last executing test programs: 4.265475504s ago: executing program 0 (id=898): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448dd, &(0x7f00000003c0)) 3.390353165s ago: executing program 3 (id=908): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x17, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x3a}, 0x658}, {@broadcast}, {@empty, 0x3}]}, @timestamp_prespec={0x44, 0x4, 0x0, 0x3, 0x8}, @noop, @noop, @lsrr={0x83, 0x7, 0xdc, [@multicast1]}]}}}}}) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0) r2 = dup(r0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 3.033091216s ago: executing program 3 (id=910): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x1c, 0x2, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0x4}, @CTA_FILTER={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) 2.597812077s ago: executing program 2 (id=912): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000a40)=""/4096, 0x1000) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x9}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x2000c015) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001007f007ea770aa11756dd600000c00028005000100010000000c0019"], 0x44}}, 0x0) 2.584290947s ago: executing program 4 (id=914): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="17000000000000000084000003"], 0x48) unshare(0x22020600) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r1, 0x0, 0x20000000}, 0x20) 2.570830867s ago: executing program 4 (id=915): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_mtu(r3, 0x29, 0x17, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) 1.931044558s ago: executing program 3 (id=919): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="73797374ff6d5f753a6f626a6563745f723a696e697463746c5f743a"], 0x2c) 1.782594778s ago: executing program 0 (id=920): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) mkdir(0x0, 0x0) mount$incfs(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./bus\x00', 0x0, 0x31e0429, 0x0) 1.748347878s ago: executing program 3 (id=921): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) fchdir(r2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x2) dup3(r3, r2, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x0, 0x1, 0x100000}, 0x20) 1.747413898s ago: executing program 0 (id=922): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC(r2, 0x4068aea3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket(0x1e, 0x805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000001300)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) getcwd(&(0x7f0000000300)=""/30, 0x1e) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) clock_gettime(0x7, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.720253147s ago: executing program 2 (id=923): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x7f78, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 1.679053507s ago: executing program 3 (id=924): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{0x0}], 0x1, 0x1200, 0x0, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r7}, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) 1.660769158s ago: executing program 4 (id=925): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100006cc70000000000000000ea04850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) 1.631360487s ago: executing program 4 (id=926): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_subtree(r1, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000140), 0x8000, r3}, 0x38) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffd09) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r4}, 0x18) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYRESDEC], 0xe8}}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)={[{0x2d, 'pids'}]}, 0x6) syz_read_part_table(0x105e, &(0x7f00000034c0)="$eJzsz62VwkAUBeA3mWSTqN0StoztYTX1kJSCxSKRODrBI3DDyc+BDgDxfWLuzIj7zgveqk8Rkeu/FHn5+GmXbP53U3QxzM/T8VynIeKr2qZDaW8l+rVhvDQR5TtH/WztHvcqxrJWp+scv9PEKNORN/tX7AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn+4eAAD///32EBg=") syz_open_pts(r0, 0x101041) socket$inet6_udp(0xa, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) 1.618782807s ago: executing program 2 (id=927): r0 = epoll_create1(0x0) r1 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)) epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0x2be, 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r2, &(0x7f00000000c0)={0x60002011}) 1.495798698s ago: executing program 2 (id=929): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x1c, 0x2, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TUPLE_REPLY={0x4}, @CTA_FILTER={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) 595.673969ms ago: executing program 3 (id=930): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = accept4$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, 0x0, 0x80800) sendto$inet6(r1, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r6, 0x0, 0x800008ec0, 0x0) 515.97175ms ago: executing program 1 (id=932): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448dd, &(0x7f00000003c0)) 515.644149ms ago: executing program 1 (id=933): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000200)='./bus\x00', 0x0) mount$incfs(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./bus\x00', 0x0, 0x31e0429, 0x0) 466.41687ms ago: executing program 4 (id=934): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000002440)=[{&(0x7f0000002280)="fae5948470c2d2c65da057c0e31c3feed808848a", 0x14}], 0x1, 0x8) r4 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000080)=0xfffffffe, 0x4) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r2, 0x0, r4, 0x0, 0x8000, 0x0) 466.075129ms ago: executing program 0 (id=935): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) fchdir(r2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x2) dup3(r3, r2, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x0, 0x1, 0x100000}, 0x20) 240.319ms ago: executing program 1 (id=936): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100006cc70000000000000000ea04850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) 196.67186ms ago: executing program 2 (id=937): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x7f78, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 162.77705ms ago: executing program 4 (id=938): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{0x0}], 0x1, 0x1200, 0x0, 0x3) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00'}, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000a00)={'pim6reg1\x00', @broadcast}) 162.307491ms ago: executing program 0 (id=939): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000580)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast}}}}}}, 0x0) 150.47754ms ago: executing program 1 (id=940): bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) dup2(r1, 0xffffffffffffffff) syz_emit_ethernet(0x4a, &(0x7f0000000580)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x80}}}}}}}, 0x0) 96.27317ms ago: executing program 0 (id=941): r0 = socket$igmp6(0xa, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000a61a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x5000) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @broadcast, @empty}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0) r2 = gettid() bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000000)) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r3, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) 85.96078ms ago: executing program 1 (id=942): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) r2 = syz_open_dev$evdev(&(0x7f0000000700), 0x3, 0x0) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000040)) dup(r1) close_range(r0, 0xffffffffffffffff, 0x0) 573.76µs ago: executing program 2 (id=943): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') write$binfmt_script(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x803, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=944): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) kernel console output (not intermixed with test programs): T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.099208][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.108021][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.116047][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.124843][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.134086][ T291] device veth0_vlan entered promiscuous mode [ 23.147632][ T316] FAT-fs (loop1): Directory bread(block 72) failed [ 23.155063][ T292] device veth1_macvtap entered promiscuous mode [ 23.161306][ T316] FAT-fs (loop1): Directory bread(block 73) failed [ 23.168938][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.176289][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.184230][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.192014][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.200330][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.637323][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.646789][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.656332][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.669023][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.827637][ T291] device veth1_macvtap entered promiscuous mode [ 23.847009][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.855371][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.865571][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.874338][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.918008][ T331] loop1: detected capacity change from 0 to 512 [ 23.934671][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.950183][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.972448][ T337] netlink: 200 bytes leftover after parsing attributes in process `syz.4.5'. [ 24.004120][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.012697][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.055256][ T331] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.7: Failed to acquire dquot type 0 [ 24.091242][ T337] loop4: detected capacity change from 0 to 8192 [ 24.109743][ T331] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.7: Failed to acquire dquot type 0 [ 24.123989][ T331] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.7: Failed to acquire dquot type 0 [ 24.146796][ T331] EXT4-fs (loop1): 1 orphan inode deleted [ 24.159619][ T337] loop4: p1 p3 p4 [ 24.163248][ T337] loop4: p1 start 51379968 is beyond EOD, truncated [ 24.170119][ T331] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 24.179732][ T337] loop4: p3 size 15991040 extends beyond EOD, truncated [ 24.193037][ T331] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.204478][ T337] loop4: p4 start 16711680 is beyond EOD, truncated [ 24.287931][ T356] capability: warning: `syz.4.5' uses deprecated v2 capabilities in a way that may be insecure [ 24.585586][ T358] loop0: detected capacity change from 0 to 2048 [ 24.595245][ T358] FAT-fs (loop0): Unrecognized mount option "ÿ18446744073709551615ÿÿÿÿ" or missing value [ 25.057665][ T361] loop2: detected capacity change from 0 to 256 [ 25.158893][ T361] FAT-fs (loop2): Directory bread(block 64) failed [ 25.165361][ T361] FAT-fs (loop2): Directory bread(block 65) failed [ 25.171983][ T361] FAT-fs (loop2): Directory bread(block 66) failed [ 25.433454][ T361] FAT-fs (loop2): Directory bread(block 67) failed [ 25.442136][ T361] FAT-fs (loop2): Directory bread(block 68) failed [ 25.449693][ T361] FAT-fs (loop2): Directory bread(block 69) failed [ 25.456180][ T361] FAT-fs (loop2): Directory bread(block 70) failed [ 25.462777][ T361] FAT-fs (loop2): Directory bread(block 71) failed [ 25.469408][ T361] FAT-fs (loop2): Directory bread(block 72) failed [ 25.475769][ T361] FAT-fs (loop2): Directory bread(block 73) failed [ 27.821838][ T28] kauditd_printk_skb: 52 callbacks suppressed [ 27.821889][ T28] audit: type=1400 audit(1734082186.287:122): avc: denied { read write } for pid=368 comm="syz.4.14" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 27.943340][ T293] EXT4-fs (loop1): unmounting filesystem. [ 27.950554][ T28] audit: type=1400 audit(1734082186.287:123): avc: denied { open } for pid=368 comm="syz.4.14" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 28.139771][ T28] audit: type=1400 audit(1734082187.187:124): avc: denied { name_bind } for pid=399 comm="syz.1.24" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 28.176869][ T28] audit: type=1400 audit(1734082187.187:125): avc: denied { node_bind } for pid=399 comm="syz.1.24" saddr=::ffff:172.20.20.170 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 28.224863][ T28] audit: type=1400 audit(1734082187.227:126): avc: denied { create } for pid=384 comm="syz.3.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 28.244997][ T391] syz.2.19 (391) used greatest stack depth: 21616 bytes left [ 28.260053][ T28] audit: type=1400 audit(1734082187.227:127): avc: denied { block_suspend } for pid=384 comm="syz.3.17" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.363665][ T28] audit: type=1400 audit(1734082187.407:128): avc: denied { read } for pid=407 comm="syz.1.26" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 28.411451][ T28] audit: type=1400 audit(1734082187.437:129): avc: denied { open } for pid=407 comm="syz.1.26" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 28.549694][ T412] loop2: detected capacity change from 0 to 2048 [ 28.558212][ T412] FAT-fs (loop2): Unrecognized mount option "ÿ18446744073709551615ÿÿÿÿ" or missing value [ 28.710914][ T339] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 29.068569][ T28] audit: type=1400 audit(1734082188.118:130): avc: denied { append } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 29.566788][ T28] audit: type=1400 audit(1734082188.118:131): avc: denied { open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 29.585696][ T423] loop0: detected capacity change from 0 to 512 [ 29.636177][ T425] loop2: detected capacity change from 0 to 256 [ 29.677419][ T425] FAT-fs (loop2): Directory bread(block 64) failed [ 29.689195][ T423] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.29: Failed to acquire dquot type 0 [ 29.691533][ T425] FAT-fs (loop2): Directory bread(block 65) failed [ 29.706696][ T425] FAT-fs (loop2): Directory bread(block 66) failed [ 29.713365][ T425] FAT-fs (loop2): Directory bread(block 67) failed [ 29.721330][ T425] FAT-fs (loop2): Directory bread(block 68) failed [ 29.724203][ T423] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.29: Failed to acquire dquot type 0 [ 29.727846][ T425] FAT-fs (loop2): Directory bread(block 69) failed [ 29.767966][ T423] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.29: Failed to acquire dquot type 0 [ 29.779044][ T425] FAT-fs (loop2): Directory bread(block 70) failed [ 29.785672][ T425] FAT-fs (loop2): Directory bread(block 71) failed [ 29.806920][ T425] FAT-fs (loop2): Directory bread(block 72) failed [ 29.819509][ T423] EXT4-fs (loop0): 1 orphan inode deleted [ 29.827044][ T425] FAT-fs (loop2): Directory bread(block 73) failed [ 29.837696][ T423] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 29.851491][ T423] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.334610][ T455] syz.2.39 (455) used greatest stack depth: 20528 bytes left [ 31.385008][ T290] EXT4-fs (loop0): unmounting filesystem. [ 31.422159][ T465] loop0: detected capacity change from 0 to 128 [ 33.020158][ T483] loop3: detected capacity change from 0 to 128 [ 33.515676][ T491] loop0: detected capacity change from 0 to 256 [ 33.602367][ T491] FAT-fs (loop0): Directory bread(block 64) failed [ 33.618471][ T491] FAT-fs (loop0): Directory bread(block 65) failed [ 33.647005][ T491] FAT-fs (loop0): Directory bread(block 66) failed [ 33.654149][ T491] FAT-fs (loop0): Directory bread(block 67) failed [ 33.731414][ T491] FAT-fs (loop0): Directory bread(block 68) failed [ 33.802975][ T491] FAT-fs (loop0): Directory bread(block 69) failed [ 33.880917][ T502] netlink: 200 bytes leftover after parsing attributes in process `syz.1.51'. [ 33.908366][ T491] FAT-fs (loop0): Directory bread(block 70) failed [ 33.915003][ T504] loop2: detected capacity change from 0 to 128 [ 33.917776][ T502] loop1: detected capacity change from 0 to 8192 [ 33.937403][ T491] FAT-fs (loop0): Directory bread(block 71) failed [ 33.943773][ T491] FAT-fs (loop0): Directory bread(block 72) failed [ 34.017975][ T506] loop3: detected capacity change from 0 to 128 [ 34.028846][ T502] loop1: p1 p3 p4 [ 34.032475][ T502] loop1: p1 start 51379968 is beyond EOD, truncated [ 34.046423][ T491] FAT-fs (loop0): Directory bread(block 73) failed [ 34.053013][ T502] loop1: p3 size 15991040 extends beyond EOD, truncated [ 34.060922][ T502] loop1: p4 start 16711680 is beyond EOD, truncated [ 34.122574][ T102] loop1: p1 p3 p4 [ 36.188272][ T102] loop1: p1 start 51379968 is beyond EOD, truncated [ 36.219510][ T102] loop1: p3 size 15991040 extends beyond EOD, truncated [ 36.295185][ T102] loop1: p4 start 16711680 is beyond EOD, truncated [ 37.904075][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 37.904092][ T28] audit: type=1400 audit(1734082196.948:141): avc: denied { read write } for pid=545 comm="syz.4.61" name="vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.938734][ T546] loop4: detected capacity change from 0 to 512 [ 37.945128][ T546] EXT4-fs: Ignoring removed nobh option [ 37.950853][ T28] audit: type=1400 audit(1734082196.978:142): avc: denied { open } for pid=545 comm="syz.4.61" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.965069][ T546] EXT4-fs: Ignoring removed mblk_io_submit option [ 37.979097][ T28] audit: type=1400 audit(1734082196.978:143): avc: denied { create } for pid=545 comm="syz.4.