0: eth1: rtl8150 is detected [ 31.880176][ T298] usb 1-1: USB disconnect, device number 4 [ 31.885857][ T896] loop5: detected capacity change from 0 to 256 [ 31.892368][ T896] exfat: Deprecated parameter 'utf8' [ 31.901433][ T896] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 31.914342][ T40] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 31.932029][ T28] audit: type=1400 audit(1733167942.352:255): avc: denied { associate } for pid=895 comm="syz.5.239" name="blkio.bfq.io_service_bytes_recursive" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 31.961742][ T28] audit: type=1400 audit(1733167942.372:256): avc: denied { append } for pid=895 comm="syz.5.239" path="/25/file0/blkio.bfq.io_service_bytes_recursive" dev="loop5" ino=1048609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 31.988058][ T28] audit: type=1400 audit(1733167942.372:257): avc: denied { map } for pid=895 comm="syz.5.239" path="/25/file0/blkio.bfq.io_service_bytes_recursive" dev="loop5" ino=1048609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.056264][ T28] audit: type=1400 audit(1733167942.472:258): avc: denied { ioctl } for pid=908 comm="syz.2.245" path="socket:[18296]" dev="sockfs" ino=18296 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.056456][ T909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.245'. [ 32.090624][ T909] device bridge_slave_0 left promiscuous mode [ 32.096613][ T909] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.119985][ T40] usb 5-1: Using ep0 maxpacket: 8 [ 32.126173][ T40] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 32.140096][ T40] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.57 [ 32.149023][ T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 32.157391][ T40] usb 5-1: SerialNumber: syz [ 32.178422][ T40] cdc_ether 5-1:1.0: skipping garbage [ 32.193856][ T40] usb 5-1: bad CDC descriptors [ 32.216867][ T904] loop3: detected capacity change from 0 to 40427 [ 32.224486][ T912] loop5: detected capacity change from 0 to 4096 [ 32.243942][ T912] EXT4-fs: Ignoring removed nomblk_io_submit option [ 32.250574][ T904] F2FS-fs (loop3): fault_injection options not supported [ 32.258105][ T912] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 32.259532][ T904] F2FS-fs (loop3): Image doesn't support compression [ 32.270344][ T912] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 32.273658][ T904] F2FS-fs (loop3): fault_type options not supported [ 32.297108][ T912] EXT4-fs error (device loop5): ext4_get_first_dir_block:3603: inode #12: block 80: comm syz.5.246: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 32.297485][ T28] audit: type=1400 audit(1733167942.712:259): avc: denied { read } for pid=140 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 32.317847][ T904] F2FS-fs (loop3): invalid crc value [ 32.339054][ T912] EXT4-fs (loop5): Remounting filesystem read-only [ 32.353498][ T28] audit: type=1400 audit(1733167942.712:260): avc: denied { rename } for pid=911 comm="syz.5.246" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 32.354734][ T912] EXT4-fs error (device loop5): ext4_get_first_dir_block:3605: inode #12: comm syz.5.246: directory missing '..' [ 32.375355][ T28] audit: type=1400 audit(1733167942.712:261): avc: denied { rename } for pid=911 comm="syz.5.246" name="file2" dev="loop5" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.410585][ T904] F2FS-fs (loop3): Found nat_bits in checkpoint [ 32.416831][ T912] EXT4-fs (loop5): Remounting filesystem read-only [ 32.444265][ T673] EXT4-fs (loop5): unmounting filesystem. [ 32.527056][ T904] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 32.589602][ T294] syz-executor: attempt to access beyond end of device [ 32.589602][ T294] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 32.596097][ T867] raw-gadget.1 gadget.4: fail, usb_ep_set_wedge returned -11 [ 32.638046][ T298] usb 5-1: USB disconnect, device number 2 [ 32.739009][ T923] loop0: detected capacity change from 0 to 40427 [ 32.750430][ T923] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 32.758108][ T923] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.792260][ T923] F2FS-fs (loop0): invalid crc value [ 32.810532][ T923] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 32.884644][ T923] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.891713][ T923] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.271690][ T991] loop0: detected capacity change from 0 to 512 [ 33.299685][ T991] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 33.311246][ T991] EXT4-fs (loop0): orphan cleanup on readonly fs [ 33.317891][ T991] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:511: comm syz.0.279: Block bitmap for bg 0 marked uninitialized [ 33.331223][ T991] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 33.345561][ T991] EXT4-fs (loop0): 1 orphan inode deleted [ 33.351294][ T991] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 33.400350][ T290] EXT4-fs (loop0): unmounting filesystem. [ 33.409213][ T999] input: syz0 as /devices/virtual/input/input6 [ 33.420022][ T303] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 33.525873][ T1005] loop4: detected capacity change from 0 to 1024 [ 33.557187][ T1005] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 33.577562][ T1005] EXT4-fs (loop4): shut down requested (0) [ 33.604343][ T293] EXT4-fs (loop4): unmounting filesystem. [ 33.610038][ T303] usb 4-1: Using ep0 maxpacket: 8 [ 33.616566][ T303] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 33.628141][ T303] usb 4-1: config 179 has no interface number 0 [ 33.641146][ T303] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 33.662967][ T303] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 33.675352][ T303] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 33.693252][ T303] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 33.711065][ T303] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 33.731753][ T303] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 33.740819][ T303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.752867][ T978] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 33.796835][ T1015] x_tables: duplicate underflow at hook 4 [ 33.862509][ T1017] syz.0.289 (1017) used greatest stack depth: 21552 bytes left [ 33.992119][ T19] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input7 [ 34.193945][ T978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.210174][ T978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.456893][ T19] usb 4-1: USB disconnect, device number 2 [ 34.456943][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 34.456975][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 34.490487][ T19] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 34.511043][ T1028] loop2: detected capacity change from 0 to 40427 [ 34.518174][ T1028] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 34.525265][ T1028] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 34.535701][ T1028] F2FS-fs (loop2): invalid crc value [ 34.542853][ T1028] F2FS-fs (loop2): Found nat_bits in checkpoint [ 34.581094][ T1028] F2FS-fs (loop2): Start checkpoint disabled! [ 34.593023][ T1028] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 34.599979][ T1028] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 34.686412][ T8] kworker/u4:0: attempt to access beyond end of device [ 34.686412][ T8] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 34.823042][ T1066] loop2: detected capacity change from 0 to 512 [ 34.829807][ T1066] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 34.841142][ T1066] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 34.854213][ T1066] EXT4-fs (loop2): 1 truncate cleaned up [ 34.859751][ T1066] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 34.860195][ T298] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 34.887155][ T292] EXT4-fs (loop2): unmounting filesystem. [ 35.061826][ T298] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 35.080429][ T298] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.100037][ T298] usb 6-1: New USB device found, idVendor=1b96, idProduct=0004, bcdDevice= 0.00 [ 35.117095][ T298] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.138626][ T298] usb 6-1: config 0 descriptor?? [ 35.489998][ T303] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 35.497511][ T19] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 35.548820][ T298] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 35.555629][ T298] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 35.562237][ T298] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 35.568950][ T298] ntrig 0003:1B96:0004.0001: unknown main item tag 0x0 [ 35.576331][ T298] ntrig 0003:1B96:0004.0001: hidraw0: USB HID v40.00 Device [HID 1b96:0004] on usb-dummy_hcd.5-1/input0 [ 35.690007][ T303] usb 4-1: Using ep0 maxpacket: 8 [ 35.695986][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.706976][ T303] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 35.717055][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.726656][ T19] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 35.735655][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.744385][ T19] usb 1-1: config 0 descriptor?? [ 35.751099][ T298] usb 6-1: USB disconnect, device number 2 [ 35.759765][ T303] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 35.771636][ T303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 35.785062][ T303] usb 4-1: SerialNumber: syz [ 35.795671][ T303] usb 4-1: config 0 descriptor?? [ 35.797616][ T1102] loop4: detected capacity change from 0 to 512 [ 35.806256][ T303] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 35.813553][ T303] usb 4-1: No valid video chain found. [ 35.831240][ T1102] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 35.842422][ T1102] ext4 filesystem being mounted at /82/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 35.856537][ T1102] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.326: corrupted inode contents [ 35.875495][ T1102] EXT4-fs error (device