last executing test programs: 4.487262144s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x4000200e}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0xa013, r2, 0xbfd66000) epoll_pwait(r2, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0xd) r4 = openat$kvm(0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4a3, &(0x7f00000005c0)="$eJzs3EFsFFUYAOB/dre0gEhFREHUIhobjS0UFA4mBqOJB02MeNDES9MWghRqaE2EEC2JwaMh8W48evXgVb0ZTyZe8WhiSIjhAngaM7sz2+12t6Xttivu9yVL35t5M+/9O/Nm3s7bJYCeNZT9k0Q8EBHXI2JnLbu4wFDtz51blyfu3ro8EfNpevLvpFrudpbPFdttzzPDpYjSF0nTDmtmL146Oz49PXUhz4/Onft4dPbipRfPnBs/PXV66vzY8eNHjxw+9vLYS6sPqkV9WVy39302s3/vmx9ce3uiUiwfyP82xtEpQzHUqilVz3a6si7b0ZBOKl1sCKtSjojscPVV+//OKIeDB70iTdO0v/3q+bTZlSVLgPtWEt1uAdAdxY0++/xbvOp3/w83fPjRdTdP1D4AZXHfyV+1NZUo5WX6mj7fdtJQRLw//8832Ss26DkEAECjn04UI8Hm8V8p9jSUezCfQxmMiIciYldEPBwRuyPikYhq2Ucj4rGm/Wfjm3SZ+oea8kvHP6Ub6wpwBdn475V8bmvx+K8Y/cVgOc/tiCgGzFOH8vdkOPr6T52Znjq8TB0/v/77V+3WNY7/sldWfzEWzNtxo9L0gG5yfG58zQE3uXklYl+lOf6kEpHUZwKSiNgbEftWsd/BhvSZ57/bX8/0LS63cvxVact5tA5MVaTfRjxXO/7zsej4L9SYLD8/OToQ01OHRrOz4FDLOn797eo77epfMf4f/mze5I1jP55cb9h12fHf1nD+RzF/uxD/YBKR1OdrZ1dfx9U/vmz7mWat5/+W5L1qeku+7NPxubkLhyO2JG8tXT62sG2RL8pn8Q8fbN3/d+XbZO/E4xGRncRPRMSTEfFU3vYDEfF0RBxcJv5fXnvmo7XHv7Gy+CdbXv8WHf+F+fo1JMpnD1y/2+bicW/H/2g1NZwvaX39SxZdIu61gR14CwEAAOA/rxTV7/6XRurpUmlkpPYMaHdsK03PzM69cGrmk/OTtd8IDEZfqXjSVXse3JcUzz8HG/JjTfkj+XPjr8tbq/mRiZnpyW4HDz1ue7XPJ0v6f+avcrdbB2w4P/mB3rVS/99zbZMaAmw693/oXQ39f75NkXnflIH/J/d/6F2t+v/na9gGuL+k+jL0NP0felcl3q2nS11tCbDZ3P+hJ63nd/0rJ9L+1qsGYmnhGNiYZmxtUVdXEtnIqiu1b13LVsX/ptC2TJRWt8P+WLqqHF05Fqf3dPzkT/PvyjetenW9e/5+U/ppq0RXLkcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd928AAAD//7EV3qU=") r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000140)='./file0\x00', r5, &(0x7f0000000340)='./file0\x00') ioctl$KVM_CREATE_VM(r4, 0xc008ae05, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r3}, @ldst={0x1, 0x0, 0x3}]}, &(0x7f0000000d40)='syzkaller\x00'}, 0x90) timer_create(0x3, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f0000000140)={0x2}) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x10, 0x803, 0x4) timer_create(0x3, &(0x7f0000000080)={0x0, 0x0, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000000c0)=0x0) timer_settime(r7, 0x1, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r8 = socket$netlink(0x10, 0x3, 0x9) sendmsg$NFT_BATCH(r8, &(0x7f0000004900)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000001800)={{0x14, 0x3eb}, [], {0x14}}, 0x28}}, 0x0) 4.240609571s ago: executing program 0: r0 = socket(0x10, 0x3, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 2.51992825s ago: executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@migrate={0x9c, 0x11, [{@in6=@loopback, @in=@broadcast, @in=@rand_addr=0x64010101, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0x3506, 0x0, 0xa}, {@in6=@loopback, @in=@broadcast, @in, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, 0xec}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x4, &(0x7f0000001a40)=ANY=[@ANYBLOB="8500000011000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5e96a21a755752f475b6da142c9a8d76287066c51adde96fcc309926fa397fabd5f9810e81ae03737136ea6f7be39cd34d5ae35de38fd5a1173a35c79949c00a7c09cc28d7673294f42a5f0a8321313822c45c0f8612c10b100000000b0d3712c7e93363af3c075ff1e23166a32d95433bb755a2dd576090c4877a7b6393e366c6386d5ec72f1d031f40f3012e9176e51a7f578602f5807785b92a544fc5cc037102124d85cec074c6949e1298901ebb395000000000000977e82c4c90d33ceb7807e116d5c16f5fe47fe5f17f9ab800f4104dbffff0000000000005c6d5d224b64be6c4d04009809000046f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de930a060000846be6277c04b4c5324812696a261be1d0b76f9aad1b62ffffffffdc8dcba00bfbffffffc45b0c52887b5efabf84960ba0e3c4c00356ffebfb19a34268335648e1f822de328c10742a42dca52fb98c1452b6518a6ef7297f7b2744706d27ed0b05b1b9555f419a2f238f173d0cd46dafc7ac5500f53e7309ec91d83cf4080000000029b34b9ff5087b7fa4f0000000000000008b00000000449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5ac04bb2c3dfa8ea63e3cb000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae6c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000008e100000000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c800800000fa978bee51f581d124216e8bd9de040014a223fc991fb08f65f0db98c068be4c6155ec00005410866059475714844a3ea4cbe37e0000000000ef6dc4bd63bb928ff58b3bd2a646a89d172a884dcdb8b9f905e72ce1a66f08c9b385a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1cd57f7b912d31a36f5d2a666537f920a9588a712be006c85db574e951fb65c103024d3c169e3b791e12b3c9905e0810f7ce80fa133c8af5ea4edbcd54e5a01b74f9dc015f5b7811cd7627993dd965a56b2d666f722bc26e3f6fb2163756d68ef7318d3abf910000bd9145909eaf139a2dcb2867a2979efe0b61627dd96f8e698fc5b9ed35bcf2fb9b190c3cf040549a1bbe7ca6adce2dec7c40c628e90b30cc8d8c0b3c6c95e21c7ff037166302e6984285eabb2be5f553e3b54e804b9d8107c026d6f0817f5f65acd608191c2abce2f1ca3869757201b3d7e8d0b5b9697aac79cd2fb8dea8c7615cb4871cea4bcccfa8ec47e7153d3cd682d99fb255fb9ed12bf785612c2049a4d2116da6f3d3d90376cdc4128fcf5b2a7e3e57e6d8a8ebe5b35352ab25b20ccda777a024f7ee1fa7b1fa997815238deb2d5a9517b8fee39152fb7eb335353163664162a460a51857acbf5a5db47a1e220bcf356450d1ab3dd99ddf39bf7db13752b391969d60d1d33607e3a8ba4036f22b2d8ab701b3134bb7c76156f1c19a923da0e070e5a8a16a3590145280a1a5a6d36d382df3d8fd2c868c9a0002157d1378c5e475d415ec1a9a325c03f884ea7bba19d99db9b57beecf3043f5783cc1b811269775b692b17b84bb50a445a5a1784c71eaed809c1d094500007a1fbdfa084751e56844e3f2d1275ce64a003605f4c6b406292cd1d4a20350750957fd6372aa1e4ba3b9efde12a64cc50bd1f1311cd8aa00dd6b23a1dfa8f32ce847e570a3981c4963ebe127a8cbfe3b69e51b3dfe82130c4d84c434c147f62ed0e7d5a98355874deae9b884eaea7e3be4a36c83cf3e102ef27b487be46ca21456c06ff105d38714a882040d6dd0d3362e1b78b396a123b5300a4ca4b7ad8ef42e5bf0726bb7e3ddf1aadadff9be56f758ad309caad9ab4bd27ed3d0b50c621b33ec7789c58948d229b33e8eec64bf0c5ec26ed09b90e708697dff76913a55d1bca689ade1e7377d5c8828bf9ed6bf83c0f3170e2ae135f60527d0e3ec2bd0c05fc8c7451b7c08a42b80f70cdb03ca22777e26be6304a9e2a1497fbd393b788d255e24db9ed51e4397cc3b94641c7981deebe65582abe1e269639513f3e4f269d263a3267d0e9b3a766bdf16d7a54e9420bbd166858836b286df0ff678747fcb790d07c02740c60fd6"], &(0x7f0000000000)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153}, 0x90) r2 = socket(0xa, 0x3, 0x4) sendmmsg$unix(r2, &(0x7f0000001340)=[{{&(0x7f0000000440)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000000b80)=[@rights={{0x10, 0x1, 0x41}}], 0x10}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x44}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff002, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x26c2}, 0x28) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)={0x44, 0x4, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000040}, 0x408a0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@setneightbl={0x24, 0x43, 0x1, 0x0, 0x0, {}, [@NDTA_NAME={0xf, 0x1, '\xaa\xaa\xaa\xaa\xaa\xc47\xa5m\"0'}]}, 0x24}}, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)="a0c5a89ce60256f499e2a69653cbcb71f5961280e94fba6b7b06abd038230909c9a4a90c70b020c59fb623e6633657c21edea9d5292d66e45ee0a0460125002e15b900090d430b486ec3116bff1aec6164b8cfdab145be25441f855f64b93b0bb7a8f020901fc1ac5669430c339329f3d349d2566b678a39657d5c25f71679f0a9765956ebf3f086f005a52f9e93a048b145db0cb94b72c4b07c12c6c6111f2dc16621bd89e5f05202d7b537bb93e26fb72ef066952869238c204b0bce5b4753b1e903950fa9c83ca1bad20e56ed68f7c82e17a1c5652fd6de39b6cce68f635c411c51e6", 0xe4) 2.408721477s ago: executing program 3: r0 = socket(0x200000100000011, 0x803, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000840)="49cd0000cc41b03a83f487b0e64a43c67b95a05e", 0x14, 0x0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14) 2.382185481s ago: executing program 3: r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000001f0001c0"]) 2.206675617s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)) 2.164329604s ago: executing program 3: creat(&(0x7f0000000080)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x0, 0x200000, 0x0, 0x0, 0xfffffffd}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x7fffffff, 0x0, 0xfffffffd}}]}]}}}]}, 0x68}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) 2.136026018s ago: executing program 3: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x10}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.527711059s ago: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xc, 0x4, 0x4, 0x8, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28f"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0xffffff95, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000010000000000000000000000950000000000000046682d562c31aa909594c57a164463536e83a7f6ac12a8b52f0d70aa97a91fa46cdcefe7534fda04cace652409e818c0b1da96d9c9fa8e9523840100cbac3c07a0bf00ff9513b150a632c33ca9a009870000000000000000000000000000002cd50db1486b80ee61ff6ddaa4bf0609a8ef7fd07f4c556489cf61cf8e63e826fff67d3299ca9f9b85cdcd75b85bb1775f4ff03b75aa7b6aa1a7e9a2b91d103d541bce370d9e6810dec2fe8300dc5edf3f6aa43810579aedb7e19fbacb5bd5e5337b507559ca6acc6471ecad2746ab01526ace07000000c1ea01c13a2406007d0efb7e91a9dbde2353f035347270d076c93f1b1a810cb2c7d72ee9ce76e6da15600893bc36f6502f"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x2}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x146d, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0xa, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000600)={&(0x7f00000002c0)="d3bc71306f26ac157c1cbd47e8575e603aac8f3586666ee2b670c6d4f3c9a60086038daf2cc9b6458f2b04e4be2136961e2023e5fb796cc822c4f42c13ca74176fa0c4ed2ad7d5c0219e4ec2230e57de96f50067985c635b6ad38cf75034b5a79f763f871b865f9621d47cbca923879cdadc25ba22c17ec3ce9f6102faee7c4759056541cb11de5a54b63bb1f369cf87238b3fdd40d9980b339b0bf67849350d31c95da86d0e1e3e6f9e648844cf0c2e1c3ab0b63c262271841e307e774ee150e06c092e029bb1c98aae09f50b61f3044dc629f9e8e7a392", &(0x7f0000000500)=""/25, &(0x7f0000000540)="9d6f87aa9d0ff3dcb67d9178abbfbba78e28af71e2923b0827ae175a2a74e4331b869516d163433a6411344449564093c892956df2b0d6875c9e028c51fe412f3a4133f6c043bf7acb805bae15dfe43d753a699c3f080b64c71d2aee2269c58745705502", &(0x7f00000005c0)="ca4309e0eed2966f2c1d", 0x1f, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes\x00', 0x26e1, 0x0) 1.494115345s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300002311f335850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$incfs(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='defcontext=r']) 1.468308058s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 1.372354773s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x8d) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1241, 0x5015, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xa, '9=13'}]}}, 0x0}, 0x0) 966.934124ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) lremovexattr(0x0, 0x0) 934.910039ms ago: executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0) io_setup(0x7ff, &(0x7f0000002080)=0x0) io_pgetevents(r1, 0x1, 0x1, &(0x7f0000000040)=[{}], 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) io_submit(r1, 0x1, &(0x7f0000002540)=[&(0x7f0000002140)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) io_submit(r1, 0x1, &(0x7f00000005c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 776.754052ms ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x0, 0x0, {0x2, 0x1f, 0x0, 0x0, r3}, [@IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_BROADCAST={0x8, 0x4, @loopback}]}, 0x28}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 737.115478ms ago: executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)={0x3d17, 0x0, 0x0, 0x7, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"}) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x2) 690.117805ms ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19) 580.329772ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x5c9c8df6) fallocate(r2, 0x8, 0x0, 0xffffffff000) ioctl$FIBMAP(r2, 0x1, &(0x7f00000000c0)) 407.688608ms ago: executing program 4: r0 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@rand_addr=' \x01\x00', @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x9, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@empty}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b708000000000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket(0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) inotify_init1(0x0) 374.667533ms ago: executing program 4: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, 'WNib'}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0xc0104811, &(0x7f0000000000)) 348.735447ms ago: executing program 2: mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = dup(r2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000002240)='9p_client_req\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}}) 302.514714ms ago: executing program 2: creat(&(0x7f0000000080)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x0, 0x200000, 0x0, 0x0, 0xfffffffd}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x7fffffff, 0x0, 0xfffffffd}}]}]}}}]}, 0x68}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) 278.019828ms ago: executing program 2: r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000001f0001c0"]) 162.543955ms ago: executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@migrate={0x9c, 0x11, [{@in6=@loopback, @in=@broadcast, @in=@rand_addr=0x64010101, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0x3506, 0x0, 0xa}, {@in6=@loopback, @in=@broadcast, @in, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, 0xec}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x4, &(0x7f0000001a40)=ANY=[@ANYBLOB="8500000011000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5e96a21a755752f475b6da142c9a8d76287066c51adde96fcc309926fa397fabd5f9810e81ae03737136ea6f7be39cd34d5ae35de38fd5a1173a35c79949c00a7c09cc28d7673294f42a5f0a8321313822c45c0f8612c10b100000000b0d3712c7e93363af3c075ff1e23166a32d95433bb755a2dd576090c4877a7b6393e366c6386d5ec72f1d031f40f3012e9176e51a7f578602f5807785b92a544fc5cc037102124d85cec074c6949e1298901ebb395000000000000977e82c4c90d33ceb7807e116d5c16f5fe47fe5f17f9ab800f4104dbffff0000000000005c6d5d224b64be6c4d04009809000046f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de930a060000846be6277c04b4c5324812696a261be1d0b76f9aad1b62ffffffffdc8dcba00bfbffffffc45b0c52887b5efabf84960ba0e3c4c00356ffebfb19a34268335648e1f822de328c10742a42dca52fb98c1452b6518a6ef7297f7b2744706d27ed0b05b1b9555f419a2f238f173d0cd46dafc7ac5500f53e7309ec91d83cf4080000000029b34b9ff5087b7fa4f0000000000000008b00000000449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5ac04bb2c3dfa8ea63e3cb000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae6c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000008e100000000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c800800000fa978bee51f581d124216e8bd9de040014a223fc991fb08f65f0db98c068be4c6155ec00005410866059475714844a3ea4cbe37e0000000000ef6dc4bd63bb928ff58b3bd2a646a89d172a884dcdb8b9f905e72ce1a66f08c9b385a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1cd57f7b912d31a36f5d2a666537f920a9588a712be006c85db574e951fb65c103024d3c169e3b791e12b3c9905e0810f7ce80fa133c8af5ea4edbcd54e5a01b74f9dc015f5b7811cd7627993dd965a56b2d666f722bc26e3f6fb2163756d68ef7318d3abf910000bd9145909eaf139a2dcb2867a2979efe0b61627dd96f8e698fc5b9ed35bcf2fb9b190c3cf040549a1bbe7ca6adce2dec7c40c628e90b30cc8d8c0b3c6c95e21c7ff037166302e6984285eabb2be5f553e3b54e804b9d8107c026d6f0817f5f65acd608191c2abce2f1ca3869757201b3d7e8d0b5b9697aac79cd2fb8dea8c7615cb4871cea4bcccfa8ec47e7153d3cd682d99fb255fb9ed12bf785612c2049a4d2116da6f3d3d90376cdc4128fcf5b2a7e3e57e6d8a8ebe5b35352ab25b20ccda777a024f7ee1fa7b1fa997815238deb2d5a9517b8fee39152fb7eb335353163664162a460a51857acbf5a5db47a1e220bcf356450d1ab3dd99ddf39bf7db13752b391969d60d1d33607e3a8ba4036f22b2d8ab701b3134bb7c76156f1c19a923da0e070e5a8a16a3590145280a1a5a6d36d382df3d8fd2c868c9a0002157d1378c5e475d415ec1a9a325c03f884ea7bba19d99db9b57beecf3043f5783cc1b811269775b692b17b84bb50a445a5a1784c71eaed809c1d094500007a1fbdfa084751e56844e3f2d1275ce64a003605f4c6b406292cd1d4a20350750957fd6372aa1e4ba3b9efde12a64cc50bd1f1311cd8aa00dd6b23a1dfa8f32ce847e570a3981c4963ebe127a8cbfe3b69e51b3dfe82130c4d84c434c147f62ed0e7d5a98355874deae9b884eaea7e3be4a36c83cf3e102ef27b487be46ca21456c06ff105d38714a882040d6dd0d3362e1b78b396a123b5300a4ca4b7ad8ef42e5bf0726bb7e3ddf1aadadff9be56f758ad309caad9ab4bd27ed3d0b50c621b33ec7789c58948d229b33e8eec64bf0c5ec26ed09b90e708697dff76913a55d1bca689ade1e7377d5c8828bf9ed6bf83c0f3170e2ae135f60527d0e3ec2bd0c05fc8c7451b7c08a42b80f70cdb03ca22777e26be6304a9e2a1497fbd393b788d255e24db9ed51e4397cc3b94641c7981deebe65582abe1e269639513f3e4f269d263a3267d0e9b3a766bdf16d7a54e9420bbd166858836b286df0ff678747fcb790d07c02740c60fd6"], &(0x7f0000000000)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153}, 