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 37.999176][ T28] audit: type=1400 audit(1734082196.978:144): avc: denied { ioctl } for pid=545 comm="syz.4.61" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 ioctlcmd=0xaf24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 38.019654][ T548] loop0: detected capacity change from 0 to 512 [ 38.094287][ T546] EXT4-fs: Mount option(s) incompatible with ext3 [ 38.102538][ T553] loop1: detected capacity change from 0 to 128 [ 38.131714][ T28] audit: type=1400 audit(1734082197.178:145): avc: denied { wake_alarm } for pid=545 comm="syz.4.61" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 38.554284][ T28] audit: type=1400 audit(1734082197.248:146): avc: denied { setopt } for pid=549 comm="syz.2.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.574665][ T563] loop3: detected capacity change from 0 to 128 [ 38.581538][ T548] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 38.598993][ T548] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 38.686249][ T548] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.62: Failed to acquire dquot type 0 [ 38.707641][ T548] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 38.719045][ T548] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 38.729560][ T548] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.62: Failed to acquire dquot type 0 [ 38.758131][ T548] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.62: Failed to acquire dquot type 0 [ 38.782329][ T548] EXT4-fs (loop0): 1 orphan inode deleted [ 38.788440][ T548] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 38.810207][ T548] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.916916][ T301] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 40.053496][ T290] EXT4-fs (loop0): unmounting filesystem. [ 40.195490][ T301] usb 5-1: Using ep0 maxpacket: 16 [ 40.208680][ T301] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.233414][ T301] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 40.243978][ T301] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 40.268284][ T301] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d [ 40.279527][ T577] device pim6reg1 entered promiscuous mode [ 40.296887][ T301] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.351154][ T301] usb 5-1: Product: syz [ 40.355249][ T301] usb 5-1: Manufacturer: syz [ 40.359962][ T301] usb 5-1: SerialNumber: syz [ 40.408326][ T301] usb 5-1: config 0 descriptor?? [ 40.848694][ T301] usb 5-1: USB disconnect, device number 2 [ 42.117740][ T617] loop3: detected capacity change from 0 to 128 [ 42.268581][ T622] device pim6reg1 entered promiscuous mode [ 43.379697][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 43.379712][ T28] audit: type=1400 audit(1734082202.428:148): avc: denied { watch } for pid=641 comm="syz.2.87" path="/20" dev="tmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 43.409217][ T313] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 43.439329][ T313] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 43.474282][ T313] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.02 Device [syz1] on syz1 [ 44.307045][ T28] audit: type=1400 audit(1734082203.348:149): avc: denied { execute } for pid=662 comm="syz.1.94" path="/20/bus/hugetlb.1GB.rsvd.usage_in_bytes" dev="tmpfs" ino=126 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 44.617559][ T676] loop4: detected capacity change from 0 to 128 [ 45.938693][ T28] audit: type=1400 audit(1734082204.988:150): avc: denied { create } for pid=697 comm="syz.4.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.016586][ T28] audit: type=1400 audit(1734082205.008:151): avc: denied { write } for pid=690 comm="syz.3.103" path="socket:[17518]" dev="sockfs" ino=17518 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 46.091142][ T28] audit: type=1400 audit(1734082205.138:152): avc: denied { write } for pid=703 comm="syz.0.106" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 47.072299][ T28] audit: type=1400 audit(1734082206.118:153): avc: denied { create } for pid=723 comm="syz.0.112" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 47.098249][ T724] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 47.136993][ T724] FAT-fs (loop1): unable to read boot sector [ 47.145061][ T728] loop4: detected capacity change from 0 to 128 [ 47.151233][ T28] audit: type=1400 audit(1734082206.138:154): avc: denied { mounton } for pid=723 comm="syz.0.112" path="/27/file0" dev="tmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 47.199160][ T731] 9pnet_fd: Insufficient options for proto=fd [ 47.210172][ T733] loop3: detected capacity change from 0 to 128 [ 47.221329][ T28] audit: type=1400 audit(1734082206.228:155): avc: denied { unlink } for pid=290 comm="syz-executor" name="file0" dev="tmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 49.748319][ T301] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 49.755548][ T301] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 49.802436][ T301] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.02 Device [syz1] on syz1 [ 49.825522][ T763] 9pnet_fd: Insufficient options for proto=fd [ 50.829870][ T779] 9pnet_fd: Insufficient options for proto=fd [ 50.949001][ T28] audit: type=1400 audit(1734082209.998:156): avc: denied { mounton } for pid=783 comm="syz.1.130" path="/25/file0" dev="tmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 51.098898][ T28] audit: type=1400 audit(1734082210.148:157): avc: denied { map } for pid=791 comm="syz.2.134" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=16717 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.129668][ T28] audit: type=1400 audit(1734082210.148:158): avc: denied { read write } for pid=791 comm="syz.2.134" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=16717 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.154856][ T28] audit: type=1326 audit(1734082210.148:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.178361][ T28] audit: type=1326 audit(1734082210.148:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.204189][ T28] audit: type=1326 audit(1734082210.148:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.228074][ T28] audit: type=1326 audit(1734082210.148:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.251430][ T28] audit: type=1326 audit(1734082210.148:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.274842][ T28] audit: type=1326 audit(1734082210.148:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.298023][ T28] audit: type=1326 audit(1734082210.148:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=791 comm="syz.2.134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 51.396847][ T313] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 51.425446][ T796] device pim6reg1 entered promiscuous mode [ 51.587882][ T313] usb 2-1: config 0 interface 0 altsetting 27 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.606281][ T313] usb 2-1: config 0 interface 0 altsetting 27 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.616673][ T313] usb 2-1: config 0 interface 0 has no altsetting 0 [ 51.624369][ T313] usb 2-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 51.636434][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.664368][ T313] usb 2-1: config 0 descriptor?? [ 52.073118][ T313] wacom 0003:056A:0016.0003: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 52.096081][ T313] wacom 0003:056A:0016.0003: hidraw0: USB HID vff.8d Device [HID 056a:0016] on usb-dummy_hcd.1-1/input0 [ 52.120350][ T313] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0016.0003/input/input5 [ 52.280533][ T313] usb 2-1: USB disconnect, device number 2 [ 52.369078][ T815] loop0: detected capacity change from 0 to 128 [ 53.396658][ T837] device pim6reg1 entered promiscuous mode [ 54.475260][ T846] loop0: detected capacity change from 0 to 128 [ 54.609426][ T848] device syzkaller0 entered promiscuous mode [ 56.833263][ T877] device pim6reg1 entered promiscuous mode [ 56.853912][ T28] kauditd_printk_skb: 253 callbacks suppressed [ 56.853927][ T28] audit: type=1400 audit(1734082215.898:419): avc: denied { write } for pid=878 comm="syz.3.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.880689][ T879] tipc: Enabling of bearer rejected, failed to enable media [ 56.939748][ T879] device syzkaller0 entered promiscuous mode [ 56.945617][ T28] audit: type=1400 audit(1734082215.928:420): avc: denied { read } for pid=878 comm="syz.3.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.968177][ T28] audit: type=1400 audit(1734082215.958:421): avc: denied { ioctl } for pid=878 comm="syz.3.162" path="socket:[17797]" dev="sockfs" ino=17797 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.171552][ T889] loop1: detected capacity change from 0 to 1024 [ 57.396894][ T889] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 57.623086][ T899] loop0: detected capacity change from 0 to 128 [ 57.712971][ T28] audit: type=1400 audit(1734082216.758:422): avc: denied { unlink } for pid=888 comm="syz.1.165" name="#1" dev="tmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 58.548468][ T28] audit: type=1400 audit(1734082217.598:423): avc: denied { read } for pid=907 comm="syz.0.169" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 58.581960][ T908] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 58.617052][ T28] audit: type=1400 audit(1734082217.628:424): avc: denied { open } for pid=907 comm="syz.0.169" path="/dev/kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 58.739374][ T28] audit: type=1400 audit(1734082217.628:425): avc: denied { ioctl } for pid=907 comm="syz.0.169" path="/dev/kvm" dev="devtmpfs" ino=83 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 59.102160][ T922] loop3: detected capacity change from 0 to 512 [ 59.191486][ T922] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 59.211961][ T922] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 59.229463][ T922] EXT4-fs error (device loop3): ext4_acquire_dquot:6788: comm syz.3.172: Failed to acquire dquot type 0 [ 59.252007][ T922] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 59.276071][ T922] EXT4-fs error (device loop3): ext4_acquire_dquot:6788: comm syz.3.172: Failed to acquire dquot type 0 [ 59.297730][ T922] EXT4-fs error (device loop3): ext4_acquire_dquot:6788: comm syz.3.172: Failed to acquire dquot type 0 [ 59.329530][ T922] EXT4-fs (loop3): 1 orphan inode deleted [ 59.341449][ T922] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 59.359581][ T922] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.415153][ T292] EXT4-fs (loop3): unmounting filesystem. [ 59.458032][ T293] EXT4-fs (loop1): unmounting filesystem. [ 59.519378][ T908] syz.0.169 (908) used greatest stack depth: 20168 bytes left [ 59.608317][ T938] loop1: detected capacity change from 0 to 256 [ 59.634577][ T938] FAT-fs (loop1): Directory bread(block 64) failed [ 59.641452][ T938] FAT-fs (loop1): Directory bread(block 65) failed [ 59.648873][ T938] FAT-fs (loop1): Directory bread(block 66) failed [ 59.658553][ T938] FAT-fs (loop1): Directory bread(block 67) failed [ 59.670383][ T938] FAT-fs (loop1): Directory bread(block 68) failed [ 59.681126][ T938] FAT-fs (loop1): Directory bread(block 69) failed [ 59.691941][ T938] FAT-fs (loop1): Directory bread(block 70) failed [ 59.699230][ T938] FAT-fs (loop1): Directory bread(block 71) failed [ 59.705652][ T938] FAT-fs (loop1): Directory bread(block 72) failed [ 59.712284][ T938] FAT-fs (loop1): Directory bread(block 73) failed [ 60.469930][ T325] kworker/u4:4: attempt to access beyond end of device [ 60.469930][ T325] loop1: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 60.497077][ T325] kworker/u4:4: attempt to access beyond end of device [ 60.497077][ T325] loop1: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 61.341397][ T986] loop0: detected capacity change from 0 to 256 [ 61.356492][ T986] FAT-fs (loop0): Directory bread(block 64) failed [ 61.362996][ T986] FAT-fs (loop0): Directory bread(block 65) failed [ 61.370291][ T986] FAT-fs (loop0): Directory bread(block 66) failed [ 61.376740][ T986] FAT-fs (loop0): Directory bread(block 67) failed [ 61.383108][ T986] FAT-fs (loop0): Directory bread(block 68) failed [ 61.389439][ T986] FAT-fs (loop0): Directory bread(block 69) failed [ 61.395736][ T986] FAT-fs (loop0): Directory bread(block 70) failed [ 61.402120][ T986] FAT-fs (loop0): Directory bread(block 71) failed [ 61.408601][ T986] FAT-fs (loop0): Directory bread(block 72) failed [ 61.414863][ T986] FAT-fs (loop0): Directory bread(block 73) failed [ 62.415348][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 62.415376][ T28] audit: type=1400 audit(1734082221.138:426): avc: denied { setopt } for pid=989 comm="syz.1.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.441764][ T325] kworker/u4:4: attempt to access beyond end of device [ 62.441764][ T325] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 62.456758][ T325] kworker/u4:4: attempt to access beyond end of device [ 62.456758][ T325] loop0: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 62.475318][ T28] audit: type=1400 audit(1734082221.178:427): avc: denied { create } for pid=989 comm="syz.1.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.546890][ T28] audit: type=1400 audit(1734082221.208:428): avc: denied { bind } for pid=989 comm="syz.1.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 63.490618][ T28] audit: type=1400 audit(1734082222.538:429): avc: denied { connect } for pid=1025 comm="syz.2.