last executing test programs: 2.724320619s ago: executing program 3 (id=87): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10) 2.619919869s ago: executing program 3 (id=88): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000640)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) write$binfmt_script(r1, 0x0, 0x0) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 2.543601779s ago: executing program 0 (id=89): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0400000000000000000000c00b000000460f0000566000000a00000000000000010000000200000003000000fdffffffe3"]) 2.506209579s ago: executing program 3 (id=90): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x180000, @empty}, 0x1c) 2.471242989s ago: executing program 3 (id=91): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x8f8c, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x400ad00, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 2.440110629s ago: executing program 0 (id=92): mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r1 = open(&(0x7f0000000300)='./file0\x00', 0x622000, 0x0) fstat(r1, 0x0) close(0x3) 2.433835959s ago: executing program 3 (id=93): socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0) read(r0, &(0x7f00000001c0)=""/4117, 0x1015) 2.366317068s ago: executing program 0 (id=94): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) creat(&(0x7f0000000000)='./file0\x00', 0x40) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0xa08344, &(0x7f0000000200)={[{@nojournal_checksum}, {@nodioread_nolock}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@quota}, {@usrjquota}, {@oldalloc}, {@resuid={'resuid', 0x3d, 0xee01}}]}, 0x2, 0x44a, &(0x7f0000000880)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") 2.366160898s ago: executing program 3 (id=95): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x64, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xa}, [@mbim_extended={0x8, 0x24, 0x1c, 0x8, 0x8, 0xfff}]}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.216886448s ago: executing program 4 (id=98): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 2.133759187s ago: executing program 4 (id=100): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = gettid() tkill(r2, 0x12) 2.072091937s ago: executing program 0 (id=102): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0xa, r2, &(0x7f0000000280)='asymmetric\x00', &(0x7f0000000040)) 2.061521557s ago: executing program 4 (id=103): io_setup(0x2278, &(0x7f0000000180)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r2, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) io_submit(r0, 0x2, &(0x7f0000000140)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r2, &(0x7f0000000100)="7f", 0x1, 0x0, 0x0, 0x2b7d18090f00442c}, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}]) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.037948887s ago: executing program 0 (id=105): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f00000003a8407a730b"], 0x0}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f0000000040)={0x2, 0x102, 0xfffffffe}) 2.019866497s ago: executing program 2 (id=106): mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r1 = open(&(0x7f0000000300)='./file0\x00', 0x622000, 0x0) fstat(r1, 0x0) close(0x3) 1.955392367s ago: executing program 2 (id=107): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x10, &(0x7f0000000c80), 0xff, 0x249, &(0x7f0000000880)="$eJzs3T9oM2UcB/DvXRJr3jfIqy6C+AdERAvldRNcXifhBSlFRFChIuKitEJtcWudXBx0VunkUsTN6ihdiosiOFXtUBdBi4PFQYdIcqnUNuKf1Jz0Ph+43F1yz/2e4+77JBkuCdBYV5JcS9JKMpukk6Q4ucHd1XRltLrZ3V1M+v3HfyyG21XrleN2l5NsJHkoyU5Z5MV2srb99MHPe4/e98Zq5973tp/qTvUgRw4P9h87enf+9Q+vP7j2+Zffzxe5lt4fjuv8FWOeaxfJLf9Fsf+Jol13D/g7Fl794KtB7m9Ncs8w/52UqU7emys37HTywDt/1vatH764fZp9Bc5fv98ZvAdu9IHGKZP0UpRzSarlspybqz7Df926VL60vPLK7AvLq0vP1z1SAedl+L3345mPLp/K/3etKv/AxdVL9p9Y2PpmsHzUqrs3wFTcUc0G+Z99dv3+yD80jvxDc8k/NJf8Q3PJPzTSTOQfGk3+obnkH5pL/qG55B+a62T+AYBm6c+cuSW4GP4sAHDh1T3+AAAAAAAAAAAAAAAAAAAAZ212dxePp2nV/PTt5PCRJO1x9VvD/yNObhw+XvqpGGz2u6JqNpFn7ppwBxN6v+a7r2/6tqbC3Wr22Z011R9ZX0o2Xktytd0+e/0Vo+vv37v5L17vPDdhgX+oOLX+8JPTrX/ar1v11r++l3wyGH+ujht/ytw2nI8ff3qD8zdh/Zd/mXAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATM1vAQAA//8mi2g4") umount2(&(0x7f00000002c0)='./file0\x00', 0x0) umount2(&(0x7f0000000180)='./file0/../file0\x00', 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) statfs(0x0, 0x0) 1.856151756s ago: executing program 4 (id=108): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000440)={@multicast2, @loopback, @private=0xa010100}, 0xc) 1.831864026s ago: executing program 4 (id=109): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) uname(&(0x7f0000000480)=""/252) 1.808634466s ago: executing program 4 (id=110): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x40400) ioctl$HIDIOCSREPORT(r1, 0x81044804, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000002c40)={0x2, 0x3c4d433d27febf4, 0x6, 0xe, 0x6, 0xa17}) 1.703356666s ago: executing program 2 (id=111): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x10) r2 = epoll_create1(0x80000) epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0x2be, 0x0, 0x0) 954.970723ms ago: executing program 2 (id=112): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0xff, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000079e02200850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r0, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) 941.945983ms ago: executing program 2 (id=113): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000001000010000000000000000000000f8"], 0x20}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000000000006902"]) 903.620093ms ago: executing program 2 (id=114): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x4, 0x0, 0x2}) 426.500482ms ago: executing program 1 (id=115): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000a50000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = memfd_create(&(0x7f0000000340)='\x00\x01\x00\x00\x00\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\x00\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\x03\x00\x00\x00m\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xa1\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"F\xb4\x02\xc5T\xe5\xc7\x98\xcd\fs\x1ap^\xc1jL\xfb{\xd8\x9e;L9\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90F@\x8a_\xe0\xd7\xfag\x9f\xcfp2*}=\x01h\x04\x81V9\xa1Q\xe19\x85\xa4x\xb6/\xbe~M\xac%\x03\xdfm\x174\xb0\x8a{)$\xa6\xad\xadg6\x02P\xbf\x9a\x1d\xaeR\x1f_\x1b\x9cma\xc3\xa5\x19b\'H\x94|\x18\x8a\xd5\xbb\"\xfe\xdf\x8f', 0x1) fallocate(r1, 0x0, 0x400000000000000, 0x7) 258.171381ms ago: executing program 1 (id=116): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x80100, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcbf5, r2}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500), &(0x7f0000000280), 0x7, r2}, 0x38) 70.08169ms ago: executing program 1 (id=117): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000140), &(0x7f00000002c0)=""/4095}, 0x20) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000080)={r0, &(0x7f0000000080), 0x0}, 0x20) 53.242651ms ago: executing program 1 (id=118): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x20, 0x0, 0x2, 0x0, @rand_addr, @multicast1=0xe0000300}, @address_request}}}}, 0x0) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000040)={@multicast2, @empty, 0x0, "881d3b24e009118e5e5c2bd5b64fb01582a1085fc53c43c4b776d30612334501", 0x1004000, 0x1, 0x1, 0x9}, 0x3c) 36.02933ms ago: executing program 1 (id=119): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) syz_emit_ethernet(0x56, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa0380c200000008"], 0x0) 18.68656ms ago: executing program 0 (id=120): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000300)='./bus\x00', 0x1008002, &(0x7f00000003c0)={[{@bsdgroups}, {@delalloc}, {@inlinecrypt}, {@usrquota}, {@abort}, {@nobh}, {@quota}, {@delalloc}, {@usrjquota}]}, 0x1, 0x5fa, &(0x7f0000000a40)="$eJzs3c9vVNUeAPDvmU5LS3mvhby893iLR5OXF0jeo6UFDHEFW0Ma/BE3bqy0IDJAQ2u0aAIkuDExbowxceVC/C+UyJaVrly4cWVIiBqWJo6Z6b2l0860dGh7m97PJ5n23nPm5nxvp9/eO6fnnAmgtEYaXyoRByNiNkUMpVtLddXIKkcWn/f4t/fPNx4p6vWXf0mRsrL8+Sn7Ppgd3B8R332b4kDP6nbnFm5cnqrVZq5n+2PzV2bH5hZuHL10ZerizMWZqxPPTZw6eeLkqfFjXZ3XzTZlZ++89c7Qh5Ovffn572n8qx8nU5yOF7InLj+PzTISI82fSVpdNXhqsxsrSE/2e7L8JU7VAgNiQ/LXrzci/hFD0RNPXryh+ODFQoMDtlQ9RdSBkkryH0oqvw/I39uvfB9cKeSuBNgOj84sdgCszv/qYt9g9Df7BvY+TrG8WydFRHc9c632RcSD+5N3LtyfvBNb1A8HtHfrdkT8s13+p2b+D0d/DDfzv9KS/437gnPZ90b5S122v7KrWP7D9lnM//418z865P/ry/L/jS7bH3my+eZAS/4PdHtKAAAAAAAAUFr3zkTE/9v9/7+yNP4n2oz/GYyI05vQ/siK/dX//6883IRmgDYenYmlebwr8z8b/Tvck239pTkeoDdduFSbORYRf42II9G7p7E/vkYbRz868FmnupFs/F/+aLT/IBsLmMXxsLqn9ZjpqfmpZz1vIOLR7Yh/tR3/m5au/6nN9b/x92D2Kds48N+75zrVrZ//wFapfxFxuO31/8mqFWnt9TnGmvcDY/ldwWr/fu/jrzu1323+W2ICnl3j+r937fwfTsvX65mL2LPBNo4vVOutJSkiW2ao2/v/vvRKc8mZvqzs3an5+evjEX3pbE+jtKV8YoMBwy6V50OeL438P/Kftfv/UkR15f3/QCyl8JL0a+uc4tzf/xj8qVM87v+hOI38n97Q9X/jGxN3h7/p1P7TXf9PNK/1R7IS/X+w6NM8Tftay9ukY7Vd1XbHCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7QSUi9kWqjC5tVyqjoxGDEfG32FupXZub/9+Fa29fnW7UNT//v5J/0u/Q4n7KP/9/eNn+xIr94xGxPyI+6Rlo7o+ev1abLvrkAQAAAAAAAAAAAAAAAAAAYIcY7DD/v+HnnqKjA7ZctegAgMK0yf/vi4gD2H6u/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+Ul/wHAAAAAIBdZf+hez+kiLj1/EDz0dCX1fUWGhmw1SpFBwAUxhI/UF6G/kB5beQ9ft8WxgEUJ61T39/xoPWOXMvs+Wc4GAAAAAAAAAAAAABK5/BB8/+hrLqZ/2/NANgdzP+H8srn/x8qOA5g+3mPD8Q6M/nbzv9f9ygAAAAAAAAAAAAAYDPNLdy4PFWrzVy38erOCGM7N+r1+s3Gb8HqqrRDIlxjI5+6tlPiqc3kQ+F3SjwrNvIf2NMdVczfIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYLU/AwAA//8eaCFC") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=121): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) kernel console output (not intermixed with test programs): [ 4.891334][ T100] udevd (100) used greatest stack depth: 22096 bytes left [ 6.362002][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 6.362017][ T30] audit: type=1400 audit(1737779742.266:58): avc: denied { use } for pid=181 comm="ssh-keygen" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 6.415593][ T30] audit: type=1400 audit(1737779742.316:59): avc: denied { search } for pid=181 comm="ssh-keygen" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6.437980][ T30] audit: type=1400 audit(1737779742.336:60): avc: denied { use } for pid=186 comm="sshd" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 11.292153][ T30] audit: type=1400 audit(1737779747.196:61): avc: denied { transition } for pid=220 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.298555][ T30] audit: type=1400 audit(1737779747.196:62): avc: denied { noatsecure } for pid=220 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.304065][ T30] audit: type=1400 audit(1737779747.196:63): avc: denied { write } for pid=220 comm="sh" path="pipe:[14498]" dev="pipefs" ino=14498 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.310650][ T30] audit: type=1400 audit(1737779747.196:64): avc: denied { rlimitinh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.316276][ T30] audit: type=1400 audit(1737779747.196:65): avc: denied { siginh } for pid=220 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. [ 18.714316][ T30] audit: type=1400 audit(1737779754.616:66): avc: denied { integrity } for pid=278 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 18.721534][ T30] audit: type=1400 audit(1737779754.626:67): avc: denied { mounton } for pid=278 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 18.722870][ T278] cgroup: Unknown subsys name 'net' [ 18.725864][ T30] audit: type=1400 audit(1737779754.626:68): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.730132][ T30] audit: type=1400 audit(1737779754.626:69): avc: denied { unmount } for pid=278 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.730307][ T278] cgroup: Unknown subsys name 'devices' [ 18.883034][ T278] cgroup: Unknown subsys name 'hugetlb' [ 18.888473][ T278] cgroup: Unknown subsys name 'rlimit' [ 19.029483][ T30] audit: type=1400 audit(1737779754.926:70): avc: denied { setattr } for pid=278 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.052555][ T30] audit: type=1400 audit(1737779754.926:71): avc: denied { mounton } for pid=278 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 19.066387][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.077401][ T30] audit: type=1400 audit(1737779754.926:72): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.108894][ T30] audit: type=1400 audit(1737779754.986:73): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.122413][ T278] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 19.134150][ T30] audit: type=1400 audit(1737779754.986:74): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.168187][ T30] audit: type=1400 audit(1737779755.026:75): avc: denied { read } for pid=278 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.623240][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.630098][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.637571][ T288] device bridge_slave_0 entered promiscuous mode [ 19.645345][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.652229][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.659482][ T288] device bridge_slave_1 entered promiscuous mode [ 19.694001][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.701029][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.708395][ T289] device bridge_slave_0 entered promiscuous mode [ 19.727388][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.734319][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.741640][ T289] device bridge_slave_1 entered promiscuous mode [ 19.827606][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.834498][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.841857][ T292] device bridge_slave_0 entered promiscuous mode [ 19.865300][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.872194][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.879438][ T292] device bridge_slave_1 entered promiscuous mode [ 19.893251][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.900157][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.907699][ T290] device bridge_slave_0 entered promiscuous mode [ 19.915960][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.922884][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.929989][ T290] device bridge_slave_1 entered promiscuous mode [ 20.021951][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.028805][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.036160][ T291] device bridge_slave_0 entered promiscuous mode [ 20.052712][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.059810][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.067239][ T291] device bridge_slave_1 entered promiscuous mode [ 