0x90) r2 = socket(0xa, 0x3, 0x4) sendmmsg$unix(r2, &(0x7f0000001340)=[{{&(0x7f0000000440)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000000b80)=[@rights={{0x10, 0x1, 0x41}}], 0x10}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x44}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff002, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x26c2}, 0x28) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)={0x44, 0x4, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000040}, 0x408a0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@setneightbl={0x24, 0x43, 0x1, 0x0, 0x0, {}, [@NDTA_NAME={0xf, 0x1, '\xaa\xaa\xaa\xaa\xaa\xc47\xa5m\"0'}]}, 0x24}}, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)="a0c5a89ce60256f499e2a69653cbcb71f5961280e94fba6b7b06abd038230909c9a4a90c70b020c59fb623e6633657c21edea9d5292d66e45ee0a0460125002e15b900090d430b486ec3116bff1aec6164b8cfdab145be25441f855f64b93b0bb7a8f020901fc1ac5669430c339329f3d349d2566b678a39657d5c25f71679f0a9765956ebf3f086f005a52f9e93a048b145db0cb94b72c4b07c12c6c6111f2dc16621bd89e5f05202d7b537bb93e26fb72ef066952869238c204b0bce5b4753b1e903950fa9c83ca1bad20e56ed68f7c82e17a1c5652fd6de39b6cce68f635c411c51e6", 0xe4) 112.166252ms ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='devices.list\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r1, 0x5411, &(0x7f0000000100)) 90.717336ms ago: executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) r1 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000008}) 65.4044ms ago: executing program 2: socket$nl_route(0x10, 0x3, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000200), &(0x7f0000000180), 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) listen(0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5169, &(0x7f0000000440), &(0x7f0000000100), &(0x7f0000000300)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000000)={0x1fe}, 0x0, 0x0) 24.716206ms ago: executing program 1: r0 = socket$inet(0x2, 0x2, 0x1) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) sendmsg$inet(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000900)="0800fa3c2eddf53120", 0x9}, {0x0}], 0x2, &(0x7f0000000a40)=ANY=[], 0x48}, 0x0) 12.323917ms ago: executing program 1: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x1a}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 0s ago: executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000340)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX, @ANYBLOB="00006b746769643d0092", @ANYRES8=r3, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=") kernel console output (not intermixed with test programs): 419:9512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2487 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd38147cee9 code=0x0 [ 63.378812][ T330] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 63.428789][ T1298] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 63.438806][ T2377] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 63.618814][ T330] usb 5-1: Using ep0 maxpacket: 16 [ 63.688807][ T1298] usb 4-1: Using ep0 maxpacket: 16 [ 63.738944][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.749743][ T330] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.759433][ T330] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 63.772052][ T330] usb 5-1: New USB device found, idVendor=05ac, idProduct=029f, bcdDevice= 0.00 [ 63.780925][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.789432][ T330] usb 5-1: config 0 descriptor?? [ 63.798827][ T2377] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.809803][ T2377] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.818865][ T1298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.819499][ T2377] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 63.830265][ T1298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.839809][ T2377] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.848606][ T1298] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 63.857404][ T2377] usb 2-1: config 0 descriptor?? [ 63.868933][ T1298] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 63.868959][ T1298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.869891][ T1298] usb 4-1: config 0 descriptor?? [ 64.119130][ T2513] syz-executor.0[2513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.119389][ T2513] syz-executor.0[2513] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.270100][ T330] apple 0003:05AC:029F.000B: unknown main item tag 0x0 [ 64.288490][ T330] apple 0003:05AC:029F.000B: unknown main item tag 0x0 [ 64.299677][ T330] apple 0003:05AC:029F.000B: hidraw0: USB HID v0.00 Device [HID 05ac:029f] on usb-dummy_hcd.4-1/input0 [ 64.349484][ T2377] holtek_kbd 0003:04D9:A055.000C: unknown global tag 0xd [ 64.356327][ T2377] holtek_kbd 0003:04D9:A055.000C: item 0 0 1 13 parsing failed [ 64.364059][ T2377] holtek_kbd: probe of 0003:04D9:A055.000C failed with error -22 [ 64.370169][ T1298] microsoft 0003:045E:07DA.000D: No inputs registered, leaving [ 64.379347][ T1298] microsoft 0003:045E:07DA.000D: hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 64.390563][ T1298] microsoft 0003:045E:07DA.000D: no inputs found [ 64.396772][ T1298] microsoft 0003:045E:07DA.000D: could not initialize ff, continuing anyway [ 64.472094][ T1298] usb 5-1: USB disconnect, device number 7 [ 64.569847][ T2377] usb 2-1: USB disconnect, device number 4 [ 64.582996][ T566] usb 4-1: USB disconnect, device number 9 [ 65.091436][ T28] audit: type=1400 audit(1717505979.459:9513): avc: denied { write } for pid=2530 comm="syz-executor.4" path="socket:[26963]" dev="sockfs" ino=26963 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 65.129095][ T28] audit: type=1400 audit(1717505979.499:9514): avc: denied { map } for pid=2535 comm="syz-executor.3" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=26422 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 65.158218][ T28] audit: type=1400 audit(1717505979.499:9515): avc: denied { write } for pid=2535 comm="syz-executor.3" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=26422 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 65.817575][ T2570] overlayfs: unrecognized mount option "fsname=*A2:L=SďRq-`T\k|&QzJoI* P_w+ƐRpzx0?{~grȆaԗ[`m4&B'zٸP2|+V(>0yD:{YR?n7Za G1q(Oΐto '<9W=Dou`/MxRn!Nf 1 D Nu$av [ 65.817575][ T2570] ST 23& [ 65.817575][ T2570] 3qN's8RS׍N޿\q؎" or missing value [ 65.888843][ T566] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 66.060755][ T2549] overlayfs: failed to resolve './file1': -2 [ 66.168763][ T566] usb 4-1: Using ep0 maxpacket: 16 [ 66.240309][ T2575] syz-executor.4[2575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.240445][ T2575] syz-executor.4[2575] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.298828][ T566] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.352434][ T566] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.380339][ T566] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 66.393248][ T566] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 66.402236][ T566] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.423054][ T566] usb 4-1: config 0 descriptor?? [ 66.690301][ T28] audit: type=1400 audit(1717505981.059:9516): avc: denied { read } for pid=2584 comm="syz-executor.0" path="socket:[27177]" dev="sockfs" ino=27177 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 66.909823][ T566] microsoft 0003:045E:07DA.000E: No inputs registered, leaving [ 66.917751][ T566] microsoft 0003:045E:07DA.000E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 66.929119][ T566] microsoft 0003:045E:07DA.000E: no inputs found [ 66.935287][ T566] microsoft 0003:045E:07DA.000E: could not initialize ff, continuing anyway [ 66.977612][ T28] audit: type=1400 audit(1717505981.339:9517): avc: denied { connect } for pid=2603 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 67.112365][ T6] usb 4-1: USB disconnect, device number 10 [ 67.200944][ T2612] syz-executor.1[2612] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.201046][ T2612] syz-executor.1[2612] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.640984][ T2614] loop3: detected capacity change from 0 to 256 [ 67.688653][ T2614] syz-executor.3: attempt to access beyond end of device [ 67.688653][ T2614] loop3: rw=2049, sector=256, nr_sectors = 100 limit=256 [ 67.735689][ T2622] input: syz0 as /devices/virtual/input/input16 [ 67.743136][ T28] audit: type=1400 audit(1717505982.109:9518): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=469 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.799210][ T28] audit: type=1400 audit(1717505982.109:9519): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=469 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.883376][ T28] audit: type=1400 audit(1717505982.109:9520): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=469 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.972594][ T2627] loop4: detected capacity change from 0 to 2048 [ 68.122731][ T28] audit: type=1400 audit(1717505982.489:9521): avc: denied { ioctl } for pid=2632 comm="syz-executor.1" path="cgroup:[4026532905]" dev="nsfs" ino=4026532905 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.193974][ T28] audit: type=1326 audit(1717505982.519:9522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2634 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca9487cee9 code=0x7ffc0000 [ 68.264715][ T28] audit: type=1326 audit(1717505982.519:9523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2634 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fca9487cee9 code=0x7ffc0000 [ 68.290643][ T28] audit: type=1326 audit(1717505982.519:9524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2634 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca9487cee9 code=0x7ffc0000 [ 68.328788][ T28] audit: type=1326 audit(1717505982.519:9525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2634 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fca9487cee9 code=0x7ffc0000 [ 68.392599][ T2641] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.399544][ T2641] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.406904][ T2641] device bridge_slave_0 entered promiscuous mode [ 68.413975][ T2641] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.420905][ T2641] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.428223][ T2641] device bridge_slave_1 entered promiscuous mode [ 68.506528][ T2641] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.513518][ T2641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.520611][ T2641] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.527373][ T2641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.561941][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.569872][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.588644][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.620179][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.628178][ T566] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.635023][ T566] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.642268][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.650755][ T566] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.657620][ T566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.665037][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.666503][ T2651] loop0: detected capacity change from 0 to 256 [ 68.673013][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.697773][ T2653] loop3: detected capacity change from 0 to 512 [ 68.704720][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.722090][ T2651] syz-executor.0: attempt to access beyond end of device [ 68.722090][ T2651] loop0: rw=2049, sector=256, nr_sectors = 100 limit=256 [ 68.722205][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.763679][ T2653] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 68.769600][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.779742][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.789234][ T2653] ext4 filesystem being mounted at /root/syzkaller-testdir3591728476/syzkaller.zWoXjE/67/file0 supports timestamps until 2038 (0x7fffffff) [ 68.804453][ T2641] device veth0_vlan entered promiscuous mode [ 68.817007][ T2653] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents [ 68.817324][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.838527][ T2641] device veth1_macvtap entered promiscuous mode [ 68.850396][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.861835][ T2653] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error [ 68.874566][ T2653] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents [ 68.888935][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.899376][ T2653] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz-executor.3: mark_inode_dirty error [ 68.913867][ T2662] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents [ 68.930010][ T2662] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error [ 68.947649][ T2662] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents [ 68.967617][ T2663] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents [ 68.980849][ T2663] EXT4-fs error (device loop3): add_dirent_to_buf:2213: inode #2: comm syz-executor.3: mark_inode_dirty error [ 68.993171][ T567] device bridge_slave_1 left promiscuous mode [ 68.999641][ T567] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.003197][ T2663] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2926: inode #18: comm syz-executor.3: corrupted xattr block 21 [ 69.019337][ T2663] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 69.084648][ T567] device bridge_slave_0 left promiscuous mode [ 69.091474][ T567] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.099957][ T567] device veth1_macvtap left promiscuous mode [ 69.105896][ T567] device veth0_vlan left promiscuous mode [ 69.624128][ T2666] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.631076][ T2666] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.638332][ T2666] device bridge_slave_0 entered promiscuous mode [ 69.653630][ T2666] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.665885][ T2666] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.673383][ T2666] device bridge_slave_1 entered promiscuous mode [ 69.755879][ T2666] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.762852][ T2666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.769966][ T2666] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.776847][ T2666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.778819][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 69.814147][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.822940][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.831165][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.900824][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.909610][ T1298] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.916546][ T1298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.923855][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.931999][ T1298] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.938870][ T1298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.946057][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.953938][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.971151][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.993515][ T2666] device veth0_vlan entered promiscuous mode [ 69.999993][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.008138][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.015890][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.033590][ T2666] device veth1_macvtap entered promiscuous mode [ 70.039985][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 70.048891][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.065541][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.085116][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.158928][ T24] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.174487][ T24] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.298975][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 70.308412][ T24] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 70.319199][ T24] usb 5-1: Product: syz [ 