last executing test programs: 1.780045945s ago: executing program 1 (id=5109): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x24, 0x3, 0xc, '\x00', 0x1}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000072000040"]) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000380)={[{@debug}, {@delalloc}, {@journal_ioprio}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000200000850000000500000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x28011, r3, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 1.52849557s ago: executing program 3 (id=5112): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_io_uring_setup(0x31c7, &(0x7f0000000140)={0x0, 0x0, 0x800}, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001f980)) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r4], 0x448}}, 0x0) sendmsg$can_bcm(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r4, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 922.814862ms ago: executing program 2 (id=5139): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000080000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5b}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x1, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 922.211452ms ago: executing program 1 (id=5141): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000002c00000095000000000000003d789ade838a5ad00c21f97a9d6f55528c474cb385573d9f5ec0798d497a5d0ab93dbb637fd8de14970b4f76b599911df77098a8cd51e5ee070239f048bff4c9d6d337c8759d1737b62deae7412f1b5c334ef76307b8139d8f019360bea59a74b86ce453bc8964c32f955d410083f7567775a2ca15dbbf01550310a78644e80171753107cee23ecb376879ae14b9e1ab987023c7db41925c55b0a4141ae3c08d264831d0f6365469c3562185000000000000004f78cd03163b2d00101e000000000000000000000000000000001a18f6de00bb8c95f8bdc2a5effe88e5bc3a969a35af8033d11474cfa5d73d92c9bd2b72c3ce63d47075ae7c59d82cea124301000000000000000cb56281877934e99919c82bfdffaedc4df6f74e8f286454fcd2967415b826a6300d100e7eb8717c8528e445fbefe6a3139191529f22e4c0435e5c53e469f70c08bdff633307bbf119ffdb2e1d717eb268ee7fee0486fa294b41c1d4dc44a9801c34ada4ed759f4312dd000000000000000000000000f4ad23f3df7cdc65edcb81f103ef861a5d12eb4e1f33f6b43b6661b680850fc55aa8465b0500000000000000a17b60f43b4b2a2afc8730a587525ba1fd296b7aa4cc8936da97ff62885b8586b67e3e9b5b8d4f18df39f65ef75a42bb84587a838b828024ece8f64d74a1502d74f7e42d103e469920ae8c58f7418e67918676abfe37c9a619c27ff1a82d78431843ae38f5ba8207978a16ec9c1fc0dc752684576c8830e8e4e480b4b1649717078100000000000000001900000000ecdc068efc4f590529f07f581874420767f696a260fde832f3bbd50b84d2f0e03d75459da25aee1d3e99d41da9938eb84dfb58dbca8d9d4f1a23e6ce8b6e7e95034e6c1c"], &(0x7f0000000240)='syzkaller\x00', 0x4, 0xff0, &(0x7f000062b000)=""/4080, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x3d) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d31, 0x0, 0x0, 0x2, 0x0, &(0x7f0000001100)='qZ'}, 0x50) 870.404513ms ago: executing program 2 (id=5142): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x4c, 0x3e, 0x107, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x30, 0x1, 0x0, 0x1, [@nested={0x2c, 0x1b, 0x0, 0x1, [@typed={0x14, 0x46, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @nested={0x9, 0x69, 0x0, 0x1, [@generic="09902c7c8f"]}, @typed={0x8, 0xba, 0x0, 0x0, @uid}]}]}, @nested={0x4, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000c000}, 0xa000) 870.284663ms ago: executing program 2 (id=5143): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f00000002c0)={0x4, 0x2, '\x00', 0x0, 0x3}) socket$netlink(0x10, 0x3, 0x14) 797.298754ms ago: executing program 2 (id=5144): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@delchain={0x2c, 0x66, 0xf31, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, {0xffe2, 0xfff1}, {0xd, 0xffff}, {0x1, 0xd}}, [@TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 709.180826ms ago: executing program 2 (id=5145): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001042dbd70000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000300012800800010073"], 0x50}}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000300)=0x80000009, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 610.351518ms ago: executing program 1 (id=5146): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = epoll_create(0x6) clock_gettime(0x0, &(0x7f0000000140)) ppoll(&(0x7f0000000100)=[{r0, 0x8}, {r0, 0x40}], 0x2, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000280)={0x10000014}) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) 584.521578ms ago: executing program 2 (id=5147): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004) recvmmsg(r0, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000a40)=""/181, 0xb5}, {&(0x7f0000000780)=""/260, 0x104}, {&(0x7f0000000000)=""/32, 0x20}, {&(0x7f0000002900)=""/4114, 0x1012}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f0000000f40)=""/218, 0xda}, {&(0x7f00000005c0)=""/146, 0x92}, {&(0x7f0000001040)=""/243, 0xf3}, {&(0x7f0000000280)=""/123, 0x7b}, {&(0x7f0000000b00)=""/75, 0x4b}], 0xa}, 0x80000002}, {{0x0, 0x0, 0x0}, 0x6130e429}, {{0x0, 0x0, 0x0}, 0x1}], 0x5, 0x0, 0x0) 540.557509ms ago: executing program 1 (id=5148): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xa4}]}, 0x2c}}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x48, r7, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x24, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @random="37e6fc966e04", {0x0, 0x7}}, 0x4c00, 0x5d, @default, @val, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 438.165241ms ago: executing program 1 (id=5150): mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000002000003f851000000600000018020000", @ANYRES32, @ANYBLOB="0000000000000100660002007fffffff180000000000000100000000000000009500040000000000360a020000001000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000140)=""/230}, 0xd0) 407.768572ms ago: executing program 1 (id=5151): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) recvmmsg(r0, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)=""/220, 0xdc}, {0x0}], 0x2}, 0x8000}], 0x1, 0x40010002, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000000)=0x6, 0x4) sendmsg$can_raw(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}, 0x1, 0x0, 0x0, 0x8001}, 0x20000000) write$tun(0xffffffffffffffff, 0x0, 0x0) 203.528785ms ago: executing program 3 (id=5159): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x14, 0x0, 0x1, [@typed={0x4, 0x15}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 150.430557ms ago: executing program 3 (id=5160): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r0, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/27, 0x1b}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000), &(0x7f0000000040)=0x4) 150.237237ms ago: executing program 0 (id=5161): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x7}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b0312002e1264000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r1}, 0x14) 148.683957ms ago: executing program 0 (id=5162): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(r0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 141.169467ms ago: executing program 0 (id=5163): syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYRES16=r2, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200"], 0x38}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYRESHEX=r2], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x10}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r5) r6 = socket$netlink(0x10, 0x3, 0x8000000004) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0) r8 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r8, @ANYRESDEC=r1, @ANYRESDEC=r3, @ANYRESOCT=r0], 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) ioctl$FS_IOC_GETFLAGS(r6, 0x80086601, &(0x7f0000000040)) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r9, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r9, &(0x7f0000000580)=ANY=[@ANYBLOB="5300030002"], 0x8) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) 78.430198ms ago: executing program 4 (id=5165): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x20, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000140)=@gcm_128={{0x304}, "ebffffffff00", "4b8b4e0802ff03fbe3c7a6f875981e00", "85372e3c", "090000e6ff00"}, 0x28) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) read(r0, &(0x7f0000000040)=""/66, 0x42) splice(r0, 0x0, r1, 0x0, 0x7ffd, 0xe) 78.300438ms ago: executing program 4 (id=5166): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000004a40)={0x28, 0x2b, 0xb, 0x0, 0x0, {0x7}, [@typed={0x8, 0x3, 0x0, 0x0, @u32=0x30004}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x10, 0x0, 0x0, @str='\x88H'}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4881}, 0x2000c010) 78.198358ms ago: executing program 4 (id=5167): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xb4, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xa0, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0xffffffff, 0x5, 0x0, 0x0, 0x0, {0x81, 0x0, 0x0, 0xd85}, {}, 0x4}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x84040}, 0x0) 78.051218ms ago: executing program 4 (id=5168): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x41, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000500)="b9ff03076804268cb89e14f088a847", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 73.689688ms ago: executing program 3 (id=5169): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x78, 0x32, 0xffff, 0xfffffffe, 0x0, {}, [{0x64, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [[]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x84040}, 0x0) 68.402928ms ago: executing program 0 (id=5170): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r0, 0x0, 0x40000000000000d, &(0x7f0000937fed)=""/16, &(0x7f0000000080)=0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010126bd7000000000002b00000008000300", @ANYRES32=r3, @ANYBLOB="080027000300030005003400c4000000080026006c090000"], 0x34}, 0x1, 0x0, 0x0, 0xd0}, 0x0) 14.409739ms ago: executing program 3 (id=5171): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1}, 0x28) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r1, 0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r0}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)='%pS \x00'}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002380)={{r2}, &(0x7f0000001f40), &(0x7f0000002340)}, 0x20) 14.181369ms ago: executing program 4 (id=5172): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1, 0x4, 0xdc, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10) sendmmsg$inet(r0, &(0x7f0000003540)=[{{&(0x7f0000000100)={0x2, 0x4e1d, @multicast1}, 0x10, &(0x7f00000009c0)=[{&(0x7f00000004c0)}, {&(0x7f00000005c0)}, {&(0x7f0000000600)}], 0x3}}], 0x1, 0x40080a0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000080)=0x5, 0x4) sendmmsg$inet(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000180)="97793d2624f66f4a645f531444d3a5d010920b41e940a0b37565065d217d4da3470b9b634d0e514628e2b1db7bb5c4c8a2fa20eac709e5883a29ac485a63e188c66d489dd095bd20608a1ead8aa62cf5e400227555a0edb9d4c31dfbf40b4434ea8183", 0x63}, {&(0x7f0000000280)}, {&(0x7f0000000e80)="d1bb2c3ac702eea4932db6514f117d9047ec0207d1fa7c5eb3433db4c3683d3dd1af898bb167fbd394b6de81cfcfedc553e22a918f2e8ef21ad4f7fe8933a5f3edae6ccdfe77b508065523ae9e139e383f888079bfbcf4608000a5cb2d4e50065c12f47fb208e6cf51cab71f45dc4db6859ab5f9d41f5e23a1451f6b837179081b5ae4e041a558bf31ee20bf412c275d552d3ad4547fb8b20fa8bcd37f3249823b0650e913cdc56387a5395ad3bf92c41eae5d3cec6aeb7f29386d4e4e50a6030b628a388aa73fa7a7b8ed5f2b189d4b265c19f39bc50c9f8838fa863993014ac1e6c66839fa98810bd8b57af16df3ec0f51e70e2cf21c7d643678151d47332ff2ab5ae27d2b4a613f0e4f81aeaff9c18cd1b8c429f42512f606599284", 0x11d}], 0x3, &(0x7f0000000380)=ANY=[], 0x38}}], 0x1, 0x0) 14.086189ms ago: executing program 3 (id=5173): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a670f, 0x40) recvmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x40000000) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 13.753119ms ago: executing program 0 (id=5174): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x1, 0x803, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x10000}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) 6.72386ms ago: executing program 0 (id=5175): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000041000000850000000500000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xf, 0x0, &(0x7f0000000680)="d2850b6354abb93ae9b96c40522525", 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 0s ago: executing program 4 (id=5176): r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="05000000070000000700000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r1}, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 0s ago: executing program 4 (id=5178): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(r0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0) kernel console output (not intermixed with test programs): 0x1c80 [ 1039.754752][T15588] ? binder_poll+0x2d0/0x2d0 [ 1039.759316][T15588] ? has_cap_mac_admin+0x330/0x330 [ 1039.764489][T15588] ? vfs_write+0xc17/0xf70 [ 1039.768877][T15588] ? selinux_file_ioctl+0x377/0x480 [ 1039.774060][T15588] ? selinux_file_alloc_security+0x120/0x120 [ 1039.780016][T15588] ? mutex_unlock+0x89/0x220 [ 1039.784580][T15588] ? __mutex_lock_slowpath+0x10/0x10 [ 1039.789838][T15588] ? __fget_files+0x2c4/0x320 [ 1039.794489][T15588] ? security_file_ioctl+0x84/0xa0 [ 1039.799582][T15588] ? binder_poll+0x2d0/0x2d0 [ 