last executing test programs: 4m49.236883743s ago: executing program 0 (id=499): r0 = socket$inet6(0xa, 0x400000000001, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000340)) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000140)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_remount}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0") 4m47.988096652s ago: executing program 0 (id=502): r0 = socket$inet6(0xa, 0x400000000001, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1a, 0x0, &(0x7f0000000340)) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9) request_key(&(0x7f0000000440)='keyring\x00', &(0x7f0000000480)={'syz', 0x3}, 0x0, 0xfffffffffffffffc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r5, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e000f00"}}}]}, 0x48}}, 0x0) 4m46.81885928s ago: executing program 0 (id=507): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000400000100c28000070003"], 0x48}}, 0x0) 4m46.772091091s ago: executing program 0 (id=508): socket$key(0xf, 0x3, 0x2) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000700000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000a25b63677aed69d7de830d93493d5ff70c173fad9a72c783879cb4897beb33a69f066737a7a6ec5840cf3b43e0845226b2981d03cb5e057a6f82661a1c5f2a9cdec93e8c1294abf1b33961cad7ae7c879bad04fba19bebd31aa9d0059274e16ef2d501fe2fc38c94a75a0ad5a0b33118da6107a31692975105a2a6bbc8147fe73f8e1912a48aa10ed1b6da51828fccb1780f185e49298a4ec6916d73f52992c6b166ba308baad680b2b3315071d04c49c420ad"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) 4m45.806611876s ago: executing program 0 (id=512): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x24000080, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000580), 0x1, 0x503, &(0x7f0000000880)="$eJzs3c9vI1cdAPDvOL+cNG3S0gMgoEspLGi1TuJto6oHWE4IoUqIHkHahsQbRbHjKHZKE/aQ/g9IVOIER/4Azj1x54LgxmU5IPEjAm1W4mA040nWm7U3ZpPYUfz5SKN5b2bs73trzXv21xu/AEbWjYg4iIjJiPgwIuby40m+xd32ll736PDB6tHhg9UkWq0P/plk59Nj0fGY1Ev5cxYj4kffi/hp8mzcxt7+5kq1WtlpV6cXmrXthcbe/u2N2sp6Zb2yVS4vLy0vvnvnnfKF9fWN2mRe+vLDPxx86+dps2bzI539uEjtrk+cxEmNR8QPLiPYEIzl/ZkcdkN4IYWIeC0i3szu/7kYy15NAOA6a7XmojXXWQcArrtClgNLCqU8FzAbhUKp1M7hvR4zhWq90bx1v767tdbOlc3HROH+RrWymOcK52MiSetLWflJvXyqficiXo2IX0xNZ/XSar26Nsw3PgAwwl46Nf//Z6o9/wMA11xx2A0AAAbO/A8Ao8f8DwCjx/wPAKPnyfx/d6jtAAAGx+d/ABg95n8AGCk/fP/9dGsd5b9/vfbR3u5m/aPba5XGZqm2u1pare9sl9br9fXsN3tqZz1ftV7fXno7dj+e//Z2o7nQ2Nu/V6vvbjXvZb/rfa8yMZBeAQDP8+obn/05iYiD96azLTrWcjBXw/VWGHYDgKEZG3YDgKGx2heMrnN8xpcegGuiyxK9TylGxPTpg61Wq3V5TQIu2c0vyP/DqOrI//tfwDBi5P9hdMn/w+hqtZJ+1/yPfi8EAK42OX6gx/f/r+X73+ZfDvxk7fQVn15mqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBqO17/t5SvBT4bhUKpFPFyRMzHRHJ/o1pZjIhXIuJPUxNTaX1pyG0GAM6r8LckX//r5txbs6fPTiaPp7J9RPzsVx/88uOVZnPnj+nxf50cb36aHy8Po/0AwFmO5+ls3/FB/tHhg9XjbZDt+ft3I6LYjn90OBlHJ/HHYzzbF2MiImb+neT1tqQjd3EeB59ExOe79T+J2SwH0l759HT8NPbLA41feCp+ITvX3qf/Fp+7gLbAqPksHX/udrv/CnEj23e//4vZCHV++fiXPtXqUTYGPol/PP6N9Rj/bvQb4+3ff79dmn723CcRXxyPOI591DH+HMdPesR/q8/4f/nSV97sda7164ib0T1+Z6yFZm17obG3f3ujtrJeWa9slcvLS8uL7955p7yQ5agXes8G/3jv1itZocslaf9nesQvntH/r/fZ/9/898Mff7XHuTT+N7/WLX4hXn9O/HRO/Eaf8VdmflfsdS6Nv9aj/2e9/rf6jP/wr/vPLBsOAAxPY29/c6VarewMsnD8RmKgQRX6K0zlL85Vac9ThSvbsM2V6ncGFWsy/q9HtVovFKvXiHERWTfgKji56SPi8bAbAwAAAAAAAAAAAAAAdHWpf6iUtAvD7iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADX1/8CAAD//8jOyzo=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040018}, 0x0) close(0xffffffffffffffff) 4m44.818789852s ago: executing program 0 (id=516): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x48) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00fe7d1830daa688de001dfd99d53e5090bd0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/16], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_clone(0x20000000, &(0x7f0000001040)="625a0f0ea9dc395ac6df9c31ff506da806552732c5c1bd1c9be8eb487a0df1f724d0f1b11ce89579fb8a4d89d0eb96264a240dfff3a9d270b15951a34c9f758707948248e7b5a734c6394b0ae5b38eb8e17d2506568c169fe1a9e7203658e053fe6ca3ea13cd3bffd5f2ed01764521e5d38f07ef5c56052687b92437578b234da8285da241d172d67d289e342d6d2043ea996d3176d58ccac9da50d5fb817f7a4509f904d3288af01a6934114b244e573490fbebb2eebc3426544ed442927d022d1834b421e523a4c0c9baa032c416fc77dd7fef3b222286188dbc78208e538fb7457fe75d2b02b31dc529bf295ba665f0c8d928eade399175f6259b12da19b733ef4a16f6566c6034f67043efe001911f362dbb31e1916fa775c2a689428e8031c2d490c9c7915fb0ae97f0fd46f9296f90fc375fdf160aec804f1e47b0036adc2743aa81a6cf096a43ad06b885ad65baefec685f56e2750038a7b37b1bc00ac8b40643ebaa49eedd6437175cdf95ce1057e4d6389459cfa117bebc1b31e086218824fa440bbeb65c8137849f58ed0517f037a7d895dd6e50e75c40ddb3096514613de7ce724a86faf4180582ae3dcaa83942d2b2011465790869379e4d2219a1594506a9adc6ee34c5ea8e38dbe55431758fa0c72e97265e7080ce61b8648473d56f11fcccc2d4b4e3da3e57c8ee7794b2281f44c5eb44f2936a20b503e0ab9ed33d7eed7ffab8004f1ab33df23d31cb52e2b61194c3fce92677407c84dc7d7df827d22a902d57013a1f4c1b9ef730eed6b7cea9518ea048cc03613270f582171e2804e2d5756fba293d5b923b19ed83cffd6de88cad2ca34f5e5e5b262a10c0cafe954599b1a9559c6aa703e8c3c660f0e6cc05a8c6e4d6c9acb1244dd7b99e010901bece0d555aeea08ea8b1582aab2e8717a3177c6f10ae24832414e0f59999381f5d7fcaa4a89bf142f36b6bebe33a689474e4122c30e2144e5e63023b374c23569fed00e9586609e07dc032f6a9a949a25dafd44ea859fd411a5c298d7d8e18d1723904144ffda5ad3c81fb4f1ee006e6e788968caf04b8d6c0d64333808db7fc48cfb605ad26a5b545035b143b9abef06da9b3210d4e235c45baf56b4a0007049b353883c5a3c7aa049381535afce862f54c1745e5beb23fdb6e2eae766dbd15faac04ac65718b2dbdd9d6e54af04712e31c66ea66dfc45035abf34cddcee5f4c355ede22214934d3f5cb74a46ed853076d609581f1743f3e99169f5893480b093960777926ebaaaf81d76474a9b3969e0d5d8f9d5a90de73fac1b3452efd909be7320e6b2bdb4dd09d2799be5860298763ff4cadd504f6d5eb476349fe97d533ebdd2ef9067f9712ef33112931b225beaf9bca101172324115d47547ecda38dae1b6531cfdfdd9c9a0761417db535f16650a854fbab3d826045e710b05bc8d559320f9181c70a3b84fea0eb6dc35f6afd5c352f0d175d4303671dfd6d80a1689e3398e8e6f7dd5b382b0e27e1d9a0ce32325c97f4457128626918f429ca0ee42eb821cb28bffc0a07cae6c2619e8d02dbe5f0f640d09240319d8474b8886f3591ddd5673a8092024372dcbf9fc084f7888651d6089a5410d21bda35426dbfb0c0a32e0a933e645e91e1c157cb41032a0222364f4396d0ec1aed9f8e66729f1c3e5544932313049f2358999f04505cc1956c9fc436111c100333e23965e31b473127e8496647f75256217bd62485b582fb05a1a9b93d191dbe06acd0149d1ce12af84e1690a1a5cbd66988f28206e547a42a8b76e0f36301b07bfcfbdab6d4937031f450f0edee31eecb30ca4b18ef3db96b5e3f739616689e8739d738901aff57fd468d9617f7da03355dc6a6b723fe1873814041e339f7b761b88bb5f9aa12083647ab9499f2adaa5eb836d530b0f66dc545d1d0e196bde04afe674f199bd6d191eb9d1de586d7448cb1c00e7779dcdf45fee2b55ddcd8bc38dd27bfa6c4202cc10a1779d04459a4536f34322ad0b5fdd7e913c8467d3fccc09037c58956fdd606ce9cc1cec38dc6f0d3ea7eae848338a540ab73e863394a17a5776ee9442017834ec1d9ca5e5b6dbb7d2927eb14921e3a800861a93be1e4c017040ba5364919027c341873e7113b354df66b4d06fdb602f124c09e89e478f19edae15c0fa4bac5113e3395d16cd42a16e181dd4f4bd265fbd1a03f5b4ce665ffd0b3c86c2efa8c5beea76d07445cd099cdf35aec04f8149f48a4ba3b08384a89dc944a44d11a7ea4501f1f80d3fe19a23640ebea1162b08b4257d21c53f3916e69929d050a287c57c699db1c1bbb81366b2aaf83983306c1f9b47a288a3e62891f41afe01710772de5da92b91503cb5fbe016075f7538858fe5debf8a6c3bd4898fe400efe6e1fa311d3c5508509b282f1d6538b31e3c7fd0e6d530ff42a4b658c73eee316600d0d7a2b05eaa6ac27d64437f2e0cda7685a575b2edb317747f0c096e79bd5364c451346c608cdc2a617e3460ecf386b5052c0cae86002fedbc3b3690b6a4553fb961437c53dad3d1191a22a3e1da511598a474f50a5d4a0b6647cc59d258072bbaf62199892b26e613c2456694b67339c36142cc08ac64b09a1ae6a103c16fc462b2fe94a861272c03d0ce27a91e9fba5f485448221304efb147ded157e5b4257017c3045040b1e245bb98181dbbe7586bccb5caf44bba2f5596efc45afdb967a945810ac552cbf9c2930d664aef88a92b86ec9138a7077bc5615b8ab737d2e9a34ed975099a2047bf31dc8af377bc4b3f073f3698330d00819d20b71295dc3ce651bf3f42a5481db0b7404edcbc25b5ff0c2d808dea6df894f96ebfc130d8eb180d327a0887f85e67b23ea679c98ac1f600e59c405d48d53dedd6d9c0ca63f39ed148f8e7526f2d2c54261ed8ea3eb93a609fc9aff88c4e289ff8b6f5e35285f1b6412aeab12901edf8b67da2f43bbf3c3110c547a7772856647c98cb2656ab0d04e8813d1c6fc98000cfc710ef319ee6beccd732efe03109b1f69f11f4caf0ce3271a15eff55a65dd965b3c6051c13e29a2bc8c92ea701ef40f82eeb0d54bd175633864f4a08c3cc24cc9e849a7ef35c239134cb48d774978bd7b1a36c9762fe3d78d49e7898a19f39701a3bdd62eb9dd8cbfb4a38d3473e485bbcdb95ff81b7a894f0f843eb1067344828e0a5c6485c819961b7e69b60bfa4d24e404db3a8844ca55911de1713f4850f760f36695e7afddbf20474b3ccd7f7a63f9650bb7503133d3a9490f870f44b530f9ceef6d3c475a689e83a072585e39304503efb1f80ed20fe741abb09b27c0f26c3d059d83b77792eedf235981de767203af659001070ad714213d1d8969ac5699c41db5bd709b37e815d0a1bf4c691866b761efb003a2b10b216c1095b2c55d879630a53a543377bfea90abbee1a33380bdd30d71a1423b4f3e004bac424a79ce55e37282e5a223c32a3fa92dea2d5d06ff46ee1b65ac83995e264eb5565a380d04326f6ab4285aae7a36849e97e1ad7fff002d2f360dd2c3bfc1b18f2d6607968c2fe6b4e6d73993cb26340a756f893169a0d7f9ded8c5eb483e05df3cd1b2d3dd8f6df2f60ddde002949ec85400fc6ade2100cad4472d58c24cc730eb472a9a742abea8c4249c56da1917a1e14f275a5692bed2583a4e93f3047c7ecc6226fb085e4ea1bbe7daed8d2035003212bc0579ccb61e56de171b6d6409d5a4c9dd0e9b5c85f00f60cedde9ae90fc67d649623f0357a2d1ff29ac0f08a26702ae57a609a3f596b9003db094e54e99943e35bbbcbf8fc09e67e123d27aaf8b49497d63c479c7d082ad97b5c6b086b2f40bd72c33c09443d06db5f58926d8a93ae69f6bf918345907331fb2986236e9d4bf4b5759b43f5392ce3d4aa3d49b6135f31d0ed1c03f56d2f39964ae2fe0a69fb054b76cd8005c171f3b2d335762f7573f57d3d959d59932f1257a79bf887d9db7ebe89c53be51ca8457c4698cae916055a4b9400cdbdd5693fcd0e5f7bfabb6a715e4fa6d463931133421958c208be663de31b7bb1787ecee56cdfca90f77cbf1472bd743e7926c1178f7cfff5f7d502973af6b0fb366fb16fe5e66aa32885008c2431953acb724e30a18ec70bed4b198cf1752ac409efc399eac4c816001a032f45a95ba9c0468c8e77e5c4581765a86aa73c15a4247383155c1462cfc8e01bc4c2cc9557bcedb59c2b9f2e43af05e4aa49b49e87d04de0756cbc52ae62513524d56cde9c837fcb83e411ea9f7e9af3146e287feee94860a8e28db4f937c046873dbe2de31e0990d42d865f9dc22f1187eaa9bde5ae6fe3be2666ddd854d24b5455719c8743b45b58b83a1c774ded7d5c4f01a0bbe72792532d1faed2b45720ed5a3ba6e3c11eb2957bb929786ed12bd3ea114e0212c106aa60048ca9796fa709448d28eb4f55fb2da9e0b02884c487dc424ba4535dea049f17b8c6ec8b47e4c9351d06bda87ae286ec1aa2ddb1ed07aa2376dd8fb70dcc13ae53204129f24d8f226aa117f98d84bcd91b1c8002d64c72efcb9e35c57eb42b6759f9145b388178b243f787899254f4cc3255001a057dfcae8884e468a2faa36ab6882e0a1c6a8ace39ea18b4f0408b465d46891e8d46af956f9c27f82373969d3266d428c27e4ed03a217bf8dfb672e61a38adaddc582cb3855a9afb38e31c20988ecabd02dc844b26a2f222b54b4316c8d4587bf33c3203f6f4d227b6e656724e6d8b1499e232c1da4595e5141b76fd6a6964f6039901ca663f9c40e04858d05eb723d269d6675ab7a153d394c4c98da57aac1eed552436ea1a827e6e7842d535d937f25033366617878960062f80e5a073aff290a2306d45eab49301baaf954b86ad991c5e65f9da4b4122d8410e2d0715390f803030aaae1c1986c862e18c93bc13fcc1fabf3063fa176c869633a8674ff0f95ddfcc6f733f2df73af24aeb36e58d952a81a22e43b34066a6e3ac3231c2657913a95c0ff90df3f8789a3b501e7356a321bc8c58f1196c6e84b1fb8c518a8e39d12d157ae5de55ef7be5128758d9f18dc9911ae958dd0788a0d50eab5edc3dc0a1ad2648e9ae8340033aa80f796736a9a12811aed2838851e34ada686cdddc1607be506b41c92ede45cd0df4a263a1254c9ac6cff8495d95e1b475df3ffc7942f3e1b11118ad4fb3b752eb205b7ddf8e6a41aa95d3615e36d9c7308ce1bd27257fac824806c37eb0f2595c9094833807237dfc6c0429abd345973668ceb3f57eb4f0488737dc5e023982b112a9a09e98a69984bdc3896b7f81e61cd24cbc30d884ae4d0ad4b757f17125bdec6f43db48ee2704e97620e7a8d9c1ee659e14976aacc4b5190bd37a5e22ca81ff5282fc67c6a2cbb6a11107718d3563567cae763cefa4ac57e726eedb12b019458575d5c6cb49ef69626d57f84470b144ec68e4070bb64f936e3d45ba73544fc5238ce65a2b2c7b6022f26373909e7105460285c3e040cd714b0a7bbbd589d80cdf31069e84468e8a9cbdc1fe94c8b3182d50117d8d695e5c1a933496790de51e6dfab97c2f882cd7c41ac0050f0a69b404a3f9d2caac45919aa589151d20497eea6cc1c117b27e6c8dacb892dc6956c6f9f9794b90354862ab907a8c2b9e77851ff2965f552c5af0288bbff2d6f300568d55cf8beddac06ec84607c9f7d4bb42bb74be910bbb0454926e175e10f21b5e601f466beb1e844ac43ac3f953896729fc3badb3c902ce8f544d0652af30e789148b828c97f74d79d2ca97cfe47ec2070280ab4827aed", 0x1000, &(0x7f0000002040), &(0x7f0000000080), &(0x7f00000001c0)="57156587095867f239687b952a8906492ea8f6be83a79fe1e88ade49356be93fc9e1f868197990609f3872c647e26faec0dcbee9f789") r1 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000280)={0x591002, 0x1, 0xc}, 0x18) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x8, 0xc, 0x2, 0x2}, {0x7fff, 0x0, 0x0, 0x1}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) unshare(0x2040400) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f00000003c0)=0x800001, 0x4) unshare(0x26000400) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x1000007, 0x2172, 0xffffffffffffffff, 0xffffc000) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000002080)={0x10}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000080)=[{&(0x7f0000000500)="7c15b6bce0568bdbef75e4667376c6507c51094765fcc21aa8810d5a760327a50bc67e6f84d20215ae0b84a847e4a948b5258b28626336e159ad54d4c00f287cdf1bade52605c3e691", 0x49}], 0x1, 0x0) 4m29.875819485s ago: executing program 32 (id=516): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x48) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00fe7d1830daa688de001dfd99d53e5090bd0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/16], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_clone(0x20000000, &(0x7f0000001040)="625a0f0ea9dc395ac6df9c31ff506da806552732c5c1bd1c9be8eb487a0df1f724d0f1b11ce89579fb8a4d89d0eb96264a240dfff3a9d270b15951a34c9f758707948248e7b5a734c6394b0ae5b38eb8e17d2506568c169fe1a9e7203658e053fe6ca3ea13cd3bffd5f2ed01764521e5d38f07ef5c56052687b92437578b234da8285da241d172d67d289e342d6d2043ea996d3176d58ccac9da50d5fb817f7a4509f904d3288af01a6934114b244e573490fbebb2eebc3426544ed442927d022d1834b421e523a4c0c9baa032c416fc77dd7fef3b222286188dbc78208e538fb7457fe75d2b02b31dc529bf295ba665f0c8d928eade399175f6259b12da19b733ef4a16f6566c6034f67043efe001911f362dbb31e1916fa775c2a689428e8031c2d490c9c7915fb0ae97f0fd46f9296f90fc375fdf160aec804f1e47b0036adc2743aa81a6cf096a43ad06b885ad65baefec685f56e2750038a7b37b1bc00ac8b40643ebaa49eedd6437175cdf95ce1057e4d6389459cfa117bebc1b31e086218824fa440bbeb65c8137849f58ed0517f037a7d895dd6e50e75c40ddb3096514613de7ce724a86faf4180582ae3dcaa83942d2b2011465790869379e4d2219a1594506a9adc6ee34c5ea8e38dbe55431758fa0c72e97265e7080ce61b8648473d56f11fcccc2d4b4e3da3e57c8ee7794b2281f44c5eb44f2936a20b503e0ab9ed33d7eed7ffab8004f1ab33df23d31cb52e2b61194c3fce92677407c84dc7d7df827d22a902d57013a1f4c1b9ef730eed6b7cea9518ea048cc03613270f582171e2804e2d5756fba293d5b923b19ed83cffd6de88cad2ca34f5e5e5b262a10c0cafe954599b1a9559c6aa703e8c3c660f0e6cc05a8c6e4d6c9acb1244dd7b99e010901bece0d555aeea08ea8b1582aab2e8717a3177c6f10ae24832414e0f59999381f5d7fcaa4a89bf142f36b6bebe33a689474e4122c30e2144e5e63023b374c23569fed00e9586609e07dc032f6a9a949a25dafd44ea859fd411a5c298d7d8e18d1723904144ffda5ad3c81fb4f1ee006e6e788968caf04b8d6c0d64333808db7fc48cfb605ad26a5b545035b143b9abef06da9b3210d4e235c45baf56b4a0007049b353883c5a3c7aa049381535afce862f54c1745e5beb23fdb6e2eae766dbd15faac04ac65718b2dbdd9d6e54af04712e31c66ea66dfc45035abf34cddcee5f4c355ede22214934d3f5cb74a46ed853076d609581f1743f3e99169f5893480b093960777926ebaaaf81d76474a9b3969e0d5d8f9d5a90de73fac1b3452efd909be7320e6b2bdb4dd09d2799be5860298763ff4cadd504f6d5eb476349fe97d533ebdd2ef9067f9712ef33112931b225beaf9bca101172324115d47547ecda38dae1b6531cfdfdd9c9a0761417db535f16650a854fbab3d826045e710b05bc8d559320f9181c70a3b84fea0eb6dc35f6afd5c352f0d175d4303671dfd6d80a1689e3398e8e6f7dd5b382b0e27e1d9a0ce32325c97f4457128626918f429ca0ee42eb821cb28bffc0a07cae6c2619e8d02dbe5f0f640d09240319d8474b8886f3591ddd5673a8092024372dcbf9fc084f7888651d6089a5410d21bda35426dbfb0c0a32e0a933e645e91e1c157cb41032a0222364f4396d0ec1aed9f8e66729f1c3e5544932313049f2358999f04505cc1956c9fc436111c100333e23965e31b473127e8496647f75256217bd62485b582fb05a1a9b93d191dbe06acd0149d1ce12af84e1690a1a5cbd66988f28206e547a42a8b76e0f36301b07bfcfbdab6d4937031f450f0edee31eecb30ca4b18ef3db96b5e3f739616689e8739d738901aff57fd468d9617f7da03355dc6a6b723fe1873814041e339f7b761b88bb5f9aa12083647ab9499f2adaa5eb836d530b0f66dc545d1d0e196bde04afe674f199bd6d191eb9d1de586d7448cb1c00e7779dcdf45fee2b55ddcd8bc38dd27bfa6c4202cc10a1779d04459a4536f34322ad0b5fdd7e913c8467d3fccc09037c58956fdd606ce9cc1cec38dc6f0d3ea7eae848338a540ab73e863394a17a5776ee9442017834ec1d9ca5e5b6dbb7d2927eb14921e3a800861a93be1e4c017040ba5364919027c341873e7113b354df66b4d06fdb602f124c09e89e478f19edae15c0fa4bac5113e3395d16cd42a16e181dd4f4bd265fbd1a03f5b4ce665ffd0b3c86c2efa8c5beea76d07445cd099cdf35aec04f8149f48a4ba3b08384a89dc944a44d11a7ea4501f1f80d3fe19a23640ebea1162b08b4257d21c53f3916e69929d050a287c57c699db1c1bbb81366b2aaf83983306c1f9b47a288a3e62891f41afe01710772de5da92b91503cb5fbe016075f7538858fe5debf8a6c3bd4898fe400efe6e1fa311d3c5508509b282f1d6538b31e3c7fd0e6d530ff42a4b658c73eee316600d0d7a2b05eaa6ac27d64437f2e0cda7685a575b2edb317747f0c096e79bd5364c451346c608cdc2a617e3460ecf386b5052c0cae86002fedbc3b3690b6a4553fb961437c53dad3d1191a22a3e1da511598a474f50a5d4a0b6647cc59d258072bbaf62199892b26e613c2456694b67339c36142cc08ac64b09a1ae6a103c16fc462b2fe94a861272c03d0ce27a91e9fba5f485448221304efb147ded157e5b4257017c3045040b1e245bb98181dbbe7586bccb5caf44bba2f5596efc45afdb967a945810ac552cbf9c2930d664aef88a92b86ec9138a7077bc5615b8ab737d2e9a34ed975099a2047bf31dc8af377bc4b3f073f3698330d00819d20b71295dc3ce651bf3f42a5481db0b7404edcbc25b5ff0c2d808dea6df894f96ebfc130d8eb180d327a0887f85e67b23ea679c98ac1f600e59c405d48d53dedd6d9c0ca63f39ed148f8e7526f2d2c54261ed8ea3eb93a609fc9aff88c4e289ff8b6f5e35285f1b6412aeab12901edf8b67da2f43bbf3c3110c547a7772856647c98cb2656ab0d04e8813d1c6fc98000cfc710ef319ee6beccd732efe03109b1f69f11f4caf0ce3271a15eff55a65dd965b3c6051c13e29a2bc8c92ea701ef40f82eeb0d54bd175633864f4a08c3cc24cc9e849a7ef35c239134cb48d774978bd7b1a36c9762fe3d78d49e7898a19f39701a3bdd62eb9dd8cbfb4a38d3473e485bbcdb95ff81b7a894f0f843eb1067344828e0a5c6485c819961b7e69b60bfa4d24e404db3a8844ca55911de1713f4850f760f36695e7afddbf20474b3ccd7f7a63f9650bb7503133d3a9490f870f44b530f9ceef6d3c475a689e83a072585e39304503efb1f80ed20fe741abb09b27c0f26c3d059d83b77792eedf235981de767203af659001070ad714213d1d8969ac5699c41db5bd709b37e815d0a1bf4c691866b761efb003a2b10b216c1095b2c55d879630a53a543377bfea90abbee1a33380bdd30d71a1423b4f3e004bac424a79ce55e37282e5a223c32a3fa92dea2d5d06ff46ee1b65ac83995e264eb5565a380d04326f6ab4285aae7a36849e97e1ad7fff002d2f360dd2c3bfc1b18f2d6607968c2fe6b4e6d73993cb26340a756f893169a0d7f9ded8c5eb483e05df3cd1b2d3dd8f6df2f60ddde002949ec85400fc6ade2100cad4472d58c24cc730eb472a9a742abea8c4249c56da1917a1e14f275a5692bed2583a4e93f3047c7ecc6226fb085e4ea1bbe7daed8d2035003212bc0579ccb61e56de171b6d6409d5a4c9dd0e