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 63.522085][ T1029] loop4: detected capacity change from 0 to 256 [ 63.553105][ T1029] FAT-fs (loop4): Directory bread(block 64) failed [ 63.569971][ T28] audit: type=1400 audit(1734082222.558:430): avc: denied { write } for pid=1025 comm="syz.2.209" path="socket:[18113]" dev="sockfs" ino=18113 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 63.594277][ T1029] FAT-fs (loop4): Directory bread(block 65) failed [ 63.660771][ T1029] FAT-fs (loop4): Directory bread(block 66) failed [ 63.750604][ T1029] FAT-fs (loop4): Directory bread(block 67) failed [ 63.777657][ T1029] FAT-fs (loop4): Directory bread(block 68) failed [ 63.784281][ T1029] FAT-fs (loop4): Directory bread(block 69) failed [ 63.790680][ T1029] FAT-fs (loop4): Directory bread(block 70) failed [ 63.796974][ T1029] FAT-fs (loop4): Directory bread(block 71) failed [ 63.803302][ T1029] FAT-fs (loop4): Directory bread(block 72) failed [ 63.811587][ T1029] FAT-fs (loop4): Directory bread(block 73) failed [ 64.890937][ T325] kworker/u4:4: attempt to access beyond end of device [ 64.890937][ T325] loop4: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 64.910747][ T1056] syz.1.219[1056] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.910824][ T1056] syz.1.219[1056] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.945623][ T325] kworker/u4:4: attempt to access beyond end of device [ 64.945623][ T325] loop4: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 65.051088][ T1065] loop4: detected capacity change from 0 to 128 [ 65.892592][ T1081] 9pnet_fd: Insufficient options for proto=fd [ 66.164626][ T1089] loop2: detected capacity change from 0 to 256 [ 66.181758][ T1089] FAT-fs (loop2): Directory bread(block 64) failed [ 66.193959][ T1089] FAT-fs (loop2): Directory bread(block 65) failed [ 66.200765][ T1089] FAT-fs (loop2): Directory bread(block 66) failed [ 66.207826][ T1089] FAT-fs (loop2): Directory bread(block 67) failed [ 66.214225][ T1089] FAT-fs (loop2): Directory bread(block 68) failed [ 66.224965][ T1089] FAT-fs (loop2): Directory bread(block 69) failed [ 66.231436][ T28] audit: type=1400 audit(2000000000.020:431): avc: denied { bind } for pid=1092 comm="syz.0.234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 66.251101][ T1089] FAT-fs (loop2): Directory bread(block 70) failed [ 66.257687][ T1089] FAT-fs (loop2): Directory bread(block 71) failed [ 66.264126][ T1089] FAT-fs (loop2): Directory bread(block 72) failed [ 66.270751][ T1089] FAT-fs (loop2): Directory bread(block 73) failed [ 66.298595][ T1095] loop1: detected capacity change from 0 to 512 [ 67.257263][ T1095] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 67.305563][ T1095] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 67.315111][ T1095] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.235: Failed to acquire dquot type 0 [ 67.338729][ T742] kworker/u4:7: attempt to access beyond end of device [ 67.338729][ T742] loop2: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 67.343114][ T1095] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 67.353686][ T742] kworker/u4:7: attempt to access beyond end of device [ 67.353686][ T742] loop2: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 67.376158][ T1095] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 67.387621][ T1095] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.235: Failed to acquire dquot type 0 [ 67.422116][ T1095] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 67.480614][ T1095] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 67.544084][ T1095] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.235: Failed to acquire dquot type 0 [ 67.596565][ T1119] 9pnet_fd: Insufficient options for proto=fd [ 67.636997][ T1095] EXT4-fs (loop1): 1 orphan inode deleted [ 67.667004][ T517] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 67.670759][ T1095] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 67.688016][ T1095] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.719846][ T293] EXT4-fs (loop1): unmounting filesystem. [ 72.248006][ T1143] syz.1.246[1143] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.248083][ T1143] syz.1.246[1143] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.263002][ T1141] loop2: detected capacity change from 0 to 1024 [ 72.267380][ T517] usb 4-1: device descriptor read/all, error -71 [ 72.276601][ T1139] netlink: 200 bytes leftover after parsing attributes in process `syz.4.245'. [ 72.355607][ T1141] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 72.361544][ T1139] loop4: detected capacity change from 0 to 8192 [ 72.669645][ T1139] loop4: p1 p3 p4 [ 72.676299][ T1139] loop4: p1 start 51379968 is beyond EOD, truncated [ 73.430711][ T1157] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.247: inode #393216: comm syz.2.247: iget: illegal inode # [ 73.444358][ T28] audit: type=1400 audit(2000000007.230:432): avc: denied { read } for pid=1140 comm="syz.2.247" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 73.467711][ T1157] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.247: error while reading EA inode 393216 err=-117 [ 73.822545][ T1139] loop4: p3 size 15991040 extends beyond EOD, truncated [ 73.859042][ T1139] loop4: p4 start 16711680 is beyond EOD, truncated [ 73.874860][ T28] audit: type=1400 audit(2000000007.230:433): avc: denied { write } for pid=1140 comm="syz.2.247" name="file1" dev="overlay" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 73.970478][ T1165] 9pnet_fd: Insufficient options for proto=fd [ 74.280298][ T28] audit: type=1400 audit(2000000007.230:434): avc: denied { open } for pid=1140 comm="syz.2.247" path="/52/bus/file1" dev="overlay" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 74.306290][ T1170] device pim6reg1 entered promiscuous mode [ 74.338357][ T28] audit: type=1400 audit(2000000007.230:435): avc: denied { setattr } for pid=1140 comm="syz.2.247" name="#306" dev="tmpfs" ino=306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 74.381399][ T102] loop4: p1 p3 p4 [ 74.385072][ T102] loop4: p1 start 51379968 is beyond EOD, truncated [ 74.385378][ T291] EXT4-fs (loop2): unmounting filesystem. [ 74.391550][ T102] loop4: p3 size 15991040 extends beyond EOD, truncated [ 74.391989][ T102] loop4: p4 start 16711680 is beyond EOD, truncated [ 74.488127][ T1136] I/O error, dev loop4, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 74.522915][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 78.056809][ C0] sched: RT throttling activated [ 78.240208][ T1217] device pim6reg1 entered promiscuous mode [ 78.353389][ T1222] loop1: detected capacity change from 0 to 256 [ 78.391936][ T1222] ======================================================= [ 78.391936][ T1222] WARNING: The mand mount option has been deprecated and [ 78.391936][ T1222] and is ignored by this kernel. Remove the mand [ 78.391936][ T1222] option from the mount to silence this warning. [ 78.391936][ T1222] ======================================================= [ 78.543216][ T1222] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 78.567118][ T1222] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 79.500703][ T28] audit: type=1400 audit(2000000013.300:436): avc: denied { map } for pid=1221 comm="syz.1.270" path="socket:[18357]" dev="sockfs" ino=18357 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 80.332583][ T28] audit: type=1400 audit(2000000014.130:437): avc: denied { name_bind } for pid=1243 comm="syz.1.275" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 80.530325][ T1246] process 'syz.3.276' launched './file1' with NULL argv: empty string added [ 82.767799][ T1258] device pim6reg1 entered promiscuous mode [ 83.954779][ T1290] loop3: detected capacity change from 0 to 40427 [ 83.969165][ T1290] F2FS-fs (loop3): heap/no_heap options were deprecated [ 83.976027][ T1290] F2FS-fs (loop3): heap/no_heap options were deprecated [ 83.983901][ T1290] F2FS-fs (loop3): invalid crc value [ 83.991097][ T1290] F2FS-fs (loop3): Found nat_bits in checkpoint [ 84.207389][ T1290] F2FS-fs (loop3): Start checkpoint disabled! [ 84.317498][ T1290] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 84.812106][ T28] audit: type=1400 audit(2000000018.614:438): avc: denied { connect } for pid=1289 comm="syz.3.290" lport=252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 84.896141][ T28] audit: type=1400 audit(2000000018.694:439): avc: denied { write } for pid=1310 comm="syz.1.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 85.148290][ T28] audit: type=1400 audit(2000000018.924:440): avc: denied { ioctl } for pid=1328 comm="syz.1.304" path="socket:[19498]" dev="sockfs" ino=19498 ioctlcmd=0x48c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 85.268852][ T1341] loop2: detected capacity change from 0 to 1024 [ 85.280483][ T1341] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 86.146944][ T28] audit: type=1400 audit(2000000019.344:441): avc: denied { mounton } for pid=1335 comm="syz.3.307" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 87.237068][ T1349] overlayfs: failed to resolve './file1': -2 [ 87.647017][ T28] audit: type=1400 audit(2000000019.364:442): avc: denied { remount } for pid=1335 comm="syz.3.307" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 87.666690][ T28] audit: type=1400 audit(2000000019.924:443): avc: denied { create } for pid=1335 comm="syz.3.307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 88.922420][ T291] EXT4-fs (loop2): unmounting filesystem. [ 88.956472][ T1368] loop0: detected capacity change from 0 to 256 [ 88.989303][ T1368] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 89.018728][ T28] audit: type=1400 audit(2000000022.824:444): avc: denied { remount } for pid=1372 comm="syz.2.318" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 89.072135][ T28] audit: type=1400 audit(2000000022.864:445): avc: denied { read append open } for pid=1366 comm="syz.0.316" path="/68/file0/file0/memory.events.local" dev="loop0" ino=1048623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.110295][ T1379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.319'. [ 89.528396][ T1389] netlink: 200 bytes leftover after parsing attributes in process `syz.0.324'. [ 89.611542][ T1389] loop0: detected capacity change from 0 to 8192 [ 89.657295][ T1389] loop0: p1 p3 p4 [ 89.661414][ T1389] loop0: p1 start 51379968 is beyond EOD, truncated [ 89.668586][ T28] audit: type=1400 audit(2000000023.474:446): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 89.676074][ T1389] loop0: p3 size 15991040 extends beyond EOD, [ 89.705721][ T28] audit: type=1400 audit(2000000023.474:447): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 89.737629][ T1389] truncated [ 89.741142][ T1389] loop0: p4 start 16711680 is beyond EOD, truncated [ 89.769463][ T1392] kvm: emulating exchange as write [ 89.986322][ T1405] loop2: detected capacity change from 0 to 1024 [ 89.999483][ T1406] device pim6reg1 entered promiscuous mode [ 90.178993][ T1405] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 91.066505][ T1419] syz.4.334[1419] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.066579][ T1419] syz.4.334[1419] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.087597][ T1414] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.331: inode #393216: comm syz.2.331: iget: illegal inode # [ 91.203028][ T1414] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.331: error while reading EA inode 393216 err=-117 [ 92.306144][ T291] EXT4-fs (loop2): unmounting filesystem. [ 92.605011][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 92.605027][ T28] audit: type=1400 audit(2000000026.404:450): avc: denied { write } for pid=1438 comm="syz.3.341" lport=135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 93.293413][ T414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 93.304918][ T414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 93.319572][ T414] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.02 Device [syz1] on syz1 [ 94.052852][ T28] audit: type=1400 audit(2000000027.474:451): avc: denied { mounton } for pid=1482 comm="syz.0.356" path="/proc/251/cgroup" dev="proc" ino=18790 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 94.083441][ T28] audit: type=1400 audit(2000000027.794:452): avc: denied { remount } for pid=1482 comm="syz.0.356" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 94.295875][ T1493] loop1: detected capacity change from 0 to 128 [ 94.396427][ T1495] loop3: detected capacity change from 0 to 256 [ 94.751916][ T1495] FAT-fs (loop3): Directory bread(block 64) failed [ 94.758463][ T1495] FAT-fs (loop3): Directory bread(block 65) failed [ 94.764963][ T1495] FAT-fs (loop3): Directory bread(block 66) failed [ 94.771550][ T1495] FAT-fs (loop3): Directory bread(block 67) failed [ 94.778549][ T1495] FAT-fs (loop3): Directory bread(block 68) failed [ 94.785037][ T1495] FAT-fs (loop3): Directory bread(block 69) failed [ 94.792079][ T1495] FAT-fs (loop3): Directory bread(block 70) failed [ 94.798671][ T1495] FAT-fs (loop3): Directory bread(block 71) failed [ 94.805577][ T1495] FAT-fs (loop3): Directory bread(block 72) failed [ 94.812098][ T1495] FAT-fs (loop3): Directory bread(block 73) failed [ 96.155277][ T1509] device pim6reg1 entered promiscuous mode [ 97.306927][ T383] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 97.506834][ T383] usb 5-1: Using ep0 maxpacket: 16 [ 97.513019][ T383] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.571194][ T383] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.581284][ T383] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 97.590268][ T383] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.599656][ T383] usb 5-1: config 0 descriptor?? [ 97.624518][ T1543] loop0: detected capacity change from 0 to 128 [ 98.120108][ T414] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 98.620960][ T383] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:05AC:8241.0005/input/input9 [ 98.638958][ T414] usb 4-1: unable to get BOS descriptor or descriptor too short [ 98.651722][ T414] usb 4-1: config 1 has an invalid interface number: 173 but max is 1 [ 98.783982][ T414] usb 4-1: config 1 has an invalid interface number: 113 but max is 1 [ 98.788352][ T383] appleir 0003:05AC:8241.0005: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 98.792151][ T414] usb 4-1: config 1 has no interface number 0 [ 98.812356][ T1555] loop2: detected capacity change from 0 to 256 [ 98.823398][ T1555] FAT-fs (loop2): Directory bread(block 64) failed [ 98.829825][ T1555] FAT-fs (loop2): Directory bread(block 65) failed [ 99.029908][ T1555] FAT-fs (loop2): Directory bread(block 66) failed [ 99.036820][ T1555] FAT-fs (loop2): Directory bread(block 67) failed [ 99.043897][ T1555] FAT-fs (loop2): Directory bread(block 68) failed [ 99.050794][ T1555] FAT-fs (loop2): Directory bread(block 69) failed [ 99.058087][ T1555] FAT-fs (loop2): Directory bread(block 70) failed [ 99.065175][ T1555] FAT-fs (loop2): Directory bread(block 71) failed [ 99.072638][ T1555] FAT-fs (loop2): Directory bread(block 72) failed [ 99.079419][ T1555] FAT-fs (loop2): Directory bread(block 73) failed [ 99.204057][ T414] usb 4-1: config 1 has no interface number 1 [ 99.210673][ T414] usb 4-1: config 1 interface 113 altsetting 8 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 99.232500][ T414] usb 4-1: config 1 interface 173 has no altsetting 0 [ 99.246351][ T414] usb 4-1: config 1 interface 113 has no altsetting 0 [ 99.254583][ T1560] device pim6reg1 entered promiscuous mode [ 99.254602][ T414] usb 4-1: New USB device found, idVendor=12d1, idProduct=9c5c, bcdDevice=a6.5e [ 99.277885][ T414] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.285847][ T414] usb 4-1: Product: syz [ 99.289923][ T414] usb 4-1: Manufacturer: syz [ 99.295694][ T414] usb 4-1: SerialNumber: syz [ 99.371313][ T414] usb 4-1: USB disconnect, device number 4 [ 99.377738][ T1565] loop3: detected capacity change from 0 to 512 [ 99.403800][ T1563] loop2: detected capacity change from 0 to 512 [ 99.413201][ T1563] EXT4-fs: Ignoring removed mblk_io_submit option [ 99.419841][ T1565] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.382: casefold flag without casefold feature [ 99.421206][ T1563] EXT4-fs: Ignoring removed nobh option [ 99.443950][ T1565] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.382: couldn't read orphan inode 15 (err -117) [ 99.460900][ T1563] EXT4-fs: user quota file already specified [ 99.467059][ T1565] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 99.494590][ T28] audit: type=1400 audit(2000000033.294:453): avc: denied { setattr } for pid=1564 comm="syz.3.382" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 99.517974][ T28] audit: type=1400 audit(2000000033.324:454): avc: denied { write } for pid=1564 comm="syz.3.382" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 99.539737][ T28] audit: type=1400 audit(2000000033.324:455): avc: denied { add_name } for pid=1564 comm="syz.3.382" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 99.560486][ T28] audit: type=1400 audit(2000000033.324:456): avc: denied { create } for pid=1564 comm="syz.3.382" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 99.858305][ T383] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 100.390984][ T1590] loop4: detected capacity change from 0 to 128 [ 101.094729][ T1603] loop2: detected capacity change from 0 to 256 [ 101.107589][ T1603] FAT-fs (loop2): Directory bread(block 64) failed [ 101.114167][ T1603] FAT-fs (loop2): Directory bread(block 65) failed [ 101.120621][ T1603] FAT-fs (loop2): Directory bread(block 66) failed [ 101.126997][ T1603] FAT-fs (loop2): Directory bread(block 67) failed [ 101.133361][ T1603] FAT-fs (loop2): Directory bread(block 68) failed [ 101.139684][ T1603] FAT-fs (loop2): Directory bread(block 69) failed [ 101.146023][ T1603] FAT-fs (loop2): Directory bread(block 70) failed [ 101.152341][ T1603] FAT-fs (loop2): Directory bread(block 71) failed [ 101.158700][ T1603] FAT-fs (loop2): Directory bread(block 72) failed [ 101.165151][ T1603] FAT-fs (loop2): Directory bread(block 73) failed [ 101.172247][ T292] EXT4-fs (loop3): unmounting filesystem. [ 101.359099][ T1618] syz.4.400[1618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.359169][ T1618] syz.4.400[1618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.361171][ T1619] loop1: detected capacity change from 0 to 1024 [ 102.220568][ T28] audit: type=1326 audit(2000000036.024:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1625 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 102.248608][ T1618] syz.4.400[1618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.248684][ T1618] syz.4.400[1618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.275802][ T1619] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 102.286894][ T28] audit: type=1326 audit(2000000036.044:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1625 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 102.286930][ T28] audit: type=1326 audit(2000000036.074:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1625 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 102.286950][ T28] audit: type=1326 audit(2000000036.074:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1625 