20.123742][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.130587][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.137740][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.144484][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.199404][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.206276][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.213383][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.220144][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.228072][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.234923][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.242121][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.248972][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.263698][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.270538][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.277678][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.284443][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.331306][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.338384][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.345737][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.353261][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.360202][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.367194][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.374205][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.381493][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.389138][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.414000][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.421860][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.430001][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.436861][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.444173][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.452646][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.459469][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.492750][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.501108][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.509065][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.516042][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.523776][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.531983][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.538817][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.546109][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.554099][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.560958][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.568273][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.576548][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.583491][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.590667][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.598501][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.606426][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.613757][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.621076][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.629247][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.636106][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.643353][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.652254][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.659079][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.669193][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.677185][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.691742][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.699697][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.708161][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.716493][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.736122][ T290] device veth0_vlan entered promiscuous mode [ 20.742536][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.750468][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.758474][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.766838][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.775287][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.783108][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.799249][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.806626][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.815127][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.823249][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.839169][ T290] device veth1_macvtap entered promiscuous mode [ 20.851576][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.859858][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.867621][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.875254][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.884045][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.892512][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.900609][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.910094][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 20.918361][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.926541][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.933395][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.952702][ T292] device veth0_vlan entered promiscuous mode [ 20.961611][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 20.969151][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.977276][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.985402][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.993514][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.001858][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.009859][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.018096][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.025904][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.033977][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.041814][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.049580][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.056963][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.064310][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.071706][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.080599][ T288] device veth0_vlan entered promiscuous mode [ 21.090368][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.098865][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.108229][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.116676][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.124896][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.131767][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.142974][ T292] device veth1_macvtap entered promiscuous mode [ 21.161892][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.171020][ T290] request_module fs-gadgetfs succeeded, but still no fs? [ 21.171499][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.188098][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.195700][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.203650][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.211738][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.220114][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.228228][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.236407][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.244428][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.252874][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.261212][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.269283][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.277572][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.284986][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.292598][ T289] device veth0_vlan