last executing test programs: 3.202751097s ago: executing program 1 (id=451): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9000000000010104000000000000000002000000240001801400018008000100e000000108000200ac1414000c000280050001000000000024"], 0x90}}, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000280)={0x24, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c004}, 0x4000800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="702300001d00"], 0x2370}, 0x1, 0x0, 0x0, 0x8800}, 0x20048104) 3.12547017s ago: executing program 1 (id=455): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x7, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x89f9b000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x7]}, 0x8) 2.924223016s ago: executing program 1 (id=458): r0 = socket(0x10, 0x3, 0x0) syz_emit_ethernet(0x86, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000088a800008100000086dd605f106000482f00fe880000000000000000000000000101ff020000000000000000000000000001242088a80000000000000800000086dd0001000608"], 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x800, 0x0, 0x0, 0xfffffffe}, 0x10) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e0001"], 0x1c}, 0x1, 0x0, 0x0, 0x4040084}, 0x0) 2.923916176s ago: executing program 1 (id=459): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)={0x120, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x10}, [@CTA_EXPECT_NAT={0x84, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_TUPLE={0x6c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x2c}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_NAT={0x88, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000c40)="120000001200e7ef007b0000000000faffa0", 0x12, 0x8800, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 2.915560267s ago: executing program 1 (id=461): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000540b4550182195f51584b3"], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) 2.020174675s ago: executing program 3 (id=484): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000800)={r2, &(0x7f0000000680)="550797705d13c339b8", &(0x7f0000000780)=""/107}, 0x20) 2.019994186s ago: executing program 3 (id=485): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6, 0x0, 0x4}]}) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x11) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0502103, &(0x7f0000000180)={0x0, 0xfff, 0x100fe}) 1.993266426s ago: executing program 0 (id=486): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0xe22, 0x9, @ipv4={'\x00', '\xff\xff', @empty}, 0x10000}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 1.965962107s ago: executing program 0 (id=487): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x17ef, 0x60b5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x8, "", [{{0x9, 0x4, 0x0, 0x20, 0x9, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x2, 0xd, 0x1, {0x22, 0x1f}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) write$binfmt_register(0xffffffffffffffff, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x1, 0x3a, 'usrjquota=', 0x3a, '\x00\x03!\f\xee\x998r~\b\x13\x89\xae\xf1\x06hz\xcc\xd6\xbb\xb8\x19\x90\x9e\xdb\xa2F\xfa_F(\x05\b\x13\x82\x12\xad\x0f^\xdc\xf2\xb5', 0x3a, './file2'}, 0x5b) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.127828874s ago: executing program 1 (id=494): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904"], 0x0) syz_usb_disconnect(r0) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x12, &(0x7f0000000000)=@conn_svc_rsp={0x0, 0x0, 0xa, "1c565cfc", {0x3, 0x100, 0x0, 0x2, 0x0, 0x4, 0x7}}) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110014a696d4003041060"], 0x0) 1.127749434s ago: executing program 3 (id=495): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, &(0x7f0000004f40)=[{{0x0, 0x0, 0x0}, 0x9c}, {{0x0, 0x0, 0x0}, 0x7fff}], 0x2, 0x2, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$inet(r0, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) 1.068583346s ago: executing program 3 (id=496): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_buf(r0, 0x0, 0x29, 0x0, 0x0) 820.390304ms ago: executing program 3 (id=497): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x92, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x5c, 0x6, 0x1, @empty, @local, {[], {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x17, 0x2, 0x0, 0x0, 0xd, {[@exp_smc={0xfe, 0x6}, @generic={0x8, 0x2}, @mss={0x2, 0x4, 0x800}, @timestamp={0x8, 0xa, 0x4, 0xad}, @md5sig={0x13, 0x12, "8098cf093cc9cd7b8ec814f9bcfdfea9"}, @sack={0x5, 0x1e, [0xff, 0xfffffffe, 0x3, 0x1000006, 0x1, 0x10001, 0xeeba]}]}}}}}}}}, 0x0) 791.957314ms ago: executing program 3 (id=498): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x334ecc4b, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmsg$inet(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000800)=[{0x0, 0x45}, {&(0x7f0000002340)="6511", 0x2}], 0x2}, 0x4000604) 339.961829ms ago: executing program 2 (id=512): r0 = socket(0x10, 0x3, 0x0) close(0x3) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NFT_BATCH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x10) 337.461469ms ago: executing program 2 (id=513): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x65, 0x0, 0x0, 0x1, 0x0, @private, @broadcast}, @echo_reply={0xe0}}}}}, 0x0) 325.78348ms ago: executing program 2 (id=514): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000400)={@link_local, @random="ac00", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x100, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xc773, 0x7}}}}}}, 0x0) 313.99653ms ago: executing program 2 (id=515): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x6, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r1, 0x2000000, 0x10, 0x0, &(0x7f0000000000)="c9f7b986000000000b0000dae0793739", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 279.576851ms ago: executing program 0 (id=517): syz_mount_image$ext4(&(0x7f0000000680)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000580)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x3}}, {@norecovery}, {@noinit_itable}, {@init_itable_val={'init_itable', 0x3d, 0x1}}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1") chdir(&(0x7f0000000400)='./file0\x00') setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000000), 0x24, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) 228.217003ms ago: executing program 4 (id=518): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001300010025bd7000fedbdf2500000000", @ANYRES32=r2, @ANYBLOB="242400002019000008001300", @ANYRES32=r1, @ANYBLOB="140003006d61638ecaf90b"], 0x3c}, 0x1, 0x0, 0x0, 0xc0008c1}, 0x20048000) 228.012313ms ago: executing program 2 (id=519): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff7}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)='%-010d \x00'}, 0x20) bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc) 210.685923ms ago: executing program 2 (id=520): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x49, &(0x7f0000000600), 0x2a) 156.087255ms ago: executing program 4 (id=521): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r1, 0xffffffffffffffff, 0x2) openat$cgroup_int(r0, &(0x7f0000000200)='memory.swap.max\x00', 0x2, 0x0) 96.206737ms ago: executing program 4 (id=522): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000001000/0x3000)=nil, 0x30000, 0x0, 0x11, r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x12, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x100}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@jmp={0x5, 0x1, 0x1, 0xa, 0xa, 0xfffffffffffffff5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2074, 0x0, 0x0, 0x0, 0x5e09}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0x100a, &(0x7f00000009c0)=""/4106, 0x41100, 0xc}, 0x94) 96.063567ms ago: executing program 4 (id=523): unshare(0x24020400) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r0, 0x107, 0x16, 0x0, 0x0) 89.001747ms ago: executing program 0 (id=524): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file7\x00', 0x1ac) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x1) 74.964428ms ago: executing program 4 (id=525): setresuid(0xee01, 0xee01, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x44}) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000340)={[0xfffffffffffffffd]}, 0x8, 0x800) utimensat(r0, 0x0, 0x0, 0x0) 230.23µs ago: executing program 0 (id=526): unshare(0x6020400) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6}, 0x10) 101.91µs ago: executing program 4 (id=527): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f00000001c0)={0x1, 0x0, [{0x40000070, 0x0, 0x100000001}]}) 0s ago: executing program 0 (id=528): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000300)="0f4f53") kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts. [ 23.709539][ T28] audit: type=1400 audit(1781143365.450:64): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.712986][ T279] cgroup: Unknown subsys name 'net' [ 23.732218][ T28] audit: type=1400 audit(1781143365.450:65): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.759554][ T28] audit: type=1400 audit(1781143365.480:66): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.760014][ T279] cgroup: Unknown subsys name 'devices' [ 23.899199][ T279] cgroup: Unknown subsys name 'hugetlb' [ 23.904822][ T279] cgroup: Unknown subsys name 'rlimit' [ 24.010476][ T28] audit: type=1400 audit(1781143365.750:67): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.033707][ T28] audit: type=1400 audit(1781143365.750:68): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 24.058688][ T28] audit: type=1400 audit(1781143365.750:69): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 24.068090][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 24.090623][ T28] audit: type=1400 audit(1781143365.830:70): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.112693][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.116312][ T28] audit: type=1400 audit(1781143365.830:71): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.150384][ T28] audit: type=1400 audit(1781143365.830:72): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.175958][ T28] audit: type=1400 audit(1781143365.830:73): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.965794][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.973205][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.980783][ T287] device bridge_slave_0 entered promiscuous mode [ 24.989289][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.996342][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.004067][ T287] device bridge_slave_1 entered promiscuous mode [ 25.054922][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.062022][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.069553][ T288] device bridge_slave_0 entered promiscuous mode [ 25.078196][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.086046][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.093941][ T288] device bridge_slave_1 entered promiscuous mode [ 25.143057][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.150179][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.157674][ T290] device bridge_slave_0 entered promiscuous mode [ 25.184396][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.191673][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.199236][ T289] device bridge_slave_0 entered promiscuous mode [ 25.205932][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.213020][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.220479][ T290] device bridge_slave_1 entered promiscuous mode [ 25.234316][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.241514][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.249281][ T289] device bridge_slave_1 entered promiscuous mode [ 25.276138][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.283231][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.291195][ T291] device bridge_slave_0 entered promiscuous mode [ 25.302062][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.309161][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.316655][ T291] device bridge_slave_1 entered promiscuous mode [ 25.500175][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.507270][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.514596][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.521674][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.531377][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.538452][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.545756][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.552842][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.583615][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.590711][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.598032][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.605341][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.626394][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.633481][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.640789][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.647858][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.671835][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.679682][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.687128][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.694325][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.702356][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.709689][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.717027][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.724215][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.732982][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.740509][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.762127][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.769809][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.777490][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.785646][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.792724][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.812694][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.821251][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.829521][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.836576][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.844611][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.852934][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.861174][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.868219][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.875669][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.884087][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.891137][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.898703][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.914347][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.922636][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.929726][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.938269][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.945735][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.979651][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.987895][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.994923][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.003213][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.011419][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.019821][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.026920][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.034290][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.042582][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.049638][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.057144][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.064680][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.072906][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.081180][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.092624][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.101209][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.109425][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.116554][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.124089][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.132782][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.141022][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.148119][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.168842][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.177181][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.185232][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.193619][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.201840][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.210202][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.218402][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.226971][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.234989][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.243788][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.252183][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.260432][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.273828][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.282316][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.295769][ T287] device veth0_vlan entered promiscuous mode [ 26.307345][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.315327][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.323477][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.332000][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.343171][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.351028][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.362676][ T287] device veth1_macvtap entered promiscuous mode [ 26.373672][ T288] device veth0_vlan entered promiscuous mode [ 26.380820][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.389412][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.397894][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.405498][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.413791][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.422033][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.430100][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.438369][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.445881][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.453636][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.461218][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.474422][ T290] device veth0_vlan entered promiscuous mode [ 26.487198][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.495585][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.504064][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.512732][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.521353][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.529783][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.540681][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.549146][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.564036][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.572070][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.584951][ T289] device veth0_vlan entered promiscuous mode [ 26.594255][ T291] device veth0_vlan entered promiscuous mode [ 26.602338][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.609994][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.617830][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.625727][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.634046][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.642357][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.650709][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.658389][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.671773][ T288] device veth1_macvtap entered promiscuous mode [ 26.682012][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 26.693486][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.701461][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.709890][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.719426][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.727674][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.737713][ T289] device veth1_macvtap entered promiscuous mode [ 26.755926][ T291] device veth1_macvtap entered promiscuous mode [ 26.769011][ T290] device veth1_macvtap entered promiscuous mode [ 26.780561][ T310] loop3: detected capacity change from 0 to 512 [ 26.784879][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.794969][ T310] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 26.805551][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.813994][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.822711][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.831881][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.840666][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.841469][ T310] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 26.851060][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.867837][ T310] EXT4-fs error (device loop3): ext4_acquire_dquot:6828: comm syz.3.4: Failed to acquire dquot type 1 [ 26.873417][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.883328][ T310] EXT4-fs (loop3): 1 truncate cleaned up [ 26.891740][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.895690][ T310] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 26.904814][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.920755][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.929493][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.938052][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.953507][ T310] EXT4-fs error (device loop3): ext4_acquire_dquot:6828: comm syz.3.4: Failed to acquire dquot type 1 [ 26.976340][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.985180][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.985358][ T310] syz.3.4 (310) used greatest stack depth: 22312 bytes left [ 27.000311][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.009866][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.013268][ T287] EXT4-fs (loop3): unmounting filesystem. [ 27.020686][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.038651][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.045456][ T317] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.047663][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.071443][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.157524][ T327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 27.201271][ T332] loop4: detected capacity change from 0 to 256 [ 27.228764][ T331] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 27.248290][ T331] FAT-fs (loop4): Filesystem has been set read-only [ 27.280632][ T341] loop3: detected capacity change from 0 to 512 [ 27.347299][ T341] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 27.404536][ T287] EXT4-fs (loop3): unmounting filesystem. [ 27.437176][ T320] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.497226][ T366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23'. [ 27.522038][ T366] netlink: 24 bytes leftover after parsing attributes in process `syz.1.23'. [ 27.557725][ T375] mmap: syz.1.27 (375) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 27.631124][ T383] loop3: detected capacity change from 0 to 128 [ 27.638472][ T320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.655585][ T320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.689933][ T385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.32'. [ 27.699670][ T320] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 27.732874][ T320] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 27.742445][ T320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.777783][ T320] usb 1-1: config 0 descriptor?? [ 28.054937][ T409] loop1: detected capacity change from 0 to 256 [ 28.069658][ T409] exfat: Deprecated parameter 'utf8' [ 28.078568][ T409] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 28.188843][ T417] loop1: detected capacity change from 0 to 512 [ 28.215167][ T417] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.47: dx entry: limit 0 != root limit 125 [ 28.229052][ T320] plantronics 0003:047F:FFFF.0001: collection stack underflow [ 28.240536][ T320] plantronics 0003:047F:FFFF.0001: item 0 4 0 12 parsing failed [ 28.256960][ T320] plantronics 0003:047F:FFFF.0001: parse failed [ 28.263296][ T417] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.47: Corrupt directory, running e2fsck is recommended [ 28.270706][ T422] syz.3.49[422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.276073][ T422] syz.3.49[422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.283365][ T320] plantronics: probe of 0003:047F:FFFF.0001 failed with error -22 [ 28.296041][ T417] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 28.322166][ T424] loop4: detected capacity change from 0 to 256 [ 28.349142][ T417] EXT4-fs error (device loop1): ext4_iget_extra_inode:4765: inode #15: comm syz.1.47: corrupted in-inode xattr [ 28.389939][ T417] EXT4-fs (loop1): Remounting filesystem read-only [ 28.396770][ T417] EXT4-fs error (device loop1): ext4_orphan_get:1410: comm syz.1.47: couldn't read orphan inode 15 (err -117) [ 28.418899][ T417] EXT4-fs (loop1): Remounting filesystem read-only [ 28.435687][ T417] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 28.449482][ T320] usb 1-1: USB disconnect, device number 2 [ 28.519028][ T288] EXT4-fs (loop1): unmounting filesystem. [ 28.554791][ T431] loop1: detected capacity change from 0 to 1024 [ 28.571879][ T431] EXT4-fs: Ignoring removed orlov option [ 28.628867][ T431] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 28.661687][ T431] overlayfs: invalid origin (0000) [ 28.717335][ T28] kauditd_printk_skb: 91 callbacks suppressed [ 28.717352][ T28] audit: type=1400 audit(1781143370.460:159): avc: denied { unlink } for pid=288 comm="syz-executor" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.747050][ T288] EXT4-fs (loop1): unmounting filesystem. [ 28.766990][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.786304][ T28] audit: type=1400 audit(1781143370.460:160): avc: denied { unlink } for pid=288 comm="syz-executor" name="file1" dev="loop1" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 28.836803][ T28] audit: type=1400 audit(1781143370.460:161): avc: denied { rmdir } for pid=288 comm="syz-executor" name="work" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 28.885135][ T394] loop2: detected capacity change from 0 to 131072 [ 28.893035][ T28] audit: type=1400 audit(1781143370.630:162): avc: denied { read write } for pid=438 comm="syz.1.56" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 28.905846][ T394] F2FS-fs (loop2): invalid crc value [ 28.946758][ T28] audit: type=1400 audit(1781143370.630:163): avc: denied { open } for pid=438 comm="syz.1.56" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 28.977895][ T24] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 28.992349][ T394] F2FS-fs (loop2): Found nat_bits in checkpoint [ 28.994391][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.017488][ T24] usb 4-1: config 0 descriptor?? [ 29.054576][ T28] audit: type=1400 audit(1781143370.790:164): avc: denied { create } for pid=445 comm="syz.1.58" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.104177][ T28] audit: type=1400 audit(1781143370.810:165): avc: denied { connect } for pid=445 comm="syz.1.58" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.136784][ T394] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 29.146757][ T28] audit: type=1400 audit(1781143370.810:166): avc: denied { setopt } for pid=445 comm="syz.1.58" laddr=::1 lport=1 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.196794][ T28] audit: type=1400 audit(1781143370.810:167): avc: denied { write } for pid=445 comm="syz.1.58" laddr=::1 lport=1 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.246865][ T28] audit: type=1400 audit(1781143370.920:168): avc: denied { write } for pid=448 comm="syz.1.59" name="file0" dev="tmpfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 29.335570][ T444] loop0: detected capacity change from 0 to 40427 [ 29.364227][ T444] F2FS-fs (loop0): invalid crc value [ 29.377858][ T444] F2FS-fs (loop0): Found nat_bits in checkpoint [ 29.467786][ T444] F2FS-fs (loop0): Start checkpoint disabled! [ 29.488572][ T444] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 29.506817][ T444] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 29.587934][ T427] F2FS-fs (loop4): Invalid log sectorsize (0) [ 29.594911][ T427] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 29.614137][ T427] F2FS-fs (loop4): invalid crc value [ 29.664164][ T427] F2FS-fs (loop4): Found nat_bits in checkpoint [ 29.675253][ T10] kworker/u4:1: attempt to access beyond end of device [ 29.675253][ T10] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 29.699859][ T10] kworker/u4:1: attempt to access beyond end of device [ 29.699859][ T10] loop0: rw=2049, sector=40976, nr_sectors = 8 limit=40427 [ 29.779752][ T427] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 29.790503][ T427] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 29.828283][ T24] usb 4-1: Cannot set autoneg [ 29.833079][ T24] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 29.858602][ T24] usb 4-1: USB disconnect, device number 2 [ 30.226216][ T488] loop0: p3 < > p4 < > [ 30.231610][ T488] loop0: partition table partially beyond EOD, truncated [ 30.243367][ T488] loop0: p3 start 4284289 is beyond EOD, truncated [ 30.255621][ T103] loop0: p3 < > p4 < > [ 30.262122][ T103] loop0: partition table partially beyond EOD, truncated [ 30.279501][ T103] loop0: p3 start 4284289 is beyond EOD, truncated [ 30.300936][ T338] udevd[338]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 30.337332][ T338] udevd[338]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 30.352777][ T503] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport unix [ 30.397910][ T509] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 30.428099][ T509] EXT4-fs (loop3): 1 truncate cleaned up [ 30.439835][ T509] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 30.459973][ T509] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.82: invalid indirect mapped block 4294901760 (level 0) [ 30.474705][ T509] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.82: invalid indirect mapped block 4294967295 (level 1) [ 30.497649][ T287] EXT4-fs (loop3): unmounting filesystem. [ 30.528527][ T519] exfat: Deprecated parameter 'utf8' [ 30.534089][ T519] exfat: Deprecated parameter 'utf8' [ 30.546491][ T519] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x8dfd24ac, utbl_chksum : 0xe619d30d) [ 30.617210][ T521] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.633949][ T528] exfat: Deprecated parameter 'utf8' [ 30.648358][ T521] EXT4-fs (loop4): Test dummy encryption mode enabled [ 30.656078][ T528] exfat: Deprecated parameter 'utf8' [ 30.667883][ T521] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 30.687286][ T528] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 30.701722][ T289] EXT4-fs (loop4): unmounting filesystem. [ 30.776742][ T319] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.827545][ T544] ======================================================= [ 30.827545][ T544] WARNING: The mand mount option has been deprecated and [ 30.827545][ T544] and is ignored by this kernel. Remove the mand [ 30.827545][ T544] option from the mount to silence this warning. [ 30.827545][ T544] ======================================================= [ 30.969829][ T319] usb 3-1: config 0 has no interfaces? [ 30.977870][ T319] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 30.987427][ T319] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.995479][ T319] usb 3-1: Product: syz [ 30.999751][ T319] usb 3-1: Manufacturer: syz [ 31.004497][ T319] usb 3-1: SerialNumber: syz [ 31.011111][ T319] usb 3-1: config 0 descriptor?? [ 31.121526][ T569] netlink: 12 bytes leftover after parsing attributes in process `syz.1.107'. [ 31.164957][ T573] netlink: 20 bytes leftover after parsing attributes in process `syz.3.109'. [ 31.226894][ T320] usb 3-1: USB disconnect, device number 2 [ 31.233642][ T578] netlink: 'syz.0.111': attribute type 1 has an invalid length. [ 31.277519][ T582] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 31.347645][ T587] EXT4-fs: Ignoring removed bh option [ 31.367190][ T587] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 31.388475][ T571] F2FS-fs (loop1): invalid crc value [ 31.395899][ T587] EXT4-fs (loop0): 1 truncate cleaned up [ 31.396580][ T571] F2FS-fs (loop1): Found