1039.804142][T15588] __se_sys_ioctl+0x121/0x1a0 [ 1039.808795][T15588] __x64_sys_ioctl+0x7b/0x90 [ 1039.813355][T15588] x64_sys_call+0x2f/0x9a0 [ 1039.817742][T15588] do_syscall_64+0x4c/0xa0 [ 1039.822141][T15588] ? clear_bhb_loop+0x50/0xa0 [ 1039.826963][T15588] ? clear_bhb_loop+0x50/0xa0 [ 1039.831610][T15588] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1039.837499][T15588] RIP: 0033:0x7ff8d8ef2be9 [ 1039.841887][T15588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1039.861481][T15588] RSP: 002b:00007ff8d795b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.870170][T15588] RAX: ffffffffffffffda RBX: 00007ff8d9129fa0 RCX: 00007ff8d8ef2be9 [ 1039.878143][T15588] RDX: 0000200000000180 RSI: 00000000c0306201 RDI: 0000000000000003 [ 1039.886101][T15588] RBP: 00007ff8d795b090 R08: 0000000000000000 R09: 0000000000000000 [ 1039.894073][T15588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1039.902027][T15588] R13: 00007ff8d912a038 R14: 00007ff8d9129fa0 R15: 00007ffefbc26278 [ 1039.910011][T15588] [ 1039.918939][T15588] binder: 15587:15588 ioctl c0306201 200000000180 returned -14 [ 1040.150376][ T30] audit: type=1326 audit(1757369931.055:7519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.189514][ T30] audit: type=1326 audit(1757369931.085:7520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.213812][ T30] audit: type=1326 audit(1757369931.085:7521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.307667][ T30] audit: type=1326 audit(1757369931.085:7522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.341468][ T30] audit: type=1326 audit(1757369931.125:7523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.382753][ T30] audit: type=1326 audit(1757369931.125:7524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.440863][ T30] audit: type=1326 audit(1757369931.125:7525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.469197][ T30] audit: type=1326 audit(1757369931.145:7526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15594 comm="syz.1.4575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1040.643163][T15608] loop2: detected capacity change from 0 to 1024 [ 1040.774356][T15608] EXT4-fs (loop2): Ignoring removed bh option [ 1040.930642][T15608] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 2: comm syz.2.4579: lblock 2 mapped to illegal pblock 2 (length 1) [ 1040.945621][T15608] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 48: comm syz.2.4579: lblock 0 mapped to illegal pblock 48 (length 1) [ 1040.961630][T15608] EXT4-fs error (device loop2): ext4_acquire_dquot:6200: comm syz.2.4579: Failed to acquire dquot type 0 [ 1040.974144][T15608] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1040.984199][T15608] EXT4-fs error (device loop2): ext4_evict_inode:283: inode #11: comm syz.2.4579: mark_inode_dirty error [ 1040.996820][T15608] EXT4-fs warning (device loop2): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 1041.007208][T15608] EXT4-fs (loop2): 1 orphan inode deleted [ 1041.013014][T15608] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x0000000000000001,nodelalloc,inlinecrypt,,errors=continue. Quota mode: writeback. [ 1041.049113][T15608] netlink: 'syz.2.4579': attribute type 27 has an invalid length. [ 1041.059651][T15608] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #2: block 16: comm syz.2.4579: lblock 0 mapped to illegal pblock 16 (length 1) [ 1041.074812][ T336] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 1041.155776][ T336] EXT4-fs error (device loop2): ext4_release_dquot:6236: comm kworker/u4:4: Failed to release dquot type 0 [ 1041.479865][ T9910] EXT4-fs error (device loop2): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1041.492982][ T9910] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1041.502547][ T9910] EXT4-fs error (device loop2): ext4_quota_off:6506: inode #3: comm syz-executor: mark_inode_dirty error [ 1041.542136][ T292] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1041.551168][T15618] FAULT_INJECTION: forcing a failure. [ 1041.551168][T15618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1041.564286][T15618] CPU: 0 PID: 15618 Comm: syz.2.4582 Not tainted syzkaller #0 [ 1041.571743][T15618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1041.581776][T15618] Call Trace: [ 1041.585031][T15618] [ 1041.587945][T15618] __dump_stack+0x21/0x30 [ 1041.592254][T15618] dump_stack_lvl+0xee/0x150 [ 1041.596883][T15618] ? show_regs_print_info+0x20/0x20 [ 1041.602057][T15618] ? __kernel_text_address+0xa0/0x100 [ 1041.607406][T15618] dump_stack+0x15/0x20 [ 1041.611536][T15618] should_fail+0x3c1/0x510 [ 1041.615960][T15618] should_fail_usercopy+0x1a/0x20 [ 1041.620959][T15618] _copy_from_user+0x20/0xd0 [ 1041.625552][T15618] __copy_msghdr_from_user+0xaf/0x5e0 [ 1041.630910][T15618] ? __ia32_sys_shutdown+0x1e0/0x1e0 [ 1041.636178][T15618] ? kasan_set_track+0x5b/0x70 [ 1041.641024][T15618] ? kasan_set_track+0x4a/0x70 [ 1041.645846][T15618] ? kasan_set_free_info+0x23/0x40 [ 1041.650941][T15618] ? ____kasan_slab_free+0x125/0x160 [ 1041.656213][T15618] ? __kasan_slab_free+0x11/0x20 [ 1041.661138][T15618] ? kmem_cache_free+0x100/0x320 [ 1041.666052][T15618] ___sys_sendmsg+0x156/0x260 [ 1041.670713][T15618] ? _kstrtoull+0x3c0/0x4d0 [ 1041.675209][T15618] ? __sys_sendmsg+0x250/0x250 [ 1041.679979][T15618] ? __fdget+0x1a1/0x230 [ 1041.684206][T15618] __sys_sendmmsg+0x278/0x480 [ 1041.688865][T15618] ? __ia32_sys_sendmsg+0x2a0/0x2a0 [ 1041.694043][T15618] ? __ia32_sys_read+0x90/0x90 [ 1041.698796][T15618] __x64_sys_sendmmsg+0xa0/0xb0 [ 1041.703662][T15618] x64_sys_call+0x6c6/0x9a0 [ 1041.708147][T15618] do_syscall_64+0x4c/0xa0 [ 1041.712547][T15618] ? clear_bhb_loop+0x50/0xa0 [ 1041.717207][T15618] ? clear_bhb_loop+0x50/0xa0 [ 1041.721865][T15618] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1041.727777][T15618] RIP: 0033:0x7fd33e5a1be9 [ 1041.732456][T15618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1041.752065][T15618] RSP: 002b:00007fd33d00a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1041.760479][T15618] RAX: ffffffffffffffda RBX: 00007fd33e7d8fa0 RCX: 00007fd33e5a1be9 [ 1041.768443][T15618] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000003 [ 1041.776414][T15618] RBP: 00007fd33d00a090 R08: 0000000000000000 R09: 0000000000000000 [ 1041.784372][T15618] R10: 000000000000c800 R11: 0000000000000246 R12: 0000000000000001 [ 1041.792348][T15618] R13: 00007fd33e7d9038 R14: 00007fd33e7d8fa0 R15: 00007ffc54a17638 [ 1041.800303][T15618] [ 1042.014969][T15626] loop2: detected capacity change from 0 to 256 [ 1042.065698][ T292] usb 4-1: Using ep0 maxpacket: 16 [ 1042.109066][T15626] FAT-fs (loop2): Directory bread(block 64) failed [ 1042.115846][T15626] FAT-fs (loop2): Directory bread(block 65) failed [ 1042.122847][T15626] FAT-fs (loop2): Directory bread(block 66) failed [ 1042.129596][T15626] FAT-fs (loop2): Directory bread(block 67) failed [ 1042.136395][T15626] FAT-fs (loop2): Directory bread(block 68) failed [ 1042.143069][T15626] FAT-fs (loop2): Directory bread(block 69) failed [ 1042.149824][T15626] FAT-fs (loop2): Directory bread(block 70) failed [ 1042.156448][T15626] FAT-fs (loop2): Directory bread(block 71) failed [ 1042.163248][T15626] FAT-fs (loop2): Directory bread(block 72) failed [ 1042.169866][T15626] FAT-fs (loop2): Directory bread(block 73) failed [ 1043.012288][ T292] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1043.026780][ T292] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1043.077512][T15648] FAULT_INJECTION: forcing a failure. [ 1043.077512][T15648] name fail_futex, interval 1, probability 0, space 0, times 1 [ 1043.090421][T15648] CPU: 1 PID: 15648 Comm: syz.2.4594 Not tainted syzkaller #0 [ 1043.097896][T15648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1043.107957][T15648] Call Trace: [ 1043.111242][T15648] [ 1043.114177][T15648] __dump_stack+0x21/0x30 [ 1043.118509][T15648] dump_stack_lvl+0xee/0x150 [ 1043.123106][T15648] ? show_regs_print_info+0x20/0x20 [ 1043.128304][T15648] ? file_end_write+0x1b0/0x1b0 [ 1043.133161][T15648] dump_stack+0x15/0x20 [ 1043.137313][T15648] should_fail+0x3c1/0x510 [ 1043.141744][T15648] __se_sys_futex+0x19f/0x310 [ 1043.146419][T15648] ? __kasan_check_write+0x14/0x20 [ 1043.151526][T15648] ? __x64_sys_futex+0x100/0x100 [ 1043.156459][T15648] ? ksys_write+0x1eb/0x240 [ 1043.160961][T15648] ? __ia32_sys_read+0x90/0x90 [ 1043.165732][T15648] __x64_sys_futex+0xe5/0x100 [ 1043.170406][T15648] x64_sys_call+0x251/0x9a0 [ 1043.174917][T15648] do_syscall_64+0x4c/0xa0 [ 1043.179349][T15648] ? clear_bhb_loop+0x50/0xa0 [ 1043.184031][T15648] ? clear_bhb_loop+0x50/0xa0 [ 1043.188710][T15648] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1043.194608][T15648] RIP: 0033:0x7fd33e5a1be9 [ 1043.199024][T15648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1043.211933][ T292] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1043.218883][T15648] RSP: 002b:00007fd33d00a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1043.218909][T15648] RAX: ffffffffffffffda RBX: 00007fd33e7d8fa0 RCX: 00007fd33e5a1be9 [ 1043.218922][T15648] RDX: 0000000000000002 RSI: 000000000000000b RDI: 00002000000002c0 [ 1043.248217][ T292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1043.252343][T15648] RBP: 00007fd33d00a090 R08: 00002000000004c0 R09: 0000000000000002 [ 1043.252359][T15648] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 1043.252369][T15648] R13: 00007fd33e7d9038 R14: 00007fd33e7d8fa0 R15: 00007ffc54a17638 [ 1043.252385][T15648] [ 1043.287803][ T292] usb 4-1: Product: syz [ 1043.292036][ T292] usb 4-1: Manufacturer: syz [ 1043.296776][ T292] usb 4-1: SerialNumber: syz [ 1043.804455][ T292] usb 4-1: USB disconnect, device number 101 [ 1044.047041][T15662] loop1: detected capacity change from 0 to 1024 [ 1044.076693][T15662] EXT4-fs (loop1): Ignoring removed nobh option [ 1044.083238][T15662] EXT4-fs (loop1): Ignoring removed bh option [ 1044.190184][T15664] netlink: 'syz.4.4596': attribute type 27 has an invalid length. [ 1044.198081][T15664] device veth0_to_team left promiscuous mode [ 1044.268999][T15666] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15666 comm=syz.0.4598 [ 1044.333350][T15662] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,data_err=abort,barrier=0x0000000000000001,dioread_lock,grpjquota=,quota,data_err=ignore,grpquota,nobh,user_xattr,bh,minixdf,,errors=continue. Quota mode: writeback. [ 1044.779948][T15676] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=15676 comm=syz.2.4601 [ 1045.186406][T15674] loop3: detected capacity change from 0 to 4096 [ 1045.195215][T15676] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15676 comm=syz.2.4601 [ 1045.260707][T15674] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1045.277825][T15674] EXT4-fs (loop3): unsupported descriptor size 255 [ 1045.300968][ T30] kauditd_printk_skb: 82 callbacks suppressed [ 1045.300984][ T30] audit: type=1326 audit(1757369936.205:7606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1045.518924][ T30] audit: type=1326 audit(1757369936.425:7607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1045.651107][T15690] loop2: detected capacity change from 0 to 256 [ 1045.853221][ T30] audit: type=1326 audit(1757369936.765:7608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1045.900686][ T30] audit: type=1326 audit(1757369936.765:7609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1045.939789][T15674] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 1045.942981][ T30] audit: type=1326 audit(1757369936.765:7610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1045.949513][T15674] SELinux: failed to load policy [ 1045.983019][T15694] loop2: detected capacity change from 0 to 256 [ 1046.019699][ T30] audit: type=1326 audit(1757369936.765:7611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1046.063870][ T30] audit: type=1326 audit(1757369936.765:7612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1046.087786][ T30] audit: type=1326 audit(1757369936.765:7613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1046.204613][T15699] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1046.451357][ T30] audit: type=1326 audit(1757369936.765:7614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1046.477209][ T30] audit: type=1326 audit(1757369936.765:7615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15684 comm="syz.1.4602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8d8ef2be9 code=0x7ffc0000 [ 1046.537809][T15703] loop3: detected capacity change from 0 to 512 [ 1046.554742][T15703] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1046.884631][T15703] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15703 comm=syz.3.4610 [ 1046.907053][T15703] fuse: Bad value for 'fd' [ 1047.456237][ T292] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1047.604343][T15733] netlink: 'syz.4.4617': attribute type 27 has an invalid length. [ 1047.773261][ T292] usb 3-1: Using ep0 maxpacket: 16 [ 1048.567720][T15738] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15738 comm=syz.0.4621 [ 1048.580709][T15738] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15738 comm=syz.0.4621 [ 1048.974330][T15742] FAULT_INJECTION: forcing a failure. [ 1048.974330][T15742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1048.987624][T15742] CPU: 0 PID: 15742 Comm: syz.3.4619 Not tainted syzkaller #0 [ 1048.995085][T15742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1049.005133][T15742] Call Trace: [ 1049.008396][T15742] [ 