last executing test programs: 2.558946115s ago: executing program 4 (id=2643): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x13) sendto$inet(r0, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) getsockopt$inet_IP_XFRM_POLICY(r0, 0x6, 0xb, 0x0, &(0x7f0000000040)=0x61) 1.539356849s ago: executing program 4 (id=2655): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="85000000080000001f0000000000000085000000080000009500000000000000e135dee43f5d62cdaf5bb32c301264de232ce03ca49ba60071b592758143664bf8505b4845e336472821027a89dba77c8ea9b6ee1398ae73749be1537086ae214b648801a3f00174709ddccbce9ffab959b9042fc0dfcd37b7baa14007c92d4cf2d339bf000000000000000957476eac9cdac23d9c280569e2dbfa62118132000000000000c0dadcbdbfba95ec64e00d93bfada6b71d91340a4508bcd72d77eba909bd6a9d45359cf11ad81000fb0f5548ced9733ca0fe9d8ca129b42fea3551e5ca8cdad72f668dbfa9a21d9e8c4afb7203e71a4dcefc7a45ea63c8899caca26b63ddd0ddf5b45ad90b19879853bac503661a3069ba143e01ccbef34bdce3099f80a5ae740c01ffa4f0a207fa54f5112a341a195af0662cfbaa80fce27ae5abd0dfbd0fcdcf8b8c362667a67813555101d3f6abaaea73dcf70445c52f0a0354dab0acdc6955a5f2dae85280f9f5a66b411fafe99d8a79d24cc9cf88e456cc5cdda94eeda37b147d64d97abf7f34490200b00ed338864d7d9855f9ee3a194294c73491ec"], &(0x7f0000000140)='GPL\x00', 0x0, 0xa0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x44, 0x10, 0x0, 0x41, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0xe, 0x2000000, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) 1.5209997s ago: executing program 0 (id=2656): r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) keyctl$search(0xa, r0, &(0x7f00000005c0)='asymmetric\x00', &(0x7f0000000640)={'syz', 0x1}, 0x0) 1.501316442s ago: executing program 0 (id=2658): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) readlinkat(r2, 0x0, 0x0, 0x0) 1.462829926s ago: executing program 0 (id=2660): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={&(0x7f0000000200), 0xc, &(0x7f0000000300)={&(0x7f0000002e80)={0xdc4, r2, 0x5, 0x0, 0x0, {}, [@WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_PEERS={0xd48, 0x8, 0x0, 0x1, [{0xe4, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "1171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "5da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e"}]}, {0x324, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_ALLOWEDIPS={0x2f4, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}]}]}]}, {0x64, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a549"}]}, {0x94, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x0, @empty}}]}, {0x838, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x300, 0x9, 0x0, 0x1, [{0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}]}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @WGPEER_A_ALLOWEDIPS={0x47c, 0x9, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, {0x5, 0x3, 0x3}}]}, {0xffffffe5, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev}, {0x5}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "55fbc2635cc801d67c589cc98f3cf65074dffe0886750dec83be49fbf628e1dc"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "0f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e"}]}, {0xc, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}]}]}, @WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}, @WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_FWMARK={0x8}]}, 0xdc4}}, 0x0) 1.462511606s ago: executing program 2 (id=2661): unshare(0x64000600) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda0602000000ffe80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) r1 = socket$inet6(0x10, 0x3, 0x0) write(r1, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 1.420005519s ago: executing program 4 (id=2666): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x69) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) execve(&(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000780)) 1.41948709s ago: executing program 0 (id=2667): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001900010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x2c, 0x0, 0x1, 0xff1f0000, 0x0, {0x2}, [@MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}]}]}, 0x2c}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b800000014000100"/25], 0xb8}}, 0x0) 1.389372132s ago: executing program 0 (id=2668): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010055}]}) 1.347507616s ago: executing program 2 (id=2669): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000280)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000), 0x3000000) 1.290226562s ago: executing program 0 (id=2671): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000010ef17096000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0xb, "289d297b"}]}}, 0x0}, 0x0) 976.45328ms ago: executing program 4 (id=2683): setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0) execve(0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) write$P9_RLERRORu(r0, &(0x7f00000003c0)={0x14, 0x7, 0x1, {{0x7, 'NETMAP\x00'}, 0x4}}, 0x14) 915.118766ms ago: executing program 4 (id=2674): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x8) 671.186938ms ago: executing program 3 (id=2687): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) 566.915528ms ago: executing program 3 (id=2688): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000022c0)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r2, 0x1, 0x6, @local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000240)={r2, 0x1, 0x6, @local}, 0x10) 514.816153ms ago: executing program 3 (id=2689): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0) 482.656606ms ago: executing program 1 (id=2693): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x1, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000000)=0x101, 0x4) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x2004c810, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 471.385297ms ago: executing program 1 (id=2694): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x1001, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xffffff19) 459.930908ms ago: executing program 1 (id=2695): open(0x0, 0x60142, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000002e80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) 422.377271ms ago: executing program 2 (id=2696): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x35}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x39) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000ac0)=r0, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000000440)={@local, @broadcast, @void, {@can={0xc, {{0x4, 0x1, 0x1, 0x1}, 0x2, 0x2}}}}, 0x0) 422.179731ms ago: executing program 3 (id=2697): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) sched_getparam(0x0, &(0x7f0000000000)) 421.813971ms ago: executing program 1 (id=2707): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000003400)=[{&(0x7f0000001080)=""/107, 0x7ffff000}, {&(0x7f0000004c00)=""/4096, 0x1000}], 0x2) 402.409603ms ago: executing program 2 (id=2698): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 381.702075ms ago: executing program 3 (id=2700): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4020}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x14, 0x1, 0x3, 0x401}, 0x14}}, 0x0) 381.173475ms ago: executing program 2 (id=2701): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000340)='sched_process_wait\x00', r1}, 0x10) wait4(0x0, 0x0, 0x0, 0x0) 343.140388ms ago: executing program 3 (id=2702): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000f0"], 0x0, 0x0, 0x0, 0x0}, 0x0) 288.018103ms ago: executing program 1 (id=2703): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000003c0)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {}, {@noinit_itable}, {@norecovery}, {@discard}, {@noload}, {@usrjquota}, {@oldalloc}, {@grpquota}]}, 0x1, 0x583, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSdN2/36/dTCGeiGDXTiZS9fWPxME56XocKD3M7RZGU2X0aRjrQO3C3fjjQxBxIH4Arz3cvgGfBUDHQwZRS9EqJzkZMvapH+zJWs+Hzjb8+Sc0+f55jnPk+fJSUgAA+t4+k8u4uWI+CaJONyyLx/ZzuON41Ye3ZhOt2R0dfXTP5NIsseaxyfZ/wezzEsR8etXEady68utLi3PFcvl0kKWH6/NXx2vLi2fvjxfnC3Nlq5MTk2dfWtq8t133u5arK9f+Pv7T+59ePbrEyvf/fzgyJ0kzsWhbF9rHLtwszVzvPhvlhqOc2sOnOhCYf0k6XUF2JGhrJ8PRzoGHI6hrNcDe9+XEbEKDKhE/4cB1ZwHNNf2XVoHvzAeftBYANVjH2mNP994byT21ddGB1aSp1ZG6Xp3rAvlp2X88sfdO+kWG78PsX+TPMC23LwVEWfy+fXjf5KNfzt3pv7m8cbWljForz/QS/fS+c8b7eZ/ucfzn2gz/znYpu/uxOb9P/egC8V0lM7/3ls//01ahq6xocZdsPhffc43nFy6XC6diYj/R8TJGB5N8xvdzzm7cn+1077W+V+6peU354INuQf50afPmSnWihExssvQ6x7eingl3679k8ftn7Rp//T5uLDFMo6V7r7aad/m8T9bqz9FvNZ2/fPkjlay8f3J8fr1MN68Ktb76/ax3zqV3+v40/Y/sHH8Y0nr/drq9sv4cd8/pU77dnr9jySf1dPNTnC9WKstTESMJB+vf3zyybnNfPP4NP6TJzYe/9pd/+ni6/Mtxn/76O2Oh/ZD+89sq/23n7j/0Rc/dCp/a+3/Zj11MnskG//ay66VrVZwt88fAAAAAAAA9JNcRByKJFd4nM7lCoXG5zuOxoFcuVKtnbpUWbwyE/Xvyo7FcK55p/twy+chJrLPwzbzk2vyUxFxJCK+HdpfzxemK+WZXgcPAAAAAAAAAAAAAAAAAAAAfeJgh+//p34f6nXtgGeu/sMGo72uBdALm/zkvx+ahD1sbf/f16N6AM/fJq//wB6m/8Pg0v9hcOn/MLj0fxhc+j8MLv0fAAAAAAAAAAAAAAAAAAAAAAAAAAAAuurC+fPptrry6MZ0mp+5trQ4V7l2eqZUnSvML04XpisLVwuzlcpsuVSYrsxv9vfKlcrViclYvD5eK1Vr49Wl5YvzlcUrtYuX54uzpYul4ecSFQAAAAAAAAAAAAAAAAAAALxYqkvLc8VyubQg0THxfvRFNZ5lgA07Oj3fL1F0PTEUEX1QjV0nbmXNu72zejgoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAa/wUAAP//qUsw1Q==") read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc1}}) 287.854303ms ago: executing program 2 (id=2704): r0 = socket$netlink(0x10, 0x3, 0xa) r1 = dup(r0) open(&(0x7f0000000140)='./file1\x00', 0x10f0c2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) 225.83294ms ago: executing program 1 (id=2705): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200010010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000a40)={0x34, &(0x7f0000000800)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000380)=ANY=[@ANYBLOB="401639000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 4 (id=2706): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r0, r2, 0x25, 0x0, @val=@tcx={@void, @value}}, 0x1c) syz_emit_ethernet(0x66, &(0x7f0000000900)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "711e8f", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x9, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "bede78", 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x23}, @loopback}}}}}}}, 0x0) kernel console output (not intermixed with test programs): (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.672229][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.682987][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.693726][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.704464][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.715623][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.726405][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.737154][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.747846][ T2748] EXT4-fs warning (device loop4): empty_inline_dir:1847: bad inline directory (dir #12) - no `..' [ 147.753902][ T4963] loop1: detected capacity change from 0 to 40427 [ 147.776404][ T4963] F2FS-fs (loop1): invalid crc value [ 147.783147][ T4963] F2FS-fs (loop1): Found nat_bits in checkpoint [ 147.820410][ T4963] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 147.820964][ T2748] EXT4-fs (loop4): unmounting filesystem. [ 147.927260][ T4976] loop1: detected capacity change from 0 to 512 [ 147.939330][ T4976] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 147.948159][ T4976] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038 (0x7fffffff) [ 147.982376][ T4941] EXT4-fs (loop1): unmounting filesystem. [ 148.040027][ T4979] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.047187][ T4979] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.054546][ T4979] device bridge_slave_0 entered promiscuous mode [ 148.086161][ T4979] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.093150][ T4979] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.101213][ T4979] device bridge_slave_1 entered promiscuous mode [ 148.120231][ T4995] loop3: detected capacity change from 0 to 512 [ 148.126715][ T4995] EXT4-fs: Ignoring removed orlov option [ 148.132759][ T4995] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 148.151172][ T4995] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002] [ 148.177861][ T4995] System zones: 1-12 [ 148.182525][ T4995] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.1919: casefold flag without casefold feature [ 148.195906][ T4995] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.1919: missing EA_INODE flag [ 148.209258][ T4995] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1919: error while reading EA inode 12 err=-117 [ 148.226446][ T4999] loop0: detected capacity change from 0 to 512 [ 148.228447][ T4995] EXT4-fs (loop3): 1 orphan inode deleted [ 148.239078][ T4999] EXT4-fs (loop0): bad s_min_extra_isize: 65535 [ 148.245996][ T4995] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 148.273409][ T4995] EXT4-fs error (device loop3): __ext4_remount:6412: comm syz.3.1919: Abort forced by user [ 148.296192][ T636] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 148.298611][ T4995] EXT4-fs (loop3): Remounting filesystem read-only [ 148.360520][ T1925] EXT4-fs (loop3): unmounting filesystem. [ 148.368821][ T4979] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.375733][ T4979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.382828][ T4979] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.389590][ T4979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.426422][ T8] device bridge_slave_1 left promiscuous mode [ 148.432695][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.440255][ T8] device bridge_slave_0 left promiscuous mode [ 148.446292][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.455315][ T8] device veth1_macvtap left promiscuous mode [ 148.466252][ T8] device veth0_vlan left promiscuous mode [ 148.565762][ T636] usb 2-1: Using ep0 maxpacket: 16 [ 148.570791][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.578450][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.586639][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.603490][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 148.613084][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 148.631903][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 148.640259][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 148.648821][ T5017] device vlan0 entered promiscuous mode [ 148.655390][ T39] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 148.659326][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 148.671343][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 148.679305][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 148.686649][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 148.694022][ T5017] device vlan0 left promiscuous mode [ 148.699297][ T4291] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 148.701116][ T4979] device veth0_vlan entered promiscuous mode [ 148.712690][ T636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.722631][ T4979] device veth1_macvtap entered promiscuous mode [ 148.733462][ T636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.736710][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 148.743603][ T636] usb 2-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 148.752463][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 148.760457][ T636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.768140][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 148.783542][ T636] usb 2-1: config 0 descriptor?? [ 148.818928][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 148.829593][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 148.837877][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 148.845896][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 149.075244][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.086212][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.095799][ T39] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 149.104748][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.112585][ T644] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 149.114160][ T39] usb 3-1: config 0 descriptor?? [ 149.140296][ T4291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.151264][ T4291] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 149.160277][ T4291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.169670][ T4291] usb 4-1: config 0 descriptor?? [ 149.239912][ T5043] loop0: detected capacity change from 0 to 512 [ 149.246830][ T5043] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 149.258047][ T5043] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 149.272499][ T5043] EXT4-fs (loop0): 1 truncate cleaned up [ 149.278104][ T5043] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 149.296377][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 149.303923][ T636] lenovo 0003:17EF:6009.003A: item fetching failed at offset 1/5 [ 149.324603][ T636] lenovo 0003:17EF:6009.003A: hid_parse failed [ 149.330596][ T636] lenovo: probe of 0003:17EF:6009.003A failed with error -22 [ 149.519653][ T644] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 149.528019][ T24] usb 2-1: USB disconnect, device number 24 [ 149.529190][ T644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 149.544799][ T644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 149.555813][ T644] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 149.568476][ T644] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 149.577290][ T644] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.585757][ T644] usb 5-1: config 0 descriptor?? [ 149.606312][ T5024] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 149.606327][ T5023] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 149.614143][ T5009] syz.2.1925[5009] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.622758][ T5009] syz.2.1925[5009] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.640063][ T39] hid-steam 0003:28DE:1142.003B: unexpected long global item [ 149.658973][ T39] hid-steam 0003:28DE:1142.003B: steam_probe:parse of hid interface failed [ 149.667572][ T39] hid-steam: probe of 0003:28DE:1142.003B failed with error -22 [ 149.693587][ T4291] keytouch 0003:0926:3333.003C: fixing up Keytouch IEC report descriptor [ 149.702947][ T4291] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.003C/input/input33 [ 149.784111][ T4291] keytouch 0003:0926:3333.003C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 149.866776][ T4291] usb 3-1: USB disconnect, device number 23 [ 150.061637][ T5024] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.072444][ T5024] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.081989][ T5024] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 150.094945][ T644] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 150.095320][ T5024] usb 1-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 150.110740][ T644] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 150.114413][ T5024] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.118648][ T644] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 150.128010][ T5024] usb 1-1: config 0 descriptor?? [ 150.134594][ T644] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 150.145599][ T644] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 150.161537][ T5054] loop1: detected capacity change from 0 to 512 [ 150.167700][ T644] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 150.175134][ T644] plantronics 0003:047F:FFFF.003D: No inputs registered, leaving [ 150.184421][ T644] plantronics 0003:047F:FFFF.003D: hiddev96,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 150.204242][ T5054] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 150.213093][ T5054] ext4 filesystem being mounted at /11/bus supports timestamps until 2038 (0x7fffffff) [ 150.231722][ T4941] EXT4-fs (loop1): unmounting filesystem. [ 150.381785][ T5073] loop1: detected capacity change from 0 to 4096 [ 150.388897][ T644] usb 5-1: USB disconnect, device number 19 [ 150.401249][ T5073] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 150.418366][ T4941] EXT4-fs (loop1): unmounting filesystem. [ 150.443854][ T302] usb 4-1: USB disconnect, device number 23 [ 150.481642][ T5084] syz.2.1955[5084] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.481729][ T5084] syz.2.1955[5084] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.525636][ T5086] loop1: detected capacity change from 0 to 2048 [ 150.658441][ T5024] holtek_mouse 0003:04D9:A070.003E: item fetching failed at offset 1/5 [ 150.666729][ T5024] holtek_mouse 0003:04D9:A070.003E: hid parse failed: -22 [ 150.677567][ T5024] holtek_mouse: probe of 0003:04D9:A070.003E failed with error -22 [ 150.695522][ T5104] loop2: detected capacity change from 0 to 512 [ 150.702212][ T5104] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 150.712965][ T5104] EXT4-fs (loop2): 1 truncate cleaned up [ 150.718435][ T5104] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 150.778303][ T3216] EXT4-fs (loop2): unmounting filesystem. [ 150.878174][ T5024] usb 1-1: USB disconnect, device number 23 [ 150.900294][ T5108] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.907224][ T5108] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.914358][ T5108] device bridge_slave_0 entered promiscuous mode [ 150.921466][ T5108] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.928314][ T5108] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.935550][ T5108] device bridge_slave_1 entered promiscuous mode [ 150.941859][ T341] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 150.988779][ T5117] loop4: detected capacity change from 0 to 512 [ 151.009718][ T5117] EXT4-fs (loop4): orphan cleanup on readonly fs [ 151.016831][ T5117] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #3: comm syz.4.1971: corrupted inode contents [ 151.029656][ T5117] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #3: comm syz.4.1971: mark_inode_dirty error [ 151.041264][ T5117] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #3: comm syz.4.1971: corrupted inode contents [ 151.053443][ T5117] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.1971: mark_inode_dirty error [ 151.070155][ T5117] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.1971: Failed to acquire dquot type 0 [ 151.079674][ T5108] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.083409][ T5117] EXT4-fs (loop4): 1 orphan inode deleted [ 151.088173][ T5108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.094480][ T8] EXT4-fs error (device loop4): ext4_release_dquot:6787: comm kworker/u4:0: Failed to release dquot type 1 [ 151.100852][ T5108] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.112471][ T5117] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 151.118831][ T5108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.150416][ T4979] EXT4-fs (loop4): unmounting filesystem. [ 151.159530][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.171010][ T5024] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.178617][ T5024] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.190136][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.198671][ T636] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.205598][ T636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.214420][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.222509][ T636] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.229347][ T636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.249637][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 151.261735][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 151.283807][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 151.296755][ T5108] device veth0_vlan entered promiscuous mode [ 151.303840][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 151.311918][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 151.319253][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 151.332503][ T5108] device veth1_macvtap entered promiscuous mode [ 151.340712][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 151.351395][ T341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.362422][ T341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.363891][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 151.371995][ T341] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 151.389175][ T341] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.389712][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 151.401482][ T341] usb 2-1: config 0 descriptor?? [ 151.481800][ T302] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 151.567840][ T5024] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 151.741249][ T302] usb 5-1: Using ep0 maxpacket: 16 [ 151.762913][ T39] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 151.830941][ T5148] loop0: detected capacity change from 0 to 131072 [ 151.837977][ T5148] F2FS-fs (loop0): Test dummy encryption mode enabled [ 151.846085][ T5148] F2FS-fs (loop0): invalid crc value [ 151.852868][ T5148] F2FS-fs (loop0): Found nat_bits in checkpoint [ 151.873649][ T302] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 151.887893][ T302] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 151.896361][ T5148] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 151.897656][ T302] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 151.914818][ T5100] syz.1.1963[5100] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.914898][ T5100] syz.1.1963[5100] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 151.930230][ T302] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 151.938138][ T341] hid-steam 0003:28DE:1142.003F: unexpected long global item [ 151.941575][ T302] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 151.969443][ T302] usb 5-1: config 1 interface 0 has no altsetting 0 [ 151.975896][ T302] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 151.986031][ T302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.986192][ T341] hid-steam 0003:28DE:1142.003F: steam_probe:parse of hid interface failed [ 152.023059][ T5024] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.032982][ T5024] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 152.041974][ T341] hid-steam: probe of 0003:28DE:1142.003F failed with error -22 [ 152.045939][ T302] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 152.129796][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 152.129813][ T28] audit: type=1400 audit(1861131506.169:751): avc: denied { mount } for pid=5156 comm="syz.0.1986" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 152.158258][ T5024] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 152.167378][ T5024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 152.175493][ T5024] usb 4-1: SerialNumber: syz [ 152.187924][ T28] audit: type=1400 audit(1861131506.169:752): avc: denied { remount } for pid=5156 comm="syz.0.1986" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 152.189080][ T5159] loop0: detected capacity change from 0 to 128 [ 152.207620][ T28] audit: type=1400 audit(1861131506.178:753): avc: denied { unmount } for pid=1793 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 152.214111][ T4291] usb 2-1: USB disconnect, device number 25 [ 152.235594][ T5159] EXT4-fs: Ignoring removed bh option [ 152.245454][ T5159] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 152.256187][ T5159] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 152.264936][ T5159] ext2 filesystem being mounted at /275/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 152.265624][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.300719][ T302] scsi host1: usb-storage 5-1:1.0 [ 152.317342][ T39] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 152.324264][ T28] audit: type=1400 audit(1861131506.344:754): avc: denied { link } for pid=5158 comm="syz.0.1987" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 152.326228][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.370942][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 152.378234][ T39] usb 3-1: config 0 descriptor?? [ 152.410838][ T5165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1989'. [ 152.511569][ T10] device bridge_slave_1 left promiscuous mode [ 152.511680][ T5024] usb 4-1: 0:2 : does not exist [ 152.522589][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.522911][ T302] usb 5-1: USB disconnect, device number 20 [ 152.536999][ T10] device bridge_slave_0 left promiscuous mode [ 152.543002][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.551026][ T10] device veth1_macvtap left promiscuous mode [ 152.556892][ T10] device veth0_vlan left promiscuous mode [ 152.770883][ T5024] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5) [ 152.781037][ T5024] usb 4-1: USB disconnect, device number 24 [ 152.879960][ T39] keytouch 0003:0926:3333.0040: fixing up Keytouch IEC report descriptor [ 152.897887][ T39] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0040/input/input34 [ 152.932737][ T28] audit: type=1400 audit(1861131506.907:755): avc: denied { append } for pid=5191 comm="syz.1.2001" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 152.968628][ T5194] loop1: detected capacity change from 0 to 1024 [ 152.975108][ T5194] EXT4-fs: Ignoring removed orlov option [ 152.981025][ T5194] EXT4-fs: Ignoring removed nomblk_io_submit option [ 152.990606][ T39] keytouch 0003:0926:3333.0040: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 153.011602][ T5194] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 153.022839][ T28] audit: type=1400 audit(1861131506.999:756): avc: denied { write } for pid=5193 comm="syz.1.2002" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 153.023310][ T5194] EXT4-fs (loop1): Online defrag not supported with bigalloc [ 153.057045][ T28] audit: type=1400 audit(1861131506.999:757): avc: denied { ioctl } for pid=5193 comm="syz.1.2002" path="/33/file1/file2" dev="loop1" ino=16 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 153.073952][ T5199] syz.3.2003[5199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 153.082049][ T5199] syz.3.2003[5199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 153.083211][ T4941] EXT4-fs (loop1): unmounting filesystem. [ 153.197016][ T5210] loop3: detected capacity change from 0 to 1024 [ 153.206538][ T5210] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 153.235168][ T1925] EXT4-fs (loop3): unmounting filesystem. [ 153.345845][ T5231] syz.3.2017[5231] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 153.345902][ T5231] syz.3.2017[5231] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 153.421125][ T39] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 153.594503][ T4291] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 153.618632][ T24] usb 3-1: USB disconnect, device number 24 [ 153.637838][ C1] keytouch 0003:0926:3333.0040: usb_submit_urb(ctrl) failed: -19 [ 153.659641][ T6] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 153.702939][ T5024] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 153.854640][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.865358][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.875030][ T39] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 153.884132][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.892603][ T39] usb 5-1: config 0 descriptor?? [ 153.973803][ T5024] usb 1-1: Using ep0 maxpacket: 16 [ 154.017265][ T4291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.028082][ T4291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.037623][ T4291] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 154.046732][ T4291] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.049859][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.055721][ T4291] usb 2-1: config 0 descriptor?? [ 154.068910][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.079647][ T6] usb 4-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 154.088520][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.096970][ T6] usb 4-1: config 0 descriptor?? [ 154.125662][ T5024] usb 1-1: config 0 has no interfaces? [ 154.174930][ T5238] syz.2.2020[5238] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.174987][ T5238] syz.2.2020[5238] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.331587][ T5024] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 154.351720][ T5024] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.360880][ T5024] usb 1-1: Product: syz [ 154.365124][ T5024] usb 1-1: Manufacturer: syz [ 154.369542][ T5024] usb 1-1: SerialNumber: syz [ 154.376398][ T5024] r8152-cfgselector 1-1: config 0 descriptor?? [ 154.390995][ T5201] syz.4.2005[5201] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.391076][ T5201] syz.4.2005[5201] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.408730][ T39] hid-steam 0003:28DE:1142.0041: unexpected long global item [ 154.427727][ T39] hid-steam 0003:28DE:1142.0041: steam_probe:parse of hid interface failed [ 154.436244][ T39] hid-steam: probe of 0003:28DE:1142.0041 failed with error -22 [ 154.571857][ T4291] hid-multitouch 0003:0EEF:72D0.0042: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.1-1/input0 [ 154.616332][ T6] wacom 0003:056A:00D0.0043: item fetching failed at offset 1/5 [ 154.623986][ T6] wacom 0003:056A:00D0.0043: parse failed [ 154.629588][ T6] wacom: probe of 0003:056A:00D0.0043 failed with error -22 [ 154.648691][ T341] usb 5-1: USB disconnect, device number 21 [ 154.667614][ T1003] usb 1-1: config 0 descriptor?? [ 154.808981][ T6] usb 2-1: USB disconnect, device number 26 [ 154.832891][ T644] usb 4-1: USB disconnect, device number 25 [ 154.873343][ T39] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 154.884910][ T341] usb 1-1: USB disconnect, device number 24 [ 154.905971][ T1003] usb 1-1: can't set config #0, error -71 [ 155.296217][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.307137][ T39] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 155.315971][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.324604][ T39] usb 3-1: config 0 descriptor?? [ 155.361932][ T28] audit: type=1400 audit(1861131509.158:758): avc: denied { read } for pid=5274 comm="syz.1.2036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 155.416654][ T28] audit: type=1400 audit(1861131509.205:759): avc: denied { setopt } for pid=5274 comm="syz.1.2036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 155.455878][ T5289] loop0: detected capacity change from 0 to 256 [ 155.464235][ T5289] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 155.474773][ T5289] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 155.485206][ T5289] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 155.513674][ T28] audit: type=1400 audit(1861131509.297:760): avc: denied { mounton } for pid=5292 comm="syz.0.2044" path="/284/file0" dev="incremental-fs" ino=1482 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 155.655047][ T5301] loop0: detected capacity change from 0 to 512 [ 155.666442][ T5301] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 155.675202][ T5301] ext4 filesystem being mounted at /288/bus supports timestamps until 2038 (0x7fffffff) [ 155.692864][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 155.762109][ T6] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 155.849332][ T39] keytouch 0003:0926:3333.0044: fixing up Keytouch IEC report descriptor [ 155.858701][ T39] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0044/input/input35 [ 155.946710][ T39] keytouch 0003:0926:3333.0044: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 155.989702][ T644] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 156.152229][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.162948][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.173591][ T6] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 156.182685][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.191678][ T6] usb 4-1: config 0 descriptor?? [ 156.379974][ T644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.391426][ T644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.401011][ T644] usb 1-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 156.410056][ T644] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.420136][ T644] usb 1-1: config 0 descriptor?? [ 156.578467][ T636] usb 3-1: USB disconnect, device number 25 [ 156.694667][ T5291] syz.3.2043[5291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 156.694757][ T5291] syz.3.2043[5291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 156.716913][ T6] hid-steam 0003:28DE:1142.0045: unexpected long global item [ 156.735631][ T6] hid-steam 0003:28DE:1142.0045: steam_probe:parse of hid interface failed [ 156.744101][ T6] hid-steam: probe of 0003:28DE:1142.0045 failed with error -22 [ 156.939097][ T6] usb 4-1: USB disconnect, device number 26 [ 156.945776][ T644] pantherlord 0003:0F30:0111.0046: item fetching failed at offset 6/7 [ 156.954033][ T644] pantherlord 0003:0F30:0111.0046: parse failed [ 156.961914][ T644] pantherlord: probe of 0003:0F30:0111.0046 failed with error -22 [ 157.194137][ T39] usb 1-1: USB disconnect, device number 25 [ 157.226277][ T5334] netlink: 'syz.2.2062': attribute type 9 has an invalid length. [ 157.434755][ T5344] loop2: detected capacity change from 0 to 40427 [ 157.444295][ T5344] F2FS-fs (loop2): Found nat_bits in checkpoint [ 157.479819][ T5344] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 157.531356][ T5108] syz-executor: attempt to access beyond end of device [ 157.531356][ T5108] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 157.715256][ T5360] loop4: detected capacity change from 0 to 40427 [ 157.722057][ T5360] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 157.730171][ T5360] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 157.755089][ T5369] binder: 5367:5369 ioctl c0306201 0 returned -14 [ 157.761664][ T5360] F2FS-fs (loop4): invalid crc value [ 157.762319][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 157.762332][ T28] audit: type=1400 audit(1861131511.373:764): avc: denied { set_context_mgr } for pid=5367 comm="syz.0.2075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 157.807645][ T5360] F2FS-fs (loop4): Found nat_bits in checkpoint [ 157.850753][ T5360] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 157.857825][ T5360] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 157.870829][ T5360] syz.4.2072: attempt to access beyond end of device [ 157.870829][ T5360] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 157.889523][ T4979] syz-executor: attempt to access beyond end of device [ 157.889523][ T4979] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 157.972980][ T39] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 158.082101][ T5390] loop4: detected capacity change from 0 to 256 [ 158.091126][ T5390] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 158.093743][ T644] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 158.110354][ T28] audit: type=1400 audit(1861131511.687:765): avc: denied { append } for pid=5389 comm="syz.4.2084" path="/25/file0/blkio.bfq.io_service_bytes_recursive" dev="loop4" ino=1048709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 158.136352][ T6] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 158.395708][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 158.471507][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.482318][ T341] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 158.489744][ T39] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 158.498817][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.507566][ T39] usb 3-1: config 0 descriptor?? [ 158.525749][ T644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.536594][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.547270][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.547387][ T644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.566613][ T644] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 158.575502][ T644] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.584091][ T644] usb 1-1: config 0 descriptor?? [ 158.688312][ T6] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 158.697169][ T6] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 158.705463][ T6] usb 4-1: Product: syz [ 158.709409][ T6] usb 4-1: Manufacturer: syz [ 158.714871][ T6] usb 4-1: config 0 descriptor?? [ 158.915889][ T341] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.926716][ T341] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.936249][ T341] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 158.945107][ T341] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.953459][ T341] usb 5-1: config 0 descriptor?? [ 159.035601][ T39] keytouch 0003:0926:3333.0047: fixing up Keytouch IEC report descriptor [ 159.044936][ T39] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0047/input/input36 [ 159.078841][ T5374] syz.0.2078[5374] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 159.078904][ T5374] syz.0.2078[5374] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 159.101205][ T644] hid-steam 0003:28DE:1142.0048: unexpected long global item [ 159.119828][ T644] hid-steam 0003:28DE:1142.0048: steam_probe:parse of hid interface failed [ 159.128271][ T644] hid-steam: probe of 0003:28DE:1142.0048 failed with error -22 [ 159.138977][ T39] keytouch 0003:0926:3333.0047: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 159.230927][ T6] kovaplus 0003:1E7D:2D50.0049: item fetching failed at offset 5/7 [ 159.238848][ T6] kovaplus 0003:1E7D:2D50.0049: parse failed [ 159.244750][ T6] kovaplus: probe of 0003:1E7D:2D50.0049 failed with error -22 [ 159.350350][ T39] usb 1-1: USB disconnect, device number 26 [ 159.448425][ T4291] usb 4-1: USB disconnect, device number 27 [ 159.459184][ T341] keytouch 0003:0926:3333.004A: fixing up Keytouch IEC report descriptor [ 159.468669][ T341] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.004A/input/input37 [ 159.557689][ T341] keytouch 0003:0926:3333.004A: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 159.677070][ T341] usb 5-1: USB disconnect, device number 22 [ 159.753427][ T302] usb 3-1: USB disconnect, device number 26 [ 159.772030][ C1] keytouch 0003:0926:3333.0047: usb_submit_urb(ctrl) failed: -19 [ 159.914064][ T28] audit: type=1400 audit(1861131513.357:766): avc: denied { read write } for pid=1793 comm="syz-executor" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 159.938346][ T5403] loop0: detected capacity change from 0 to 512 [ 159.938395][ T28] audit: type=1400 audit(1861131513.357:767): avc: denied { open } for pid=1793 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 159.969297][ T28] audit: type=1400 audit(1861131513.357:768): avc: denied { ioctl } for pid=1793 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 159.983117][ T5403] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 159.995074][ T28] audit: type=1400 audit(1861131513.394:769): avc: denied { mounton } for pid=5402 comm="syz.0.2089" path="/293/bus" dev="tmpfs" ino=1533 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 160.025816][ T5403] ext4 filesystem being mounted at /293/bus supports timestamps until 2038 (0x7fffffff) [ 160.028240][ T28] audit: type=1400 audit(1861131513.403:770): avc: denied { append } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 160.068350][ T28] audit: type=1400 audit(1861131513.458:771): avc: denied { mount } for pid=5402 comm="syz.0.2089" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 160.093005][ T28] audit: type=1400 audit(1861131513.467:772): avc: denied { create } for pid=5407 comm="syz.3.2090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 160.113104][ T28] audit: type=1400 audit(1861131513.467:773): avc: denied { setopt } for pid=5407 comm="syz.3.2090" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 160.142344][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 160.367224][ T5428] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 160.387719][ T5428] SELinux: failed to load policy [ 160.576209][ T5436] loop4: detected capacity change from 0 to 512 [ 160.610246][ T5436] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 160.645468][ T5436] EXT4-fs (loop4): 1 orphan inode deleted [ 160.651440][ T644] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 160.671601][ T5436] EXT4-fs (loop4): 1 truncate cleaned up [ 160.677080][ T5436] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 160.715742][ T5414] loop0: detected capacity change from 0 to 131072 [ 160.716819][ T5436] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 160.754063][ T5436] EXT4-fs (loop4): Remounting filesystem read-only [ 160.760592][ T5414] F2FS-fs (loop0): Found nat_bits in checkpoint [ 160.767897][ T4979] EXT4-fs (loop4): unmounting filesystem. [ 160.825753][ T5444] loop4: detected capacity change from 0 to 512 [ 160.840564][ T5414] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 160.864806][ T5444] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.2104: casefold flag without casefold feature [ 160.884275][ T5444] EXT4-fs (loop4): Remounting filesystem read-only [ 160.891724][ T5444] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz.4.2104: bad orphan inode 15 [ 160.910063][ T5444] ext4_test_bit(bit=14, block=18) = 1 [ 160.915388][ T5444] is_bad_inode(inode)=0 [ 160.919466][ T5444] NEXT_ORPHAN(inode)=1023 [ 160.929885][ T5444] max_ino=32 [ 160.939655][ T5444] i_nlink=0 [ 160.950452][ T5444] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 160.968361][ T5444] ext4 filesystem being mounted at /37/bus supports timestamps until 2038 (0x7fffffff) [ 161.010486][ T5444] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 3: comm syz.4.2104: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=4096 fake=0 [ 161.042545][ T5444] EXT4-fs (loop4): Remounting filesystem read-only [ 161.051063][ T644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.066581][ T4979] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /37/bus: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=4096 fake=0 [ 161.086786][ T644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.096740][ T644] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 161.105826][ T644] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.118818][ T4979] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 161.158940][ T644] usb 3-1: config 0 descriptor?? [ 161.170219][ T4979] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 161.248501][ T4979] EXT4-fs (loop4): unmounting filesystem. [ 161.495758][ T5458] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.502697][ T5458] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.510057][ T5458] device bridge_slave_0 entered promiscuous mode [ 161.536929][ T5458] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.544010][ T5458] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.551505][ T5458] device bridge_slave_1 entered promiscuous mode [ 161.658204][ T5427] syz.2.2099[5427] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 161.658310][ T5427] syz.2.2099[5427] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 161.678130][ T5458] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.696127][ T5458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.703259][ T5458] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.710095][ T5458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.719775][ T644] hid-steam 0003:28DE:1142.004B: unexpected long global item [ 161.729212][ T644] hid-steam 0003:28DE:1142.004B: steam_probe:parse of hid interface failed [ 161.738044][ T644] hid-steam: probe of 0003:28DE:1142.004B failed with error -22 [ 161.781835][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.795478][ T636] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.804817][ T636] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.829607][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.837734][ T644] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.844619][ T644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.852262][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.860852][ T644] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.867724][ T644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.873232][ T5448] loop3: detected capacity change from 0 to 131072 [ 161.884878][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.893566][ T5448] F2FS-fs (loop3): Invalid log sectorsize (67108873) [ 161.893655][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.900631][ T5448] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 161.918599][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.926852][ T5448] F2FS-fs (loop3): invalid crc value [ 161.926966][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.934489][ T5448] F2FS-fs (loop3): Found nat_bits in checkpoint [ 161.962532][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.970060][ T636] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.983322][ T636] usb 3-1: USB disconnect, device number 27 [ 161.984095][ T5458] device veth0_vlan entered promiscuous mode [ 162.011694][ T5448] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 162.023335][ T5448] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 162.031737][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 162.041523][ T5458] device veth1_macvtap entered promiscuous mode [ 162.054971][ T1003] device bridge_slave_1 left promiscuous mode [ 162.061213][ T1003] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.068981][ T1003] device bridge_slave_0 left promiscuous mode [ 162.075549][ T1003] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.083831][ T1003] device veth1_macvtap left promiscuous mode [ 162.089693][ T1003] device veth0_vlan left promiscuous mode [ 162.215684][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 162.230719][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 162.424940][ T5507] netlink: 'syz.0.2128': attribute type 15 has an invalid length. [ 162.437077][ T5507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2128'. [ 162.612799][ T5539] loop2: detected capacity change from 0 to 256 [ 162.619222][ T5539] exfat: Deprecated parameter 'namecase' [ 162.628182][ T5539] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 162.893281][ T302] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 163.120875][ T341] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 163.128535][ T39] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 163.283543][ T302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.294396][ T302] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 163.307231][ T302] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 163.316163][ T302] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.325443][ T302] usb 4-1: config 0 descriptor?? [ 163.402709][ T39] usb 3-1: Using ep0 maxpacket: 8 [ 163.407644][ T341] usb 1-1: Using ep0 maxpacket: 8 [ 163.519456][ T28] kauditd_printk_skb: 84 callbacks suppressed [ 163.519473][ T28] audit: type=1400 audit(1861131516.678:858): avc: denied { mounton } for pid=5580 comm="syz.4.2164" path=2F31352FE91F7189591E9233614B dev="tmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 163.576141][ T341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.587018][ T39] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 163.595357][ T39] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 163.603767][ T341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.613334][ T39] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 163.622403][ T341] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 163.631216][ T39] usb 3-1: config 250 has no interface number 0 [ 163.637276][ T39] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 163.648709][ T341] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.656828][ T39] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 163.667702][ T341] usb 1-1: config 0 descriptor?? [ 163.672571][ T39] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 163.682606][ T39] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 163.692749][ T39] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 163.706188][ T39] usb 3-1: config 250 interface 228 has no altsetting 0 [ 163.848242][ T302] plantronics 0003:047F:FFFF.004C: No inputs registered, leaving [ 163.857064][ T302] plantronics 0003:047F:FFFF.004C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 163.879566][ T39] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 163.888440][ T39] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 163.896690][ T39] usb 3-1: Product: syz [ 163.900659][ T39] usb 3-1: SerialNumber: syz [ 163.945244][ T39] hub 3-1:250.228: bad descriptor, ignoring hub [ 163.951416][ T39] hub: probe of 3-1:250.228 failed with error -5 [ 164.151263][ T4291] usb 4-1: USB disconnect, device number 28 [ 164.173047][ T341] hid-picolcd 0003:04D8:F002.004D: unknown main item tag 0x0 [ 164.180303][ T341] hid-picolcd 0003:04D8:F002.004D: item fetching failed at offset 5/7 [ 164.188937][ T341] hid-picolcd 0003:04D8:F002.004D: device report parse failed [ 164.197036][ T39] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 28 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 164.210650][ T341] hid-picolcd: probe of 0003:04D8:F002.004D failed with error -22 [ 164.237434][ T39] usb 3-1: USB disconnect, device number 28 [ 164.244092][ T39] usblp0: removed [ 164.390317][ T4291] usb 1-1: USB disconnect, device number 27 [ 164.432428][ T5584] syz.4.2165[5584] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.432510][ T5584] syz.4.2165[5584] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.512465][ T28] audit: type=1400 audit(1861131517.592:859): avc: denied { write } for pid=5593 comm="syz.4.2170" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 164.647115][ T5604] syz.4.2174[5604] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.647173][ T5604] syz.4.2174[5604] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.720372][ T28] audit: type=1400 audit(1861131517.786:860): avc: denied { name_bind } for pid=5611 comm="syz.4.2177" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 164.843711][ T5610] loop3: detected capacity change from 0 to 40427 [ 164.852811][ T5610] F2FS-fs (loop3): Found nat_bits in checkpoint [ 164.895740][ T5610] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 164.912556][ T1925] syz-executor: attempt to access beyond end of device [ 164.912556][ T1925] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 164.937840][ T28] audit: type=1400 audit(1861131517.989:861): avc: denied { mount } for pid=5625 comm="syz.2.2183" name="/" dev="cgroup" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 164.976319][ T28] audit: type=1400 audit(1861131518.016:862): avc: denied { unmount } for pid=5108 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 165.040170][ T28] audit: type=1400 audit(1861131518.081:863): avc: denied { create } for pid=5635 comm="syz.0.2188" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 165.165361][ T28] audit: type=1400 audit(1861131518.192:864): avc: denied { write } for pid=5641 comm="syz.3.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 165.169112][ T5634] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2187'. [ 165.193605][ T302] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 165.216356][ T5634] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 165.287184][ T5638] loop0: detected capacity change from 0 to 40427 [ 165.299547][ T5638] F2FS-fs (loop0): invalid crc value [ 165.314660][ T5638] F2FS-fs (loop0): Found nat_bits in checkpoint [ 165.385681][ T5638] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 165.403666][ T28] audit: type=1400 audit(1861131518.413:865): avc: denied { write } for pid=5637 comm="syz.0.2189" path="/321/file0/file0" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 165.415021][ T5665] loop2: detected capacity change from 0 to 512 [ 165.438356][ T5665] EXT4-fs: Ignoring removed nomblk_io_submit option [ 165.445072][ T1793] syz-executor: attempt to access beyond end of device [ 165.445072][ T1793] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 165.446385][ T5665] EXT4-fs (loop2): Test dummy encryption mode enabled [ 165.461850][ T302] usb 5-1: Using ep0 maxpacket: 16 [ 165.472099][ T5665] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #17: comm syz.2.2200: iget: bogus i_mode (0) [ 165.483673][ T5665] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.2200: couldn't read orphan inode 17 (err -117) [ 165.496673][ T5665] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 165.510496][ T5665] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.2200: bg 0: block 7: invalid block bitmap [ 165.523506][ T5665] incfs: Can't find or create .index dir in ./file0 [ 165.530098][ T5665] incfs: mount failed -28 [ 165.543191][ T5108] EXT4-fs (loop2): unmounting filesystem. [ 165.557961][ T28] audit: type=1400 audit(1861131518.552:866): avc: denied { bind } for pid=5668 comm="syz.2.2202" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 165.581151][ T39] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 165.592113][ T302] usb 5-1: config 0 has no interfaces? [ 165.601175][ T28] audit: type=1400 audit(1861131518.579:867): avc: denied { ioctl } for pid=5670 comm="syz.0.2201" path="socket:[39556]" dev="sockfs" ino=39556 ioctlcmd=0x52d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 165.776189][ T302] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 165.785204][ T302] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.793234][ T302] usb 5-1: Product: syz [ 165.797306][ T302] usb 5-1: Manufacturer: syz [ 165.801718][ T302] usb 5-1: SerialNumber: syz [ 165.807114][ T302] r8152-cfgselector 5-1: config 0 descriptor?? [ 165.817331][ T5680] loop2: detected capacity change from 0 to 128 [ 165.825599][ T5680] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 165.834110][ T5680] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038 (0x7fffffff) [ 165.851153][ T5108] EXT4-fs (loop2): unmounting filesystem. [ 166.047170][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.062564][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.064005][ T5689] loop2: detected capacity change from 0 to 512 [ 166.072738][ T39] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 166.087339][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.096387][ T39] usb 4-1: config 0 descriptor?? [ 166.102418][ T5689] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #17: comm syz.2.2208: iget: bogus i_mode (0) [ 166.114136][ T5689] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.2208: couldn't read orphan inode 17 (err -117) [ 166.126085][ T5689] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 166.136071][ T5689] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.2208: bg 0: block 7: invalid block bitmap [ 166.153473][ T5108] EXT4-fs (loop2): unmounting filesystem. [ 166.247097][ T10] usb 5-1: config 0 descriptor?? [ 166.331731][ T644] usb 5-1: USB disconnect, device number 23 [ 166.339725][ T10] usb 5-1: can't set config #0, error -71 [ 166.533415][ T5711] loop0: detected capacity change from 0 to 256 [ 166.539604][ T302] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 166.544653][ T5711] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d) [ 166.565295][ T5704] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.572285][ T5704] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.579722][ T5704] device bridge_slave_0 entered promiscuous mode [ 166.586720][ T5704] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.593615][ T5704] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.600964][ T5704] device bridge_slave_1 entered promiscuous mode [ 166.622814][ T39] keytouch 0003:0926:3333.004E: fixing up Keytouch IEC report descriptor [ 166.637244][ T39] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.004E/input/input39 [ 166.700183][ T5718] loop0: detected capacity change from 0 to 128 [ 166.704823][ T5704] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.706691][ T5718] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 166.713165][ T5704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.713289][ T5704] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.737841][ T39] keytouch 0003:0926:3333.004E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 166.738564][ T5704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.757883][ T5718] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 166.791250][ T346] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 166.795360][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.807165][ T302] usb 3-1: Using ep0 maxpacket: 16 [ 166.814178][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.821848][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.841103][ T636] usb 4-1: USB disconnect, device number 29 [ 166.852892][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.861006][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.867876][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.875401][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.884157][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.891012][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.914958][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.922818][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.933768][ T5726] SELinux: failed to load policy [ 166.935930][ T302] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.956159][ T5704] device veth0_vlan entered promiscuous mode [ 166.959804][ T302] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 166.975625][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 166.981153][ T302] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 166.992943][ T302] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 166.994439][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 167.015155][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 167.026000][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 167.030250][ T302] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 167.043685][ T5704] device veth1_macvtap entered promiscuous mode [ 167.068371][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 167.078044][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 167.088931][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 167.132739][ T302] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 167.151578][ T302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 167.160825][ T302] usb 3-1: SerialNumber: syz [ 167.195948][ T5702] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 167.220279][ T302] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 167.230244][ T302] cdc_acm: probe of 3-1:1.0 failed with error -12 [ 167.305419][ T10] device bridge_slave_1 left promiscuous mode [ 167.311466][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.319538][ T10] device bridge_slave_0 left promiscuous mode [ 167.325508][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.333996][ T10] device veth1_macvtap left promiscuous mode [ 167.340004][ T644] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 167.347799][ T10] device veth0_vlan left promiscuous mode [ 167.438612][ T5024] usb 3-1: USB disconnect, device number 29 [ 167.445152][ T341] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 167.727078][ T341] usb 1-1: Using ep0 maxpacket: 8 [ 167.738253][ T644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 167.749317][ T644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 167.760347][ T644] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 167.773105][ T644] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 167.781939][ T302] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 167.789308][ T644] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.798046][ T644] usb 5-1: config 0 descriptor?? [ 167.824799][ T5734] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 167.867928][ T341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.878724][ T341] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.888189][ T341] usb 1-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 167.897149][ T341] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.905520][ T341] usb 1-1: config 0 descriptor?? [ 168.171818][ T302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.182710][ T302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.192308][ T302] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 168.201568][ T302] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.217109][ T302] usb 4-1: config 0 descriptor?? [ 168.301345][ T19] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 168.302357][ T5785] netlink: 'syz.1.2251': attribute type 11 has an invalid length. [ 168.325866][ T644] plantronics 0003:047F:FFFF.004F: unknown main item tag 0x0 [ 168.333226][ T644] plantronics 0003:047F:FFFF.004F: unknown main item tag 0x0 [ 168.340723][ T644] plantronics 0003:047F:FFFF.004F: unknown main item tag 0x0 [ 168.348524][ T644] plantronics 