70.323831][ T24] usb 5-1: Manufacturer: syz [ 70.370336][ T24] hub 5-1:4.0: USB hub found [ 70.409753][ T567] device bridge_slave_1 left promiscuous mode [ 70.415764][ T567] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.423653][ T567] device bridge_slave_0 left promiscuous mode [ 70.430193][ T567] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.439695][ T567] device veth1_macvtap left promiscuous mode [ 70.446091][ T567] device veth0_vlan left promiscuous mode [ 70.588884][ T24] hub 5-1:4.0: 2 ports detected [ 70.808850][ T24] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 70.815773][ T24] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 70.849527][ T24] usb 5-1: USB disconnect, device number 8 [ 70.984093][ T2711] loop2: detected capacity change from 0 to 512 [ 71.000139][ T2711] EXT4-fs (loop2): orphan cleanup on readonly fs [ 71.009881][ T2711] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr [ 71.022848][ T2711] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 71.035476][ T2711] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 71.049616][ T2711] EXT4-fs (loop2): unmounting filesystem. [ 71.067211][ T2711] 9pnet_fd: Insufficient options for proto=fd [ 71.080812][ T2711] loop2: detected capacity change from 0 to 512 [ 71.087363][ T2711] EXT4-fs: Ignoring removed nomblk_io_submit option [ 71.096493][ T2711] EXT4-fs (sda1): can't mount with journal_async_commit in data=ordered mode [ 71.274640][ T2736] loop2: detected capacity change from 0 to 2048 [ 71.331425][ T2742] loop4: detected capacity change from 0 to 512 [ 71.358330][ T2742] EXT4-fs (loop4): orphan cleanup on readonly fs [ 71.375659][ T2742] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 71.390541][ T2742] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 71.402905][ T2742] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 71.415481][ T2742] EXT4-fs (loop4): unmounting filesystem. [ 71.440580][ T2742] 9pnet_fd: Insufficient options for proto=fd [ 71.453439][ T2742] loop4: detected capacity change from 0 to 512 [ 71.460538][ T2742] EXT4-fs: Ignoring removed nomblk_io_submit option [ 71.467441][ T2742] EXT4-fs (sda1): can't mount with journal_async_commit in data=ordered mode [ 71.765314][ T2775] loop4: detected capacity change from 0 to 1024 [ 71.775549][ T2775] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 71.787006][ T2775] EXT4-fs error (device loop4): ext4_lookup:1859: inode #2: comm syz-executor.4: deleted inode referenced: 12 [ 71.799220][ T2775] EXT4-fs (loop4): Remounting filesystem read-only [ 71.812178][ T2641] EXT4-fs (loop4): unmounting filesystem. [ 71.858478][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 71.858495][ T28] audit: type=1326 audit(1717505986.219:9559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 71.888404][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 71.902810][ T28] audit: type=1326 audit(1717505986.219:9560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 71.927049][ T28] audit: type=1326 audit(1717505986.219:9561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 71.951148][ T28] audit: type=1326 audit(1717505986.219:9562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 71.975073][ T28] audit: type=1326 audit(1717505986.219:9563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 72.000345][ T28] audit: type=1326 audit(1717505986.259:9564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 72.024978][ T28] audit: type=1326 audit(1717505986.259:9565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f501347cee9 code=0x7ffc0000 [ 72.048966][ T28] audit: type=1326 audit(1717505986.259:9566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f501347a667 code=0x7ffc0000 [ 72.072801][ T28] audit: type=1326 audit(1717505986.259:9567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5013440359 code=0x7ffc0000 [ 72.100109][ T28] audit: type=1326 audit(1717505986.259:9568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2778 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f501347a667 code=0x7ffc0000 [ 72.168880][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 72.242947][ T2801] syz-executor.0[2801] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.243035][ T2801] syz-executor.0[2801] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.259513][ T2801] syz-executor.0[2801] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.271294][ T2801] syz-executor.0[2801] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.288887][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.314662][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.342939][ T2808] input: syz0 as /devices/virtual/input/input18 [ 72.438836][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 72.451112][ T24] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 72.470187][ T24] usb 3-1: Product: syz [ 72.477469][ T24] usb 3-1: Manufacturer: syz [ 72.520297][ T24] hub 3-1:4.0: USB hub found [ 72.738866][ T24] hub 3-1:4.0: 2 ports detected [ 72.958927][ T24] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 72.966058][ T24] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 73.009099][ T24] usb 3-1: USB disconnect, device number 5 [ 73.159037][ T2844] loop0: detected capacity change from 0 to 1024 [ 73.168457][ T2844] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 73.180079][ T2844] EXT4-fs error (device loop0): ext4_lookup:1859: inode #2: comm syz-executor.0: deleted inode referenced: 12 [ 73.191954][ T2844] EXT4-fs (loop0): Remounting filesystem read-only [ 73.205991][ T1809] EXT4-fs (loop0): unmounting filesystem. [ 73.488255][ T2856] loop2: detected capacity change from 0 to 2048 [ 73.780749][ T2869] loop2: detected capacity change from 0 to 1024 [ 73.787796][ T2869] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 73.799428][ T2869] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 73.821072][ T2666] EXT4-fs (loop2): unmounting filesystem. [ 74.228907][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 74.308885][ T2893] overlayfs: failed to resolve './file1': -2 [ 74.478976][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 74.598903][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.614300][ T24] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.779142][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 74.799760][ T24] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 74.851956][ T24] usb 3-1: Product: syz [ 74.873263][ T24] usb 3-1: Manufacturer: syz [ 75.063990][ T24] hub 3-1:4.0: USB hub found [ 75.288844][ T24] hub 3-1:4.0: 2 ports detected [ 75.508972][ T24] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 75.515219][ T24] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 75.549109][ T24] usb 3-1: USB disconnect, device number 6 [ 76.161852][ T2919] syz-executor.2[2919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.161930][ T2919] syz-executor.2[2919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.468349][ T2924] syz-executor.4[2924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.531572][ T2924] syz-executor.4[2924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 76.966445][ T2941] netem: change failed [ 77.125256][ T2947] Illegal XDP return value 4294967282 on prog (id 800) dev N/A, expect packet loss! [ 77.313043][ T2965] cgroup: name respecified [ 77.349160][ T2968] netlink: 3664 bytes leftover after parsing attributes in process `syz-executor.4'. [ 77.450663][ T28] kauditd_printk_skb: 66 callbacks suppressed [ 77.450678][ T28] audit: type=1400 audit(1717505991.819:9635): avc: denied { bind } for pid=2971 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 78.017017][ T2977] syz-executor.4[2977] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.017100][ T2977] syz-executor.4[2977] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 78.160295][ T2981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1547 sclass=netlink_route_socket pid=2981 comm=syz-executor.2 [ 78.226000][ T2981] loop2: detected capacity change from 0 to 1024 [ 78.238926][ T2981] EXT4-fs: Ignoring removed nomblk_io_submit option [ 78.251281][ T2981] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.275794][ T2981] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 78.302488][ T2983] loop0: detected capacity change from 0 to 2048 [ 78.310699][ T2981] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 78.325371][ T2981] System zones: 0-1, 3-36 [ 78.350640][ T2981] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 78.402540][ T2981] xt_CT: You must specify a L4 protocol and not use inversions on it [ 78.446079][ T2666] EXT4-fs (loop2): unmounting filesystem. [ 81.119601][ T3041] serio: Serial port pts0 [ 81.289268][ T28] audit: type=1400 audit(1717505995.659:9636): avc: denied { append } for pid=3048 comm="syz-executor.2" name="event2" dev="devtmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 82.426850][ T3084] serio: Serial port pts0 [ 82.494950][ T3091] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 82.513745][ T3091] Zero length message leads to an empty skb [ 83.008860][ T39] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 83.368833][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.379694][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.389363][ T39] usb 1-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 83.398311][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.406778][ T39] usb 1-1: config 0 descriptor?? [ 83.940403][ T39] itetech 0003:258A:6A88.000F: hidraw0: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.0-1/input0 [ 84.130865][ T24] usb 1-1: USB disconnect, device number 5 [ 84.856094][ T3155] loop0: detected capacity change from 0 to 40427 [ 84.863323][ T3155] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 84.870943][ T3155] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 84.881259][ T3155] F2FS-fs (loop0): Found nat_bits in checkpoint [ 84.898802][ T6] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 84.936960][ T3155] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 84.944131][ T3155] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 84.956514][ T3155] syz-executor.0: attempt to access beyond end of device [ 84.956514][ T3155] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 85.163080][ T3161] syz-executor.0[3161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.163155][ T3161] syz-executor.0[3161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 85.322135][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.368775][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.378356][ T6] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 85.408751][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.429430][ T6] usb 3-1: config 0 descriptor?? [ 85.619412][ T28] audit: type=1400 audit(1717505999.989:9637): avc: denied { write } for pid=3175 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 85.661240][ T3178] tap0: tun_chr_ioctl cmd 1074025673 [ 85.781660][ T28] audit: type=1400 audit(1717506000.149:9638): avc: denied { read write } for pid=3187 comm="syz-executor.0" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 85.811677][ T28] audit: type=1400 audit(1717506000.169:9639): avc: denied { open } for pid=3187 comm="syz-executor.0" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 85.842589][ T3190] loop0: detected capacity change from 0 to 512 [ 85.860930][ T3190] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 85.870119][ T3190] ext4 filesystem being mounted at /root/syzkaller-testdir2348792113/syzkaller.wN7FHd/163/file0 supports timestamps until 2038 (0x7fffffff) [ 85.886561][ T3190] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #2: comm syz-executor.0: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 85.912179][ T1809] EXT4-fs (loop0): unmounting filesystem. [ 85.968770][ T2892] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 86.145943][ T3205] loop0: detected capacity change from 0 to 256 [ 86.328838][ T2892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.348778][ T2892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 86.358522][ T2892] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 86.363079][ T3207] loop0: detected capacity change from 0 to 40427 [ 86.374466][ T3207] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 86.382271][ T3207] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 86.388778][ T2892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.398757][ T2892] usb 5-1: config 0 descriptor?? [ 86.404536][ T3207] F2FS-fs (loop0): Found nat_bits in checkpoint [ 86.453371][ T3207] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 86.460381][ T3207] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 86.481544][ T3207] syz-executor.0: attempt to access beyond end of device [ 86.481544][ T3207] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 86.685543][ T3213] fuse: Unknown parameter '0xffffffffffffffff' [ 86.820160][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0010/input/input19 [ 86.842927][ T6] uclogic 0003:256C:006D.0010: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 86.880631][ T2892] itetech 0003:258A:6A88.0011: hidraw1: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.4-1/input0 [ 87.023627][ T6] usb 3-1: USB disconnect, device number 7 [ 87.083193][ T310] usb 5-1: USB disconnect, device number 9 [ 87.170132][ T3227] serio: Serial port pts0 [ 87.579858][ T3243] fuse: Unknown parameter '0xffffffffffffffff' [ 87.639969][ T3250] netem: change failed [ 87.661720][ T3246] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 87.821256][ T3275] fuse: Unknown parameter '0xffffffffffffffff' [ 87.861848][ T3277] loop4: detected capacity change from 0 to 256 [ 87.894961][ T3277] FAT-fs (loop4): Unrecognized mount option "uid=x+>W0Y0x0000000000000000" or missing value [ 88.088842][ T2892] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 88.518854][ T2892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.534765][ T2892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.546376][ T2892] usb 3-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 88.555315][ T2892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.565697][ T2892] usb 3-1: config 0 descriptor?? [ 88.641926][ T3294] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 88.903107][ T28] audit: type=1400 audit(1717506003.269:9640): avc: denied { mount } for pid=3298 comm="syz-executor.0" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 88.936435][ T28] audit: type=1400 audit(1717506003.299:9641): avc: denied { mounton } for pid=3298 comm="syz-executor.0" path="/root/syzkaller-testdir2348792113/syzkaller.wN7FHd/187/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 88.969587][ T28] audit: type=1400 audit(1717506003.299:9642): avc: denied { unmount } for pid=1809 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 89.070655][ T2892] itetech 0003:258A:6A88.0012: hidraw0: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.2-1/input0 [ 89.221954][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.228997][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.235795][ T28] audit: type=1400 audit(1717506003.599:9643): avc: denied { mount } for pid=3321 comm="syz-executor.4" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 89.258419][ T3317] device bridge_slave_0 entered promiscuous mode [ 89.272799][ T6] usb 3-1: USB disconnect, device number 8 [ 89.278815][ T28] audit: type=1400 audit(1717506003.599:9644): avc: denied { watch } for pid=3321 comm="syz-executor.4" path="/root/syzkaller-testdir2008275327/syzkaller.RufyvI/87/file0" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 89.309102][ T28] audit: type=1400 audit(1717506003.629:9645): avc: denied { unmount } for pid=2641 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 89.309341][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.336110][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.343649][ T3317] device bridge_slave_1 entered promiscuous mode [ 89.414587][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.421469][ T3317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.428569][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.435367][ T3317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.464800][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.472921][ T1298] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.480130][ T1298] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.500173][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.508291][ T1298] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.515159][ T1298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.523263][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.531326][ T1298] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.538166][ T1298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.545389][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.553506][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.571112][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 89.583453][ T3317] device veth0_vlan entered promiscuous mode [ 89.590558][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 89.598455][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 89.606414][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 89.621151][ T3317] device veth1_macvtap entered promiscuous mode [ 89.631465][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 89.646418][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 89.654893][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 89.728789][ T2892] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 89.849997][ T3340] syz-executor.0[3340] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.850066][ T3340] syz-executor.0[3340] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 89.968896][ T2892] usb 5-1: Using ep0 maxpacket: 16 [ 90.098910][ T2892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.125182][ T2892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.202662][ T2892] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 90.405575][ T2892] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 90.424519][ T2892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.442145][ T2892] usb 5-1: config 0 descriptor?? [ 90.929747][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 90.936910][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 90.955407][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 90.973629][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 90.988361][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 90.995457][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 91.002528][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 91.010533][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 91.017627][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 91.024866][ T2892] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 91.033051][ T2892] microsoft 0003:045E:07DA.0013: No inputs registered, leaving [ 91.058864][ T2892] microsoft 0003:045E:07DA.0013: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 91.079084][ T2892] microsoft 0003:045E:07DA.0013: no inputs found [ 91.085397][ T2892] microsoft 0003:045E:07DA.0013: could not initialize ff, continuing anyway [ 91.094592][ T28] audit: type=1400 audit(1717506005.459:9646): avc: denied { setopt } for pid=3366 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 91.134650][ T2892] usb 5-1: USB disconnect, device number 10 [ 91.134839][ T28] audit: type=1400 audit(1717506005.459:9647): avc: denied { connect } for pid=3366 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 91.160950][ T28] audit: type=1400 audit(1717506005.459:9648): avc: denied { write } for pid=3366 comm="syz-executor.2" laddr=fe80::11 lport=1 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 91.183843][ T28] audit: type=1400 audit(1717506005.459:9649): avc: denied { read } for pid=3366 comm="syz-executor.2" laddr=fe80::11 lport=1 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 91.215402][ T3365] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.222474][ T3365] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.229954][ T3365] device bridge_slave_0 entered promiscuous mode [ 91.236692][ T3373] device veth0_vlan left promiscuous mode [ 91.243151][ T3373] device veth0_vlan entered promiscuous mode [ 91.253084][ T3365] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.263342][ T3365] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.276461][ T3365] device bridge_slave_1 entered promiscuous mode [ 91.323484][ T28] audit: type=1400 audit(1717506005.689:9650): avc: denied { append } for pid=3378 comm="syz-executor.2" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 91.390326][ T28] audit: type=1400 audit(1717506005.759:9651): avc: denied { shutdown } for pid=3378 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 91.420101][ T3365] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.426986][ T3365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.434102][ T3365] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.440887][ T3365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.452040][ T567] device bridge_slave_1 left promiscuous mode [ 91.458287][ T567] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.465968][ T567] device bridge_slave_0 left promiscuous mode [ 91.472363][ T567] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.480736][ T567] device veth1_macvtap left promiscuous mode [ 91.486687][ T567] device veth0_vlan left promiscuous mode [ 91.562428][ T3384] SELinux: Context $ is not valid (left unmapped). [ 91.573810][ T28] audit: type=1400 audit(1717506005.939:9652): avc: denied { relabelto } for pid=3383 comm="syz-executor.2" name="/" dev="ramfs" ino=30621 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="$" [ 91.604756][ T28] audit: type=1400 audit(1717506005.939:9653): avc: denied { associate } for pid=3383 comm="syz-executor.2" name="/" dev="ramfs" ino=30621 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 srawcon="$" [ 91.707624][ T28] audit: type=1400 audit(1717506006.069:9654): avc: denied { getopt } for pid=3390 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 91.728136][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.748402][ T3395] sit: Dst spoofed 0.0.0.0/2002::5efe:191.216.165.221 -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:1a9a [ 91.760720][ T2892] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.777650][ T2892] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.800103][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.812367][ T2892] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.819262][ T2892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.829074][ T3398] loop4: detected capacity change from 0 to 128 [ 91.837044][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 91.846556][ T2892] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.853566][ T2892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.932267][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 91.940451][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 91.954561][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 91.967962][ T3365] device veth0_vlan entered promiscuous mode [ 91.974994][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 91.984204][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 91.991625][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 92.249812][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 92.296979][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 92.322722][ T3365] device veth1_macvtap entered promiscuous mode [ 92.336270][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 92.344868][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 92.353621][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 92.377108][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 92.388786][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 92.549337][ T3404] device veth0_vlan left promiscuous mode [ 92.555578][ T3404] device veth0_vlan entered promiscuous mode [ 92.589508][ T3406] syz-executor.2[3406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.589589][ T3406] syz-executor.2[3406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.707527][ T3415] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 92.874726][ T3428] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 92.885742][ T3428] device syzkaller0 entered promiscuous mode [ 92.951027][ T3431] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 92.992785][ T3435] device veth0_vlan left promiscuous mode [ 92.999901][ T3435] device veth0_vlan entered promiscuous mode [ 93.510367][ T3441] syz-executor.2[3441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 93.510448][ T3441] syz-executor.2[3441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 93.591734][ T3445] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 94.022160][ T3465] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 94.077662][ T3471] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 94.100350][ T3473] syz-executor.0[3473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.100429][ T3473] syz-executor.0[3473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.194323][ T3477] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer. [ 94.563533][ T3483] loop2: detected capacity change from 0 to 256 [ 94.573016][ T3483] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 94.602328][ T3485] syz-executor.2[3485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.602408][ T3485] syz-executor.2[3485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.624907][ T3485] syz-executor.2[3485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.636785][ T3485] syz-executor.2[3485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.651544][ T3487] overlayfs: failed to resolve './file1': -2 [ 94.930660][ T3506] device veth0_vlan left promiscuous mode [ 94.936495][ T3506] device veth0_vlan entered promiscuous mode [ 94.943562][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.957507][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.965049][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.138764][ T566] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 95.191323][ T3514] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.198190][ T3514] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.209430][ T3523] xt_TCPMSS: Only works on TCP SYN packets [ 95.228844][ T3514] device bridge_slave_0 entered promiscuous mode [ 95.244604][ T3514] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.258760][ T3514] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.272872][ T3514] device bridge_slave_1 entered promiscuous mode [ 95.388766][ T566] usb 5-1: Using ep0 maxpacket: 16 [ 95.457869][ T3514] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.464780][ T3514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.471878][ T3514] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.478654][ T3514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.508820][ T566] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.531634][ T566] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.552037][ T566] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 95.554531][ T1238] device bridge_slave_1 left promiscuous mode [ 95.564947][ T566] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 95.579918][ T1238] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.586989][ T566] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.595387][ T1238] device bridge_slave_0 left promiscuous mode [ 95.602739][ T566] usb 5-1: config 0 descriptor?? [ 95.607690][ T1238] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.615932][ T1238] device veth1_macvtap left promiscuous mode [ 95.621907][ T1238] device veth0_vlan left promiscuous mode [ 95.782541][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.792142][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 95.809756][ T2892] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.842299][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.851145][ T2892] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.858031][ T2892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.866631][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.875342][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.899492][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.921970][ T3514] device veth0_vlan entered promiscuous mode [ 95.929223][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.937039][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.945383][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.952927][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.966694][ T3514] device veth1_macvtap entered promiscuous mode [ 95.973969][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.982348][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.990473][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 96.007985][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 96.016544][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 96.024996][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 96.033185][ T2892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 96.100051][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.107118][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.120090][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.127287][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.136201][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.143803][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.151009][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.158133][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.165249][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.172433][ T566] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 96.179987][ T566] microsoft 0003:045E:07DA.0014: No inputs registered, leaving [ 96.259011][ T566] microsoft 0003:045E:07DA.0014: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 96.282478][ T566] microsoft 0003:045E:07DA.0014: no inputs found [ 96.301773][ T566] microsoft 0003:045E:07DA.0014: could not initialize ff, continuing anyway [ 96.332261][ T566] usb 5-1: USB disconnect, device number 11 [ 96.434331][ T3553] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 96.875871][ T28] audit: type=1400 audit(1717506011.239:9655): avc: denied { read } for pid=3572 comm="syz-executor.2" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 96.963690][ T28] audit: type=1400 audit(1717506011.279:9656): avc: denied { open } for pid=3572 comm="syz-executor.2" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 97.043311][ T28] audit: type=1400 audit(1717506011.309:9657): avc: denied { remount } for pid=3577 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 97.167410][ T3589] xt_TCPMSS: Only works on TCP SYN packets [ 97.178791][ T566] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 97.418752][ T566] usb 3-1: Using ep0 maxpacket: 8 [ 97.548825][ T566] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.559695][ T566] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 97.569475][ T566] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 97.579184][ T566] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 97.599004][ T2892] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 97.688835][ T566] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 97.697709][ T566] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 97.718798][ T566] usb 3-1: SerialNumber: syz [ 97.723976][ T28] audit: type=1326 audit(1717506012.089:9658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebfa7cee9 code=0x7ffc0000 [ 97.748818][ T3574] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 97.767848][ T28] audit: type=1326 audit(1717506012.109:9659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ebfa7cee9 code=0x7ffc0000 [ 97.769195][ T566] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 97.800570][ T28] audit: type=1326 audit(1717506012.119:9660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebfa7cee9 code=0x7ffc0000 [ 97.818923][ T566] usb-storage 3-1:1.0: USB Mass Storage device detected [ 97.824748][ T28] audit: type=1326 audit(1717506012.119:9661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ebfa7cee9 code=0x7ffc0000 [ 97.855916][ T2892] usb 2-1: Using ep0 maxpacket: 16 [ 97.866916][ T28] audit: type=1326 audit(1717506012.119:9662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ebfa7cee9 code=0x7ffc0000 [ 97.879192][ T566] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 97.891506][ T28] audit: type=1326 audit(1717506012.119:9663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7ebfa7a667 code=0x7ffc0000 [ 97.925739][ T28] audit: type=1326 audit(1717506012.119:9664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3597 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7ebfa40359 