last executing test programs: 6.115313655s ago: executing program 4 (id=224): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x6, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000002c7b0af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) kcmp(0x0, 0xffffffffffffffff, 0x5, r0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0) lseek(r4, 0x5, 0x1) close(0xffffffffffffffff) 6.101292655s ago: executing program 4 (id=226): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r3, @ANYBLOB="40005200060010"], 0x24}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=@updpolicy={0xc4, 0x19, 0x300, 0x0, 0x25dfdbfd, {{@in=@multicast2, @in6=@local, 0x0, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2f}, {0x0, 0x0, 0xb, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x7fffffff}}, [@mark={0xc, 0x15, {0x35075d, 0x5}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) r6 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000040)=0x199c, 0x4) syslog(0x4, &(0x7f00000008c0)=""/4096, 0x1000) 6.063283985s ago: executing program 4 (id=227): munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r1, &(0x7f0000000080)=""/155, 0x9b) write$binfmt_script(r0, &(0x7f00000036c0)={'#! ', './file0'}, 0xb) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14cb84fb0918cdfe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0xc, 0x0, &(0x7f00000004c0)=[@increfs={0x40046304, 0x2}, @exit_looper], 0x0, 0x0, 0x0}) socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x2880, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) ioctl$sock_bt_hci(r3, 0x400448dd, &(0x7f0000000100)) r5 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff034}]}, 0x10) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100100"], 0x0) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 4.88847185s ago: executing program 3 (id=232): write$binfmt_format(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c4600000400020000000000000003003e0000000000000000000000000040000000000000006b020000000000000000000038000100006927f900000300000000000000000000000000000000000000000000000000000000f3ddea3117ca6cb600000006000000000000000000000000000000010000000100000000007aea1c44d62daccfac17ee5759edd878a65208127821cb7f54194ab9ce9caae0f762a03794cd2e8873106fae18c4388897742ed7ac537e4e432635d8ea49a83758f8180ec2ad83602a2adb64122a7531e79b59e976d51b60ea5ac86efbe674ba86e7f51ee300fb4a9cd6bd203409dab2467ebff0ba01ce88e620fc5d0491fe070000008a11d579cc190134204f44fc3653f721fc918e65df221e694db2d78bf4c98d1d25af8d622243d2549b"], 0x78) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$unix(0x1, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0], 0x0, 0x4a, &(0x7f00000003c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0x75, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x6, 0x3, 0x4ff, 0x1, 0x2004, 0xffffffffffffffff, 0x3, '\x00', r4, r0, 0x2, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r5}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect(0x0, 0x5d, &(0x7f0000001800)=ANY=[@ANYBLOB="1201000093007a402104070051b80102030109024b00010000000009040000000202ff"], 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r6, {0x3, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}}, 0x0) 3.506859614s ago: executing program 3 (id=238): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2(&(0x7f0000000600), 0x84000) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) io_uring_setup(0xad5, &(0x7f0000000100)) 3.332373693s ago: executing program 2 (id=243): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x4ace457a, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000004000000000000000002"], &(0x7f0000000240)=""/199, 0x3e, 0xc7, 0x1, 0x0, 0x0, @void, @value}, 0x28) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r8}, 0x10) r9 = creat(&(0x7f00000000c0)='./file0\x00', 0x8b) close(r9) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") 2.5742836s ago: executing program 3 (id=246): syz_open_procfs(0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.191062749s ago: executing program 3 (id=247): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r1, &(0x7f0000000080)=""/155, 0x9b) write$binfmt_script(r0, &(0x7f00000036c0)={'#! ', './file0'}, 0xb) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14cb84fb0918cdfe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x50, 0x0, &(0x7f00000004c0)=[@increfs={0x40046304, 0x2}, @exit_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/70, 0x46, 0x2, 0x8}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/254, 0xfe, 0x0, 0xa}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/96, 0x60, 0x0, 0x14}}, &(0x7f0000000400)={0x0, 0x28, 0x50}}}], 0x2b, 0x0, &(0x7f0000000440)="7baf69d829ab644989dfd779f04f85ac91c8015ff885b60ed928064d13520f904f177a5301f4fd3c04d120"}) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x2880, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) 2.047453928s ago: executing program 1 (id=249): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x90) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32, @ANYBLOB="40005200060010"], 0x24}}, 0x0) syslog(0x4, &(0x7f00000008c0)=""/4096, 0x1000) 2.023038198s ago: executing program 1 (id=250): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x4ace457a, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000004000000000000000002"], &(0x7f0000000240)=""/199, 0x3e, 0xc7, 0x1, 0x0, 0x0, @void, @value}, 0x28) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") 1.865472657s ago: executing program 2 (id=251): r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000280)='./file0\x00', 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno', @ANYRESHEX=r1]) 1.859608147s ago: executing program 4 (id=252): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={@map, 0xffffffffffffffff, 0x1b, 0x0, 0xffffffffffffffff, @void, @value=r0}, 0x20) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r5}, 0x10) r6 = io_uring_setup(0xad5, &(0x7f0000000100)) close(r6) clock_nanosleep(0x2, 0x1, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x5607, 0x38) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x5607, 0x2) ioctl$KDSETMODE(r7, 0x4b3a, 0x1) ioctl$TCXONC(r7, 0x4b3a, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00') r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={&(0x7f0000000180), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x9, 0x2, {0x8000}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 1.840805798s ago: executing program 2 (id=253): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={@map, 0xffffffffffffffff, 0x1b, 0x0, 0xffffffffffffffff, @void, @value=r0}, 0x20) getpid() socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) io_uring_setup(0xad5, &(0x7f0000000100)) 1.172665945s ago: executing program 1 (id=254): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x8b) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") socket$vsock_stream(0x28, 0x1, 0x0) 980.899284ms ago: executing program 4 (id=255): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000007290000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0xa}}]}, 0x40}}, 0x0) 937.995784ms ago: executing program 4 (id=256): syz_emit_ethernet(0x143, &(0x7f00000001c0)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x135, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}, {"d6f1e609dffa17e1b1fc2d4983e522535d1e57966c2e0d57deb46316b9a424613937b2d5f33a93352fe94b2f3561867b757c94e7528d01028accec4933d41336bc1630a70d05468d6e8a88e3e53b8c5302c12d6ae55bb6369dd91600fd1d65f7bab58431110a42371fd2e4832a3d9f365bfc891f8893baff3beeda407b562cb5219bbae2b1a6570233ab9b36a594b13532991e47a7840370e73f4569296fd1d07c09b531129adb4c6f71a297c7a44ef165b3f7f459700039cfb7cc699edd6deaec4b5b33a6a40364c2c08d74da41b3ae4e503a230404a4a5d2d3d6e49f28e3a504c9d8dbcb15cbda4ab0e85b95c56a273eba8eb4de243510a806b7375b88a020d3ed72096f733965f4562e43d7"}}}}}}, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc0109058903"], 0x0) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_usb_connect(0x0, 0x64, &(0x7f0000001e00)=ANY=[@ANYBLOB="1201000002ffa9400819151300000102030109025200010000000009040000042513bf000a24010000000201020524040000090500000000000000072501000000000725010000000009050000000000000009"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201100300000e70406545ac7600002505a8"], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000180)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa"], 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000007c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000700)=[@textreal={0x8, &(0x7f0000000640)="990f38f12a0f3066b9690a000066b80000008066ba000000000f3066b8070000000f23d80f21f86635400000c00f23f80f20950f009b4b423665660f38db280f20d86635080000002f22a16676562c", 0x4f}], 0x1, 0x13, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x75, &(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRESOCT=r1, @ANYRES32=r1, @ANYRES16=r0, @ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRES8=r1], 0x0, 0x0, 0x0, 0x0}, 0x0) 915.536863ms ago: executing program 2 (id=257): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) request_key(&(0x7f0000000240)='asymmetric\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f0000000740)='lon\x00', 0x0) 831.784443ms ago: executing program 2 (id=258): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="07000000000000001900000000"], 0x48) close(r4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb929"], 0xfdef) r5 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000080)={'erspan0\x00', &(0x7f0000000440)={'ip_vti0\x00', r6, 0x80, 0x8000, 0x7, 0x6, {{0x1e, 0x4, 0x3, 0x2, 0x78, 0x68, 0x0, 0x9, 0x2f, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @timestamp_addr={0x44, 0x1c, 0xb6, 0x1, 0xc, [{@broadcast, 0x80}, {@rand_addr=0x64010101, 0xe432}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x4}]}, @end, @lsrr={0x83, 0xf, 0x2c, [@multicast1, @broadcast, @multicast2]}, @timestamp_addr={0x44, 0x34, 0xaa, 0x1, 0x3, [{@private=0xa010100, 0x8000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x80000001}, {@local, 0x200003}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x400}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x412c2b4a}]}, @noop]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018020000", @ANYRES16=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000400)={0x0, 0xfffffff0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000000", @ANYRES32=0x0, @ANYBLOB="04000d80080005"], 0x24}, 0x1, 0x5502000000000000}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x9, [@volatile={0x0, 0x0, 0x0, 0x9, 0x5}, @var={0x9, 0x0, 0x0, 0xe, 0x1}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x10, 0x1}, {0x8, 0x1}]}, @fwd={0x10}]}, {0x0, [0x0, 0x0, 0x0, 0x61, 0x5f, 0x5f, 0x5f]}}, 0x0, 0x71, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r8}, 0x10) alarm(0x8000000000000001) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) 806.644623ms ago: executing program 2 (id=259): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f0000003a40)=[{{&(0x7f0000000100)=@sco={0x1f, @none}, 0x80, &(0x7f0000001000)=[{&(0x7f0000000440)=""/212, 0xd4}, {&(0x7f0000000080)=""/9, 0x9}, {&(0x7f0000000200)=""/152, 0x98}, {&(0x7f0000000600)=""/212, 0xd4}, {&(0x7f0000000b80)=""/231, 0xe7}, {&(0x7f0000000c80)=""/226, 0xe2}, {&(0x7f0000000340)=""/15, 0xf}, {&(0x7f0000000d80)=""/174, 0xae}, {&(0x7f0000000e40)=""/238, 0xee}, {&(0x7f0000000f40)=""/138, 0x8a}], 0xa, &(0x7f00000010c0)=""/236, 0xec}, 0x81}, {{&(0x7f0000000700)=@hci, 0x80, &(0x7f0000001400)=[{&(0x7f00000011c0)=""/122, 0x7a}, {&(0x7f0000001280)=""/114, 0x72}, {&(0x7f0000000380)=""/22, 0x16}, {&(0x7f0000000a40)=""/50, 0x32}, {&(0x7f0000001300)=""/219, 0xdb}], 0x5, &(0x7f0000001480)=""/146, 0x92}, 0xfffffff7}, {{&(0x7f0000001540)=@qipcrtr, 0x80, &(0x7f0000001bc0)=[{&(0x7f00000015c0)=""/55, 0x37}, {&(0x7f0000001600)=""/49, 0x31}, {&(0x7f0000001ac0)=""/112, 0x70}, {&(0x7f0000001b40)=""/18, 0x12}, {&(0x7f0000001b80)=""/46, 0x2e}], 0x5}, 0x9}, {{&(0x7f0000001c40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000001cc0)=""/81, 0x51}, {&(0x7f0000001d40)=""/4096, 0x1000}, {&(0x7f0000002d40)=""/244, 0xf4}, {&(0x7f0000002e40)=""/253, 0xfd}], 0x4, &(0x7f0000002f80)=""/8, 0x8}, 0x8}, {{&(0x7f0000002fc0)=@pppol2tpin6, 0x80, &(0x7f0000003100)=[{&(0x7f0000003040)=""/185, 0xb9}], 0x1}}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000003140)=""/236, 0xec}, {&(0x7f0000003240)=""/157, 0x9d}], 0x2, &(0x7f0000003340)=""/94, 0x5e}, 0xfffffffa}, {{0x0, 0x0, &(0x7f0000003700)=[{&(0x7f00000033c0)=""/214, 0xd6}, {&(0x7f00000034c0)=""/249, 0xf9}, {&(0x7f00000035c0)=""/10, 0xa}, {&(0x7f0000003600)=""/187, 0xbb}, {&(0x7f00000036c0)=""/63, 0x3f}], 0x5, &(0x7f0000003780)=""/177, 0xb1}, 0x3}, {{&(0x7f0000003840)=@alg, 0x80, &(0x7f0000003940)=[{&(0x7f00000038c0)=""/17, 0x11}, {&(0x7f0000003900)=""/15, 0xf}], 0x2, &(0x7f0000003980)=""/164, 0xa4}, 0x8001}], 0x8, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000010008500000071000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000000)={[{@init_itable}, {@errors_remount}, {@norecovery}]}, 0x2, 0x44e, &(0x7f0000001640)="$eJzs289vFFUcAPDvTH+g/GpBooKoVWJs/NHSisrBi0YTDxhN9IDHui2EsFBDayKESDUGLyaGRM/Go4l/gTcvRj2ZeNW7ISHKBfRUM7MzsLvslm7Y7lb280kG3pv3Zud9O/Nm3szbDWBgTWT/JBHbI+L3iBirZRsrTNT+u371fOWfq+crSayuvv1Xkte7dvV8paxabretyEymEemnSbGTRktnz52cq1YXzhT56eVT708vnT337IlTc8cXji+cnj18+NBzMy++MPt8V+LM4rq276PF/Xtff/fSG5Wjl977+busvduL8vo4umUiC/zv1Vxz2RPd3lmf7ahLJ8N9bAgdGYqI7HCN5P1/LIbi5sEbi9c+6WvjgA2V3Zu2tC9eWQXuYkn0uwVAf5Q3+uz5t1x6NPTYFK68XHsAyuK+Xiy1kuFIi+ejkabn226aiIijK/9+nS2xQe8hAADqfV756kg802r8l8b9dfV2FnMo4xGxKyJ2R8R9EbGnrs4DEfFgh/tvnhq6dfyTXu7wIzuSjf9eKua2Gsd/aVllfKjI7cjjH0mOnaguHCz+JpMxsiXLz6yxjx9e/e2LdmX1479syfZfjgWLdlwebnpBNz+3PJcPSrvgyscR+4ZbxZ/cmAlIImJvROzr7KN3lokTT327v12l28e/hi7MM61+E/Fk7fivRFP8pWTt+cnpe6K6cHC6PCtu9cuvF99qt/87ir8LsuO/tfH8b64yntTP1y6Vq9d/Al7847O2zzTrPf/H67bJzv/R5J38ejRarPtwbnn5zEzEaHIkzzesn725bZkv62fxTx5o3f93F9tk8T8UEdlJ/HBEPBIRjxZtfywiHo+IA2vE/9Mr7cs2w/Gfb3n9u3H+Nx3/zhNDJ3/8vt3+13f8D+WpyWJNfv27jfU28E7+dgAAAPB/kebfgU/SqRvpNJ2aqn2Hf09sTauLS8tPH1v84PR87bvy4zGSlm+6xureh84kK8Un1vKzxbviojx/mborIr4cujcvn6osVuf7GzoMvG1t+n/mz6F+tw7YcK3m0WZH+9AQoOea+3/amL3wZi8bA/SU32vD4LpN/0971Q6g99z/YXC16v8XmvLmAuDu5P4Pg0v/h8Gl/8Pg0v9hIN3J7/olBjkR6aZohsQGJfp9ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiO/wIAAP//WpTuMw==") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 