0003:047F:FFFF.004F: unknown main item tag 0x0 [ 168.355980][ T644] plantronics 0003:047F:FFFF.004F: unknown main item tag 0x0 [ 168.363210][ T644] plantronics 0003:047F:FFFF.004F: unknown main item tag 0x0 [ 168.370638][ T644] plantronics 0003:047F:FFFF.004F: No inputs registered, leaving [ 168.380288][ T644] plantronics 0003:047F:FFFF.004F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 168.443485][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.450798][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.458114][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.465376][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.472529][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.479777][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.487110][ T341] playstation 0003:054C:0CE6.0050: unknown main item tag 0x0 [ 168.495464][ T341] playstation 0003:054C:0CE6.0050: hidraw1: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.0-1/input0 [ 168.525340][ T5792] SELinux: failed to load policy [ 168.561510][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 168.616459][ T636] usb 5-1: USB disconnect, device number 24 [ 168.669894][ T341] playstation 0003:054C:0CE6.0050: Invalid byte count transferred, expected 20 got 0 [ 168.679608][ T341] playstation 0003:054C:0CE6.0050: Failed to retrieve DualSense pairing info: -22 [ 168.688672][ T341] playstation 0003:054C:0CE6.0050: Failed to get MAC address from DualSense [ 168.691684][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.697245][ T341] playstation 0003:054C:0CE6.0050: Failed to create dualsense. [ 168.708366][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.717278][ T341] playstation: probe of 0003:054C:0CE6.0050 failed with error -22 [ 168.725078][ T19] usb 3-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 168.742263][ T302] sony 0003:054C:024B.0051: unknown main item tag 0x0 [ 168.748909][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.756803][ T302] sony 0003:054C:024B.0051: unknown main item tag 0x0 [ 168.763403][ T302] sony 0003:054C:024B.0051: unknown main item tag 0x0 [ 168.770402][ T302] sony 0003:054C:024B.0051: unknown main item tag 0x0 [ 168.777192][ T19] usb 3-1: config 0 descriptor?? [ 168.782395][ T302] sony 0003:054C:024B.0051: item fetching failed at offset 4/5 [ 168.789990][ T302] sony 0003:054C:024B.0051: parse failed [ 168.795507][ T302] sony: probe of 0003:054C:024B.0051 failed with error -22 [ 168.889564][ T341] usb 1-1: USB disconnect, device number 28 [ 168.959365][ T4291] usb 4-1: USB disconnect, device number 30 [ 168.962445][ T302] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 169.173877][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 169.173895][ T28] audit: type=1400 audit(1861131521.892:916): avc: denied { unmount } for pid=5458 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 169.222537][ T302] usb 2-1: Using ep0 maxpacket: 8 [ 169.299643][ T19] ntrig 0003:1B96:0008.0052: unbalanced collection at end of report description [ 169.308788][ T19] ntrig 0003:1B96:0008.0052: parse failed [ 169.314551][ T19] ntrig: probe of 0003:1B96:0008.0052 failed with error -22 [ 169.352627][ T302] usb 2-1: config 135 has an invalid interface number: 230 but max is 0 [ 169.360804][ T302] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 169.370942][ T302] usb 2-1: config 135 has no interface number 0 [ 169.376993][ T302] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 169.453654][ T28] audit: type=1400 audit(1861131522.159:917): avc: denied { validate_trans } for pid=5810 comm="syz.0.2263" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 169.493528][ T4291] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 169.519803][ T19] usb 3-1: USB disconnect, device number 30 [ 169.558592][ T302] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 169.567706][ T302] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.575961][ T302] usb 2-1: Product: syz [ 169.580155][ T302] usb 2-1: Manufacturer: syz [ 169.584573][ T302] usb 2-1: SerialNumber: syz [ 169.637283][ T302] usb 2-1: Found UVC 0.00 device syz (18ec:3288) [ 169.643480][ T302] usb 2-1: No valid video chain found. [ 169.818687][ T4291] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 169.853206][ T5024] usb 2-1: USB disconnect, device number 27 [ 170.027353][ T5837] loop3: detected capacity change from 0 to 40427 [ 170.034217][ T5837] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 170.041855][ T5837] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 170.051948][ T5837] F2FS-fs (loop3): Found nat_bits in checkpoint [ 170.088319][ T5837] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 170.100602][ T5837] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 170.129918][ T28] audit: type=1400 audit(1861131522.777:918): avc: denied { create } for pid=5836 comm="syz.3.2275" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 170.172220][ T28] audit: type=1400 audit(1861131522.777:919): avc: denied { remove_name } for pid=5836 comm="syz.3.2275" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 170.216032][ T28] audit: type=1400 audit(1861131522.777:920): avc: denied { rename } for pid=5836 comm="syz.3.2275" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 170.259260][ T28] audit: type=1400 audit(1861131522.777:921): avc: denied { unlink } for pid=5836 comm="syz.3.2275" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 170.321851][ T28] audit: type=1400 audit(1861131522.953:922): avc: denied { append } for pid=5850 comm="syz.3.2279" name="001" dev="devtmpfs" ino=144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 170.331260][ T5854] tipc: Started in network mode [ 170.346554][ T28] audit: type=1400 audit(1861131522.962:923): avc: denied { create } for pid=5853 comm="syz.2.2281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 170.351885][ T5854] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 170.383480][ T5854] tipc: Enabling of bearer rejected, failed to enable media [ 170.420159][ T28] audit: type=1400 audit(1861131523.045:924): avc: denied { read } for pid=5859 comm="syz.3.2285" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 170.443916][ T28] audit: type=1400 audit(1861131523.045:925): avc: denied { open } for pid=5859 comm="syz.3.2285" path="/dev/ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 170.490078][ T5866] loop1: detected capacity change from 0 to 512 [ 170.505771][ T5866] EXT4-fs: Ignoring removed mblk_io_submit option [ 170.517093][ T5868] loop3: detected capacity change from 0 to 256 [ 170.523999][ T5866] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b816c118, mo2=0002] [ 170.529866][ T5868] exfat: Deprecated parameter 'utf8' [ 170.537320][ T5866] System zones: 1-12 [ 170.542297][ T5866] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz.1.2287: corrupted in-inode xattr [ 170.556111][ T5866] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.2287: couldn't read orphan inode 15 (err -117) [ 170.564756][ T5868] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001207e, chksum : 0x9e35a9ea, utbl_chksum : 0xe619d30d) [ 170.571922][ T5866] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 170.627977][ T5704] EXT4-fs (loop1): unmounting filesystem. [ 170.651399][ T5884] loop0: detected capacity change from 0 to 256 [ 170.660182][ T5884] exfat: Deprecated parameter 'namecase' [ 170.705846][ T5884] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 170.722613][ T5024] kernel write not supported for file /input/event0 (pid: 5024 comm: kworker/1:6) [ 170.739905][ T4291] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 170.759855][ T4291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.824337][ T5906] loop0: detected capacity change from 0 to 128 [ 170.881915][ T5906] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 170.907424][ T5906] ext4 filesystem being mounted at /349/mnt supports timestamps until 2038 (0x7fffffff) [ 171.049953][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 171.151673][ T302] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 171.292585][ T4291] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 171.299303][ T4291] usb 5-1: No valid video chain found. [ 171.318591][ T5900] loop3: detected capacity change from 0 to 131072 [ 171.328276][ T5900] F2FS-fs (loop3): Found nat_bits in checkpoint [ 171.365383][ T5900] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 171.487681][ T636] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 171.511046][ T19] usb 5-1: USB disconnect, device number 25 [ 171.574405][ T302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.585567][ T302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.588753][ T5947] loop3: detected capacity change from 0 to 256 [ 171.595247][ T302] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 171.610695][ T302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.614366][ T5947] FAT-fs (loop3): Directory bread(block 64) failed [ 171.620399][ T302] usb 3-1: config 0 descriptor?? [ 171.628747][ T5947] FAT-fs (loop3): Directory bread(block 65) failed [ 171.635978][ T5947] FAT-fs (loop3): Directory bread(block 66) failed [ 171.642448][ T5947] FAT-fs (loop3): Directory bread(block 67) failed [ 171.648808][ T5947] FAT-fs (loop3): Directory bread(block 68) failed [ 171.655492][ T5947] FAT-fs (loop3): Directory bread(block 69) failed [ 171.661903][ T5947] FAT-fs (loop3): Directory bread(block 70) failed [ 171.668232][ T5947] FAT-fs (loop3): Directory bread(block 71) failed [ 171.674565][ T5947] FAT-fs (loop3): Directory bread(block 72) failed [ 171.680897][ T5947] FAT-fs (loop3): Directory bread(block 73) failed [ 171.698313][ T5947] syz.3.2321: attempt to access beyond end of device [ 171.698313][ T5947] loop3: rw=2051, sector=1224, nr_sectors = 64 limit=256 [ 171.899515][ T636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.910276][ T636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.919791][ T636] usb 2-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 171.933989][ T636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.945666][ T636] usb 2-1: config 0 descriptor?? [ 172.182254][ T302] zydacron 0003:13EC:0006.0053: unknown main item tag 0x0 [ 172.189451][ T302] zydacron 0003:13EC:0006.0053: unknown main item tag 0x0 [ 172.197468][ T302] zydacron 0003:13EC:0006.0053: report_id 0 is invalid [ 172.204214][ T302] zydacron 0003:13EC:0006.0053: item 0 1 1 8 parsing failed [ 172.211417][ T302] zydacron 0003:13EC:0006.0053: parse failed [ 172.217430][ T302] zydacron: probe of 0003:13EC:0006.0053 failed with error -22 [ 172.250051][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x4 [ 172.257660][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x2 [ 172.265096][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.272717][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.280191][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.287640][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.295240][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.302716][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.310158][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.317658][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.325110][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.332570][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.340069][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.347494][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.354980][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.362430][ T302] hid-generic 0000:3000000:0000.0054: unknown main item tag 0x0 [ 172.365499][ T5024] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 172.370560][ T302] hid-generic 0000:3000000:0000.0054: hidraw0: HID v0.00 Device [sy] on syz0 [ 172.400145][ T5993] loop4: detected capacity change from 0 to 16 [ 172.406505][ T4291] usb 3-1: USB disconnect, device number 31 [ 172.411717][ T5993] erofs: (device loop4): mounted with root inode @ nid 36. [ 172.453429][ T636] cypress 0003:04B4:07B1.0055: unknown main item tag 0x6 [ 172.462247][ T636] cypress 0003:04B4:07B1.0055: item fetching failed at offset 4/5 [ 172.475107][ T636] cypress 0003:04B4:07B1.0055: parse failed [ 172.480854][ T636] cypress: probe of 0003:04B4:07B1.0055 failed with error -22 [ 172.582400][ T6006] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2348'. [ 172.591273][ T6006] IPv6: Can't replace route, no match found [ 172.670613][ T331] usb 2-1: USB disconnect, device number 28 [ 172.766677][ T5024] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.777640][ T5024] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 172.787181][ T5024] usb 4-1: New USB device found, idVendor=0925, idProduct=0005, bcdDevice= 0.00 [ 172.796086][ T5024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.804457][ T5024] usb 4-1: config 0 descriptor?? [ 172.940114][ T4291] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 173.072154][ T6018] loop2: detected capacity change from 0 to 40427 [ 173.079034][ T6018] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 173.085949][ T6018] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 173.094766][ T6018] F2FS-fs (loop2): invalid crc value [ 173.101100][ T6018] F2FS-fs (loop2): Found nat_bits in checkpoint [ 173.135402][ T6018] F2FS-fs (loop2): Start checkpoint disabled! [ 173.142168][ T6018] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 173.149181][ T6018] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 173.162705][ T6018] syz.2.2354: attempt to access beyond end of device [ 173.162705][ T6018] loop2: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 173.177443][ T6018] syz.2.2354: attempt to access beyond end of device [ 173.177443][ T6018] loop2: rw=0, sector=53376, nr_sectors = 8 limit=40427 [ 173.205962][ T43] kworker/u4:2: attempt to access beyond end of device [ 173.205962][ T43] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 173.320120][ T5024] smartjoyplus 0003:0925:0005.0056: unbalanced collection at end of report description [ 173.329781][ T5024] smartjoyplus 0003:0925:0005.0056: parse failed [ 173.336027][ T4291] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 173.347170][ T4291] usb 5-1: config 0 has no interfaces? [ 173.353735][ T4291] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice= 0.00 [ 173.362806][ T5024] smartjoyplus: probe of 0003:0925:0005.0056 failed with error -22 [ 173.370646][ T4291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.379342][ T6035] loop2: detected capacity change from 0 to 256 [ 173.387359][ T4291] usb 5-1: config 0 descriptor?? [ 173.485387][ T6049] loop2: detected capacity change from 0 to 256 [ 173.539632][ T4291] usb 4-1: USB disconnect, device number 31 [ 173.694368][ T302] usb 5-1: USB disconnect, device number 26 [ 173.747228][ T6058] netlink: 'syz.2.2369': attribute type 3 has an invalid length. [ 173.764207][ T636] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 173.776488][ T6060] loop2: detected capacity change from 0 to 256 [ 173.790964][ T6060] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 174.164630][ T636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.175416][ T636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.184878][ T636] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 174.194626][ T636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.203454][ T636] usb 2-1: config 0 descriptor?? [ 174.218768][ T4291] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 174.392247][ T341] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 174.402681][ T6089] syz.0.2384[6089] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.402761][ T6089] syz.0.2384[6089] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.584951][ T6100] loop4: detected capacity change from 0 to 128 [ 174.609065][ T4291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.620598][ T4291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.632748][ T4291] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 174.648465][ T4291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.656474][ T341] usb 4-1: Using ep0 maxpacket: 8 [ 174.662764][ T4291] usb 3-1: config 0 descriptor?? [ 174.681125][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 174.681142][ T28] audit: type=1326 audit(1861131526.976:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6107 comm="syz.4.2393" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0af977def9 code=0x0 [ 174.750766][ T636] lg-g15 0003:046D:C222.0057: unknown main item tag 0x0 [ 174.757615][ T636] lg-g15 0003:046D:C222.0057: item fetching failed at offset 10/11 [ 174.766110][ T636] lg-g15: probe of 0003:046D:C222.0057 failed with error -22 [ 174.966612][ T341] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d [ 174.975670][ T341] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.977465][ T636] usb 2-1: USB disconnect, device number 29 [ 174.985656][ T341] usb 4-1: Product: syz [ 174.993269][ T341] usb 4-1: Manufacturer: syz [ 174.997680][ T341] usb 4-1: SerialNumber: syz [ 175.002793][ T341] usb 4-1: config 0 descriptor?? [ 175.043129][ T341] usb_ehset_test: probe of 4-1:0.0 failed with error -32 [ 175.184095][ T4291] holtek 0003:1241:5015.0058: item fetching failed at offset 1/5 [ 175.191893][ T4291] holtek 0003:1241:5015.0058: parse failed [ 175.197593][ T4291] holtek: probe of 0003:1241:5015.0058 failed with error -22 [ 175.261089][ T4291] usb 4-1: USB disconnect, device number 32 [ 175.401464][ T39] usb 3-1: USB disconnect, device number 32 [ 175.552971][ T6114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2395'. [ 175.596185][ T28] audit: type=1400 audit(1861131527.825:951): avc: denied { getopt } for pid=6117 comm="syz.4.2397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 175.650139][ T6122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2399'. [ 175.677357][ T28] audit: type=1400 audit(1861131527.898:952): avc: denied { connect } for pid=6129 comm="syz.1.2403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 175.700392][ T28] audit: type=1400 audit(1861131527.917:953): avc: denied { write } for pid=6129 comm="syz.1.2403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 175.709756][ T6132] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 175.755325][ T28] audit: type=1400 audit(1861131527.963:954): avc: denied { mount } for pid=6136 comm="syz.4.2406" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 175.813387][ T28] audit: type=1400 audit(1861131528.028:955): avc: denied { read } for pid=6147 comm="syz.1.2412" name="ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 175.848913][ T28] audit: type=1400 audit(1861131528.028:956): avc: denied { open } for pid=6147 comm="syz.1.2412" path="/dev/ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 175.872868][ T28] audit: type=1400 audit(1861131528.028:957): avc: denied { ioctl } for pid=6147 comm="syz.1.2412" path="/dev/ptp0" dev="devtmpfs" ino=172 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 175.935405][ T6156] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 175.973855][ T28] audit: type=1400 audit(1861131528.166:958): avc: denied { read } for pid=6159 comm="syz.3.2418" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 176.004327][ T28] audit: type=1400 audit(1861131528.194:959): avc: denied { open } for pid=6159 comm="syz.3.2418" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 176.041881][ T6166] loop2: detected capacity change from 0 to 128 [ 176.069787][ T6166] FAT-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value [ 176.074523][ T6153] loop1: detected capacity change from 0 to 40427 [ 176.086447][ T6153] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 176.094669][ T6153] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 176.106916][ T6153] F2FS-fs (loop1): Found nat_bits in checkpoint [ 176.169423][ T6153] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 176.176611][ T6153] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 176.328985][ T6189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2430'. [ 176.427155][ T6199] loop2: detected capacity change from 0 to 512 [ 176.441962][ T6199] EXT4-fs (loop2): 1 truncate cleaned up [ 176.447479][ T6199] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 176.457246][ T6199] EXT4-fs (loop2): unmounting filesystem. [ 176.628321][ T6210] syz.2.2437[6210] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 176.628404][ T6210] syz.2.2437[6210] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 176.728816][ T6219] overlayfs: failed to set xattr on upper [ 177.031020][ T6235] loop4: detected capacity change from 0 to 128 [ 177.045276][ T6235] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 177.080591][ T5458] EXT4-fs (loop4): unmounting filesystem. [ 177.090757][ T4291] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 177.343465][ T6255] loop1: detected capacity change from 0 to 2048 [ 177.361753][ T4291] usb 3-1: Using ep0 maxpacket: 32 [ 177.368620][ T6255] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 177.385904][ T6255] EXT4-fs (loop1): shut down requested (2) [ 177.399618][ T5704] EXT4-fs (loop1): unmounting filesystem. [ 177.491814][ T4291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.502712][ T4291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.512262][ T4291] usb 3-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 177.521601][ T4291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.530320][ T4291] usb 3-1: config 0 descriptor?? [ 177.773544][ T5024] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 177.866766][ T6279] serio: Serial port ptm0 [ 177.914417][ T302] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 178.056449][ T4291] greenasia 0003:0E8F:0012.0059: item fetching failed at offset 0/3 [ 178.064490][ T4291] greenasia 0003:0E8F:0012.0059: parse failed [ 178.070543][ T4291] greenasia: probe of 0003:0E8F:0012.0059 failed with error -22 [ 178.163722][ T5024] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.174497][ T5024] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.183972][ T5024] usb 2-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 178.192866][ T5024] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.201530][ T5024] usb 2-1: config 0 descriptor?? [ 178.275538][ T636] usb 3-1: USB disconnect, device number 33 [ 178.337143][ T302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.348164][ T302] usb 4-1: New USB device found, idVendor=056a, idProduct=0093, bcdDevice= 0.00 [ 178.357162][ T302] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.376430][ T302] usb 4-1: config 0 descriptor?? [ 178.717453][ T5024] elo 0003:04E7:0030.005A: item fetching failed at offset 5/7 [ 178.731243][ T6306] loop4: detected capacity change from 0 to 512 [ 178.732451][ T5024] elo 0003:04E7:0030.005A: parse failed [ 178.737971][ T6306] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 178.748494][ T5024] elo: probe of 0003:04E7:0030.005A failed with error -22 [ 178.757904][ T6306] EXT4-fs (loop4): 1 truncate cleaned up [ 178.764989][ T6306] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 178.783221][ T6306] EXT4-fs (loop4): shut down requested (0) [ 178.795897][ T5458] EXT4-fs (loop4): unmounting filesystem. [ 178.814652][ T6312] loop4: detected capacity change from 0 to 1024 [ 178.821152][ T6312] EXT4-fs: Ignoring removed oldalloc option [ 178.827516][ T6312] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 178.841743][ T6312] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 178.850361][ T6312] EXT4-fs (loop4): orphan cleanup on readonly fs [ 178.856741][ T6312] EXT4-fs error (device loop4): ext4_free_blocks:6213: comm syz.4.2480: Freeing blocks not in datazone - block = 0, count = 4096 [ 178.878653][ T6312] EXT4-fs (loop4): Remounting filesystem read-only [ 178.890477][ T6312] EXT4-fs (loop4): 1 orphan inode deleted [ 178.896248][ T6312] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 178.914453][ T5458] EXT4-fs (loop4): unmounting filesystem. [ 178.935768][ T6325] loop0: detected capacity change from 0 to 512 [ 178.951447][ T302] wacom 0003:056A:0093.005B: item fetching failed at offset 3/5 [ 178.953262][ T6325] EXT4-fs: Ignoring removed oldalloc option [ 178.967968][ T302] wacom 0003:056A:0093.005B: parse failed [ 178.971029][ T6325] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.2486: Parent and EA inode have the same ino 15 [ 178.973626][ T302] wacom: probe of 0003:056A:0093.005B failed with error -22 [ 178.986159][ T6325] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.2486: Parent and EA inode have the same ino 15 [ 178.998887][ T302] usb 2-1: USB disconnect, device number 30 [ 179.005882][ T6325] EXT4-fs (loop0): 1 orphan inode deleted [ 179.017108][ T6325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 179.029945][ T6325] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.0.2486: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 179.056675][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 179.166718][ T19] usb 4-1: USB disconnect, device number 33 [ 179.202037][ T6338] loop0: detected capacity change from 0 to 40427 [ 179.209918][ T6338] F2FS-fs (loop0): invalid crc value [ 179.216638][ T6338] F2FS-fs (loop0): Found nat_bits in checkpoint [ 179.252115][ T6338] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 179.268860][ T1793] syz-executor: attempt to access beyond end of device [ 179.268860][ T1793] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 179.319618][ T6349] loop2: detected capacity change from 0 to 512 [ 179.326509][ T6349] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 179.342240][ T6349] EXT4-fs (loop2): 1 orphan inode deleted [ 179.348719][ T6349] EXT4-fs (loop2): 1 truncate cleaned up [ 179.354234][ T6349] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 179.386900][ T5108] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 179.401644][ T5108] EXT4-fs (loop2): Remounting filesystem read-only [ 179.408094][ T5108] EXT4-fs error (device loop2): ext4_lookup:1855: inode #16: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 179.421697][ T5108] EXT4-fs error (device loop2): ext4_lookup:1855: inode #16: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 179.440273][ T5108] EXT4-fs (loop2): unmounting filesystem. [ 179.585575][ T6356] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.592569][ T6356] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.602234][ T6356] device bridge_slave_0 entered promiscuous mode [ 179.609484][ T6356] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.616698][ T6356] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.624471][ T6356] device bridge_slave_1 entered promiscuous mode [ 179.711399][ T6356] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.718319][ T6356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.725422][ T6356] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.732264][ T6356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.790932][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.800807][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.819831][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.825180][ T6370] syz.3.2503[6370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.826962][ T6370] syz.3.2503[6370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.830235][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.910604][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.918673][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.925565][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.952024][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.960100][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.966992][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.989128][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.997360][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.009076][ T43] tipc: Left network mode [ 180.017163][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 180.030086][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 180.038017][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 180.047184][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 180.067674][ T6356] device veth0_vlan entered promiscuous mode [ 180.088097][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 180.102388][ T6356] device veth1_macvtap entered promiscuous mode [ 180.120609][ T6394] loop4: detected capacity change from 0 to 512 [ 180.121970][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 180.135635][ T6394] EXT4-fs: Ignoring removed i_version option [ 180.142301][ T6394] EXT4-fs: Ignoring removed nobh option [ 180.148389][ T6394] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 180.158969][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 180.170135][ T6394] EXT4-fs (loop4): 1 truncate cleaned up [ 180.175612][ T6394] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 180.195324][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 180.195341][ T28] audit: type=1400 audit(1861131532.069:975): avc: denied { mounton } for pid=6393 comm="syz.4.2514" path="/115/bus/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 180.226463][ T5458] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /115/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 180.277344][ T5458] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 180.290116][ T6404] loop2: detected capacity change from 0 to 256 [ 180.301255][ T5458] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /115/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 180.328002][ T5458] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 180.331456][ T19] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 180.350773][ T6404] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xadbf5ead, utbl_chksum : 0xe619d30d) [ 180.355152][ T5458] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /115/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 180.374392][ T28] audit: type=1400 audit(1861131532.226:976): avc: denied { rename } for pid=6403 comm="syz.2.2518" name="file1" dev="loop2" ino=1048737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 180.412329][ T5458] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 180.432392][ T5458] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /115/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 180.454182][ T5458] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 180.474626][ T5458] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /115/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 180.497277][ T5458] EXT4-fs error (device loop4): ext4_empty_dir:3131: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 180.573385][ T6302] EXT4-fs (loop4): unmounting filesystem. [ 180.808124][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.824831][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.854359][ T6415] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.861422][ T6415] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.869228][ T6415] device bridge_slave_0 entered promiscuous mode [ 180.876454][ T43] device bridge_slave_1 left promiscuous mode [ 180.882846][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.890511][ T43] device bridge_slave_0 left promiscuous mode [ 180.896647][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.904931][ T43] device veth1_macvtap left promiscuous mode [ 180.910913][ T43] device veth0_vlan left promiscuous mode [ 180.927655][ T19] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 180.940202][ T19] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 180.956993][ T19] usb 2-1: Product: syz [ 180.971856][ T19] usb 2-1: config 0 descriptor?? [ 181.037677][ T6415] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.044697][ T6415] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.052133][ T6415] device bridge_slave_1 entered promiscuous mode [ 181.131657][ T6415] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.138566][ T6415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.145671][ T6415] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.152416][ T6415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.183575][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.191978][ T331] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.199300][ T331] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.226853][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.237473][ T644] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.244356][ T644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.252996][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.261043][ T644] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.267924][ T644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.287188][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.295041][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.316765][ T6415] device veth0_vlan entered promiscuous mode [ 181.323339][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 181.331591][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 181.340185][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 181.347455][ T644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 181.361408][ T6415] device veth1_macvtap entered promiscuous mode [ 181.373570][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 181.382032][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 181.390399][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 181.416614][ T6426] loop4: detected capacity change from 0 to 256 [ 181.425376][ T6426] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 181.433408][ T6426] FAT-fs (loop4): Filesystem has been set read-only [ 181.502707][ T19] konepure 0003:1E7D:2DB4.005C: item fetching failed at offset 10/11 [ 181.510790][ T19] konepure 0003:1E7D:2DB4.005C: parse failed [ 181.516666][ T19] konepure: probe of 0003:1E7D:2DB4.005C failed with error -22 [ 181.588435][ T4291] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 181.711725][ T6432] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 181.723244][ T341] usb 2-1: USB disconnect, device number 31 [ 181.740192][ T5024] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 181.769529][ T6438] loop4: detected capacity change from 0 to 2048 [ 181.786399][ T6438] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 181.795049][ T6438] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038 (0x7fffffff) [ 181.806877][ T28] audit: type=1400 audit(1861131533.555:977): avc: denied { read } for pid=6437 comm="syz.4.2532" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 181.828892][ T28] audit: type=1400 audit(1861131533.555:978): avc: denied { open } for pid=6437 comm="syz.4.2532" path="/6/file0/file0/file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 181.852347][ T28] audit: type=1400 audit(1861131533.555:979): avc: denied { ioctl } for pid=6437 comm="syz.4.2532" path="/6/file0/file0/file0" dev="loop4" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 181.853828][ T6415] EXT4-fs (loop4): unmounting filesystem. [ 181.877176][ T4291] usb 3-1: Using ep0 maxpacket: 32 [ 181.885395][ T28] audit: type=1400 audit(1861131533.555:980): avc: denied { write } for pid=6437 comm="syz.4.2532" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 181.958125][ T43] device bridge_slave_1 left promiscuous mode [ 181.964863][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.972587][ T43] device bridge_slave_0 left promiscuous mode [ 181.978761][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.987173][ T43] device veth1_macvtap left promiscuous mode [ 181.993466][ T43] device veth0_vlan left promiscuous mode [ 182.011144][ T4291] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 182.021993][ T4291] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 182.035155][ T4291] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 182.048842][ T4291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 182.063071][ T4291] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 182.072895][ T4291] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 182.085848][ T4291] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 182.094775][ T4291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.106672][ T4291] usb 3-1: config 0 descriptor?? [ 182.238725][ T341] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 182.257714][ T28] audit: type=1400 audit(1861131533.970:981): avc: denied { nlmsg_read } for pid=6455 comm="syz.4.2539" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 182.294896][ T28] audit: type=1400 audit(1861131534.007:982): avc: denied { create } for pid=6457 comm="syz.4.2540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 182.319842][ T6460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2541'. [ 182.330692][ T28] audit: type=1400 audit(1861131534.007:983): avc: denied { write } for pid=6457 comm="syz.4.2540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 182.350867][ T6460] Zero length message leads to an empty skb [ 182.351246][ T19] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 182.375967][ T19] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 182.387600][ T28] audit: type=1400 audit(1861131534.090:984): avc: denied { read } for pid=6464 comm="syz.1.2543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 182.391962][ T4291] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 182.542168][ T19] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 182.611091][ T644] usb 3-1: USB disconnect, device number 34 [ 182.639649][ C0] usblp0: nonzero read bulk status received: -108 [ 182.700720][ T6494] xt_hashlimit: size too large, truncated to 1048576 [ 182.704166][ T4291] kernel read not supported for file /vga_arbiter (pid: 4291 comm: kworker/1:5) [ 182.781267][ T6504] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 182.802292][ T19] usb 4-1: Using ep0 maxpacket: 32 [ 182.827914][ T6424] usblp0: removed [ 182.878096][ T4291] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 182.932925][ T19] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.935774][ T6510] device gre1 entered promiscuous mode [ 182.945116][ T19] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 182.949114][ T6510] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 182.959167][ T19] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 182.976004][ T19] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 183.073263][ T19] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 183.082180][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 183.090202][ T19] usb 4-1: SerialNumber: syz [ 183.116669][ T6454] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 183.123663][ T6454] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 183.268310][ T4291] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 183.278066][ T4291] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 183.286903][ T341] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 183.294267][ T4291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.345126][ T4291] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 183.367280][ T6454] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 183.374329][ T6454] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 183.562984][ T644] usb 5-1: USB disconnect, device number 27 [ 183.577580][ T6535] tmpfs: Unknown parameter '?O*ٱĞ DlvpV 9:$V&]VQ^<"bLy?PT`@g{ Pwڀ' [ 183.691046][ T341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.701817][ T341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.711376][ T341] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 183.720308][ T341] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.728974][ T341] usb 2-1: config 0 descriptor?? [ 183.855168][ T19] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 183.951114][ T331] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 184.232830][ T331] usb 3-1: Using ep0 maxpacket: 8 [ 184.244509][ T341] arvo 0003:1E7D:30D4.005D: unknown global tag 0xe [ 184.251506][ T341] arvo 0003:1E7D:30D4.005D: item 0 1 1 14 parsing failed [ 184.262645][ T341] arvo 0003:1E7D:30D4.005D: parse failed [ 184.268188][ T341] arvo: probe of 0003:1E7D:30D4.005D failed with error -22 [ 184.290299][ T341] usb 4-1: USB disconnect, device number 34 [ 184.298335][ T341] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 184.384640][ T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.400756][ T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.418501][ T331] usb 3-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 184.431520][ T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.442075][ T6589] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.453436][ T331] usb 3-1: config 0 descriptor?? [ 184.465137][ T302] usb 2-1: USB disconnect, device number 32 [ 184.828906][ T4291] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 184.847677][ T6608] loop3: detected capacity change from 0 to 128 [ 184.960264][ T331] hid-generic 0003:18D1:503C.005E: item fetching failed at offset 0/3 [ 184.971309][ T331] hid-generic: probe of 0003:18D1:503C.005E failed with error -22 [ 185.187169][ T302] usb 3-1: USB disconnect, device number 35 [ 185.392527][ T341] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 185.442358][ T6632] loop3: detected capacity change from 0 to 512 [ 185.449109][ T6632] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 185.457197][ T6632] EXT4-fs (loop3): invalid journal inode [ 185.462725][ T6632] EXT4-fs (loop3): can't get journal size [ 185.470107][ T6632] EXT4-fs (loop3): 1 truncate cleaned up [ 185.475626][ T6632] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 185.490063][ T4291] usb 5-1: string descriptor 0 read error: -22 [ 185.496272][ T4291] usb 5-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6 [ 185.497139][ T1925] EXT4-fs (loop3): unmounting filesystem. [ 185.505488][ T4291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.535104][ T4291] usb 5-1: config 0 descriptor?? [ 185.577464][ T4291] usb 5-1: Found UVC 0.00 device (30c9:0093) [ 185.585020][ T4291] usb 5-1: No valid video chain found. [ 185.629287][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 185.629305][ T28] audit: type=1400 audit(1861131537.079:1009): avc: denied { setopt } for pid=6640 comm="syz.3.2601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 185.654592][ T341] usb 2-1: Using ep0 maxpacket: 16 [ 185.659514][ T28] audit: type=1400 audit(1861131537.079:1010): avc: denied { write } for pid=6640 comm="syz.3.2601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 185.782750][ T341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.794068][ T341] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.795820][ T331] usb 5-1: USB disconnect, device number 28 [ 185.803548][ T341] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 185.803575][ T341] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.810148][ T341] usb 2-1: config 0 descriptor?? [ 185.945512][ T302] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 186.064409][ T19] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 186.084998][ T6653] loop0: detected capacity change from 0 to 128 [ 186.091619][ T6653] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 186.205581][ T302] usb 4-1: Using ep0 maxpacket: 16 [ 186.325500][ T341] cp2112 0003:10C4:EA90.005F: unexpected long global item [ 186.332646][ T341] cp2112 0003:10C4:EA90.005F: parse failed [ 186.338387][ T341] cp2112: probe of 0003:10C4:EA90.005F failed with error -22 [ 186.347348][ T302] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.435823][ T6661] loop4: detected capacity change from 0 to 512 [ 186.450094][ T6661] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 186.459126][ T6661] EXT4-fs (loop4): invalid journal inode [ 186.464636][ T6661] EXT4-fs (loop4): can't get journal size [ 186.472540][ T6661] EXT4-fs (loop4): 1 truncate cleaned up [ 186.478246][ T6661] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 186.492855][ T19] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 186.510066][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.524670][ T6415] EXT4-fs (loop4): unmounting filesystem. [ 186.530857][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.540616][ T19] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 186.566427][ T302] usb 4-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 186.587017][ T302] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.603019][ T302] usb 4-1: Product: syz [ 186.607230][ T302] usb 4-1: Manufacturer: syz [ 186.611648][ T302] usb 4-1: SerialNumber: syz [ 186.616867][ T302] usb 4-1: config 0 descriptor?? [ 186.622441][ T331] usb 2-1: USB disconnect, device number 33 [ 186.693054][ T19] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 186.701989][ T19] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 186.709878][ T19] usb 3-1: Manufacturer: syz [ 186.715117][ T19] usb 3-1: config 0 descriptor?? [ 187.115728][ T302] usb 4-1: Found UVC 0.00 device syz (045e:0721) [ 187.122000][ T302] usb 4-1: No valid video chain found. [ 187.235842][ T19] appleir 0003:05AC:8243.0060: unknown main item tag 0x0 [ 187.243406][ T19] appleir 0003:05AC:8243.0060: No inputs registered, leaving [ 187.256672][ T19] appleir 0003:05AC:8243.0060: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 187.324024][ T6695] loop0: detected capacity change from 0 to 512 [ 187.330738][ T6695] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 187.339010][ T6695] EXT4-fs (loop0): invalid journal inode [ 187.344784][ T6695] EXT4-fs (loop0): can't get journal size [ 187.344988][ T19] usb 4-1: USB disconnect, device number 35 [ 187.352427][ T6695] EXT4-fs (loop0): 1 truncate cleaned up [ 187.362094][ T6695] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 187.379698][ T1793] EXT4-fs (loop0): unmounting filesystem. [ 187.505931][ T4291] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 187.528976][ T636] usb 3-1: USB disconnect, device number 36 [ 187.766010][ T4291] usb 2-1: Using ep0 maxpacket: 8 [ 187.899850][ T4291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.918456][ T4291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.928137][ T4291] usb 2-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 187.937396][ T4291] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.949305][ T4291] usb 2-1: config 0 descriptor?? [ 187.965747][ T28] audit: type=1326 audit(1861131539.238:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6712 comm="syz.3.2628" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f529197def9 code=0x0 [ 188.482342][ T4291] hid-generic 0003:18D1:503C.0061: item fetching failed at offset 0/3 [ 188.490666][ T4291] hid-generic: probe of 0003:18D1:503C.0061 failed with error -22 [ 188.701613][ T636] usb 2-1: USB disconnect, device number 34 [ 188.895880][ T6761] loop2: detected capacity change from 0 to 128 [ 188.905053][ T28] audit: type=1400 audit(1861131540.106:1012): avc: denied { wake_alarm } for pid=6763 comm="syz.3.2651" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 188.906573][ T6761] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 188.927775][ T28] audit: type=1326 audit(1861131540.106:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.3.2651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f529197def9 code=0x0 [ 188.967117][ T6761] syz.2.2650: attempt to access beyond end of device [ 188.967117][ T6761] loop2: rw=3, sector=6950, nr_sectors = 2 limit=128 [ 188.980408][ T6761] syz.2.2650: attempt to access beyond end of device [ 188.980408][ T6761] loop2: rw=2051, sector=6952, nr_sectors = 942 limit=128 [ 189.388503][ T6795] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2667'. [ 189.823037][ T6812] loop1: detected capacity change from 0 to 128 [ 189.858277][ T28] audit: type=1400 audit(1861131540.982:1014): avc: denied { mounton } for pid=6811 comm="syz.1.2682" path="/92/file0" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 189.902331][ T28] audit: type=1326 audit(1861131541.019:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6817 comm="syz.4.2674" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f052177def9 code=0x0 [ 190.076345][ T6839] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2684'. [ 190.085503][ T6839] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2684'. [ 190.094252][ T6839] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2684'. [ 190.237425][ T6847] syz.1.2699[6847] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.237510][ T6847] syz.1.2699[6847] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.240299][ T6849] device batadv_slave_0 entered promiscuous mode [ 190.270377][ T6848] device batadv_slave_0 left promiscuous mode [ 190.426519][ T28] audit: type=1400 audit(1861131541.508:1016): avc: denied { write } for pid=6871 comm="syz.3.2700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 190.515176][ T28] audit: type=1400 audit(1861131541.582:1017): avc: denied { create } for pid=6876 comm="syz.2.2704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 190.526913][ T6879] loop1: detected capacity change from 0 to 1024 [ 190.542309][ T6879] EXT4-fs: Ignoring removed oldalloc option [ 190.553066][ T6879] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 190.571235][ T5704] EXT4-fs (loop1): unmounting filesystem. [ 190.757160][ T341] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 190.804422][ T6886] ================================================================== [ 190.812317][ T6886] BUG: KASAN: use-after-free in cpu_map_enqueue+0xb4/0x370 [ 190.819343][ T6886] Read of size 8 at addr ffff888118868108 by task syz.4.2706/6886 [ 190.826981][ T6886] [ 190.829165][ T6886] CPU: 1 PID: 6886 Comm: syz.4.2706 Not tainted 6.1.93-syzkaller-00019-g3b95e548676f #0 [ 190.838696][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 190.848611][ T6886] Call Trace: [ 190.851720][ T6886] [ 190.854497][ T6886] dump_stack_lvl+0x151/0x1b7 [ 190.859019][ T6886] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 190.864301][ T6886] ? _printk+0xd1/0x111 [ 190.868295][ T6886] ? __virt_addr_valid+0x242/0x2f0 [ 190.873246][ T6886] print_report+0x158/0x4e0 [ 190.877586][ T6886] ? __virt_addr_valid+0x242/0x2f0 [ 190.882527][ T6886] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 190.888608][ T6886] ? cpu_map_enqueue+0xb4/0x370 [ 190.893291][ T6886] kasan_report+0x13c/0x170 [ 190.897635][ T6886] ? cpu_map_enqueue+0xb4/0x370 [ 190.902317][ T6886] ? __alloc_pages+0x780/0x780 [ 190.906919][ T6886] __asan_report_load8_noabort+0x14/0x20 [ 190.912386][ T6886] cpu_map_enqueue+0xb4/0x370 [ 190.916897][ T6886] xdp_do_redirect+0x5b0/0xc60 [ 190.921502][ T6886] tun_xdp_act+0xdb/0xc00 [ 190.925676][ T6886] ? __kasan_check_write+0x14/0x20 [ 190.930609][ T6886] ? finish_task_switch+0x207/0x7b0 [ 190.935645][ T6886] ? tun_flow_update+0x560/0x560 [ 190.940418][ T6886] ? copy_page_from_iter+0x23b/0x2b0 [ 190.945542][ T6886] tun_get_user+0xb35/0x3a90 [ 190.950004][ T6886] ? release_firmware_map_entry+0x141/0x191 [ 190.955698][ T6886] ? tun_get_user+0x7e6/0x3a90 [ 190.960303][ T6886] ? tun_do_read+0x2000/0x2000 [ 190.963093][ T636] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 190.964894][ T6886] ? ref_tracker_alloc+0x31d/0x450 [ 190.964935][ T6886] ? futex_wait_setup+0x330/0x330 [ 190.982088][ T6886] ? avc_policy_seqno+0x1b/0x70 [ 190.986773][ T6886] ? tun_get+0xe9/0x120 [ 190.990760][ T6886] tun_chr_write_iter+0x129/0x210 [ 190.995621][ T6886] vfs_write+0x902/0xeb0 [ 190.999704][ T6886] ? file_end_write+0x1c0/0x1c0 [ 191.004388][ T6886] ? do_futex+0x55a/0x9a0 [ 191.008551][ T6886] ? __fget_files+0x2cb/0x330 [ 191.013068][ T6886] ? __fdget_pos+0x204/0x390 [ 191.017491][ T6886] ? ksys_write+0x77/0x2c0 [ 191.021744][ T6886] ksys_write+0x199/0x2c0 [ 191.025910][ T6886] ? __ia32_sys_read+0x90/0x90 [ 191.030536][ T6886] ? fpregs_restore_userregs+0x130/0x290 [ 191.035978][ T6886] __x64_sys_write+0x7b/0x90 [ 191.040403][ T6886] x64_sys_call+0x2f/0x9a0 [ 191.044654][ T6886] do_syscall_64+0x3b/0xb0 [ 191.048910][ T6886] ? clear_bhb_loop+0x55/0xb0 [ 191.053423][ T6886] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 191.059148][ T6886] RIP: 0033:0x7f052177c9df [ 191.063401][ T6886] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 191.082845][ T6886] RSP: 002b:00007f0522633000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 191.091088][ T6886] RAX: ffffffffffffffda RBX: 00007f0521935f80 RCX: 00007f052177c9df [ 191.098901][ T6886] RDX: 0000000000000066 RSI: 0000000020000900 RDI: 00000000000000c8 [ 191.106711][ T6886] RBP: 00007f05217f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 191.114524][ T6886] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000000 [ 191.122333][ T6886] R13: 0000000000000000 R14: 00007f0521935f80 R15: 00007ffd031a69a8 [ 191.130161][ T6886] [ 191.133168][ T6886] [ 191.135328][ T6886] Allocated by task 5458: [ 191.139498][ T6886] kasan_set_track+0x4b/0x70 [ 191.143926][ T6886] kasan_save_alloc_info+0x1f/0x30 [ 191.148871][ T6886] __kasan_kmalloc+0x9c/0xb0 [ 191.153292][ T6886] kmalloc_trace+0x44/0xa0 [ 191.157546][ T6886] kset_create_and_add+0x5c/0x2b0 [ 191.162408][ T6886] netdev_register_kobject+0x1a6/0x320 [ 191.167704][ T6886] register_netdevice+0xe43/0x1490 [ 191.172647][ T6886] veth_newlink+0x7fc/0xc70 [ 191.176985][ T6886] rtnl_newlink+0x14c6/0x2030 [ 191.181500][ T6886] rtnetlink_rcv_msg+0x9a5/0xca0 [ 191.186270][ T6886] netlink_rcv_skb+0x1cd/0x410 [ 191.190873][ T6886] rtnetlink_rcv+0x1c/0x20 [ 191.195128][ T6886] netlink_unicast+0x906/0xab0 [ 191.199865][ T6886] netlink_sendmsg+0xa15/0xd30 [ 191.204457][ T6886] __sys_sendto+0x480/0x600 [ 191.208799][ T6886] __x64_sys_sendto+0xe5/0x100 [ 191.213398][ T6886] x64_sys_call+0x15c/0x9a0 [ 191.217736][ T6886] do_syscall_64+0x3b/0xb0 [ 191.221986][ T6886] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 191.227718][ T6886] [ 191.229884][ T6886] Freed by task 43: [ 191.233537][ T6886] kasan_set_track+0x4b/0x70 [ 191.237964][ T6886] kasan_save_free_info+0x2b/0x40 [ 191.242830][ T6886] ____kasan_slab_free+0x131/0x180 [ 191.247769][ T6886] __kasan_slab_free+0x11/0x20 [ 191.252367][ T6886] __kmem_cache_free+0x218/0x3b0 [ 191.257138][ T6886] kfree+0x7a/0xf0 [ 191.260698][ T6886] kset_release+0x19/0x20 [ 191.264865][ T6886] kobject_put+0x178/0x260 [ 191.269114][ T6886] kset_unregister+0x6e/0x80 [ 191.273548][ T6886] netdev_unregister_kobject+0x175/0x260 [ 191.279017][ T6886] unregister_netdevice_many+0x122c/0x1740 [ 191.284661][ T6886] default_device_exit_batch+0x975/0xa00 [ 191.290118][ T6886] cleanup_net+0x6c9/0xbf0 [ 191.294370][ T6886] process_one_work+0x73d/0xcb0 [ 191.299058][ T6886] worker_thread+0xa60/0x1260 [ 191.303571][ T6886] kthread+0x26d/0x300 [ 191.307476][ T6886] ret_from_fork+0x1f/0x30 [ 191.311731][ T6886] [ 191.313902][ T6886] Last potentially related work creation: [ 191.319458][ T6886] kasan_save_stack+0x3b/0x60 [ 191.323968][ T6886] __kasan_record_aux_stack+0xb4/0xc0 [ 191.329183][ T6886] kasan_record_aux_stack_noalloc+0xb/0x10 [ 191.334815][ T6886] kvfree_call_rcu+0x9f/0x800 [ 191.339335][ T6886] fib_rules_unregister+0x341/0x370 [ 191.344366][ T6886] fib4_rules_exit+0x3b/0x40 [ 191.348811][ T6886] ip_fib_net_exit+0x344/0x3b0 [ 191.353389][ T6886] fib_net_exit_batch+0x47/0x90 [ 191.358079][ T6886] cleanup_net+0x6c9/0xbf0 [ 191.362331][ T6886] process_one_work+0x73d/0xcb0 [ 191.367017][ T6886] worker_thread+0xa60/0x1260 [ 191.371530][ T6886] kthread+0x26d/0x300 [ 191.375439][ T6886] ret_from_fork+0x1f/0x30 [ 191.379694][ T6886] [ 191.381862][ T6886] Second to last potentially related work creation: [ 191.388293][ T6886] kasan_save_stack+0x3b/0x60 [ 191.392796][ T6886] __kasan_record_aux_stack+0xb4/0xc0 [ 191.398003][ T6886] kasan_record_aux_stack_noalloc+0xb/0x10 [ 191.403655][ T6886] call_rcu+0xee/0x1340 [ 191.407636][ T6886] replace+0x19b/0x4b0 [ 191.411540][ T6886] resize+0xbaf/0x1d60 [ 191.415445][ T6886] fib_insert_alias+0xb20/0x1060 [ 191.420221][ T6886] fib_table_insert+0xa01/0x20a0 [ 191.424993][ T6886] fib_add_ifaddr+0x43f/0x15e0 [ 191.429597][ T6886] fib_inetaddr_event+0x159/0x310 [ 191.434452][ T6886] blocking_notifier_call_chain+0xbb/0x140 [ 191.440095][ T6886] __inet_insert_ifa+0x8fb/0xb10 [ 191.444868][ T6886] inet_rtm_newaddr+0x8f7/0x1780 [ 191.449641][ T6886] rtnetlink_rcv_msg+0x9a5/0xca0 [ 191.454414][ T6886] netlink_rcv_skb+0x1cd/0x410 [ 191.459014][ T6886] rtnetlink_rcv+0x1c/0x20 [ 191.463274][ T6886] netlink_unicast+0x906/0xab0 [ 191.467877][ T6886] netlink_sendmsg+0xa15/0xd30 [ 191.472468][ T6886] __sys_sendto+0x480/0x600 [ 191.476814][ T6886] __x64_sys_sendto+0xe5/0x100 [ 191.481409][ T6886] x64_sys_call+0x15c/0x9a0 [ 191.485748][ T6886] do_syscall_64+0x3b/0xb0 [ 191.490010][ T6886] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 191.495728][ T6886] [ 191.497907][ T6886] The buggy address belongs to the object at ffff888118868100 [ 191.497907][ T6886] which belongs to the cache kmalloc-192 of size 192 [ 191.511790][ T6886] The buggy address is located 8 bytes inside of [ 191.511790][ T6886] 192-byte region [ffff888118868100, ffff8881188681c0) [ 191.524717][ T6886] [ 191.526890][ T6886] The buggy address belongs to the physical page: [ 191.533138][ T6886] page:ffffea0004621a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118868 [ 191.543203][ T6886] flags: 0x4000000000000200(slab|zone=1) [ 191.548680][ T6886] raw: 4000000000000200 ffffea00043fa9c0 dead000000000002 ffff888100042c00 [ 191.557095][ T6886] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 191.565509][ T6886] page dumped because: kasan: bad access detected [ 191.571776][ T6886] page_owner tracks the page as allocated [ 191.577311][ T6886] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 105, tgid 105 (udevd), ts 5237009290, free_ts 0 [ 191.593717][ T6886] post_alloc_hook+0x213/0x220 [ 191.598439][ T6886] prep_new_page+0x1b/0x110 [ 191.602773][ T6886] get_page_from_freelist+0x27ea/0x2870 [ 191.608152][ T6886] __alloc_pages+0x3a1/0x780 [ 191.612580][ T6886] alloc_slab_page+0x6c/0xf0 [ 191.617005][ T6886] new_slab+0x90/0x3e0 [ 191.620911][ T6886] ___slab_alloc+0x6f9/0xb80 [ 191.625339][ T6886] __slab_alloc+0x5d/0xa0 [ 191.629503][ T6886] __kmem_cache_alloc_node+0x1af/0x250 [ 191.634796][ T6886] kmalloc_trace+0x2a/0xa0 [ 191.639055][ T6886] kernfs_fop_open+0x350/0xb10 [ 191.643652][ T6886] do_dentry_open+0x891/0x1250 [ 191.648250][ T6886] vfs_open+0x73/0x80 [ 191.652067][ T6886] path_openat+0x2532/0x2d60 [ 191.656494][ T6886] do_filp_open+0x230/0x480 [ 191.660835][ T6886] do_sys_openat2+0x151/0x890 [ 191.665379][ T6886] page_owner free stack trace missing [ 191.670565][ T6886] [ 191.672724][ T6886] Memory state around the buggy address: [ 191.678203][ T6886] ffff888118868000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 191.686265][ T6886] ffff888118868080: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 191.694151][ T6886] >ffff888118868100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 191.702050][ T6886] ^ [ 191.706218][ T6886] ffff888118868180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 191.714118][ T6886] ffff888118868200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 191.722009][ T6886] ================================================================== [ 191.729979][ T6886] Disabling lock debugging due to kernel taint [ 191.735990][ T6886] general protection fault, probably for non-canonical address 0xe0912d435ede0010: 0000 [#1] PREEMPT SMP KASAN [ 191.747446][ T6886] KASAN: maybe wild-memory-access in range [0x04898a1af6f00080-0x04898a1af6f00087] [ 191.756558][ T6886] CPU: 1 PID: 6886 Comm: syz.4.2706 Tainted: G B 6.1.93-syzkaller-00019-g3b95e548676f #0 [ 191.767575][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 191.777466][ T6886] RIP: 0010:cpu_map_enqueue+0x113/0x370 [ 191.782849][ T6886] Code: e8 03 42 80 3c 30 00 74 08 48 89 df e8 96 c9 24 00 4c 8b 23 4f 8d 74 3c 58 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 44 05 00 84 c0 0f 85 a8 01 00 00 4d 01 fc 41 8b 1e bf 08 [ 191.802289][ T6886] RSP: 0018:ffffc90007fa77a8 EFLAGS: 00010202 [ 191.808191][ T6886] RAX: dffffc0000000000 RBX: ffffffff86743888 RCX: 0000000000040000 [ 191.816001][ T6886] RDX: ffffc90003d59000 RSI: 000000000003ffff RDI: 0000000000040000 [ 191.823816][ T6886] RBP: ffffc90007fa77e0 R08: ffffffff8198105e R09: fffffbfff0f6d8fd [ 191.831625][ T6886] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f00000 [ 191.839437][ T6886] R13: 009131435ede0010 R14: 04898a1af6f00083 R15: 048a01990000002b [ 191.847247][ T6886] FS: 00007f05226336c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 191.856012][ T6886] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.862435][ T6886] CR2: fffffffff0000000 CR3: 000000012fbb8000 CR4: 00000000003506a0 [ 191.870249][ T6886] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.878057][ T6886] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 191.885870][ T6886] Call Trace: [ 191.888995][ T6886] [ 191.891775][ T6886] ? __die_body+0x62/0xb0 [ 191.895938][ T6886] ? die_addr+0x9f/0xd0 [ 191.899931][ T6886] ? exc_general_protection+0x317/0x4c0 [ 191.905316][ T6886] ? __kasan_check_write+0x14/0x20 [ 191.910258][ T6886] ? cpu_map_enqueue+0xb4/0x370 [ 191.914945][ T6886] ? asm_exc_general_protection+0x27/0x30 [ 191.920502][ T6886] ? cpu_map_enqueue+0xce/0x370 [ 191.925187][ T6886] ? cpu_map_enqueue+0x113/0x370 [ 191.929961][ T6886] ? cpu_map_enqueue+0xdc/0x370 [ 191.934650][ T6886] xdp_do_redirect+0x5b0/0xc60 [ 191.939250][ T6886] tun_xdp_act+0xdb/0xc00 [ 191.943415][ T6886] ? __kasan_check_write+0x14/0x20 [ 191.948359][ T6886] ? finish_task_switch+0x207/0x7b0 [ 191.953393][ T6886] ? tun_flow_update+0x560/0x560 [ 191.958167][ T6886] ? copy_page_from_iter+0x23b/0x2b0 [ 191.963290][ T6886] tun_get_user+0xb35/0x3a90 [ 191.967719][ T6886] ? release_firmware_map_entry+0x141/0x191 [ 191.973443][ T6886] ? tun_get_user+0x7e6/0x3a90 [ 191.978044][ T6886] ? tun_do_read+0x2000/0x2000 [ 191.982645][ T6886] ? ref_tracker_alloc+0x31d/0x450 [ 191.987595][ T6886] ? futex_wait_setup+0x330/0x330 [ 191.992452][ T6886] ? avc_policy_seqno+0x1b/0x70 [ 191.997139][ T6886] ? tun_get+0xe9/0x120 [ 192.001153][ T6886] tun_chr_write_iter+0x129/0x210 [ 192.005991][ T6886] vfs_write+0x902/0xeb0 [ 192.010072][ T6886] ? file_end_write+0x1c0/0x1c0 [ 192.014757][ T6886] ? do_futex+0x55a/0x9a0 [ 192.018928][ T6886] ? __fget_files+0x2cb/0x330 [ 192.023437][ T6886] ? __fdget_pos+0x204/0x390 [ 192.027862][ T6886] ? ksys_write+0x77/0x2c0 [ 192.032114][ T6886] ksys_write+0x199/0x2c0 [ 192.036281][ T6886] ? __ia32_sys_read+0x90/0x90 [ 192.041027][ T6886] ? fpregs_restore_userregs+0x130/0x290 [ 192.046459][ T6886] __x64_sys_write+0x7b/0x90 [ 192.050885][ T6886] x64_sys_call+0x2f/0x9a0 [ 192.055136][ T6886] do_syscall_64+0x3b/0xb0 [ 192.059388][ T6886] ? clear_bhb_loop+0x55/0xb0 [ 192.063902][ T6886] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 192.069631][ T6886] RIP: 0033:0x7f052177c9df [ 192.073885][ T6886] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 192.093327][ T6886] RSP: 002b:00007f0522633000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 192.101570][ T6886] RAX: ffffffffffffffda RBX: 00007f0521935f80 RCX: 00007f052177c9df [ 192.109380][ T6886] RDX: 0000000000000066 RSI: 0000000020000900 RDI: 00000000000000c8 [ 192.117191][ T6886] RBP: 00007f05217f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 192.125003][ T6886] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000000 [ 192.132816][ T6886] R13: 0000000000000000 R14: 00007f0521935f80 R15: 00007ffd031a69a8 [ 192.140634][ T6886] [ 192.143506][ T6886] Modules linked in: [ 192.147283][ T6886] ---[ end trace 0000000000000000 ]--- [ 192.152526][ T6886] RIP: 0010:cpu_map_enqueue+0x113/0x370 [ 192.157938][ T6886] Code: e8 03 42 80 3c 30 00 74 08 48 89 df e8 96 c9 24 00 4c 8b 23 4f 8d 74 3c 58 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 44 05 00 84 c0 0f 85 a8 01 00 00 4d 01 fc 41 8b 1e bf 08 [ 192.177372][ T6886] RSP: 0018:ffffc90007fa77a8 EFLAGS: 00010202 [ 192.183242][ T6886] RAX: dffffc0000000000 RBX: ffffffff86743888 RCX: 0000000000040000 [ 192.191074][ T6886] RDX: ffffc90003d59000 RSI: 000000000003ffff RDI: 0000000000040000 [ 192.198882][ T6886] RBP: ffffc90007fa77e0 R08: ffffffff8198105e R09: fffffbfff0f6d8fd [ 192.206679][ T6886] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f00000 [ 192.214516][ T6886] R13: 009131435ede0010 R14: 04898a1af6f00083 R15: 048a01990000002b [ 192.222339][ T6886] FS: 00007f05226336c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 192.231072][ T636] usb 2-1: Using ep0 maxpacket: 16 [ 192.236012][ T6886] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.242469][ T6886] CR2: fffffffff0000000 CR3: 000000012fbb8000 CR4: 00000000003506a0 [ 192.250250][ T6886] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 192.258091][ T6886] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 192.265899][ T6886] Kernel panic - not syncing: Fatal exception in interrupt [ 192.273123][ T6886] Kernel Offset: disabled [ 192.277252][ T6886] Rebooting in 86400 seconds..