9b5c85f00f60cedde9ae90fc67d649623f0357a2d1ff29ac0f08a26702ae57a609a3f596b9003db094e54e99943e35bbbcbf8fc09e67e123d27aaf8b49497d63c479c7d082ad97b5c6b086b2f40bd72c33c09443d06db5f58926d8a93ae69f6bf918345907331fb2986236e9d4bf4b5759b43f5392ce3d4aa3d49b6135f31d0ed1c03f56d2f39964ae2fe0a69fb054b76cd8005c171f3b2d335762f7573f57d3d959d59932f1257a79bf887d9db7ebe89c53be51ca8457c4698cae916055a4b9400cdbdd5693fcd0e5f7bfabb6a715e4fa6d463931133421958c208be663de31b7bb1787ecee56cdfca90f77cbf1472bd743e7926c1178f7cfff5f7d502973af6b0fb366fb16fe5e66aa32885008c2431953acb724e30a18ec70bed4b198cf1752ac409efc399eac4c816001a032f45a95ba9c0468c8e77e5c4581765a86aa73c15a4247383155c1462cfc8e01bc4c2cc9557bcedb59c2b9f2e43af05e4aa49b49e87d04de0756cbc52ae62513524d56cde9c837fcb83e411ea9f7e9af3146e287feee94860a8e28db4f937c046873dbe2de31e0990d42d865f9dc22f1187eaa9bde5ae6fe3be2666ddd854d24b5455719c8743b45b58b83a1c774ded7d5c4f01a0bbe72792532d1faed2b45720ed5a3ba6e3c11eb2957bb929786ed12bd3ea114e0212c106aa60048ca9796fa709448d28eb4f55fb2da9e0b02884c487dc424ba4535dea049f17b8c6ec8b47e4c9351d06bda87ae286ec1aa2ddb1ed07aa2376dd8fb70dcc13ae53204129f24d8f226aa117f98d84bcd91b1c8002d64c72efcb9e35c57eb42b6759f9145b388178b243f787899254f4cc3255001a057dfcae8884e468a2faa36ab6882e0a1c6a8ace39ea18b4f0408b465d46891e8d46af956f9c27f82373969d3266d428c27e4ed03a217bf8dfb672e61a38adaddc582cb3855a9afb38e31c20988ecabd02dc844b26a2f222b54b4316c8d4587bf33c3203f6f4d227b6e656724e6d8b1499e232c1da4595e5141b76fd6a6964f6039901ca663f9c40e04858d05eb723d269d6675ab7a153d394c4c98da57aac1eed552436ea1a827e6e7842d535d937f25033366617878960062f80e5a073aff290a2306d45eab49301baaf954b86ad991c5e65f9da4b4122d8410e2d0715390f803030aaae1c1986c862e18c93bc13fcc1fabf3063fa176c869633a8674ff0f95ddfcc6f733f2df73af24aeb36e58d952a81a22e43b34066a6e3ac3231c2657913a95c0ff90df3f8789a3b501e7356a321bc8c58f1196c6e84b1fb8c518a8e39d12d157ae5de55ef7be5128758d9f18dc9911ae958dd0788a0d50eab5edc3dc0a1ad2648e9ae8340033aa80f796736a9a12811aed2838851e34ada686cdddc1607be506b41c92ede45cd0df4a263a1254c9ac6cff8495d95e1b475df3ffc7942f3e1b11118ad4fb3b752eb205b7ddf8e6a41aa95d3615e36d9c7308ce1bd27257fac824806c37eb0f2595c9094833807237dfc6c0429abd345973668ceb3f57eb4f0488737dc5e023982b112a9a09e98a69984bdc3896b7f81e61cd24cbc30d884ae4d0ad4b757f17125bdec6f43db48ee2704e97620e7a8d9c1ee659e14976aacc4b5190bd37a5e22ca81ff5282fc67c6a2cbb6a11107718d3563567cae763cefa4ac57e726eedb12b019458575d5c6cb49ef69626d57f84470b144ec68e4070bb64f936e3d45ba73544fc5238ce65a2b2c7b6022f26373909e7105460285c3e040cd714b0a7bbbd589d80cdf31069e84468e8a9cbdc1fe94c8b3182d50117d8d695e5c1a933496790de51e6dfab97c2f882cd7c41ac0050f0a69b404a3f9d2caac45919aa589151d20497eea6cc1c117b27e6c8dacb892dc6956c6f9f9794b90354862ab907a8c2b9e77851ff2965f552c5af0288bbff2d6f300568d55cf8beddac06ec84607c9f7d4bb42bb74be910bbb0454926e175e10f21b5e601f466beb1e844ac43ac3f953896729fc3badb3c902ce8f544d0652af30e789148b828c97f74d79d2ca97cfe47ec2070280ab4827aed", 0x1000, &(0x7f0000002040), &(0x7f0000000080), &(0x7f00000001c0)="57156587095867f239687b952a8906492ea8f6be83a79fe1e88ade49356be93fc9e1f868197990609f3872c647e26faec0dcbee9f789") r1 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000280)={0x591002, 0x1, 0xc}, 0x18) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x8, 0xc, 0x2, 0x2}, {0x7fff, 0x0, 0x0, 0x1}]}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) unshare(0x2040400) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, &(0x7f00000003c0)=0x800001, 0x4) unshare(0x26000400) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x1000007, 0x2172, 0xffffffffffffffff, 0xffffc000) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000002080)={0x10}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000080)=[{&(0x7f0000000500)="7c15b6bce0568bdbef75e4667376c6507c51094765fcc21aa8810d5a760327a50bc67e6f84d20215ae0b84a847e4a948b5258b28626336e159ad54d4c00f287cdf1bade52605c3e691", 0x49}], 0x1, 0x0) 4.628515127s ago: executing program 5 (id=2705): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) syz_clone(0x400a1400, 0x0, 0x0, 0x0, 0x0, 0x0) 4.483796119s ago: executing program 5 (id=2707): sendmsg$NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, 0x0, 0x40000) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) keyctl$set_reqkey_keyring(0xe, 0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x7e150a0b, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xcd8, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x6, 0xc3f3, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xfffffffd, 0x0, 0x0, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0xffffffff, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}}, 0x0) 3.785303569s ago: executing program 1 (id=2711): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r1, 0x0, 0x42, 0x0, &(0x7f0000000180)) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newsa={0x144, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0xb, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x4c, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0x0, 0x80}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x144}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000096000040"]) ioctl$PTP_PEROUT_REQUEST2(r5, 0x40383d0c, 0x0) ioctl$KDGKBMETA(r5, 0x4b62, 0x0) 3.577494333s ago: executing program 5 (id=2713): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x2c, 0x0, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_LBT_MODE={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0xd1}, 0x80d4) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000a40), r0) sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40041}, 0x20000014) 3.541491094s ago: executing program 5 (id=2714): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(0x0, r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7fff, 0x267, 0x0, 0x25, 0x19dd, 0x9}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80003, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.897446254s ago: executing program 5 (id=2723): sendmsg$NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, 0x0, 0x40000) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) keyctl$set_reqkey_keyring(0xe, 0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x7e150a0b, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xcd8, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x6, 0xc3f3, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xfffffffd, 0x0, 0x0, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0xffffffff, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}}, 0x0) 2.603683109s ago: executing program 1 (id=2724): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x32) ppoll(&(0x7f00000022c0)=[{0xffffffffffffffff, 0x9}], 0x1, 0x0, 0x0, 0x0) 2.273297604s ago: executing program 3 (id=2732): setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x1090c2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) syz_usb_connect(0x2, 0x2d, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) read$FUSE(r3, &(0x7f0000002c80)={0x2020}, 0xfffffdb2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 2.032929508s ago: executing program 5 (id=2734): socket$inet6(0xa, 0x3, 0xff) r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103000000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x8adf8b100b5c64bb) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000002c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x80, 0x1c, {0x3, 0x2070, 0x7, 0x9, 0x4, 0x8000, 0xfffe, 0x8, 0x3903, 0xa, 0x401, 0x1}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000c00)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x80, 0x1c, {0x2, 0x5, 0xac37, 0x8, 0x0, 0x3, 0x7, 0x3, 0x9, 0x400, 0x1, 0x11d6}}, &(0x7f00000004c0)={0x20, 0x85, 0x4, 0x3}, &(0x7f0000000500)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000580)={0x20, 0x87, 0x2, 0x5}, 0x0}) 1.454847197s ago: executing program 1 (id=2736): setrlimit(0x40000000000008, &(0x7f0000000000)={0x1, 0x6}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0x8, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x2000, 0x3, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x0, 0x0, 0xe, 0x3, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x4}, {0x10000, 0xffff1000, 0xf, 0x0, 0xfe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x1, 0x8, 0x4}, {0xffff1000, 0x8000000, 0x0, 0x0, 0x0, 0xfd, 0xfc, 0x0, 0xff, 0x5}, {0xe000, 0x5000, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0xfe}, {0x0, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0x2000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x1, 0x100, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000001280)={0x0, 0xf000, 0x2, 0x5, 0x50}) 1.297280719s ago: executing program 1 (id=2739): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="040100001a0007000000000000000000fe80000000000000000000000000001be0000002000000000000000000000000ffff0000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000003c000000fc000000000000000000000000000000000000000000000000a000000000000002000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a000200700000000000000014000e"], 0x104}}, 0x0) 1.297027029s ago: executing program 1 (id=2740): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000740)="03", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000700)=[{0x0}], 0x1, &(0x7f0000000b40)=ANY=[], 0x108}}], 0x2, 0x0) 1.28964633s ago: executing program 1 (id=2741): pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, &(0x7f00000003c0)="8896efeb", 0x4, 0x44024, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa) 1.150610332s ago: executing program 3 (id=2746): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) mount$fuseblk(&(0x7f0000002440), &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x200840c, &(0x7f0000000440)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1200}}]}}) 1.103955732s ago: executing program 3 (id=2747): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x138, 0x10, 0x633, 0x200, 0x25dfdbfc, {{@in=@dev={0xac, 0x14, 0x14, 0x25}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x33}, {@in6=@mcast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0xfffffffffffffffd, 0x0, 0x0, 0x2dcd, 0x8, 0x0, 0x400000}, {}, {0x0, 0x0, 0x8000000}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x20008000}, 0x4048040) 1.035653393s ago: executing program 3 (id=2748): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) 911.511285ms ago: executing program 4 (id=2752): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]}) close_range(r1, 0xffffffffffffffff, 0x0) 911.334355ms ago: executing program 4 (id=2753): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) 911.150555ms ago: executing program 4 (id=2754): connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0) 795.032977ms ago: executing program 4 (id=2755): syz_io_uring_setup(0x702, &(0x7f0000000500)={0x0, 0xff5f, 0x8, 0x3, 0x1e6}, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x14) 541.603501ms ago: executing program 4 (id=2757): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000001300)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={@fda={0x66646185, 0xa, 0x0, 0x19}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x6, 0x0, 0x25}}}, 0x400}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/4096, 0x0, 0x2, 0x31}, @flat=@weak_binder={0x77622a85, 0x1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000001200)}}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x4, 0x0, 0xc}, @flat=@weak_binder={0x77622a85, 0x1908}}, &(0x7f00000012c0)}}], 0x2, 0x0, 0x0}) 515.440861ms ago: executing program 4 (id=2760): bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{}, &(0x7f0000000340), &(0x7f0000000380)='%-5lx \x00'}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'}) ioctl$UI_SET_LEDBIT(r5, 0x40045569, 0x1) ioctl$UI_SET_LEDBIT(r5, 0x40045569, 0x3) ioctl$UI_DEV_CREATE(r5, 0x5501) 373.245794ms ago: executing program 2 (id=2764): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 336.856124ms ago: executing program 2 (id=2765): connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0) 309.004045ms ago: executing program 2 (id=2766): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x80, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) 187.997397ms ago: executing program 3 (id=2767): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newae={0x40, 0x1e, 0x505, 0x70bd25, 0x25dfdbfd, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4d4, 0xa, 0x2b}, @in=@loopback, 0xff, 0x3500}}, 0x40}, 0x1, 0x0, 0x0, 0x2004c894}, 0x8080) 109.297418ms ago: executing program 3 (id=2768): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0) mount$binderfs(0x0, 0x0, 0x0, 0x4800, &(0x7f0000000000)={[], [{@seclabel}]}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r4 = socket$can_bcm(0x1d, 0x2, 0x2) syz_usb_connect(0x2, 0x36, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r4, &(0x7f00000000c0)={0x1d, r5}, 0x10) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005840)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x0, 0x0) openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8924, 0x0) setns(r2, 0x66020000) mount$9p_fd(0x0, 0x0, 0x0, 0x104000, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) umount2(0x0, 0x2) 96.810708ms ago: executing program 2 (id=2769): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0xa, 0x2}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f00000007c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_handle={0x77682a85, 0x100, 0x1}, @flat=@binder={0x73622a85, 0x110b, 0x3}, @flat=@weak_binder={0x77622a85, 0x10a, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x3e, 0x0, &(0x7f0000000540)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c99"}) 11.16448ms ago: executing program 2 (id=2770): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x180, 0x10, 0x633, 0x200, 0x25dfdbfc, {{@in=@dev={0xac, 0x14, 0x14, 0x25}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x33}, {@in6=@mcast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0xfffffffffffffffd, 0x0, 0x0, 0x2dcd, 0x8, 0x0, 0x400000}, {}, {0x0, 0x0, 0x8000000}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x180}, 0x1, 0x0, 0x0, 0x20008000}, 0x4048040) 0s ago: executing program 2 (id=2771): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0x1, 0x25, {"4831ff48c7c6000004004881c60001000048893e"}}, @uexit={0x0, 0x18, 0xaaaa}], 0x3d}) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$x86(r5, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$x86(r5, 0xaaaa) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$x86(r5, 0xffffffffffffffff) kernel console output (not intermixed with test programs): [ 330.646173][ T10] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:1: Failed to release dquot type 0 [ 330.665048][ T447] r8152-cfgselector 3-1: Unknown version 0x0000 [ 330.681988][ T5692] EXT4-fs (loop3): unmounting filesystem. [ 330.688370][ T447] r8152-cfgselector 3-1: bad CDC descriptors [ 330.703130][ T5692] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz.3.1689: Invalid inode table block 1 in block_group 0 [ 330.717331][ T5704] cgroup: Unknown subsys name 'hugetlb' [ 330.732604][ T447] r8152-cfgselector 3-1: Unknown version 0x0000 [ 330.742070][ T447] r8152-cfgselector 3-1: USB disconnect, device number 9 [ 330.755237][ T5692] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 330.784169][ T5692] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #3: comm syz.3.1689: mark_inode_dirty error [ 330.790646][ T5706] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1693'. [ 330.974177][ T28] audit: type=1400 audit(1753205609.960:1247): avc: denied { create } for pid=5691 comm="syz.3.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 330.998574][ T5692] syz.3.1689[5692] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 330.998811][ T5692] syz.3.1689[5692] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 331.015990][ T28] audit: type=1400 audit(1753205610.010:1248): avc: denied { write } for pid=5691 comm="syz.3.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 331.074191][ T28] audit: type=1400 audit(1753205610.050:1249): avc: denied { nlmsg_write } for pid=5691 comm="syz.3.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 331.371590][ T5716] loop2: detected capacity change from 0 to 128 [ 331.428710][ T5716] bio_check_eod: 16458 callbacks suppressed [ 331.428732][ T5716] syz.2.1698: attempt to access beyond end of device [ 331.428732][ T5716] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 331.605055][ T5732] input: syz1 as /devices/virtual/input/input39 [ 332.054865][ T5738] syz.4.1704[5738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 332.054986][ T5738] syz.4.1704[5738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 332.204681][ T5740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1705'. [ 332.385070][ T28] audit: type=1400 audit(1753205611.370:1250): avc: denied { bpf } for pid=5744 comm="syz.5.1707" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 332.421378][ T28] audit: type=1400 audit(1753205611.370:1251): avc: denied { map_create } for pid=5744 comm="syz.5.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 332.467635][ T4397] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0 [ 332.475104][ T4397] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0 [ 332.495017][ T4397] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0 [ 332.533244][ T4397] hid-generic 0000:0004:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 332.550549][ T28] audit: type=1400 audit(1753205611.370:1252): avc: denied { map_read map_write } for pid=5744 comm="syz.5.