361.647191ms ago: executing program 0 (id=260): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r3, @ANYBLOB="40005200060010"], 0x24}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=@updpolicy={0xc4, 0x19, 0x300, 0x0, 0x25dfdbfd, {{@in=@multicast2, @in6=@local, 0x0, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2f}, {0x0, 0x0, 0xb, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x7fffffff}}, [@mark={0xc, 0x15, {0x35075d, 0x5}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000001880)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) r6 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000040)=0x199c, 0x4) syslog(0x4, &(0x7f00000008c0)=""/4096, 0x1000) 238.369531ms ago: executing program 0 (id=261): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0}, 0x18) request_key(0x0, &(0x7f0000000780)={'syz', 0x0}, &(0x7f0000000740)='lon\x00', 0x0) 175.44931ms ago: executing program 0 (id=262): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x54}, [@ldst={0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xcab5, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) pidfd_getfd(0xffffffffffffffff, r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x20780, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0xe) r2 = io_uring_setup(0x16d4, &(0x7f00000002c0)={0x0, 0x2, 0x40}) io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0xf, &(0x7f0000002700)={0x119f, 0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)=""/264, 0xf9}, {&(0x7f00000015c0)=""/4096, 0x400400}, {&(0x7f0000002a00)=""/88, 0x8}], 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r3 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000800000000180000006612ac827201c1ce2c260d6bd9a7c245ecb4f2690728ec30bd3696b38412688d635814ceb6e305b1d560cd072e7282d4e7021806845fb4415da8ab8e8790f0744afb85472fadc8f43e6e4d4b39a52d806ec61ed73ae5b4322d7048fa", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000007290000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0xa}}]}, 0x40}}, 0x0) 164.55717ms ago: executing program 0 (id=263): r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000280)='./file0\x00', 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno', @ANYRESHEX=r1]) 138.96055ms ago: executing program 0 (id=264): syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 127.32742ms ago: executing program 1 (id=265): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) request_key(&(0x7f0000000240)='asymmetric\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f0000000740)='lon\x00', 0x0) 70.97752ms ago: executing program 1 (id=266): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000007290000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0xa}}]}, 0x40}}, 0x0) 26.51153ms ago: executing program 1 (id=267): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={@map, 0xffffffffffffffff, 0x1b, 0x0, 0xffffffffffffffff, @void, @value=r0}, 0x20) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r5}, 0x10) r6 = io_uring_setup(0xad5, &(0x7f0000000100)) close(r6) clock_nanosleep(0x2, 0x1, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x5607, 0x38) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x5607, 0x2) ioctl$KDSETMODE(r7, 0x4b3a, 0x1) ioctl$TCXONC(r7, 0x4b3a, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00') r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={&(0x7f0000000180), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x9, 0x2, {0x8000}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 20.05146ms ago: executing program 3 (id=268): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) request_key(&(0x7f0000000240)='asymmetric\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f0000000740)='lon\x00', 0x0) 18.98782ms ago: executing program 0 (id=269): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) pipe2(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={@map, 0xffffffffffffffff, 0x1b, 0x0, 0xffffffffffffffff, @void, @value=r0}, 0x20) getpid() socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) io_uring_setup(0xad5, &(0x7f0000000100)) 0s ago: executing program 3 (id=270): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, 0x0, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(0xffffffffffffffff) syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): [ 6.701087][ T28] audit: type=1400 audit(1734779747.695:27): avc: denied { create } for pid=123 comm="dbus-daemon" name="messagebus.pid" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 6.705939][ T28] audit: type=1400 audit(1734779747.695:28): avc: denied { write open } for pid=123 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=411 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 6.712041][ T28] audit: type=1400 audit(1734779747.695:29): avc: denied { getattr } for pid=123 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=411 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 6.914052][ T28] audit: type=1400 audit(1734779747.925:30): avc: denied { search } for pid=137 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 14.719700][ T28] kauditd_printk_skb: 30 callbacks suppressed [ 14.719716][ T28] audit: type=1400 audit(1734779755.725:61): avc: denied { transition } for pid=225 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.727024][ T28] audit: type=1400 audit(1734779755.725:62): avc: denied { noatsecure } for pid=225 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.731809][ T28] audit: type=1400 audit(1734779755.735:63): avc: denied { write } for pid=225 comm="sh" path="pipe:[13272]" dev="pipefs" ino=13272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.736918][ T28] audit: type=1400 audit(1734779755.735:64): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.745777][ T28] audit: type=1400 audit(1734779755.735:65): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.107' (ED25519) to the list of known hosts. [ 22.074586][ T28] audit: type=1400 audit(1734779763.085:66): avc: denied { mounton } for pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.075864][ T280] cgroup: Unknown subsys name 'net' [ 22.097090][ T28] audit: type=1400 audit(1734779763.085:67): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.123963][ T28] audit: type=1400 audit(1734779763.115:68): avc: denied { unmount } for pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.124142][ T280] cgroup: Unknown subsys name 'devices' [ 22.233189][ T280] cgroup: Unknown subsys name 'hugetlb' [ 22.238599][ T280] cgroup: Unknown subsys name 'rlimit' [ 22.374162][ T28] audit: type=1400 audit(1734779763.385:69): avc: denied { setattr } for pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.397156][ T28] audit: type=1400 audit(1734779763.385:70): avc: denied { mounton } for pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.421656][ T28] audit: type=1400 audit(1734779763.385:71): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.431245][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.453676][ T28] audit: type=1400 audit(1734779763.465:72): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.478865][ T28] audit: type=1400 audit(1734779763.465:73): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.509989][ T28] audit: type=1400 audit(1734779763.515:74): avc: denied { read } for pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.535445][ T28] audit: type=1400 audit(1734779763.515:75): avc: denied { open } for pid=280 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.535498][ T280] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.381369][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.388234][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.395993][ T290] device bridge_slave_0 entered promiscuous mode [ 23.420914][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.427865][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.435058][ T290] device bridge_slave_1 entered promiscuous mode [ 23.463322][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.470174][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.477566][ T291] device bridge_slave_0 entered promiscuous mode [ 23.485395][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.492391][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.499607][ T291] device bridge_slave_1 entered promiscuous mode [ 23.516952][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.523856][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.531183][ T292] device bridge_slave_0 entered promiscuous mode [ 23.549862][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.556759][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.564029][ T292] device bridge_slave_1 entered promiscuous mode [ 23.650562][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.657492][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.664937][ T293] device bridge_slave_0 entered promiscuous mode [ 23.687361][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.694272][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.701602][ T293] device bridge_slave_1 entered promiscuous mode [ 23.777135][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.784066][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.791464][ T294] device bridge_slave_0 entered promiscuous mode [ 23.807500][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.814377][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.821488][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.828239][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.836341][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.843225][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.850497][ T294] device bridge_slave_1 entered promiscuous mode [ 23.896365][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.903327][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.910411][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.917220][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.936183][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.943190][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.950277][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.957107][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.046480][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.053371][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.060563][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.067354][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.081703][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.088571][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.095696][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.102569][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.121487][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.129069][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.137436][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.146347][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.154701][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.162652][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.170791][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.178253][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.185616][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.192687][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.200063][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.207227][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.214510][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.221871][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.249731][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.257802][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.264700][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.273684][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.281788][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.288631][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.295893][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.303880][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.343504][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.352529][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.360295][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.368303][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.376175][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.383557][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.390835][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.399091][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.407227][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.414084][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.427372][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.434772][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.450692][ T291] device veth0_vlan entered promiscuous mode [ 24.464261][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.472777][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.480909][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.489552][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.498048][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.505983][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.514005][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.522180][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.530109][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.536970][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.544296][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.552682][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.560862][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.567721][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.575005][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.582497][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.590368][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.598862][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.606932][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.613774][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.629961][ T291] device veth1_macvtap entered promiscuous mode [ 