code=0x7ffc0000 [ 97.925766][ T566] scsi host1: usb-storage 3-1:1.0 [ 97.978967][ T39] usb 3-1: USB disconnect, device number 9 [ 98.008840][ T2892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.021935][ T2892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.048617][ T2892] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 98.074571][ T2892] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 98.083924][ T2892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.101262][ T2892] usb 2-1: config 0 descriptor?? [ 98.579847][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.587085][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.594431][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.601669][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.608863][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.616005][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.623073][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.630208][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.637336][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.647824][ T2892] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0 [ 98.657549][ T2892] microsoft 0003:045E:07DA.0015: No inputs registered, leaving [ 98.666909][ T39] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 98.688936][ T2892] microsoft 0003:045E:07DA.0015: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 98.700514][ T2892] microsoft 0003:045E:07DA.0015: no inputs found [ 98.710821][ T2892] microsoft 0003:045E:07DA.0015: could not initialize ff, continuing anyway [ 98.918845][ T39] usb 5-1: Using ep0 maxpacket: 32 [ 99.075634][ T2892] usb 2-1: USB disconnect, device number 5 [ 99.158863][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.175262][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.185136][ T39] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.194290][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.214112][ T39] usb 5-1: config 0 descriptor?? [ 99.223328][ T3628] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.237616][ T3628] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.245119][ T3628] device bridge_slave_0 entered promiscuous mode [ 99.253437][ T3628] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.259383][ T39] hub 5-1:0.0: USB hub found [ 99.260392][ T3628] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.273051][ T3628] device bridge_slave_1 entered promiscuous mode [ 99.300352][ T3638] xt_TCPMSS: Only works on TCP SYN packets [ 99.385155][ T3628] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.392079][ T3628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.399166][ T3628] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.405935][ T3628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.470577][ T566] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.478022][ T566] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.478832][ T39] hub 5-1:0.0: 1 port detected [ 99.499842][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.507239][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.545496][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.556497][ T1298] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.563392][ T1298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.584969][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.600395][ T1298] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.607327][ T1298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.639096][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.650340][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.673060][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.694915][ T3628] device veth0_vlan entered promiscuous mode [ 99.707515][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.717817][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.732893][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.755242][ T3628] device veth1_macvtap entered promiscuous mode [ 99.764290][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.777658][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.792792][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.918783][ T2892] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 100.118884][ T24] hub 5-1:0.0: activate --> -90 [ 100.168790][ T2892] usb 3-1: Using ep0 maxpacket: 8 [ 100.288876][ T2892] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.299781][ T2892] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 100.309520][ T2892] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 100.319150][ T2892] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 100.408950][ T2892] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 100.417994][ T2892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 100.433677][ T2892] usb 3-1: SerialNumber: syz [ 100.458873][ T3649] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 100.479447][ T2892] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 100.487309][ T2892] usb-storage 3-1:1.0: USB Mass Storage device detected [ 100.511183][ T2892] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 100.525324][ T2892] scsi host1: usb-storage 3-1:1.0 [ 100.708263][ T310] usb 3-1: USB disconnect, device number 10 [ 100.892545][ T3617] loop4: detected capacity change from 0 to 40427 [ 100.906696][ T3617] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 100.923265][ T3617] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 100.953086][ T3617] F2FS-fs (loop4): Found nat_bits in checkpoint [ 101.055589][ T3617] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 101.066952][ T3617] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 101.134971][ T310] usb 5-1: USB disconnect, device number 12 [ 101.140870][ T566] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 101.272300][ T3700] xt_TCPMSS: Only works on TCP SYN packets [ 101.398788][ T566] usb 1-1: Using ep0 maxpacket: 16 [ 101.516374][ T24] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 101.529430][ T566] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.543629][ T566] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.561114][ T566] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 101.581623][ T566] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 101.597260][ T566] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.610903][ T566] usb 1-1: config 0 descriptor?? [ 101.618811][ T1298] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 101.784806][ T3710] loop4: detected capacity change from 0 to 256 [ 101.797034][ T3710] exfat: Bad value for 'uid' [ 101.836270][ T3710] loop4: detected capacity change from 0 to 512 [ 101.858791][ T1298] usb 3-1: Using ep0 maxpacket: 16 [ 101.924752][ T3719] device pim6reg1 entered promiscuous mode [ 101.964696][ T3723] incfs: Options parsing error. -22 [ 101.969900][ T3723] incfs: mount failed -22 [ 101.989175][ T1298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 102.007726][ T1298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 102.026277][ T1298] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 102.042930][ T1298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.059144][ T1298] usb 3-1: config 0 descriptor?? [ 102.059632][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 102.059737][ T28] audit: type=1400 audit(1717506016.429:9703): avc: denied { getopt } for pid=3725 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 102.100011][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.109365][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.121921][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.133011][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.140378][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.147508][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.154691][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.161882][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.169031][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.176129][ T566] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 102.189931][ T566] microsoft 0003:045E:07DA.0016: No inputs registered, leaving [ 102.206591][ T566] microsoft 0003:045E:07DA.0016: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 102.219148][ T566] microsoft 0003:045E:07DA.0016: no inputs found [ 102.225404][ T566] microsoft 0003:045E:07DA.0016: could not initialize ff, continuing anyway [ 102.303738][ T566] usb 1-1: USB disconnect, device number 6 [ 102.474193][ T3744] syz-executor.1[3744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.474273][ T3744] syz-executor.1[3744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.530055][ T3703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.557240][ T3746] loop1: detected capacity change from 0 to 256 [ 102.558870][ T3703] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.569174][ T3746] exfat: Bad value for 'uid' [ 102.602328][ T1298] hid-generic 0003:0158:0100.0017: unknown main item tag 0x0 [ 102.628771][ T1298] hid-generic 0003:0158:0100.0017: unknown main item tag 0x0 [ 102.636033][ T1298] hid-generic 0003:0158:0100.0017: unknown main item tag 0x0 [ 102.643285][ T1298] hid-generic 0003:0158:0100.0017: unknown main item tag 0x0 [ 102.651059][ T1298] hid-generic 0003:0158:0100.0017: unknown main item tag 0x0 [ 102.658291][ T1298] hid-generic 0003:0158:0100.0017: unknown main item tag 0x0 [ 102.668844][ T1298] hid-generic 0003:0158:0100.0017: item 0 0 0 8 parsing failed [ 102.681727][ T1298] hid-generic: probe of 0003:0158:0100.0017 failed with error -22 [ 102.704439][ T3746] loop1: detected capacity change from 0 to 512 [ 102.820682][ T19] usb 3-1: USB disconnect, device number 11 [ 102.892871][ T3771] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.0'. [ 102.916620][ T28] audit: type=1326 audit(1717506017.279:9704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82e867a667 code=0x7ffc0000 [ 102.941846][ T28] audit: type=1326 audit(1717506017.279:9705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f82e8640359 code=0x7ffc0000 [ 102.969146][ T28] audit: type=1326 audit(1717506017.279:9706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82e867a667 code=0x7ffc0000 [ 102.993117][ T28] audit: type=1326 audit(1717506017.279:9707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f82e8640359 code=0x7ffc0000 [ 103.016887][ T28] audit: type=1326 audit(1717506017.279:9708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82e867a667 code=0x7ffc0000 [ 103.041324][ T28] audit: type=1326 audit(1717506017.279:9709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f82e8640359 code=0x7ffc0000 [ 103.066393][ T28] audit: type=1326 audit(1717506017.279:9710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82e867a667 code=0x7ffc0000 [ 103.105399][ T28] audit: type=1326 audit(1717506017.279:9711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f82e8640359 code=0x7ffc0000 [ 103.136606][ T28] audit: type=1326 audit(1717506017.279:9712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f82e867a667 code=0x7ffc0000 [ 103.425939][ T3803] device pim6reg1 entered promiscuous mode [ 103.657833][ T3812] device syzkaller0 entered promiscuous mode [ 103.687410][ T3799] loop4: detected capacity change from 0 to 40427 [ 103.697377][ T3799] F2FS-fs (loop4): Fix alignment : done, start(4096) end(16896) block(12288) [ 103.735863][ T3799] F2FS-fs (loop4): Found nat_bits in checkpoint [ 103.802408][ T3799] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 105.857047][ T3858] syz-executor.1[3858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.857129][ T3858] syz-executor.1[3858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.871067][ T3858] syz-executor.1[3858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.883382][ T3858] syz-executor.1[3858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.898873][ T19] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 106.178764][ T19] usb 3-1: Using ep0 maxpacket: 8 [ 106.308872][ T19] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.325162][ T19] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 106.372269][ T19] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 106.391669][ T19] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 107.818873][ T19] usb 3-1: string descriptor 0 read error: -71 [ 107.832842][ T19] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 107.843578][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 107.878877][ T19] usb 3-1: can't set config #1, error -71 [ 107.885660][ T19] usb 3-1: USB disconnect, device number 12 [ 108.045390][ T3922] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 108.108606][ T3928] loop4: detected capacity change from 0 to 256 [ 108.130418][ T3928] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 108.163288][ T28] kauditd_printk_skb: 359 callbacks suppressed [ 108.163303][ T28] audit: type=1400 audit(1717506022.529:10072): avc: denied { sqpoll } for pid=3927 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 108.418973][ T19] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 108.909850][ T3943] loop1: detected capacity change from 0 to 128 [ 108.938908][ T19] usb 3-1: Using ep0 maxpacket: 8 [ 109.031923][ T3947] 9pnet: p9_errstr2errno: server reported unknown error [ 109.089079][ T19] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.107190][ T19] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 109.137912][ T19] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 109.148828][ T28] audit: type=1400 audit(1717506023.509:10073): avc: denied { ioctl } for pid=3955 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 109.180940][ T3956] binder: BINDER_SET_CONTEXT_MGR already set [ 109.193370][ T19] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 109.203982][ T3956] binder: 3955:3956 ioctl 4018620d 200001c0 returned -16 [ 109.246065][ T28] audit: type=1400 audit(1717506023.539:10074): avc: denied { set_context_mgr } for pid=3955 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 109.338885][ T19] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 109.350148][ T28] audit: type=1400 audit(1717506023.549:10075): avc: denied { map } for pid=3955 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 109.376426][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 109.418439][ T19] usb 3-1: SerialNumber: syz [ 109.459137][ T3918] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 109.474965][ T3974] 9pnet: p9_errstr2errno: server reported unknown error [ 109.482852][ T19] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 109.491563][ T28] audit: type=1400 audit(1717506023.699:10076): avc: denied { map } for pid=3965 comm="syz-executor.4" path="socket:[34442]" dev="sockfs" ino=34442 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 109.515894][ T19] usb-storage 3-1:1.0: USB Mass Storage device detected [ 109.554982][ T19] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 109.580176][ T19] scsi host1: usb-storage 3-1:1.0 [ 109.607730][ T28] audit: type=1400 audit(1717506023.699:10077): avc: denied { read } for pid=3965 comm="syz-executor.4" path="socket:[34442]" dev="sockfs" ino=34442 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 109.699024][ T28] audit: type=1400 audit(1717506023.799:10078): avc: denied { getopt } for pid=3971 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 109.746878][ T19] usb 3-1: USB disconnect, device number 13 [ 110.672091][ T28] audit: type=1400 audit(1717506023.949:10079): avc: denied { map } for pid=3982 comm="syz-executor.4" path="/dev/ashmem" dev="devtmpfs" ino=177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 110.765229][ T28] audit: type=1400 audit(1717506024.009:10080): avc: denied { call } for pid=3985 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 110.893815][ T28] audit: type=1400 audit(1717506025.039:10081): avc: denied { write } for pid=3989 comm="syz-executor.3" name="net" dev="proc" ino=34573 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 111.185848][ T4025] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 111.201543][ T4025] overlayfs: failed to set xattr on upper [ 111.291356][ T4037] syz-executor.0[4037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.291416][ T4037] syz-executor.0[4037] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.915950][ T39] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 112.517114][ T4081] loop4: detected capacity change from 0 to 40427 [ 112.535755][ T4081] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 112.551050][ T4081] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 112.569051][ T4081] F2FS-fs (loop4): invalid crc value [ 112.592232][ T4081] F2FS-fs (loop4): Mismatch valid blocks 0 vs. 2 [ 112.599319][ T4081] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 112.768105][ T4114] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 112.941665][ T4129] loop4: detected capacity change from 0 to 256 [ 112.988785][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 112.999207][ T4129] FAT-fs (loop4): Directory bread(block 64) failed [ 113.005579][ T4129] FAT-fs (loop4): Directory bread(block 65) failed [ 113.017534][ T4129] FAT-fs (loop4): Directory bread(block 66) failed [ 113.030146][ T4129] FAT-fs (loop4): Directory bread(block 67) failed [ 113.036777][ T4129] FAT-fs (loop4): Directory bread(block 68) failed [ 113.049250][ T4129] FAT-fs (loop4): Directory bread(block 69) failed [ 113.056693][ T4129] FAT-fs (loop4): Directory bread(block 70) failed [ 113.063340][ T4129] FAT-fs (loop4): Directory bread(block 71) failed [ 113.090886][ T4129] FAT-fs (loop4): Directory bread(block 72) failed [ 113.109498][ T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.132570][ T4129] FAT-fs (loop4): Directory bread(block 73) failed [ 113.142452][ T39] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 113.189769][ T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 113.238398][ T39] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 113.358835][ T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 113.367834][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 113.376179][ T39] usb 1-1: SerialNumber: syz [ 113.398867][ T4054] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 113.419221][ T39] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 113.425874][ T39] usb-storage 1-1:1.0: USB Mass Storage device detected [ 113.450202][ T4155] input: syz0 as /devices/virtual/input/input24 [ 113.462800][ T39] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 113.486098][ T39] scsi host1: usb-storage 1-1:1.0 [ 113.541777][ T4165] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 113.558109][ T4165] overlayfs: failed to set xattr on upper [ 113.638307][ T39] usb 1-1: USB disconnect, device number 7 [ 114.350169][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 114.350197][ T28] audit: type=1400 audit(1717506028.719:10089): avc: denied { read } for pid=4206 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 114.399675][ T4209] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 114.417111][ T4209] overlayfs: failed to set xattr on upper [ 114.457977][ T4215] loop0: detected capacity change from 0 to 256 [ 114.543398][ T4215] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 114.679335][ T4241] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 114.693927][ T4241] overlayfs: failed to set xattr on upper [ 114.778444][ T4247] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.785537][ T4247] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.813431][ T4247] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.820344][ T4247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.827448][ T4247] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.834334][ T4247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.841622][ T2377] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 114.880477][ T4247] device bridge0 entered promiscuous mode [ 115.089575][ T2377] usb 5-1: Using ep0 maxpacket: 8 [ 115.131174][ T4270] loop0: detected capacity change from 0 to 256 [ 115.166638][ T4270] FAT-fs (loop0): Directory bread(block 64) failed [ 115.181994][ T4270] FAT-fs (loop0): Directory bread(block 65) failed [ 115.199565][ T4270] FAT-fs (loop0): Directory bread(block 66) failed [ 115.208789][ T4270] FAT-fs (loop0): Directory bread(block 67) failed [ 115.208810][ T2377] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.215213][ T4270] FAT-fs (loop0): Directory bread(block 68) failed [ 115.238028][ T2377] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 115.248817][ T4270] FAT-fs (loop0): Directory bread(block 69) failed [ 115.263938][ T4270] FAT-fs (loop0): Directory bread(block 70) failed [ 115.266976][ T2377] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 115.277393][ T4270] FAT-fs (loop0): Directory bread(block 71) failed [ 115.286219][ T4270] FAT-fs (loop0): Directory bread(block 72) failed [ 115.294557][ T2377] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 115.301841][ T4270] FAT-fs (loop0): Directory bread(block 73) failed [ 115.388842][ T2377] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 115.402057][ T2377] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 115.420198][ T2377] usb 5-1: SerialNumber: syz [ 115.447860][ T4282] syz-executor.0[4282] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.447940][ T4282] syz-executor.0[4282] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.459554][ T4219] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 115.489308][ T2377] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 115.497292][ T2377] usb-storage 5-1:1.0: USB Mass Storage device detected [ 115.509391][ T28] audit: type=1400 audit(1717506029.879:10090): avc: denied { relabelfrom } for pid=4283 comm="syz-executor.3" name="NETLINK" dev="sockfs" ino=36135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 115.539263][ T28] audit: type=1400 audit(1717506029.879:10091): avc: denied { relabelto } for pid=4283 comm="syz-executor.3" name="NETLINK" dev="sockfs" ino=36135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 115.565063][ T2377] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 115.579650][ T2377] scsi host1: usb-storage 5-1:1.0 [ 115.721200][ T4311] device pim6reg1 entered promiscuous mode [ 115.721210][ T2377] usb 5-1: USB disconnect, device number 13 [ 115.839007][ T1090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 115.955870][ T28] audit: type=1400 audit(1717506030.319:10092): avc: denied { create } for pid=4328 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 116.418396][ T4372] loop0: detected capacity change from 0 to 2048 [ 116.441207][ T4372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 116.450028][ T4372] ext4 filesystem being mounted at /root/syzkaller-testdir607120682/syzkaller.7iZeY5/83/bus supports timestamps until 2038 (0x7fffffff) [ 116.493492][ T3365] EXT4-fs (loop0): unmounting filesystem. [ 116.620220][ T4388] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 116.730232][ T4398] overlayfs: failed to get inode (-116) [ 116.737965][ T4398] overlayfs: failed to get inode (-116) [ 116.744904][ T4401] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.752036][ T4401] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.779823][ T4401] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.786710][ T4401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.793855][ T4401] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.800736][ T4401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.818156][ T4378] loop4: detected capacity change from 0 to 40427 [ 116.828160][ T4403] loop2: detected capacity change from 0 to 256 [ 116.835129][ T4378] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 116.835251][ T4401] device bridge0 entered promiscuous mode [ 116.843557][ T4378] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 116.870037][ T4378] F2FS-fs (loop4): invalid crc value [ 116.888341][ T4406] syz-executor.0[4406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 116.888420][ T4406] syz-executor.0[4406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 116.904863][ T4378] F2FS-fs (loop4): Mismatch valid blocks 0 vs. 2 [ 116.929476][ T4378] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 117.618153][ T4472] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 117.967321][ T4480] input: syz0 as /devices/virtual/input/input25 [ 118.197332][ T4465] loop4: detected capacity change from 0 to 40427 [ 118.212802][ T4465] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 118.229218][ T4465] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 118.297127][ T4465] F2FS-fs (loop4): invalid crc value [ 118.329601][ T4465] F2FS-fs (loop4): Mismatch valid blocks 0 vs. 2 [ 118.339461][ T4465] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 118.596876][ T4504] loop4: detected capacity change from 0 to 256 [ 118.655675][ T4504] FAT-fs (loop4): Directory bread(block 64) failed [ 118.679546][ T4504] FAT-fs (loop4): Directory bread(block 65) failed [ 118.703545][ T4504] FAT-fs (loop4): Directory bread(block 66) failed [ 118.725485][ T4504] FAT-fs (loop4): Directory bread(block 67) failed [ 118.756825][ T4504] FAT-fs (loop4): Directory bread(block 68) failed [ 118.774694][ T4504] FAT-fs (loop4): Directory bread(block 69) failed [ 118.793507][ T4504] FAT-fs (loop4): Directory bread(block 70) failed [ 118.813337][ T4504] FAT-fs (loop4): Directory bread(block 71) failed [ 118.831130][ T4504] FAT-fs (loop4): Directory bread(block 72) failed [ 118.850913][ T4504] FAT-fs (loop4): Directory bread(block 73) failed [ 119.419846][ T4548] input: syz0 as /devices/virtual/input/input26 [ 120.011628][ T28] audit: type=1326 audit(1717506034.379:10093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4570 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f71ada7cee9 code=0x0 [ 120.054823][ T4573] loop4: detected capacity change from 0 to 256 [ 120.137145][ T4576] loop4: detected capacity change from 0 to 2048 [ 120.154199][ T4576] EXT4-fs: Ignoring removed mblk_io_submit option [ 120.202523][ T4576] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 120.226172][ T4576] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 234: padding at end of block bitmap is not set [ 120.258154][ T4576] EXT4-fs (loop4): Remounting filesystem read-only [ 120.281648][ T2641] EXT4-fs (loop4): unmounting filesystem. [ 120.365400][ T4587] loop4: detected capacity change from 0 to 128 [ 121.015568][ T4617] syz-executor.1[4617] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.015666][ T4617] syz-executor.1[4617] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.487556][ T4637] loop1: detected capacity change from 0 to 40427 [ 121.506426][ T4637] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 121.514388][ T4637] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 121.527757][ T4637] F2FS-fs (loop1): invalid crc value [ 121.545902][ T4637] F2FS-fs (loop1): Mismatch valid blocks 0 vs. 2 [ 121.552830][ T4637] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-117) [ 121.628811][ T2377] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 121.741714][ T4673] loop0: detected capacity change from 0 to 128 [ 121.878801][ T2377] usb 3-1: Using ep0 maxpacket: 32 [ 121.890051][ T4683] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.896995][ T4683] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.927032][ T4683] device bridge0 left promiscuous mode [ 122.009010][ T2377] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.154197][ T2377] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.195439][ T4683] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.202466][ T4683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.209548][ T4683] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.216397][ T4683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.223729][ T2377] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 122.235823][ T2377] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.244903][ T2377] usb 3-1: config 0 descriptor?? [ 122.249971][ T4683] device bridge0 entered promiscuous mode [ 122.289415][ T2377] hub 3-1:0.0: USB hub found [ 122.378386][ T4706] input: syz0 as /devices/virtual/input/input27 [ 122.394128][ T4709] loop4: detected capacity change from 0 to 256 [ 122.422227][ T4711] netlink: 'syz-executor.3': attribute type 13 has an invalid length. [ 122.485346][ T4715] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.492483][ T4715] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.508820][ T2377] hub 3-1:0.0: 1 port detected [ 122.532889][ T4715] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.539781][ T4715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.546893][ T4715] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.553781][ T4715] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.598746][ T4715] device bridge0 entered promiscuous mode [ 122.771242][ T4731] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 122.772379][ T28] audit: type=1400 audit(1717506037.139:10094): avc: denied { ioctl } for pid=4730 comm="syz-executor.3" path="socket:[38046]" dev="sockfs" ino=38046 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 123.158801][ T2377] hub 3-1:0.0: activate --> -90 [ 123.161389][ T4743] kvm [4742]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x7bf [ 123.217321][ T4743] kvm [4742]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xf2df [ 123.272479][ T4743] kvm [4742]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x4edf [ 123.448773][ T19] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 123.858895][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.880273][ T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 123.882856][ T4657] loop2: detected capacity change from 0 to 40427 [ 123.906198][ T19] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.909962][ T4657] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 123.923968][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.933701][ T4657] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 123.935525][ T19] usb 5-1: config 0 descriptor?? [ 123.964670][ T4657] F2FS-fs (loop2): Found nat_bits in checkpoint [ 124.024522][ T4657] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 124.031609][ T4657] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 124.048995][ T4771] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 124.050713][ T39] usb 3-1: USB disconnect, device number 14 [ 124.064005][ T2377] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 124.113856][ T28] audit: type=1400 audit(1717506038.479:10095): avc: denied { relabelfrom } for pid=4772 comm="syz-executor.3" name="" dev="pipefs" ino=36821 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 124.330495][ T28] audit: type=1400 audit(1717506038.699:10096): avc: denied { remount } for pid=4780 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 124.351202][ T4781] incfs: Can't find or create .index dir in ./file0 [ 124.357691][ T4781] incfs: mount failed -30 [ 124.363023][ T28] audit: type=1400 audit(1717506038.719:10097): avc: denied { mounton } for pid=4780 comm="syz-executor.0" path="/root/syzkaller-testdir607120682/syzkaller.7iZeY5/114/file0" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 124.441168][ T19] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 124.448643][ T19] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving [ 124.459104][ T19] plantronics 0003:047F:FFFF.0018: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 125.229495][ T310] usb 5-1: USB disconnect, device number 14 [ 125.301952][ T4843] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 125.640727][ T4854] loop0: detected capacity change from 0 to 256 [ 125.860679][ T4855] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.892091][ T4855] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.909280][ T4855] device bridge_slave_0 entered promiscuous mode [ 125.914348][ T4871] netlink: 'syz-executor.3': attribute type 13 has an invalid length. [ 125.916438][ T4855] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.930522][ T4855] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.951890][ T4855] device bridge_slave_1 entered promiscuous mode [ 126.044818][ T1298] kernel write not supported for file /uinput (pid: 1298 comm: kworker/0:5) [ 126.072683][ T28] audit: type=1400 audit(1717506040.439:10098): avc: denied { accept } for pid=4882 comm="syz-executor.2" path="socket:[38500]" dev="sockfs" ino=38500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 126.304604][ T4903] netlink: 'syz-executor.4': attribute type 13 has an invalid length. [ 126.325449][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 126.335128][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 126.735092][ T4901] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 