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 332.570493][ T28] audit: type=1400 audit(1753205611.440:1253): avc: denied { read write } for pid=2385 comm="syz-executor" name="loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 332.597086][ T28] audit: type=1400 audit(1753205611.440:1254): avc: denied { open } for pid=2385 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 334.759691][ T5759] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1711'. [ 334.805912][ T28] audit: type=1400 audit(1753205611.440:1255): avc: denied { ioctl } for pid=2385 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=123 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 334.815235][ T5764] device batadv_slave_0 entered promiscuous mode [ 335.009695][ T5764] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1713'. [ 335.024724][ T5764] device batadv_slave_0 left promiscuous mode [ 335.037005][ T5755] fido_id[5755]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 335.054304][ T5769] loop5: detected capacity change from 0 to 512 [ 335.074033][ T5769] EXT4-fs: Ignoring removed nobh option [ 335.125174][ T5769] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #3: comm syz.5.1714: corrupted inode contents [ 335.145032][ T5769] EXT4-fs error (device loop5): ext4_dirty_inode:6120: inode #3: comm syz.5.1714: mark_inode_dirty error [ 335.157993][ T5769] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #3: comm syz.5.1714: corrupted inode contents [ 335.170240][ T5769] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.1714: mark_inode_dirty error [ 335.188012][ T5769] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1714: Failed to acquire dquot type 0 [ 335.200543][ T5769] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #16: comm syz.5.1714: corrupted inode contents [ 335.212863][ T5769] EXT4-fs error (device loop5): ext4_dirty_inode:6120: inode #16: comm syz.5.1714: mark_inode_dirty error [ 335.224646][ T5769] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #16: comm syz.5.1714: corrupted inode contents [ 335.236907][ T5769] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.1714: mark_inode_dirty error [ 335.248710][ T5769] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #16: comm syz.5.1714: corrupted inode contents [ 335.297651][ T5769] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 335.352904][ T5769] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #16: comm syz.5.1714: corrupted inode contents [ 335.548435][ T5769] EXT4-fs error (device loop5): ext4_truncate:4314: inode #16: comm syz.5.1714: mark_inode_dirty error [ 335.560219][ T5769] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 335.569796][ T5769] EXT4-fs (loop5): 1 truncate cleaned up [ 335.575799][ T5769] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 335.584969][ T5769] ext4 filesystem being mounted at /236/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.625713][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 335.668602][ T28] kauditd_printk_skb: 30 callbacks suppressed [ 335.668618][ T28] audit: type=1400 audit(1753205614.660:1284): avc: denied { mounton } for pid=5784 comm="syz.5.1719" path="/proc/667/cgroup" dev="proc" ino=31849 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 335.717443][ T28] audit: type=1400 audit(1753205614.700:1285): avc: denied { remount } for pid=5784 comm="syz.5.1719" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 335.792834][ T5791] loop5: detected capacity change from 0 to 1024 [ 335.805237][ T5791] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 335.816431][ T5791] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 335.826092][ T28] audit: type=1400 audit(1753205614.810:1286): avc: denied { name_bind } for pid=5792 comm="syz.2.1723" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 335.848802][ T5791] JBD2: no valid journal superblock found [ 335.853712][ T28] audit: type=1400 audit(1753205614.810:1287): avc: denied { node_bind } for pid=5792 comm="syz.2.1723" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 335.854614][ T5791] EXT4-fs (loop5): error loading journal [ 335.894761][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.902116][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.017196][ T28] audit: type=1400 audit(1753205615.010:1288): avc: denied { execute } for pid=5798 comm="syz.4.1727" path="/356/blkio.bfq.time" dev="tmpfs" ino=1892 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 336.071271][ T28] audit: type=1326 audit(1753205615.060:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5802 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 336.084390][ T5801] loop2: detected capacity change from 0 to 2048 [ 336.102910][ T28] audit: type=1326 audit(1753205615.060:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5802 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 336.126628][ T28] audit: type=1326 audit(1753205615.060:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5802 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 336.150242][ T28] audit: type=1326 audit(1753205615.060:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5802 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 336.175027][ T5801] loop2: p1 < > p4 [ 336.180481][ T5801] loop2: p4 size 8388608 extends beyond EOD, truncated [ 336.241842][ T28] audit: type=1326 audit(1753205615.060:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5802 comm="syz.4.1729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 336.283487][ T1326] udevd[1326]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 336.298342][ T454] udevd[454]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 336.309612][ T1326] udevd[1326]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 338.542429][ T5846] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1745'. [ 338.613993][ T5853] loop5: detected capacity change from 0 to 1024 [ 338.638008][ T5856] loop4: detected capacity change from 0 to 512 [ 338.646063][ T5853] EXT4-fs: Ignoring removed nobh option [ 338.662888][ T5853] EXT4-fs error (device loop5): ext4_ext_check_inode:520: inode #11: comm syz.5.1746: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 338.686144][ T5856] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal [ 338.695149][ T5853] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1746: couldn't read orphan inode 11 (err -117) [ 338.716142][ T5853] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 338.749584][ T5853] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:477: comm syz.5.1746: Invalid block bitmap block 0 in block_group 0 [ 338.760641][ T5864] loop3: detected capacity change from 0 to 512 [ 338.773444][ T5853] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1746: Failed to acquire dquot type 0 [ 338.801979][ T5864] EXT4-fs: Ignoring removed mblk_io_submit option [ 338.808601][ T304] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:3: Failed to release dquot type 0 [ 338.832746][ T5866] hub 6-0:1.0: USB hub found [ 338.835521][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 338.843614][ T5866] hub 6-0:1.0: 1 port detected [ 338.844515][ T5864] EXT4-fs: Ignoring removed bh option [ 338.863532][ T5864] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 338.876008][ T5864] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 338.887472][ T5864] EXT4-fs (loop3): 1 truncate cleaned up [ 338.893154][ T5864] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 338.958472][ T282] EXT4-fs (loop3): unmounting filesystem. [ 339.308012][ T447] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 341.064668][ T5902] loop3: detected capacity change from 0 to 40427 [ 341.239184][ T28] kauditd_printk_skb: 74 callbacks suppressed [ 341.239199][ T28] audit: type=1400 audit(1753205620.230:1365): avc: denied { read } for pid=5903 comm="syz.5.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 341.265835][ T5902] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 341.273616][ T5902] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 341.285377][ T447] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 341.300131][ T28] audit: type=1400 audit(1753205620.290:1366): avc: denied { read write } for pid=5903 comm="syz.5.1768" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 341.323778][ T28] audit: type=1400 audit(1753205620.290:1367): avc: denied { open } for pid=5903 comm="syz.5.1768" path="/dev/rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 341.347314][ T28] audit: type=1400 audit(1753205620.290:1368): avc: denied { setattr } for pid=5903 comm="syz.5.1768" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 341.372304][ T5902] F2FS-fs (loop3): invalid crc value [ 341.385731][ T447] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.393849][ T447] usb 5-1: Product: syz [ 341.398067][ T447] usb 5-1: Manufacturer: syz [ 341.402694][ T447] usb 5-1: SerialNumber: syz [ 341.407763][ T28] audit: type=1400 audit(1753205620.290:1369): avc: denied { ioctl } for pid=5903 comm="syz.5.1768" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7006 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 341.466410][ T447] r8152-cfgselector 5-1: config 0 descriptor?? [ 341.499754][ T5902] F2FS-fs (loop3): Found nat_bits in checkpoint [ 341.542607][ T5902] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 341.549858][ T5902] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 341.629483][ T5912] loop5: detected capacity change from 0 to 512 [ 341.636068][ T28] audit: type=1400 audit(1753205620.610:1370): avc: denied { map } for pid=5911 comm="syz.5.1769" path="socket:[31985]" dev="sockfs" ino=31985 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 341.725705][ T28] audit: type=1400 audit(1753205620.610:1371): avc: denied { read } for pid=5911 comm="syz.5.1769" path="socket:[31985]" dev="sockfs" ino=31985 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 341.755729][ T447] r8152-cfgselector 5-1: Unknown version 0x0000 [ 341.758034][ T28] audit: type=1326 audit(1753205620.750:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5915 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 341.809881][ T447] r8152-cfgselector 5-1: Unknown version 0x0000 [ 341.830851][ T5912] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 341.841442][ T447] r8152-cfgselector 5-1: bad CDC descriptors [ 341.855682][ T447] r8152-cfgselector 5-1: Unknown version 0x0000 [ 341.873623][ T447] r8152-cfgselector 5-1: USB disconnect, device number 7 [ 341.885778][ T28] audit: type=1326 audit(1753205620.780:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5915 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 341.926696][ T5912] EXT4-fs (loop5): 1 truncate cleaned up [ 341.935761][ T5912] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 341.999725][ T28] audit: type=1326 audit(1753205620.790:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5915 comm="syz.4.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f09d458e9a9 code=0x7ffc0000 [ 342.027248][ T5929] loop4: detected capacity change from 0 to 1024 [ 342.037027][ T5929] EXT4-fs: Ignoring removed orlov option [ 342.050924][ T5931] loop2: detected capacity change from 0 to 1024 [ 342.068791][ T5931] EXT4-fs: Ignoring removed nobh option [ 342.103458][ T5931] EXT4-fs: Ignoring removed bh option [ 342.105089][ T5929] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 342.143592][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 342.357454][ T5931] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 342.421435][ T5942] loop5: detected capacity change from 0 to 128 [ 342.439163][ T5942] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 342.452945][ T5942] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 342.467672][ T286] EXT4-fs (loop2): unmounting filesystem. [ 342.470602][ T285] EXT4-fs (loop4): unmounting filesystem. [ 342.532778][ T5946] loop2: detected capacity change from 0 to 1024 [ 342.533605][ T5948] netlink: 'syz.5.1782': attribute type 4 has an invalid length. [ 342.553279][ T5946] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 342.568614][ T5948] netlink: 'syz.5.1782': attribute type 4 has an invalid length. [ 342.570608][ T5946] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 342.680335][ T5946] JBD2: no valid journal superblock found [ 342.693179][ T5946] EXT4-fs (loop2): error loading journal [ 343.948253][ T5979] loop2: detected capacity change from 0 to 512 [ 343.979748][ T5979] EXT4-fs: Ignoring removed oldalloc option [ 344.011810][ T5979] EXT4-fs: Ignoring removed mblk_io_submit option [ 344.018907][ T5979] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 344.047597][ T5979] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1794: bg 0: block 64: padding at end of block bitmap is not set [ 344.062278][ T5979] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1794: Failed to acquire dquot type 0 [ 344.074329][ T5979] EXT4-fs (loop2): 1 truncate cleaned up [ 344.080363][ T5979] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 344.116885][ T5991] loop3: detected capacity change from 0 to 256 [ 344.117256][ T286] EXT4-fs (loop2): unmounting filesystem. [ 344.194993][ T6003] loop4: detected capacity change from 0 to 1024 [ 344.212734][ T6003] EXT4-fs: Ignoring removed nomblk_io_submit option [ 344.232128][ T6006] device syzkaller0 entered promiscuous mode [ 344.241463][ T6003] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 344.462475][ T6020] loop3: detected capacity change from 0 to 512 [ 344.590016][ T6020] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 344.614083][ T6020] EXT4-fs (loop3): orphan cleanup on readonly fs [ 344.649032][ T6020] EXT4-fs warning (device loop3): ext4_enable_quotas:7053: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 344.722974][ T6020] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 344.762170][ T6020] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1808: bg 0: block 40: padding at end of block bitmap is not set [ 344.810167][ T6020] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 344.821558][ T6020] EXT4-fs (loop3): 1 truncate cleaned up [ 344.828032][ T6020] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 345.145052][ T282] EXT4-fs (loop3): unmounting filesystem. [ 345.188692][ T285] EXT4-fs (loop4): unmounting filesystem. [ 345.406544][ T6053] loop4: detected capacity change from 0 to 1024 [ 345.413412][ T6053] EXT4-fs: Ignoring removed orlov option [ 345.425759][ T6053] EXT4-fs: Ignoring removed nomblk_io_submit option [ 345.468909][ T6053] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 345.481608][ T6060] input: syz1 as /devices/virtual/input/input45 [ 345.493260][ T6061] loop2: detected capacity change from 0 to 128 [ 345.562469][ T285] EXT4-fs (loop4): unmounting filesystem. [ 346.721793][ T6089] loop4: detected capacity change from 0 to 512 [ 346.886469][ T6089] EXT4-fs (loop4): 1 orphan inode deleted [ 346.892307][ T6089] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 346.903365][ T6089] ext4 filesystem being mounted at /374/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 347.154574][ T2489] __quota_error: 55 callbacks suppressed [ 347.275354][ T2489] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 348.064622][ T2489] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 1 [ 348.104882][ T285] EXT4-fs (loop4): unmounting filesystem. [ 348.503780][ T28] audit: type=1326 audit(1753205627.490:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.546225][ T28] audit: type=1326 audit(1753205627.490:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.590203][ T28] audit: type=1326 audit(1753205627.490:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.614115][ T28] audit: type=1326 audit(1753205627.490:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.614146][ T28] audit: type=1326 audit(1753205627.490:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.614173][ T28] audit: type=1326 audit(1753205627.490:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.614199][ T28] audit: type=1326 audit(1753205627.490:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.614228][ T28] audit: type=1326 audit(1753205627.490:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.614254][ T28] audit: type=1326 audit(1753205627.490:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6100 comm="syz.5.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f835af8e9a9 code=0x7ffc0000 [ 348.646141][ T6110] loop2: detected capacity change from 0 to 1024 [ 348.650980][ T6110] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 348.695134][ T6110] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 348.695203][ T6110] ext4 filesystem being mounted at /361/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 348.708480][ T286] EXT4-fs (loop2): unmounting filesystem. [ 348.889834][ T6120] loop2: detected capacity change from 0 to 8192 [ 348.922503][ T6120] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068) [ 348.922534][ T6120] FAT-fs (loop2): Filesystem has been set read-only [ 349.086954][ T6124] device syzkaller0 entered promiscuous mode [ 349.188005][ T6127] loop3: detected capacity change from 0 to 512 [ 349.252646][ T6127] EXT4-fs (loop3): 1 orphan inode deleted [ 349.258506][ T6127] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 349.268424][ T6127] ext4 filesystem being mounted at /365/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 349.299860][ T329] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:4: Failed to release dquot type 1 [ 350.630527][ T6139] tipc: Started in network mode [ 350.635448][ T6139] tipc: Node identity 4abc28a48904, cluster identity 4711 [ 350.666317][ T282] EXT4-fs (loop3): unmounting filesystem. [ 350.680985][ T6139] tipc: Enabled bearer , priority 0 [ 350.694096][ T6140] SELinux: failed to load policy [ 350.714024][ T6141] device syzkaller0 entered promiscuous mode [ 350.740036][ T6139] tipc: Resetting bearer [ 350.755397][ T6143] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1851'. [ 350.770322][ T6138] tipc: Resetting bearer [ 350.785999][ T6138] tipc: Disabling bearer [ 350.955736][ T6156] loop3: detected capacity change from 0 to 512 [ 350.991998][ T6156] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 351.001132][ T6156] ext4 filesystem being mounted at /366/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 351.013588][ T6156] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 351.023671][ T6156] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1849: bg 0: block 96: padding at end of block bitmap is not set [ 351.054124][ T282] EXT4-fs (loop3): unmounting filesystem. [ 351.149170][ T6180] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1864'. [ 351.185703][ T6184] tipc: Started in network mode [ 351.190685][ T6184] tipc: Node identity 8e06f309eb13, cluster identity 4711 [ 351.197933][ T6184] tipc: Enabled bearer , priority 0 [ 351.204988][ T6184] device syzkaller0 entered promiscuous mode [ 351.214463][ T6184] tipc: Resetting bearer [ 351.221605][ T6183] tipc: Resetting bearer [ 351.228696][ T6183] tipc: Disabling bearer [ 351.326739][ T6200] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 351.359756][ T6204] SELinux: failed to load policy [ 351.436888][ T6211] SELinux: policydb version 1738335632 does not match my version range 15-33 [ 351.446100][ T6211] SELinux: failed to load policy [ 351.570789][ T6220] loop5: detected capacity change from 0 to 1024 [ 351.577711][ T6220] EXT4-fs: Ignoring removed bh option [ 351.584338][ T6220] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 