1049.011394][T15742] __dump_stack+0x21/0x30 [ 1049.015712][T15742] dump_stack_lvl+0xee/0x150 [ 1049.020370][T15742] ? show_regs_print_info+0x20/0x20 [ 1049.025552][T15742] dump_stack+0x15/0x20 [ 1049.029704][T15742] should_fail+0x3c1/0x510 [ 1049.034130][T15742] should_fail_usercopy+0x1a/0x20 [ 1049.039150][T15742] _copy_to_user+0x20/0x90 [ 1049.043658][T15742] simple_read_from_buffer+0xe9/0x160 [ 1049.049014][T15742] proc_fail_nth_read+0x19a/0x210 [ 1049.054023][T15742] ? proc_fault_inject_write+0x2f0/0x2f0 [ 1049.059646][T15742] ? security_file_permission+0x83/0xa0 [ 1049.065235][T15742] ? proc_fault_inject_write+0x2f0/0x2f0 [ 1049.070857][T15742] vfs_read+0x282/0xbe0 [ 1049.075000][T15742] ? kernel_read+0x1f0/0x1f0 [ 1049.079571][T15742] ? __kasan_check_write+0x14/0x20 [ 1049.084663][T15742] ? mutex_lock+0x95/0x1a0 [ 1049.089059][T15742] ? wait_for_completion_killable_timeout+0x10/0x10 [ 1049.095659][T15742] ? __fget_files+0x2c4/0x320 [ 1049.100323][T15742] ? __fdget_pos+0x2d2/0x380 [ 1049.104901][T15742] ? ksys_read+0x71/0x240 [ 1049.109227][T15742] ksys_read+0x140/0x240 [ 1049.113453][T15742] ? vfs_write+0xf70/0xf70 [ 1049.117870][T15742] ? debug_smp_processor_id+0x17/0x20 [ 1049.123236][T15742] __x64_sys_read+0x7b/0x90 [ 1049.127723][T15742] x64_sys_call+0x96d/0x9a0 [ 1049.132207][T15742] do_syscall_64+0x4c/0xa0 [ 1049.136614][T15742] ? clear_bhb_loop+0x50/0xa0 [ 1049.141277][T15742] ? clear_bhb_loop+0x50/0xa0 [ 1049.146141][T15742] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1049.152020][T15742] RIP: 0033:0x7f303dcbd5fc [ 1049.156419][T15742] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1049.176007][T15742] RSP: 002b:00007f303c706030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1049.184405][T15742] RAX: ffffffffffffffda RBX: 00007f303def6090 RCX: 00007f303dcbd5fc [ 1049.192360][T15742] RDX: 000000000000000f RSI: 00007f303c7060a0 RDI: 0000000000000008 [ 1049.200323][T15742] RBP: 00007f303c706090 R08: 0000000000000000 R09: 0000000000000000 [ 1049.208272][T15742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1049.216226][T15742] R13: 00007f303def6128 R14: 00007f303def6090 R15: 00007ffe571722d8 [ 1049.224197][T15742] [ 1049.340163][ T292] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1049.350483][ T292] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1049.521956][ T292] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1049.531873][ T292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1049.545248][ T292] usb 3-1: Product: syz [ 1049.549523][ T292] usb 3-1: Manufacturer: syz [ 1049.555333][ T292] usb 3-1: SerialNumber: syz [ 1049.566448][T15749] loop1: detected capacity change from 0 to 512 [ 1049.630669][T15749] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1049.664659][T15749] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15749 comm=syz.1.4623 [ 1049.691859][ T60] usb 4-1: new full-speed USB device number 102 using dummy_hcd [ 1049.742050][T15749] fuse: Bad value for 'fd' [ 1049.886436][ T394] usb 3-1: USB disconnect, device number 100 [ 1050.122282][ T60] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1050.151338][ T60] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1050.372315][ T60] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1050.461570][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1050.481290][ T60] usb 4-1: Product: syz [ 1050.485814][ T60] usb 4-1: Manufacturer: syz [ 1050.490412][ T60] usb 4-1: SerialNumber: syz [ 1050.667864][ T30] kauditd_printk_skb: 61 callbacks suppressed [ 1050.667879][ T30] audit: type=1326 audit(1757369941.525:7677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1050.715838][ T30] audit: type=1326 audit(1757369941.525:7678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1050.739615][ T30] audit: type=1326 audit(1757369941.525:7679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1050.800128][ T30] audit: type=1326 audit(1757369941.525:7680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1050.852390][ T60] usb 4-1: 0:2 : does not exist [ 1050.872040][ T394] usb 2-1: new full-speed USB device number 95 using dummy_hcd [ 1050.915726][ T60] usb 4-1: USB disconnect, device number 102 [ 1050.995704][ T30] audit: type=1326 audit(1757369941.525:7681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1051.019276][ T30] audit: type=1326 audit(1757369941.525:7682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1051.042767][ T30] audit: type=1326 audit(1757369941.525:7683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1051.066365][ T30] audit: type=1326 audit(1757369941.525:7684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1051.090043][ T30] audit: type=1326 audit(1757369941.525:7685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1051.113560][ T30] audit: type=1326 audit(1757369941.525:7686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15761 comm="syz.4.4627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1051.151902][ T292] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1051.245203][T14281] udevd[14281]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1051.322052][ T394] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.395800][ T394] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1051.711911][ T394] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1051.711915][ T292] usb 3-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config [ 1051.711940][ T394] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.725281][ T292] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1051.746764][ T394] usb 2-1: Product: syz [ 1051.755333][ T394] usb 2-1: Manufacturer: syz [ 1051.760604][ T394] usb 2-1: SerialNumber: syz [ 1051.831939][ T292] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1051.842749][ T292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1051.854435][ T292] usb 3-1: SerialNumber: syz [ 1051.951858][ T7972] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1052.108365][T15787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15787 comm=syz.0.4637 [ 1052.121947][ T394] usb 2-1: 0:2 : does not exist [ 1052.165103][ T292] usb 3-1: 0:2 : does not exist [ 1052.170003][ T292] usb 3-1: unit 244 not found! [ 1052.170179][ T394] usb 2-1: USB disconnect, device number 95 [ 1052.201911][ T7972] usb 4-1: Using ep0 maxpacket: 16 [ 1052.214186][ T292] usb 3-1: USB disconnect, device number 101 [ 1052.456907][T14281] udevd[14281]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1053.226982][ T7972] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1053.237249][ T7972] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1053.352346][T15557] udevd[15557]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card1/controlC1/../uevent} for writing: No such file or directory [ 