nat_bits in checkpoint [ 31.409859][ T587] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 31.425037][ T587] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.115: bg 0: block 465: padding at end of block bitmap is not set [ 31.439785][ T587] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 31.452590][ T587] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.452590][ T587] [ 31.463173][ T587] EXT4-fs (loop0): Total free blocks count 0 [ 31.469434][ T587] EXT4-fs (loop0): Free/Dirty block details [ 31.475518][ T587] EXT4-fs (loop0): free_blocks=0 [ 31.480782][ T587] EXT4-fs (loop0): dirty_blocks=2 [ 31.485969][ T587] EXT4-fs (loop0): Block reservation details [ 31.493375][ T587] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 31.510380][ T587] syz.0.115 (587) used greatest stack depth: 22256 bytes left [ 31.513477][ T290] EXT4-fs (loop0): unmounting filesystem. [ 31.534176][ T571] F2FS-fs (loop1): Start checkpoint disabled! [ 31.540812][ T571] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 31.548461][ T571] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 31.589094][ T599] xt_hashlimit: size too large, truncated to 1048576 [ 31.656750][ T40] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 31.789484][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.789484][ T308] loop1: rw=1, sector=77824, nr_sectors = 8 limit=40427 [ 31.804173][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.804173][ T308] loop1: rw=1, sector=77840, nr_sectors = 32 limit=40427 [ 31.819401][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.819401][ T308] loop1: rw=1, sector=77888, nr_sectors = 16 limit=40427 [ 31.838974][ T40] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 31.843203][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.843203][ T308] loop1: rw=1, sector=77928, nr_sectors = 24 limit=40427 [ 31.875414][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.875414][ T308] loop1: rw=1, sector=77976, nr_sectors = 16 limit=40427 [ 31.880380][ T40] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 31.891937][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.891937][ T308] loop1: rw=1, sector=78024, nr_sectors = 16 limit=40427 [ 31.916003][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.916003][ T308] loop1: rw=1, sector=78072, nr_sectors = 8 limit=40427 [ 31.921480][ T40] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 31.944647][ T308] kworker/u4:3: attempt to access beyond end of device [ 31.944647][ T308] loop1: rw=1, sector=78112, nr_sectors = 16 limit=40427 [ 31.988260][ T40] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 31.996337][ T40] usb 4-1: SerialNumber: syz [ 32.004524][ T613] set_capacity_and_notify: 10 callbacks suppressed [ 32.004542][ T613] loop4: detected capacity change from 0 to 256 [ 32.038571][ T613] exfat: Deprecated parameter 'utf8' [ 32.235566][ T40] usb 4-1: 0:2 : does not exist [ 32.251997][ T40] usb 4-1: USB disconnect, device number 3 [ 32.349468][ T634] loop0: detected capacity change from 0 to 256 [ 32.369026][ T634] exfat: Deprecated parameter 'utf8' [ 32.385186][ T634] exfat: Deprecated parameter 'namecase' [ 32.398502][ T634] exfat: Deprecated parameter 'utf8' [ 32.409619][ T636] Driver unsupported XDP return value 0 on prog (id 18) dev N/A, expect packet loss! [ 32.417557][ T634] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x989923e7, utbl_chksum : 0xe619d30d) [ 32.502378][ T638] loop2: detected capacity change from 0 to 512 [ 32.515367][ T640] loop0: detected capacity change from 0 to 128 [ 32.534611][ T642] loop4: detected capacity change from 0 to 1024 [ 32.572522][ T638] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 32.581933][ T638] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.600660][ T642] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #3: block 2: comm syz.4.138: lblock 2 mapped to illegal pblock 2 (length 1) [ 32.640345][ T291] EXT4-fs (loop2): unmounting filesystem. [ 32.646220][ T642] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #3: block 48: comm syz.4.138: lblock 0 mapped to illegal pblock 48 (length 1) [ 32.680617][ T642] EXT4-fs error (device loop4): ext4_acquire_dquot:6828: comm syz.4.138: Failed to acquire dquot type 0 [ 32.698264][ T642] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5954: Corrupt filesystem [ 32.715183][ T649] input: syz0 as /devices/virtual/input/input4 [ 32.728155][ T642] EXT4-fs error (device loop4): ext4_evict_inode:281: inode #11: comm syz.4.138: mark_inode_dirty error [ 32.774196][ T642] EXT4-fs warning (device loop4): ext4_evict_inode:284: couldn't mark inode dirty (err -117) [ 32.806816][ T642] EXT4-fs (loop4): 1 orphan inode deleted [ 32.830612][ T10] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 32.849763][ T642] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 32.859889][ T10] EXT4-fs error (device loop4): ext4_release_dquot:6864: comm kworker/u4:1: Failed to release dquot type 0 [ 32.906667][ T642] EXT4-fs (loop4): re-mounted. Quota mode: none. [ 32.922368][ T642] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 32.957498][ T642] EXT4-fs error (device loop4): ext4_map_blocks:637: inode #3: block 48: comm syz.4.138: lblock 0 mapped to illegal pblock 48 (length 1) [ 32.984202][ T642] EXT4-fs (loop4): re-mounted. Quota mode: none. [ 33.009448][ T289] EXT4-fs (loop4): unmounting filesystem. [ 33.368047][ T690] loop1: detected capacity change from 0 to 40427 [ 33.452262][ T717] loop1: detected capacity change from 0 to 4096 [ 33.476238][ T717] EXT4-fs (loop1): Test dummy encryption mode enabled [ 33.496348][ T717] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 33.526984][ T717] EXT4-fs error (device loop1): ext4_do_update_inode:5281: inode #15: comm syz.1.169: corrupted inode contents [ 33.536833][ T40] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 33.547457][ T717] EXT4-fs error (device loop1): ext4_dirty_inode:6158: inode #15: comm syz.1.169: mark_inode_dirty error [ 33.570922][ T717] EXT4-fs error (device loop1): ext4_do_update_inode:5281: inode #15: comm syz.1.169: corrupted inode contents [ 33.605898][ T723] EXT4-fs (loop1): shut down requested (1) [ 33.606251][ T717] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #15: comm syz.1.169: mark_inode_dirty error [ 33.699579][ T717] syz.1.169 (717) used greatest stack depth: 22144 bytes left [ 33.742228][ T288] EXT4-fs (loop1): unmounting filesystem. [ 33.748971][ T308] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 33.749896][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 33.765154][ T308] __quota_error: 72 callbacks suppressed [ 33.765189][ T308] Quota error (device loop1): write_blk: dquota write failed [ 33.774167][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 33.786494][ T308] Quota error (device loop1): free_dqentry: Can't write quota data block 5 [ 33.796522][ T40] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 33.811710][ T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.823925][ T40] usb 1-1: config 0 descriptor?? [ 33.977905][ T706] loop2: detected capacity change from 0 to 131072 [ 33.992683][ T706] F2FS-fs (loop2): invalid crc value [ 34.022493][ T706] F2FS-fs (loop2): Found nat_bits in checkpoint [ 34.104256][ T706] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 34.135983][ T28] audit: type=1400 audit(1781143375.870:237): avc: denied { bind } for pid=745 comm="syz.4.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 34.176012][ T28] audit: type=1400 audit(1781143375.900:238): avc: denied { write } for pid=745 comm="syz.4.180" path="socket:[17108]" dev="sockfs" ino=17108 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 34.188209][ T706] F2FS-fs (loop2): Corrupted max_depth of 3: 16842753 [ 34.231894][ T705] F2FS-fs (loop2): dec_valid_node_count: inconsistent i_blocks, ino:7, iblocks:0 [ 34.242326][ T40] isku 0003:1E7D:319C.0002: global environment stack underflow [ 34.261783][ T40] isku 0003:1E7D:319C.0002: item 0 2 1 11 parsing failed [ 34.291419][ T40] isku 0003:1E7D:319C.0002: parse failed [ 34.305225][ T40] isku: probe of 0003:1E7D:319C.0002 failed with error -22 [ 34.389371][ T753] loop1: detected capacity change from 0 to 4096 [ 34.409074][ T753] EXT4-fs: Ignoring removed bh option [ 34.433033][ T753] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 34.463025][ T319] usb 1-1: USB disconnect, device number 3 [ 34.502223][ T288] EXT4-fs (loop1): unmounting filesystem. [ 34.639221][ T771] capability: warning: `syz.3.190' uses deprecated v2 capabilities in a way that may be insecure [ 34.685292][ T28] audit: type=1400 audit(1781143376.420:239): avc: denied { read write } for pid=772 comm="syz.1.191" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 34.715761][ T28] audit: type=1400 audit(1781143376.450:240): avc: denied { open } for pid=772 comm="syz.1.191" path="/dev/uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 34.825187][ T28] audit: type=1400 audit(1781143376.560:241): avc: denied { listen } for pid=782 comm="syz.1.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 34.993399][ T28] audit: type=1400 audit(1781143376.730:242): avc: denied { wake_alarm } for pid=794 comm="syz.0.201" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 35.041247][ T798] loop0: detected capacity change from 0 to 256 [ 35.068119][ T798] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 35.086755][ T320] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 35.103556][ T28] audit: type=1400 audit(1781143377.834:243): avc: denied { write } for pid=799 comm="syz.1.203" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 35.146493][ T28] audit: type=1400 audit(1781143377.864:244): avc: denied { append } for pid=797 comm="syz.0.202" name="file1" dev="loop0" ino=1048607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 35.202782][ T803] netlink: 16 bytes leftover after parsing attributes in process `syz.4.204'. [ 35.280126][ T320] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 35.296756][ T319] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 35.307205][ T320] usb 3-1: can't read configurations, error -71 [ 35.402091][ T814] process 'syz.0.209' launched './file0' with NULL argv: empty string added [ 35.512125][ T319] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 35.529029][ T319] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 35.557030][ T319] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 35.607924][ T319] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 35.636725][ T319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.644787][ T319] usb 4-1: Product: syz [ 35.666728][ T319] usb 4-1: Manufacturer: syz [ 35.671392][ T319] usb 4-1: SerialNumber: syz [ 35.700677][ T319] cdc_mbim 4-1:1.0: skipping garbage [ 35.706036][ T319] usb 4-1: selecting invalid altsetting 1 [ 35.803462][ T822] F2FS-fs (loop0): invalid crc value [ 35.838157][ T822] F2FS-fs (loop0): Found nat_bits in checkpoint [ 35.887667][ T835] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 35.953311][ T835] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 35.966131][ T822] F2FS-fs (loop0): Start checkpoint disabled! [ 35.978480][ T822] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 36.006090][ T822] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 36.014938][ T835] EXT4-fs (loop2): 1 truncate cleaned up [ 36.025545][ T835] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 36.106965][ T291] EXT4-fs (loop2): unmounting filesystem. [ 36.165375][ T846] FAT-fs (loop2): Directory bread(block 64) failed [ 36.183311][ T846] FAT-fs (loop2): Directory bread(block 65) failed [ 36.191476][ T846] FAT-fs (loop2): Directory bread(block 66) failed [ 36.215244][ T846] FAT-fs (loop2): Directory bread(block 67) failed [ 36.222209][ T846] FAT-fs (loop2): Directory bread(block 68) failed [ 36.229164][ T846] FAT-fs (loop2): Directory bread(block 69) failed [ 36.235815][ T846] FAT-fs (loop2): Directory bread(block 70) failed [ 36.256003][ T846] FAT-fs (loop2): Directory bread(block 71) failed [ 36.262887][ T846] FAT-fs (loop2): Directory bread(block 72) failed [ 36.286966][ T846] FAT-fs (loop2): Directory bread(block 73) failed [ 36.306419][ T319] cdc_mbim 4-1:1.0: SET_CRC_MODE failed [ 36.316199][ T319] cdc_mbim 4-1:1.0: SET_NTB_FORMAT failed [ 36.344924][ T854] FAT-fs (loop4): Directory bread(block 1285) failed [ 36.346901][ T319] usb 4-1: selecting invalid altsetting 1 [ 36.362300][ T854] FAT-fs (loop4): Directory bread(block 1286) failed [ 36.376803][ T319] cdc_mbim 4-1:1.0: bind() failure [ 36.377291][ T854] FAT-fs (loop4): Directory bread(block 1287) failed [ 36.392317][ T319] usb 4-1: USB disconnect, device number 4 [ 36.428555][ T854] FAT-fs (loop4): Directory bread(block 1288) failed [ 36.435715][ T308] bio_check_eod: 2653 callbacks suppressed [ 36.435731][ T308] kworker/u4:3: attempt to access beyond end of device [ 36.435731][ T308] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 36.457346][ T854] FAT-fs (loop4): Directory bread(block 1289) failed [ 36.464084][ T854] FAT-fs (loop4): Directory bread(block 1290) failed [ 36.470996][ T854] FAT-fs (loop4): Directory bread(block 1291) failed [ 36.477910][ T854] FAT-fs (loop4): Directory bread(block 1292) failed [ 36.497456][ T854] FAT-fs (loop4): Directory bread(block 1293) failed [ 36.513936][ T854] FAT-fs (loop4): Directory bread(block 1294) failed [ 36.662798][ T864] EXT4-fs: Ignoring removed nomblk_io_submit option [ 36.676459][ T866] EXT4-fs (loop0): Test dummy encryption mode enabled [ 36.702407][ T864] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 36.714720][ T866] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2750: inode #11: comm syz.0.231: corrupted xattr block 95 [ 36.745032][ T864] EXT4-fs (loop2): 1 truncate cleaned up [ 36.756800][ T864] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 36.775904][ T866] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2800: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 36.807875][ T866] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.231: bg 0: block 7: invalid block bitmap [ 36.826788][ T866] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 36.842899][ T866] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2916: inode #11: comm syz.0.231: corrupted xattr block 95 [ 36.851207][ T864] EXT4-fs warning (device loop2): ext4_group_add:1743: No reserved GDT blocks, can't resize [ 36.865200][ T866] EXT4-fs warning (device loop0): ext4_evict_inode:301: xattr delete (err -117) [ 36.876917][ T866] EXT4-fs (loop0): 1 orphan inode deleted [ 36.882704][ T866] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 36.958593][ T291] EXT4-fs (loop2): unmounting filesystem. [ 37.078082][ T290] EXT4-fs (loop0): unmounting filesystem. [ 37.095677][ T901] netlink: 7976 bytes leftover after parsing attributes in process `syz.1.248'. [ 37.139703][ T904] set_capacity_and_notify: 7 callbacks suppressed [ 37.139720][ T904] loop2: detected capacity change from 0 to 512 [ 37.157257][ T905] input: syz0 as /devices/virtual/input/input5 [ 37.206538][ T904] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 37.216336][ T904] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.287187][ T919] input: syz1 as /devices/virtual/input/input6 [ 37.334561][ T904] EXT4-fs error (device loop2): ext4_validate_block_bitmap:420: comm syz.2.249: bg 0: bad block bitmap checksum [ 37.433424][ T291] EXT4-fs (loop2): unmounting filesystem. [ 37.442572][ T936] netlink: 68 bytes leftover after parsing attributes in process `syz.0.262'. [ 37.578404][ T953] loop3: detected capacity change from 0 to 2048 [ 37.587224][ T953] EXT4-fs: Ignoring removed i_version option [ 37.624508][ T953] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 37.643410][ T953] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.669552][ T953] fs-verity: sha512 using implementation "sha512-avx2" [ 37.702621][ T287] EXT4-fs (loop3): unmounting filesystem. [ 37.898534][ T981] loop1: detected capacity change from 0 to 512 [ 37.958942][ T981] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 37.978281][ T981] ext4 filesystem being mounted at /67/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 38.087662][ T1000] loop2: detected capacity change from 0 to 256 [ 38.090957][ T288] EXT4-fs (loop1): unmounting filesystem. [ 39.406685][ C0] sched: RT throttling activated [ 39.416535][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 39.416550][ T28] audit: type=1400 audit(1781143382.144:269): avc: denied { mount } for pid=1008 comm="syz.2.292" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 40.420577][ T1013] loop1: detected capacity change from 0 to 128 [ 40.444469][ T1013] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.466956][ T28] audit: type=1400 audit(1781143384.194:270): avc: denied { ioctl } for pid=1020 comm="syz.1.297" path="socket:[19726]" dev="sockfs" ino=19726 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.512874][ T1019] loop3: detected capacity change from 0 to 8192 [ 41.541468][ T1029] loop4: detected capacity change from 0 to 256 [ 41.562669][ T1029] exfat: Deprecated parameter 'utf8' [ 41.568136][ T1029] exfat: Deprecated parameter 'namecase' [ 41.576582][ T28] audit: type=1400 audit(1781143384.314:271): avc: denied { append } for pid=1030 comm="syz.3.302" name="usbmon5" dev="devtmpfs" ino=174 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 41.605566][ T1029] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe6e0c303, utbl_chksum : 0xe619d30d) [ 41.781495][ T1048] loop4: detected capacity change from 0 to 256 [ 41.796853][ T319] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 41.808732][ T1048] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 41.892582][ T1056] loop4: detected capacity change from 0 to 1024 [ 41.900683][ T1056] EXT4-fs: Ignoring removed nomblk_io_submit option [ 41.919371][ T1056] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a001c01c, mo2=0002] [ 41.927947][ T1056] System zones: 0-1, 3-36 [ 41.937649][ T1056] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 41.964052][ T289] EXT4-fs (loop4): unmounting filesystem. [ 41.997829][ T319] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 42.016773][ T319] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 42.034197][ T319] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 42.053782][ T1052] loop2: detected capacity change from 0 to 40427 [ 42.065132][ T319] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 42.074369][ T1052] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 42.074396][ T319] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 42.082340][ T319] usb 2-1: Product: syz [ 42.094624][ T319] usb 2-1: Manufacturer: syz [ 42.099354][ T319] usb 2-1: SerialNumber: syz [ 42.102158][ T1052] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 42.124795][ T1052] F2FS-fs (loop2): invalid crc value [ 42.132025][ T1052] F2FS-fs (loop2): Found nat_bits in checkpoint [ 42.175178][ T1052] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 42.182435][ T1052] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 42.275185][ T28] audit: type=1400 audit(1781143385.004:272): avc: denied { read write } for pid=1070 comm="syz.4.317" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 42.299954][ T28] audit: type=1400 audit(1781143385.004:273): avc: denied { open } for pid=1070 comm="syz.4.317" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 42.337814][ T319] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 42.340334][ T8] kworker/u4:0: attempt to access beyond end of device [ 42.340334][ T8] loop2: rw=1, sector=45096, nr_sectors = 40 limit=40427 [ 42.434771][ T1077] loop3: detected capacity change from 0 to 512 [ 42.537040][ T28] audit: type=1400 audit(1781143385.274:274): avc: denied { read write } for pid=1024 comm="syz.1.299" name="lp0" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 42.581232][ T28] audit: type=1400 audit(1781143385.304:275): avc: denied { open } for pid=1024 comm="syz.1.299" path="/dev/usb/lp0" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 42.632478][ T19] usb 2-1: USB disconnect, device number 2 [ 42.652393][ T19] usblp0: removed [ 42.793220][ T1100] loop3: detected capacity change from 0 to 256 [ 42.804461][ T1083] loop0: detected capacity change from 0 to 40427 [ 42.822485][ T1083] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 42.839384][ T1083] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 42.870321][ T1083] F2FS-fs (loop0): Found nat_bits in checkpoint [ 42.878880][ T339] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 42.891760][ T1100] netlink: 8 bytes leftover after parsing attributes in process `syz.3.329'. [ 42.901802][ T1106] tap0: tun_chr_ioctl cmd 1074025677 [ 42.912916][ T1106] tap0: linktype set to 825 [ 42.948645][ T1109] loop3: detected capacity change from 0 to 256 [ 42.955774][ T1109] exfat: Deprecated parameter 'utf8' [ 42.969013][ T1109] exfat: Deprecated parameter 'utf8' [ 42.974467][ T1109] exfat: Deprecated parameter 'utf8' [ 43.001050][ T1109] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 43.021695][ T1083] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 43.036775][ T1083] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 43.084459][ T28] audit: type=1400 audit(1781143385.814:276): avc: denied { rmdir } for pid=287 comm="syz-executor" name=".index" dev="loop3" ino=1048618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 43.182182][ T1117] loop4: detected capacity change from 0 to 256 [ 43.205010][ T1117] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x68afaf67, utbl_chksum : 0xe619d30d) [ 43.224233][ T1117] syz.4.337: attempt to access beyond end of device [ 43.224233][ T1117] loop4: rw=0, sector=34359738488, nr_sectors = 1 limit=256 [ 43.244611][ T1117] syz.4.337: attempt to access beyond end of device [ 43.244611][ T1117] loop4: rw=0, sector=34359738488, nr_sectors = 1 limit=256 [ 43.258898][ T1117] Buffer I/O error on dev loop4, logical block 34359738488, async page read [ 43.267706][ T1117] syz.4.337: attempt to access beyond end of device [ 43.267706][ T1117] loop4: rw=0, sector=34359738489, nr_sectors = 1 limit=256 [ 43.282541][ T1121] netlink: 20 bytes leftover after parsing attributes in process `syz.2.339'. [ 43.292569][ T287] syz-executor (287) used greatest stack depth: 21664 bytes left [ 43.316786][ T1117] Buffer I/O error on dev loop4, logical block 34359738489, async page read [ 43.336340][ T1117] syz.4.337: attempt to access beyond end of device [ 43.336340][ T1117] loop4: rw=0, sector=34359738490, nr_sectors = 1 limit=256 [ 43.350295][ T1117] Buffer I/O error on dev loop4, logical block 34359738490, async page read [ 43.359911][ T1117] syz.4.337: attempt to access beyond end of device [ 43.359911][ T1117] loop4: rw=0, sector=34359738491, nr_sectors = 1 limit=256 [ 43.373772][ T1117] Buffer I/O error on dev loop4, logical block 34359738491, async page read [ 43.406958][ T1117] syz.4.337: attempt to access beyond end of device [ 43.406958][ T1117] loop4: rw=0, sector=34359738492, nr_sectors = 1 limit=256 [ 43.436754][ T1117] Buffer I/O error on dev loop4, logical block 34359738492, async page read [ 43.445499][ T1117] syz.4.337: attempt to access beyond end of device [ 43.445499][ T1117] loop4: rw=0, sector=34359738493, nr_sectors = 1 limit=256 [ 43.464818][ T1117] Buffer I/O error on dev loop4, logical block 34359738493, async page read [ 43.501821][ T1117] syz.4.337: attempt to access beyond end of device [ 43.501821][ T1117] loop4: rw=0, sector=34359738494, nr_sectors = 1 limit=256 [ 43.551685][ T1117] Buffer I/O error on dev loop4, logical block 34359738494, async page read [ 43.582295][ T1117] syz.4.337: attempt to access beyond end of device [ 43.582295][ T1117] loop4: rw=0, sector=34359738495, nr_sectors = 1 limit=256 [ 43.596492][ T1117] Buffer I/O error on dev loop4, logical block 34359738495, async page read [ 43.720042][ T28] audit: type=1400 audit(1781143386.454:277): avc: denied { mounton } for pid=1144 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 43.800216][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.807371][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.814737][ T1144] device bridge_slave_0 entered promiscuous mode [ 43.822281][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.829395][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.837124][ T1144] device bridge_slave_1 entered promiscuous mode [ 43.888950][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.896071][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.903390][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.910473][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.934692][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.942481][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.949825][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.960235][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.968603][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.977397][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.984440][ T308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.996329][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.004619][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.012881][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.020003][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.031919][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.040289][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.052777][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.061050][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.074789][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.083352][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.097428][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.105394][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.113714][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.121473][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.132592][ T1144] device veth0_vlan entered promiscuous mode [ 44.143096][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.151324][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.160824][ T1144] device veth1_macvtap entered promiscuous mode [ 44.170752][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.178773][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.187214][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.200029][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.208383][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.224472][ T28] audit: type=1400 audit(1781143386.954:278): avc: denied { mounton } for pid=1144 comm="syz-executor" path="/root/syzkaller.k58vcz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 44.302878][ T1154] loop0: detected capacity change from 0 to 4096 [ 44.310756][ T1154] EXT4-fs (loop0): Test dummy encryption mode enabled [ 44.330589][ T1154] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 44.353616][ T1154] overlayfs: failed to resolve './bus': -2 [ 44.381127][ T290] EXT4-fs (loop0): unmounting filesystem. [ 44.400494][ T10] device bridge_slave_1 left promiscuous mode [ 44.406646][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.444240][ T10] device bridge_slave_0 left promiscuous mode [ 44.454870][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 44.454884][ T28] audit: type=1400 audit(1781143387.194:281): avc: denied { append } for pid=1171 comm="syz.4.353" name="loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 44.497052][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.512324][ T10] device veth1_macvtap left promiscuous mode [ 44.518555][ T10] device veth0_vlan left promiscuous mode [ 44.544776][ T28] audit: type=1400 audit(1781143387.274:282): avc: denied { create } for pid=1179 comm="syz.4.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 44.581793][ T28] audit: type=1400 audit(1781143387.274:283): avc: denied { connect } for pid=1179 comm="syz.4.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 44.629420][ T28] audit: type=1400 audit(1781143387.304:284): avc: denied { write } for pid=1179 comm="syz.4.361" laddr=fe80::2896:28ff:fe59:299e lport=1 faddr=ff02::1 fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 44.678543][ T28] audit: type=1400 audit(1781143387.344:285): avc: denied { read } for pid=1179 comm="syz.4.361" path="socket:[19199]" dev="sockfs" ino=19199 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 44.815947][ T28] audit: type=1400 audit(1781143387.544:286): avc: denied { mounton } for pid=1204 comm="syz.0.372" path="/53/file0" dev="tmpfs" ino=299 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 44.839944][ T1205] 9pnet: p9_errstr2errno: server reported unknown error [ 44.957454][ T1188] loop2: detected capacity change from 0 to 40427 [ 44.975984][ T28] audit: type=1400 audit(1781143387.704:287): avc: denied { mount } for pid=1214 comm="syz.3.376" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 45.001643][ T1188] F2FS-fs (loop2): invalid crc value [ 45.040083][ T1188] F2FS-fs (loop2): Found nat_bits in checkpoint [ 45.106002][ T28] audit: type=1400 audit(1781143387.834:288): avc: denied { ioctl } for pid=1223 comm="syz.3.380" path="socket:[19327]" dev="sockfs" ino=19327 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 45.131220][ T1188] F2FS-fs (loop2): Start checkpoint disabled! [ 45.147209][ T1188] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 45.166063][ T1209] loop0: detected capacity change from 0 to 40427 [ 45.177817][ T28] audit: type=1400 audit(1781143387.914:289): avc: denied { read } for pid=1227 comm="syz.3.382" lport=8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 45.178141][ T1188] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 45.207489][ T28] audit: type=1400 audit(1781143387.944:290): avc: denied { read } for pid=1229 comm="syz.4.383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 45.226603][ T1209] F2FS-fs (loop0): Fix alignment : internally, start(4096) end(16896) block(12288) [ 45.252654][ T1209] F2FS-fs (loop0): invalid crc value [ 45.262713][ T320] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 45.276122][ T320] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 45.288304][ T1209] F2FS-fs (loop0): Found nat_bits in checkpoint [ 45.302471][ T320] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 45.363038][ T1209] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 45.412775][ T1236] fido_id[1236]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 45.432898][ T1240] loop3: detected capacity change from 0 to 256 [ 45.440675][ T1209] F2FS-fs (loop0): Try to recover all the superblocks, ret: 0 [ 45.473162][ T1240] FAT-fs (loop3): Directory bread(block 64) failed [ 45.484604][ T1240] FAT-fs (loop3): Directory bread(block 65) failed [ 45.492949][ T1240] FAT-fs (loop3): Directory bread(block 66) failed [ 45.507608][ T1240] FAT-fs (loop3): Directory bread(block 67) failed [ 45.523095][ T1240] FAT-fs (loop3): Directory bread(block 68) failed [ 45.535507][ T1240] FAT-fs (loop3): Directory bread(block 69) failed [ 45.554145][ T1240] FAT-fs (loop3): Directory bread(block 70) failed [ 45.572540][ T1240] FAT-fs (loop3): Directory bread(block 71) failed [ 45.587973][ T1240] FAT-fs (loop3): Directory bread(block 72) failed [ 45.603275][ T1240] FAT-fs (loop3): Directory bread(block 73) failed [ 45.656779][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 45.715531][ T1251] loop1: detected capacity change from 0 to 128 [ 45.735350][ T1251] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 45.779408][ T592] FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 45.780242][ T1252] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 45.808053][ T1252] System zones: 0-2, 18-18, 34-35 [ 45.822367][ T1252] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 45.832805][ T1252] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.862790][ T1144] EXT4-fs (loop3): unmounting filesystem. [ 45.915409][ T1274] SELinux: Context system_u:object_r: is not valid (left unmapped). [ 46.121654][ T1269] F2FS-fs (loop1): invalid crc value [ 46.133484][ T1269] F2FS-fs (loop1): Found nat_bits in checkpoint [ 47.409174][ T320] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 47.422396][ T1269] F2FS-fs (loop1): Start checkpoint disabled! [ 47.429504][ T1269] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 47.437140][ T1269] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 48.396722][ T60] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 48.497788][ T320] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 48.509475][ T320] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 48.545906][ T592] bio_check_eod: 1 callbacks suppressed [ 48.545928][ T592] kworker/u4:5: attempt to access beyond end of device [ 48.545928][ T592] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 48.546025][ T320] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 48.596745][ T60] usb 4-1: Using ep0 maxpacket: 32 [ 48.603264][ T60] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 48.631035][ T60] usb 4-1: config 0 has no interface number 0 [ 48.646799][ T320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 48.656343][ T60] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 48.675660][ T320] usb 1-1: SerialNumber: syz [ 48.680465][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.691223][ T60] usb 4-1: Product: syz [ 48.706716][ T60] usb 4-1: Manufacturer: syz [ 48.711399][ T60] usb 4-1: SerialNumber: syz [ 48.721746][ T60] usb 4-1: config 0 descriptor?? [ 48.732474][ T60] smsc95xx v2.0.0 [ 48.899823][ T320] usb 1-1: 0:2 : does not exist [ 48.924501][ T320] usb 1-1: USB disconnect, device number 4 [ 48.990108][ T1329] set_capacity_and_notify: 2 callbacks suppressed [ 48.990126][ T1329] loop4: detected capacity change from 0 to 512 [ 49.019432][ T1329] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.080223][ T1329] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 49.107412][ T1329] ext4 filesystem being mounted at /96/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 49.135146][ T60] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 49.147007][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 49.156370][ T60] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 49.231444][ T289] EXT4-fs (loop4): unmounting filesystem. [ 49.279281][ T1349] loop4: detected capacity change from 0 to 16 [ 49.387720][ T60] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 49.413596][ T60] smsc95xx: probe of 4-1:0.67 failed with error -71 [ 49.426877][ T60] usb 4-1: USB disconnect, device number 5 [ 49.478376][ T1357] loop0: detected capacity change from 0 to 256 [ 49.510847][ T1357] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001053e, chksum : 0x9ba999a5, utbl_chksum : 0xe619d30d) [ 49.566845][ T320] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 49.579911][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 49.579928][ T28] audit: type=1400 audit(1781143392.314:310): avc: denied { append } for pid=1361 comm="syz.2.438" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 49.617661][ T1364] netlink: 'syz.0.437': attribute type 12 has an invalid length. [ 49.625641][ T1364] netlink: 'syz.0.437': attribute type 29 has an invalid length. [ 49.633901][ T1364] netlink: 252 bytes leftover after parsing attributes in process `syz.0.437'. [ 49.694376][ T1320] loop1: detected capacity change from 0 to 131072 [ 49.712867][ T1320] F2FS-fs (loop1): invalid crc value [ 49.737952][ T1320] F2FS-fs (loop1): Found nat_bits in checkpoint [ 49.756813][ T320] usb 5-1: Using ep0 maxpacket: 16 [ 49.763519][ T320] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.782293][ T320] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 49.792513][ T320] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 49.805921][ T320] usb 5-1: config 0 interface 0 has no altsetting 0 [ 49.812770][ T320] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 49.822526][ T320] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.841754][ T320] usb 5-1: config 0 descriptor?? [ 49.852786][ T1320] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 49.916751][ T28] audit: type=1400 audit(1781143392.644:311): avc: denied { setattr } for pid=1319 comm="syz.1.420" name=".pending_reads" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 49.990591][ T1368] loop0: detected capacity change from 0 to 40427 [ 50.003828][ T1368] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 50.012285][ T1368] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 50.021825][ T1368] F2FS-fs (loop0): invalid crc value [ 50.040796][ T1368] F2FS-fs (loop0): Found nat_bits in checkpoint [ 50.127174][ T1368] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 50.136727][ T1368] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 50.262797][ T320] hid (null): report_id 6655 is invalid [ 50.280403][ T320] hid (null): usage index exceeded [ 50.286065][ T320] hid (null): unknown global tag 0xf1 [ 50.301825][ T320] hid (null): unknown global tag 0xa1 [ 50.372284][ T1386] netlink: 104 bytes leftover after parsing attributes in process `syz.0.444'. [ 50.462898][ T320] usb 5-1: USB disconnect, device number 2 [ 50.531436][ T28] audit: type=1400 audit(1781143393.264:312): avc: denied { mounton } for pid=1396 comm="syz.2.448" path="/103/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 50.564665][ T28] audit: type=1400 audit(1781143393.294:313): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 50.679113][ T1403] netlink: 'syz.1.451': attribute type 1 has an invalid length. [ 50.691618][ T1403] netlink: 8972 bytes leftover after parsing attributes in process `syz.1.451'. [ 50.706815][ T1403] netlink: 'syz.1.451': attribute type 1 has an invalid length. [ 50.867551][ T28] audit: type=1400 audit(1781143393.604:314): avc: denied { getopt } for pid=1419 comm="syz.2.457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 50.893774][ T1422] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0101 with DS=0x5 [ 51.011059][ T28] audit: type=1400 audit(1781143393.744:315): avc: denied { read } for pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 51.012422][ T1431] can0: slcan on ttyS3. [ 51.039062][ T28] audit: type=1400 audit(1781143393.774:316): avc: denied { search } for pid=142 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 51.060390][ T28] audit: type=1400 audit(1781143393.774:317): avc: denied { read } for pid=142 comm="dhcpcd" name="n15" dev="tmpfs" ino=3518 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 51.063260][ T1429] overlayfs: statfs failed on './file0' [ 51.087548][ T28] audit: type=1400 audit(1781143393.774:318): avc: denied { open } for pid=142 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=3518 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 51.087581][ T28] audit: type=1400 audit(1781143393.774:319): avc: denied { getattr } for pid=142 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=3518 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 51.170675][ T1431] can0 (unregistered): slcan off ttyS3. [ 51.198068][ T1440] input: syz0 as /devices/virtual/input/input7 [ 51.276960][ T19] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 51.458203][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.469479][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.479546][ T19] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 51.492792][ T19] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 51.502195][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.511099][ T19] usb 2-1: config 0 descriptor?? [ 51.666730][ T292] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 51.698301][ T1463] netlink: 24 bytes leftover after parsing attributes in process `syz.0.477'. [ 51.725792][ T1463] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.733108][ T1463] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.746766][ T1467] netlink: 24 bytes leftover after parsing attributes in process `syz.3.479'. [ 51.866721][ T292] usb 3-1: Using ep0 maxpacket: 16 [ 51.873431][ T292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.891424][ T292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.901365][ T292] usb 3-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 51.910756][ T292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.920705][ T19] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 51.929213][ T292] usb 3-1: config 0 descriptor?? [ 51.935855][ T19] plantronics 0003:047F:FFFF.0005: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 52.156742][ T40] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 52.200733][ T320] usb 2-1: USB disconnect, device number 3 [ 52.336719][ T40] usb 1-1: Using ep0 maxpacket: 8 [ 52.341589][ T292] wacom 0003:056A:0084.0006: unknown main item tag 0x0 [ 52.344321][ T40] usb 1-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 52.348914][ T292] wacom 0003:056A:0084.0006: unknown main item tag 0x0 [ 52.363038][ T40] usb 1-1: config 0 interface 0 has no altsetting 0 [ 52.368736][ T292] wacom 0003:056A:0084.0006: unknown main item tag 0x0 [ 52.375951][ T40] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00 [ 52.382226][ T292] wacom 0003:056A:0084.0006: unknown main item tag 0x0 [ 52.391912][ T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.398132][ T292] wacom 0003:056A:0084.0006: unknown main item tag 0x0 [ 52.413322][ T292] wacom 0003:056A:0084.0006: item fetching failed at offset 10/11 [ 52.417725][ T40] usb 1-1: config 0 descriptor?? [ 52.421716][ T292] wacom 0003:056A:0084.0006: parse failed [ 52.431998][ T292] wacom: probe of 0003:056A:0084.0006 failed with error -22 [ 52.550089][ T320] usb 3-1: USB disconnect, device number 5 [ 52.589998][ T1491] loop4: detected capacity change from 0 to 256 [ 52.597387][ T1491] exfat: Deprecated parameter 'utf8' [ 52.603040][ T1491] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 52.615456][ T1491] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5f1fc80d, utbl_chksum : 0xe619d30d) [ 52.647045][ T1493] netlink: 24 bytes leftover after parsing attributes in process `syz.4.490'. [ 52.833478][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x0 [ 52.840902][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x0 [ 52.848064][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x0 [ 52.855058][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x0 [ 52.862325][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x0 [ 52.869473][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x0 [ 52.876487][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.883653][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.890808][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.897940][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.904957][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.912099][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.919210][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.926231][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.933382][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.940478][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.947586][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.954602][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.962028][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x3 [ 52.969162][ T40] lenovo 0003:17EF:60B5.0007: unknown main item tag 0x7 [ 52.976797][ T292] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 52.978048][ T40] lenovo 0003:17EF:60B5.0007: hidraw0: USB HID v0.02 Device [HID 17ef:60b5] on usb-dummy_hcd.0-1/input0 [ 53.052709][ T19] usb 1-1: USB disconnect, device number 5 [ 53.157853][ T292] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 53.168217][ T292] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 53.177848][ T292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.196027][ T1531] loop2: detected capacity change from 0 to 512 [ 53.201917][ T292] usb 2-1: config 0 descriptor?? [ 53.425647][ T1539] loop2: detected capacity change from 0 to 4096 [ 53.434587][ T19] usb 2-1: USB disconnect, device number 4 [ 53.445141][ T1539] EXT4-fs (loop2): invalid inodes per group: 458784 [ 53.445141][ T1539] [ 53.479202][ T1541] loop2: detected capacity change from 0 to 512 [ 53.485920][ T1541] EXT4-fs: Invalid want_extra_isize 7 [ 53.585464][ T1554] loop0: detected capacity change from 0 to 512 [ 53.618218][ T1554] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: comm syz.0.517: inode #1: comm syz.0.517: iget: illegal inode # [ 53.645165][ T1554] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.517: error while reading EA inode 1 err=-117 [ 53.664041][ T1554] EXT4-fs error (device loop0): ext4_xattr_inode_iget:401: comm syz.0.517: inode #1: comm syz.0.517: iget: illegal inode # [ 53.677406][ T1554] EXT4-fs error (device loop0): ext4_xattr_inode_iget:406: comm syz.0.517: error while reading EA inode 1 err=-117 [ 53.695764][ T1554] EXT4-fs (loop0): 1 orphan inode deleted [ 53.701896][ T1554] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 53.763305][ T290] EXT4-fs (loop0): unmounting filesystem. [ 53.825459][ T1578] device veth0 entered promiscuous mode [ 53.840297][ T1578] device veth0 left promiscuous mode [ 53.862088][ T1581] ================================================================== [ 53.870210][ T1581] BUG: KASAN: use-after-free in rcu_segcblist_enqueue+0x62/0xb0 [ 53.877883][ T1581] Write of size 8 at addr ffff88812eedd190 by task syz.0.528/1581 [ 53.885885][ T1581] [ 53.888241][ T1581] CPU: 0 PID: 1581 Comm: syz.0.528 Not tainted syzkaller #0 [ 53.895544][ T1581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 53.905614][ T1581] Call Trace: [ 53.908908][ T1581] [ 53.911837][ T1581] __dump_stack+0x21/0x24 [ 53.916170][ T1581] dump_stack_lvl+0x110/0x170 [ 53.920870][ T1581] ? __cfi_dump_stack_lvl+0x8/0x8 [ 53.925898][ T1581] ? rcu_segcblist_enqueue+0x62/0xb0 [ 53.931191][ T1581] print_address_description+0x71/0x200 [ 53.936750][ T1581] print_report+0x4a/0x60 [ 53.941095][ T1581] kasan_report+0x122/0x150 [ 53.945612][ T1581] ? rcu_segcblist_enqueue+0x62/0xb0 [ 53.950900][ T1581] __asan_report_store8_noabort+0x17/0x20 [ 53.956757][ T1581] rcu_segcblist_enqueue+0x62/0xb0 [ 53.961881][ T1581] call_rcu+0x918/0xf90 [ 53.966048][ T1581] ? __cfi_call_rcu+0x10/0x10 [ 53.970725][ T1581] ? mutex_unlock+0x8f/0x230 [ 53.975330][ T1581] ? __cfi_mutex_unlock+0x10/0x10 [ 53.980361][ T1581] ? __kasan_check_write+0x14/0x20 [ 53.985501][ T1581] ? l2tp_session_delete+0x4a/0x4e0 [ 53.990695][ T1581] ? __kasan_check_write+0x14/0x20 [ 53.995804][ T1581] pppol2tp_release+0x208/0x2d0 [ 54.000676][ T1581] sock_close+0xf1/0x290 [ 54.004925][ T1581] ? __cfi_sock_close+0x10/0x10 [ 54.009781][ T1581] __fput+0x1fc/0x8f0 [ 54.013774][ T1581] ____fput+0x15/0x20 [ 54.017762][ T1581] task_work_run+0x1e1/0x250 [ 54.022357][ T1581] ? __cfi_task_work_run+0x10/0x10 [ 54.027653][ T1581] ? __cfi___close_range+0x10/0x10 [ 54.032761][ T1581] ? do_user_addr_fault+0x9ac/0x1050 [ 54.038054][ T1581] exit_to_user_mode_loop+0x9b/0xb0 [ 54.043253][ T1581] exit_to_user_mode_prepare+0x87/0xd0 [ 54.048711][ T1581] syscall_exit_to_user_mode+0x1a/0x30 [ 54.054174][ T1581] do_syscall_64+0x58/0xa0 [ 54.058593][ T1581] ? clear_bhb_loop+0x30/0x80 [ 54.063299][ T1581] ? clear_bhb_loop+0x30/0x80 [ 54.067982][ T1581] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.073894][ T1581] RIP: 0033:0x7f639679ce59 [ 54.078330][ T1581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 54.097947][ T1581] RSP: 002b:00007ffd79805f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 54.106374][ T1581] RAX: 0000000000000000 RBX: 00007ffd79806060 RCX: 00007f639679ce59 [ 54.114366][ T1581] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 54.122355][ T1581] RBP: 000000000000d253 R08: 0000000000000001 R09: 0000000000000000 [ 54.130334][ T1581] R10: 0000001b2da20000 R11: 0000000000000246 R12: 00007ffd798060a0 [ 54.138316][ T1581] R13: 00007f6396a15fac R14: 000000000000d287 R15: 00007f6396a15fa0 [ 54.146311][ T1581] [ 54.149347][ T1581] [ 54.151685][ T1581] Allocated by task 1582: [ 54.156018][ T1581] kasan_set_track+0x4b/0x70 [ 54.160631][ T1581] kasan_save_alloc_info+0x25/0x30 [ 54.165748][ T1581] __kasan_kmalloc+0x95/0xb0 [ 54.170364][ T1581] __kmalloc+0xb1/0x1e0 [ 54.174560][ T1581] l2tp_session_create+0x38/0xbe0 [ 54.179784][ T1581] pppol2tp_connect+0xbef/0x1620 [ 54.184744][ T1581] __sys_connect+0x3da/0x460 [ 54.189348][ T1581] __x64_sys_connect+0x7a/0x90 [ 54.194124][ T1581] x64_sys_call+0x88d/0x9a0 [ 54.198650][ T1581] do_syscall_64+0x4c/0xa0 [ 54.203116][ T1581] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.209025][ T1581] [ 54.211356][ T1581] Freed by task 1003: [ 54.215348][ T1581] kasan_set_track+0x4b/0x70 [ 54.219965][ T1581] kasan_save_free_info+0x31/0x50 [ 54.225004][ T1581] ____kasan_slab_free+0x132/0x180 [ 54.230126][ T1581] __kasan_slab_free+0x11/0x20 [ 54.234906][ T1581] slab_free_freelist_hook+0xc2/0x190 [ 54.240288][ T1581] __kmem_cache_free+0xb7/0x1b0 [ 54.245155][ T1581] kfree+0x6f/0xf0 [ 54.248892][ T1581] l2tp_session_put+0xaf/0x1a0 [ 54.253664][ T1581] l2tp_session_delete+0x3f0/0x4e0 [ 54.258782][ T1581] l2tp_tunnel_del_work+0x1a1/0x410 [ 54.263998][ T1581] process_one_work+0x71f/0xc40 [ 54.268866][ T1581] worker_thread+0xa29/0x11e0 [ 54.273557][ T1581] kthread+0x281/0x320 [ 54.277648][ T1581] ret_from_fork+0x1f/0x30 [ 54.282075][ T1581] [ 54.284408][ T1581] Last potentially related work creation: [ 54.290131][ T1581] kasan_save_stack+0x3a/0x60 [ 54.294837][ T1581] __kasan_record_aux_stack+0xb6/0xc0 [ 54.300217][ T1581] kasan_record_aux_stack_noalloc+0xb/0x10 [ 54.306042][ T1581] call_rcu+0xcf/0xf90 [ 54.310205][ T1581] pppol2tp_release+0x208/0x2d0 [ 54.315086][ T1581] sock_close+0xf1/0x290 [ 54.319359][ T1581] __fput+0x1fc/0x8f0 [ 54.323364][ T1581] ____fput+0x15/0x20 [ 54.327371][ T1581] task_work_run+0x1e1/0x250 [ 54.331992][ T1581] exit_to_user_mode_loop+0x9b/0xb0 [ 54.337209][ T1581] exit_to_user_mode_prepare+0x87/0xd0 [ 54.342682][ T1581] syscall_exit_to_user_mode+0x1a/0x30 [ 54.348149][ T1581] do_syscall_64+0x58/0xa0 [ 54.352587][ T1581] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 54.358503][ T1581] [ 54.360863][ T1581] The buggy address belongs to the object at ffff88812eedd000 [ 54.360863][ T1581] which belongs to the cache kmalloc-512 of size 512 [ 54.374923][ T1581] The buggy address is located 400 bytes inside of [ 54.374923][ T1581] 512-byte region [ffff88812eedd000, ffff88812eedd200) [ 54.388208][ T1581] [ 54.390544][ T1581] The buggy address belongs to the physical page: [ 54.396971][ T1581] page:ffffea0004bbb700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12eedc [ 54.407221][ T1581] head:ffffea0004bbb700 order:2 compound_mapcount:0 compound_pincount:0 [ 54.415566][ T1581] flags: 0x4000000000010200(slab|head|zone=1) [ 54.421676][ T1581] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 54.430278][ T1581] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 54.438874][ T1581] page dumped because: kasan: bad access detected [ 54.445313][ T1581] page_owner tracks the page as allocated [ 54.451098][ T1581] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 287, tgid 287 (syz-executor), ts 24855105938, free_ts 24854945661 [ 54.472307][ T1581] post_alloc_hook+0x1f5/0x210 [ 54.477105][ T1581] prep_new_page+0x1c/0x110 [ 54.481630][ T1581] get_page_from_freelist+0x2d12/0x2d80 [ 54.487197][ T1581] __alloc_pages+0x1fa/0x610 [ 54.491820][ T1581] alloc_slab_page+0x6e/0xf0 [ 54.496429][ T1581] new_slab+0x98/0x3d0 [ 54.500510][ T1581] ___slab_alloc+0x6bd/0xb20 [ 54.505119][ T1581] __slab_alloc+0x5e/0xa0 [ 54.509473][ T1581] __kmem_cache_alloc_node+0x203/0x2c0 [ 54.514954][ T1581] __kmalloc+0xa1/0x1e0 [ 54.519128][ T1581] ops_init+0x89/0x4a0 [ 54.523233][ T1581] setup_net+0x4b4/0xcc0 [ 54.527499][ T1581] copy_net_ns+0x355/0x5c0 [ 54.532022][ T1581] create_new_namespaces+0x3a2/0x660 [ 54.537335][ T1581] unshare_nsproxy_namespaces+0x120/0x170 [ 54.543201][ T1581] ksys_unshare+0x4f6/0x830 [ 54.547730][ T1581] page last free stack trace: [ 54.552437][ T1581] free_unref_page_prepare+0x7f8/0x800 [ 54.557921][ T1581] free_unref_page+0x95/0x540 [ 54.562618][ T1581] __free_pages+0x67/0x100 [ 54.567055][ T1581] free_pages+0x82/0x90 [ 54.571242][ T1581] __stack_depot_save+0x457/0x480 [ 54.576285][ T1581] kasan_set_track+0x60/0x70 [ 54.580895][ T1581] kasan_save_alloc_info+0x25/0x30 [ 54.586021][ T1581] __kasan_kmalloc+0x95/0xb0 [ 54.590633][ T1581] __kmalloc+0xb1/0x1e0 [ 54.594808][ T1581] __register_sysctl_table+0xf4/0xe30 [ 54.600205][ T1581] register_net_sysctl+0x24f/0x260 [ 54.605330][ T1581] __addrconf_sysctl_register+0x277/0x3e0 [ 54.611073][ T1581] addrconf_sysctl_register+0x147/0x1a0 [ 54.616631][ T1581] ipv6_add_dev+0xcac/0x1230 [ 54.621244][ T1581] addrconf_notify+0x6d5/0xe40 [ 54.626022][ T1581] raw_notifier_call_chain+0xa1/0x110 [ 54.631416][ T1581] [ 54.633755][ T1581] Memory state around the buggy address: [ 54.639394][ T1581] ffff88812eedd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.647573][ T1581] ffff88812eedd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.657040][ T1581] >ffff88812eedd180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.665463][ T1581] ^ [ 54.670065][ T1581] ffff88812eedd200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.678139][ T1581] ffff88812eedd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.686206][ T1581] ================================================================== [ 54.694280][ T1581] Disabling lock debugging due to kernel taint [ 54.876812][ T19] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 55.058073][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.069016][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.083647][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.094709][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.105574][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.116514][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.127545][ T19] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.140411][ T19] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 2.00 [ 55.149502][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=4 [ 55.157541][ T19] usb 2-1: SerialNumber: syz [ 55.163105][ T19] usb 2-1: config 0 descriptor?? [ 55.169624][ T19] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 55.177642][ T19] usb 2-1: Detected FT232A [ 55.182737][ T19] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 55.376016][ T19] usb 2-1: USB disconnect, device number 5 [ 55.383039][ T19] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 55.393079][ T19] ftdi_sio 2-1:0.0: device disconnected