entered promiscuous mode [ 21.321032][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.329023][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.350118][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.358569][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.369361][ T288] device veth1_macvtap entered promiscuous mode [ 21.377652][ T289] device veth1_macvtap entered promiscuous mode [ 21.410511][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.418463][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.426319][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.435047][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.444128][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.452413][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.460703][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.469594][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.483014][ T291] device veth0_vlan entered promiscuous mode [ 21.505105][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.516271][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.524688][ T321] loop3: detected capacity change from 0 to 256 [ 21.532035][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.539513][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.548289][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.556845][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.565305][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.574002][ T321] exfat: Deprecated parameter 'utf8' [ 21.579203][ T321] exfat: Deprecated parameter 'namecase' [ 21.586963][ T321] exfat: Deprecated parameter 'utf8' [ 21.601318][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.615958][ T291] device veth1_macvtap entered promiscuous mode [ 21.625746][ T321] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 21.649873][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.663806][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.685710][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.700036][ T197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.721919][ T327] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.817066][ T332] binder: 331:332 ioctl c0306201 200001c0 returned -22 [ 21.875700][ T340] loop3: detected capacity change from 0 to 128 [ 22.110296][ T354] loop0: detected capacity change from 0 to 128 [ 22.171096][ T354] ======================================================= [ 22.171096][ T354] WARNING: The mand mount option has been deprecated and [ 22.171096][ T354] and is ignored by this kernel. Remove the mand [ 22.171096][ T354] option from the mount to silence this warning. [ 22.171096][ T354] ======================================================= [ 22.206748][ T356] syz.2.18 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 22.266565][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue. Quota mode: none. [ 22.291091][ T354] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 22.365922][ T354] overlayfs: upper fs needs to support d_type. [ 22.394248][ T354] overlayfs: upper fs does not support tmpfile. [ 22.418256][ T366] xt_bpf: check failed: parse error [ 22.506419][ T374] loop0: detected capacity change from 0 to 2048 [ 22.571721][ T374] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 22.582068][ T374] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 22.594737][ T385] loop3: detected capacity change from 0 to 512 [ 22.616218][ T385] EXT4-fs (loop3): Ignoring removed oldalloc option [ 22.630986][ T385] EXT4-fs (loop3): Ignoring removed orlov option [ 22.630987][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug_want_extra_isize=0x0000000000000004,nomblk_io_submit,errors=remount-ro,dioread_lock,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,errors=remount-ro,bsddf,. Quota mode: none. [ 22.639481][ T385] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 22.698236][ T374] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.23: bg 0: block 234: padding at end of block bitmap is not set [ 22.712559][ T374] EXT4-fs (loop0): Remounting filesystem read-only [ 22.719101][ T385] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 22.740987][ T374] syz.0.23 (374) used greatest stack depth: 21904 bytes left [ 22.743292][ T385] EXT4-fs (loop3): 1 truncate cleaned up [ 22.754081][ T385] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,oldalloc,orlov,noblock_validity,,errors=continue. Quota mode: none. [ 22.820356][ T385] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: none. [ 22.863702][ T385] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: none. [ 22.951071][ T404] loop3: detected capacity change from 0 to 2048 [ 22.961421][ T401] bridge0: port 3(syz_tun) entered blocking state [ 22.999549][ T401] bridge0: port 3(syz_tun) entered disabled state [ 23.020199][ T404] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.026622][ T401] device syz_tun entered promiscuous mode [ 23.037143][ T401] bridge0: port 3(syz_tun) entered blocking state [ 23.043415][ T401] bridge0: port 3(syz_tun) entered forwarding state [ 23.063251][ T404] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.078288][ T404] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 23.090968][ T404] EXT4-fs (loop3): This should not happen!! Data will be lost [ 23.090968][ T404] [ 23.101219][ T404] EXT4-fs (loop3): Total free blocks count 0 [ 23.107026][ T404] EXT4-fs (loop3): Free/Dirty block details [ 23.118553][ T404] EXT4-fs (loop3): free_blocks=2415919104 [ 23.118984][ T414] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28 [ 23.124844][ T404] EXT4-fs (loop3): dirty_blocks=48 [ 23.141449][ T404] EXT4-fs (loop3): Block reservation details [ 23.147262][ T404] EXT4-fs (loop3): i_reserved_data_blocks=3 [ 23.186560][ T364] syz.2.20 (364) used greatest stack depth: 21808 bytes left [ 23.217120][ T418] loop0: detected capacity change from 0 to 256 [ 23.223660][ T416] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 23.256656][ T414] EXT4-fs (loop3): This should not happen!! Data will be lost [ 23.256656][ T414] [ 23.258174][ T416] syz.1.41 (416) used greatest stack depth: 21232 bytes left [ 23.294437][ T418] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 23.409307][ T427] loop3: detected capacity change from 0 to 2048 [ 23.464648][ T431] loop0: detected capacity change from 0 to 2048 [ 23.487022][ T427] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.491426][ T431] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 23.562934][ T431] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.591260][ T39] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 23.601730][ T431] EXT4-fs (loop0): Remounting filesystem read-only [ 23.631038][ T26] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 23.688593][ T439] syz.3.49[439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 23.688664][ T439] syz.3.49[439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 23.856424][ T30] kauditd_printk_skb: 134 callbacks suppressed [ 23.856441][ T30] audit: type=1326 audit(1737779759.756:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 23.918762][ T30] audit: type=1326 audit(1737779759.796:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 23.956157][ T449] loop3: detected capacity change from 0 to 2048 [ 23.970285][ T30] audit: type=1326 audit(1737779759.796:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 23.993525][ T39] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.004577][ T30] audit: type=1326 