1053.421951][ T7972] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1053.431195][ T7972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1053.440073][ T7972] usb 4-1: Product: syz [ 1053.446692][ T7972] usb 4-1: Manufacturer: syz [ 1053.452775][ T7972] usb 4-1: SerialNumber: syz [ 1053.706150][ T7972] usb 4-1: USB disconnect, device number 103 [ 1054.214678][T15827] incfs_lookup_dentry err:-5 [ 1054.219309][T15827] incfs: Can't find or create .index dir in ./file0 [ 1054.226637][T15827] incfs: mount failed -5 [ 1054.234716][T15829] loop3: detected capacity change from 0 to 256 [ 1054.403838][T15838] loop1: detected capacity change from 0 to 512 [ 1054.670356][T15838] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.4654: iget: bad i_size value: 38620345925642 [ 1054.683421][T15838] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.4654: couldn't read orphan inode 15 (err -117) [ 1054.739782][T15838] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1057.066517][T15869] incfs_lookup_dentry err:-5 [ 1057.071192][T15869] incfs: Can't find or create .index dir in ./file0 [ 1057.078286][T15869] incfs: mount failed -5 [ 1057.169052][T15881] loop2: detected capacity change from 0 to 512 [ 1057.301923][ T394] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1057.404404][T15881] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1057.428632][T15881] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15881 comm=syz.2.4670 [ 1057.442445][T15881] fuse: Bad value for 'fd' [ 1057.541898][ T7972] usb 2-1: new full-speed USB device number 96 using dummy_hcd [ 1057.581722][T15891] loop2: detected capacity change from 0 to 512 [ 1057.591876][ T394] usb 4-1: Using ep0 maxpacket: 16 [ 1057.624976][T15891] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1057.643714][T15891] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15891 comm=syz.2.4673 [ 1057.657364][T15891] fuse: Bad value for 'fd' [ 1057.711904][ T394] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1057.722199][ T394] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1057.820850][T15898] bridge0: port 3(syz_tun) entered blocking state [ 1057.827767][T15898] bridge0: port 3(syz_tun) entered disabled state [ 1057.838426][T15898] device syz_tun entered promiscuous mode [ 1057.894266][ T394] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1057.903814][ T394] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1057.913448][ T394] usb 4-1: Product: syz [ 1057.917912][ T394] usb 4-1: Manufacturer: syz [ 1057.924249][ T394] usb 4-1: SerialNumber: syz [ 1058.039050][T15904] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4678'. [ 1058.081973][ T7972] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 1058.104567][ T7972] usb 2-1: New USB device found, idVendor=06a3, idProduct=0cd0, bcdDevice= 0.00 [ 1058.118255][ T7972] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1058.126933][ T7972] usb 2-1: config 0 descriptor?? [ 1058.345226][ T559] usb 4-1: USB disconnect, device number 104 [ 1058.614260][ T7972] saitek 0003:06A3:0CD0.0048: hidraw0: USB HID v10.01 Device [HID 06a3:0cd0] on usb-dummy_hcd.1-1/input0 [ 1059.159212][ T30] kauditd_printk_skb: 151 callbacks suppressed [ 1059.159243][ T30] audit: type=1400 audit(1757369950.065:7838): avc: denied { read } for pid=15925 comm="syz.3.4687" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1059.661897][ T30] audit: type=1400 audit(1757369950.065:7839): avc: denied { open } for pid=15925 comm="syz.3.4687" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1059.765634][ T394] usb 2-1: USB disconnect, device number 96 [ 1059.905676][T15939] incfs_lookup_dentry err:-5 [ 1059.935753][T15939] incfs: Can't find or create .index dir in ./file0 [ 1059.942473][T15939] incfs: mount failed -5 [ 1060.341914][ T559] usb 4-1: new full-speed USB device number 105 using dummy_hcd [ 1060.580861][ T30] audit: type=1400 audit(1757369951.485:7840): avc: denied { audit_write } for pid=15947 comm="syz.4.4694" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1060.621558][ T30] audit: type=1107 audit(1757369951.515:7841): pid=15947 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 1060.701923][ T559] usb 4-1: device descriptor read/64, error -71 [ 1061.112178][ T559] usb 4-1: device descriptor read/64, error -71 [ 1061.419216][ T559] usb 4-1: new full-speed USB device number 106 using dummy_hcd [ 1062.372723][T15981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15981 comm=syz.0.4706 [ 1063.469794][ T559] usb 4-1: device descriptor read/64, error -71 [ 1063.541298][T15996] loop3: detected capacity change from 0 to 512 [ 1063.595937][T15997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=15997 comm=syz.4.4711 [ 1064.578226][ T30] audit: type=1400 audit(1757369955.425:7842): avc: denied { execute } for pid=15999 comm="syz.0.4712" path="/346/file0/cgroup.controllers" dev="tmpfs" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1064.642696][T15996] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1064.657341][ T7972] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 1064.697856][T15996] EXT4-fs (loop3): mount failed [ 1064.710963][T16021] loop1: detected capacity change from 0 to 256 [ 1065.402047][ T7972] usb 3-1: Using ep0 maxpacket: 16 [ 1066.058013][T16034] loop3: detected capacity change from 0 to 512 [ 1066.066532][ T7972] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1066.101361][ T7972] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1066.123674][T16034] EXT4-fs (loop3): Mount option "dioread_lock" incompatible with ext2 [ 1066.243490][T16043] loop1: detected capacity change from 0 to 512 [ 1066.291975][ T7972] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1066.301057][ T7972] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1066.329733][ T7972] usb 3-1: Product: syz [ 1066.351221][ T7972] usb 3-1: Manufacturer: syz [ 1066.355939][ T7972] usb 3-1: SerialNumber: syz [ 1066.356375][T16043] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1066.378896][T16043] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16043 comm=syz.1.4724 [ 1066.394981][T16043] fuse: Unknown parameter '0xffffffffffffffff' [ 1067.065330][ T30] audit: type=1326 audit(1757369957.975:7843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16054 comm="syz.3.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303dcbebe9 code=0x7ffc0000 [ 1067.352651][ T7972] usb 3-1: USB disconnect, device number 102 [ 1067.470354][ T30] audit: type=1326 audit(1757369958.275:7844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16054 comm="syz.3.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303dcbebe9 code=0x7ffc0000 [ 1067.495290][ T30] audit: type=1326 audit(1757369958.345:7845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16054 comm="syz.3.