351.594010][ T6220] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 2: comm syz.5.1884: lblock 2 mapped to illegal pblock 2 (length 1) [ 351.608326][ T6220] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 48: comm syz.5.1884: lblock 0 mapped to illegal pblock 48 (length 1) [ 351.622759][ T6220] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1884: Failed to acquire dquot type 0 [ 351.634332][ T6220] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 351.644143][ T6220] EXT4-fs error (device loop5): ext4_evict_inode:279: inode #11: comm syz.5.1884: mark_inode_dirty error [ 351.655946][ T6220] EXT4-fs warning (device loop5): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 351.666272][ T6220] EXT4-fs (loop5): 1 orphan inode deleted [ 351.672011][ T6220] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 351.685674][ T5760] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 351.700101][ T5760] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 0 [ 351.714357][ T6220] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 48: comm syz.5.1884: lblock 0 mapped to illegal pblock 48 (length 1) [ 351.734475][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 351.750093][ T6223] syz.5.1885[6223] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 351.750160][ T6223] syz.5.1885[6223] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 351.864457][ T6242] netlink: 'syz.2.1894': attribute type 6 has an invalid length. [ 351.991586][ T6249] loop2: detected capacity change from 0 to 512 [ 352.057160][ T6249] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1897: bg 0: block 248: padding at end of block bitmap is not set [ 352.078574][ T6249] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1897: Failed to acquire dquot type 1 [ 352.092665][ T6249] EXT4-fs (loop2): 1 truncate cleaned up [ 352.102861][ T6245] loop4: detected capacity change from 0 to 512 [ 352.107203][ T6249] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 352.120090][ T6245] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 352.133855][ T6249] ext4 filesystem being mounted at /372/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 352.173697][ T6245] EXT4-fs (loop4): 1 truncate cleaned up [ 352.191380][ T6245] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 352.216478][ T286] EXT4-fs (loop2): unmounting filesystem. [ 352.222358][ T5760] __quota_error: 44 callbacks suppressed [ 352.222372][ T5760] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-5 [ 352.238674][ T5760] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 1 [ 352.458257][ T6277] loop5: detected capacity change from 0 to 512 [ 352.467586][ T285] EXT4-fs (loop4): unmounting filesystem. [ 352.491060][ T6277] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 352.506316][ T6277] ext4 filesystem being mounted at /296/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 352.546696][ T6277] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #4: comm syz.5.1907: corrupted inode contents [ 352.558670][ T6277] EXT4-fs error (device loop5): ext4_dirty_inode:6120: inode #4: comm syz.5.1907: mark_inode_dirty error [ 352.571351][ T6277] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #4: comm syz.5.1907: corrupted inode contents [ 352.583395][ T6277] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #4: comm syz.5.1907: mark_inode_dirty error [ 352.594931][ T6277] Quota error (device loop5): write_blk: dquota write failed [ 352.603211][ T6277] Quota error (device loop5): find_free_dqentry: Can't write quota data block 5 [ 352.612814][ T6277] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 352.623286][ T6277] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1907: Failed to acquire dquot type 1 [ 352.640360][ T28] audit: type=1400 audit(1753205631.630:1472): avc: denied { rename } for pid=6275 comm="syz.5.1907" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 352.640786][ T6285] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #4: comm syz.5.1907: corrupted inode contents [ 352.717520][ T6285] EXT4-fs error (device loop5): ext4_dirty_inode:6120: inode #4: comm syz.5.1907: mark_inode_dirty error [ 352.729524][ T6285] EXT4-fs error (device loop5): ext4_do_update_inode:5255: inode #4: comm syz.5.1907: corrupted inode contents [ 352.744669][ T28] audit: type=1400 audit(1753205631.740:1473): avc: denied { read } for pid=6289 comm="syz.1.1911" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 352.754153][ T6285] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #4: comm syz.5.1907: mark_inode_dirty error [ 352.776416][ T6285] Quota error (device loop5): write_blk: dquota write failed [ 352.783893][ T6285] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 352.794005][ T6285] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1907: Failed to acquire dquot type 1 [ 352.822211][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 354.408073][ T28] audit: type=1400 audit(1753205633.400:1474): avc: denied { read write } for pid=6314 comm="syz.5.1921" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 354.434106][ T6316] loop3: detected capacity change from 0 to 1024 [ 354.437974][ T28] audit: type=1400 audit(1753205633.430:1475): avc: denied { open } for pid=6314 comm="syz.5.1921" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 354.451177][ T6316] EXT4-fs: Ignoring removed orlov option [ 354.476408][ T6316] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 354.565911][ T6325] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1924'. [ 354.650175][ T6334] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1928'. [ 354.742267][ T6342] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 354.886528][ T282] EXT4-fs (loop3): unmounting filesystem. [ 355.008516][ T6358] loop2: detected capacity change from 0 to 512 [ 355.042253][ T6358] EXT4-fs (loop2): 1 orphan inode deleted [ 355.048198][ T6358] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 355.057934][ T5760] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 1 [ 355.071688][ T6358] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 355.112174][ T6375] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 355.447407][ T445] hid-generic 0000:0004:0000.0009: unknown main item tag 0x0 [ 355.454997][ T445] hid-generic 0000:0004:0000.0009: unknown main item tag 0x0 [ 355.462567][ T445] hid-generic 0000:0004:0000.0009: unknown main item tag 0x0 [ 355.471807][ T445] hid-generic 0000:0004:0000.0009: hidraw0: HID v0.00 Device [syz0] on syz0 [ 355.495497][ T6381] fido_id[6381]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 356.023421][ T286] EXT4-fs (loop2): unmounting filesystem. [ 356.027354][ T6391] syz.4.1951[6391] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 356.029241][ T6391] syz.4.1951[6391] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 356.108273][ T6398] loop4: detected capacity change from 0 to 512 [ 356.135731][ T6398] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal [ 356.451149][ T447] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 356.537837][ T6407] syz.3.1957 uses obsolete (PF_INET,SOCK_PACKET) [ 356.567502][ T439] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0 [ 356.585126][ T439] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0 [ 356.593063][ T439] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0 [ 356.611285][ T439] hid-generic 0000:0004:0000.000A: hidraw0: HID v0.00 Device [syz0] on syz0 [ 356.655078][ T6414] loop2: detected capacity change from 0 to 1024 [ 356.670636][ T6414] EXT4-fs: Ignoring removed orlov option [ 356.679525][ T6412] fido_id[6412]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 356.698783][ T6414] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 356.710295][ T447] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 356.722303][ T447] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.730549][ T447] usb 5-1: Product: syz [ 356.734784][ T447] usb 5-1: Manufacturer: syz [ 356.739479][ T447] usb 5-1: SerialNumber: syz [ 356.745286][ T447] r8152-cfgselector 5-1: config 0 descriptor?? [ 356.765750][ T286] EXT4-fs (loop2): unmounting filesystem. [ 356.794074][ T6418] loop2: detected capacity change from 0 to 512 [ 356.824100][ T6418] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1961: invalid indirect mapped block 256 (level 2) [ 356.854615][ T6418] EXT4-fs (loop2): 2 truncates cleaned up [ 356.875468][ T6418] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 356.953821][ T6398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.967833][ T6398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.000534][ T6398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.020666][ T10] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm kworker/u4:1: bg 0: block 5: invalid block bitmap [ 357.022924][ T6398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.042225][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 592 with error 28 [ 357.054799][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost [ 357.054799][ T10] [ 357.064944][ T10] EXT4-fs (loop2): Total free blocks count 0 [ 357.071387][ T10] EXT4-fs (loop2): Free/Dirty block details [ 357.077701][ T10] EXT4-fs (loop2): free_blocks=0 [ 357.082730][ T10] EXT4-fs (loop2): dirty_blocks=592 [ 357.088477][ T10] EXT4-fs (loop2): Block reservation details [ 357.094540][ T10] EXT4-fs (loop2): i_reserved_data_blocks=592 [ 357.107576][ T286] EXT4-fs (loop2): unmounting filesystem. [ 357.140869][ T6431] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=6431 comm=syz.2.1965 [ 357.171890][ T6434] loop2: detected capacity change from 0 to 128 [ 357.183448][ T6434] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 357.191596][ T6434] FAT-fs (loop2): Filesystem has been set read-only [ 357.198559][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.198559][ T6434] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 357.212677][ T6434] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 357.220721][ T6434] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 357.228886][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.228886][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.242393][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.242393][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.256202][ T6398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.257069][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.257069][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.264725][ T6398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.290191][ T6398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.300363][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.300363][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.301064][ T6398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.319081][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.319081][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.334881][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.334881][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.348459][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.348459][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.361996][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.361996][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.375534][ T6434] syz.2.1966: attempt to access beyond end of device [ 357.375534][ T6434] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 357.535389][ T28] kauditd_printk_skb: 124 callbacks suppressed [ 357.535405][ T28] audit: type=1400 audit(1753205636.520:1599): avc: denied { read } for pid=6397 comm="syz.4.1954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 357.818440][ T447] r8152-cfgselector 5-1: Unknown version 0x0000 [ 357.843468][ T447] r8152-cfgselector 5-1: bad CDC descriptors [ 357.898204][ T447] r8152-cfgselector 5-1: Unknown version 0x0000 [ 357.903383][ T28] audit: type=1400 audit(1753205636.890:1600): avc: denied { ioctl } for pid=6445 comm="syz.4.1969" path="socket:[32709]" dev="sockfs" ino=32709 ioctlcmd=0xf50b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 357.913758][ T447] r8152-cfgselector 5-1: USB disconnect, device number 8 [ 358.009823][ T37] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0 [ 358.022006][ T37] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0 [ 358.029650][ T28] audit: type=1400 audit(1753205637.010:1601): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 358.055567][ T37] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0 [ 358.064290][ T6454] loop2: detected capacity change from 0 to 128 [ 358.064785][ T37] hid-generic 0000:0004:0000.000B: hidraw0: HID v0.00 Device [syz0] on syz0 [ 358.088799][ T28] audit: type=1400 audit(1753205637.080:1602): avc: denied { block_suspend } for pid=6451 comm="syz.4.1971" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 358.116721][ T6456] can0: slcan on ptm0. [ 358.162058][ T6454] EXT4-fs: Ignoring removed nobh option [ 358.355372][ T28] audit: type=1400 audit(1753205637.110:1603): avc: denied { name_bind } for pid=6444 comm="syz.5.1968" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 358.360656][ T6454] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 358.406323][ T6454] ext4 filesystem being mounted at /386/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 358.460255][ T6457] fido_id[6457]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 358.479258][ T6467] loop3: detected capacity change from 0 to 512 [ 358.528846][ T6467] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 358.541514][ T28] audit: type=1400 audit(1753205637.110:1604): avc: denied { node_bind } for pid=6444 comm="syz.5.1968" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 358.561760][ T6467] EXT4-fs (loop3): 1 truncate cleaned up [ 358.572592][ T6467] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 358.585994][ T28] audit: type=1400 audit(1753205637.170:1605): avc: denied { read } for pid=141 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 358.607112][ T28] audit: type=1400 audit(1753205637.180:1606): avc: denied { search } for pid=141 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 358.831212][ T28] audit: type=1400 audit(1753205637.180:1607): avc: denied { read } for pid=141 comm="dhcpcd" name="n16" dev="tmpfs" ino=14048 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 358.837174][ T282] EXT4-fs (loop3): unmounting filesystem. [ 358.853755][ T28] audit: type=1400 audit(1753205637.180:1608): avc: denied { open } for pid=141 comm="dhcpcd" path="/run/udev/data/n16" dev="tmpfs" ino=14048 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 358.896041][ T6444] can0 (unregistered): slcan off ptm0. [ 360.349808][ T6513] loop5: detected capacity change from 0 to 1024 [ 360.430614][ T6513] EXT4-fs: Ignoring removed i_version option [ 360.441167][ T6522] loop3: detected capacity change from 0 to 1024 [ 360.460149][ T6513] EXT4-fs error (device loop5): ext4_ext_check_inode:520: inode #3: comm syz.5.1986: pblk 67 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 360.478553][ T6522] EXT4-fs: Ignoring removed oldalloc option [ 360.484587][ T6522] EXT4-fs: Ignoring removed bh option [ 360.491416][ T6522] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 360.505475][ T6513] EXT4-fs error (device loop5): ext4_quota_enable:7012: comm syz.5.1986: Bad quota inode: 3, type: 0 [ 360.522225][ T6513] EXT4-fs warning (device loop5): ext4_enable_quotas:7053: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 360.537943][ T6513] EXT4-fs (loop5): mount failed [ 360.615073][ T6522] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 360.672295][ T282] EXT4-fs (loop3): unmounting filesystem. [ 360.831779][ T286] EXT4-fs (loop2): unmounting filesystem. [ 361.600035][ T6558] loop3: detected capacity change from 0 to 128 [ 361.784071][ T6565] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 361.791344][ T6565] IPv6: NLM_F_CREATE should be set when creating new route [ 361.853649][ T6573] loop5: detected capacity change from 0 to 512 [ 361.907628][ T6572] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 361.961757][ T6573] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 361.981955][ T6573] ext4 filesystem being mounted at /314/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 362.326533][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 362.467179][ T6601] loop3: detected capacity change from 0 to 1024 [ 362.478330][ T6601] EXT4-fs: Ignoring removed orlov option [ 362.609987][ T6603] device syzkaller0 entered promiscuous mode [ 362.670237][ T6601] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 362.963725][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 362.963812][ T28] audit: type=1400 audit(1753205641.950:1643): avc: denied { relabelfrom } for pid=6602 comm="syz.1.2016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 363.331453][ T282] EXT4-fs (loop3): unmounting filesystem. [ 363.416935][ T6617] tipc: Enabled bearer , priority 0 [ 363.423792][ T28] audit: type=1400 audit(1753205641.980:1644): avc: denied { relabelto } for pid=6602 comm="syz.1.2016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 363.458777][ T6617] device syzkaller0 entered promiscuous mode [ 363.821019][ T6615] tipc: Resetting bearer [ 363.829604][ T6615] tipc: Disabling bearer [ 363.852023][ T28] audit: type=1400 audit(1753205642.840:1645): avc: denied { append } for pid=6629 comm="syz.3.2024" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 363.852112][ T6630] random: crng reseeded on system resumption [ 363.875402][ T28] audit: type=1400 audit(1753205642.840:1646): avc: denied { open } for pid=6629 comm="syz.3.2024" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 363.924046][ T28] audit: type=1400 audit(1753205642.910:1647): avc: denied { ioctl } for pid=6629 comm="syz.3.2024" path="/dev/snapshot" dev="devtmpfs" ino=91 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 363.931005][ T6630] Restarting kernel threads ... done. [ 364.038591][ T6644] loop2: detected capacity change from 0 to 512 [ 364.057755][ T6644] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 364.069203][ T6644] EXT4-fs (loop2): orphan cleanup on readonly fs [ 364.075988][ T6644] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 364.086555][ T6644] EXT4-fs warning (device loop2): ext4_enable_quotas:7053: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 364.102172][ T6644] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 364.102470][ T28] audit: type=1400 audit(1753205643.100:1648): avc: denied { create } for pid=6647 comm="syz.3.2032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 364.109674][ T6644] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.2031: bg 0: block 40: padding at end of block bitmap is not set [ 364.142967][ T6644] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 364.153000][ T6644] EXT4-fs (loop2): 1 truncate cleaned up [ 364.158839][ T6644] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 364.196432][ T6654] tipc: Enabled bearer , priority 0 [ 364.203553][ T6654] device syzkaller0 entered promiscuous mode [ 364.220106][ T286] EXT4-fs (loop2): unmounting filesystem. [ 364.230461][ T6654] tipc: Resetting bearer [ 364.230457][ T6657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2033'. [ 364.248139][ T6653] tipc: Resetting bearer [ 364.257292][ T6656] loop4: detected capacity change from 0 to 512 [ 364.264042][ T6653] tipc: Disabling bearer [ 364.302020][ T6656] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 364.323468][ T6656] ext4 filesystem being mounted at /416/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 364.362169][ T28] audit: type=1400 audit(1753205643.350:1649): avc: denied { ioctl } for pid=6669 comm="syz.5.2040" path="socket:[33335]" dev="sockfs" ino=33335 ioctlcmd=0x8955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 364.392758][ T28] audit: type=1400 audit(1753205643.380:1650): avc: denied { read write } for pid=6655 comm="syz.4.2035" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 364.416842][ T28] audit: type=1400 audit(1753205643.380:1651): avc: denied { open } for pid=6655 comm="syz.4.2035" path="/416/bus/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 364.449989][ T285] EXT4-fs (loop4): unmounting filesystem. [ 364.456220][ T6672] SELinux: Context u:r:untrusted_app:s0:c512,c768 is not valid (left unmapped). [ 365.696877][ T6697] device syzkaller0 entered promiscuous mode [ 365.705485][ T6699] xt_CT: You must specify a L4 protocol and not use inversions on it [ 365.780993][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2052'. [ 365.865805][ T6712] device syzkaller0 entered promiscuous mode [ 365.916017][ T6715] loop2: detected capacity change from 0 to 128 [ 365.966474][ T6715] bio_check_eod: 12086 callbacks suppressed [ 365.966492][ T6715] syz.2.2056: attempt to access beyond end of device [ 365.966492][ T6715] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 365.996913][ T6718] device pim6reg1 entered promiscuous mode [ 366.079710][ T6724] loop2: detected capacity change from 0 to 128 [ 366.385075][ T6733] syz.2.2060: attempt to access beyond end of device [ 366.385075][ T6733] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 366.727224][ T6746] loop5: detected capacity change from 0 to 2048 [ 367.125103][ T6746] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 367.191073][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 367.200033][ T6759] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 367.315105][ T6774] loop4: detected capacity change from 0 to 128 [ 367.683859][ T6790] device syzkaller0 entered promiscuous mode [ 367.985475][ T6812] syz.3.2091[6812] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 367.988368][ T6812] syz.3.2091[6812] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 368.326694][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 368.326824][ T28] audit: type=1400 audit(1753205647.270:1663): avc: denied { write } for pid=6807 comm="syz.1.2092" name="uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 368.399353][ T28] audit: type=1400 audit(1753205647.280:1664): avc: denied { ioctl } for pid=6807 comm="syz.1.2092" path="/dev/uinput" dev="devtmpfs" ino=262 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 370.670062][ T6820] can0: slcan on ptm0. [ 371.408625][ T28] audit: type=1400 audit(1753205650.400:1665): avc: denied { create } for pid=6824 comm="syz.5.2096" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 371.436368][ T6814] can0 (unregistered): slcan off ptm0. [ 371.486760][ T6825] 9pnet: p9_errstr2errno: server reported unknown error @íÎ‚Í [ 371.489986][ T28] audit: type=1400 audit(1753205650.470:1666): avc: denied { mounton } for pid=6824 comm="syz.5.2096" path="/332/file0" dev="tmpfs" ino=1756 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 371.554774][ T28] audit: type=1400 audit(1753205650.540:1667): avc: denied { unlink } for pid=2385 comm="syz-executor" name="file0" dev="tmpfs" ino=1756 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 371.712272][ T6844] loop5: detected capacity change from 0 to 1024 [ 371.726301][ T28] audit: type=1326 audit(1753205650.720:1668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6845 comm="syz.1.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 371.771296][ T6844] EXT4-fs: Ignoring removed oldalloc option [ 371.785837][ T6844] EXT4-fs: Ignoring removed bh option [ 371.812686][ T6844] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 371.840196][ T28] audit: type=1326 audit(1753205650.750:1669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6845 comm="syz.1.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 371.869371][ T6863] sch_tbf: burst 0 is lower than device lo mtu (14) ! [ 371.884666][ T6827] loop3: detected capacity change from 0 to 1024 [ 371.904954][ T28] audit: type=1326 audit(1753205650.750:1670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6845 comm="syz.1.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 371.912179][ T6844] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 371.940769][ T28] audit: type=1326 audit(1753205650.750:1671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6845 comm="syz.1.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 371.946778][ T6827] EXT4-fs: test_dummy_encryption requires encrypt feature [ 371.972377][ T28] audit: type=1326 audit(1753205650.750:1672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6845 comm="syz.1.2103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 371.989884][ T6876] loop2: detected capacity change from 0 to 512 [ 372.035959][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 372.091058][ T6876] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 372.100570][ T6876] ext4 filesystem being mounted at /412/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 372.126441][ T286] EXT4-fs (loop2): unmounting filesystem. [ 372.217651][ T6906] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2119'. [ 372.226763][ T6906] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2119'. [ 372.237977][ T6906] device wireguard0 entered promiscuous mode [ 372.266126][ T6910] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 372.348839][ T6919] syz.3.2124[6919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 372.348916][ T6919] syz.3.2124[6919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 372.555736][ T615] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 372.755633][ T615] usb 6-1: Using ep0 maxpacket: 32 [ 372.761921][ T615] usb 6-1: config 0 has an invalid interface number: 146 but max is 0 [ 372.770156][ T615] usb 6-1: config 0 has no interface number 0 [ 372.779104][ T615] usb 6-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 372.789920][ T615] usb 6-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 372.800837][ T615] usb 6-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xF2, skipping [ 372.811985][ T615] usb 6-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1 [ 372.822045][ T615] usb 6-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 372.837079][ T615] usb 6-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 372.846327][ T615] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.854489][ T615] usb 6-1: Product: syz [ 372.859026][ T615] usb 6-1: Manufacturer: syz [ 372.863747][ T615] usb 6-1: SerialNumber: syz [ 372.874582][ T615] usb 6-1: config 0 descriptor?? [ 372.880065][ T6912] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 372.887547][ T6912] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 373.102244][ T6912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.110854][ T6912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.119674][ T6912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.128203][ T6912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.136842][ T6912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.145354][ T6912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.153859][ T6912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.162439][ T6912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.171013][ T3611] usb 6-1: USB disconnect, device number 2 [ 373.228749][ T6946] random: crng reseeded on system resumption [ 373.325163][ T6950] loop3: detected capacity change from 0 to 512 [ 373.335573][ T6950] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 373.347539][ T6950] EXT4-fs (loop3): 1 truncate cleaned up [ 373.353343][ T6950] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 373.407762][ T282] EXT4-fs (loop3): unmounting filesystem. [ 373.427315][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 373.427329][ T28] audit: type=1400 audit(1753205652.420:1680): avc: denied { connect } for pid=6954 comm="syz.4.2140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 373.468832][ T28] audit: type=1400 audit(1753205652.450:1681): avc: denied { write } for pid=6954 comm="syz.4.2140" path="socket:[33764]" dev="sockfs" ino=33764 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 373.512481][ T28] audit: type=1400 audit(1753205652.480:1682): avc: denied { read write } for pid=282 comm="syz-executor" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 373.541631][ T28] audit: type=1400 audit(1753205652.480:1683): avc: denied { open } for pid=282 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 373.541723][ T6961] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 373.571192][ T28] audit: type=1400 audit(1753205652.480:1684): avc: denied { ioctl } for pid=282 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=121 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 373.577664][ T6963] loop2: detected capacity change from 0 to 1024 [ 373.601477][ T28] audit: type=1400 audit(1753205652.510:1685): avc: denied { bpf } for pid=6958 comm="syz.3.2142" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 373.626320][ T6963] EXT4-fs: Ignoring removed orlov option [ 373.631080][ T28] audit: type=1400 audit(1753205652.510:1686): avc: denied { prog_load } for pid=6958 comm="syz.3.2142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 373.665332][ T28] audit: type=1400 audit(1753205652.510:1687): avc: denied { mounton } for pid=6958 comm="syz.3.2142" path="/428/control" dev="tmpfs" ino=2270 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 373.688537][ T28] audit: type=1400 audit(1753205652.520:1688): avc: denied { perfmon } for pid=6960 comm="syz.4.2143" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 373.710953][ T28] audit: type=1400 audit(1753205652.520:1689): avc: denied { prog_run } for pid=6960 comm="syz.4.2143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 373.811120][ T6963] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 373.825372][ T6963] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.2.2141: corrupted in-inode xattr [ 373.838147][ T6963] EXT4-fs (loop2): Remounting filesystem read-only [ 374.358670][ T286] EXT4-fs (loop2): unmounting filesystem. [ 374.465024][ T6980] loop2: detected capacity change from 0 to 2048 [ 374.490393][ T6980] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 374.621749][ T6985] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 374.637835][ T6985] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 374.656531][ T6985] EXT4-fs (loop2): This should not happen!! Data will be lost [ 374.656531][ T6985] [ 374.680542][ T6985] EXT4-fs (loop2): Total free blocks count 0 [ 374.705652][ T6985] EXT4-fs (loop2): Free/Dirty block details [ 374.711651][ T6985] EXT4-fs (loop2): free_blocks=2415919104 [ 374.725491][ T6985] EXT4-fs (loop2): dirty_blocks=2160 [ 374.731193][ T6985] EXT4-fs (loop2): Block reservation details [ 374.737737][ T6985] EXT4-fs (loop2): i_reserved_data_blocks=135 [ 374.762078][ T6995] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 374.777306][ T6988] loop5: detected capacity change from 0 to 512 [ 374.796456][ T6988] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 374.817078][ T6988] EXT4-fs (loop5): 1 truncate cleaned up [ 374.822924][ T6988] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 374.913384][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 374.981837][ T7002] device syzkaller0 entered promiscuous mode [ 374.988639][ T7006] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 375.037973][ T7009] x_tables: duplicate underflow at hook 3 [ 375.321362][ T7013] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 375.559815][ T7017] device veth0 entered promiscuous mode [ 375.573059][ T7017] device macsec1 entered promiscuous mode [ 375.584541][ T7017] device veth0 left promiscuous mode [ 375.869538][ T7037] loop4: detected capacity change from 0 to 512 [ 376.101222][ T7037] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 376.162515][ T7041] loop5: detected capacity change from 0 to 128 [ 376.178652][ T7037] ext4 filesystem being mounted at /file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 376.209090][ T7037] EXT4-fs (loop4): unmounting filesystem. [ 376.970019][ T7063] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 377.041595][ T7064] device syzkaller0 entered promiscuous mode [ 377.868654][ T7086] loop2: detected capacity change from 0 to 512 [ 377.880612][ T7088] input: syz1 as /devices/virtual/input/input50 [ 377.893306][ T7086] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 377.935276][ T7092] 9pnet_fd: Insufficient options for proto=fd [ 377.956827][ T7086] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 377.975864][ T7096] 9pnet: Could not find request transport: rdma [ 377.992259][ T7086] ext4 filesystem being mounted at /427/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 378.020205][ T7086] hub 9-0:1.0: USB hub found [ 378.025021][ T7086] hub 9-0:1.0: 1 port detected [ 378.063506][ T286] EXT4-fs (loop2): unmounting filesystem. [ 378.092920][ T7106] loop4: detected capacity change from 0 to 128 [ 378.125384][ T7106] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 378.180250][ T7106] ext4 filesystem being mounted at /458/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 378.214245][ T7113] device syzkaller0 entered promiscuous mode [ 378.296471][ T285] EXT4-fs (loop4): unmounting filesystem. [ 378.483818][ T7124] loop4: detected capacity change from 0 to 1024 [ 378.516248][ T7124] EXT4-fs: Ignoring removed nobh option [ 378.541364][ T7124] EXT4-fs: Ignoring removed bh option [ 378.564368][ T7124] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 378.616721][ T7124] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 378.676443][ T28] kauditd_printk_skb: 80 callbacks suppressed [ 378.676459][ T28] audit: type=1400 audit(1753205657.670:1770): avc: denied { read write } for pid=7120 comm="syz.4.2200" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 378.744435][ T28] audit: type=1400 audit(1753205657.710:1771): avc: denied { map } for pid=7120 comm="syz.4.2200" path="/460/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 378.810592][ T28] audit: type=1400 audit(1753205657.710:1772): avc: denied { execute } for pid=7120 comm="syz.4.2200" path="/460/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 378.884429][ T7129] loop5: detected capacity change from 0 to 1024 [ 378.901907][ T7129] EXT4-fs: Ignoring removed orlov option [ 378.918385][ T7129] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 378.970969][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 379.064204][ T28] audit: type=1400 audit(1753205658.050:1773): avc: denied { create } for pid=7133 comm="syz.5.2203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 379.173324][ T7122] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.2200: Allocating blocks 497-513 which overlap fs metadata [ 379.208074][ T7122] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.2200: Allocating blocks 497-513 which overlap fs metadata [ 379.239519][ T7141] loop5: detected capacity change from 0 to 1024 [ 379.510324][ T7141] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 379.549956][ T7141] ext4 filesystem being mounted at /355/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 379.580615][ T7124] EXT4-fs (loop4): pa ffff88811fe17a80: logic 1008, phys. 465, len 3 [ 379.588906][ T7124] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 379.609532][ T732] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm kworker/u4:7: bg 0: block 393: padding at end of block bitmap is not set [ 379.632806][ T732] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 379.636488][ T28] audit: type=1400 audit(1753205658.620:1774): avc: denied { connect } for pid=7146 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 379.657782][ T732] EXT4-fs (loop5): This should not happen!! Data will be lost [ 379.657782][ T732] [ 379.665530][ T28] audit: type=1400 audit(1753205658.650:1775): avc: denied { read } for pid=7146 comm="syz.2.2207" path="socket:[34686]" dev="sockfs" ino=34686 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 379.692242][ T732] EXT4-fs (loop5): Total free blocks count 0 [ 379.709967][ T732] EXT4-fs (loop5): Free/Dirty block details [ 379.711430][ T285] EXT4-fs (loop4): unmounting filesystem. [ 379.722591][ T28] audit: type=1400 audit(1753205658.710:1776): avc: denied { write } for pid=7146 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 379.723264][ T732] EXT4-fs (loop5): free_blocks=0 [ 379.747251][ T732] EXT4-fs (loop5): dirty_blocks=16 [ 379.752421][ T732] EXT4-fs (loop5): Block reservation details [ 379.758474][ T732] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 379.771333][ T28] audit: type=1400 audit(1753205658.760:1777): avc: denied { create } for pid=7150 comm="syz.4.2209" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 379.794695][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 379.800938][ T7154] loop2: detected capacity change from 0 to 512 [ 379.833712][ T7154] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 379.839571][ T28] audit: type=1400 audit(1753205658.760:1778): avc: denied { read } for pid=7150 comm="syz.4.2209" name="file0" dev="tmpfs" ino=2439 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 379.869072][ T28] audit: type=1400 audit(1753205658.760:1779): avc: denied { open } for pid=7150 comm="syz.4.2209" path="/461/file0" dev="tmpfs" ino=2439 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 379.897441][ T7154] EXT4-fs (loop2): 1 truncate cleaned up [ 379.900650][ T615] hid-generic 0000:0004:0000.000C: unknown main item tag 0x0 [ 379.903204][ T7154] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 379.911463][ T615] hid-generic 0000:0004:0000.000C: unknown main item tag 0x0 [ 379.926708][ T615] hid-generic 0000:0004:0000.000C: unknown main item tag 0x0 [ 379.934788][ T615] hid-generic 0000:0004:0000.000C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 380.000033][ T7164] loop4: detected capacity change from 0 to 1024 [ 380.011532][ T286] EXT4-fs (loop2): unmounting filesystem. [ 380.029691][ T7163] fido_id[7163]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 380.042881][ T7168] tipc: Enabled bearer , priority 0 [ 380.050752][ T7164] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 380.071128][ T7168] device syzkaller0 entered promiscuous mode [ 380.087340][ T7168] tipc: Resetting bearer [ 380.093884][ T7167] tipc: Resetting bearer [ 380.101708][ T7167] tipc: Disabling bearer [ 380.121317][ T7164] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 380.139335][ T7177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2219'. [ 380.159682][ T285] EXT4-fs (loop4): unmounting filesystem. [ 380.197344][ T7180] syz.5.2221[7180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 380.197433][ T7180] syz.5.2221[7180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 380.390089][ T7189] loop2: detected capacity change from 0 to 512 [ 380.431833][ T7201] loop3: detected capacity change from 0 to 1024 [ 380.436370][ T615] hid-generic 0000:0004:0000.000D: unknown main item tag 0x0 [ 380.446284][ T615] hid-generic 0000:0004:0000.000D: unknown main item tag 0x0 [ 380.454516][ T615] hid-generic 0000:0004:0000.000D: unknown main item tag 0x0 [ 380.458406][ T7209] tipc: Enabled bearer , priority 0 [ 380.463578][ T7189] EXT4-fs (loop2): 1 orphan inode deleted [ 380.470802][ T7201] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 380.475316][ T7189] ext4 filesystem being mounted at /433/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 380.485788][ T7209] device syzkaller0 entered promiscuous mode [ 380.494733][ T615] hid-generic 0000:0004:0000.000D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 380.500248][ T732] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:7: Failed to release dquot type 1 [ 380.514837][ T7201] ext4 filesystem being mounted at /452/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 380.544186][ T7209] tipc: Resetting bearer [ 380.552083][ T7208] tipc: Resetting bearer [ 380.582985][ T7208] tipc: Disabling bearer [ 380.602860][ T7212] fido_id[7212]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 380.900302][ T7235] loop5: detected capacity change from 0 to 512 [ 380.959785][ T7235] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 380.971039][ T286] EXT4-fs unmount: 2 callbacks suppressed [ 380.971057][ T286] EXT4-fs (loop2): unmounting filesystem. [ 381.003102][ T7235] EXT4-fs (loop5): orphan cleanup on readonly fs [ 381.038542][ T7246] random: crng reseeded on system resumption [ 381.104993][ T7235] EXT4-fs (loop5): 1 orphan inode deleted [ 381.116323][ T732] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:7: Failed to release dquot type 1 [ 381.153180][ T7235] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 381.624112][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 381.833564][ T7268] loop3: detected capacity change from 0 to 512 [ 381.858208][ T7268] EXT4-fs (loop3): 1 orphan inode deleted [ 381.864022][ T7268] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 381.873136][ T7268] ext4 filesystem being mounted at /457/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 382.061458][ T43] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:2: Failed to release dquot type 1 [ 382.084883][ T7288] SELinux: Context Ü is not valid (left unmapped). [ 382.172048][ T7296] loop2: detected capacity change from 0 to 128 [ 382.394087][ T7313] loop2: detected capacity change from 0 to 512 [ 382.419961][ T7313] EXT4-fs: Ignoring removed i_version option [ 382.433081][ T7313] EXT4-fs (loop2): orphan cleanup on readonly fs [ 382.440315][ T7313] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.2271: bg 0: block 131: padding at end of block bitmap is not set [ 382.455296][ T7313] EXT4-fs (loop2): Remounting filesystem read-only [ 382.462121][ T7313] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 382.472327][ T7313] EXT4-fs (loop2): Remounting filesystem read-only [ 382.479177][ T7313] EXT4-fs (loop2): 1 truncate cleaned up [ 382.485106][ T7313] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 382.511708][ T7313] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.2271: corrupted in-inode xattr [ 382.565021][ T282] EXT4-fs (loop3): unmounting filesystem. [ 382.577791][ T286] EXT4-fs (loop2): unmounting filesystem. [ 382.734232][ T7332] loop5: detected capacity change from 0 to 1024 [ 382.758370][ T7332] EXT4-fs: Ignoring removed orlov option [ 382.797135][ T7332] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 382.875751][ T7342] tipc: Enabled bearer , priority 0 [ 382.882852][ T7342] device syzkaller0 entered promiscuous mode [ 382.891230][ T7342] tipc: Resetting bearer [ 382.901852][ T7342] netlink: 28 bytes leftover after parsing attributes in process `'. [ 382.914876][ T7341] tipc: Resetting bearer [ 382.921815][ T7341] tipc: Disabling bearer [ 382.927663][ T447] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 382.971035][ T7347] device macsec0 entered promiscuous mode [ 382.992010][ T7347] device veth0 entered promiscuous mode [ 383.019500][ T7352] syz.3.2289[7352] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 383.019596][ T7352] syz.3.2289[7352] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 383.111052][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 383.111771][ T447] usb 3-1: Using ep0 maxpacket: 32 [ 383.152348][ T447] usb 3-1: config 0 has an invalid interface number: 146 but max is 0 [ 383.168885][ T447] usb 3-1: config 0 has no interface number 0 [ 383.177894][ T447] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 383.188671][ T447] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 383.199873][ T447] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xF2, skipping [ 383.210967][ T447] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1 [ 383.221081][ T447] usb 3-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 383.247085][ T447] usb 3-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 383.274949][ T447] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.283372][ T447] usb 3-1: Product: syz [ 383.287712][ T447] usb 3-1: Manufacturer: syz [ 383.292387][ T447] usb 3-1: SerialNumber: syz [ 383.301300][ T447] usb 3-1: config 0 descriptor?? [ 383.307288][ T7328] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 383.329798][ T7328] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 383.388458][ T7378] 9pnet_fd: Insufficient options for proto=fd [ 383.560522][ T7328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 383.574122][ T7328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 383.586268][ T7328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 383.595916][ T7328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 383.605650][ T7328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 383.614901][ T7328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 383.638597][ T7328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 383.663070][ T7328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 383.671644][ T3611] usb 3-1: USB disconnect, device number 10 [ 383.719609][ T7417] loop5: detected capacity change from 0 to 512 [ 383.725995][ T28] kauditd_printk_skb: 76 callbacks suppressed [ 383.726024][ T28] audit: type=1400 audit(1753206430.739:1853): avc: denied { create } for pid=7416 comm="syz.1.2318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 383.759900][ T28] audit: type=1400 audit(1753206430.781:1854): avc: denied { execute } for pid=7419 comm="syz.1.2319" path="/421/blkio.bfq.time" dev="tmpfs" ino=2226 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 383.778399][ T7417] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 383.792552][ T7417] ext4 filesystem being mounted at /file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 383.803579][ T7417] EXT4-fs (loop5): unmounting filesystem. [ 383.814503][ T28] audit: type=1326 audit(1753206430.844:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 383.832250][ T7429] netlink: 'syz.1.2322': attribute type 12 has an invalid length. [ 383.846312][ T7429] netlink: 'syz.1.2322': attribute type 29 has an invalid length. [ 383.854308][ T7429] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2322'. [ 383.855264][ T28] audit: type=1326 audit(1753206430.844:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 383.863896][ T7429] netlink: 59 bytes leftover after parsing attributes in process `syz.1.2322'. [ 383.896675][ T28] audit: type=1326 audit(1753206430.844:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 383.955207][ T28] audit: type=1326 audit(1753206430.844:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 383.978779][ T28] audit: type=1326 audit(1753206430.844:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 384.002424][ T28] audit: type=1326 audit(1753206430.844:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 384.026367][ T28] audit: type=1326 audit(1753206430.844:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 384.051015][ T28] audit: type=1326 audit(1753206430.844:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7426 comm="syz.1.2321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 384.125082][ T447] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0 [ 384.133068][ T447] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0 [ 384.140677][ T447] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0 [ 384.148824][ T447] hid-generic 0000:0004:0000.000E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 384.187068][ T7451] fido_id[7451]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 384.242416][ T7458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2336'. [ 384.286271][ T7468] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2340'. [ 385.325723][ T3611] hid-generic 0000:0004:0000.000F: unknown main item tag 0x0 [ 385.340539][ T3611] hid-generic 0000:0004:0000.000F: unknown main item tag 0x0 [ 385.351472][ T7482] device syzkaller0 entered promiscuous mode [ 385.358310][ T3611] hid-generic 0000:0004:0000.000F: unknown main item tag 0x0 [ 385.371199][ T3611] hid-generic 0000:0004:0000.000F: hidraw0: HID v0.00 Device [syz0] on syz0 [ 385.543015][ T7486] fido_id[7486]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 385.900554][ T7494] tipc: Enabled bearer , priority 0 [ 385.907800][ T7494] device syzkaller0 entered promiscuous mode [ 385.916113][ T7493] tipc: Resetting bearer [ 385.923792][ T7493] tipc: Disabling bearer [ 386.076371][ T7508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2355'. [ 386.099261][ T7508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2355'. [ 386.117274][ T7508] device wireguard0 entered promiscuous mode [ 386.204110][ T7522] syz.2.2361[7522] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 386.204192][ T7522] syz.2.2361[7522] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 386.276341][ T7523] syz.5.2356[7523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 386.288355][ T7523] syz.5.2356[7523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 386.331530][ T7520] SELinux: failed to load policy [ 387.105696][ T7529] loop3: detected capacity change from 0 to 512 [ 387.167307][ T7529] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 387.195197][ T7529] ext4 filesystem being mounted at /482/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 387.320817][ T7538] loop5: detected capacity change from 0 to 1024 [ 387.332282][ T7538] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 387.340947][ T7538] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 387.364590][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 387.977810][ T282] EXT4-fs (loop3): unmounting filesystem. [ 388.003418][ T7563] tipc: Started in network mode [ 388.008325][ T7563] tipc: Node identity 12810cdec464, cluster identity 4711 [ 388.018099][ T7563] tipc: Enabled bearer , priority 0 [ 388.022745][ T7566] loop2: detected capacity change from 0 to 512 [ 388.056451][ T7563] device syzkaller0 entered promiscuous mode [ 388.356516][ T7566] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 388.366723][ T7566] EXT4-fs (loop2): orphan cleanup on readonly fs [ 388.373378][ T7561] tipc: Resetting bearer [ 388.376479][ T7566] EXT4-fs (loop2): 1 orphan inode deleted [ 388.385114][ T43] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:2: Failed to release dquot type 1 [ 388.404757][ T7566] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 388.414255][ T7561] tipc: Disabling bearer [ 388.491282][ T7580] SELinux: failed to load policy [ 388.513456][ T286] EXT4-fs (loop2): unmounting filesystem. [ 388.594989][ T7588] tipc: Enabled bearer , priority 0 [ 388.631989][ T7588] tipc: Resetting bearer [ 388.639353][ T7586] tipc: Disabling bearer [ 389.121385][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 389.121401][ T28] audit: type=1326 audit(1753730724.409:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.268923][ T28] audit: type=1326 audit(1753730724.409:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.575395][ T7602] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2388'. [ 389.706612][ T28] audit: type=1326 audit(1753730724.409:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.746982][ T28] audit: type=1326 audit(1753730724.409:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.773362][ T28] audit: type=1326 audit(1753730724.409:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.801407][ T28] audit: type=1326 audit(1753730724.409:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.825561][ T7608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2391'. [ 389.840674][ T7608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2391'. [ 389.854124][ T28] audit: type=1326 audit(1753730724.409:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.878172][ T28] audit: type=1326 audit(1753730724.409:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 389.903604][ T28] audit: type=1326 audit(1753730724.430:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 390.008583][ T28] audit: type=1326 audit(1753730724.430:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7594 comm="syz.2.2387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe688f8e9a9 code=0x7ffc0000 [ 390.040157][ T7615] tipc: Started in network mode [ 390.065408][ T7615] tipc: Node identity 624df8062eec, cluster identity 4711 [ 390.072689][ T7615] tipc: Enabled bearer , priority 0 [ 390.085106][ T7615] device syzkaller0 entered promiscuous mode [ 390.125451][ T7606] loop3: detected capacity change from 0 to 512 [ 390.159168][ T7606] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 390.186779][ T7606] EXT4-fs (loop3): 1 truncate cleaned up [ 390.192556][ T7606] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 390.218582][ T7614] tipc: Resetting bearer [ 390.244838][ T7614] tipc: Disabling bearer [ 390.252046][ T282] EXT4-fs (loop3): unmounting filesystem. [ 390.294031][ T7630] tipc: Enabled bearer , priority 0 [ 390.311037][ T7630] tipc: Resetting bearer [ 390.325485][ T7629] tipc: Disabling bearer [ 390.427142][ T7645] loop3: detected capacity change from 0 to 512 [ 390.440199][ T7645] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 390.471445][ T7645] EXT4-fs (loop3): 1 truncate cleaned up [ 390.483421][ T7645] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 390.569430][ T282] EXT4-fs (loop3): unmounting filesystem. [ 391.091273][ T7660] loop3: detected capacity change from 0 to 512 [ 391.098353][ T7660] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 391.114314][ T7660] EXT4-fs (loop3): 1 truncate cleaned up [ 391.123203][ T7660] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 391.210349][ T282] EXT4-fs (loop3): unmounting filesystem. [ 391.454830][ T7679] can0: slcan on ptm0. [ 391.673891][ T7682] loop3: detected capacity change from 0 to 1024 [ 391.778084][ T7682] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 391.822455][ T7682] ext4 filesystem being mounted at /495/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 391.949235][ T7682] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.2417: bg 0: block 393: padding at end of block bitmap is not set [ 391.997332][ T7682] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 392.048468][ T7682] EXT4-fs (loop3): This should not happen!! Data will be lost [ 392.048468][ T7682] [ 392.132922][ T7682] EXT4-fs (loop3): Total free blocks count 0 [ 392.139129][ T7672] can0 (unregistered): slcan off ptm0. [ 392.244041][ T7682] EXT4-fs (loop3): Free/Dirty block details [ 392.250097][ T7682] EXT4-fs (loop3): free_blocks=0 [ 392.268504][ T7682] EXT4-fs (loop3): dirty_blocks=16 [ 392.283559][ T7682] EXT4-fs (loop3): Block reservation details [ 392.308273][ T7682] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 392.355277][ T7710] loop5: detected capacity change from 0 to 512 [ 392.386617][ T7710] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 392.399178][ T282] EXT4-fs (loop3): unmounting filesystem. [ 392.428261][ T7710] EXT4-fs (loop5): 1 truncate cleaned up [ 392.433969][ T7710] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 392.463616][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 392.519148][ T7719] loop5: detected capacity change from 0 to 512 [ 392.572463][ T7719] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 392.608801][ T7719] ext4 filesystem being mounted at /398/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 392.625957][ T7739] device batadv_slave_0 entered promiscuous mode [ 392.645421][ T7738] device batadv_slave_0 left promiscuous mode [ 392.677915][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 392.784159][ T7748] loop2: detected capacity change from 0 to 2048 [ 392.850073][ T7748] Alternate GPT is invalid, using primary GPT. [ 392.859240][ T7748] loop2: p1 p2 p3 [ 392.949270][ T6458] udevd[6458]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 392.950847][ T6462] udevd[6462]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 392.968028][ T1326] udevd[1326]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 392.969379][ T7768] random: crng reseeded on system resumption [ 393.516576][ T7779] sch_fq: defrate 4294967295 ignored. [ 393.579554][ T7781] tmpfs: Unsupported parameter 'mpol' [ 393.850049][ T7794] loop2: detected capacity change from 0 to 1024 [ 393.890976][ T7794] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 393.909035][ T7794] ext4 filesystem being mounted at /474/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 393.965686][ T28] kauditd_printk_skb: 138 callbacks suppressed [ 393.965701][ T28] audit: type=1326 audit(1753730729.463:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.033066][ T28] audit: type=1326 audit(1753730729.494:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.081835][ T28] audit: type=1326 audit(1753730729.494:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.129303][ T28] audit: type=1326 audit(1753730729.494:2051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.160495][ T7810] input: syz1 as /devices/virtual/input/input52 [ 394.201451][ T28] audit: type=1326 audit(1753730729.494:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.249964][ T28] audit: type=1326 audit(1753730729.494:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.299541][ T28] audit: type=1326 audit(1753730729.505:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.358541][ T28] audit: type=1326 audit(1753730729.505:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.401983][ T28] audit: type=1326 audit(1753730729.505:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.458010][ T28] audit: type=1326 audit(1753730729.505:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7804 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9fab8e9a9 code=0x7ffc0000 [ 394.546279][ T304] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 394.588068][ T304] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 2048 with error 28 [ 394.620333][ T304] EXT4-fs (loop2): This should not happen!! Data will be lost [ 394.620333][ T304] [ 394.651638][ T304] EXT4-fs (loop2): Total free blocks count 0 [ 394.667684][ T304] EXT4-fs (loop2): Free/Dirty block details [ 394.687059][ T304] EXT4-fs (loop2): free_blocks=4293918720 [ 394.702468][ T304] EXT4-fs (loop2): dirty_blocks=16400 [ 394.717114][ T304] EXT4-fs (loop2): Block reservation details [ 394.733605][ T304] EXT4-fs (loop2): i_reserved_data_blocks=1025 [ 394.777223][ T7833] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2469'. [ 394.782735][ T5760] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2088 with max blocks 2048 with error 28 [ 395.863221][ T7867] SELinux: policydb version 1738335632 does not match my version range 15-33 [ 395.874607][ T7867] SELinux: failed to load policy [ 396.586631][ T7880] loop5: detected capacity change from 0 to 512 [ 396.867628][ T7880] EXT4-fs (loop5): 1 orphan inode deleted [ 396.877490][ T7880] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 396.877679][ T304] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:3: Failed to release dquot type 1 [ 396.898582][ T7880] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 397.049793][ T7903] syz.1.2493[7903] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 397.049879][ T7903] syz.1.2493[7903] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 397.177080][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 397.816300][ T7927] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2502'. [ 397.910996][ T7936] loop3: detected capacity change from 0 to 1024 [ 397.931249][ T7936] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 397.954348][ T7936] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 397.964900][ T7936] ext4 filesystem being mounted at /516/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 398.013787][ T282] EXT4-fs (loop3): unmounting filesystem. [ 398.612043][ T7963] loop3: detected capacity change from 0 to 512 [ 398.622023][ T7969] loop2: detected capacity change from 0 to 512 [ 398.906511][ T7971] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2517'. [ 400.088959][ T7969] EXT4-fs (loop2): 1 orphan inode deleted [ 400.094850][ T7969] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 400.105847][ T7969] ext4 filesystem being mounted at /482/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 400.145942][ T7963] EXT4-fs (loop3): 1 orphan inode deleted [ 400.151900][ T7963] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 400.163415][ T7963] ext4 filesystem being mounted at /517/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 400.617866][ T8] __quota_error: 74 callbacks suppressed [ 400.617886][ T8] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 400.633468][ T8] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:0: Failed to release dquot type 1 [ 400.657524][ T439] hid-generic 0000:0004:0000.0010: unknown main item tag 0x0 [ 400.665753][ T8] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 400.669812][ T439] hid-generic 0000:0004:0000.0010: unknown main item tag 0x0 [ 400.675606][ T28] audit: type=1400 audit(1753730736.449:2131): avc: denied { ioctl } for pid=7989 comm="syz.4.2525" path="socket:[37236]" dev="sockfs" ino=37236 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 400.707959][ T8] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:0: Failed to release dquot type 1 [ 400.732140][ T286] EXT4-fs (loop2): unmounting filesystem. [ 400.738547][ T282] EXT4-fs (loop3): unmounting filesystem. [ 400.770418][ T439] hid-generic 0000:0004:0000.0010: unknown main item tag 0x0 [ 400.778655][ T439] hid-generic 0000:0004:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz0 [ 400.812894][ T7993] loop2: detected capacity change from 0 to 512 [ 400.843326][ T28] audit: type=1400 audit(1753730736.637:2132): avc: denied { create } for pid=7996 comm="syz.3.2523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 401.670139][ T8002] loop5: detected capacity change from 0 to 512 [ 401.699429][ T7994] fido_id[7994]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 401.713462][ T8002] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 401.723196][ T8002] EXT4-fs (loop5): orphan cleanup on readonly fs [ 401.732103][ T8002] EXT4-fs (loop5): 1 orphan inode deleted [ 401.738325][ T2489] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 401.738586][ T28] audit: type=1400 audit(1753730737.502:2133): avc: denied { setopt } for pid=7996 comm="syz.3.2523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 401.749840][ T7993] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 401.767722][ T28] audit: type=1400 audit(1753730737.523:2134): avc: denied { relabelfrom } for pid=8003 comm="syz.4.2528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 401.801112][ T8011] can0: slcan on ptm0. [ 401.806760][ T28] audit: type=1400 audit(1753730737.523:2135): avc: denied { relabelto } for pid=8003 comm="syz.4.2528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 401.806942][ T7993] ext4 filesystem being mounted at /483/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 401.838338][ T2489] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 1 [ 401.851331][ T8002] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 401.937459][ T28] audit: type=1400 audit(1753730737.638:2136): avc: denied { name_bind } for pid=7995 comm="syz.1.2526" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 401.988420][ T7995] can0 (unregistered): slcan off ptm0. [ 402.075256][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 402.090323][ T28] audit: type=1400 audit(1753730737.638:2137): avc: denied { node_bind } for pid=7995 comm="syz.1.2526" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 402.341948][ T732] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 402.378407][ T732] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1025 with error 28 [ 402.407991][ T732] EXT4-fs (loop2): This should not happen!! Data will be lost [ 402.407991][ T732] [ 402.427552][ T732] EXT4-fs (loop2): Total free blocks count 0 [ 402.439884][ T732] EXT4-fs (loop2): Free/Dirty block details [ 402.454193][ T732] EXT4-fs (loop2): free_blocks=65280 [ 402.464805][ T732] EXT4-fs (loop2): dirty_blocks=1025 [ 402.474317][ T732] EXT4-fs (loop2): Block reservation details [ 402.486564][ T732] EXT4-fs (loop2): i_reserved_data_blocks=1025 [ 402.516443][ T286] EXT4-fs (loop2): unmounting filesystem. [ 403.468087][ T8045] mmap: syz.2.2541 (8045) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 403.518769][ T8052] tipc: Enabled bearer , priority 0 [ 403.543960][ T8052] tipc: Resetting bearer [ 403.661802][ T8054] can0: slcan on ptm0. [ 403.740214][ T8051] tipc: Disabling bearer [ 403.828883][ T8048] can0 (unregistered): slcan off ptm0. [ 404.056756][ T8085] ./file0: Can't open blockdev [ 404.107438][ T8089] tipc: Enabled bearer , priority 0 [ 404.175576][ T8089] tipc: Resetting bearer [ 404.205591][ T8087] tipc: Disabling bearer [ 404.327317][ T439] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 404.368012][ T8103] loop2: detected capacity change from 0 to 512 [ 404.430325][ T8103] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 404.471734][ T8103] EXT4-fs (loop2): orphan cleanup on readonly fs [ 404.501750][ T8103] EXT4-fs (loop2): 1 orphan inode deleted [ 404.507698][ T732] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:7: Failed to release dquot type 1 [ 404.519664][ T8103] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 404.529570][ T439] usb 5-1: config 0 has an invalid interface number: 199 but max is 1 [ 404.606229][ T439] usb 5-1: config 0 has no interface number 1 [ 404.618696][ T439] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 404.640740][ T439] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 404.671854][ T439] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 404.706372][ T439] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 404.747996][ T439] usb 5-1: SerialNumber: syz [ 404.754113][ T439] usb 5-1: config 0 descriptor?? [ 404.772396][ T439] usb 5-1: Found UVC 0.00 device (0002:0000) [ 404.793149][ T439] usb 5-1: No valid video chain found. [ 404.804909][ T8130] loop5: detected capacity change from 0 to 512 [ 404.823295][ T8131] input: syz1 as /devices/virtual/input/input53 [ 404.858708][ T8130] EXT4-fs (loop5): 1 orphan inode deleted [ 404.865139][ T8130] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 404.874950][ T8130] ext4 filesystem being mounted at /429/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 404.887253][ T8] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:0: Failed to release dquot type 1 [ 404.954665][ T439] usb 5-1: USB disconnect, device number 9 [ 405.013512][ T286] EXT4-fs (loop2): unmounting filesystem. [ 405.269291][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 405.476899][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 405.476916][ T28] audit: type=1400 audit(1753730741.467:2195): avc: denied { create } for pid=8156 comm="syz.4.2574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 405.524924][ T28] audit: type=1400 audit(1753730741.477:2196): avc: denied { write } for pid=8156 comm="syz.4.2574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 405.547317][ T28] audit: type=1400 audit(1753730741.477:2197): avc: denied { nlmsg_write } for pid=8156 comm="syz.4.2574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 405.732699][ T28] audit: type=1400 audit(1753730741.738:2198): avc: denied { create } for pid=8164 comm="syz.4.2577" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 405.767879][ T28] audit: type=1400 audit(1753730741.759:2199): avc: denied { write } for pid=8164 comm="syz.4.2577" name="001" dev="devtmpfs" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 405.816815][ T28] audit: type=1400 audit(1753730741.822:2200): avc: denied { append } for pid=8170 comm="syz.4.2580" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 405.817983][ T8171] binder: binder_mmap: 8170 200000000000-200000b36000 bad vm_flags failed -1 [ 405.858246][ T28] audit: type=1400 audit(1753730741.822:2201): avc: denied { write } for pid=8170 comm="syz.4.2580" path="/dev/binderfs/binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 406.103551][ T8184] binder: 8183:8184 ioctl c0306201 0 returned -14 [ 406.111325][ T8184] binder_alloc: binder_alloc_mmap_handler: 8183 200000ffb000-200000ffe000 already mapped failed -16 [ 406.148410][ T28] audit: type=1326 audit(1753730742.176:2202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8153 comm="syz.5.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7fc00000 [ 406.174245][ T28] audit: type=1326 audit(1753730742.176:2203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8153 comm="syz.5.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f835af8e9a9 code=0x7fc00000 [ 406.214933][ T28] audit: type=1326 audit(1753730742.176:2204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8153 comm="syz.5.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835af8e9a9 code=0x7fc00000 [ 406.869184][ T8200] loop2: detected capacity change from 0 to 512 [ 406.883820][ T8200] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal [ 407.201970][ T37] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 407.400269][ T37] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 407.409681][ T37] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.418103][ T37] usb 3-1: Product: syz [ 407.422752][ T37] usb 3-1: Manufacturer: syz [ 407.427460][ T37] usb 3-1: SerialNumber: syz [ 407.436491][ T37] r8152-cfgselector 3-1: config 0 descriptor?? [ 407.635642][ T8200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.644830][ T8200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.653305][ T8200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.661964][ T8200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.862219][ T8200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.870821][ T8200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.880492][ T8200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.890128][ T8200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.898791][ T37] r8152-cfgselector 3-1: Unknown version 0x0000 [ 407.987014][ T37] r8152-cfgselector 3-1: Unknown version 0x0000 [ 407.993538][ T37] r8152-cfgselector 3-1: bad CDC descriptors [ 408.000587][ T37] r8152-cfgselector 3-1: Unknown version 0x0000 [ 408.007838][ T37] r8152-cfgselector 3-1: USB disconnect, device number 11 [ 408.102481][ T3611] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 408.276185][ T3611] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 408.287063][ T3611] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 16384, setting to 1024 [ 408.299598][ T3611] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 408.308690][ T3611] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.316928][ T3611] usb 4-1: Product: syz [ 408.321118][ T3611] usb 4-1: Manufacturer: syz [ 408.325760][ T3611] usb 4-1: SerialNumber: syz [ 408.928365][ T8264] Unsupported ieee802154 address type: 0 [ 409.045595][ T8278] loop2: detected capacity change from 0 to 512 [ 409.055866][ T8278] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal [ 409.367200][ T447] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 409.623141][ T3611] cdc_ncm 4-1:1.0: bind() failure [ 409.629548][ T3611] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 409.636413][ T3611] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 409.644107][ T3611] usb 4-1: USB disconnect, device number 18 [ 409.686117][ T447] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 409.695278][ T447] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.703329][ T447] usb 3-1: Product: syz [ 409.707541][ T447] usb 3-1: Manufacturer: syz [ 409.712208][ T447] usb 3-1: SerialNumber: syz [ 409.718314][ T447] r8152-cfgselector 3-1: config 0 descriptor?? [ 409.917277][ T8278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.925870][ T8278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.934285][ T8278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.943587][ T8278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.154125][ T8278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.162794][ T8278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.171167][ T8278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.180246][ T8278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.188523][ T447] r8152-cfgselector 3-1: Unknown version 0x0000 [ 410.345288][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2623'. [ 410.501738][ T447] r8152-cfgselector 3-1: Unknown version 0x0000 [ 410.508545][ T447] r8152-cfgselector 3-1: bad CDC descriptors [ 410.515069][ T447] r8152-cfgselector 3-1: Unknown version 0x0000 [ 410.524427][ T447] r8152-cfgselector 3-1: USB disconnect, device number 12 [ 410.909622][ T8315] input: syz1 as /devices/virtual/input/input55 [ 410.973435][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 410.973454][ T28] audit: type=1400 audit(1753730747.208:2247): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 411.033094][ T8321] tipc: Enabling of bearer rejected, failed to enable media [ 411.909141][ T8335] binder: 8334:8335 ioctl 4018620d 0 returned -22 [ 411.910658][ T8337] 2N: renamed from bridge_slave_1 [ 412.059508][ T8335] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 412.098379][ T8335] kvm: pic: non byte read [ 412.108494][ T8335] kvm: pic: non byte read [ 412.113428][ T8335] kvm: pic: level sensitive irq not supported [ 412.113481][ T8335] kvm: pic: non byte read [ 412.124355][ T8335] kvm: pic: non byte read [ 412.129431][ T8335] kvm: pic: non byte read [ 412.134075][ T8335] kvm: pic: non byte read [ 412.138715][ T8335] kvm: pic: non byte read [ 412.143336][ T8335] kvm: pic: non byte read [ 412.155555][ T8335] kvm: pic: non byte read [ 412.164288][ T8335] kvm: pic: non byte read [ 412.260713][ T28] audit: type=1400 audit(1753730748.534:2248): avc: denied { write } for pid=8352 comm="syz.5.2644" name="raw6" dev="proc" ino=4026532997 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 412.316468][ T8358] tipc: Enabling of bearer rejected, failed to enable media [ 412.702664][ T28] audit: type=1400 audit(1753730749.014:2249): avc: denied { write } for pid=8379 comm="syz.3.2654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 412.831491][ T37] hid-generic 0000:0004:0000.0011: unknown main item tag 0x0 [ 412.840168][ T37] hid-generic 0000:0004:0000.0011: unknown main item tag 0x0 [ 412.848404][ T37] hid-generic 0000:0004:0000.0011: unknown main item tag 0x0 [ 412.863361][ T37] hid-generic 0000:0004:0000.0011: hidraw0: HID v0.00 Device [syz0] on syz0 [ 412.900283][ T8390] fido_id[8390]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 412.922754][ T8395] input: syz1 as /devices/virtual/input/input56 [ 413.717387][ T8424] loop5: detected capacity change from 0 to 512 [ 413.747974][ T28] audit: type=1400 audit(1753730750.100:2250): avc: denied { append } for pid=8428 comm="syz.2.2671" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 413.783320][ T8429] netlink: 'syz.2.2671': attribute type 4 has an invalid length. [ 413.792332][ T8429] netlink: 'syz.2.2671': attribute type 6 has an invalid length. [ 413.801392][ T8424] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 413.810086][ T8424] EXT4-fs (loop5): orphan cleanup on readonly fs [ 413.817792][ T8424] EXT4-fs (loop5): 1 orphan inode deleted [ 413.823754][ T732] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 413.833933][ T732] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:7: Failed to release dquot type 1 [ 413.845963][ T28] audit: type=1400 audit(1753730750.131:2251): avc: denied { map } for pid=8428 comm="syz.2.2671" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=40206 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 413.848506][ T8424] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 413.871302][ T28] audit: type=1400 audit(1753730750.131:2252): avc: denied { read write } for pid=8428 comm="syz.2.2671" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=40206 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 413.904604][ T28] audit: type=1400 audit(1753730750.246:2253): avc: denied { create } for pid=8436 comm="syz.1.