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 102.365142][ T1618] device pim6reg1 entered promiscuous mode [ 102.409507][ T1635] loop2: detected capacity change from 0 to 512 [ 102.448970][ T1635] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.405: casefold flag without casefold feature [ 102.461686][ T1635] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.405: couldn't read orphan inode 15 (err -117) [ 102.473642][ T1635] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 102.516597][ T1644] loop4: detected capacity change from 0 to 256 [ 102.530230][ T1644] FAT-fs (loop4): Directory bread(block 64) failed [ 102.536687][ T1644] FAT-fs (loop4): Directory bread(block 65) failed [ 104.583343][ T293] EXT4-fs (loop1): unmounting filesystem. [ 104.594910][ T1644] FAT-fs (loop4): Directory bread(block 66) failed [ 104.601937][ T1644] FAT-fs (loop4): Directory bread(block 67) failed [ 104.609090][ T1644] FAT-fs (loop4): Directory bread(block 68) failed [ 104.615465][ T1644] FAT-fs (loop4): Directory bread(block 69) failed [ 104.639533][ T1644] FAT-fs (loop4): Directory bread(block 70) failed [ 104.645969][ T1644] FAT-fs (loop4): Directory bread(block 71) failed [ 104.652690][ T1644] FAT-fs (loop4): Directory bread(block 72) failed [ 104.659249][ T1644] FAT-fs (loop4): Directory bread(block 73) failed [ 104.897585][ T291] EXT4-fs (loop2): unmounting filesystem. [ 105.084594][ T1666] loop2: detected capacity change from 0 to 256 [ 105.097305][ T1666] FAT-fs (loop2): Directory bread(block 64) failed [ 105.103728][ T1666] FAT-fs (loop2): Directory bread(block 65) failed [ 105.115585][ T1666] FAT-fs (loop2): Directory bread(block 66) failed [ 105.121990][ T1666] FAT-fs (loop2): Directory bread(block 67) failed [ 105.128331][ T1666] FAT-fs (loop2): Directory bread(block 68) failed [ 105.134667][ T1666] FAT-fs (loop2): Directory bread(block 69) failed [ 105.141172][ T1666] FAT-fs (loop2): Directory bread(block 70) failed [ 105.147539][ T1666] FAT-fs (loop2): Directory bread(block 71) failed [ 105.153902][ T1666] FAT-fs (loop2): Directory bread(block 72) failed [ 105.160233][ T1666] FAT-fs (loop2): Directory bread(block 73) failed [ 105.180033][ T517] usb 5-1: USB disconnect, device number 3 [ 105.339442][ T1676] loop0: detected capacity change from 0 to 128 [ 106.195232][ T1685] device syzkaller0 entered promiscuous mode [ 106.271723][ T1687] loop0: detected capacity change from 0 to 512 [ 106.292307][ T1687] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.422: casefold flag without casefold feature [ 106.305864][ T1687] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.422: couldn't read orphan inode 15 (err -117) [ 106.318049][ T1687] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 106.416295][ T556] kworker/u4:6: attempt to access beyond end of device [ 106.416295][ T556] loop4: rw=1048577, sector=1224, nr_sectors = 608 limit=256 [ 106.458263][ T1690] syz.2.423[1690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.458337][ T1690] syz.2.423[1690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 106.465547][ T556] kworker/u4:6: attempt to access beyond end of device [ 106.465547][ T556] loop4: rw=1048577, sector=1864, nr_sectors = 1444 limit=256 [ 107.602179][ T1690] syz.2.423[1690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.602259][ T1690] syz.2.423[1690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.641799][ T1690] device pim6reg1 entered promiscuous mode [ 107.723238][ T1698] loop1: detected capacity change from 0 to 2048 [ 107.775213][ T1704] loop3: detected capacity change from 0 to 256 [ 107.811232][ T1704] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 107.853861][ T1698] FAT-fs (loop1): Unrecognized mount option "ÿ18446744073709551615ÿÿÿÿ" or missing value [ 107.880245][ T290] EXT4-fs (loop0): unmounting filesystem. [ 108.127388][ T28] audit: type=1326 audit(2000000005.620:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1715 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 108.170744][ T28] audit: type=1326 audit(2000000005.620:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1715 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 108.225223][ T28] audit: type=1326 audit(2000000005.620:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1715 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 108.272698][ T28] audit: type=1326 audit(2000000005.620:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1715 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 108.317029][ T28] audit: type=1326 audit(2000000005.620:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1715 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32fbf85d19 code=0x7ffc0000 [ 108.340229][ T1729] tipc: Started in network mode [ 108.345749][ T1729] tipc: Node identity 121b71f203bf, cluster identity 4711 [ 108.353430][ T1729] tipc: Enabled bearer , priority 0 [ 108.374915][ T1728] tipc: Disabling bearer [ 108.536678][ T1736] loop0: detected capacity change from 0 to 256 [ 108.583138][ T1736] FAT-fs (loop0): Directory bread(block 64) failed [ 108.596848][ T1736] FAT-fs (loop0): Directory bread(block 65) failed [ 108.616839][ T1736] FAT-fs (loop0): Directory bread(block 66) failed [ 108.630997][ T1736] FAT-fs (loop0): Directory bread(block 67) failed [ 108.647667][ T1736] FAT-fs (loop0): Directory bread(block 68) failed [ 108.662669][ T1736] FAT-fs (loop0): Directory bread(block 69) failed [ 108.677782][ T1736] FAT-fs (loop0): Directory bread(block 70) failed [ 108.691717][ T1736] FAT-fs (loop0): Directory bread(block 71) failed [ 108.705697][ T1736] FAT-fs (loop0): Directory bread(block 72) failed [ 108.719754][ T1736] FAT-fs (loop0): Directory bread(block 73) failed [ 108.947996][ T1740] syz.1.440[1740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.948074][ T1740] syz.1.440[1740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.039870][ T1740] syz.1.440[1740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.069949][ T1740] syz.1.440[1740] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.121728][ T1743] loop3: detected capacity change from 0 to 512 [ 109.129955][ T1740] device pim6reg1 entered promiscuous mode [ 109.160699][ T1743] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.441: casefold flag without casefold feature [ 109.177009][ T1743] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.441: couldn't read orphan inode 15 (err -117) [ 109.218625][ T1743] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 109.229440][ T1756] loop4: detected capacity change from 0 to 256 [ 109.238831][ T1756] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 109.318590][ T28] audit: type=1400 audit(2000000006.810:466): avc: denied { write } for pid=1759 comm="syz.4.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 109.323729][ T1761] netlink: 12 bytes leftover after parsing attributes in process `syz.4.448'. [ 109.347922][ T1761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.448'. [ 109.359568][ T28] audit: type=1400 audit(2000000006.850:467): avc: denied { write } for pid=1762 comm="syz.2.449" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 109.736023][ T28] audit: type=1400 audit(2000000006.850:468): avc: denied { open } for pid=1762 comm="syz.2.449" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 110.120629][ T1776] netlink: 32 bytes leftover after parsing attributes in process `syz.4.450'. [ 110.437653][ T292] EXT4-fs (loop3): unmounting filesystem. [ 110.450146][ T10] kworker/u4:1: attempt to access beyond end of device [ 110.450146][ T10] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 110.472809][ T10] kworker/u4:1: attempt to access beyond end of device [ 110.472809][ T10] loop0: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 110.534312][ T1795] loop3: detected capacity change from 0 to 256 [ 110.543026][ T1795] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 110.752974][ T1811] loop0: detected capacity change from 0 to 512 [ 110.775447][ T1811] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.464: casefold flag without casefold feature [ 110.788724][ T1811] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.464: couldn't read orphan inode 15 (err -117) [ 110.837249][ T1811] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 111.894044][ T1818] loop4: detected capacity change from 0 to 256 [ 111.949905][ T1818] FAT-fs (loop4): Directory bread(block 64) failed [ 111.974804][ T1818] FAT-fs (loop4): Directory bread(block 65) failed [ 111.988897][ T1818] FAT-fs (loop4): Directory bread(block 66) failed [ 112.002032][ T1818] FAT-fs (loop4): Directory bread(block 67) failed [ 112.016692][ T1818] FAT-fs (loop4): Directory bread(block 68) failed [ 112.029835][ T1818] FAT-fs (loop4): Directory bread(block 69) failed [ 112.038577][ T1818] FAT-fs (loop4): Directory bread(block 70) failed [ 112.044926][ T1818] FAT-fs (loop4): Directory bread(block 71) failed [ 112.051317][ T1818] FAT-fs (loop4): Directory bread(block 72) failed [ 112.057667][ T1818] FAT-fs (loop4): Directory bread(block 73) failed [ 112.070846][ T1824] loop2: detected capacity change from 0 to 16 [ 112.096370][ T1824] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿ' [ 113.165244][ T1834] loop3: detected capacity change from 0 to 256 [ 113.185413][ T1834] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 113.268954][ T290] EXT4-fs (loop0): unmounting filesystem. [ 113.275850][ T317] kworker/u4:3: attempt to access beyond end of device [ 113.275850][ T317] loop4: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 113.290551][ T317] kworker/u4:3: attempt to access beyond end of device [ 113.290551][ T317] loop4: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 113.310555][ T1836] loop2: detected capacity change from 0 to 256 [ 113.322037][ T1838] loop0: detected capacity change from 0 to 1024 [ 113.336222][ T1836] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 113.355122][ T1838] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 113.388211][ T1842] tipc: Started in network mode [ 113.409385][ T1842] tipc: Node identity 92093ec9c4d3, cluster identity 4711 [ 113.416595][ T1842] tipc: Enabled bearer , priority 0 [ 113.438703][ T28] audit: type=1400 audit(2000000010.930:469): avc: denied { write } for pid=1835 comm="syz.2.473" name="file1" dev="loop2" ino=1048647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 113.459415][ T1842] device syzkaller0 entered promiscuous mode [ 113.467191][ T1842] tipc: Resetting bearer [ 113.476070][ T1840] tipc: Resetting bearer [ 113.490270][ T1840] tipc: Disabling bearer [ 115.499263][ T1855] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.471: inode #393216: comm syz.0.471: iget: illegal inode # [ 115.514065][ T1855] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.471: error while reading EA inode 393216 err=-117 [ 116.009535][ T290] EXT4-fs (loop0): unmounting filesystem. [ 116.105046][ T1865] 9pnet_fd: Insufficient options for proto=fd [ 116.147961][ T1870] netlink: 200 bytes leftover after parsing attributes in process `syz.0.481'. [ 116.192039][ T1872] loop4: detected capacity change from 0 to 512 [ 116.381859][ T1877] loop1: detected capacity change from 0 to 256 [ 116.403123][ T1872] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.482: casefold flag without casefold feature [ 116.423337][ T1872] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.482: couldn't read orphan inode 15 (err -117) [ 116.446608][ T1877] FAT-fs (loop1): Directory bread(block 64) failed [ 116.453008][ T1872] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 116.471825][ T1877] FAT-fs (loop1): Directory bread(block 65) failed [ 116.483987][ T1875] loop0: detected capacity change from 0 to 8192 [ 116.491489][ T1877] FAT-fs (loop1): Directory bread(block 66) failed [ 116.498108][ T1877] FAT-fs (loop1): Directory bread(block 67) failed [ 116.505502][ T1877] FAT-fs (loop1): Directory bread(block 68) failed [ 116.512307][ T1877] FAT-fs (loop1): Directory bread(block 69) failed [ 116.537155][ T1877] FAT-fs (loop1): Directory bread(block 70) failed [ 116.544676][ T1877] FAT-fs (loop1): Directory bread(block 71) failed [ 116.558275][ T1877] FAT-fs (loop1): Directory bread(block 72) failed [ 116.571759][ T1877] FAT-fs (loop1): Directory bread(block 73) failed [ 116.571858][ T1875] loop0: p1 p3 p4 [ 116.584276][ T1875] loop0: p1 start 51379968 is beyond EOD, truncated [ 116.593746][ T1875] loop0: p3 size 15991040 extends beyond EOD, truncated [ 116.601427][ T1875] loop0: p4 start 16711680 is beyond EOD, truncated [ 117.205060][ T317] kworker/u4:3: attempt to access beyond end of device [ 117.205060][ T317] loop1: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 117.266217][ T317] kworker/u4:3: attempt to access beyond end of device [ 117.266217][ T317] loop1: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 118.282939][ T294] EXT4-fs (loop4): unmounting filesystem. [ 118.313046][ T1898] loop2: detected capacity change from 0 to 1024 [ 118.354230][ T1898] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 118.559347][ T1911] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.489: inode #393216: comm syz.2.489: iget: illegal inode # [ 118.573645][ T1911] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.489: error while reading EA inode 393216 err=-117 [ 118.615566][ T1912] loop1: detected capacity change from 0 to 128 [ 119.485723][ T28] audit: type=1400 audit(2000000016.970:470): avc: denied { read } for pid=1920 comm="syz.1.495" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 119.561358][ T1923] loop0: detected capacity change from 0 to 512 [ 119.634981][ T291] EXT4-fs (loop2): unmounting filesystem. [ 119.684656][ T1923] EXT4-fs error (device loop0): ext4_get_branch:178: inode #13: block 2: comm syz.0.496: invalid block [ 119.696837][ T28] audit: type=1400 audit(2000000017.160:471): avc: denied { read write } for pid=292 comm="syz-executor" name="loop3" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 119.730342][ T1936] loop2: detected capacity change from 0 to 512 [ 119.738961][ T28] audit: type=1400 audit(2000000017.160:472): avc: denied { open } for pid=292 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 119.757346][ T1923] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.496: invalid indirect mapped block 10 (level 1) [ 119.776104][ T1936] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.499: casefold flag without casefold feature [ 119.784031][ T1923] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.496: invalid indirect mapped block 8 (level 1) [ 119.789020][ T28] audit: type=1400 audit(2000000017.160:473): avc: denied { ioctl } for pid=292 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 119.849126][ T1923] EXT4-fs (loop0): 1 truncate cleaned up [ 119.857332][ T1923] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 119.879082][ T1936] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.499: couldn't read orphan inode 15 (err -117) [ 120.029930][ T1936] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 120.460311][ T290] EXT4-fs (loop0): unmounting filesystem. [ 120.864199][ T1951] loop1: detected capacity change from 0 to 256 [ 120.905465][ T28] audit: type=1400 audit(2000000017.170:474): avc: denied { bpf } for pid=1933 comm="syz.3.502" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 120.935240][ T1951] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 121.011962][ T28] audit: type=1400 audit(2000000017.170:475): avc: denied { map_create } for pid=1933 comm="syz.3.502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 121.041167][ T1961] loop3: detected capacity change from 0 to 1024 [ 121.054624][ T28] audit: type=1400 audit(2000000017.220:476): avc: denied { append } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 121.076990][ T28] audit: type=1400 audit(2000000017.230:477): avc: denied { mounton } for pid=1935 comm="syz.2.499" path="/103/file0" dev="tmpfs" ino=604 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 121.088175][ T1961] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 121.114518][ T1963] 9pnet_fd: Insufficient options for proto=fd [ 121.193277][ T28] audit: type=1400 audit(2000000017.250:478): avc: denied { prog_load } for pid=1933 comm="syz.3.502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 121.227716][ T28] audit: type=1400 audit(2000000017.250:479): avc: denied { perfmon } for pid=1933 comm="syz.3.502" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 121.359533][ T1970] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.511: inode #393216: comm syz.3.511: iget: illegal inode # [ 121.373561][ T1970] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.511: error while reading EA inode 393216 err=-117 [ 121.406097][ T291] EXT4-fs (loop2): unmounting filesystem. [ 121.865228][ T1977] netlink: 24 bytes leftover after parsing attributes in process `syz.1.513'. [ 123.568191][ T1990] loop0: detected capacity change from 0 to 256 [ 123.946725][ T1990] FAT-fs (loop0): Directory bread(block 64) failed [ 123.953211][ T1990] FAT-fs (loop0): Directory bread(block 65) failed [ 123.959769][ T1990] FAT-fs (loop0): Directory bread(block 66) failed [ 123.966137][ T1990] FAT-fs (loop0): Directory bread(block 67) failed [ 123.972652][ T1990] FAT-fs (loop0): Directory bread(block 68) failed [ 123.979053][ T1990] FAT-fs (loop0): Directory bread(block 69) failed [ 123.985605][ T1990] FAT-fs (loop0): Directory bread(block 70) failed [ 123.992030][ T1990] FAT-fs (loop0): Directory bread(block 71) failed [ 123.998531][ T1990] FAT-fs (loop0): Directory bread(block 72) failed [ 124.004906][ T1990] FAT-fs (loop0): Directory bread(block 73) failed [ 124.122013][ T292] EXT4-fs (loop3): unmounting filesystem. [ 124.718248][ T2009] loop4: detected capacity change from 0 to 512 [ 124.736859][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 124.736878][ T28] audit: type=1400 audit(2000000022.220:514): avc: denied { execute } for pid=1994 comm="syz.1.520" path="/115/bus/hugetlb.1GB.rsvd.usage_in_bytes" dev="tmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 124.781912][ T2009] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.524: casefold flag without casefold feature [ 124.811423][ T28] audit: type=1400 audit(2000000022.290:515): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 124.840550][ T2009] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.524: couldn't read orphan inode 15 (err -117) [ 124.876246][ T2009] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 125.636929][ T28] audit: type=1400 audit(2000000023.100:516): avc: denied { read } for pid=2022 comm="syz.3.526" dev="nsfs" ino=4026532556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 125.739034][ T28] audit: type=1400 audit(2000000023.100:517): avc: denied { open } for pid=2022 comm="syz.3.526" path="net:[4026532556]" dev="nsfs" ino=4026532556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 125.809731][ T28] audit: type=1400 audit(2000000023.100:518): avc: denied { create } for pid=2022 comm="syz.3.