24.636877][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.645098][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.653261][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.662333][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.670620][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.678752][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.686887][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.694830][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.702262][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.710346][ T292] device veth0_vlan entered promiscuous mode [ 24.728977][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.736825][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.745043][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.753375][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.761897][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.769780][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.777979][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.786094][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.794136][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.802338][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.827879][ T292] device veth1_macvtap entered promiscuous mode [ 24.836647][ T290] device veth0_vlan entered promiscuous mode [ 24.843720][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.844071][ T291] request_module fs-gadgetfs succeeded, but still no fs? [ 24.852504][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.866542][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.874769][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.882944][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.890587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.898180][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.920016][ T294] device veth0_vlan entered promiscuous mode [ 24.935537][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.948636][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.956920][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.965061][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.972475][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.980571][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.988921][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.997395][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.005744][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.014036][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.025995][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.034180][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.052415][ T293] device veth0_vlan entered promiscuous mode [ 25.062629][ T290] device veth1_macvtap entered promiscuous mode [ 25.069133][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.078699][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.086587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.095354][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.102760][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.122074][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.133968][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.142425][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.150626][ T321] loop2: detected capacity change from 0 to 512 [ 25.150737][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.165592][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.175484][ T293] device veth1_macvtap entered promiscuous mode [ 25.182386][ T321] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 25.191324][ T321] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 25.216421][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.230640][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.231889][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.239614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.257482][ T294] device veth1_macvtap entered promiscuous mode [ 25.287707][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.300859][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.315077][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.323831][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.332442][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.340698][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.431140][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 25.437309][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 25.452348][ T332] loop3: detected capacity change from 0 to 512 [ 25.458720][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 25.483843][ T332] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 25.495257][ T6] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 25.498149][ T335] process 'syz.0.6' launched './file1' with NULL argv: empty string added [ 25.504627][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.524750][ T6] usb 2-1: config 0 descriptor?? [ 25.532324][ T332] EXT4-fs (loop3): orphan cleanup on readonly fs [ 25.538517][ T332] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.4: Bad quota inum: 64, type: 0 [ 25.555348][ T332] EXT4-fs (loop3): Remounting filesystem read-only [ 25.562249][ T332] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 25.577138][ T332] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 25.578021][ T292] EXT4-fs (loop2): unmounting filesystem. [ 25.584035][ T332] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 25.599150][ T332] EXT4-fs (loop3): unmounting filesystem. [ 25.600213][ T330] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'. [ 25.701428][ T348] loop4: detected capacity change from 0 to 512 [ 25.743252][ T316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 25.763789][ T350] loop3: detected capacity change from 0 to 512 [ 25.770178][ T316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 25.770737][ T350] EXT4-fs: Ignoring removed i_version option [ 25.784941][ T350] EXT4-fs: Ignoring removed mblk_io_submit option [ 25.785481][ T348] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 25.816288][ T348] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 25.898796][ T356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7'. [ 25.915944][ T356] device bridge0 entered promiscuous mode [ 25.921850][ T356] device macsec1 entered promiscuous mode [ 25.930287][ T356] device bridge0 left promiscuous mode [ 25.967760][ T350] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 26.106985][ T350] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 26.123828][ T350] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 26.137623][ T359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 26.142763][ T350] EXT4-fs (loop3): 1 truncate cleaned up [ 26.147440][ T359] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 26.161363][ T350] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 26.170076][ T316] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.170232][ T348] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.8: corrupted inode contents [ 26.188259][ T312] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.208225][ T348] EXT4-fs error (device loop4): ext4_dirty_inode:6091: inode #2: comm syz.4.8: mark_inode_dirty error [ 26.225169][ T348] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.8: corrupted inode contents [ 26.237058][ T348] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.8: mark_inode_dirty error [ 26.824735][ T356] syz.2.7 (356) used greatest stack depth: 21664 bytes left [ 27.042222][ T312] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 27.102360][ T293] EXT4-fs (loop3): unmounting filesystem. [ 27.154113][ T312] usb 1-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 27.164884][ T312] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.172773][ T312] usb 1-1: Product: syz [ 27.176748][ T312] usb 1-1: Manufacturer: syz [ 27.181191][ T312] usb 1-1: SerialNumber: syz [ 27.186240][ T312] usb 1-1: config 0 descriptor?? [ 27.192172][ T312] usb 1-1: bad CDC descriptors [ 27.196988][ T312] cdc_acm 1-1:0.0: Zero length descriptor references [ 27.203545][ T312] cdc_acm: probe of 1-1:0.0 failed with error -22 [ 27.407092][ T28] kauditd_printk_skb: 98 callbacks suppressed [ 27.407117][ T28] audit: type=1400 audit(1734779768.415:174): avc: denied { unmount } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 27.438930][ T294] EXT4-fs (loop4): unmounting filesystem. [ 27.489912][ T28] audit: type=1400 audit(1734779768.445:175): avc: denied { remove_name } for pid=294 comm="syz-executor" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.578731][ T28] audit: type=1400 audit(1734779768.445:176): avc: denied { unlink } for pid=294 comm="syz-executor" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 27.674635][ T312] usb 1-1: USB disconnect, device number 2 [ 27.687120][ T374] loop3: detected capacity change from 0 to 512 [ 27.741798][ T6] usbhid 2-1:0.0: can't add hid device: -71 [ 27.743428][ T28] audit: type=1400 audit(1734779768.755:177): avc: denied { create } for pid=375 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 27.747572][ T6] usbhid: probe of 2-1:0.0 failed with error -71 [ 27.775086][ T6] usb 2-1: USB disconnect, device number 2 [ 27.783350][ T374] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 27.785256][ T28] audit: type=1400 audit(1734779768.795:178): avc: denied { connect } for pid=375 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 27.811817][ T374] EXT4-fs (loop3): orphan cleanup on readonly fs [ 27.813892][ T28] audit: type=1400 audit(1734779768.825:179): avc: denied { create } for pid=375 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 27.828244][ T374] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.11: Bad quota inum: 64, type: 0 [ 27.858751][ T28] audit: type=1400 audit(1734779768.825:180): avc: denied { read } for pid=375 comm="syz.4.12" path="socket:[16005]" dev="sockfs" ino=16005 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 27.883818][ T374] EXT4-fs (loop3): Remounting filesystem read-only [ 27.889198][ T28] audit: type=1400 audit(1734779768.855:181): avc: denied { write } for pid=367 comm="syz.2.10" name="ip6_tables_matches" dev="proc" ino=4026532519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 27.901030][ T374] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 27.928084][ T374] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 27.934750][ T374] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 27.944078][ T374] EXT4-fs (loop3): unmounting filesystem. [ 27.949976][ T28] audit: type=1400 audit(1734779768.895:182): avc: denied { write } for pid=375 comm="syz.4.12" path="socket:[15331]" dev="sockfs" ino=15331 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 28.001034][ T28] audit: type=1400 audit(1734779768.895:183): avc: denied { create } for pid=375 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 28.151051][ T19] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 28.418279][ T19] usb 5-1: Using ep0 maxpacket: 8 [ 28.431176][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.631000][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 28.641885][ T19] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 28.642606][ T24] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 28.649969][ T19] usb 5-1: config 179 has no interface number 0 [ 28.649999][ T19] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 28.673554][ T24] usb 3-1: config 179 has no interface number 0 [ 28.689523][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 28.700717][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 28.713616][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 28.721232][ T19] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 28.736124][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 28.736878][ T19] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 28.758397][ T24] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 28.759301][ T19] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 28.783203][ T19] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 28.791014][ T24] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 28.796546][ T19] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 28.814147][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.814335][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.830149][ T379] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 28.845384][ T386] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 29.327071][ T401] loop0: detected capacity change from 0 to 128 [ 29.360869][ T401] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 29.369690][ T401] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 29.413060][ T290] EXT4-fs (loop0): unmounting filesystem. [ 29.547005][ T407] loop0: detected capacity change from 0 to 512 [ 29.571499][ T386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 29.615715][ T407] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 29.647156][ T379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 29.656203][ T386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 29.714766][ T407] EXT4-fs (loop0): orphan cleanup on readonly fs [ 29.721433][ T407] EXT4-fs error (device loop0): ext4_quota_enable:6975: comm syz.0.17: Bad quota inum: 64, type: 0 [ 29.732550][ T407] EXT4-fs (loop0): Remounting filesystem read-only [ 29.738926][ T407] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 29.753474][ T407] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 29.759943][ T407] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 29.769563][ T407] EXT4-fs (loop0): unmounting filesystem. [ 29.792462][ T379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.608326][ T383] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 30.631901][ T355] Bluetooth: hci0: Frame reassembly failed (-84) [ 31.859722][ T6] usb 3-1: USB disconnect, device number 2 [ 31.859774][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 31.873695][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 31.896627][ T399] usb 5-1: USB disconnect, device number 2 [ 31.896727][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 31.910686][ C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 31.923908][ T424] loop1: detected capacity change from 0 to 512 [ 31.934285][ T424] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 31.944935][ T424] EXT4-fs (loop1): orphan cleanup on readonly fs [ 31.951349][ T424] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.21: Bad quota inum: 64, type: 0 [ 31.962320][ T424] EXT4-fs (loop1): Remounting filesystem read-only [ 31.968713][ T424] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 31.983450][ T424] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 32.827346][ T385] Bluetooth: hci0: command 0x0c1a tx timeout [ 32.827378][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 32.923356][ T424] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 32.992499][ T424] EXT4-fs (loop1): unmounting filesystem. [ 33.103621][ T435] loop3: detected capacity change from 0 to 512 [ 33.121408][ T435] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 33.150863][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 33.150879][ T28] audit: type=1400 audit(1734779774.155:187): avc: denied { read write } for pid=442 comm="syz.1.26" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 33.189824][ T435] EXT4-fs (loop3): orphan cleanup on readonly fs [ 33.193797][ T444] loop2: detected capacity change from 0 to 512 [ 33.196019][ T435] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.24: Bad quota inum: 64, type: 0 [ 33.202428][ T28] audit: type=1400 audit(1734779774.195:188): avc: denied { open } for pid=442 comm="syz.1.26" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 33.236446][ T435] EXT4-fs (loop3): Remounting filesystem read-only [ 33.246059][ T435] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 33.261747][ T444] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 33.272242][ T444] EXT4-fs (loop2): orphan cleanup on readonly fs [ 33.278441][ T444] EXT4-fs error (device loop2): ext4_quota_enable:6975: comm syz.2.25: Bad quota inum: 64, type: 0 [ 33.291710][ T435] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 33.298369][ T444] EXT4-fs (loop2): Remounting filesystem read-only [ 33.305126][ T435] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 33.325410][ T435] EXT4-fs (loop3): unmounting filesystem. [ 33.326467][ T444] EXT4-fs warning (device loop2): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 33.358059][ T444] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 33.364826][ T444] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 33.461203][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 33.484112][ T457] loop4: detected capacity change from 0 to 512 [ 33.501620][ T459] loop3: detected capacity change from 0 to 512 [ 33.509033][ T457] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #15: comm syz.4.29: inline data xattr refers to an external xattr inode [ 33.528324][ T457] EXT4-fs (loop4): Remounting filesystem read-only [ 33.535064][ T457] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.29: couldn't read orphan inode 15 (err -117) [ 33.547947][ T459] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #15: comm syz.3.30: inline data xattr refers to an external xattr inode [ 33.561215][ T457] EXT4-fs (loop4): Remounting filesystem read-only [ 33.562872][ T459] EXT4-fs (loop3): Remounting filesystem read-only [ 33.571408][ T457] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 33.575544][ T459] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.30: couldn't read orphan inode 15 (err -117) [ 33.598227][ T459] EXT4-fs (loop3): Remounting filesystem read-only [ 33.604637][ T459] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 33.624065][ T293] EXT4-fs (loop3): unmounting filesystem. [ 34.043140][ T28] audit: type=1400 audit(1734779775.055:189): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 34.060242][ T6] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 34.224881][ T472] loop1: detected capacity change from 0 to 512 [ 34.254294][ T472] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 34.271020][ T6] usb 1-1: Using ep0 maxpacket: 8 [ 34.276428][ T294] EXT4-fs (loop4): unmounting filesystem. [ 34.276987][ T6] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 34.292473][ T6] usb 1-1: config 179 has no interface number 0 [ 34.299210][ T472] EXT4-fs (loop1): orphan cleanup on readonly fs [ 34.305470][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 34.306486][ T472] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.32: Bad quota inum: 64, type: 0 [ 34.328113][ T472] EXT4-fs (loop1): Remounting filesystem read-only [ 34.336728][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 34.340679][ T472] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 34.362382][ T472] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 34.368864][ T472] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 34.368861][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 34.368890][ T6] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 34.501673][ T6] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 34.533835][ T6] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 34.545094][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.595954][ T461] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 35.658456][ T385] Bluetooth: hci0: command 0x1003 tx timeout [ 35.666804][ T384] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 35.672902][ T456] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 35.702510][ T488] loop4: detected capacity change from 0 to 512 [ 35.736289][ T488] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 35.771971][ T488] EXT4-fs (loop4): orphan cleanup on readonly fs [ 35.781119][ T488] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.36: Bad quota inum: 64, type: 0 [ 35.912288][ T488] EXT4-fs (loop4): Remounting filesystem read-only [ 35.935981][ T488] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 35.970509][ T456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.004509][ T456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.019019][ T488] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 36.046895][ T488] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 36.088338][ T488] EXT4-fs (loop4): unmounting filesystem. [ 36.848768][ T28] audit: type=1400 audit(1734779777.855:190): avc: denied { read } for pid=498 comm="syz.3.38" name="rtc0" dev="devtmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 36.881082][ T504] loop3: detected capacity change from 0 to 512 [ 36.950902][ T504] EXT4-fs: Ignoring removed i_version option [ 36.956987][ T504] EXT4-fs: Ignoring removed mblk_io_submit option [ 36.963987][ T504] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 36.974044][ T28] audit: type=1400 audit(1734779777.885:191): avc: denied { open } for pid=498 comm="syz.3.38" path="/dev/rtc0" dev="devtmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 36.976942][ T504] EXT4-fs (loop3): 1 truncate cleaned up [ 37.002602][ T504] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 37.266522][ T293] EXT4-fs (loop3): unmounting filesystem. [ 37.343385][ T291] EXT4-fs (loop1): unmounting filesystem. [ 37.373641][ T399] usb 1-1: USB disconnect, device number 3 [ 37.373663][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 37.390964][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 37.932111][ T521] loop3: detected capacity change from 0 to 512 [ 38.969237][ T292] EXT4-fs (loop2): unmounting filesystem. [ 38.979513][ T521] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #15: comm syz.3.41: inline data xattr refers to an external xattr inode [ 38.994625][ T521] EXT4-fs (loop3): Remounting filesystem read-only [ 39.001053][ T521] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.41: couldn't read orphan inode 15 (err -117) [ 39.012817][ T521] EXT4-fs (loop3): Remounting filesystem read-only [ 39.020375][ T521] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 39.095712][ T293] EXT4-fs (loop3): unmounting filesystem. [ 39.750399][ T28] audit: type=1400 audit(1734779780.435:192): avc: denied { mount } for pid=527 comm="syz.4.45" name="/" dev="configfs" ino=12973 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 39.967224][ T28] audit: type=1400 audit(1734779780.965:193): avc: denied { unmount } for pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 40.170394][ T555] loop2: detected capacity change from 0 to 512 [ 40.293661][ T555] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.300007][ T559] loop1: detected capacity change from 0 to 512 [ 40.310042][ T559] EXT4-fs: Ignoring removed i_version option [ 40.318637][ T564] loop0: detected capacity change from 0 to 512 [ 40.319628][ T555] EXT4-fs (loop2): orphan cleanup on readonly fs [ 40.331410][ T564] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.336817][ T555] EXT4-fs error (device loop2): ext4_quota_enable:6975: comm syz.2.50: Bad quota inum: 64, type: 0 [ 40.340674][ T559] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.356113][ T555] EXT4-fs (loop2): Remounting filesystem read-only [ 40.363822][ T555] EXT4-fs warning (device loop2): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 40.378756][ T559] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 40.388460][ T555] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 40.388486][ T555] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 40.396081][ T555] EXT4-fs (loop2): unmounting filesystem. [ 40.404461][ T564] EXT4-fs (loop0): orphan cleanup on readonly fs [ 40.415531][ T564] EXT4-fs error (device loop0): ext4_quota_enable:6975: comm syz.0.53: Bad quota inum: 64, type: 0 [ 40.426724][ T564] EXT4-fs (loop0): Remounting filesystem read-only [ 40.433091][ T564] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 40.447591][ T564] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 40.452643][ T559] EXT4-fs (loop1): 1 truncate cleaned up [ 40.454083][ T564] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 40.459683][ T559] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 40.487665][ T290] EXT4-fs (loop0): unmounting filesystem. [ 41.042756][ T353] Bluetooth: hci0: Frame reassembly failed (-84) [ 41.045511][ T291] EXT4-fs (loop1): unmounting filesystem. [ 41.066663][ T587] loop1: detected capacity change from 0 to 512 [ 41.075477][ T587] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #15: comm syz.1.59: inline data xattr refers to an external xattr inode [ 41.090370][ T587] EXT4-fs (loop1): Remounting filesystem read-only [ 41.096907][ T587] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.59: couldn't read orphan inode 15 (err -117) [ 41.130011][ T587] EXT4-fs (loop1): Remounting filesystem read-only [ 41.136569][ T587] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 41.464456][ T291] EXT4-fs (loop1): unmounting filesystem. [ 42.033115][ T28] audit: type=1400 audit(1734779783.035:194): avc: denied { create } for pid=602 comm="syz.2.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.053775][ T28] audit: type=1400 audit(1734779783.035:195): avc: denied { write } for pid=602 comm="syz.2.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.074111][ T28] audit: type=1400 audit(1734779783.035:196): avc: denied { nlmsg_write } for pid=602 comm="syz.2.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.094552][ T28] audit: type=1400 audit(1734779783.035:197): avc: denied { setopt } for pid=602 comm="syz.2.64" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 42.101168][ T484] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 42.541041][ T484] usb 4-1: Using ep0 maxpacket: 16 [ 42.549958][ T484] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 42.560845][ T484] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 42.570438][ T484] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 42.579354][ T484] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.587914][ T484] usb 4-1: config 0 descriptor?? [ 42.803075][ T593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.814976][ T593] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.041826][ T593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.056462][ T593] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.071148][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 43.077157][ T384] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 43.306445][ T627] loop2: detected capacity change from 0 to 512 [ 43.332727][ T627] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 43.351339][ T627] EXT4-fs (loop2): orphan cleanup on readonly fs [ 43.361757][ T627] EXT4-fs error (device loop2): ext4_quota_enable:6975: comm syz.2.68: Bad quota inum: 64, type: 0 [ 43.375643][ T633] loop0: detected capacity change from 0 to 512 [ 43.390903][ T627] EXT4-fs (loop2): Remounting filesystem read-only [ 43.405580][ T627] EXT4-fs warning (device loop2): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 43.420572][ T633] EXT4-fs: Ignoring removed i_version option [ 43.421233][ T627] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 43.430245][ T633] EXT4-fs: Ignoring removed mblk_io_submit option [ 43.433183][ T627] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 43.450145][ T627] EXT4-fs (loop2): unmounting filesystem. [ 43.465060][ T28] audit: type=1400 audit(1734779784.475:198): avc: denied { write } for pid=591 comm="syz.3.60" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 43.489135][ T633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 43.502835][ T633] EXT4-fs (loop0): 1 truncate cleaned up [ 43.508301][ T633] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 43.715389][ T290] EXT4-fs (loop0): unmounting filesystem. [ 44.104352][ T654] loop0: detected capacity change from 0 to 512 [ 44.104570][ T484] usbhid 4-1:0.0: can't add hid device: -71 [ 44.117155][ T654] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 44.153647][ T654] EXT4-fs (loop0): orphan cleanup on readonly fs [ 44.160024][ T654] EXT4-fs error (device loop0): ext4_quota_enable:6975: comm syz.0.72: Bad quota inum: 64, type: 0 [ 44.259488][ T484] usbhid: probe of 4-1:0.0 failed with error -71 [ 44.260929][ T654] EXT4-fs (loop0): Remounting filesystem read-only [ 44.267447][ T484] usb 4-1: USB disconnect, device number 2 [ 44.272200][ T654] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 44.292242][ T654] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 44.899432][ T654] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 46.749089][ T290] EXT4-fs (loop0): unmounting filesystem. [ 47.143819][ T526] Bluetooth: hci0: Frame reassembly failed (-84) [ 47.161193][ T28] audit: type=1400 audit(1734779788.155:199): avc: denied { read } for pid=674 comm="syz.1.79" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 47.191744][ T28] audit: type=1400 audit(1734779788.165:200): avc: denied { open } for pid=674 comm="syz.1.79" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 48.466506][ T704] loop2: detected capacity change from 0 to 512 [ 48.489798][ T704] EXT4-fs: Ignoring removed i_version option [ 48.509885][ T704] EXT4-fs: Ignoring removed mblk_io_submit option [ 48.524048][ T704] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 48.542521][ T704] EXT4-fs (loop2): 1 truncate cleaned up [ 48.548291][ T704] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 49.150988][ T384] Bluetooth: hci0: command 0x1003 tx timeout [ 49.162591][ T385] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 49.213474][ T722] loop0: detected capacity change from 0 to 128 [ 49.228944][ T722] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 49.237590][ T722] ext4 filesystem being mounted at /16/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 49.270341][ T290] EXT4-fs (loop0): unmounting filesystem. [ 49.733544][ T732] loop4: detected capacity change from 0 to 512 [ 49.739931][ T732] EXT4-fs: Ignoring removed i_version option [ 49.762876][ T732] EXT4-fs: Ignoring removed mblk_io_submit option [ 49.775751][ T732] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 49.798096][ T732] EXT4-fs (loop4): 1 truncate cleaned up [ 49.804580][ T732] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 50.179181][ T749] fuse: Bad value for 'fd' [ 50.346780][ T294] EXT4-fs (loop4): unmounting filesystem. [ 50.991107][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 51.178211][ T292] EXT4-fs (loop2): unmounting filesystem. [ 51.222913][ T39] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.260707][ T39] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 51.270076][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.278099][ T39] usb 5-1: Product: syz [ 51.283202][ T39] usb 5-1: Manufacturer: syz [ 51.287631][ T39] usb 5-1: SerialNumber: syz [ 51.299143][ T39] usb 5-1: config 0 descriptor?? [ 51.310009][ T39] usb 5-1: bad CDC descriptors [ 51.318333][ T39] cdc_acm 5-1:0.0: Zero length descriptor references [ 51.325804][ T39] cdc_acm: probe of 5-1:0.0 failed with error -22 [ 51.524081][ T39] usb 5-1: USB disconnect, device number 3 [ 51.569529][ T788] fuse: Bad value for 'fd' [ 51.666126][ T795] loop1: detected capacity change from 0 to 512 [ 51.674378][ T795] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 51.685149][ T795] EXT4-fs (loop1): orphan cleanup on readonly fs [ 51.691463][ T795] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.111: Bad quota inum: 64, type: 0 [ 51.703118][ T795] EXT4-fs (loop1): Remounting filesystem read-only [ 51.709609][ T795] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 51.726695][ T795] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 51.734823][ T795] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 53.157377][ T813] loop3: detected capacity change from 0 to 128 [ 53.233660][ T813] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 53.259624][ T813] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 53.273446][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 53.537202][ T293] EXT4-fs (loop3): unmounting filesystem. [ 53.750158][ T692] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 53.941105][ T692] usb 3-1: Using ep0 maxpacket: 8 [ 53.948534][ T692] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 54.033429][ T692] usb 3-1: config 179 has no interface number 0 [ 54.157824][ T838] loop0: detected capacity change from 0 to 128 [ 54.160856][ T692] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 54.184857][ T692] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 54.197005][ T838] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.205561][ T692] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 54.211361][ T838] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 54.216679][ T692] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 54.242356][ T692] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 54.255755][ T692] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 54.264665][ T692] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.274411][ T829] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 54.288410][ T290] EXT4-fs (loop0): unmounting filesystem. [ 54.789265][ T851] loop0: detected capacity change from 0 to 512 [ 54.840097][ T857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.129'. [ 54.856299][ T851] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.912521][ T851] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.934587][ T851] EXT4-fs error (device loop0): ext4_quota_enable:6975: comm syz.0.127: Bad quota inum: 64, type: 0 [ 55.123034][ T851] EXT4-fs (loop0): Remounting filesystem read-only [ 55.310987][ T385] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 55.311178][ T384] Bluetooth: hci0: command 0x1003 tx timeout [ 55.319911][ T851] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 55.337851][ T824] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 55.338063][ T851] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 55.350242][ T851] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 55.401355][ T824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 55.441406][ T824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.451349][ T28] audit: type=1400 audit(1734779796.465:201): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 55.515417][ T28] audit: type=1400 audit(1734779796.465:202): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 55.661625][ T291] EXT4-fs (loop1): unmounting filesystem. [ 55.996014][ T876] loop1: detected capacity change from 0 to 512 [ 56.011340][ T876] EXT4-fs: Ignoring removed i_version option [ 56.017289][ T876] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.031627][ T876] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 56.043625][ T876] EXT4-fs (loop1): 1 truncate cleaned up [ 56.049218][ T876] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 56.403711][ T886] loop4: detected capacity change from 0 to 128 [ 56.420310][ T886] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 56.428884][ T886] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 56.457967][ T294] EXT4-fs (loop4): unmounting filesystem. [ 56.607436][ T891] loop4: detected capacity change from 0 to 512 [ 56.631142][ T891] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.662564][ T891] EXT4-fs (loop4): orphan cleanup on readonly fs [ 56.682154][ T891] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.137: Bad quota inum: 64, type: 0 [ 56.716709][ T891] EXT4-fs (loop4): Remounting filesystem read-only [ 56.735511][ T891] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 56.778940][ T891] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 56.797954][ T891] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 56.824918][ T891] EXT4-fs (loop4): unmounting filesystem. [ 56.861974][ T291] EXT4-fs (loop1): unmounting filesystem. [ 57.479026][ T867] Bluetooth: hci0: command 0x0c1a tx timeout [ 57.678669][ T24] usb 3-1: USB disconnect, device number 3 [ 57.678710][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 57.692475][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 57.913604][ T906] loop3: detected capacity change from 0 to 512 [ 57.981366][ T911] loop1: detected capacity change from 0 to 512 [ 57.988066][ T906] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 58.001154][ T906] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.237613][ T906] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.140: corrupted inode contents [ 58.281065][ T28] audit: type=1400 audit(1734779799.235:203): avc: denied { create } for pid=905 comm="syz.3.140" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 58.356688][ T906] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #2: comm syz.3.140: mark_inode_dirty error [ 58.408616][ T911] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #15: comm syz.1.142: inline data xattr refers to an external xattr inode [ 58.433743][ T911] EXT4-fs (loop1): Remounting filesystem read-only [ 58.442796][ T906] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.140: corrupted inode contents [ 58.459557][ T911] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.142: couldn't read orphan inode 15 (err -117) [ 58.483741][ T911] EXT4-fs (loop1): Remounting filesystem read-only [ 58.491397][ T906] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.140: mark_inode_dirty error [ 58.507716][ T911] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 58.523602][ T290] EXT4-fs (loop0): unmounting filesystem. [ 58.560381][ T291] EXT4-fs (loop1): unmounting filesystem. [ 58.682049][ T924] 9pnet_fd: Insufficient options for proto=fd [ 58.757972][ T929] loop1: detected capacity change from 0 to 512 [ 58.765099][ T929] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 58.828249][ T929] EXT4-fs (loop1): orphan cleanup on readonly fs [ 58.834513][ T929] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.145: Bad quota inum: 64, type: 0 [ 58.845750][ T929] EXT4-fs (loop1): Remounting filesystem read-only [ 58.846180][ T293] EXT4-fs (loop3): unmounting filesystem. [ 58.852204][ T929] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 58.872352][ T929] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 58.879108][ T929] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 59.208440][ T937] loop4: detected capacity change from 0 to 512 [ 59.256657][ T937] EXT4-fs: Ignoring removed i_version option [ 59.292418][ T937] EXT4-fs: Ignoring removed mblk_io_submit option [ 59.321129][ T937] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 59.339772][ T937] EXT4-fs (loop4): 1 truncate cleaned up [ 59.346773][ T937] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 59.661048][ T291] EXT4-fs (loop1): unmounting filesystem. [ 60.028557][ T294] EXT4-fs (loop4): unmounting filesystem. [ 60.118335][ T956] loop2: detected capacity change from 0 to 512 [ 60.323931][ T956] EXT4-fs: Ignoring removed i_version option [ 60.329829][ T956] EXT4-fs: Ignoring removed mblk_io_submit option [ 60.349514][ T956] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 60.373534][ T956] EXT4-fs (loop2): 1 truncate cleaned up [ 60.379409][ T956] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 61.287913][ T45] Bluetooth: hci0: sending frame failed (-49) [ 61.326364][ T867] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 61.525573][ T292] EXT4-fs (loop2): unmounting filesystem. [ 61.543637][ T980] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 61.570038][ T984] 9pnet_fd: Insufficient options for proto=fd [ 61.594513][ T526] Bluetooth: hci1: Frame reassembly failed (-84) [ 61.605029][ T985] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 61.613469][ T987] netlink: 8 bytes leftover after parsing attributes in process `syz.2.158'. [ 61.618399][ T989] loop3: detected capacity change from 0 to 512 [ 61.642976][ T989] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 61.652074][ T989] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.694653][ T989] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.159: corrupted inode contents [ 61.706559][ T989] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #2: comm syz.3.159: mark_inode_dirty error [ 61.718514][ T989] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.159: corrupted inode contents [ 61.730412][ T989] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.159: mark_inode_dirty error [ 61.824083][ T293] EXT4-fs (loop3): unmounting filesystem. [ 61.891137][ T624] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 62.089947][ T6] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 62.098623][ T1003] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 62.103193][ T28] audit: type=1400 audit(1734779803.115:204): avc: denied { append } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.106791][ T624] usb 1-1: Using ep0 maxpacket: 8 [ 62.128584][ T28] audit: type=1400 audit(1734779803.115:205): avc: denied { open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.155578][ T28] audit: type=1400 audit(1734779803.115:206): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.156290][ T624] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 62.186539][ T624] usb 1-1: config 179 has no interface number 0 [ 62.192794][ T624] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 62.203956][ T624] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 62.215160][ T624] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 62.226309][ T624] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 62.237649][ T624] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 62.250793][ T624] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 62.259700][ T624] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.268715][ T985] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 62.280989][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 62.287330][ T6] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 62.295469][ T6] usb 5-1: config 179 has no interface number 0 [ 62.301591][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 62.313391][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 62.324549][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 62.337624][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 62.349237][ T6] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 62.364363][ T6] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 62.373327][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.382289][ T976] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 63.145751][ T1020] loop2: detected capacity change from 0 to 512 [ 63.274269][ T1020] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 63.292635][ T1020] EXT4-fs (loop2): orphan cleanup on readonly fs [ 63.298886][ T1020] EXT4-fs error (device loop2): ext4_quota_enable:6975: comm syz.2.166: Bad quota inum: 64, type: 0 [ 63.310188][ T1020] EXT4-fs (loop2): Remounting filesystem read-only [ 63.317118][ T1020] EXT4-fs warning (device