loop4): ext4_dirty_inode:6091: inode #2: comm syz.4.326: mark_inode_dirty error [ 35.886986][ T1102] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.326: corrupted inode contents [ 35.899152][ T1102] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.326: mark_inode_dirty error [ 35.921672][ T293] EXT4-fs (loop4): unmounting filesystem. [ 36.009294][ T298] usb 4-1: USB disconnect, device number 3 [ 36.078704][ T1117] x_tables: ip_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 36.149240][ T1125] mmap: syz.4.334 (1125) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 36.171903][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 36.180142][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 36.188281][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 36.196725][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 36.205117][ T19] logitech-hidpp-device 0003:046D:C086.0002: unknown main item tag 0x0 [ 36.215488][ T19] logitech-hidpp-device 0003:046D:C086.0002: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.0-1/input0 [ 36.251107][ T1129] device wireguard0 entered promiscuous mode [ 36.287042][ T1132] netlink: 104 bytes leftover after parsing attributes in process `syz.5.337'. [ 36.375067][ T298] usb 1-1: USB disconnect, device number 5 [ 36.405241][ T1145] netlink: 'syz.5.343': attribute type 11 has an invalid length. [ 36.412859][ T1145] netlink: 20 bytes leftover after parsing attributes in process `syz.5.343'. [ 36.552998][ T1154] syz.3.347 (1154) used greatest stack depth: 21456 bytes left [ 36.860019][ T298] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 36.899986][ T894] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 37.040048][ T298] usb 3-1: Using ep0 maxpacket: 16 [ 37.047836][ T298] usb 3-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb [ 37.057749][ T298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.065696][ T298] usb 3-1: Product: syz [ 37.069714][ T298] usb 3-1: Manufacturer: syz [ 37.074144][ T298] usb 3-1: SerialNumber: syz [ 37.078558][ T28] kauditd_printk_skb: 31 callbacks suppressed [ 37.078578][ T28] audit: type=1400 audit(1733167947.492:293): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 37.106639][ T894] usb 4-1: Using ep0 maxpacket: 16 [ 37.112678][ T28] audit: type=1400 audit(1733167947.492:294): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.136393][ T28] audit: type=1400 audit(1733167947.492:295): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.160474][ T894] usb 4-1: unable to get BOS descriptor or descriptor too short [ 37.168785][ T894] usb 4-1: config 0 has no interfaces? [ 37.178900][ T894] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 37.188160][ T894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.196342][ T894] usb 4-1: Product: syz [ 37.200658][ T894] usb 4-1: Manufacturer: syz [ 37.205119][ T894] usb 4-1: SerialNumber: syz [ 37.210638][ T894] usb 4-1: config 0 descriptor?? [ 37.341669][ T1193] syz.0.364 (1193) used greatest stack depth: 20968 bytes left [ 37.377252][ T1197] loop0: detected capacity change from 0 to 512 [ 37.384130][ T1197] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 37.394490][ T1197] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c019, mo2=0002] [ 37.402724][ T1197] System zones: 1-12 [ 37.407557][ T1197] EXT4-fs (loop0): 1 truncate cleaned up [ 37.413187][ T1197] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 37.419637][ T894] usb 4-1: USB disconnect, device number 4 [ 37.438455][ T290] EXT4-fs (loop0): unmounting filesystem. [ 37.626897][ T28] audit: type=1400 audit(1733167948.042:296): avc: denied { watch watch_reads } for pid=1218 comm="syz.0.375" path="/86/file0" dev="tmpfs" ino=462 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 37.947395][ T1228] netlink: 24 bytes leftover after parsing attributes in process `syz.3.379'. [ 37.956271][ T1228] netlink: 24 bytes leftover after parsing attributes in process `syz.3.379'. [ 37.965012][ T19] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 37.971856][ T1228] netlink: 16 bytes leftover after parsing attributes in process `syz.3.379'. [ 37.982214][ T298] snd-usb-audio: probe of 3-1:222.0 failed with error -2 [ 37.996684][ T538] udevd[538]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:222.