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 125.850074][ T28] audit: type=1400 audit(2000000023.100:519): avc: denied { ioctl } for pid=2022 comm="syz.3.526" path="socket:[20711]" dev="sockfs" ino=20711 ioctlcmd=0x48dd scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 125.931765][ T294] EXT4-fs (loop4): unmounting filesystem. [ 126.032747][ T28] audit: type=1400 audit(2000000023.520:520): avc: denied { create } for pid=2039 comm="syz.4.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 127.197897][ T28] audit: type=1400 audit(2000000023.580:521): avc: denied { mount } for pid=2036 comm="syz.0.532" name="/" dev="configfs" ino=14047 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 127.249644][ T28] audit: type=1400 audit(2000000023.580:522): avc: denied { read } for pid=2036 comm="syz.0.532" name="/" dev="configfs" ino=14047 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 127.321310][ T28] audit: type=1400 audit(2000000023.580:523): avc: denied { open } for pid=2036 comm="syz.0.532" path="/119/file0" dev="configfs" ino=14047 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 127.467192][ T2061] loop4: detected capacity change from 0 to 128 [ 127.473768][ T2061] FAT-fs (loop4): Unrecognized mount option "0x0000000000000000" or missing value [ 127.676854][ T2023] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 127.704278][ T2064] netlink: 32 bytes leftover after parsing attributes in process `syz.4.539'. [ 127.716874][ T2066] netlink: 4 bytes leftover after parsing attributes in process `syz.1.540'. [ 127.738202][ T2068] loop3: detected capacity change from 0 to 512 [ 127.771370][ T2068] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.541: casefold flag without casefold feature [ 127.841193][ T2068] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.541: couldn't read orphan inode 15 (err -117) [ 127.862952][ T2068] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 129.737290][ T292] EXT4-fs (loop3): unmounting filesystem. [ 129.756156][ T2096] loop3: detected capacity change from 0 to 256 [ 129.772837][ T2096] FAT-fs (loop3): Directory bread(block 64) failed [ 129.780738][ T2096] FAT-fs (loop3): Directory bread(block 65) failed [ 129.789095][ T2096] FAT-fs (loop3): Directory bread(block 66) failed [ 129.795880][ T2096] FAT-fs (loop3): Directory bread(block 67) failed [ 129.804100][ T2096] FAT-fs (loop3): Directory bread(block 68) failed [ 129.812951][ T2096] FAT-fs (loop3): Directory bread(block 69) failed [ 129.821511][ T2096] FAT-fs (loop3): Directory bread(block 70) failed [ 129.828232][ T2096] FAT-fs (loop3): Directory bread(block 71) failed [ 129.834671][ T2096] FAT-fs (loop3): Directory bread(block 72) failed [ 129.841683][ T2096] FAT-fs (loop3): Directory bread(block 73) failed [ 129.878018][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 129.878034][ T28] audit: type=1400 audit(2000000027.370:536): avc: denied { create } for pid=2095 comm="syz.3.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 130.075432][ T28] audit: type=1400 audit(2000000027.560:537): avc: denied { read write } for pid=2108 comm="syz.1.554" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 130.108900][ T327] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 130.123424][ T327] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 130.146984][ T28] audit: type=1400 audit(2000000027.560:538): avc: denied { open } for pid=2108 comm="syz.1.554" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 130.180461][ T28] audit: type=1400 audit(2000000027.560:539): avc: denied { watch } for pid=2108 comm="syz.1.554" path="/121" dev="tmpfs" ino=688 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 130.180835][ T327] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.02 Device [syz1] on syz1 [ 130.464621][ T28] audit: type=1400 audit(2000000027.940:540): avc: denied { write } for pid=2115 comm="syz.2.556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 130.550545][ T28] audit: type=1400 audit(2000000027.980:541): avc: denied { read } for pid=2115 comm="syz.2.556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 130.854247][ T2124] netlink: 200 bytes leftover after parsing attributes in process `syz.3.559'. [ 130.933374][ T2130] loop2: detected capacity change from 0 to 512 [ 131.032652][ T2130] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.560: casefold flag without casefold feature [ 131.056917][ T2130] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.560: couldn't read orphan inode 15 (err -117) [ 131.123192][ T2130] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 131.144231][ T2124] loop3: detected capacity change from 0 to 8192 [ 131.936872][ T2124] loop3: p1 p3 p4 [ 131.940505][ T2124] loop3: p1 start 51379968 is beyond EOD, truncated [ 131.958011][ T2124] loop3: p3 size 15991040 extends beyond EOD, truncated [ 131.975527][ T2124] loop3: p4 start 16711680 is beyond EOD, truncated [ 132.313999][ T28] audit: type=1400 audit(2000000029.800:542): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 132.493167][ T28] audit: type=1400 audit(2000000029.900:543): avc: denied { create } for pid=2146 comm="syz.1.563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 132.524672][ T28] audit: type=1400 audit(2000000029.900:544): avc: denied { write } for pid=2146 comm="syz.1.563" path="socket:[20994]" dev="sockfs" ino=20994 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 132.579813][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 132.623564][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 132.684084][ T291] EXT4-fs (loop2): unmounting filesystem. [ 132.723525][ T2153] loop2: detected capacity change from 0 to 128 [ 133.269642][ T2169] loop1: detected capacity change from 0 to 256 [ 133.290417][ T2169] FAT-fs (loop1): Directory bread(block 64) failed [ 133.297996][ T2169] FAT-fs (loop1): Directory bread(block 65) failed [ 133.304420][ T2169] FAT-fs (loop1): Directory bread(block 66) failed [ 133.310819][ T2169] FAT-fs (loop1): Directory bread(block 67) failed [ 133.317277][ T2169] FAT-fs (loop1): Directory bread(block 68) failed [ 133.323673][ T2169] FAT-fs (loop1): Directory bread(block 69) failed [ 133.336365][ T2169] FAT-fs (loop1): Directory bread(block 70) failed [ 133.342992][ T2169] FAT-fs (loop1): Directory bread(block 71) failed [ 133.357362][ T2169] FAT-fs (loop1): Directory bread(block 72) failed [ 133.363835][ T2169] FAT-fs (loop1): Directory bread(block 73) failed [ 133.391520][ T28] audit: type=1400 audit(2000000030.880:545): avc: denied { create } for pid=2164 comm="syz.4.570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 133.589935][ T2176] 9pnet_fd: Insufficient options for proto=fd [ 133.695889][ T2181] loop3: detected capacity change from 0 to 256 [ 133.999853][ T2181] FAT-fs (loop3): Directory bread(block 64) failed [ 134.006290][ T2181] FAT-fs (loop3): Directory bread(block 65) failed [ 134.012830][ T2181] FAT-fs (loop3): Directory bread(block 66) failed [ 134.019271][ T2181] FAT-fs (loop3): Directory bread(block 67) failed [ 134.025752][ T2181] FAT-fs (loop3): Directory bread(block 68) failed [ 134.032211][ T2181] FAT-fs (loop3): Directory bread(block 69) failed [ 134.038715][ T2181] FAT-fs (loop3): Directory bread(block 70) failed [ 134.045122][ T2181] FAT-fs (loop3): Directory bread(block 71) failed [ 134.051639][ T2181] FAT-fs (loop3): Directory bread(block 72) failed [ 134.058041][ T2181] FAT-fs (loop3): Directory bread(block 73) failed [ 134.420054][ T2187] netlink: 200 bytes leftover after parsing attributes in process `syz.1.574'. [ 134.463706][ T2187] loop1: detected capacity change from 0 to 8192 [ 134.517791][ T2187] loop1: p1 p3 p4 [ 134.521421][ T2187] loop1: p1 start 51379968 is beyond EOD, truncated [ 134.579883][ T2187] loop1: p3 size 15991040 extends beyond EOD, truncated [ 134.591220][ T2187] loop1: p4 start 16711680 is beyond EOD, truncated [ 134.599899][ T2193] 9pnet_fd: Insufficient options for proto=fd [ 134.887568][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 134.887584][ T28] audit: type=1400 audit(2000000032.380:547): avc: denied { read write } for pid=2213 comm="syz.1.585" name="vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 134.922557][ T28] audit: type=1400 audit(2000000032.380:548): avc: denied { open } for pid=2213 comm="syz.1.585" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 134.951505][ T28] audit: type=1400 audit(2000000032.410:549): avc: denied { ioctl } for pid=2213 comm="syz.1.585" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 135.264588][ T2214] loop1: detected capacity change from 0 to 40427 [ 135.271814][ T2214] F2FS-fs (loop1): fault_type options not supported [ 135.279908][ T2224] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 135.290191][ T2214] F2FS-fs (loop1): invalid crc value [ 135.300296][ T2214] F2FS-fs (loop1): Found nat_bits in checkpoint [ 135.352022][ T2214] F2FS-fs (loop1): Start checkpoint disabled! [ 135.358692][ T2214] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 135.487132][ T28] audit: type=1400 audit(2000000032.950:550): avc: denied { write } for pid=2230 comm="syz.2.590" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 135.521150][ T28] audit: type=1400 audit(2000000032.950:551): avc: denied { add_name } for pid=2230 comm="syz.2.590" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 135.576920][ T28] audit: type=1400 audit(2000000032.950:552): avc: denied { associate } for pid=2230 comm="syz.2.590" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 135.626830][ T2237] loop0: detected capacity change from 0 to 256 [ 135.654134][ T2237] FAT-fs (loop0): Directory bread(block 64) failed [ 135.660600][ T2237] FAT-fs (loop0): Directory bread(block 65) failed [ 135.667159][ T2237] FAT-fs (loop0): Directory bread(block 66) failed [ 135.673527][ T2237] FAT-fs (loop0): Directory bread(block 67) failed [ 135.680045][ T2237] FAT-fs (loop0): Directory bread(block 68) failed [ 135.686668][ T2237] FAT-fs (loop0): Directory bread(block 69) failed [ 135.693184][ T2237] FAT-fs (loop0): Directory bread(block 70) failed [ 135.699587][ T2237] FAT-fs (loop0): Directory bread(block 71) failed [ 135.706055][ T2237] FAT-fs (loop0): Directory bread(block 72) failed [ 135.712455][ T2237] FAT-fs (loop0): Directory bread(block 73) failed [ 137.075729][ T2246] device pim6reg1 entered promiscuous mode [ 137.087675][ T28] audit: type=1400 audit(2000000034.580:553): avc: denied { write } for pid=2238 comm="syz.2.593" name="001" dev="devtmpfs" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 137.359911][ T28] audit: type=1400 audit(2000000034.820:554): avc: denied { read write } for pid=2241 comm="syz.4.594" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 137.514964][ T28] audit: type=1400 audit(2000000034.820:555): avc: denied { open } for pid=2241 comm="syz.4.594" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 137.555010][ T28] audit: type=1400 audit(2000000034.830:556): avc: denied { ioctl } for pid=2241 comm="syz.4.594" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 137.822446][ T2114] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 138.016883][ T2114] usb 1-1: device descriptor read/64, error -71 [ 138.386848][ T2114] usb 1-1: device descriptor read/64, error -71 [ 138.468772][ T2282] loop3: detected capacity change from 0 to 128 [ 138.862269][ T2289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.609'. [ 138.872025][ T2114] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 138.883126][ T2292] 9pnet_fd: Insufficient options for proto=fd [ 138.966757][ T2302] syz.4.608[2302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.967085][ T2302] syz.4.608[2302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.046934][ T2114] usb 1-1: device descriptor read/64, error -71 [ 139.284438][ T2306] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 139.365456][ T2312] loop3: detected capacity change from 0 to 128 [ 139.366853][ T2114] usb 1-1: device descriptor read/64, error -71 [ 139.532412][ T2114] usb usb1-port1: attempt power cycle [ 139.547393][ T2310] loop2: detected capacity change from 0 to 40427 [ 139.570280][ T2310] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 139.577361][ T2310] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 139.589988][ T2310] F2FS-fs (loop2): invalid crc value [ 139.596521][ T2310] F2FS-fs (loop2): Found nat_bits in checkpoint [ 140.461185][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 140.461212][ T28] audit: type=1400 audit(2000000037.950:561): avc: denied { read write } for pid=294 comm="syz-executor" name="loop4" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 140.562524][ T28] audit: type=1400 audit(2000000037.950:562): avc: denied { open } for pid=294 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 140.609299][ T28] audit: type=1400 audit(2000000037.950:563): avc: denied { ioctl } for pid=294 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 140.674301][ T2310] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 140.687859][ T2310] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 140.696457][ T2335] device pim6reg1 entered promiscuous mode [ 140.705526][ T28] audit: type=1400 audit(2000000037.990:564): avc: denied { append } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 140.728358][ T28] audit: type=1400 audit(2000000038.010:565): avc: denied { bpf } for pid=2323 comm="syz.4.618" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 140.748616][ T28] audit: type=1400 audit(2000000038.010:566): avc: denied { prog_load } for pid=2323 comm="syz.4.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 140.767697][ T28] audit: type=1400 audit(2000000038.010:567): avc: denied { perfmon } for pid=2323 comm="syz.4.618" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 140.791045][ T28] audit: type=1400 audit(2000000038.040:568): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 140.813982][ T28] audit: type=1400 audit(2000000038.060:569): avc: denied { map_create } for pid=2327 comm="syz.3.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 140.834883][ T28] audit: type=1400 audit(2000000038.060:570): avc: denied { map_read map_write } for pid=2327 comm="syz.3.