126.749014][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.757656][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.773199][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.780094][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.796633][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.811311][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.828571][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.835469][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.855500][ T1298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 126.876505][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 126.886890][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 126.896647][ T4893] loop0: detected capacity change from 0 to 40427 [ 126.905751][ T43] device bridge_slave_1 left promiscuous mode [ 126.912291][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.913958][ T4893] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 126.926759][ T4893] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 126.926979][ T43] device bridge_slave_0 left promiscuous mode [ 126.940846][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.948063][ T4893] F2FS-fs (loop0): invalid crc value [ 126.962214][ T43] device veth1_macvtap left promiscuous mode [ 126.968090][ T43] device veth0_vlan left promiscuous mode [ 126.977485][ T4893] F2FS-fs (loop0): Mismatch valid blocks 0 vs. 2 [ 126.991106][ T4893] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117) [ 127.148787][ T1298] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 127.239400][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 127.247788][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 127.256263][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 127.273251][ T4855] device veth0_vlan entered promiscuous mode [ 127.284297][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 127.292585][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 127.321248][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 127.328596][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 127.339459][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 127.347528][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 127.364991][ T4855] device veth1_macvtap entered promiscuous mode [ 127.372929][ T4938] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 127.386617][ T4943] input: syz0 as /devices/virtual/input/input28 [ 127.410679][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 127.418232][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 127.432542][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 127.446402][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 127.450275][ T4946] loop2: detected capacity change from 0 to 2048 [ 127.460074][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 127.519379][ T4946] loop2: p1 < > p4 [ 127.523585][ T4946] loop2: p4 size 8388608 extends beyond EOD, truncated [ 127.548893][ T1298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.565680][ T28] audit: type=1400 audit(1717506041.929:10099): avc: denied { read write } for pid=4937 comm="syz-executor.2" name="loop2p4" dev="devtmpfs" ino=515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 127.590385][ T1298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.617487][ T1298] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 127.636189][ T1298] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.638390][ T28] audit: type=1400 audit(1717506041.929:10100): avc: denied { open } for pid=4937 comm="syz-executor.2" path="/dev/loop2p4" dev="devtmpfs" ino=515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 127.682198][ T4953] loop1: detected capacity change from 0 to 512 [ 127.691178][ T1298] usb 5-1: config 0 descriptor?? [ 127.696148][ T4953] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 127.720047][ T4953] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 127.735405][ T4953] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 127.752104][ T4953] System zones: 0-2, 18-18, 34-34 [ 127.766464][ T4953] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 127.793025][ T4953] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 121: padding at end of block bitmap is not set [ 127.829577][ T4953] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 127.834678][ T4945] loop0: detected capacity change from 0 to 40427 [ 127.847172][ T4953] EXT4-fs (loop1): 1 truncate cleaned up [ 127.848964][ T4945] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 127.857207][ T4953] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 127.863571][ T4945] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 127.882298][ T4945] F2FS-fs (loop0): invalid crc value [ 127.917289][ T4945] F2FS-fs (loop0): Mismatch valid blocks 0 vs. 2 [ 127.940086][ T4945] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117) [ 128.053956][ T4963] kvm [4962]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x7bf [ 128.078604][ T4963] kvm [4962]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xf2df [ 128.100820][ T4963] kvm [4962]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x4edf [ 128.189154][ T1298] hid (null): bogus close delimiter [ 128.514130][ T4855] EXT4-fs (loop1): unmounting filesystem. [ 128.584478][ T24] kernel write not supported for file /uinput (pid: 24 comm: kworker/1:0) [ 128.688867][ T1298] usb 5-1: string descriptor 0 read error: -71 [ 128.708795][ T1298] uclogic 0003:256C:006D.0019: failed retrieving string descriptor #200: -71 [ 128.722887][ T1298] uclogic 0003:256C:006D.0019: failed retrieving pen parameters: -71 [ 128.748744][ T1298] uclogic 0003:256C:006D.0019: failed probing pen v2 parameters: -71 [ 128.756664][ T1298] uclogic 0003:256C:006D.0019: failed probing parameters: -71 [ 128.772586][ T1298] uclogic: probe of 0003:256C:006D.0019 failed with error -71 [ 128.789824][ T1298] usb 5-1: USB disconnect, device number 15 [ 128.908850][ T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 128.910494][ T4983] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 129.268868][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.283413][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.293918][ T24] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 129.309663][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.323575][ T24] usb 2-1: config 0 descriptor?? [ 129.380317][ T5012] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 129.413140][ T5012] loop0: detected capacity change from 0 to 2048 [ 129.469211][ T5012] loop0: p1 < > p4 [ 129.473472][ T5012] loop0: p4 size 8388608 extends beyond EOD, truncated [ 129.628784][ T1298] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 129.679125][ T39] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 129.771854][ T5026] tipc: Failed to remove unknown binding: 66,1,1/0:1983431171/1983431173 [ 129.780772][ T5025] tipc: Failed to remove unknown binding: 66,1,1/0:1983431171/1983431173 [ 129.789156][ T5025] tipc: Failed to remove unknown binding: 66,1,1/0:1983431171/1983431173 [ 129.810892][ T24] hid-multitouch 0003:0EEF:72D0.001A: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.1-1/input0 [ 129.828801][ T2377] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 129.889434][ T1298] usb 4-1: Using ep0 maxpacket: 8 [ 129.912393][ T5036] loop2: detected capacity change from 0 to 1024 [ 129.919424][ T5036] EXT4-fs: Ignoring removed nobh option [ 129.930697][ T5036] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 129.963323][ T28] audit: type=1400 audit(1717506044.329:10101): avc: denied { unlink } for pid=2666 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 130.009944][ T24] usb 2-1: USB disconnect, device number 6 [ 130.031319][ T2666] EXT4-fs (loop2): unmounting filesystem. [ 130.038834][ T1298] usb 4-1: New USB device found, idVendor=16d8, idProduct=7002, bcdDevice=ec.76 [ 130.040131][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.058573][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.063776][ T1298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.068966][ T39] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 130.088084][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.095416][ T1298] usb 4-1: config 0 descriptor?? [ 130.099115][ T39] usb 5-1: config 0 descriptor?? [ 130.188850][ T2377] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.204028][ T2377] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.222463][ T2377] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 130.233583][ T2377] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.242939][ T2377] usb 1-1: config 0 descriptor?? [ 130.283512][ T5040] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.290495][ T5040] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.297913][ T5040] device bridge_slave_0 entered promiscuous mode [ 130.305488][ T5040] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.312455][ T5040] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.320801][ T5040] device bridge_slave_1 entered promiscuous mode [ 130.359219][ T1298] usb 4-1: USB disconnect, device number 11 [ 130.409979][ T5040] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.416842][ T5040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.423985][ T5040] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.430845][ T5040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.469996][ T566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.477798][ T566] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.485715][ T566] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.503316][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.511653][ T331] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.518516][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.525893][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.535830][ T331] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.542804][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.567733][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 130.575829][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 130.589039][ T39] hid (null): bogus close delimiter [ 130.592944][ T5040] device veth0_vlan entered promiscuous mode [ 130.602932][ T43] device bridge_slave_1 left promiscuous mode [ 130.609454][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.617602][ T43] device bridge_slave_0 left promiscuous mode [ 130.627596][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.644776][ T43] device veth1_macvtap left promiscuous mode [ 130.654360][ T43] device veth0_vlan left promiscuous mode [ 130.719826][ T2377] holtek 0003:1241:5015.001C: unbalanced collection at end of report description [ 130.730892][ T2377] holtek 0003:1241:5015.001C: parse failed [ 130.736634][ T2377] holtek: probe of 0003:1241:5015.001C failed with error -22 [ 130.793248][ T28] audit: type=1400 audit(1717506045.159:10102): avc: denied { write } for pid=5052 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 130.949394][ T1090] usb 1-1: USB disconnect, device number 8 [ 130.970676][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 130.979218][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 130.987220][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 130.995040][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 131.015234][ T5040] device veth1_macvtap entered promiscuous mode [ 131.026237][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 131.048056][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 131.060026][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 131.088789][ T39] usb 5-1: string descriptor 0 read error: -71 [ 131.094934][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 131.108794][ T39] uclogic 0003:256C:006D.001B: failed retrieving string descriptor #200: -71 [ 131.117423][ T39] uclogic 0003:256C:006D.001B: failed retrieving pen parameters: -71 [ 131.131191][ T5063] loop1: detected capacity change from 0 to 256 [ 131.137688][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 131.150514][ T39] uclogic 0003:256C:006D.001B: failed probing pen v2 parameters: -71 [ 131.174332][ T39] uclogic 0003:256C:006D.001B: failed probing parameters: -71 [ 131.189398][ T39] uclogic: probe of 0003:256C:006D.001B failed with error -71 [ 131.206943][ T39] usb 5-1: USB disconnect, device number 16 [ 131.598757][ T1090] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 131.609343][ T5097] loop4: detected capacity change from 0 to 512 [ 131.624009][ T5097] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 131.632100][ T5099] loop0: detected capacity change from 0 to 512 [ 131.648638][ T5097] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 131.666264][ T5097] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 131.677496][ T5099] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 393: padding at end of block bitmap is not set [ 131.684624][ T5097] System zones: 0-2, 18-18, 34-34 [ 131.705835][ T5099] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 131.717779][ T5097] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 131.732448][ T5099] EXT4-fs (loop0): 2 truncates cleaned up [ 131.738088][ T5099] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 131.748925][ T5097] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 121: padding at end of block bitmap is not set [ 131.758147][ T5099] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 131.763743][ T28] audit: type=1400 audit(1717506046.119:10103): avc: denied { create } for pid=5098 comm="syz-executor.0" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 131.813249][ T5099] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5099 comm=syz-executor.0 [ 131.819690][ T5097] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 131.843529][ T5099] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5099 comm=syz-executor.0 [ 131.851293][ T5097] EXT4-fs (loop4): 1 truncate cleaned up [ 131.863855][ T28] audit: type=1400 audit(1717506046.209:10104): avc: denied { read } for pid=5098 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 131.892090][ T5097] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 131.906135][ T28] audit: type=1400 audit(1717506046.209:10105): avc: denied { nlmsg_write } for pid=5098 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 131.938921][ T3365] EXT4-fs (loop0): unmounting filesystem. [ 131.978810][ T1090] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.000347][ T1090] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 132.028182][ T1090] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 132.046902][ T1090] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.063509][ T1090] usb 3-1: config 0 descriptor?? [ 132.118196][ T5113] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 132.128329][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 132.143652][ T2377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 132.162196][ T5113] loop1: detected capacity change from 0 to 2048 [ 132.199167][ T5113] loop1: p1 < > p4 [ 132.203313][ T5113] loop1: p4 size 8388608 extends beyond EOD, truncated [ 132.274967][ T5128] loop0: detected capacity change from 0 to 512 [ 132.297364][ T5130] loop1: detected capacity change from 0 to 128 [ 132.305184][ T5128] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 393: padding at end of block bitmap is not set [ 132.321378][ T5128] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 132.348884][ T5128] EXT4-fs (loop0): 2 truncates cleaned up [ 132.354617][ T5128] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 132.378105][ T5128] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 132.422873][ T5128] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5128 comm=syz-executor.0 [ 132.443139][ T2641] EXT4-fs (loop4): unmounting filesystem. [ 132.458198][ T5137] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=5137 comm=syz-executor.3 [ 132.476523][ T5128] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5128 comm=syz-executor.0 [ 132.512529][ T3365] EXT4-fs (loop0): unmounting filesystem. [ 133.261072][ T1090] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0 [ 133.268809][ T1090] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 133.285032][ T1090] plantronics 0003:047F:FFFF.001D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 133.300221][ T1090] usb 3-1: USB disconnect, device number 15 [ 133.381227][ T5168] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=5168 comm=syz-executor.3 [ 133.441946][ T5172] loop2: detected capacity change