audit(1737779759.796:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.027967][ T30] audit: type=1326 audit(1737779759.796:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.031813][ T449] EXT4-fs (loop3): Ignoring removed bh option [ 24.055111][ T26] usb 3-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 24.070045][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.081727][ T26] usb 3-1: config 0 descriptor?? [ 24.087040][ T30] audit: type=1326 audit(1737779759.796:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.110347][ T30] audit: type=1326 audit(1737779759.796:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.134491][ T30] audit: type=1326 audit(1737779759.796:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.158980][ T30] audit: type=1326 audit(1737779759.796:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.190845][ T30] audit: type=1326 audit(1737779759.796:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=445 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ed748d29 code=0x7ffc0000 [ 24.214026][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 24.224414][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.233244][ T449] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 24.234512][ T39] usb 2-1: Product: syz [ 24.266002][ T39] usb 2-1: Manufacturer: syz [ 24.270439][ T39] usb 2-1: SerialNumber: syz [ 24.345932][ T451] loop4: detected capacity change from 0 to 40427 [ 24.417158][ T451] F2FS-fs (loop4): fault_injection options not supported [ 24.448212][ T451] F2FS-fs (loop4): invalid crc value [ 24.469002][ T451] F2FS-fs (loop4): Found nat_bits in checkpoint [ 24.559965][ T451] F2FS-fs (loop4): Start checkpoint disabled! [ 24.572063][ T451] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 24.651105][ T451] capability: warning: `syz.4.54' uses deprecated v2 capabilities in a way that may be insecure [ 24.684166][ T45] attempt to access beyond end of device [ 24.684166][ T45] loop4: rw=2049, want=40976, limit=40427 [ 24.718142][ T449] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.733503][ T449] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 24.745698][ T449] EXT4-fs (loop3): This should not happen!! Data will be lost [ 24.745698][ T449] [ 24.770890][ T449] EXT4-fs (loop3): Total free blocks count 0 [ 24.776713][ T449] EXT4-fs (loop3): Free/Dirty block details [ 24.791184][ T449] EXT4-fs (loop3): free_blocks=2415919104 [ 24.791445][ T458] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 24.796737][ T449] EXT4-fs (loop3): dirty_blocks=32 [ 24.796751][ T449] EXT4-fs (loop3): Block reservation details [ 24.796763][ T449] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 24.831422][ T458] EXT4-fs (loop3): This should not happen!! Data will be lost [ 24.831422][ T458] [ 25.064537][ T464] loop3: detected capacity change from 0 to 40427 [ 25.115408][ T464] F2FS-fs (loop3): fault_injection options not supported [ 25.120851][ T6] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.131033][ T464] F2FS-fs (loop3): invalid crc value [ 25.137153][ T464] F2FS-fs (loop3): Found nat_bits in checkpoint [ 25.180846][ T464] F2FS-fs (loop3): Start checkpoint disabled! [ 25.187898][ T464] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 25.201300][ T26] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 25.262300][ T472] loop0: detected capacity change from 0 to 256 [ 25.291241][ T472] exfat: Deprecated parameter 'utf8' [ 25.296708][ T472] exfat: Deprecated parameter 'namecase' [ 25.302537][ T472] exfat: Deprecated parameter 'utf8' [ 25.334786][ T472] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 25.367299][ T197] attempt to access beyond end of device [ 25.367299][ T197] loop3: rw=2049, want=40968, limit=40427 [ 25.378635][ T197] attempt to access beyond end of device [ 25.378635][ T197] loop3: rw=2049, want=41000, limit=40427 [ 25.419689][ T475] SELinux: Context Ü is not valid (left unmapped). [ 25.420947][ T26] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 25.438131][ T26] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 25.448485][ T39] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 25.461068][ T26] asix: probe of 3-1:0.0 failed with error -71 [ 25.470667][ T26] usb 3-1: USB disconnect, device number 2 [ 25.525336][ T479] loop0: detected capacity change from 0 to 256 [ 25.530899][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.543421][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.546675][ T481] loop3: detected capacity change from 0 to 512 [ 25.553273][ T6] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 25.566800][ T479] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 25.568363][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.587095][ T479] exFAT-fs (loop0): hint_cluster is invalid (17) [ 25.588735][ T6] usb 5-1: config 0 descriptor?? [ 25.599093][ T479] exFAT-fs (loop0): error, broken FAT chain. [ 25.606880][ T479] exFAT-fs (loop0): error, failed to bmap (inode : ffff8881123f3490 iblock : 8, err : -5) [ 25.612088][ T481] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2219: inode #15: comm syz.3.61: corrupted in-inode xattr [ 25.628757][ T481] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.61: couldn't read orphan inode 15 (err -117) [ 25.640522][ T481] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.658812][ T481] EXT4-fs (loop3): shut down requested (2) [ 25.665329][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.674170][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.675993][ T39] cdc_ncm 2-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 25.684578][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.699258][ T39] usb 2-1: USB disconnect, device number 2 [ 25.710496][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.719273][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.728056][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.730641][ T39] cdc_ncm 2-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 25.737093][ T481] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.745242][ T486] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.762447][ T485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'. [ 25.795785][ T486] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.797367][ T488] loop0: detected capacity change from 0 to 2048 [ 25.804796][ T486] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.822707][ T486] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.831364][ T486] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 25.883564][ T490] device wireguard0 entered promiscuous mode [ 25.883772][ T488] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.900054][ T488] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 25.919709][ T488] fs-verity: sha512 using implementation "sha512-avx2" [ 25.928110][ T488] fs-verity (loop0, inode 13): ext4_end_enable_verity() failed with err -28 [ 25.941499][ T496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1543 sclass=netlink_route_socket pid=496 comm=syz.3.67 [ 26.153627][ T509] loop3: detected capacity change from 0 to 512 [ 26.264778][ T509] EXT4-fs (loop3): Ignoring removed oldalloc option [ 26.300957][ T6] usb 5-1: string descriptor 0 read error: -22 [ 26.308218][ T509] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.74: Parent and EA inode have the same ino 15 [ 26.330495][ T509] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 26.343506][ T509] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz.3.74: Parent and EA inode