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 140.893464][ T2339] 9pnet_fd: Insufficient options for proto=fd [ 141.202815][ T2351] loop2: detected capacity change from 0 to 128 [ 142.903981][ T301] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 143.025697][ T2375] device pim6reg1 entered promiscuous mode [ 143.039205][ T2377] 9pnet_fd: Insufficient options for proto=fd [ 143.086893][ T301] usb 5-1: device descriptor read/64, error -71 [ 143.458963][ T2399] loop1: detected capacity change from 0 to 2048 [ 143.507475][ T2399] loop1: p2 < > [ 143.620786][ T301] usb 5-1: device descriptor read/64, error -71 [ 144.166887][ T301] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 144.177831][ T2417] 9pnet_fd: Insufficient options for proto=fd [ 144.205671][ T2420] loop1: detected capacity change from 0 to 1024 [ 144.221588][ T2420] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 144.336835][ T301] usb 5-1: device descriptor read/64, error -71 [ 144.735137][ T2428] tipc: Enabled bearer , priority 0 [ 144.804811][ T2428] device syzkaller0 entered promiscuous mode [ 144.825811][ T2428] tipc: Resetting bearer [ 144.852210][ T2427] tipc: Resetting bearer [ 144.905692][ T2427] tipc: Disabling bearer [ 145.083297][ T2437] loop2: detected capacity change from 0 to 256 [ 145.159404][ T2437] FAT-fs (loop2): Directory bread(block 64) failed [ 145.165749][ T2437] FAT-fs (loop2): Directory bread(block 65) failed [ 145.174086][ T2437] FAT-fs (loop2): Directory bread(block 66) failed [ 145.181531][ T293] EXT4-fs (loop1): unmounting filesystem. [ 145.186407][ T2437] FAT-fs (loop2): Directory bread(block 67) failed [ 145.193620][ T2437] FAT-fs (loop2): Directory bread(block 68) failed [ 145.200254][ T2437] FAT-fs (loop2): Directory bread(block 69) failed [ 145.206722][ T2437] FAT-fs (loop2): Directory bread(block 70) failed [ 145.213840][ T2437] FAT-fs (loop2): Directory bread(block 71) failed [ 145.305698][ T2437] FAT-fs (loop2): Directory bread(block 72) failed [ 145.312126][ T2437] FAT-fs (loop2): Directory bread(block 73) failed [ 145.407406][ T2450] loop3: detected capacity change from 0 to 1024 [ 145.413952][ T2450] EXT4-fs: Ignoring removed nomblk_io_submit option [ 145.426656][ T2450] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 145.587004][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 145.587059][ T28] audit: type=1400 audit(2000000002.000:613): avc: denied { read write } for pid=2445 comm="syz.4.659" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 145.680855][ T28] audit: type=1400 audit(2000000002.000:614): avc: denied { open } for pid=2445 comm="syz.4.659" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 145.681452][ T2450] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 146.376147][ T28] audit: type=1400 audit(2000000002.860:615): avc: denied { write } for pid=2447 comm="syz.3.660" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 146.432923][ T28] audit: type=1400 audit(2000000002.890:616): avc: denied { add_name } for pid=2447 comm="syz.3.660" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 146.474123][ T28] audit: type=1400 audit(2000000002.890:617): avc: denied { create } for pid=2447 comm="syz.3.660" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 146.494128][ T28] audit: type=1400 audit(2000000002.890:618): avc: denied { read write } for pid=2447 comm="syz.3.660" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 146.801278][ T28] audit: type=1400 audit(2000000002.890:619): avc: denied { open } for pid=2447 comm="syz.3.660" path="/136/file1/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 147.268452][ T28] audit: type=1400 audit(2000000002.900:620): avc: denied { ioctl } for pid=2447 comm="syz.3.660" path="/136/file1/file1" dev="loop3" ino=15 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 147.293049][ T28] audit: type=1400 audit(2000000003.180:621): avc: denied { create } for pid=2447 comm="syz.3.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 147.334193][ T28] audit: type=1400 audit(2000000003.200:622): avc: denied { bind } for pid=2447 comm="syz.3.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 147.499488][ T292] EXT4-fs (loop3): unmounting filesystem. [ 147.620151][ T743] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 147.622647][ T2484] loop3: detected capacity change from 0 to 1024 [ 147.631484][ T743] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 147.650603][ T743] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.02 Device [syz1] on syz1 [ 147.714260][ T2484] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 147.762758][ T2494] netlink: 28 bytes leftover after parsing attributes in process `syz.0.673'. [ 147.771820][ T2494] netlink: 16 bytes leftover after parsing attributes in process `syz.0.673'. [ 147.820297][ T2501] loop0: detected capacity change from 0 to 128 [ 149.002923][ T2527] 9pnet_fd: Insufficient options for proto=fd [ 149.042130][ T2531] netlink: 200 bytes leftover after parsing attributes in process `syz.4.685'. [ 149.137104][ T2531] loop4: detected capacity change from 0 to 8192 [ 149.203604][ T292] EXT4-fs (loop3): unmounting filesystem. [ 149.217899][ T2531] loop4: p1 p3 p4 [ 149.224672][ T2531] loop4: p1 start 51379968 is beyond EOD, truncated [ 149.248195][ T2531] loop4: p3 size 15991040 extends beyond EOD, truncated [ 149.265695][ T2531] loop4: p4 start 16711680 is beyond EOD, truncated [ 149.325702][ T2548] loop2: detected capacity change from 0 to 128 [ 149.991212][ T2560] loop0: detected capacity change from 0 to 512 [ 150.009687][ T2560] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 150.018554][ T2560] ext4 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.325878][ T2584] tipc: Enabled bearer , priority 0 [ 150.348209][ T2584] device syzkaller0 entered promiscuous mode [ 150.354333][ T2584] tipc: Resetting bearer [ 150.362671][ T2583] tipc: Resetting bearer [ 150.386295][ T2583] tipc: Disabling bearer [ 150.831458][ T2601] netlink: 24 bytes leftover after parsing attributes in process `syz.2.708'. [ 151.024943][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 151.025009][ T28] audit: type=1400 audit(2000000001.740:633): avc: denied { create } for pid=2598 comm="syz.2.708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 151.097044][ T290] EXT4-fs (loop0): unmounting filesystem. [ 151.337987][ T2620] loop4: detected capacity change from 0 to 128 [ 152.402479][ T2627] loop2: detected capacity change from 0 to 40427 [ 152.427150][ T2627] F2FS-fs (loop2): heap/no_heap options were deprecated [ 152.445429][ T2627] F2FS-fs (loop2): heap/no_heap options were deprecated [ 153.163156][ T2642] 9pnet_fd: Insufficient options for proto=fd [ 153.186748][ T2627] F2FS-fs (loop2): invalid crc value [ 153.292977][ T2627] F2FS-fs (loop2): Found nat_bits in checkpoint [ 153.300015][ T2658] netlink: 28 bytes leftover after parsing attributes in process `syz.3.728'. [ 153.310587][ T28] audit: type=1400 audit(2000000004.250:634): avc: denied { write } for pid=2637 comm="syz.1.722" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 153.515757][ T2627] F2FS-fs (loop2): Start checkpoint disabled! [ 153.620015][ T28] audit: type=1400 audit(2000000004.290:635): avc: denied { read write } for pid=2659 comm="syz.0.729" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 153.655160][ T2669] loop3: detected capacity change from 0 to 1024 [ 153.661529][ T2627] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 153.661569][ T28] audit: type=1400 audit(2000000004.290:636): avc: denied { open } for pid=2659 comm="syz.0.729" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 153.707264][ T28] audit: type=1400 audit(2000000004.300:637): avc: denied { mount } for pid=2659 comm="syz.0.729" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 153.743696][ T28] audit: type=1400 audit(2000000004.560:638): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 153.763627][ T28] audit: type=1400 audit(2000000004.650:639): avc: denied { create } for pid=2670 comm="syz.0.731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 153.784449][ T28] audit: type=1400 audit(2000000004.650:640): avc: denied { ioctl } for pid=2670 comm="syz.0.731" path="socket:[24183]" dev="sockfs" ino=24183 ioctlcmd=0x8955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 153.807895][ T2669] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 153.809893][ T28] audit: type=1400 audit(2000000004.670:641): avc: denied { create } for pid=2626 comm="syz.2.718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 153.838169][ T28] audit: type=1400 audit(2000000004.670:642): avc: denied { setopt } for pid=2626 comm="syz.2.718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 153.894082][ T2679] loop2: detected capacity change from 0 to 128 [ 156.680762][ T292] EXT4-fs (loop3): unmounting filesystem. [ 156.850738][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 156.850755][ T28] audit: type=1400 audit(2000000000.000:649): avc: denied { read write } for pid=2704 comm="syz.2.742" name="uinput" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 156.851718][ T2709] input: syz0 as /devices/virtual/input/input11 [ 156.856624][ T28] audit: type=1400 audit(2000000000.000:650): avc: denied { open } for pid=2704 comm="syz.2.742" path="/dev/uinput" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 156.895917][ T2712] loop3: detected capacity change from 0 to 256 [ 156.918127][ T2714] 9pnet_fd: Insufficient options for proto=fd [ 156.946054][ T28] audit: type=1400 audit(2000000000.000:651): avc: denied { ioctl } for pid=2704 comm="syz.2.742" path="/dev/uinput" dev="devtmpfs" ino=258 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 156.970967][ T28] audit: type=1400 audit(2000000000.070:652): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=623 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 156.993769][ T28] audit: type=1400 audit(2000000000.070:653): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=623 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 157.018533][ T2712] FAT-fs (loop3): Directory bread(block 64) failed [ 157.026038][ T2712] FAT-fs (loop3): Directory bread(block 65) failed [ 157.039066][ T2721] loop1: detected capacity change from 0 to 256 [ 157.045266][ T2712] FAT-fs (loop3): Directory bread(block 66) failed [ 157.063850][ T2721] exfat: Deprecated parameter 'utf8' [ 157.069204][ T28] audit: type=1400 audit(2000000000.070:654): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=623 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 157.075025][ T2712] FAT-fs (loop3): Directory bread(block 67) failed [ 157.094017][ T28] audit: type=1400 audit(2000000000.140:655): avc: denied { ioctl } for pid=2720 comm="syz.1.749" path="socket:[23315]" dev="sockfs" ino=23315 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 157.108555][ T2721] exfat: Deprecated parameter 'namecase' [ 157.125228][ T28] audit: type=1400 audit(2000000000.180:656): avc: denied { create } for pid=2720 comm="syz.1.749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 157.130173][ T2721] exfat: Deprecated parameter 'namecase' [ 157.152635][ T28] audit: type=1400 audit(2000000000.180:657): avc: denied { bind } for pid=2720 comm="syz.1.749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 157.154782][ T2712] FAT-fs (loop3): Directory bread(block 68) failed [ 157.174289][ T28] audit: type=1400 audit(2000000000.180:658): avc: denied { name_bind } for pid=2720 comm="syz.1.749" src=28324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 157.200970][ T2721] exfat: Deprecated parameter 'utf8' [ 157.208575][ T2721] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 157.234377][ T2712] FAT-fs (loop3): Directory bread(block 69) failed [ 157.299855][ T2712] FAT-fs (loop3): Directory bread(block 70) failed [ 157.341765][ T2712] FAT-fs (loop3): Directory bread(block 71) failed [ 157.348446][ T2712] FAT-fs (loop3): Directory bread(block 72) failed [ 157.355163][ T2712] FAT-fs (loop3): Directory bread(block 73) failed [ 158.362277][ T2740] loop0: detected capacity change from 0 to 1024 [ 158.465111][ T2740] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 158.607420][ T414] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 158.713012][ T8] kworker/u4:0: attempt to access beyond end of device [ 158.713012][ T8] loop3: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 160.835119][ T2750] syz.2.756[2750] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 160.835290][ T2750] syz.2.756[2750] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 160.848815][ T2027] Bluetooth: hci0: command 0x1003 tx timeout [ 160.897022][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 160.921648][ T290] EXT4-fs (loop0): unmounting filesystem. [ 161.014978][ T8] kworker/u4:0: attempt to access beyond end of device [ 161.014978][ T8] loop3: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 161.059965][ T414] usb 5-1: device descriptor read/all, error -71 [ 161.135313][ T2767] netlink: 12 bytes leftover after parsing attributes in process `syz.3.762'. [ 161.164256][ T2769] 9pnet_fd: Insufficient options for proto=fd [ 161.186041][ T2777] loop3: detected capacity change from 0 to 256 [ 161.204664][ T2777] FAT-fs (loop3): Directory bread(block 64) failed [ 161.227647][ T2777] FAT-fs (loop3): Directory bread(block 65) failed [ 161.237532][ T2777] FAT-fs (loop3): Directory bread(block 66) failed [ 161.243944][ T2777] FAT-fs (loop3): Directory bread(block 67) failed [ 161.250636][ T2777] FAT-fs (loop3): Directory bread(block 68) failed [ 161.257304][ T2777] FAT-fs (loop3): Directory bread(block 69) failed [ 161.281593][ T2777] FAT-fs (loop3): Directory bread(block 70) failed [ 161.301080][ T2777] FAT-fs (loop3): Directory bread(block 71) failed [ 161.307721][ T2777] FAT-fs (loop3): Directory bread(block 72) failed [ 161.314209][ T2777] FAT-fs (loop3): Directory bread(block 73) failed [ 161.400158][ T2786] loop2: detected capacity change from 0 to 1024 [ 161.443187][ T2790] hub 2-0:1.0: USB hub found [ 161.463528][ T2790] hub 2-0:1.0: 1 port detected [ 161.568689][ T2786] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 161.814081][ T2796] syz.1.773[2796] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 161.818587][ T2796] syz.1.773[2796] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.642698][ T556] kworker/u4:6: attempt to access beyond end of device [ 162.642698][ T556] loop3: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 162.668808][ T556] kworker/u4:6: attempt to access beyond end of device [ 162.668808][ T556] loop3: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 162.709226][ T2802] input: syz0 as /devices/virtual/input/input13 [ 162.782166][ T2812] netlink: 12 bytes leftover after parsing attributes in process `syz.1.779'. [ 162.811237][ T291] EXT4-fs (loop2): unmounting filesystem. [ 162.828747][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 162.828761][ T28] audit: type=1400 audit(2000000000.120:669): avc: denied { mounton } for pid=2814 comm="syz.4.783" path="/120/file0" dev="tmpfs" ino=673 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 162.929334][ T2829] loop3: detected capacity change from 0 to 256 [ 162.941591][ T2829] FAT-fs (loop3): Directory bread(block 64) failed [ 162.948325][ T2829] FAT-fs (loop3): Directory bread(block 65) failed [ 162.954742][ T2829] FAT-fs (loop3): Directory bread(block 66) failed [ 163.028383][ T2829] FAT-fs (loop3): Directory bread(block 67) failed [ 163.079727][ T2829] FAT-fs (loop3): Directory bread(block 68) failed [ 163.086378][ T2829] FAT-fs (loop3): Directory bread(block 69) failed [ 163.096931][ T2829] FAT-fs (loop3): Directory bread(block 70) failed [ 163.104883][ T2829] FAT-fs (loop3): Directory bread(block 71) failed [ 163.112379][ T2829] FAT-fs (loop3): Directory bread(block 72) failed [ 163.119016][ T2829] FAT-fs (loop3): Directory bread(block 73) failed [ 163.646919][ T856] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 163.837950][ T2844] loop2: detected capacity change from 0 to 1024 [ 163.849226][ T325] kworker/u4:4: attempt to access beyond end of device [ 163.849226][ T325] loop3: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 163.931908][ T325] kworker/u4:4: attempt to access beyond end of device [ 163.931908][ T325] loop3: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 163.965289][ T2844] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 164.196833][ T856] usb 5-1: Using ep0 maxpacket: 8 [ 164.207053][ T856] usb 5-1: no configurations [ 164.209860][ T2857] netlink: 200 bytes leftover after parsing attributes in process `syz.1.793'. [ 164.211467][ T856] usb 5-1: can't read configurations, error -22 [ 164.336352][ T2857] loop1: detected capacity change from 0 to 8192 [ 164.356856][ T856] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 164.407131][ T2857] loop1: p1 p3 p4 [ 164.410800][ T2857] loop1: p1 start 51379968 is beyond EOD, truncated [ 164.430283][ T2857] loop1: p3 size 15991040 extends beyond EOD, truncated [ 164.454718][ T2857] loop1: p4 start 16711680 is beyond EOD, truncated [ 164.546834][ T856] usb 5-1: Using ep0 maxpacket: 8 [ 164.552860][ T856] usb 5-1: no configurations [ 164.561266][ T856] usb 5-1: can't read configurations, error -22 [ 164.569273][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 164.606917][ T856] usb usb5-port1: attempt power cycle [ 165.026911][ T856] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 165.065868][ T856] usb 5-1: Using ep0 maxpacket: 8 [ 165.074153][ T856] usb 5-1: no configurations [ 165.081965][ T856] usb 5-1: can't read configurations, error -22 [ 165.108265][ T2880] loop0: detected capacity change from 0 to 128 [ 165.220697][ T291] EXT4-fs (loop2): unmounting filesystem. [ 165.398549][ T856] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 165.405663][ T2886] loop2: detected capacity change from 0 to 128 [ 165.521557][ T856] usb 5-1: Using ep0 maxpacket: 8 [ 165.527428][ T856] usb 5-1: no configurations [ 165.531952][ T856] usb 5-1: can't read configurations, error -22 [ 165.550529][ T856] usb usb5-port1: unable to enumerate USB device [ 166.697786][ T2897] netlink: 4 bytes leftover after parsing attributes in process `syz.4.808'. [ 166.707402][ T2896] 9pnet_fd: Insufficient options for proto=fd [ 166.711506][ T2899] loop3: detected capacity change from 0 to 256 [ 166.733899][ T2897] device bridge_slave_1 left promiscuous mode [ 166.741552][ T2899] FAT-fs (loop3): Directory bread(block 64) failed [ 166.744997][ T2897] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.753400][ T2899] FAT-fs (loop3): Directory bread(block 65) failed [ 166.766443][ T28] audit: type=1400 audit(2000000000.000:670): avc: denied { write } for pid=2902 comm="syz.2.811" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 166.791708][ T2897] device bridge_slave_0 left promiscuous mode [ 166.795498][ T2899] FAT-fs (loop3): Directory bread(block 66) failed [ 166.815064][ T2897] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.823416][ T2899] FAT-fs (loop3): Directory bread(block 67) failed [ 166.826236][ T2909] loop2: detected capacity change from 0 to 1024 [ 166.836892][ T2899] FAT-fs (loop3): Directory bread(block 68) failed [ 166.852434][ T2899] FAT-fs (loop3): Directory bread(block 69) failed [ 166.860444][ T2899] FAT-fs (loop3): Directory bread(block 70) failed [ 166.867283][ T2899] FAT-fs (loop3): Directory bread(block 71) failed [ 166.874430][ T2909] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 166.886197][ T2899] FAT-fs (loop3): Directory bread(block 72) failed [ 166.892790][ T2899] FAT-fs (loop3): Directory bread(block 73) failed [ 167.435737][ T28] audit: type=1326 audit(2000000000.670:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2927 comm="syz.1.