loop2): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 63.333620][ T985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.344711][ T985] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.352720][ T1020] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 63.359768][ T1020] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 63.371629][ T1020] EXT4-fs (loop2): unmounting filesystem. [ 63.377826][ T1026] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 64.188081][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 64.194200][ T867] Bluetooth: hci1: command 0x1003 tx timeout [ 64.613073][ T976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.622200][ T976] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.635542][ T1035] 9pnet_fd: Insufficient options for proto=fd [ 64.659465][ T1037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.171'. [ 64.681081][ T301] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 64.693729][ T1039] loop1: detected capacity change from 0 to 512 [ 64.723680][ T1039] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 64.732794][ T1039] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.765085][ T1039] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.172: corrupted inode contents [ 64.777420][ T1039] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #2: comm syz.1.172: mark_inode_dirty error [ 64.788982][ T1039] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.172: corrupted inode contents [ 64.800895][ T1039] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.172: mark_inode_dirty error [ 64.825391][ T1044] loop2: detected capacity change from 0 to 512 [ 64.844134][ T1044] EXT4-fs: Ignoring removed i_version option [ 64.850102][ T1044] EXT4-fs: Ignoring removed mblk_io_submit option [ 64.861695][ T1044] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 64.875196][ T1044] EXT4-fs (loop2): 1 truncate cleaned up [ 64.880763][ T1044] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 64.953891][ T301] usb 4-1: Using ep0 maxpacket: 8 [ 64.960189][ T301] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 64.961335][ T291] EXT4-fs (loop1): unmounting filesystem. [ 64.981011][ T301] usb 4-1: config 179 has no interface number 0 [ 64.987146][ T301] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 65.020994][ T301] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 65.040993][ T301] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 65.060990][ T301] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 65.090998][ T301] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 65.109463][ T301] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 65.163173][ T301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.172620][ T1026] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 65.210710][ T1050] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 65.308262][ T301] usb 1-1: USB disconnect, device number 4 [ 65.308320][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 65.308358][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 65.391121][ T45] Bluetooth: hci0: command 0x0c1a tx timeout [ 65.437109][ T6] usb 5-1: USB disconnect, device number 4 [ 65.442807][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 65.442843][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 65.594516][ T1065] loop0: detected capacity change from 0 to 512 [ 65.603982][ T1065] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 65.629164][ T1065] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.637962][ T1065] EXT4-fs error (device loop0): ext4_quota_enable:6975: comm syz.0.176: Bad quota inum: 64, type: 0 [ 65.674000][ T1026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.694984][ T1065] EXT4-fs (loop0): Remounting filesystem read-only [ 65.703397][ T1026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.720460][ T1065] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 65.735485][ T1065] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 65.736190][ T292] EXT4-fs (loop2): unmounting filesystem. [ 65.742503][ T1065] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 65.757161][ T1065] EXT4-fs (loop0): unmounting filesystem. [ 65.847168][ T1075] 9pnet_fd: Insufficient options for proto=fd [ 66.041024][ T624] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 66.231084][ T624] usb 3-1: Using ep0 maxpacket: 16 [ 66.238424][ T624] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 66.255725][ T624] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 66.272997][ T624] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 66.290992][ T624] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.304170][ T624] usb 3-1: config 0 descriptor?? [ 66.671606][ T1071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.914830][ T1071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.990731][ T301] usb 4-1: USB disconnect, device number 3 [ 66.996441][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 66.996483][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 67.030843][ T1090] loop3: detected capacity change from 0 to 512 [ 67.052932][ T1090] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 67.062227][ T1090] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.082106][ T1090] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.185: corrupted inode contents [ 67.094065][ T1090] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #2: comm syz.3.185: mark_inode_dirty error [ 67.105402][ T1090] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #2: comm syz.3.185: corrupted inode contents [ 67.117228][ T1090] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.185: mark_inode_dirty error [ 67.206022][ T1071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.251882][ T1071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.286216][ T19] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 67.300579][ T293] EXT4-fs (loop3): unmounting filesystem. [ 67.341354][ T1071] kvm: emulating exchange as write [ 67.718692][ T1109] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 67.774522][ T624] usbhid 3-1:0.0: can't add hid device: -71 [ 67.780359][ T624] usbhid: probe of 3-1:0.0 failed with error -71 [ 67.789836][ T624] usb 3-1: USB disconnect, device number 4 [ 67.801066][ T19] usb 2-1: Using ep0 maxpacket: 8 [ 67.803286][ T1114] loop0: detected capacity change from 0 to 512 [ 67.807270][ T19] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 67.821172][ T19] usb 2-1: config 179 has no interface number 0 [ 67.827304][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 67.829483][ T1114] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #15: comm syz.0.189: inline data xattr refers to an external xattr inode [ 67.838676][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 67.854411][ T1114] EXT4-fs (loop0): Remounting filesystem read-only [ 67.863780][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 67.870224][ T1114] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.189: couldn't read orphan inode 15 (err -117) [ 67.881042][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 67.897121][ T1114] EXT4-fs (loop0): Remounting filesystem read-only [ 67.903783][ T19] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 67.903828][ T19] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 67.910783][ T1114] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 67.923606][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.953612][ T1088] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 68.024210][ T1117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.190'. [ 68.107293][ T1122] 9pnet_fd: Insufficient options for proto=fd [ 68.165050][ T1124] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 68.202740][ T1124] kvm: pic: non byte read [ 68.515917][ T1140] loop2: detected capacity change from 0 to 512 [ 68.576722][ T1140] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 68.605122][ T1143] loop3: detected capacity change from 0 to 512 [ 68.614177][ T1143] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 68.676733][ T1143] EXT4-fs (loop3): orphan cleanup on readonly fs [ 68.683041][ T1143] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.196: Bad quota inum: 64, type: 0 [ 68.694561][ T1143] EXT4-fs (loop3): Remounting filesystem read-only [ 68.701345][ T1143] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 68.709867][ T1140] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.715968][ T1143] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 68.732545][ T1143] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 68.772662][ T1140] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.197: corrupted inode contents [ 68.785116][ T290] EXT4-fs (loop0): unmounting filesystem. [ 68.785153][ T1140] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #2: comm syz.2.197: mark_inode_dirty error [ 68.803092][ T1140] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #2: comm syz.2.197: corrupted inode contents [ 68.813880][ T1146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.198'. [ 68.824416][ T1140] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.197: mark_inode_dirty error [ 68.858193][ T292] EXT4-fs (loop2): unmounting filesystem. [ 68.887654][ T1151] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 68.897439][ T1151] kvm: pic: level sensitive irq not supported [ 68.897512][ T1151] kvm: pic: non byte read [ 69.465439][ T1160] 9pnet_fd: Insufficient options for proto=fd [ 69.556670][ T293] EXT4-fs (loop3): unmounting filesystem. [ 69.595000][ T1167] 9pnet_fd: Insufficient options for proto=fd [ 70.330820][ T24] usb 2-1: USB disconnect, device number 3 [ 70.330890][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 70.350950][ C0] dummy_hcd dummy_hcd.1: timer fired with no URBs pending? [ 70.511276][ T1184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.209'. [ 70.549132][ T1187] loop1: detected capacity change from 0 to 512 [ 70.582658][ T1187] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 70.591527][ T1187] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.591937][ T393] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 70.612571][ T1187] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.210: corrupted inode contents [ 70.626132][ T1187] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #2: comm syz.1.210: mark_inode_dirty error [ 70.638406][ T1187] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #2: comm syz.1.210: corrupted inode contents [ 70.643194][ T1194] loop2: detected capacity change from 0 to 512 [ 70.651820][ T1187] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.210: mark_inode_dirty error [ 70.657144][ T1194] EXT4-fs: Ignoring removed i_version option [ 70.675407][ T1194] EXT4-fs: Ignoring removed mblk_io_submit option [ 70.682110][ T1194] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 70.693246][ T291] EXT4-fs (loop1): unmounting filesystem. [ 70.694165][ T1194] EXT4-fs (loop2): 1 truncate cleaned up [ 70.704321][ T1194] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 70.721028][ T624] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 70.729518][ T1200] loop1: detected capacity change from 0 to 512 [ 70.738215][ T1200] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 70.749736][ T1200] EXT4-fs (loop1): 1 truncate cleaned up [ 70.755773][ T1200] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 70.774209][ T291] EXT4-fs (loop1): unmounting filesystem. [ 70.810999][ T393] usb 1-1: Using ep0 maxpacket: 16 [ 70.820918][ T393] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 70.836671][ T393] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 70.877021][ T393] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 70.885967][ T393] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.894276][ T393] usb 1-1: config 0 descriptor?? [ 70.922128][ T624] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 70.934018][ T624] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 70.943020][ T624] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.950874][ T624] usb 5-1: Product: syz [ 70.955369][ T624] usb 5-1: Manufacturer: syz [ 70.959841][ T624] usb 5-1: SerialNumber: syz [ 70.967240][ T624] usb 5-1: config 0 descriptor?? [ 70.974689][ T624] usb 5-1: bad CDC descriptors [ 70.980029][ T624] cdc_acm 5-1:0.0: Zero length descriptor references [ 70.993235][ T624] cdc_acm: probe of 5-1:0.0 failed with error -22 [ 71.102312][ T1176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.110624][ T1176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.179817][ T19] usb 5-1: USB disconnect, device number 5 [ 71.189363][ T1209] loop1: detected capacity change from 0 to 512 [ 71.196377][ T1209] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.206708][ T1209] EXT4-fs (loop1): orphan cleanup on readonly fs [ 71.213008][ T1209] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.215: Bad quota inum: 64, type: 0 [ 71.223873][ T1209] EXT4-fs (loop1): Remounting filesystem read-only [ 71.230234][ T1209] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 71.244747][ T1209] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 71.251295][ T1209] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 71.319814][ T1176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.328255][ T1176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.421010][ T1214] 9pnet_fd: Insufficient options for proto=fd [ 71.506369][ T292] EXT4-fs (loop2): unmounting filesystem. [ 71.543266][ T393] usbhid 1-1:0.0: can't add hid device: -71 [ 71.550001][ T393] usbhid: probe of 1-1:0.0 failed with error -71 [ 71.558702][ T393] usb 1-1: USB disconnect, device number 5 [ 71.585136][ T1224] loop3: detected capacity change from 0 to 512 [ 71.607373][ T1224] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.617631][ T1224] EXT4-fs (loop3): orphan cleanup on readonly fs [ 71.623978][ T1224] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.218: Bad quota inum: 64, type: 0 [ 71.635975][ T1224] EXT4-fs (loop3): Remounting filesystem read-only [ 71.642618][ T1224] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 71.657345][ T1224] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 71.664101][ T1224] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 71.673446][ T1224] EXT4-fs (loop3): unmounting