have the same ino 15 [ 26.356010][ T509] EXT4-fs (loop3): 1 orphan inode deleted [ 26.383439][ T509] EXT4-fs (loop3): mounted filesystem without journal. Opts: nojournal_checksum,nodioread_nolock,debug_want_extra_isize=0x000000000000005c,quota,usrjquota=,oldalloc,resuid=0x000000000000ee01,,errors=continue. Quota mode: writeback. [ 26.527667][ T498] loop2: detected capacity change from 0 to 131072 [ 26.562526][ T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0001/input/input4 [ 26.579195][ T6] uclogic 0003:256C:006D.0001: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 26.579969][ T498] F2FS-fs (loop2): Invalid segment/section count (31, 24 x 150994945) [ 26.624763][ T498] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 26.636084][ T498] F2FS-fs (loop2): invalid crc value [ 26.689938][ T498] F2FS-fs (loop2): Found nat_bits in checkpoint [ 26.696557][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.706136][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.713594][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.727548][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.735437][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.744661][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.752375][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.759630][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.767165][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.774778][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.782390][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.789642][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.803314][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.815986][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.822864][ T498] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2 [ 26.830293][ T498] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 26.831314][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.837221][ T498] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 26.850878][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.859253][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.879528][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.887585][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.895112][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.910379][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.925502][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.932988][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.940193][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.955770][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.963965][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.971783][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.979172][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.986689][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 26.994839][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.002267][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.011458][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.019015][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.026521][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.034234][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.041710][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.049066][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.060441][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.067889][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.075320][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.082576][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.089745][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.097055][ T39] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 27.105556][ T447] usb 5-1: USB disconnect, device number 2 [ 27.111587][ T39] hid-generic 0000:0000:0000.0002: hidraw1: HID vffffff.fd Device [syz0] on syz1 [ 27.191557][ T547] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 27.199285][ T547] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 27.314905][ T558] loop2: detected capacity change from 0 to 1024 [ 27.351363][ T564] serio: Serial port ptm0 [ 27.352298][ T565] loop0: detected capacity change from 0 to 512 [ 27.362198][ T558] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,bsdgroups,resuid=0x0000000000000000,noblock_validity,minixdf,errors=remount-ro,journal_ioprio=0x0000000000000006,data_err=abort,. Quota mode: writeback. [ 27.371005][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 27.392444][ T558] EXT4-fs error (device loop2): ext4_xattr_ibody_get:603: inode #2: comm syz.2.86: corrupted in-inode xattr [ 27.403893][ T565] EXT4-fs (loop0): Ignoring removed oldalloc option [ 27.404581][ T558] EXT4-fs (loop2): Remounting filesystem read-only [ 27.421455][ T558] EXT4-fs error (device loop2): ext4_xattr_ibody_list:748: inode #2: comm syz.2.86: corrupted in-inode xattr [ 27.427459][ T565] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.94: Parent and EA inode have the same ino 15 [ 27.451204][ T558] EXT4-fs (loop2): Remounting filesystem read-only [ 27.451906][ T565] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.94: Parent and EA inode have the same ino 15 [ 27.471865][ T565] EXT4-fs (loop0): 1 orphan inode deleted [ 27.477439][ T565] EXT4-fs (loop0): mounted filesystem without journal. Opts: nojournal_checksum,nodioread_nolock,debug_want_extra_isize=0x000000000000005c,quota,usrjquota=,oldalloc,resuid=0x000000000000ee01,,errors=continue. Quota mode: writeback. [ 27.501572][ T291] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2746: inode #2: comm syz-executor: corrupted in-inode xattr [ 27.514640][ T291] EXT4-fs (loop2): Remounting filesystem read-only [ 27.603371][ T60] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 27.650898][ T39] usb 2-1: Using ep0 maxpacket: 16 [ 27.739489][ T594] loop2: detected capacity change from 0 to 128 [ 27.770965][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.781794][ T39] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 27.794718][ T39] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 27.803736][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.805064][ T596] netlink: 'syz.4.108': attribute type 4 has an invalid length. [ 27.813598][ T594] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 27.832157][ T39] usb 2-1: config 0 descriptor?? [ 27.837579][ T596] netlink: 'syz.4.108': attribute type 4 has an invalid length. [ 27.838517][ T594] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 27.859566][ T596] syz.4.108 (596) used greatest stack depth: 20128 bytes left [ 27.885020][ T594] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.107: No space for directory leaf checksum. Please run e2fsck -D. [ 27.900410][ T594] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.107: checksumming directory block 0 [ 27.913225][ T594] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.107: No space for directory leaf checksum. Please run e2fsck -D. [ 27.929292][ T594] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.107: checksumming directory block 0 [ 27.941112][ T311] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.941997][ T594] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.107: No space for directory leaf checksum. Please run e2fsck -D. [ 27.963737][ T594] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.107: checksumming directory block 0 [ 28.000944][ T60] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.170890][ T447] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 28.200963][ T60] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 28.210059][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.217889][ T60] usb 4-1: Product: syz [ 28.221928][ T60] usb 4-1: Manufacturer: syz [ 28.226323][ T60] usb 4-1: SerialNumber: syz [ 28.300920][ T311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.302658][ T39] HID 045e:07da: Invalid code 65791 type 1 [ 28.311808][ T311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.322782][ T39] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0003/input/input5 [ 28.326987][ T311] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 28.340313][ T39] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 28.350688][ T311] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 28.371491][ T311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.380262][ T311] usb 1-1: config 0 descriptor?? [ 28.530883][ T447] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 28.541704][ T447] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.552617][ T447] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.563303][ T447] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 28.650903][ T447] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 28.659848][ T447] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 28.667700][ T447] usb 5-1: Manufacturer: syz [ 28.672963][ T447] usb 5-1: config 0 descriptor?? [ 28.750317][ T6] usb 2-1: USB disconnect, device number 3 [ 28.851689][ T311] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 28.859017][ T311] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 28.866345][ T311] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 28.873575][ T311] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 28.880883][ T311] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 28.888113][ T311] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 28.895640][ T311] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 28.904454][ T311] plantronics 0003:047F:FFFF.0004: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 29.080872][ T311] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 29.131739][ T6] usb 1-1: USB disconnect, device number 2 [ 29.151606][ T447] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 29.158664][ T447] appleir 0003:05AC:8243.0005: No inputs registered, leaving [ 29.167980][ T447] appleir 0003:05AC:8243.0005: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 29.265755][ T30] kauditd_printk_skb: 100 callbacks suppressed [ 29.265771][ T30] audit: type=1326 audit(1737779765.166:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.295230][ T30] audit: type=1326 audit(1737779765.166:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.318584][ T30] audit: type=1326 audit(1737779765.166:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.320978][ T60] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 29.342072][ T30] audit: type=1326 audit(1737779765.166:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.376017][ T30] audit: type=1326 audit(1737779765.166:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.376517][ T60] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 29.401744][ T30] audit: type=1326 audit(1737779765.166:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.412965][ T60] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 29.434442][ T30] audit: type=1326 audit(1737779765.196:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.459158][ T30] audit: type=1326 audit(1737779765.196:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.482327][ T30] audit: type=1326 audit(1737779765.196:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.505731][ T30] audit: type=1326 audit(1737779765.226:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb04972dd29 code=0x7ffc0000 [ 29.506660][ T447] usb 5-1: USB disconnect, device number 3 [ 29.541009][ T60] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 29.562501][ T60] cdc_ncm 4-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 29.572611][ T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 29.583962][ T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 29.602722][ T60] usb 4-1: USB disconnect, device number 2 [ 29.608656][ T60] cdc_ncm 4-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 29.617280][ T311] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 29.652408][ T311] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 29.678900][ T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.701812][ T631] loop0: detected capacity change from 0 to 1024 [ 29.708753][ T311] usb 3-1: config 0 descriptor?? [ 29.715895][ T617] ================================================================== [ 29.723781][ T617] BUG: KASAN: use-after-free in worker_thread+0xaaa/0x12a0 [ 29.730814][ T617] Read of size 8 at addr ffff88811bceec60 by task kworker/0:6/617 [ 29.738445][ T617] [ 29.740621][ T617] CPU: 0 PID: 617 Comm: kworker/0:6 Not tainted 5.15.176-syzkaller-00972-g829d9f138569 #0 [ 29.750338][ T617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 29.760329][ T617] Workqueue: 0x0 (events) [ 29.764675][ T617] Call Trace: [ 29.767792][ T617] [ 29.770568][ T617] dump_stack_lvl+0x151/0x1c0 [ 29.775083][ T617] ? io_uring_drop_tctx_refs+0x190/0x190 [ 29.780553][ T617] ? panic+0x760/0x760 [ 29.784489][ T617] ? __schedule+0xcd4/0x1590 [ 29.788893][ T617] print_address_description+0x87/0x3b0 [ 29.794277][ T617] kasan_report+0x179/0x1c0 [ 29.798613][ T617] ? _raw_spin_lock_irqsave+0x210/0x210 [ 29.803997][ T617] ? worker_thread+0xaaa/0x12a0 [ 29.808681][ T617] ? worker_thread+0xaaa/0x12a0 [ 29.813365][ T617] __asan_report_load8_noabort+0x14/0x20 [ 29.818827][ T617] worker_thread+0xaaa/0x12a0 [ 29.823342][ T617] ? _raw_spin_lock+0x1b0/0x1b0 [ 29.828133][ T617] kthread+0x421/0x510 [ 29.832029][ T617] ? worker_clr_flags+0x180/0x180 [ 29.836888][ T617] ? kthread_blkcg+0xd0/0xd0 [ 29.841315][ T617] ret_from_fork+0x1f/0x30 [ 29.845569][ T617] [ 29.848433][ T617] [ 29.850603][ T617] Allocated by task 60: [ 29.854596][ T617] ____kasan_kmalloc+0xdb/0x110 [ 29.859281][ T617] __kasan_kmalloc+0x9/0x10 [ 29.863640][ T617] __kmalloc+0x13f/0x2c0 [ 29.867705][ T617] kvmalloc_node+0x1f0/0x4d0 [ 29.872138][ T617] alloc_netdev_mqs+0x8c/0xc90 [ 29.876725][ T617] alloc_etherdev_mqs+0x33/0x40 [ 29.881412][ T617] usbnet_probe+0x1fa/0x2860 [ 29.885839][ T617] usb_probe_interface+0x5b6/0xa90 [ 29.890789][ T617] really_probe+0x28d/0x970 [ 29.895124][ T617] __driver_probe_device+0x1a0/0x310 [ 29.900250][ T617] driver_probe_device+0x54/0x3d0 [ 29.905110][ T617] __device_attach_driver+0x2c5/0x470 [ 29.910313][ T617] bus_for_each_drv+0x183/0x200 [ 29.915006][ T617] __device_attach+0x312/0x510 [ 29.919686][ T617] device_initial_probe+0x1a/0x20 [ 29.924555][ T617] bus_probe_device+0xbe/0x1e0 [ 29.929238][ T617] device_add+0xb60/0xf10 [ 29.933411][ T617] usb_set_configuration+0x190f/0x1e80 [ 29.938696][ T617] usb_generic_driver_probe+0x8b/0x150 [ 29.943990][ T617] usb_probe_device+0x144/0x260 [ 29.948935][ T617] really_probe+0x28d/0x970 [ 29.953362][ T617] __driver_probe_device+0x1a0/0x310 [ 29.958483][ T617] driver_probe_device+0x54/0x3d0 [ 29.963347][ T617] __device_attach_driver+0x2c5/0x470 [ 29.968581][ T617] bus_for_each_drv+0x183/0x200 [ 29.973240][ T617] __device_attach+0x312/0x510 [ 29.977850][ T617] device_initial_probe+0x1a/0x20 [ 29.982708][ T617] bus_probe_device+0xbe/0x1e0 [ 29.987300][ T617] device_add+0xb60/0xf10 [ 29.991466][ T617] usb_new_device+0x1038/0x1c00 [ 29.996153][ T617] hub_event+0x2def/0x4770 [ 30.000404][ T617] process_one_work+0x6bb/0xc10 [ 30.005094][ T617] worker_thread+0xad5/0x12a0 [ 30.009611][ T617] kthread+0x421/0x510 [ 30.013509][ T617] ret_from_fork+0x1f/0x30 [ 30.017763][ T617] [ 30.019935][ T617] Freed by task 60: [ 30.023578][ T617] kasan_set_track+0x4b/0x70 [ 30.028004][ T617] kasan_set_free_info+0x23/0x40 [ 30.032777][ T617] ____kasan_slab_free+0x126/0x160 [ 30.037726][ T617] __kasan_slab_free+0x11/0x20 [ 30.042411][ T617] slab_free_freelist_hook+0xbd/0x190 [ 30.047689][ T617] kfree+0xcc/0x270 [ 30.051264][ T617] kvfree+0x35/0x40 [ 30.054916][ T617] netdev_freemem+0x3f/0x60 [ 30.059248][ T617] netdev_release+0x7f/0xb0 [ 30.063592][ T617] device_release+0x95/0x1c0 [ 30.068018][ T617] kobject_put+0x178/0x260 [ 30.072275][ T617] put_device+0x1f/0x30 [ 30.076260][ T617] free_netdev+0x34f/0x440 [ 30.080515][ T617] usbnet_disconnect+0x25f/0x3b0 [ 30.085289][ T617] usb_unbind_interface+0x1fa/0x8c0 [ 30.090323][ T617] device_release_driver_internal+0x50b/0x7d0 [ 30.096225][ T617] device_release_driver+0x19/0x20 [ 30.101173][ T617] bus_remove_device+0x2f8/0x360 [ 30.105956][ T617] device_del+0x663/0xe90 [ 30.110110][ T617] usb_disable_device+0x380/0x720 [ 30.114974][ T617] usb_disconnect+0x32a/0x890 [ 30.119486][ T617] hub_event+0x1d42/0x4770 [ 30.123736][ T617] process_one_work+0x6bb/0xc10 [ 30.128425][ T617] worker_thread+0xe02/0x12a0 [ 30.132953][ T617] kthread+0x421/0x510 [ 30.136841][ T617] ret_from_fork+0x1f/0x30 [ 30.141097][ T617] [ 30.143265][ T617] Last potentially related work creation: [ 30.148828][ T617] kasan_save_stack+0x3b/0x60 [ 30.153335][ T617] __kasan_record_aux_stack+0xd3/0xf0 [ 30.158542][ T617] kasan_record_aux_stack_noalloc+0xb/0x10 [ 30.164184][ T617] insert_work+0x56/0x320 [ 30.168358][ T617] __queue_work+0x92a/0xcd0 [ 30.172688][ T617] queue_work_on+0x105/0x170 [ 30.177116][ T617] usbnet_link_change+0x182/0x1a0 [ 30.181977][ T617] usbnet_probe+0x1dad/0x2860 [ 30.186494][ T617] usb_probe_interface+0x5b6/0xa90 [ 30.191436][ T617] really_probe+0x28d/0x970 [ 30.195776][ T617] __driver_probe_device+0x1a0/0x310 [ 30.201077][ T617] driver_probe_device+0x54/0x3d0 [ 30.205956][ T617] __device_attach_driver+0x2c5/0x470 [ 30.211150][ T617] bus_for_each_drv+0x183/0x200 [ 30.215831][ T617] __device_attach+0x312/0x510 [ 30.220432][ T617] device_initial_probe+0x1a/0x20 [ 30.225295][ T617] bus_probe_device+0xbe/0x1e0 [ 30.229895][ T617] device_add+0xb60/0xf10 [ 30.234061][ T617] usb_set_configuration+0x190f/0x1e80 [ 30.239355][ T617] usb_generic_driver_probe+0x8b/0x150 [ 30.244647][ T617] usb_probe_device+0x144/0x260 [ 30.249337][ T617] really_probe+0x28d/0x970 [ 30.253681][ T617] __driver_probe_device+0x1a0/0x310 [ 30.258795][ T617] driver_probe_device+0x54/0x3d0 [ 30.263664][ T617] __device_attach_driver+0x2c5/0x470 [ 30.268875][ T617] bus_for_each_drv+0x183/0x200 [ 30.273558][ T617] __device_attach+0x312/0x510 [ 30.278242][ T617] device_initial_probe+0x1a/0x20 [ 30.283106][ T617] bus_probe_device+0xbe/0x1e0 [ 30.287707][ T617] device_add+0xb60/0xf10 [ 30.291869][ T617] usb_new_device+0x1038/0x1c00 [ 30.296566][ T617] hub_event+0x2def/0x4770 [ 30.300810][ T617] process_one_work+0x6bb/0xc10 [ 30.305498][ T617] worker_thread+0xad5/0x12a0 [ 30.310107][ T617] kthread+0x421/0x510 [ 30.314000][ T617] ret_from_fork+0x1f/0x30 [ 30.318254][ T617] [ 30.320425][ T617] The buggy address belongs to the object at ffff88811bcee000 [ 30.320425][ T617] which belongs to the cache kmalloc-4k of size 4096 [ 30.334318][ T617] The buggy address is located 3168 bytes inside of [ 30.334318][ T617] 4096-byte region [ffff88811bcee000, ffff88811bcef000) [ 30.347594][ T617] The buggy address belongs to the page: [ 30.353062][ T617] page:ffffea00046f3a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bce8 [ 30.363228][ T617] head:ffffea00046f3a00 order:3 compound_mapcount:0 compound_pincount:0 [ 30.371661][ T617] flags: 0x4000000000010200(slab|head|zone=1) [ 30.377692][ T617] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380 [ 30.386548][ T617] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 30.394955][ T617] page dumped because: kasan: bad access detected [ 30.401283][ T617] page_owner tracks the page as allocated [ 30.406824][ T617] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 361, ts 28231755302, free_ts 28017034885 [ 30.427051][ T617] post_alloc_hook+0x1a3/0x1b0 [ 30.431658][ T617] prep_new_page+0x1b/0x110 [ 30.436001][ T617] get_page_from_freelist+0x3550/0x35d0 [ 30.441460][ T617] __alloc_pages+0x27e/0x8f0 [ 30.445884][ T617] new_slab+0x9a/0x4e0 [ 30.449881][ T617] ___slab_alloc+0x39e/0x830 [ 30.454309][ T617] __slab_alloc+0x4a/0x90 [ 30.458465][ T617] __kmalloc+0x172/0x2c0 [ 30.462548][ T617] kvmalloc_node+0x1f0/0x4d0 [ 30.466973][ T617] seq_read_iter+0x1ff/0xd00 [ 30.471406][ T617] kernfs_fop_read_iter+0x145/0x470 [ 30.476440][ T617] vfs_read+0xa81/0xd40 [ 30.480431][ T617] ksys_read+0x199/0x2c0 [ 30.484628][ T617] __x64_sys_read+0x7b/0x90 [ 30.488963][ T617] x64_sys_call+0x28/0x9a0 [ 30.493214][ T617] do_syscall_64+0x3b/0xb0 [ 30.497472][ T617] page last free stack trace: [ 30.501991][ T617] free_unref_page_prepare+0x7c8/0x7d0 [ 30.507281][ T617] free_unref_page+0xe8/0x750 [ 30.512007][ T617] __free_pages+0x61/0xf0 [ 30.516167][ T617] __free_slab+0xec/0x1d0 [ 30.520419][ T617] __unfreeze_partials+0x165/0x1a0 [ 30.525371][ T617] put_cpu_partial+0xc4/0x120 [ 30.529885][ T617] __slab_free+0x1c8/0x290 [ 30.534132][ T617] ___cache_free+0x109/0x120 [ 30.538733][ T617] qlink_free+0x4d/0x90 [ 30.543071][ T617] qlist_free_all+0x44/0xb0 [ 30.547413][ T617] kasan_quarantine_reduce+0x15a/0x180 [ 30.552706][ T617] __kasan_slab_alloc+0x2f/0xe0 [ 30.557393][ T617] slab_post_alloc_hook+0x53/0x2c0 [ 30.562342][ T617] kmem_cache_alloc+0xf5/0x250 [ 30.566956][ T617] vm_area_dup+0x26/0x230 [ 30.571110][ T617] copy_mm+0x9a1/0x13e0 [ 30.575108][ T617] [ 30.577282][ T617] Memory state around the buggy address: [ 30.583010][ T617] ffff88811bceeb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.590898][ T617] ffff88811bceeb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.598800][ T617] >ffff88811bceec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.606778][ T617] ^ [ 30.613811][ T617] ffff88811bceec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.621710][ T617] ffff88811bceed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.629607][ T617] ================================================================== [ 30.637507][ T617] Disabling lock debugging due to kernel taint [ 30.643789][ T616] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 30.691258][ T631] EXT4-fs (loop0): Ignoring removed nobh option [ 30.701348][ T631] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,delalloc,inlinecrypt,usrquota,abort,nobh,quota,delalloc,usrjquota=,,errors=continue. Quota mode: writeback. [ 30.723658][ T631] EXT4-fs error (device loop0): ext4_remount:5846: comm syz.0.120: Abort forced by user [ 30.733503][ T631] EXT4-fs (loop0): Remounting filesystem read-only [ 30.740072][ T631] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 31.161794][ T311] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 31.170087][ T311] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 31.178875][ T311] plantronics 0003:047F:FFFF.0006: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 31.451308][ T311] usb 3-1: USB disconnect, device number 3