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 38.039829][ T320] Bluetooth: hci0: Frame reassembly failed (-84) [ 38.040690][ T28] audit: type=1400 audit(1733167948.462:297): avc: denied { ioctl } for pid=1233 comm="syz.4.382" path="socket:[20564]" dev="sockfs" ino=20564 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 38.169827][ T1103] usb 3-1: USB disconnect, device number 3 [ 38.189978][ T19] usb 1-1: Using ep0 maxpacket: 8 [ 38.199993][ T19] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 38.208234][ T19] usb 1-1: config 179 has no interface number 0 [ 38.214564][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 38.226120][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 38.237580][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 38.248808][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 38.260335][ T19] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 38.273493][ T19] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 38.285168][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.293355][ T1240] device wireguard0 entered promiscuous mode [ 38.297611][ T1226] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 38.527576][ T19] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input8 [ 38.543986][ T1249] loop5: detected capacity change from 0 to 512 [ 38.581825][ T1249] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 38.590709][ T1249] ext4 filesystem being mounted at /55/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 38.610486][ T1249] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #2: comm syz.5.389: corrupted inode contents [ 38.627139][ T1249] EXT4-fs error (device loop5): ext4_dirty_inode:6091: inode #2: comm syz.5.389: mark_inode_dirty error [ 38.639554][ T1249] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #2: comm syz.5.389: corrupted inode contents [ 38.652483][ T1249] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #2: comm syz.5.389: mark_inode_dirty error [ 38.677367][ T673] EXT4-fs (loop5): unmounting filesystem. [ 38.732851][ T1226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.742864][ T1226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.773472][ T1262] loop2: detected capacity change from 0 to 512 [ 38.782616][ T1262] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 38.794663][ T1262] EXT4-fs (loop2): invalid journal inode [ 38.800425][ T1262] EXT4-fs (loop2): can't get journal size [ 38.814415][ T1262] EXT4-fs (loop2): 1 truncate cleaned up [ 38.822565][ T1262] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 38.833613][ T1262] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 3 (only 1 groups) [ 38.854630][ T292] EXT4-fs (loop2): unmounting filesystem. [ 38.940751][ T1275] device wireguard0 entered promiscuous mode [ 38.967023][ T303] usb 1-1: USB disconnect, device number 6 [ 38.972731][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 38.972769][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 38.990564][ T303] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 39.091377][ T1278] loop5: detected capacity change from 0 to 40427 [ 39.098137][ T1278] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 39.106295][ T1278] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 39.115464][ T1278] F2FS-fs (loop5): invalid crc value [ 39.122555][ T1278] F2FS-fs (loop5): Found nat_bits in checkpoint [ 39.150029][ T1103] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 39.163652][ T1278] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 39.170625][ T1278] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 39.202111][ T8] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 39.211311][ T8] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 39.330023][ T1103] usb 4-1: Using ep0 maxpacket: 8 [ 39.335956][ T1103] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 39.344836][ T1103] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.360828][ T1103] usb 4-1: config 0 descriptor?? [ 39.632479][ T1308] device wireguard0 entered promiscuous mode [ 40.010006][ T298] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 40.079978][ T357] Bluetooth: hci0: command 0x1003 tx timeout [ 40.080029][ T342] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 40.091879][ T1234] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 40.133568][ T1329] xt_hashlimit: size too large, truncated to 1048576 [ 40.209972][ T298] usb 3-1: Using ep0 maxpacket: 8 [ 40.220848][ T298] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 40.228932][ T298] usb 3-1: config 179 has no interface number 0 [ 40.248050][ T298] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 40.265388][ T298] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 40.286359][ T298] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 40.297652][ T298] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 40.309560][ T298] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 40.323028][ T298] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 40.341052][ T298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.362914][ T1320] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 40.373728][ T1103] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 40.384187][ T19] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 40.397007][ T1103] asix: probe of 4-1:0.0 failed with error -71 [ 40.409941][ T1103] usb 4-1: USB disconnect, device number 5 [ 40.589952][ T19] usb 6-1: Using ep0 maxpacket: 16 [ 40.596079][ T19] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.604813][ T298] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input9 [ 40.620396][ T19] usb 6-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 40.629786][ T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.637868][ T19] usb 