from 0 to 128 [ 133.588955][ T310] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 133.988788][ T331] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 134.017356][ T28] audit: type=1400 audit(1717506048.379:10106): avc: denied { map } for pid=5192 comm="syz-executor.1" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 134.287687][ T310] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 134.301552][ T310] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 134.323370][ T5209] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=5209 comm=syz-executor.3 [ 134.399219][ T310] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 134.411404][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 134.419477][ T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.435733][ T331] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 134.451763][ T310] usb 1-1: SerialNumber: syz [ 134.467040][ T331] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 134.485758][ T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.502500][ T331] usb 5-1: config 0 descriptor?? [ 134.744795][ T5223] loop2: detected capacity change from 0 to 256 [ 134.752300][ T310] usb 1-1: 0:2 : does not exist [ 134.757087][ T310] usb 1-1: unit 5: unexpected type 0x03 [ 134.770081][ T310] usb 1-1: USB disconnect, device number 9 [ 134.908756][ T566] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 134.979783][ T331] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 134.987292][ T331] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 135.026610][ T331] plantronics 0003:047F:FFFF.001E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 135.262514][ T5230] SELinux: security_context_str_to_sid (r) failed with errno=-22 [ 135.291238][ T5234] syz-executor.0[5234] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.291328][ T5234] syz-executor.0[5234] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.305242][ T566] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.351327][ T566] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 135.498587][ T5254] SELinux: security_context_str_to_sid (r) failed with errno=-22 [ 135.528850][ T566] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.530315][ T5258] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 135.541091][ T566] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.569132][ T566] usb 4-1: Product: syz [ 135.577538][ T566] usb 4-1: Manufacturer: syz [ 135.587572][ T566] usb 4-1: SerialNumber: syz [ 135.596024][ T5258] loop1: detected capacity change from 0 to 2048 [ 135.649165][ T5258] loop1: p1 < > p4 [ 135.653654][ T5258] loop1: p4 size 8388608 extends beyond EOD, truncated [ 135.688955][ T310] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 135.752043][ T5263] syz-executor.1[5263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.752137][ T5263] syz-executor.1[5263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.759151][ T331] usb 5-1: USB disconnect, device number 17 [ 135.800145][ T5264] loop2: detected capacity change from 0 to 256 [ 135.819941][ T28] audit: type=1326 audit(1717506050.189:10107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5267 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aaf87cee9 code=0x7ffc0000 [ 135.840660][ T5222] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 135.879246][ T28] audit: type=1326 audit(1717506050.209:10108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5267 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4aaf87cee9 code=0x7ffc0000 [ 135.911942][ T5273] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=5273 comm=syz-executor.1 [ 135.923348][ T28] audit: type=1326 audit(1717506050.209:10109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5267 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aaf87cee9 code=0x7ffc0000 [ 135.969607][ T28] audit: type=1326 audit(1717506050.209:10110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5267 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4aaf87cee9 code=0x7ffc0000 [ 135.986538][ T5277] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 136.017133][ T28] audit: type=1326 audit(1717506050.219:10111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5267 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aaf87cee9 code=0x7ffc0000 [ 136.045574][ T5277] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 136.068618][ T28] audit: type=1326 audit(1717506050.219:10112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5267 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4aaf87a667 code=0x7ffc0000 [ 136.109269][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.126369][ T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.144818][ T310] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 136.160355][ T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.177185][ T310] usb 1-1: config 0 descriptor?? [ 136.549073][ T5222] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 136.610619][ T5302] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=5302 comm=syz-executor.2 [ 136.649773][ T310] holtek 0003:1241:5015.001F: unbalanced collection at end of report description [ 136.660022][ T19] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 136.676510][ T310] holtek 0003:1241:5015.001F: parse failed [ 136.691136][ T310] holtek: probe of 0003:1241:5015.001F failed with error -22 [ 136.778859][ T566] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 136.785139][ T566] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 136.800011][ T566] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 136.869460][ T310] usb 1-1: USB disconnect, device number 10 [ 136.976171][ T5316] loop1: detected capacity change from 0 to 256 [ 137.018857][ T566] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 137.038891][ T566] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 137.058782][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.070527][ T566] usb 4-1: USB disconnect, device number 12 [ 137.076538][ T566] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 137.085502][ T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 137.106288][ T19] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 137.127604][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.150699][ T310] ================================================================== [ 137.158595][ T310] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 137.166231][ T310] Read of size 8 at addr ffff888116d3ccf0 by task kworker/0:2/310 [ 137.173869][ T310] [ 137.176040][ T310] CPU: 0 PID: 310 Comm: kworker/0:2 Not tainted 6.1.78-syzkaller-00138-gc5abb6172516 #0 [ 137.185670][ T310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 137.195579][ T310] Workqueue: events linkwatch_event [ 137.200608][ T310] Call Trace: [ 137.203738][ T310] [ 137.206499][ T310] dump_stack_lvl+0x151/0x1b7 [ 137.211036][ T310] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 137.216394][ T310] ? _printk+0xd1/0x111 [ 137.220390][ T310] ? __virt_addr_valid+0x242/0x2f0 [ 137.225337][ T310] print_report+0x158/0x4e0 [ 137.229762][ T310] ? __virt_addr_valid+0x242/0x2f0 [ 137.234757][ T310] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 137.240783][ T310] ? __list_del_entry_valid+0xa6/0x130 [ 137.246079][ T310] kasan_report+0x13c/0x170 [ 137.250417][ T310] ? __list_del_entry_valid+0xa6/0x130 [ 137.255712][ T310] __asan_report_load8_noabort+0x14/0x20 [ 137.261180][ T310] __list_del_entry_valid+0xa6/0x130 [ 137.266299][ T310] process_one_work+0x4d7/0xcb0 [ 137.270995][ T310] worker_thread+0xa60/0x1260 [ 137.275510][ T310] kthread+0x26d/0x300 [ 137.279403][ T310] ? worker_clr_flags+0x1a0/0x1a0 [ 137.284268][ T310] ? kthread_blkcg+0xd0/0xd0 [ 137.288695][ T310] ret_from_fork+0x1f/0x30 [ 137.292950][ T310] [ 137.295808][ T310] [ 137.297976][ T310] Allocated by task 566: [ 137.302059][ T310] kasan_set_track+0x4b/0x70 [ 137.306485][ T310] kasan_save_alloc_info+0x1f/0x30 [ 137.311433][ T310] __kasan_kmalloc+0x9c/0xb0 [ 137.315859][ T310] __kmalloc_node+0xb4/0x1e0 [ 137.320283][ T310] kvmalloc_node+0x221/0x640 [ 137.324711][ T310] alloc_netdev_mqs+0x8c/0xf90 [ 137.329311][ T310] alloc_etherdev_mqs+0x36/0x40 [ 137.333998][ T310] usbnet_probe+0x207/0x27c0 [ 137.338423][ T310] usb_probe_interface+0x5b6/0xa90 [ 137.343369][ T310] really_probe+0x2b8/0x920 [ 137.347708][ T310] __driver_probe_device+0x1a0/0x310 [ 137.352866][ T310] driver_probe_device+0x54/0x3d0 [ 137.357778][ T310] __device_attach_driver+0x2e3/0x490 [ 137.362988][ T310] bus_for_each_drv+0x183/0x200 [ 137.367675][ T310] __device_attach+0x312/0x510 [ 137.372271][ T310] device_initial_probe+0x1a/0x20 [ 137.377138][ T310] bus_probe_device+0xbe/0x1e0 [ 137.381734][ T310] device_add+0xb60/0xf10 [ 137.385904][ T310] usb_set_configuration+0x190f/0x1e80 [ 137.391192][ T310] usb_generic_driver_probe+0x8b/0x150 [ 137.396487][ T310] usb_probe_device+0x144/0x260 [ 137.401173][ T310] really_probe+0x2b8/0x920 [ 137.405515][ T310] __driver_probe_device+0x1a0/0x310 [ 137.410635][ T310] driver_probe_device+0x54/0x3d0 [ 137.415495][ T310] __device_attach_driver+0x2e3/0x490 [ 137.420702][ T310] bus_for_each_drv+0x183/0x200 [ 137.425390][ T310] __device_attach+0x312/0x510 [ 137.429988][ T310] device_initial_probe+0x1a/0x20 [ 137.434849][ T310] bus_probe_device+0xbe/0x1e0 [ 137.439454][ T310] device_add+0xb60/0xf10 [ 137.443612][ T310] usb_new_device+0xf32/0x1810 [ 137.448209][ T310] hub_event+0x2db1/0x4830 [ 137.452462][ T310] process_one_work+0x73d/0xcb0 [ 137.457149][ T310] worker_thread+0xa60/0x1260 [ 137.461664][ T310] kthread+0x26d/0x300 [ 137.465571][ T310] ret_from_fork+0x1f/0x30 [ 137.469823][ T310] [ 137.471998][ T310] Freed by task 566: [ 137.475726][ T310] kasan_set_track+0x4b/0x70 [ 137.480152][ T310] kasan_save_free_info+0x2b/0x40 [ 137.485011][ T310] ____kasan_slab_free+0x131/0x180 [ 137.489956][ T310] __kasan_slab_free+0x11/0x20 [ 137.494556][ T310] __kmem_cache_free+0x218/0x3b0 [ 137.499338][ T310] kfree+0x7a/0xf0 [ 137.502891][ T310] kvfree+0x35/0x40 [ 137.506535][ T310] netdev_freemem+0x3f/0x60 [ 137.510873][ T310] netdev_release+0x7f/0xb0 [ 137.515216][ T310] device_release+0x95/0x1c0 [ 137.519643][ T310] kobject_put+0x178/0x260 [ 137.523892][ T310] put_device+0x1f/0x30 [ 137.527885][ T310] free_netdev+0x393/0x480 [ 137.532139][ T310] usbnet_disconnect+0x245/0x390 [ 137.536914][ T310] usb_unbind_interface+0x1fa/0x8c0 [ 137.541947][ T310] device_release_driver_internal+0x53e/0x870 [ 137.547847][ T310] device_release_driver+0x19/0x20 [ 137.552794][ T310] bus_remove_device+0x2fa/0x360 [ 137.557568][ T310] device_del+0x663/0xe90 [ 137.561736][ T310] usb_disable_device+0x380/0x720 [ 137.566599][ T310] usb_disconnect+0x32a/0x890 [ 137.571107][ T310] hub_event+0x1ed8/0x4830 [ 137.575359][ T310] process_one_work+0x73d/0xcb0 [ 137.580134][ T310] worker_thread+0xd71/0x1260 [ 137.584646][ T310] kthread+0x26d/0x300 [ 137.588553][ T310] ret_from_fork+0x1f/0x30 [ 137.592806][ T310] [ 137.594975][ T310] Last potentially related work creation: [ 137.600530][ T310] kasan_save_stack+0x3b/0x60 [ 137.605042][ T310] __kasan_record_aux_stack+0xb4/0xc0 [ 137.610249][ T310] kasan_record_aux_stack_noalloc+0xb/0x10 [ 137.615913][ T310] insert_work+0x56/0x310 [ 137.620059][ T310] __queue_work+0x9b6/0xd70 [ 137.624397][ T310] queue_work_on+0x105/0x170 [ 137.628825][ T310] usbnet_link_change+0xeb/0x100 [ 137.633599][ T310] usbnet_probe+0x1dbe/0x27c0 [ 137.638110][ T310] usb_probe_interface+0x5b6/0xa90 [ 137.643145][ T310] really_probe+0x2b8/0x920 [ 137.647486][ T310] __driver_probe_device+0x1a0/0x310 [ 137.652606][ T310] driver_probe_device+0x54/0x3d0 [ 137.657466][ T310] __device_attach_driver+0x2e3/0x490 [ 137.662673][ T310] bus_for_each_drv+0x183/0x200 [ 137.667360][ T310] __device_attach+0x312/0x510 [ 137.671960][ T310] device_initial_probe+0x1a/0x20 [ 137.676821][ T310] bus_probe_device+0xbe/0x1e0 [ 137.681420][ T310] device_add+0xb60/0xf10 [ 137.685586][ T310] usb_set_configuration+0x190f/0x1e80 [ 137.690880][ T310] usb_generic_driver_probe+0x8b/0x150 [ 137.696261][ T310] usb_probe_device+0x144/0x260 [ 137.700949][ T310] really_probe+0x2b8/0x920 [ 137.705288][ T310] __driver_probe_device+0x1a0/0x310 [ 137.710409][ T310] driver_probe_device+0x54/0x3d0 [ 137.715373][ T310] __device_attach_driver+0x2e3/0x490 [ 137.720578][ T310] bus_for_each_drv+0x183/0x200 [ 137.725267][ T310] __device_attach+0x312/0x510 [ 137.729870][ T310] device_initial_probe+0x1a/0x20 [ 137.734736][ T310] bus_probe_device+0xbe/0x1e0 [ 137.739326][ T310] device_add+0xb60/0xf10 [ 137.743492][ T310] usb_new_device+0xf32/0x1810 [ 137.748097][ T310] hub_event+0x2db1/0x4830 [ 137.752342][ T310] process_one_work+0x73d/0xcb0 [ 137.757029][ T310] worker_thread+0xa60/0x1260 [ 137.761545][ T310] kthread+0x26d/0x300 [ 137.765596][ T310] ret_from_fork+0x1f/0x30 [ 137.769844][ T310] [ 137.772012][ T310] The buggy address belongs to the object at ffff888116d3c000 [ 137.772012][ T310] which belongs to the cache kmalloc-4k of size 4096 [ 137.785901][ T310] The buggy address is located 3312 bytes inside of [ 137.785901][ T310] 4096-byte region [ffff888116d3c000, ffff888116d3d000) [ 137.799180][ T310] [ 137.801349][ T310] The buggy address belongs to the physical page: [ 137.807608][ T310] page:ffffea00045b4e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116d38 [ 137.817666][ T310] head:ffffea00045b4e00 order:3 compound_mapcount:0 compound_pincount:0 [ 137.825824][ T310] flags: 0x4000000000010200(slab|head|zone=1) [ 137.831734][ T310] raw: 4000000000010200 ffffea00046c0400 dead000000000002 ffff888100043380 [ 137.840246][ T310] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 137.848658][ T310] page dumped because: kasan: bad access detected [ 137.854922][ T310] page_owner tracks the page as allocated [ 137.860462][ T310] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2641, tgid 2641 (syz-executor.4), ts 68455150233, free_ts 68451019821 [ 137.882608][ T310] post_alloc_hook+0x213/0x220 [ 137.887193][ T310] prep_new_page+0x1b/0x110 [ 137.891533][ T310] get_page_from_freelist+0x27ea/0x2870 [ 137.896921][ T310] __alloc_pages+0x3a1/0x780 [ 137.901341][ T310] alloc_slab_page+0x6c/0xf0 [ 137.905784][ T310] new_slab+0x90/0x3e0 [ 137.909678][ T310] ___slab_alloc+0x6f9/0xb80 [ 137.914098][ T310] __slab_alloc+0x5d/0xa0 [ 137.918264][ T310] __kmem_cache_alloc_node+0x1af/0x250 [ 137.923563][ T310] __kmalloc_node_track_caller+0xa2/0x1e0 [ 137.929119][ T310] __alloc_skb+0x125/0x2d0 [ 137.933370][ T310] rtmsg_ifinfo_build_skb+0x7f/0x180 [ 137.938494][ T310] rtmsg_ifinfo+0x78/0x120 [ 137.942741][ T310] __dev_notify_flags+0xdd/0x610 [ 137.947513][ T310] rtnl_newlink+0x1929/0x2030 [ 137.952028][ T310] rtnetlink_rcv_msg+0x9a5/0xca0 [ 137.956803][ T310] page last free stack trace: [ 137.961314][ T310] free_unref_page_prepare+0x83d/0x850 [ 137.966624][ T310] free_unref_page+0xb2/0x5c0 [ 137.971124][ T310] __free_pages+0x61/0xf0 [ 137.975288][ T310] __free_slab+0xce/0x1a0 [ 137.979541][ T310] __unfreeze_partials+0x165/0x1a0 [ 137.984488][ T310] put_cpu_partial+0xa9/0x100 [ 137.989001][ T310] __slab_free+0x1c8/0x280 [ 137.993264][ T310] ___cache_free+0xc6/0xd0 [ 137.997532][ T310] qlist_free_all+0xc5/0x140 [ 138.001934][ T310] kasan_quarantine_reduce+0x15a/0x180 [ 138.007226][ T310] __kasan_slab_alloc+0x24/0x80 [ 138.011913][ T310] slab_post_alloc_hook+0x53/0x2c0 [ 138.016861][ T310] kmem_cache_alloc_node+0x18a/0x2d0 [ 138.021982][ T310] __alloc_skb+0xcc/0x2d0 [ 138.026146][ T310] netlink_ack+0x392/0x12a0 [ 138.030489][ T310] netlink_rcv_skb+0x24a/0x410 [ 138.035092][ T310] [ 138.037256][ T310] Memory state around the buggy address: [ 138.042740][ T310] ffff888116d3cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 138.050626][ T310] ffff888116d3cc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 138.058527][ T310] >ffff888116d3cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2024/06/04 13:00:52 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 138.066419][ T310] ^ [ 138.073992][ T310] ffff888116d3cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 138.081873][ T310] ffff888116d3cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 138.089765][ T310] ================================================================== [ 138.097756][ T310] Disabling lock debugging due to kernel taint [ 138.106527][ T19] usb 5-1: config 0 descriptor?? [ 138.158791][ T19] usb 5-1: can't set config #0, error -71 [ 138.179169][ T19] usb 5-1: USB disconnect, device number 18