filesystem. [ 71.800416][ T1229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.221'. [ 71.838781][ T1233] loop4: detected capacity change from 0 to 512 [ 71.845030][ T19] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 71.862798][ T1233] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 71.871714][ T1233] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.891763][ T1233] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.223: corrupted inode contents [ 71.907120][ T1233] EXT4-fs error (device loop4): ext4_dirty_inode:6091: inode #2: comm syz.4.223: mark_inode_dirty error [ 71.918611][ T1233] EXT4-fs error (device loop4): ext4_do_update_inode:5226: inode #2: comm syz.4.223: corrupted inode contents [ 71.930460][ T1233] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.223: mark_inode_dirty error [ 71.952579][ T294] EXT4-fs (loop4): unmounting filesystem. [ 71.985292][ T291] EXT4-fs (loop1): unmounting filesystem. [ 72.041018][ T19] usb 3-1: Using ep0 maxpacket: 8 [ 72.047557][ T19] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 72.056193][ T19] usb 3-1: config 179 has no interface number 0 [ 72.062488][ T19] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 72.074099][ T19] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 72.085676][ T19] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 72.100171][ T19] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 72.111785][ T19] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 72.129913][ T1247] loop1: detected capacity change from 0 to 512 [ 72.136812][ T19] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 72.145971][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.156792][ T1247] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 72.167235][ T1247] EXT4-fs (loop1): orphan cleanup on readonly fs [ 72.173469][ T1247] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.225: Bad quota inum: 64, type: 0 [ 72.191365][ T1247] EXT4-fs (loop1): Remounting filesystem read-only [ 72.197728][ T1247] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 72.212320][ T1247] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 72.218826][ T1247] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 72.228140][ T1247] EXT4-fs (loop1): unmounting filesystem. [ 72.243474][ T1223] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 72.326829][ T1251] 9pnet_fd: Insufficient options for proto=fd [ 72.430979][ T6] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 72.610964][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 72.617144][ T6] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 72.642063][ T6] usb 5-1: config 179 has no interface number 0 [ 72.665685][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 72.705009][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 72.744237][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 72.783755][ T6] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 72.825220][ T6] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 72.871839][ T6] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 72.904516][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.941152][ T1248] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 73.246520][ T1263] netlink: 8 bytes leftover after parsing attributes in process `syz.1.233'. [ 73.396706][ T1269] loop0: detected capacity change from 0 to 512 [ 73.464296][ T1248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.475866][ T1269] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 73.486031][ T1269] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.496510][ T393] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 73.535414][ T1269] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #2: comm syz.0.235: corrupted inode contents [ 73.559817][ T1269] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #2: comm syz.0.235: mark_inode_dirty error [ 73.572264][ T1248] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.582951][ T1269] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #2: comm syz.0.235: corrupted inode contents [ 73.612376][ T1269] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.235: mark_inode_dirty error [ 73.648855][ T290] EXT4-fs (loop0): unmounting filesystem. [ 73.712302][ T393] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 73.724748][ T393] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 73.734749][ T393] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.742938][ T393] usb 4-1: Product: syz [ 73.747054][ T393] usb 4-1: Manufacturer: syz [ 73.751937][ T393] usb 4-1: SerialNumber: syz [ 73.768262][ T393] usb 4-1: config 0 descriptor?? [ 73.774363][ T393] usb 4-1: bad CDC descriptors [ 73.779307][ T393] cdc_acm 4-1:0.0: Zero length descriptor references [ 73.785921][ T393] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 73.830654][ T1277] loop0: detected capacity change from 0 to 512 [ 73.838171][ T1277] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 73.848349][ T1277] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.854583][ T1277] EXT4-fs error (device loop0): ext4_quota_enable:6975: comm syz.0.236: Bad quota inum: 64, type: 0 [ 73.865516][ T1277] EXT4-fs (loop0): Remounting filesystem read-only [ 73.872018][ T1277] EXT4-fs warning (device loop0): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 73.886797][ T1277] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 73.893430][ T1277] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 73.981240][ T317] usb 4-1: USB disconnect, device number 4 [ 74.111002][ T1246] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 74.117193][ T355] Bluetooth: hci0: Frame reassembly failed (-84) [ 74.617680][ T290] EXT4-fs (loop0): unmounting filesystem. [ 74.655169][ T624] usb 3-1: USB disconnect, device number 5 [ 74.655167][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 74.655204][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 74.708714][ T1289] 9pnet_fd: Insufficient options for proto=fd [ 74.878910][ T1300] loop2: detected capacity change from 0 to 512 [ 74.893861][ T1300] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.904010][ T1300] EXT4-fs (loop2): orphan cleanup on readonly fs [ 74.910206][ T1300] EXT4-fs error (device loop2): ext4_quota_enable:6975: comm syz.2.243: Bad quota inum: 64, type: 0 [ 74.921735][ T1300] EXT4-fs (loop2): Remounting filesystem read-only [ 74.928102][ T1300] EXT4-fs warning (device loop2): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 74.943112][ T1300] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 74.949678][ T1300] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 74.959305][ T1300] EXT4-fs (loop2): unmounting filesystem. [ 75.081602][ T1303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.244'. [ 75.131019][ T19] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 75.161726][ T6] usb 5-1: USB disconnect, device number 6 [ 75.167396][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 75.167436][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 75.653049][ T19] usb 1-1: Using ep0 maxpacket: 8 [ 75.661368][ T19] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 75.669458][ T19] usb 1-1: config 179 has no interface number 0 [ 75.691029][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 75.702163][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 75.724313][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 75.740970][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 75.761032][ T19] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 75.776995][ T19] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 75.785918][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.797957][ T1298] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 76.021495][ T353] Bluetooth: hci1: Frame reassembly failed (-84) [ 76.135499][ T1325] loop1: detected capacity change from 0 to 512 [ 76.142818][ T1325] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 76.156816][ T1325] EXT4-fs (loop1): orphan cleanup on readonly fs [ 76.163012][ T1325] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.250: Bad quota inum: 64, type: 0 [ 76.174619][ T1325] EXT4-fs (loop1): Remounting filesystem read-only [ 76.180978][ T1325] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 76.195799][ T1325] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 76.202316][ T1325] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 76.211018][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 76.212987][ T384] Bluetooth: hci0: command 0x0c1a tx timeout [ 76.223079][ T1293] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 76.238333][ T1330] 9pnet_fd: Insufficient options for proto=fd [ 76.261649][ T1293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.270019][ T1293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.919548][ T291] EXT4-fs (loop1): unmounting filesystem. [ 77.085954][ T1343] loop1: detected capacity change from 0 to 512 [ 77.101377][ T1343] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 77.124268][ T1346] netlink: 8 bytes leftover after parsing attributes in process `syz.4.255'. [ 77.195267][ T1343] EXT4-fs (loop1): orphan cleanup on readonly fs [ 77.202004][ T1343] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.254: Bad quota inum: 64, type: 0 [ 77.213163][ T1343] EXT4-fs (loop1): Remounting filesystem read-only [ 77.219512][ T1343] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 77.234071][ T1343] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 77.240501][ T1343] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 77.249862][ T1343] EXT4-fs (loop1): unmounting filesystem. [ 77.440987][ T393] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 77.631010][ T393] usb 5-1: Using ep0 maxpacket: 16 [ 77.637174][ T393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 77.648232][ T393] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 77.658104][ T393] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 77.667230][ T393] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.678878][ T393] usb 5-1: config 0 descriptor?? [ 77.703188][ T624] usb 1-1: USB disconnect, device number 6 [ 77.703209][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 77.703243][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 77.782790][ T1355] loop2: detected capacity change from 0 to 512 [ 77.792339][ T1355] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #15: comm syz.2.259: inline data xattr refers to an external xattr inode [ 77.807137][ T1355] EXT4-fs (loop2): Remounting filesystem read-only [ 77.815421][ T1355] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.259: couldn't read orphan inode 15 (err -117) [ 77.827432][ T1355] EXT4-fs (loop2): Remounting filesystem read-only [ 77.834084][ T1355] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 77.885619][ T1348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.895143][ T1348] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.907832][ T1365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.262'. [ 77.938895][ T1367] 9pnet_fd: Insufficient options for proto=fd [ 77.974871][ T1371] loop1: detected capacity change from 0 to 128 [ 77.991802][ T1371] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 78.000362][ T1371] ext4 filesystem being mounted at /54/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 78.021884][ T291] EXT4-fs (loop1): unmounting filesystem. [ 78.037515][ T1375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.266'. [ 78.041075][ T1327] Bluetooth: hci1: command 0x1003 tx timeout [ 78.052026][ T867] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 78.104541][ T1348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.114839][ T1348] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.270972][ C0] ================================================================== [ 78.278875][ C0] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10 [ 78.285728][ C0] Write of size 8 at addr ffff88811c9a4a00 by task syz.1.267/1385 [ 78.293370][ C0] [ 78.295536][ C0] CPU: 0 PID: 1385 Comm: syz.1.267 Not tainted 6.1.118-syzkaller-00074-g3e3f2b9e9fca #0 [ 78.305082][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 78.314982][ C0] Call Trace: [ 78.318114][ C0] [ 78.320795][ C0] dump_stack_lvl+0x151/0x1b7 [ 78.325309][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 78.330601][ C0] ? _printk+0xd1/0x111 [ 78.334594][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 78.339545][ C0] print_report+0x158/0x4e0 [ 78.343886][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 78.348831][ C0] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 78.354909][ C0] ? __run_timers+0x34a/0xa10 [ 78.359418][ C0] kasan_report+0x13c/0x170 [ 78.363761][ C0] ? __run_timers+0x34a/0xa10 [ 78.368275][ C0] __asan_report_store8_noabort+0x17/0x20 [ 78.373824][ C0] __run_timers+0x34a/0xa10 [ 78.378177][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 78.383200][ C0] ? calc_index+0x270/0x270 [ 78.387535][ C0] ? sched_clock+0x9/0x10 [ 78.391700][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 78.396389][ C0] run_timer_softirq+0x69/0xf0 [ 78.400984][ C0] handle_softirqs+0x1db/0x650 [ 78.405586][ C0] ? irqtime_account_irq+0xdc/0x260 [ 78.410621][ C0] __irq_exit_rcu+0x52/0xf0 [ 78.414958][ C0] irq_exit_rcu+0x9/0x10 [ 78.419039][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 78.424507][ C0] [ 78.427306][ C0] [ 78.430059][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 78.435877][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x56/0x80 [ 78.442126][ C0] Code: f5 0d 87 e8 cc 0a 9b fc 48 83 3d d4 05 ec 01 00 74 34 48 89 df e8 6e 0f 00 00 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 95 ae 2d fc 65 8b 05 56 7e e0 7a 85 c0 74 05 5b 41 5e 5d c3 e8 [ 78.461568][ C0] RSP: 0018:ffffc90000c6f5e0 EFLAGS: 00000206 [ 78.467467][ C0] RAX: 0000000000000001 RBX: ffff888131d3aaec RCX: dffffc0000000000 [ 78.475279][ C0] RDX: ffffc90001acb000 RSI: 0000000000000246 RDI: 0000000000000001 [ 78.483089][ C0] RBP: ffffc90000c6f5f0 R08: ffffffff84082d69 R09: ffffed10229b0ae7 [ 78.490911][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 78.498799][ C0] R13: ffff888131d3aaec R14: 0000000000000246 R15: ffff888114d85640 [ 78.506613][ C0] ? __skb_try_recv_from_queue+0x599/0x750 [ 78.512257][ C0] __skb_try_recv_datagram+0x1c7/0x6a0 [ 78.517551][ C0] ? sock_load_diag_module+0x130/0x130 [ 78.522842][ C0] ? __skb_try_recv_from_queue+0x750/0x750 [ 78.528482][ C0] ? __kasan_check_write+0x14/0x20 [ 78.533432][ C0] __unix_dgram_recvmsg+0x3c0/0x12b0 [ 78.538552][ C0] ? unix_unhash+0x10/0x10 [ 78.542801][ C0] ? up_read+0x5d/0x220 [ 78.546815][ C0] ? exc_page_fault+0x4e5/0x6d0 [ 78.551483][ C0] ? iovec_from_user+0x60/0x320 [ 78.556169][ C0] ? __import_iovec+0x24f/0x430 [ 78.560855][ C0] unix_dgram_recvmsg+0xb7/0xd0 [ 78.565551][ C0] ? unix_dgram_sendmsg+0x2050/0x2050 [ 78.570749][ C0] ____sys_recvmsg+0x285/0x530 [ 78.575350][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 78.580212][ C0] ? do_recvmmsg+0x5bc/0xab0 [ 78.584636][ C0] do_recvmmsg+0x46d/0xab0 [ 78.588891][ C0] ? __sys_recvmmsg+0x270/0x270 [ 78.593581][ C0] ? memcg_rstat_updated+0x4f/0x110 [ 78.598609][ C0] ? __count_memcg_events+0x91/0xe0 [ 78.603645][ C0] ? handle_mm_fault+0x2b2d/0x30e0 [ 78.608604][ C0] ? numa_migrate_prep+0xe0/0xe0 [ 78.613382][ C0] ? __fget_files+0x2cb/0x330 [ 78.617877][ C0] __x64_sys_recvmmsg+0x195/0x240 [ 78.622737][ C0] ? debug_smp_processor_id+0x17/0x20 [ 78.627951][ C0] ? do_recvmmsg+0xab0/0xab0 [ 78.632372][ C0] ? irqentry_exit_to_user_mode+0xe/0x10 [ 78.637838][ C0] ? irqentry_exit+0x12/0x40 [ 78.642265][ C0] x64_sys_call+0x7e5/0x9a0 [ 78.646629][ C0] do_syscall_64+0x3b/0xb0 [ 78.650858][ C0] ? clear_bhb_loop+0x55/0xb0 [ 78.655381][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 78.661100][ C0] RIP: 0033:0x7f6446985d29 [ 78.665352][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.684793][ C0] RSP: 002b:00007f64477ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 78.693039][ C0] RAX: ffffffffffffffda RBX: 00007f6446b76080 RCX: 00007f6446985d29 [ 78.700849][ C0] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005 [ 78.708662][ C0] RBP: 00007f6446a01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 78.716476][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 78.724283][ C0] R13: 0000000000000001 R14: 00007f6446b76080 R15: 00007fff21072a38 [ 78.732105][ C0] [ 78.734963][ C0] [ 78.737132][ C0] Allocated by task 1246: [ 78.741296][ C0] kasan_set_track+0x4b/0x70 [ 78.745721][ C0] kasan_save_alloc_info+0x1f/0x30 [ 78.750757][ C0] __kasan_kmalloc+0x9c/0xb0 [ 78.755180][ C0] __kmalloc+0xb4/0x1e0 [ 78.759208][ C0] hci_alloc_dev_priv+0x27/0x1c00 [ 78.764034][ C0] hci_uart_tty_ioctl+0x401/0xa70 [ 78.768896][ C0] tty_ioctl+0x903/0xc50 [ 78.772975][ C0] __se_sys_ioctl+0x114/0x190 [ 78.777487][ C0] __x64_sys_ioctl+0x7b/0x90 [ 78.781914][ C0] x64_sys_call+0x98/0x9a0 [ 78.786171][ C0] do_syscall_64+0x3b/0xb0 [ 78.790420][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 78.796147][ C0] [ 78.798316][ C0] Freed by task 1293: [ 78.802136][ C0] kasan_set_track+0x4b/0x70 [ 78.806560][ C0] kasan_save_free_info+0x2b/0x40 [ 78.811425][ C0] ____kasan_slab_free+0x131/0x180 [ 78.816371][ C0] __kasan_slab_free+0x11/0x20 [ 78.821086][ C0] __kmem_cache_free+0x21d/0x410 [ 78.825859][ C0] kfree+0x7a/0xf0 [ 78.829412][ C0] hci_release_dev+0x14d3/0x1640 [ 78.834187][ C0] bt_host_release+0x83/0xa0 [ 78.838611][ C0] device_release+0x95/0x1c0 [ 78.843039][ C0] kobject_put+0x178/0x260 [ 78.847289][ C0] put_device+0x1f/0x30 [ 78.851284][ C0] hci_dev_cmd+0x2be/0x9b0 [ 78.855540][ C0] hci_sock_ioctl+0x415/0x7f0 [ 78.860046][ C0] sock_do_ioctl+0x152/0x450 [ 78.864474][ C0] sock_ioctl+0x455/0x740 [ 78.868641][ C0] __se_sys_ioctl+0x114/0x190 [ 78.873152][ C0] __x64_sys_ioctl+0x7b/0x90 [ 78.877580][ C0] x64_sys_call+0x98/0x9a0 [ 78.881832][ C0] do_syscall_64+0x3b/0xb0 [ 78.886085][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 78.891813][ C0] [ 78.893984][ C0] Last potentially related work creation: [ 78.899639][ C0] kasan_save_stack+0x3b/0x60 [ 78.904153][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 78.909365][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 78.915346][ C0] insert_work+0x56/0x310 [ 78.919517][ C0] __queue_work+0x9b6/0xd70 [ 78.923942][ C0] queue_work_on+0x105/0x170 [ 78.928369][ C0] __hci_cmd_sync_sk+0xc2a/0xf70 [ 78.933143][ C0] hci_cmd_sync_status+0x52/0x130 [ 78.938002][ C0] hci_dev_cmd+0x39e/0x9b0 [ 78.942272][ C0] hci_sock_ioctl+0x415/0x7f0 [ 78.946791][ C0] sock_do_ioctl+0x152/0x450 [ 78.951194][ C0] sock_ioctl+0x455/0x740 [ 78.955363][ C0] __se_sys_ioctl+0x114/0x190 [ 78.959875][ C0] __x64_sys_ioctl+0x7b/0x90 [ 78.964315][ C0] x64_sys_call+0x98/0x9a0 [ 78.968558][ C0] do_syscall_64+0x3b/0xb0 [ 78.972910][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 78.978536][ C0] [ 78.980706][ C0] Second to last potentially related work creation: [ 78.987130][ C0] kasan_save_stack+0x3b/0x60 [ 78.991642][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 78.996847][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 79.002607][ C0] insert_work+0x56/0x310 [ 79.006767][ C0] __queue_work+0x9b6/0xd70 [ 79.011106][ C0] queue_work_on+0x105/0x170 [ 79.015531][ C0] hci_cmd_timeout+0x199/0x200 [ 79.020134][ C0] process_one_work+0x73d/0xcb0 [ 79.024820][ C0] worker_thread+0xa60/0x1260 [ 79.029333][ C0] kthread+0x26d/0x300 [ 79.033266][ C0] ret_from_fork+0x1f/0x30 [ 79.037499][ C0] [ 79.039660][ C0] The buggy address belongs to the object at ffff88811c9a4000 [ 79.039660][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 79.053552][ C0] The buggy address is located 2560 bytes inside of [ 79.053552][ C0] 8192-byte region [ffff88811c9a4000, ffff88811c9a6000) [ 79.066825][ C0] [ 79.068996][ C0] The buggy address belongs to the physical page: [ 79.075257][ C0] page:ffffea0004726800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c9a0 [ 79.085312][ C0] head:ffffea0004726800 order:3 compound_mapcount:0 compound_pincount:0 [ 79.093470][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 79.099384][ C0] raw: 4000000000010200 ffffea00046bd200 dead000000000002 ffff888100043500 [ 79.107798][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 79.116209][ C0] page dumped because: kasan: bad access detected [ 79.122469][ C0] page_owner tracks the page as allocated [ 79.128014][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 140, tgid 140 (dhcpcd), ts 6999172058, free_ts 0 [ 79.148497][ C0] post_alloc_hook+0x213/0x220 [ 79.153095][ C0] prep_new_page+0x1b/0x110 [ 79.157436][ C0] get_page_from_freelist+0x2f41/0x2fc0 [ 79.162818][ C0] __alloc_pages+0x234/0x610 [ 79.167247][ C0] alloc_slab_page+0x6c/0xf0 [ 79.171672][ C0] new_slab+0x90/0x3e0 [ 79.175575][ C0] ___slab_alloc+0x6f9/0xb80 [ 79.180002][ C0] __slab_alloc+0x5d/0xa0 [ 79.184167][ C0] __kmem_cache_alloc_node+0x207/0x2a0 [ 79.189465][ C0] __kmalloc_node_track_caller+0xa2/0x1e0 [ 79.195019][ C0] __alloc_skb+0x125/0x2d0 [ 79.199269][ C0] netlink_dump+0x1f0/0xd40 [ 79.203611][ C0] __netlink_dump_start+0x635/0x830 [ 79.208642][ C0] rtnetlink_rcv_msg+0xb7f/0xca0 [ 79.213416][ C0] netlink_rcv_skb+0x1cd/0x410 [ 79.218017][ C0] rtnetlink_rcv+0x1c/0x20 [ 79.222272][ C0] page_owner free stack trace missing [ 79.227477][ C0] [ 79.229648][ C0] Memory state around the buggy address: [ 79.235119][ C0] ffff88811c9a4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.243112][ C0] ffff88811c9a4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.251017][ C0] >ffff88811c9a4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.258903][ C0] ^ [ 79.262814][ C0] ffff88811c9a4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.270720][ C0] ffff88811c9a4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.278602][ C0] ================================================================== [ 79.286676][ C0] Disabling lock debugging due to kernel taint [ 79.292734][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 79.304239][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 79.312463][ C0] CPU: 0 PID: 1385 Comm: syz.1.267 Tainted: G B 6.1.118-syzkaller-00074-g3e3f2b9e9fca #0 [ 79.323492][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 79.333379][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 79.338507][ C0] Code: 39 03 0f 84 40 01 00 00 e8 fc 6b 2a 00 4c 89 e7 e8 e4 d3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 30 df 71 00 49 8b 3e e8 98 cc d6 [ 79.357933][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 79.363847][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88811316a880 [ 79.371645][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 79.379457][ C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007 [ 79.387271][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88811c9a49c8 [ 79.395083][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88811c9a49e0 [ 79.402890][ C0] FS: 00007f64477ee6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 79.411656][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.418082][ C0] CR2: 0000000020224030 CR3: 0000000137168000 CR4: 00000000003526b0 [ 79.425895][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.433705][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.441513][ C0] Call Trace: [ 79.444640][ C0] [ 79.447332][ C0] ? __die_body+0x62/0xb0 [ 79.451498][ C0] ? die_addr+0x9f/0xd0 [ 79.455488][ C0] ? exc_general_protection+0x317/0x4c0 [ 79.460876][ C0] ? asm_exc_general_protection+0x27/0x30 [ 79.466427][ C0] ? __queue_work+0x28b/0xd70 [ 79.470938][ C0] ? __queue_work+0x4f1/0xd70 [ 79.475449][ C0] ? __queue_work+0x29c/0xd70 [ 79.479967][ C0] delayed_work_timer_fn+0x61/0x80 [ 79.484915][ C0] ? queue_work_node+0x1d0/0x1d0 [ 79.489683][ C0] call_timer_fn+0x3b/0x2d0 [ 79.494047][ C0] ? queue_work_node+0x1d0/0x1d0 [ 79.498798][ C0] __run_timers+0x756/0xa10 [ 79.503143][ C0] ? calc_index+0x270/0x270 [ 79.507501][ C0] ? sched_clock+0x9/0x10 [ 79.511641][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 79.516331][ C0] run_timer_softirq+0x69/0xf0 [ 79.520931][ C0] handle_softirqs+0x1db/0x650 [ 79.525534][ C0] ? irqtime_account_irq+0xdc/0x260 [ 79.530651][ C0] __irq_exit_rcu+0x52/0xf0 [ 79.534989][ C0] irq_exit_rcu+0x9/0x10 [ 79.539067][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 79.544535][ C0] [ 79.547315][ C0] [ 79.550091][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 79.555905][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x56/0x80 [ 79.562155][ C0] Code: f5 0d 87 e8 cc 0a 9b fc 48 83 3d d4 05 ec 01 00 74 34 48 89 df e8 6e 0f 00 00 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 95 ae 2d fc 65 8b 05 56 7e e0 7a 85 c0 74 05 5b 41 5e 5d c3 e8 [ 79.581688][ C0] RSP: 0018:ffffc90000c6f5e0 EFLAGS: 00000206 [ 79.587593][ C0] RAX: 0000000000000001 RBX: ffff888131d3aaec RCX: dffffc0000000000 [ 79.595395][ C0] RDX: ffffc90001acb000 RSI: 0000000000000246 RDI: 0000000000000001 [ 79.603211][ C0] RBP: ffffc90000c6f5f0 R08: ffffffff84082d69 R09: ffffed10229b0ae7 [ 79.611016][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 79.618828][ C0] R13: ffff888131d3aaec R14: 0000000000000246 R15: ffff888114d85640 [ 79.626730][ C0] ? __skb_try_recv_from_queue+0x599/0x750 [ 79.632371][ C0] __skb_try_recv_datagram+0x1c7/0x6a0 [ 79.637751][ C0] ? sock_load_diag_module+0x130/0x130 [ 79.643055][ C0] ? __skb_try_recv_from_queue+0x750/0x750 [ 79.648683][ C0] ? __kasan_check_write+0x14/0x20 [ 79.653638][ C0] __unix_dgram_recvmsg+0x3c0/0x12b0 [ 79.658756][ C0] ? unix_unhash+0x10/0x10 [ 79.663006][ C0] ? up_read+0x5d/0x220 [ 79.666998][ C0] ? exc_page_fault+0x4e5/0x6d0 [ 79.671688][ C0] ? iovec_from_user+0x60/0x320 [ 79.676375][ C0] ? __import_iovec+0x24f/0x430 [ 79.681061][ C0] unix_dgram_recvmsg+0xb7/0xd0 [ 79.685748][ C0] ? unix_dgram_sendmsg+0x2050/0x2050 [ 79.690952][ C0] ____sys_recvmsg+0x285/0x530 [ 79.695556][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 79.700422][ C0] ? do_recvmmsg+0x5bc/0xab0 [ 79.704840][ C0] do_recvmmsg+0x46d/0xab0 [ 79.709101][ C0] ? __sys_recvmmsg+0x270/0x270 [ 79.713789][ C0] ? memcg_rstat_updated+0x4f/0x110 [ 79.718835][ C0] ? __count_memcg_events+0x91/0xe0 [ 79.723847][ C0] ? handle_mm_fault+0x2b2d/0x30e0 [ 79.728802][ C0] ? numa_migrate_prep+0xe0/0xe0 [ 79.733570][ C0] ? __fget_files+0x2cb/0x330 [ 79.738083][ C0] __x64_sys_recvmmsg+0x195/0x240 [ 79.742957][ C0] ? debug_smp_processor_id+0x17/0x20 [ 79.748158][ C0] ? do_recvmmsg+0xab0/0xab0 [ 79.752585][ C0] ? irqentry_exit_to_user_mode+0xe/0x10 [ 79.758043][ C0] ? irqentry_exit+0x12/0x40 [ 79.762565][ C0] x64_sys_call+0x7e5/0x9a0 [ 79.766902][ C0] do_syscall_64+0x3b/0xb0 [ 79.771151][ C0] ? clear_bhb_loop+0x55/0xb0 [ 79.775664][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.781482][ C0] RIP: 0033:0x7f6446985d29 [ 79.785731][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.805278][ C0] RSP: 002b:00007f64477ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 79.813517][ C0] RAX: ffffffffffffffda RBX: 00007f6446b76080 RCX: 00007f6446985d29 [ 79.821328][ C0] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005 [ 79.829141][ C0] RBP: 00007f6446a01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 79.836952][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 79.844764][ C0] R13: 0000000000000001 R14: 00007f6446b76080 R15: 00007fff21072a38 [ 79.852589][ C0] [ 79.855445][ C0] Modules linked in: [ 79.859187][ C0] ---[ end trace 0000000000000000 ]--- [ 79.864481][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 79.869586][ C0] Code: 39 03 0f 84 40 01 00 00 e8 fc 6b 2a 00 4c 89 e7 e8 e4 d3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 30 df 71 00 49 8b 3e e8 98 cc d6 [ 79.889033][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 79.894931][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88811316a880 [ 79.902739][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 79.910551][ C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007 [ 79.918361][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88811c9a49c8 [ 79.926172][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88811c9a49e0 [ 79.934123][ C0] FS: 00007f64477ee6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 79.942883][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.949309][ C0] CR2: 0000000020224030 CR3: 0000000137168000 CR4: 00000000003526b0 [ 79.957204][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.965116][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.972926][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 79.980321][ C0] Kernel Offset: disabled [ 79.984452][ C0] Rebooting in 86400 seconds..