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 167.466698][ T28] audit: type=1326 audit(2000000000.710:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2927 comm="syz.1.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 167.499641][ T28] audit: type=1326 audit(2000000000.710:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2927 comm="syz.1.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 167.607685][ T317] kworker/u4:3: attempt to access beyond end of device [ 167.607685][ T317] loop3: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 167.622560][ T317] kworker/u4:3: attempt to access beyond end of device [ 167.622560][ T317] loop3: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 167.947111][ T2752] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 167.988277][ T28] audit: type=1400 audit(2000000001.230:674): avc: denied { create } for pid=2936 comm="syz.3.822" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 168.024790][ T28] audit: type=1400 audit(2000000001.260:675): avc: denied { ioctl } for pid=2936 comm="syz.3.822" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=24916 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 168.156839][ T2752] usb 5-1: Using ep0 maxpacket: 8 [ 168.162140][ T2752] usb 5-1: no configurations [ 168.166553][ T2752] usb 5-1: can't read configurations, error -22 [ 168.284604][ T2949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.827'. [ 168.293346][ T2949] device bridge_slave_1 left promiscuous mode [ 168.299477][ T2949] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.307218][ T2949] device bridge_slave_0 left promiscuous mode [ 168.313230][ T2949] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.326869][ T2752] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 168.438301][ T28] audit: type=1326 audit(2000000000.360:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2955 comm="syz.1.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 168.493068][ T28] audit: type=1326 audit(2000000000.360:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2955 comm="syz.1.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 168.536826][ T2752] usb 5-1: Using ep0 maxpacket: 8 [ 168.545077][ T2752] usb 5-1: no configurations [ 168.550714][ T28] audit: type=1326 audit(2000000000.380:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2955 comm="syz.1.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 168.573745][ T2752] usb 5-1: can't read configurations, error -22 [ 168.587151][ T2752] usb usb5-port1: attempt power cycle [ 168.600323][ T28] audit: type=1326 audit(2000000000.380:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2955 comm="syz.1.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 168.628889][ T28] audit: type=1326 audit(2000000000.380:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2955 comm="syz.1.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 168.655024][ T291] EXT4-fs (loop2): unmounting filesystem. [ 168.660951][ T28] audit: type=1400 audit(2000000000.460:681): avc: denied { map } for pid=2961 comm="syz.1.833" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=25678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 168.685320][ T28] audit: type=1400 audit(2000000000.460:682): avc: denied { read write } for pid=2961 comm="syz.1.833" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=25678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 168.710443][ T28] audit: type=1326 audit(2000000000.460:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2961 comm="syz.1.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5c1785d19 code=0x7ffc0000 [ 168.750282][ T2974] loop1: detected capacity change from 0 to 256 [ 168.769293][ T2974] FAT-fs (loop1): Directory bread(block 64) failed [ 168.775741][ T2974] FAT-fs (loop1): Directory bread(block 65) failed [ 168.782335][ T2974] FAT-fs (loop1): Directory bread(block 66) failed [ 168.999677][ T2974] FAT-fs (loop1): Directory bread(block 67) failed [ 169.006501][ T2974] FAT-fs (loop1): Directory bread(block 68) failed [ 169.013432][ T2974] FAT-fs (loop1): Directory bread(block 69) failed [ 169.103154][ T2974] FAT-fs (loop1): Directory bread(block 70) failed [ 169.144221][ T2974] FAT-fs (loop1): Directory bread(block 71) failed [ 169.179291][ T2974] FAT-fs (loop1): Directory bread(block 72) failed [ 169.213127][ T2974] FAT-fs (loop1): Directory bread(block 73) failed [ 169.406868][ T2752] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 169.427549][ T2992] netlink: 4 bytes leftover after parsing attributes in process `syz.0.844'. [ 169.436253][ T2992] device bridge_slave_1 left promiscuous mode [ 169.442384][ T2992] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.448590][ T2752] usb 5-1: Using ep0 maxpacket: 8 [ 169.454584][ T2752] usb 5-1: no configurations [ 169.482992][ T2992] device bridge_slave_0 left promiscuous mode [ 169.489549][ T2992] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.694590][ T2752] usb 5-1: can't read configurations, error -22 [ 169.791675][ T3005] loop2: detected capacity change from 0 to 1024 [ 169.846876][ T2752] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 169.857859][ T3005] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 169.870773][ T3015] netlink: 200 bytes leftover after parsing attributes in process `syz.1.852'. [ 169.887379][ T2752] usb 5-1: Using ep0 maxpacket: 8 [ 169.894571][ T2752] usb 5-1: no configurations [ 169.899366][ T2752] usb 5-1: can't read configurations, error -22 [ 169.905524][ T2752] usb usb5-port1: unable to enumerate USB device [ 169.924125][ T3017] syz.3.854[3017] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 169.924250][ T3017] syz.3.854[3017] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 169.948932][ T3015] loop1: detected capacity change from 0 to 8192 [ 169.969222][ T3017] device pim6reg1 entered promiscuous mode [ 170.007969][ T3015] loop1: p1 p3 p4 [ 170.012369][ T3015] loop1: p1 start 51379968 is beyond EOD, truncated [ 170.018900][ T3015] loop1: p3 size 15991040 extends beyond EOD, truncated [ 170.027218][ T3015] loop1: p4 start 16711680 is beyond EOD, truncated [ 170.047560][ T102] loop1: p1 p3 p4 [ 170.051190][ T102] loop1: p1 start 51379968 is beyond EOD, truncated [ 170.074780][ T102] loop1: p3 size 15991040 extends beyond EOD, truncated [ 170.083499][ T102] loop1: p4 start 16711680 is beyond EOD, truncated [ 170.537657][ T3029] loop1: detected capacity change from 0 to 256 [ 170.551781][ T742] Bluetooth: hci0: Frame reassembly failed (-84) [ 170.563599][ T3029] FAT-fs (loop1): Directory bread(block 64) failed [ 170.570742][ T3029] FAT-fs (loop1): Directory bread(block 65) failed [ 170.577214][ T3029] FAT-fs (loop1): Directory bread(block 66) failed [ 170.583612][ T3029] FAT-fs (loop1): Directory bread(block 67) failed [ 170.590014][ T3029] FAT-fs (loop1): Directory bread(block 68) failed [ 170.596399][ T3029] FAT-fs (loop1): Directory bread(block 69) failed [ 170.602843][ T3029] FAT-fs (loop1): Directory bread(block 70) failed [ 170.609302][ T3029] FAT-fs (loop1): Directory bread(block 71) failed [ 170.615740][ T3029] FAT-fs (loop1): Directory bread(block 72) failed [ 170.622091][ T3029] FAT-fs (loop1): Directory bread(block 73) failed [ 170.757887][ T3038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.861'. [ 171.143665][ T3047] syz.3.865[3047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.143739][ T3047] syz.3.865[3047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.175533][ T3050] netlink: 200 bytes leftover after parsing attributes in process `syz.0.866'. [ 171.197187][ T3047] device pim6reg1 entered promiscuous mode [ 171.232770][ T3050] loop0: detected capacity change from 0 to 8192 [ 171.277920][ T3050] loop0: p1 p3 p4 [ 171.284668][ T3050] loop0: p1 start 51379968 is beyond EOD, truncated [ 171.299661][ T3050] loop0: p3 size 15991040 extends beyond EOD, truncated [ 171.319519][ T3050] loop0: p4 start 16711680 is beyond EOD, truncated [ 171.411863][ T742] kworker/u4:7: attempt to access beyond end of device [ 171.411863][ T742] loop1: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 171.447695][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 171.458428][ T742] kworker/u4:7: attempt to access beyond end of device [ 171.458428][ T742] loop1: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 171.473922][ T1991] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 171.486897][ T1991] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 171.497487][ T1991] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.02 Device [syz1] on syz1 [ 171.527769][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 171.541212][ T291] EXT4-fs (loop2): unmounting filesystem. [ 172.121476][ T3073] input: syz0 as /devices/virtual/input/input14 [ 172.221019][ T3087] netlink: 200 bytes leftover after parsing attributes in process `syz.3.880'. [ 172.256586][ T3087] loop3: detected capacity change from 0 to 8192 [ 172.322042][ T3087] loop3: p1 p3 p4 [ 172.325716][ T3087] loop3: p1 start 51379968 is beyond EOD, truncated [ 172.332526][ T3087] loop3: p3 size 15991040 extends beyond EOD, truncated [ 172.345539][ T3087] loop3: p4 start 16711680 is beyond EOD, truncated [ 172.377094][ T3098] loop3: detected capacity change from 0 to 128 [ 172.377682][ T1136] udevd[1136]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 173.342189][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 173.543943][ T3031] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 173.672470][ T3109] input: syz0 as /devices/virtual/input/input15 [ 173.880981][ T1991] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 173.894544][ T1991] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 174.059024][ T3133] loop3: detected capacity change from 0 to 256 [ 174.070534][ T1991] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.02 Device [syz1] on syz1 [ 174.150097][ T3133] FAT-fs (loop3): Directory bread(block 64) failed [ 174.156568][ T3133] FAT-fs (loop3): Directory bread(block 65) failed [ 174.162077][ T317] Bluetooth: hci0: Frame reassembly failed (-84) [ 174.163289][ T3133] FAT-fs (loop3): Directory bread(block 66) failed [ 174.175448][ T3133] FAT-fs (loop3): Directory bread(block 67) failed [ 174.182018][ T3133] FAT-fs (loop3): Directory bread(block 68) failed [ 174.188476][ T3133] FAT-fs (loop3): Directory bread(block 69) failed [ 174.195362][ T3133] FAT-fs (loop3): Directory bread(block 70) failed [ 174.202420][ T3133] FAT-fs (loop3): Directory bread(block 71) failed [ 174.211928][ T3133] FAT-fs (loop3): Directory bread(block 72) failed [ 174.218618][ T3133] FAT-fs (loop3): Directory bread(block 73) failed [ 174.779257][ T3151] loop4: detected capacity change from 0 to 1024 [ 174.785702][ T3151] EXT4-fs: Ignoring removed nomblk_io_submit option [ 174.792858][ T3151] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 174.808501][ T3151] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 174.828623][ T294] EXT4-fs (loop4): unmounting filesystem. [ 174.881211][ T556] kworker/u4:6: attempt to access beyond end of device [ 174.881211][ T556] loop3: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 174.886172][ T3161] loop4: detected capacity change from 0 to 128 [ 174.896498][ T556] kworker/u4:6: attempt to access beyond end of device [ 174.896498][ T556] loop3: rw=1, sector=1864, nr_sectors = 1444 limit=256 [ 175.394051][ T3181] loop3: detected capacity change from 0 to 128 [ 175.919147][ T3200] loop1: detected capacity change from 0 to 16 [ 175.925951][ T3200] erofs: (device loop1): mounted with root inode @ nid 36. [ 176.293414][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 176.333184][ T2027] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 176.591406][ T3140] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 176.770346][ T3227] loop3: detected capacity change from 0 to 128 [ 176.829868][ T3229] netlink: 200 bytes leftover after parsing attributes in process `syz.4.926'. [ 176.881583][ T3229] loop4: detected capacity change from 0 to 8192 [ 176.901704][ T3236] loop2: detected capacity change from 0 to 128 [ 177.819450][ T3229] loop4: p1 p3 p4 [ 177.823090][ T3229] loop4: p1 start 51379968 is beyond EOD, truncated [ 177.833344][ T3229] loop4: p3 size 15991040 extends beyond EOD, truncated [ 177.863771][ T3229] loop4: p4 start 16711680 is beyond EOD, truncated [ 177.896761][ T3252] incfs: Backing dir is not set, filesystem can't be mounted. [ 177.905188][ T3252] incfs: mount failed -2 [ 177.911685][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 177.911697][ T28] audit: type=1400 audit(2000000008.180:701): avc: denied { remount } for pid=3251 comm="syz.1.933" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 178.180616][ T28] audit: type=1400 audit(2000000008.450:702): avc: denied { bind } for pid=3256 comm="syz.4.934" lport=127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 178.206313][ T28] audit: type=1400 audit(2000000008.450:703): avc: denied { node_bind } for pid=3256 comm="syz.4.934" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 178.230137][ T3262] loop4: detected capacity change from 0 to 128 [ 178.330074][ T28] audit: type=1400 audit(2000000008.600:704): avc: denied { append } for pid=3270 comm="syz.0.941" name="ptp0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 178.636806][ C1] ================================================================== [ 178.644709][ C1] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10 [ 178.651565][ C1] Write of size 8 at addr ffff888113abca00 by task syz.4.938/3262 [ 178.659200][ C1] [ 178.661379][ C1] CPU: 1 PID: 3262 Comm: syz.4.938 Not tainted 6.1.115-syzkaller-00017-g22b7ded8b55b #0 [ 178.670917][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.680814][ C1] Call Trace: [ 178.683942][ C1] [ 178.686624][ C1] dump_stack_lvl+0x151/0x1b7 [ 178.691141][ C1] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 178.696433][ C1] ? _printk+0xd1/0x111 [ 178.700428][ C1] ? __virt_addr_valid+0x242/0x2f0 [ 178.705372][ C1] print_report+0x158/0x4e0 [ 178.709711][ C1] ? __virt_addr_valid+0x242/0x2f0 [ 178.714664][ C1] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 178.720736][ C1] ? __run_timers+0x34a/0xa10 [ 178.725251][ C1] kasan_report+0x13c/0x170 [ 178.729592][ C1] ? __run_timers+0x34a/0xa10 [ 178.734108][ C1] __asan_report_store8_noabort+0x17/0x20 [ 178.739667][ C1] __run_timers+0x34a/0xa10 [ 178.744003][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 178.749033][ C1] ? calc_index+0x270/0x270 [ 178.753366][ C1] ? sched_clock+0x9/0x10 [ 178.757534][ C1] ? sched_clock_cpu+0x71/0x2b0 [ 178.762219][ C1] run_timer_softirq+0x69/0xf0 [ 178.766817][ C1] handle_softirqs+0x1db/0x650 [ 178.771419][ C1] ? irqtime_account_irq+0xdc/0x260 [ 178.776453][ C1] __irq_exit_rcu+0x52/0xf0 [ 178.780793][ C1] irq_exit_rcu+0x9/0x10 [ 178.784874][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 178.790341][ C1] [ 178.793118][ C1] [ 178.795896][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 178.801711][ C1] RIP: 0010:finish_task_switch+0x16f/0x7b0 [ 178.807352][ C1] Code: 74 08 4c 89 ff e8 c1 76 6c 00 49 8b 1f 48 85 db 4c 8b 6d c0 0f 85 ce 00 00 00 4c 89 e7 e8 59 3c d1 03 fb 49 8d 9d 48 0b 00 00 <48> 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df 42 0f b6 04 30 [ 178.826792][ C1] RSP: 0018:ffffc90000f57320 EFLAGS: 00000282 [ 178.832699][ C1] RAX: 0000000080000001 RBX: ffff88811b9d5c48 RCX: 0000000000000002 [ 178.840505][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001 [ 178.848316][ C1] RBP: ffffc90000f57370 R08: dffffc0000000000 R09: ffffed10211ae28e [ 178.856130][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f37c80 [ 178.863954][ C1] R13: ffff88811b9d5100 R14: 0000000000000000 R15: 1ffff1103ede4e65 [ 178.871756][ C1] ? requeue_task_rt+0x410/0x410 [ 178.876527][ C1] __schedule+0xcbd/0x1560 [ 178.880779][ C1] ? avc_denied+0x1b0/0x1b0 [ 178.885131][ C1] ? __sched_text_start+0x8/0x8 [ 178.889805][ C1] schedule+0xc3/0x180 [ 178.893716][ C1] schedule_timeout+0xa9/0x380 [ 178.898310][ C1] ? console_conditional_schedule+0x10/0x10 [ 178.904040][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 178.909682][ C1] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 178.915323][ C1] unix_wait_for_peer+0x24b/0x330 [ 178.920185][ C1] ? unix_find_other+0x8e0/0x8e0 [ 178.924957][ C1] ? wake_bit_function+0x230/0x230 [ 178.929915][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 178.935120][ C1] ? security_unix_may_send+0x7b/0xa0 [ 178.940322][ C1] unix_dgram_sendmsg+0x1348/0x2050 [ 178.945356][ C1] ? unix_dgram_poll+0x690/0x690 [ 178.950215][ C1] ? security_socket_sendmsg+0x82/0xb0 [ 178.955508][ C1] ? unix_dgram_poll+0x690/0x690 [ 178.960293][ C1] ____sys_sendmsg+0x5d3/0x9a0 [ 178.964886][ C1] ? __sys_sendmsg_sock+0x40/0x40 [ 178.969746][ C1] __sys_sendmmsg+0x3b9/0x6f0 [ 178.974259][ C1] ? __ia32_sys_sendmsg+0x90/0x90 [ 178.979119][ C1] ? futex_wait+0x4b7/0x7e0 [ 178.983459][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 178.989099][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 178.994316][ C1] ? do_futex+0x55a/0x9a0 [ 178.998481][ C1] ? fpregs_restore_userregs+0x130/0x290 [ 179.003944][ C1] __x64_sys_sendmmsg+0xa0/0xb0 [ 179.008631][ C1] x64_sys_call+0x81d/0x9a0 [ 179.012968][ C1] do_syscall_64+0x3b/0xb0 [ 179.017230][ C1] ? clear_bhb_loop+0x55/0xb0 [ 179.021733][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.027461][ C1] RIP: 0033:0x7f6b8c185d19 [ 179.031714][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.051156][ C1] RSP: 002b:00007f6b8cfc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 179.059409][ C1] RAX: ffffffffffffffda RBX: 00007f6b8c375fa0 RCX: 00007f6b8c185d19 [ 179.067215][ C1] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000005 [ 179.075029][ C1] RBP: 00007f6b8c201a20 R08: 0000000000000000 R09: 0000000000000000 [ 179.082836][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.090648][ C1] R13: 0000000000000000 R14: 00007f6b8c375fa0 R15: 00007ffe14b43cd8 [ 179.098464][ C1] [ 179.101327][ C1] [ 179.103493][ C1] Allocated by task 3140: [ 179.107660][ C1] kasan_set_track+0x4b/0x70 [ 179.112085][ C1] kasan_save_alloc_info+0x1f/0x30 [ 179.117032][ C1] __kasan_kmalloc+0x9c/0xb0 [ 179.121462][ C1] __kmalloc+0xb4/0x1e0 [ 179.125451][ C1] hci_alloc_dev_priv+0x27/0x1c00 [ 179.130311][ C1] hci_uart_tty_ioctl+0x401/0xa70 [ 179.135173][ C1] tty_ioctl+0x903/0xc50 [ 179.139250][ C1] __se_sys_ioctl+0x114/0x190 [ 179.143763][ C1] __x64_sys_ioctl+0x7b/0x90 [ 179.148191][ C1] x64_sys_call+0x98/0x9a0 [ 179.152443][ C1] do_syscall_64+0x3b/0xb0 [ 179.156699][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.162429][ C1] [ 179.164595][ C1] Freed by task 3140: [ 179.168413][ C1] kasan_set_track+0x4b/0x70 [ 179.172839][ C1] kasan_save_free_info+0x2b/0x40 [ 179.177703][ C1] ____kasan_slab_free+0x131/0x180 [ 179.182651][ C1] __kasan_slab_free+0x11/0x20 [ 179.187247][ C1] __kmem_cache_free+0x21d/0x410 [ 179.192021][ C1] kfree+0x7a/0xf0 [ 179.195582][ C1] hci_release_dev+0x14d3/0x1640 [ 179.200354][ C1] bt_host_release+0x83/0xa0 [ 179.204781][ C1] device_release+0x95/0x1c0 [ 179.209207][ C1] kobject_put+0x178/0x260 [ 179.213459][ C1] put_device+0x1f/0x30 [ 179.217455][ C1] hci_dev_cmd+0x2be/0x9b0 [ 179.221707][ C1] hci_sock_ioctl+0x415/0x7f0 [ 179.226218][ C1] sock_do_ioctl+0x152/0x450 [ 179.230646][ C1] sock_ioctl+0x455/0x740 [ 179.234811][ C1] __se_sys_ioctl+0x114/0x190 [ 179.239327][ C1] __x64_sys_ioctl+0x7b/0x90 [ 179.243751][ C1] x64_sys_call+0x98/0x9a0 [ 179.248005][ C1] do_syscall_64+0x3b/0xb0 [ 179.252259][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.257994][ C1] [ 179.260159][ C1] Last potentially related work creation: [ 179.265714][ C1] kasan_save_stack+0x3b/0x60 [ 179.270227][ C1] __kasan_record_aux_stack+0xb4/0xc0 [ 179.275432][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 179.281072][ C1] insert_work+0x56/0x310 [ 179.285248][ C1] __queue_work+0x9b6/0xd70 [ 179.289581][ C1] queue_work_on+0x105/0x170 [ 179.294005][ C1] __hci_cmd_sync_sk+0xc2a/0xf70 [ 179.298781][ C1] hci_cmd_sync_status+0x52/0x130 [ 179.303638][ C1] hci_dev_cmd+0x39e/0x9b0 [ 179.307892][ C1] hci_sock_ioctl+0x415/0x7f0 [ 179.312406][ C1] sock_do_ioctl+0x152/0x450 [ 179.316832][ C1] sock_ioctl+0x455/0x740 [ 179.320997][ C1] __se_sys_ioctl+0x114/0x190 [ 179.325513][ C1] __x64_sys_ioctl+0x7b/0x90 [ 179.329938][ C1] x64_sys_call+0x98/0x9a0 [ 179.334193][ C1] do_syscall_64+0x3b/0xb0 [ 179.338444][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 179.344173][ C1] [ 179.346342][ C1] Second to last potentially related work creation: [ 179.352767][ C1] kasan_save_stack+0x3b/0x60 [ 179.357278][ C1] __kasan_record_aux_stack+0xb4/0xc0 [ 179.362487][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 179.368127][ C1] insert_work+0x56/0x310 [ 179.372294][ C1] __queue_work+0x9b6/0xd70 [ 179.376634][ C1] queue_work_on+0x105/0x170 [ 179.381061][ C1] hci_cmd_timeout+0x199/0x200 [ 179.385661][ C1] process_one_work+0x73d/0xcb0 [ 179.390346][ C1] worker_thread+0xa60/0x1260 [ 179.394861][ C1] kthread+0x26d/0x300 [ 179.398770][ C1] ret_from_fork+0x1f/0x30 [ 179.403020][ C1] [ 179.405191][ C1] The buggy address belongs to the object at ffff888113abc000 [ 179.405191][ C1] which belongs to the cache kmalloc-8k of size 8192 [ 179.419076][ C1] The buggy address is located 2560 bytes inside of [ 179.419076][ C1] 8192-byte region [ffff888113abc000, ffff888113abe000) [ 179.432357][ C1] [ 179.434527][ C1] The buggy address belongs to the physical page: [ 179.440777][ C1] page:ffffea00044eae00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113ab8 [ 179.450842][ C1] head:ffffea00044eae00 order:3 compound_mapcount:0 compound_pincount:0 [ 179.459003][ C1] flags: 0x4000000000010200(slab|head|zone=1) [ 179.464909][ C1] raw: 4000000000010200 ffffea0004729200 dead000000000003 ffff888100043500 [ 179.473327][ C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 179.481741][ C1] page dumped because: kasan: bad access detected [ 179.487999][ C1] page_owner tracks the page as allocated [ 179.493557][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 322, tgid 318 (syz.0.1), ts 23620155434, free_ts 23132929664 [ 179.515512][ C1] post_alloc_hook+0x213/0x220 [ 179.520105][ C1] prep_new_page+0x1b/0x110 [ 179.524450][ C1] get_page_from_freelist+0x2980/0x2a10 [ 179.529825][ C1] __alloc_pages+0x234/0x610 [ 179.534253][ C1] alloc_slab_page+0x6c/0xf0 [ 179.538679][ C1] new_slab+0x90/0x3e0 [ 179.542601][ C1] ___slab_alloc+0x6f9/0xb80 [ 179.547019][ C1] __slab_alloc+0x5d/0xa0 [ 179.551443][ C1] __kmem_cache_alloc_node+0x207/0x2a0 [ 179.556734][ C1] __kmalloc_node+0xa3/0x1e0 [ 179.561158][ C1] kvmalloc_node+0x221/0x640 [ 179.565584][ C1] xdp_umem_create+0x842/0xec0 [ 179.570185][ C1] xsk_setsockopt+0x708/0x920 [ 179.574697][ C1] __sys_setsockopt+0x4dc/0x8b0 [ 179.579384][ C1] __x64_sys_setsockopt+0xbf/0xd0 [ 179.584244][ C1] x64_sys_call+0x1a2/0x9a0 [ 179.588587][ C1] page last free stack trace: [ 179.593108][ C1] free_unref_page_prepare+0x83d/0x850 [ 179.598392][ C1] free_unref_page+0xb2/0x5c0 [ 179.602905][ C1] __free_pages+0x61/0xf0 [ 179.607074][ C1] __free_slab+0xce/0x1a0 [ 179.611239][ C1] __unfreeze_partials+0x165/0x1a0 [ 179.616186][ C1] put_cpu_partial+0xa9/0x100 [ 179.620700][ C1] __slab_free+0x1c8/0x280 [ 179.624951][ C1] ___cache_free+0xc6/0xd0 [ 179.629206][ C1] qlist_free_all+0xc5/0x140 [ 179.633632][ C1] kasan_quarantine_reduce+0x15a/0x180 [ 179.638927][ C1] __kasan_slab_alloc+0x24/0x80 [ 179.643614][ C1] slab_post_alloc_hook+0x53/0x2c0 [ 179.648560][ C1] kmem_cache_alloc_node+0x188/0x330 [ 179.653682][ C1] __alloc_skb+0xcc/0x2d0 [ 179.657858][ C1] alloc_skb_with_frags+0xa6/0x680 [ 179.662795][ C1] sock_alloc_send_pskb+0x915/0xa50 [ 179.667829][ C1] [ 179.670000][ C1] Memory state around the buggy address: [ 179.675490][ C1] ffff888113abc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.683370][ C1] ffff888113abc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.691265][ C1] >ffff888113abca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.699162][ C1] ^ [ 179.703069][ C1] ffff888113abca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.710967][ C1] ffff888113abcb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.718863][ C1] ================================================================== [ 179.726762][ C1] Disabling lock debugging due to kernel taint [ 179.732827][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 179.744305][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 179.752549][ C1] CPU: 1 PID: 3262 Comm: syz.4.938 Tainted: G B 6.1.115-syzkaller-00017-g22b7ded8b55b #0 [ 179.763580][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 179.773471][ C1] RIP: 0010:__queue_work+0x4f1/0xd70 [ 179.778588][ C1] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 a3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 00 de 71 00 49 8b 3e e8 88 9c d6 [ 179.798028][ C1] RSP: 0018:ffffc900001b0c78 EFLAGS: 00010046 [ 179.803925][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88811b9d5100 [ 179.811742][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 179.819560][ C1] RBP: ffffc900001b0d00 R08: ffffffff814b185b R09: 0000000000000007 [ 179.827360][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888113abc9c8 [ 179.835172][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888113abc9e0 [ 179.842987][ C1] FS: 00007f6b8cfc16c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 179.851749][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.858173][ C1] CR2: 00007fc5c2678568 CR3: 000000011cb09000 CR4: 00000000003526a0 [ 179.865982][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 179.873803][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 179.873827][ C1] Call Trace: [ 179.873833][ C1] [ 179.873841][ C1] ? __die_body+0x62/0xb0 [ 179.891590][ C1] ? die_addr+0x9f/0xd0 [ 179.895581][ C1] ? exc_general_protection+0x317/0x4c0 [ 179.900972][ C1] ? asm_exc_general_protection+0x27/0x30 [ 179.906518][ C1] ? __queue_work+0x28b/0xd70 [ 179.911028][ C1] ? __queue_work+0x4f1/0xd70 [ 179.915547][ C1] ? __queue_work+0x29c/0xd70 [ 179.920059][ C1] delayed_work_timer_fn+0x61/0x80 [ 179.925005][ C1] ? queue_work_node+0x1d0/0x1d0 [ 179.929778][ C1] call_timer_fn+0x3b/0x2d0 [ 179.934141][ C1] ? queue_work_node+0x1d0/0x1d0 [ 179.938893][ C1] __run_timers+0x756/0xa10 [ 179.943238][ C1] ? calc_index+0x270/0x270 [ 179.947573][ C1] ? sched_clock+0x9/0x10 [ 179.951755][ C1] ? sched_clock_cpu+0x71/0x2b0 [ 179.956425][ C1] run_timer_softirq+0x69/0xf0 [ 179.961024][ C1] handle_softirqs+0x1db/0x650 [ 179.965623][ C1] ? irqtime_account_irq+0xdc/0x260 [ 179.970767][ C1] __irq_exit_rcu+0x52/0xf0 [ 179.975101][ C1] irq_exit_rcu+0x9/0x10 [ 179.979176][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 179.984653][ C1] [ 179.987422][ C1] [ 179.990206][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 179.996019][ C1] RIP: 0010:finish_task_switch+0x16f/0x7b0 [ 180.001660][ C1] Code: 74 08 4c 89 ff e8 c1 76 6c 00 49 8b 1f 48 85 db 4c 8b 6d c0 0f 85 ce 00 00 00 4c 89 e7 e8 59 3c d1 03 fb 49 8d 9d 48 0b 00 00 <48> 89 d8 48 c1 e8 03 49 be 00 00 00 00 00 fc ff df 42 0f b6 04 30 [ 180.021103][ C1] RSP: 0018:ffffc90000f57320 EFLAGS: 00000282 [ 180.027001][ C1] RAX: 0000000080000001 RBX: ffff88811b9d5c48 RCX: 0000000000000002 [ 180.034814][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001 [ 180.042623][ C1] RBP: ffffc90000f57370 R08: dffffc0000000000 R09: ffffed10211ae28e [ 180.050437][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f37c80 [ 180.058248][ C1] R13: ffff88811b9d5100 R14: 0000000000000000 R15: 1ffff1103ede4e65 [ 180.066064][ C1] ? requeue_task_rt+0x410/0x410 [ 180.070835][ C1] __schedule+0xcbd/0x1560 [ 180.075085][ C1] ? avc_denied+0x1b0/0x1b0 [ 180.079435][ C1] ? __sched_text_start+0x8/0x8 [ 180.084129][ C1] schedule+0xc3/0x180 [ 180.088020][ C1] schedule_timeout+0xa9/0x380 [ 180.092625][ C1] ? console_conditional_schedule+0x10/0x10 [ 180.098349][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 180.103987][ C1] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 180.109634][ C1] unix_wait_for_peer+0x24b/0x330 [ 180.114491][ C1] ? unix_find_other+0x8e0/0x8e0 [ 180.119263][ C1] ? wake_bit_function+0x230/0x230 [ 180.124211][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 180.129418][ C1] ? security_unix_may_send+0x7b/0xa0 [ 180.134626][ C1] unix_dgram_sendmsg+0x1348/0x2050 [ 180.139665][ C1] ? unix_dgram_poll+0x690/0x690 [ 180.144436][ C1] ? security_socket_sendmsg+0x82/0xb0 [ 180.149860][ C1] ? unix_dgram_poll+0x690/0x690 [ 180.154633][ C1] ____sys_sendmsg+0x5d3/0x9a0 [ 180.159235][ C1] ? __sys_sendmsg_sock+0x40/0x40 [ 180.164095][ C1] __sys_sendmmsg+0x3b9/0x6f0 [ 180.168612][ C1] ? __ia32_sys_sendmsg+0x90/0x90 [ 180.173464][ C1] ? futex_wait+0x4b7/0x7e0 [ 180.177807][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 180.183447][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 180.188653][ C1] ? do_futex+0x55a/0x9a0 [ 180.192826][ C1] ? fpregs_restore_userregs+0x130/0x290 [ 180.198287][ C1] __x64_sys_sendmmsg+0xa0/0xb0 [ 180.202977][ C1] x64_sys_call+0x81d/0x9a0 [ 180.207313][ C1] do_syscall_64+0x3b/0xb0 [ 180.211569][ C1] ? clear_bhb_loop+0x55/0xb0 [ 180.216081][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 180.221809][ C1] RIP: 0033:0x7f6b8c185d19 [ 180.226060][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.245514][ C1] RSP: 002b:00007f6b8cfc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 180.253747][ C1] RAX: ffffffffffffffda RBX: 00007f6b8c375fa0 RCX: 00007f6b8c185d19 [ 180.261568][ C1] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000005 [ 180.269370][ C1] RBP: 00007f6b8c201a20 R08: 0000000000000000 R09: 0000000000000000 [ 180.277183][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.284995][ C1] R13: 0000000000000000 R14: 00007f6b8c375fa0 R15: 00007ffe14b43cd8 [ 180.292813][ C1] [ 180.295669][ C1] Modules linked in: [ 180.299410][ C1] ---[ end trace 0000000000000000 ]--- [ 180.304696][ C1] RIP: 0010:__queue_work+0x4f1/0xd70 [ 180.309815][ C1] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 a3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 00 de 71 00 49 8b 3e e8 88 9c d6 [ 180.329260][ C1] RSP: 0018:ffffc900001b0c78 EFLAGS: 00010046 [ 180.335161][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88811b9d5100 [ 180.342975][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 180.350787][ C1] RBP: ffffc900001b0d00 R08: ffffffff814b185b R09: 0000000000000007 [ 180.358595][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888113abc9c8 [ 180.366406][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888113abc9e0 [ 180.374227][ C1] FS: 00007f6b8cfc16c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 180.382985][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 180.389407][ C1] CR2: 00007fc5c2678568 CR3: 000000011cb09000 CR4: 00000000003526a0 [ 180.397222][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 180.405030][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 180.412843][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 180.420134][ C1] Kernel Offset: disabled [ 180.424257][ C1] Rebooting in 86400 seconds..