6-1: Product: syz [ 40.642076][ T19] usb 6-1: Manufacturer: syz [ 40.646544][ T19] usb 6-1: SerialNumber: syz [ 40.660050][ T19] usb 6-1: config 0 descriptor?? [ 40.690003][ T6] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 40.826007][ T1320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.835295][ T1320] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.901057][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.920216][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.940106][ T6] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 40.954572][ T1342] loop0: detected capacity change from 0 to 131072 [ 40.959919][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.978608][ T6] usb 5-1: config 0 descriptor?? [ 41.001032][ T1342] F2FS-fs (loop0): Found nat_bits in checkpoint [ 41.051204][ T894] usb 3-1: USB disconnect, device number 4 [ 41.056903][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 41.056943][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 41.073871][ T19] usb 6-1: Found UVC 0.00 device syz (045e:0721) [ 41.081268][ T19] usb 6-1: No valid video chain found. [ 41.087148][ T894] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 41.099171][ T1342] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 41.118036][ T19] usb 6-1: USB disconnect, device number 3 [ 41.166894][ T1342] F2FS-fs (loop0): lookup inode (7) has corrupted xattr [ 41.174354][ T1342] F2FS-fs (loop0): lookup inode (7) has corrupted xattr [ 41.181664][ T28] audit: type=1400 audit(1733170529.601:298): avc: denied { setattr } for pid=1341 comm="syz.0.425" name="file1" dev="loop0" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 41.212817][ T1342] F2FS-fs (loop0): list inode (7) has corrupted xattr [ 41.302277][ T1363] netlink: 'syz.3.435': attribute type 15 has an invalid length. [ 41.310429][ T1363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.435'. [ 41.357407][ T28] audit: type=1400 audit(1733170529.771:299): avc: denied { audit_write } for pid=1366 comm="syz.3.437" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 41.435609][ T6] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 41.450320][ T6] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 41.460360][ T6] samsung 0003:0419:0600.0003: unknown main item tag 0x1 [ 41.467247][ T6] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 41.474888][ T6] samsung 0003:0419:0600.0003: unknown main item tag 0x0 [ 41.483621][ T6] samsung 0003:0419:0600.0003: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.4-1/input0 [ 41.642391][ T894] usb 5-1: USB disconnect, device number 3 [ 41.939807][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 41.948528][ T298] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 42.153240][ T298] usb 4-1: Using ep0 maxpacket: 8 [ 42.159450][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.159735][ C0] ================================================================== [ 42.178035][ C0] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10 [ 42.184889][ C0] Write of size 8 at addr ffff888112fe8a00 by task syz-executor/293 [ 42.192717][ C0] [ 42.194869][ C0] CPU: 0 PID: 293 Comm: syz-executor Not tainted 6.1.115-syzkaller-00042-gcdea241bf6f9 #0 [ 42.204586][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 42.214482][ C0] Call Trace: [ 42.217612][ C0] [ 42.220298][ C0] dump_stack_lvl+0x151/0x1b7 [ 42.224813][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 42.230191][ C0] ? _printk+0xd1/0x111 [ 42.234185][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 42.239131][ C0] print_report+0x158/0x4e0 [ 42.243469][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 42.248417][ C0] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 42.254492][ C0] ? __run_timers+0x34a/0xa10 [ 42.259005][ C0] kasan_report+0x13c/0x170 [ 42.263347][ C0] ? __run_timers+0x34a/0xa10 [ 42.267860][ C0] __asan_report_store8_noabort+0x17/0x20 [ 42.273425][ C0] __run_timers+0x34a/0xa10 [ 42.277754][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 42.282791][ C0] ? calc_index+0x270/0x270 [ 42.287130][ C0] ? sched_clock+0x9/0x10 [ 42.291290][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 42.295982][ C0] run_timer_softirq+0x69/0xf0 [ 42.300578][ C0] handle_softirqs+0x1db/0x650 [ 42.305182][ C0] __irq_exit_rcu+0x52/0xf0 [ 42.309518][ C0] irq_exit_rcu+0x9/0x10 [ 42.313602][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 42.319066][ C0] [ 42.321842][ C0] [ 42.324621][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 42.330436][ C0] RIP: 0010:copy_page_range+0x274f/0x2ed0 [ 42.335990][ C0] Code: ee 0f 84 16 02 00 00 e8 7f 0d c5 ff e9 87 e6 ff ff 48 8b bc 24 d8 00 00 00 48 8b 74 24 68 e8 a8 c6 ff ff 41 89 c6 31 ff 89 c6 0c 11 c5 ff 45 85 f6 0f 85 e3 02 00 00 e8 4e 0d c5 ff e9 b1 e6 [ 42.355430][ C0] RSP: 0018:ffffc9000db675c0 EFLAGS: 00000246 [ 42.361438][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 42.369317][ C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 42.377130][ C0] RBP: ffffc9000db67950 R08: dffffc0000000000 R09: ffffed102661fa8d [ 42.384942][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 42.392756][ C0] R13: 00007f673e7faf00 R14: 0000000000000000 R15: 1ffff11021ea3df2 [ 42.400597][ C0] ? pfn_valid+0x1e0/0x1e0 [ 42.404817][ C0] ? mas_wr_store_entry+0x445/0x690 [ 42.409879][ C0] ? mas_store+0x258/0x400 [ 42.414240][ C0] ? mas_empty_area_rev+0x17f0/0x17f0 [ 42.419442][ C0] ? rwsem_write_trylock+0x153/0x340 [ 42.424563][ C0] copy_mm+0x10ee/0x1bc0 [ 42.428639][ C0] ? copy_signal+0x650/0x650 [ 42.433064][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 42.437765][ C0] ? __init_rwsem+0x130/0x240 [ 42.442383][ C0] ? copy_signal+0x503/0x650 [ 42.447426][ C0] copy_process+0x12b6/0x3530 [ 42.452042][ C0] ? idle_dummy+0x10/0x10 [ 42.456202][ C0] ? __count_memcg_events+0x91/0xe0 [ 42.461243][ C0] kernel_clone+0x229/0x890 [ 42.465574][ C0] ? create_io_thread+0x180/0x180 [ 42.470438][ C0] __x64_sys_clone+0x231/0x280 [ 42.475035][ C0] ? __do_sys_vfork+0x110/0x110 [ 42.479724][ C0] ? exit_to_user_mode_prepare+0x39/0xa0 [ 42.485187][ C0] ? irqentry_exit_to_user_mode+0xe/0x10 [ 42.490656][ C0] ? irqentry_exit+0x12/0x40 [ 42.495084][ C0] x64_sys_call+0x1b0/0x9a0 [ 42.499423][ C0] do_syscall_64+0x3b/0xb0 [ 42.503675][ C0] ? clear_bhb_loop+0x55/0xb0 [ 42.508187][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.513959][ C0] RIP: 0033:0x7f673f776793 [ 42.518172][ C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 42.537610][ C0] RSP: 002b:00007ffdf60775b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 42.545943][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f673f776793 [ 42.553761][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 42.561565][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 42.569375][ C0] R10: 00005555717457d0 R11: 0000000000000246 R12: 0000000000000001 [ 42.577296][ C0] R13: 000000000000a3cc R14: 0000000000009daa R15: 00007ffdf6077740 [ 42.585111][ C0] [ 42.587972][ C0] [ 42.590141][ C0] Allocated by task 1234: [ 42.594307][ C0] kasan_set_track+0x4b/0x70 [ 42.598735][ C0] kasan_save_alloc_info+0x1f/0x30 [ 42.603815][ C0] __kasan_kmalloc+0x9c/0xb0 [ 42.608244][ C0] __kmalloc+0xb4/0x1e0 [ 42.612226][ C0] hci_alloc_dev_priv+0x27/0x1c00 [ 42.617094][ C0] hci_uart_tty_ioctl+0x401/0xa70 [ 42.621947][ C0] tty_ioctl+0x903/0xc50 [ 42.626039][ C0] __se_sys_ioctl+0x114/0x190 [ 42.630630][ C0] __x64_sys_ioctl+0x7b/0x90 [ 42.635054][ C0] x64_sys_call+0x98/0x9a0 [ 42.639305][ C0] do_syscall_64+0x3b/0xb0 [ 42.643567][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.649287][ C0] [ 42.651698][ C0] Freed by task 1234: [ 42.655611][ C0] kasan_set_track+0x4b/0x70 [ 42.660043][ C0] kasan_save_free_info+0x2b/0x40 [ 42.664892][ C0] ____kasan_slab_free+0x131/0x180 [ 42.669840][ C0] __kasan_slab_free+0x11/0x20 [ 42.674435][ C0] __kmem_cache_free+0x21d/0x410 [ 42.679209][ C0] kfree+0x7a/0xf0 [ 42.682764][ C0] hci_release_dev+0x14d3/0x1640 [ 42.687539][ C0] bt_host_release+0x83/0xa0 [ 42.691972][ C0] device_release+0x95/0x1c0 [ 42.696397][ C0] kobject_put+0x178/0x260 [ 42.700651][ C0] put_device+0x1f/0x30 [ 42.704639][ C0] hci_dev_cmd+0x2be/0x9b0 [ 42.708891][ C0] hci_sock_ioctl+0x415/0x7f0 [ 42.713404][ C0] sock_do_ioctl+0x152/0x450 [ 42.717831][ C0] sock_ioctl+0x455/0x740 [ 42.721998][ C0] __se_sys_ioctl+0x114/0x190 [ 42.726627][ C0] __x64_sys_ioctl+0x7b/0x90 [ 42.731045][ C0] x64_sys_call+0x98/0x9a0 [ 42.735299][ C0] do_syscall_64+0x3b/0xb0 [ 42.739557][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.745276][ C0] [ 42.747449][ C0] Last potentially related work creation: [ 42.753005][ C0] kasan_save_stack+0x3b/0x60 [ 42.757516][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 42.762724][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 42.768363][ C0] insert_work+0x56/0x310 [ 42.772529][ C0] __queue_work+0x9b6/0xd70 [ 42.776869][ C0] queue_work_on+0x105/0x170 [ 42.781293][ C0] __hci_cmd_sync_sk+0xc2a/0xf70 [ 42.786078][ C0] hci_cmd_sync_status+0x52/0x130 [ 42.790930][ C0] hci_dev_cmd+0x771/0x9b0 [ 42.795191][ C0] hci_sock_ioctl+0x415/0x7f0 [ 42.799697][ C0] sock_do_ioctl+0x152/0x450 [ 42.804125][ C0] sock_ioctl+0x455/0x740 [ 42.808296][ C0] __se_sys_ioctl+0x114/0x190 [ 42.812805][ C0] __x64_sys_ioctl+0x7b/0x90 [ 42.817227][ C0] x64_sys_call+0x98/0x9a0 [ 42.821480][ C0] do_syscall_64+0x3b/0xb0 [ 42.825734][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.831460][ C0] [ 42.833632][ C0] Second to last potentially related work creation: [ 42.840053][ C0] kasan_save_stack+0x3b/0x60 [ 42.844568][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 42.849806][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 42.855416][ C0] insert_work+0x56/0x310 [ 42.859580][ C0] __queue_work+0x9b6/0xd70 [ 42.863922][ C0] queue_work_on+0x105/0x170 [ 42.868346][ C0] hci_cmd_timeout+0x199/0x200 [ 42.872948][ C0] process_one_work+0x73d/0xcb0 [ 42.877634][ C0] worker_thread+0xa60/0x1260 [ 42.882148][ C0] kthread+0x26d/0x300 [ 42.886054][ C0] ret_from_fork+0x1f/0x30 [ 42.890306][ C0] [ 42.892475][ C0] The buggy address belongs to the