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 413.924119][ T28] audit: type=1400 audit(1753730750.246:2254): avc: denied { setopt } for pid=8436 comm="syz.1.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 413.934078][ T8429] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.2671'. [ 413.943633][ T28] audit: type=1400 audit(1753730750.246:2255): avc: denied { bind } for pid=8436 comm="syz.1.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 414.307579][ T8450] netlink: 300 bytes leftover after parsing attributes in process `syz.3.2676'. [ 415.320182][ T8457] device bridge0 entered promiscuous mode [ 415.470861][ T2385] EXT4-fs (loop5): unmounting filesystem. [ 415.826733][ T8478] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 417.372763][ T8511] loop3: detected capacity change from 0 to 512 [ 417.418373][ T8511] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 417.491077][ T8511] EXT4-fs (loop3): orphan cleanup on readonly fs [ 417.627104][ T8511] EXT4-fs (loop3): 1 orphan inode deleted [ 417.670729][ T8] __quota_error: 3 callbacks suppressed [ 417.670747][ T8] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 417.737052][ T8] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:0: Failed to release dquot type 1 [ 417.753511][ T8511] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 417.836000][ T28] audit: type=1400 audit(1753730754.371:2259): avc: denied { ioctl } for pid=8512 comm="syz.5.2697" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=39688 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 418.062048][ T8532] loop2: detected capacity change from 0 to 512 [ 418.103803][ T8532] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 418.112566][ T8532] EXT4-fs (loop2): orphan cleanup on readonly fs [ 418.123436][ T8532] EXT4-fs (loop2): 1 orphan inode deleted [ 418.131043][ T8] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 418.150901][ T8] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:0: Failed to release dquot type 1 [ 418.163200][ T282] EXT4-fs (loop3): unmounting filesystem. [ 418.181677][ T8532] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 418.234216][ T286] EXT4-fs (loop2): unmounting filesystem. [ 418.341546][ T8545] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 418.367413][ T28] audit: type=1400 audit(1753730754.925:2260): avc: denied { ioctl } for pid=8546 comm="syz.2.2708" path="socket:[40559]" dev="sockfs" ino=40559 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 419.074070][ T28] audit: type=1400 audit(1753730755.667:2261): avc: denied { create } for pid=8554 comm="syz.1.2711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 419.176070][ T8564] device syzkaller0 entered promiscuous mode [ 420.199609][ T8588] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 420.293000][ T28] audit: type=1400 audit(1753730756.910:2262): avc: denied { read } for pid=8593 comm="syz.4.2727" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 420.318500][ T28] audit: type=1400 audit(1753730756.910:2263): avc: denied { open } for pid=8593 comm="syz.4.2727" path="/dev/ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 420.332388][ T8600] binder: 8599:8600 ioctl 4018620d 0 returned -22 [ 420.375755][ T8600] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 421.068168][ T445] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 421.355103][ T445] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 421.370781][ T445] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.386033][ T445] usb 6-1: Product: syz [ 421.397015][ T445] usb 6-1: Manufacturer: syz [ 421.408831][ T445] usb 6-1: SerialNumber: syz [ 421.562243][ T28] audit: type=1400 audit(1753730758.268:2264): avc: denied { create } for pid=8644 comm="syz.4.2745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 421.613629][ T28] audit: type=1400 audit(1753730758.289:2265): avc: denied { sys_admin } for pid=8644 comm="syz.4.2745" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 421.642588][ T28] audit: type=1400 audit(1753730758.341:2266): avc: denied { mount } for pid=8644 comm="syz.4.2745" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 422.153025][ T8679] binder: 8678:8679 ioctl c0306201 200000000040 returned -14 [ 422.234977][ T8689] 9pnet_fd: p9_fd_create_tcp (8689): problem binding to privport [ 422.307633][ T8692] input: syz1 as /devices/virtual/input/input59 [ 422.355036][ T8696] binder: 8695:8696 ioctl c0306201 0 returned -14 [ 422.554575][ T445] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 422.562648][ T445] cdc_ncm 6-1:1.0: dwNtbInMaxSize=7 is too small. Using 2048 [ 422.584152][ T445] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 422.635646][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 422.635679][ T28] audit: type=1400 audit(1753730759.386:2270): avc: denied { ioctl } for pid=8704 comm="syz.3.2768" path="socket:[42204]" dev="sockfs" ino=42204 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 422.636169][ T8705] netlink: 'syz.3.2768': attribute type 27 has an invalid length. [ 422.642469][ T28] audit: type=1400 audit(1753730759.386:2271): avc: denied { connect } for pid=8704 comm="syz.3.2768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 422.746332][ T445] cdc_ncm 6-1:1.0: setting tx_max = 28 [ 422.784086][ T8705] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.791353][ T8705] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.875546][ T8705] device wireguard0 left promiscuous mode [ 422.940184][ T445] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 422.967828][ T445] usb 6-1: USB disconnect, device number 3 [ 422.973983][ T445] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 423.126167][ T3611] ================================================================== [ 423.134735][ T3611] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 423.142571][ T3611] Read of size 8 at addr ffff88811f86acf0 by task kworker/0:6/3611 [ 423.150485][ T3611] [ 423.152824][ T3611] CPU: 0 PID: 3611 Comm: kworker/0:6 Not tainted 6.1.141-syzkaller-00041-gde932537be34 #0 [ 423.162764][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 423.172840][ T3611] Workqueue: events kfree_rcu_monitor [ 423.178292][ T3611] Call Trace: [ 423.181576][ T3611] [ 423.184515][ T3611] __dump_stack+0x21/0x24 [ 423.188862][ T3611] dump_stack_lvl+0xee/0x150 [ 423.193469][ T3611] ? __cfi_dump_stack_lvl+0x8/0x8 [ 423.198522][ T3611] ? __kasan_slab_free+0x11/0x20 [ 423.203469][ T3611] ? __list_del_entry_valid+0xa6/0x130 [ 423.209027][ T3611] print_address_description+0x71/0x210 [ 423.214586][ T3611] print_report+0x4a/0x60 [ 423.219015][ T3611] kasan_report+0x122/0x150 [ 423.223523][ T3611] ? __list_del_entry_valid+0xa6/0x130 [ 423.228987][ T3611] __asan_report_load8_noabort+0x14/0x20 [ 423.234630][ T3611] __list_del_entry_valid+0xa6/0x130 [ 423.239919][ T3611] process_one_work+0x4b9/0xc40 [ 423.244779][ T3611] worker_thread+0xa29/0x11f0 [ 423.249459][ T3611] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 423.254962][ T3611] kthread+0x281/0x320 [ 423.259046][ T3611] ? __cfi_worker_thread+0x10/0x10 [ 423.264164][ T3611] ? __cfi_kthread+0x10/0x10 [ 423.268762][ T3611] ret_from_fork+0x1f/0x30 [ 423.273186][ T3611] [ 423.276207][ T3611] [ 423.278534][ T3611] Allocated by task 445: [ 423.282778][ T3611] kasan_set_track+0x4b/0x70 [ 423.287382][ T3611] kasan_save_alloc_info+0x25/0x30 [ 423.292504][ T3611] __kasan_kmalloc+0x95/0xb0 [ 423.297108][ T3611] __kmalloc_node+0xb2/0x1e0 [ 423.301733][ T3611] kvmalloc_node+0x294/0x480 [ 423.306360][ T3611] alloc_netdev_mqs+0x8d/0xf90 [ 423.311133][ T3611] alloc_etherdev_mqs+0x37/0x40 [ 423.315993][ T3611] usbnet_probe+0x20c/0x2780 [ 423.320600][ T3611] usb_probe_interface+0x610/0xaf0 [ 423.325814][ T3611] really_probe+0x2cb/0x960 [ 423.330334][ T3611] __driver_probe_device+0x198/0x280 [ 423.335716][ T3611] driver_probe_device+0x54/0x3e0 [ 423.340770][ T3611] __device_attach_driver+0x2e9/0x4a0 [ 423.346154][ T3611] bus_for_each_drv+0x183/0x210 [ 423.351020][ T3611] __device_attach+0x2a2/0x400 [ 423.355793][ T3611] device_initial_probe+0x1a/0x20 [ 423.360822][ T3611] bus_probe_device+0xc0/0x1f0 [ 423.365585][ T3611] device_add+0xb4d/0xef0 [ 423.369925][ T3611] usb_set_configuration+0x19c2/0x1f10 [ 423.375483][ T3611] usb_generic_driver_probe+0x91/0x150 [ 423.380947][ T3611] usb_probe_device+0x159/0x270 [ 423.385806][ T3611] really_probe+0x2cb/0x960 [ 423.390324][ T3611] __driver_probe_device+0x198/0x280 [ 423.395619][ T3611] driver_probe_device+0x54/0x3e0 [ 423.400654][ T3611] __device_attach_driver+0x2e9/0x4a0 [ 423.406047][ T3611] bus_for_each_drv+0x183/0x210 [ 423.410899][ T3611] __device_attach+0x2a2/0x400 [ 423.415673][ T3611] device_initial_probe+0x1a/0x20 [ 423.420723][ T3611] bus_probe_device+0xc0/0x1f0 [ 423.425489][ T3611] device_add+0xb4d/0xef0 [ 423.429832][ T3611] usb_new_device+0xa70/0x1520 [ 423.434607][ T3611] hub_event+0x2a5d/0x4680 [ 423.439032][ T3611] process_one_work+0x71f/0xc40 [ 423.443887][ T3611] worker_thread+0xa29/0x11f0 [ 423.448575][ T3611] kthread+0x281/0x320 [ 423.452655][ T3611] ret_from_fork+0x1f/0x30 [ 423.457085][ T3611] [ 423.459470][ T3611] Freed by task 445: [ 423.463406][ T3611] kasan_set_track+0x4b/0x70 [ 423.468008][ T3611] kasan_save_free_info+0x31/0x50 [ 423.473045][ T3611] ____kasan_slab_free+0x132/0x180 [ 423.478164][ T3611] __kasan_slab_free+0x11/0x20 [ 423.482935][ T3611] slab_free_freelist_hook+0xc2/0x190 [ 423.488329][ T3611] __kmem_cache_free+0xb7/0x1b0 [ 423.493212][ T3611] kfree+0x6f/0xf0 [ 423.496999][ T3611] kvfree+0x35/0x40 [ 423.500823][ T3611] netdev_freemem+0x3f/0x60 [ 423.505336][ T3611] netdev_release+0x7f/0xb0 [ 423.509851][ T3611] device_release+0xa4/0x1d0 [ 423.514445][ T3611] kobject_put+0x19d/0x280 [ 423.518863][ T3611] put_device+0x1f/0x30 [ 423.523021][ T3611] free_netdev+0x392/0x490 [ 423.527438][ T3611] usbnet_disconnect+0x25a/0x3b0 [ 423.532386][ T3611] usb_unbind_interface+0x223/0x8d0 [ 423.537769][ T3611] device_release_driver_internal+0x508/0x820 [ 423.544283][ T3611] device_release_driver+0x19/0x20 [ 423.549418][ T3611] bus_remove_device+0x2ee/0x350 [ 423.554377][ T3611] device_del+0x6a4/0xeb0 [ 423.558737][ T3611] usb_disable_device+0x3a8/0x750 [ 423.563867][ T3611] usb_disconnect+0x31e/0x860 [ 423.568564][ T3611] hub_event+0x1bd5/0x4680 [ 423.573014][ T3611] process_one_work+0x71f/0xc40 [ 423.577891][ T3611] worker_thread+0xd2e/0x11f0 [ 423.582789][ T3611] kthread+0x281/0x320 [ 423.586863][ T3611] ret_from_fork+0x1f/0x30 [ 423.591289][ T3611] [ 423.593617][ T3611] Last potentially related work creation: [ 423.599429][ T3611] kasan_save_stack+0x3a/0x60 [ 423.604111][ T3611] __kasan_record_aux_stack+0xb6/0xc0 [ 423.609491][ T3611] kasan_record_aux_stack_noalloc+0xb/0x10 [ 423.615407][ T3611] insert_work+0x51/0x300 [ 423.619755][ T3611] __queue_work+0x9b1/0xd30 [ 423.624319][ T3611] queue_work_on+0xd2/0x140 [ 423.628826][ T3611] usbnet_link_change+0x176/0x1a0 [ 423.633863][ T3611] usbnet_probe+0x1d55/0x2780 [ 423.638566][ T3611] usb_probe_interface+0x610/0xaf0 [ 423.643693][ T3611] really_probe+0x2cb/0x960 [ 423.648208][ T3611] __driver_probe_device+0x198/0x280 [ 423.653506][ T3611] driver_probe_device+0x54/0x3e0 [ 423.658546][ T3611] __device_attach_driver+0x2e9/0x4a0 [ 423.663942][ T3611] bus_for_each_drv+0x183/0x210 [ 423.668795][ T3611] __device_attach+0x2a2/0x400 [ 423.673572][ T3611] device_initial_probe+0x1a/0x20 [ 423.678607][ T3611] bus_probe_device+0xc0/0x1f0 [ 423.683377][ T3611] device_add+0xb4d/0xef0 [ 423.687719][ T3611] usb_set_configuration+0x19c2/0x1f10 [ 423.693190][ T3611] usb_generic_driver_probe+0x91/0x150 [ 423.698654][ T3611] usb_probe_device+0x159/0x270 [ 423.703516][ T3611] really_probe+0x2cb/0x960 [ 423.708028][ T3611] __driver_probe_device+0x198/0x280 [ 423.713324][ T3611] driver_probe_device+0x54/0x3e0 [ 423.718360][ T3611] __device_attach_driver+0x2e9/0x4a0 [ 423.723750][ T3611] bus_for_each_drv+0x183/0x210 [ 423.728620][ T3611] __device_attach+0x2a2/0x400 [ 423.733402][ T3611] device_initial_probe+0x1a/0x20 [ 423.738439][ T3611] bus_probe_device+0xc0/0x1f0 [ 423.743217][ T3611] device_add+0xb4d/0xef0 [ 423.747558][ T3611] usb_new_device+0xa70/0x1520 [ 423.752332][ T3611] hub_event+0x2a5d/0x4680 [ 423.756778][ T3611] process_one_work+0x71f/0xc40 [ 423.761648][ T3611] worker_thread+0xa29/0x11f0 [ 423.766330][ T3611] kthread+0x281/0x320 [ 423.770418][ T3611] ret_from_fork+0x1f/0x30 [ 423.774846][ T3611] [ 423.777171][ T3611] The buggy address belongs to the object at ffff88811f86a000 [ 423.777171][ T3611] which belongs to the cache kmalloc-4k of size 4096 [ 423.791230][ T3611] The buggy address is located 3312 bytes inside of [ 423.791230][ T3611] 4096-byte region [ffff88811f86a000, ffff88811f86b000) [ 423.804855][ T3611] [ 423.807193][ T3611] The buggy address belongs to the physical page: [ 423.813605][ T3611] page:ffffea00047e1a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f868 [ 423.823841][ T3611] head:ffffea00047e1a00 order:3 compound_mapcount:0 compound_pincount:0 [ 423.832170][ T3611] flags: 0x4000000000010200(slab|head|zone=1) [ 423.838261][ T3611] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 423.846846][ T3611] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 423.855427][ T3611] page dumped because: kasan: bad access detected [ 423.861863][ T3611] page_owner tracks the page as allocated [ 423.867573][ T3611] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6802, tgid 6801 (syz.1.2090), ts 367811036704, free_ts 367790597092 [ 423.890343][ T3611] post_alloc_hook+0x1f5/0x210 [ 423.895132][ T3611] prep_new_page+0x1c/0x110 [ 423.899727][ T3611] get_page_from_freelist+0x2c7b/0x2cf0 [ 423.905309][ T3611] __alloc_pages+0x19e/0x3a0 [ 423.909906][ T3611] alloc_slab_page+0x6e/0xf0 [ 423.914508][ T3611] new_slab+0x98/0x3d0 [ 423.918582][ T3611] ___slab_alloc+0x6f6/0xb50 [ 423.923181][ T3611] __slab_alloc+0x5e/0xa0 [ 423.927522][ T3611] __kmem_cache_alloc_node+0x203/0x2c0 [ 423.933076][ T3611] kmalloc_trace+0x29/0xb0 [ 423.937498][ T3611] ipv6_add_dev+0x614/0x1230 [ 423.942144][ T3611] addrconf_notify+0x6d5/0xe40 [ 423.946920][ T3611] raw_notifier_call_chain+0xa1/0x110 [ 423.952300][ T3611] call_netdevice_notifiers+0x111/0x190 [ 423.957864][ T3611] register_netdevice+0x10e2/0x14a0 [ 423.963074][ T3611] register_netdev+0x3e/0x50 [ 423.967670][ T3611] page last free stack trace: [ 423.972341][ T3611] free_unref_page_prepare+0x742/0x750 [ 423.977810][ T3611] free_unref_page+0x8f/0x530 [ 423.982486][ T3611] __free_pages+0x67/0x100 [ 423.986899][ T3611] __free_slab+0xca/0x1a0 [ 423.991238][ T3611] __unfreeze_partials+0x160/0x190 [ 423.996358][ T3611] put_cpu_partial+0xa9/0x100 [ 424.001061][ T3611] __slab_free+0x1c4/0x280 [ 424.005491][ T3611] ___cache_free+0xbf/0xd0 [ 424.009955][ T3611] qlist_free_all+0xc6/0x140 [ 424.014556][ T3611] kasan_quarantine_reduce+0x14a/0x170 [ 424.020020][ T3611] __kasan_slab_alloc+0x24/0x80 [ 424.024877][ T3611] slab_post_alloc_hook+0x4f/0x2d0 [ 424.030138][ T3611] kmem_cache_alloc+0x16e/0x330 [ 424.035085][ T3611] getname_flags+0xb9/0x500 [ 424.039622][ T3611] __se_sys_newfstatat+0xdf/0x380 [ 424.044646][ T3611] __x64_sys_newfstatat+0x9b/0xb0 [ 424.049674][ T3611] [ 424.052004][ T3611] Memory state around the buggy address: [ 424.057631][ T3611] ffff88811f86ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 424.065689][ T3611] ffff88811f86ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 424.073743][ T3611] >ffff88811f86ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 424.081793][ T3611] ^ [ 424.089510][ T3611] ffff88811f86ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 424.097582][ T3611] ffff88811f86ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 424.105644][ T3611] ================================================================== [ 424.113708][ T3611] Disabling lock debugging due to kernel taint [ 424.151966][ T28] audit: type=1400 audit(1753730760.975:2272): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 424.186838][ T28] audit: type=1400 audit(1753730760.975:2273): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 424.208581][ T28] audit: type=1400 audit(1753730760.975:2274): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 424.248266][ T28] audit: type=1400 audit(1753730760.975:2275): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 424.272168][ T28] audit: type=1400 audit(1753730760.975:2276): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 424.300979][ T28] audit: type=1400 audit(1753730760.975:2277): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 424.324201][ T28] audit: type=1400 audit(1753730760.975:2278): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1