object at ffff888112fe8000 [ 42.892475][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 42.906362][ C0] The buggy address is located 2560 bytes inside of [ 42.906362][ C0] 8192-byte region [ffff888112fe8000, ffff888112fea000) [ 42.919641][ C0] [ 42.921810][ C0] The buggy address belongs to the physical page: [ 42.928063][ C0] page:ffffea00044bfa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112fe8 [ 42.938128][ C0] head:ffffea00044bfa00 order:3 compound_mapcount:0 compound_pincount:0 [ 42.946288][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 42.952198][ C0] raw: 4000000000010200 ffffea0004407000 dead000000000002 ffff888100043500 [ 42.960614][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 42.969290][ C0] page dumped because: kasan: bad access detected [ 42.975544][ C0] page_owner tracks the page as allocated [ 42.981098][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 758, tgid 757 (syz.0.184), ts 30126249085, free_ts 29980784448 [ 43.003349][ C0] post_alloc_hook+0x213/0x220 [ 43.007940][ C0] prep_new_page+0x1b/0x110 [ 43.012276][ C0] get_page_from_freelist+0x2980/0x2a10 [ 43.017660][ C0] __alloc_pages+0x234/0x610 [ 43.022083][ C0] alloc_slab_page+0x6c/0xf0 [ 43.026512][ C0] new_slab+0x90/0x3e0 [ 43.030418][ C0] ___slab_alloc+0x6f9/0xb80 [ 43.034843][ C0] __slab_alloc+0x5d/0xa0 [ 43.039010][ C0] __kmem_cache_alloc_node+0x207/0x2a0 [ 43.044304][ C0] __kmalloc_node+0xa3/0x1e0 [ 43.048732][ C0] get_callchain_buffers+0x166/0x350 [ 43.053850][ C0] check_helper_call+0x606b/0x6de0 [ 43.058796][ C0] do_check+0x74bc/0xe040 [ 43.062964][ C0] do_check_common+0x6ca/0xca0 [ 43.067566][ C0] bpf_check+0x6d0d/0x17ec0 [ 43.071923][ C0] bpf_prog_load+0x1304/0x1bf0 [ 43.076502][ C0] page last free stack trace: [ 43.081016][ C0] free_unref_page_prepare+0x83d/0x850 [ 43.086312][ C0] free_unref_page+0xb2/0x5c0 [ 43.090839][ C0] __free_pages+0x61/0xf0 [ 43.094991][ C0] __free_slab+0xce/0x1a0 [ 43.099158][ C0] discard_slab+0x29/0x40 [ 43.104017][ C0] __slab_free+0x205/0x280 [ 43.108275][ C0] ___cache_free+0xc6/0xd0 [ 43.112657][ C0] qlist_free_all+0xc5/0x140 [ 43.117067][ C0] kasan_quarantine_reduce+0x15a/0x180 [ 43.122471][ C0] __kasan_slab_alloc+0x24/0x80 [ 43.127480][ C0] slab_post_alloc_hook+0x53/0x2c0 [ 43.132509][ C0] __kmem_cache_alloc_node+0x193/0x2a0 [ 43.137972][ C0] __kmalloc_node+0xa3/0x1e0 [ 43.142385][ C0] __vmalloc_node_range+0x556/0x1560 [ 43.147593][ C0] dup_task_struct+0x3d6/0x7d0 [ 43.152338][ C0] copy_process+0x5c3/0x3530 [ 43.156768][ C0] [ 43.158927][ C0] Memory state around the buggy address: [ 43.164400][ C0] ffff888112fe8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.172307][ C0] ffff888112fe8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.180203][ C0] >ffff888112fe8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.188100][ C0] ^ [ 43.192001][ C0] ffff888112fe8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.199905][ C0] ffff888112fe8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.207791][ C0] ================================================================== [ 43.215690][ C0] Disabling lock debugging due to kernel taint [ 43.221748][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 43.223029][ T298] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 43.233225][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 43.233247][ C0] CPU: 0 PID: 293 Comm: syz-executor Tainted: G B 6.1.115-syzkaller-00042-gcdea241bf6f9 #0 [ 43.233271][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 43.233282][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 43.242462][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.249637][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6 [ 43.249660][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 43.249681][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810e6fbcc0 [ 43.261971][ T298] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 43.270720][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 43.270740][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007 [ 43.270753][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888112fe89c8 [ 43.270770][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888112fe89e0 [ 43.275912][ T298] usb 4-1: config 135 has no interface number 0 [ 43.285384][ C0] FS: 0000555571745500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 43.285406][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.285421][ C0] CR2: 00007f67404756c0 CR3: 000000012f185000 CR4: 00000000003506b0 [ 43.304999][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 43.310819][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.310835][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.310848][ C0] Call Trace: [ 43.310855][ C0] [ 43.318782][ T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 43.328783][ C0] ? __die_body+0x62/0xb0 [ 43.328812][ C0] ? die_addr+0x9f/0xd0 [ 43.328832][ C0] ? exc_general_protection+0x317/0x4c0 [ 43.336671][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.344409][ C0] ? asm_exc_general_protection+0x27/0x30 [ 43.344447][ C0] ? __queue_work+0x28b/0xd70 [ 43.352311][ T298] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 43.360029][ C0] ? __queue_work+0x4f1/0xd70 [ 43.360063][ C0] ? __queue_work+0x29c/0xd70 [ 43.370972][ T298] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 43.374878][ C0] delayed_work_timer_fn+0x61/0x80 [ 43.381790][ T24] usb 3-1: config 0 descriptor?? [ 43.389107][ C0] ? queue_work_node+0x1d0/0x1d0 [ 43.401884][ T298] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.409674][ C0] call_timer_fn+0x3b/0x2d0 [ 43.409711][ C0] ? queue_work_node+0x1d0/0x1d0 [ 43.417539][ T298] usb 4-1: Product: syz [ 43.420606][ C0] __run_timers+0x756/0xa10 [ 43.420647][ C0] ? calc_index+0x270/0x270 [ 43.423342][ T298] usb 4-1: Manufacturer: syz [ 43.432189][ C0] ? sched_clock+0x9/0x10 [ 43.432224][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 43.432246][ C0] run_timer_softirq+0x69/0xf0 [ 43.436499][ T298] usb 4-1: SerialNumber: syz [ 43.440313][ C0] handle_softirqs+0x1db/0x650 [ 43.440349][ C0] __irq_exit_rcu+0x52/0xf0 [ 43.440373][ C0] irq_exit_rcu+0x9/0x10 [ 43.451521][ T298] usb 4-1: Found UVC 0.00 device syz (18ec:3288) [ 43.453505][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 43.459128][ T298] usb 4-1: No valid video chain found. [ 43.463570][ C0] [ 43.463585][ C0] [ 43.463592][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 43.602705][ C0] RIP: 0010:copy_page_range+0x274f/0x2ed0 [ 43.608253][ C0] Code: ee 0f 84 16 02 00 00 e8 7f 0d c5 ff e9 87 e6 ff ff 48 8b bc 24 d8 00 00 00 48 8b 74 24 68 e8 a8 c6 ff ff 41 89 c6 31 ff 89 c6 0c 11 c5 ff 45 85 f6 0f 85 e3 02 00 00 e8 4e 0d c5 ff e9 b1 e6 [ 43.627814][ C0] RSP: 0018:ffffc9000db675c0 EFLAGS: 00000246 [ 43.633838][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 43.641648][ C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 43.649457][ C0] RBP: ffffc9000db67950 R08: dffffc0000000000 R09: ffffed102661fa8d [ 43.657264][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 43.665075][ C0] R13: 00007f673e7faf00 R14: 0000000000000000 R15: 1ffff11021ea3df2 [ 43.672912][ C0] ? pfn_valid+0x1e0/0x1e0 [ 43.677141][ C0] ? mas_wr_store_entry+0x445/0x690 [ 43.682176][ C0] ? mas_store+0x258/0x400 [ 43.686435][ C0] ? mas_empty_area_rev+0x17f0/0x17f0 [ 43.691632][ C0] ? rwsem_write_trylock+0x153/0x340 [ 43.696766][ C0] copy_mm+0x10ee/0x1bc0 [ 43.700840][ C0] ? copy_signal+0x650/0x650 [ 43.705265][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 43.709866][ C0] ? __init_rwsem+0x130/0x240 [ 43.714375][ C0] ? copy_signal+0x503/0x650 [ 43.718802][ C0] copy_process+0x12b6/0x3530 [ 43.723322][ C0] ? idle_dummy+0x10/0x10 [ 43.727486][ C0] ? __count_memcg_events+0x91/0xe0 [ 43.732515][ C0] kernel_clone+0x229/0x890 [ 43.736974][ C0] ? create_io_thread+0x180/0x180 [ 43.741835][ C0] __x64_sys_clone+0x231/0x280 [ 43.746604][ C0] ? __do_sys_vfork+0x110/0x110 [ 43.751296][ C0] ? exit_to_user_mode_prepare+0x39/0xa0 [ 43.756762][ C0] ? irqentry_exit_to_user_mode+0xe/0x10 [ 43.762227][ C0] ? irqentry_exit+0x12/0x40 [ 43.766659][ C0] x64_sys_call+0x1b0/0x9a0 [ 43.770992][ C0] do_syscall_64+0x3b/0xb0 [ 43.775245][ C0] ? clear_bhb_loop+0x55/0xb0 [ 43.779759][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 43.785490][ C0] RIP: 0033:0x7f673f776793 [ 43.789757][ C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 43.809287][ C0] RSP: 002b:00007ffdf60775b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 43.817613][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f673f776793 [ 43.825585][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 43.833397][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 43.841210][ C0] R10: 00005555717457d0 R11: 0000000000000246 R12: 0000000000000001 [ 43.849018][ C0] R13: 000000000000a3cc R14: 0000000000009daa R15: 00007ffdf6077740 [ 43.856834][ C0] [ 43.859691][ C0] Modules linked in: [ 43.863431][ C0] ---[ end trace 0000000000000000 ]--- [ 43.868719][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 43.873839][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6 [ 43.893289][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 43.899182][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810e6fbcc0 [ 43.907000][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 43.914812][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007 [ 43.922618][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888112fe89c8 [ 43.930432][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888112fe89e0 [ 43.938245][ C0] FS: 0000555571745500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 43.947005][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.953438][ C0] CR2: 00007f67404756c0 CR3: 000000012f185000 CR4: 00000000003506b0 [ 43.961335][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.969143][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.976954][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 43.984339][ C0] Kernel Offset: disabled [ 43.988498][ C0] Rebooting in 86400 seconds..