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f303dcbebe9 code=0x7ffc0000 [ 1067.518939][ T30] audit: type=1326 audit(1757369958.405:7846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16054 comm="syz.3.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303dcbebe9 code=0x7ffc0000 [ 1067.542521][ T30] audit: type=1326 audit(1757369958.405:7847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16054 comm="syz.3.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f303dcbebe9 code=0x7ffc0000 [ 1067.590679][T16064] loop2: detected capacity change from 0 to 256 [ 1067.660755][T16064] FAT-fs (loop2): Directory bread(block 64) failed [ 1067.667460][T16064] FAT-fs (loop2): Directory bread(block 65) failed [ 1067.674387][T16064] FAT-fs (loop2): Directory bread(block 66) failed [ 1067.681013][T16064] FAT-fs (loop2): Directory bread(block 67) failed [ 1067.687792][T16064] FAT-fs (loop2): Directory bread(block 68) failed [ 1067.694535][T16064] FAT-fs (loop2): Directory bread(block 69) failed [ 1067.701341][T16064] FAT-fs (loop2): Directory bread(block 70) failed [ 1067.707976][T16064] FAT-fs (loop2): Directory bread(block 71) failed [ 1067.714702][T16064] FAT-fs (loop2): Directory bread(block 72) failed [ 1067.721361][T16064] FAT-fs (loop2): Directory bread(block 73) failed [ 1068.617634][T16080] loop1: detected capacity change from 0 to 4096 [ 1068.626498][T16080] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 1068.634482][T16080] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1068.644216][ T30] audit: type=1400 audit(1757369959.555:7848): avc: denied { write } for pid=16085 comm="syz.2.4739" path="/324/file0/file0" dev="incremental-fs" ino=1799 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1068.670831][T16080] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 1068.831910][ T559] usb 4-1: new full-speed USB device number 107 using dummy_hcd [ 1069.101875][ T7972] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 1069.131894][ T559] usb 4-1: device descriptor read/64, error -71 [ 1069.575427][ T559] usb 4-1: device descriptor read/64, error -71 [ 1069.885862][ T7972] usb 3-1: device descriptor read/64, error -71 [ 1070.122133][ T30] audit: type=1326 audit(1757369961.035:7849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.146365][ T30] audit: type=1326 audit(1757369961.035:7850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.151930][ T559] usb 4-1: new full-speed USB device number 108 using dummy_hcd [ 1070.181908][ T30] audit: type=1326 audit(1757369961.065:7851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.214806][ T30] audit: type=1326 audit(1757369961.065:7852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.244944][ T30] audit: type=1326 audit(1757369961.065:7853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.268860][ T30] audit: type=1326 audit(1757369961.085:7854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.292609][ T30] audit: type=1326 audit(1757369961.085:7855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.317942][ T30] audit: type=1326 audit(1757369961.085:7856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.318396][ T7972] usb 3-1: device descriptor read/64, error -71 [ 1070.353338][ T30] audit: type=1326 audit(1757369961.085:7857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.425297][ T30] audit: type=1326 audit(1757369961.085:7858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16107 comm="syz.0.4745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1070.511885][ T559] usb 4-1: device descriptor read/64, error -71 [ 1070.621853][ T7972] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 1070.912404][ T559] usb 4-1: device descriptor read/64, error -71 [ 1071.042248][ T559] usb usb4-port1: attempt power cycle [ 1071.176030][ T7972] usb 3-1: device descriptor read/64, error -71 [ 1071.467273][ T559] usb 4-1: new full-speed USB device number 109 using dummy_hcd [ 1071.584943][ T7972] usb 3-1: device descriptor read/64, error -71 [ 1071.861989][ T559] usb 4-1: device descriptor read/8, error -71 [ 1072.056699][T16141] FAULT_INJECTION: forcing a failure. [ 1072.056699][T16141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1072.127669][ T559] usb 4-1: device descriptor read/8, error -71 [ 1072.241238][T16141] CPU: 1 PID: 16141 Comm: syz.3.4756 Not tainted syzkaller #0 [ 1072.248826][T16141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1072.258878][T16141] Call Trace: [ 1072.262155][T16141] [ 1072.265075][T16141] __dump_stack+0x21/0x30 [ 1072.269431][T16141] dump_stack_lvl+0xee/0x150 [ 1072.274274][T16141] ? show_regs_print_info+0x20/0x20 [ 1072.279469][T16141] ? dump_stack+0x9/0x20 [ 1072.283708][T16141] dump_stack+0x15/0x20 [ 1072.287859][T16141] should_fail+0x3c1/0x510 [ 1072.292264][T16141] should_fail_usercopy+0x1a/0x20 [ 1072.297273][T16141] _copy_from_user+0x20/0xd0 [ 1072.301852][T16141] get_itimerspec64+0x19a/0x2e0 [ 1072.306693][T16141] ? sysvec_reschedule_ipi+0x78/0x80 [ 1072.311967][T16141] ? put_old_timespec32+0x110/0x110 [ 1072.317242][T16141] __x64_sys_timer_settime+0x14f/0x250 [ 1072.322682][T16141] ? common_timer_set+0x3e0/0x3e0 [ 1072.327689][T16141] ? ksys_write+0x1eb/0x240 [ 1072.332174][T16141] ? __kasan_check_write+0x14/0x20 [ 1072.337268][T16141] ? switch_fpu_return+0x15d/0x2c0 [ 1072.342364][T16141] x64_sys_call+0x57d/0x9a0 [ 1072.346946][T16141] do_syscall_64+0x4c/0xa0 [ 1072.351342][T16141] ? clear_bhb_loop+0x50/0xa0 [ 1072.356011][T16141] ? clear_bhb_loop+0x50/0xa0 [ 1072.360666][T16141] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1072.366553][T16141] RIP: 0033:0x7f303dcbebe9 [ 1072.370962][T16141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1072.390552][T16141] RSP: 002b:00007f303c727038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df [ 1072.398949][T16141] RAX: ffffffffffffffda RBX: 00007f303def5fa0 RCX: 00007f303dcbebe9 [ 1072.406989][T16141] RDX: 0000200000000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 1072.414945][T16141] RBP: 00007f303c727090 R08: 0000000000000000 R09: 0000000000000000 [ 1072.422984][T16141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1072.430948][T16141] R13: 00007f303def6038 R14: 00007f303def5fa0 R15: 00007ffe571722d8 [ 1072.438998][T16141] [ 1072.627947][ T7972] usb usb3-port1: attempt power cycle [ 1072.714213][T16160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4760'. [ 1072.751939][ T394] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1072.918555][T16168] loop1: detected capacity change from 0 to 256 [ 1073.065807][ T394] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1073.142125][ T559] usb 4-1: new full-speed USB device number 110 using dummy_hcd [ 1073.381927][ T559] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 1073.394849][ T559] usb 4-1: New USB device found, idVendor=06a3, idProduct=0cd0, bcdDevice= 0.00 [ 1073.404277][ T559] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1073.417254][ T559] usb 4-1: config 0 descriptor?? [ 1073.551478][T16174] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16174 comm=syz.4.4766 [ 1073.902128][ T394] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1074.072053][ T394] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1074.079995][ T394] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1074.089358][ T559] saitek 0003:06A3:0CD0.0049: hidraw0: USB HID v10.01 Device [HID 06a3:0cd0] on usb-dummy_hcd.3-1/input0 [ 1074.434233][ T7972] usb 4-1: USB disconnect, device number 110 [ 1074.472835][T16198] netlink: 'syz.0.4775': attribute type 4 has an invalid length. [ 1074.482250][T16200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4775'. [ 1074.574241][ T559] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1074.809595][T16208] loop2: detected capacity change from 0 to 512 [ 1074.982454][T16208] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1075.076311][T16208] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16208 comm=syz.2.4777 [ 1075.113779][T16208] fuse: Unknown parameter 'fd0xffffffffffffffff' [ 1075.155867][ T30] kauditd_printk_skb: 70 callbacks suppressed [ 1075.155883][ T30] audit: type=1400 audit(1757369966.065:7929): avc: denied { read } for pid=16211 comm="syz.1.4778" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=61967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1075.861473][T16228] loop2: detected capacity change from 0 to 4096 [ 1075.972027][T16228] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1075.979977][T16228] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1075.989523][T16228] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 1076.406321][T16246] loop2: detected capacity change from 0 to 512 [ 1076.417604][T16231] FAULT_INJECTION: forcing a failure. [ 1076.417604][T16231] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1076.430830][T16231] CPU: 1 PID: 16231 Comm: syz.1.4783 Not tainted syzkaller #0 [ 1076.438300][T16231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1076.448354][T16231] Call Trace: [ 1076.451639][T16231] [ 1076.454556][T16231] __dump_stack+0x21/0x30 [ 1076.458866][T16231] dump_stack_lvl+0xee/0x150 [ 1076.463432][T16231] ? show_regs_print_info+0x20/0x20 [ 1076.468623][T16231] ? __kernel_text_address+0xa0/0x100 [ 1076.473970][T16231] dump_stack+0x15/0x20 [ 1076.478103][T16231] should_fail+0x3c1/0x510 [ 1076.482495][T16231] should_fail_usercopy+0x1a/0x20 [ 1076.487681][T16231] _copy_from_user+0x20/0xd0 [ 1076.492247][T16231] __copy_msghdr_from_user+0x448/0x5e0 [ 1076.497705][T16231] ? __ia32_sys_shutdown+0x1e0/0x1e0 [ 1076.503057][T16231] ? kasan_set_track+0x5b/0x70 [ 1076.507799][T16231] ? kasan_set_track+0x4a/0x70 [ 1076.512552][T16231] ? kasan_set_free_info+0x23/0x40 [ 1076.517652][T16231] ? ____kasan_slab_free+0x125/0x160 [ 1076.522913][T16231] ? __kasan_slab_free+0x11/0x20 [ 1076.527827][T16231] ? kmem_cache_free+0x100/0x320 [ 1076.532747][T16231] ___sys_sendmsg+0x156/0x260 [ 1076.537416][T16231] ? _kstrtoull+0x3c0/0x4d0 [ 1076.541902][T16231] ? __sys_sendmsg+0x250/0x250 [ 1076.546663][T16231] ? __fdget+0x1a1/0x230 [ 1076.550889][T16231] __sys_sendmmsg+0x278/0x480 [ 1076.555669][T16231] ? __ia32_sys_sendmsg+0x2a0/0x2a0 [ 1076.560851][T16231] ? __ia32_sys_read+0x90/0x90 [ 1076.565594][T16231] __x64_sys_sendmmsg+0xa0/0xb0 [ 1076.570425][T16231] x64_sys_call+0x6c6/0x9a0 [ 1076.574927][T16231] do_syscall_64+0x4c/0xa0 [ 1076.579332][T16231] ? clear_bhb_loop+0x50/0xa0 [ 1076.583991][T16231] ? clear_bhb_loop+0x50/0xa0 [ 1076.588646][T16231] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1076.594604][T16231] RIP: 0033:0x7ff8d8ef2be9 [ 1076.599182][T16231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1076.618858][T16231] RSP: 002b:00007ff8d795b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1076.627259][T16231] RAX: ffffffffffffffda RBX: 00007ff8d9129fa0 RCX: 00007ff8d8ef2be9 [ 1076.635244][T16231] RDX: 0000000000000002 RSI: 0000200000004540 RDI: 0000000000000003 [ 1076.643224][T16231] RBP: 00007ff8d795b090 R08: 0000000000000000 R09: 0000000000000000 [ 1076.651175][T16231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1076.659123][T16231] R13: 00007ff8d912a038 R14: 00007ff8d9129fa0 R15: 00007ffefbc26278 [ 1076.667082][T16231] [ 1076.693992][T16246] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1076.729081][T16251] loop3: detected capacity change from 0 to 256 [ 1077.811858][ T7972] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 1078.040361][T16279] loop1: detected capacity change from 0 to 1024 [ 1078.180336][T16279] EXT4-fs (loop1): Ignoring removed bh option [ 1078.391945][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1078.552165][ T7972] usb 3-1: New USB device found, idVendor=04b4, idProduct=6830, bcdDevice=86.cf [ 1078.572879][T16279] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #3: block 2: comm syz.1.4798: lblock 2 mapped to illegal pblock 2 (length 1) [ 1078.627794][T16279] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 1078.636115][T16279] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #3: block 48: comm syz.1.4798: lblock 0 mapped to illegal pblock 48 (length 1) [ 1078.650918][T16279] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 1078.659822][T16279] EXT4-fs error (device loop1): ext4_acquire_dquot:6200: comm syz.1.4798: Failed to acquire dquot type 0 [ 1078.671768][T16279] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1078.681556][T16279] EXT4-fs error (device loop1): ext4_evict_inode:283: inode #11: comm syz.1.4798: mark_inode_dirty error [ 1078.693677][T16279] EXT4-fs warning (device loop1): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 1078.704010][T16279] EXT4-fs (loop1): 1 orphan inode deleted [ 1078.709767][T16279] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x0000000000000001,nodelalloc,inlinecrypt,,errors=continue. Quota mode: writeback. [ 1078.845058][T16279] netlink: 'syz.1.4798': attribute type 27 has an invalid length. [ 1078.853249][T16279] device lo left promiscuous mode [ 1078.860502][T16279] device tunl0 left promiscuous mode [ 1078.867426][T16279] device gre0 left promiscuous mode [ 1078.875510][T16279] device gretap0 left promiscuous mode [ 1078.883203][T16279] device erspan0 left promiscuous mode [ 1078.890656][T16279] device ip_vti0 left promiscuous mode [ 1078.898149][T16279] device ip6_vti0 left promiscuous mode [ 1078.904511][T16279] device sit0 left promiscuous mode [ 1078.911686][T16279] device ip6tnl0 left promiscuous mode [ 1078.917942][T16279] device ip6gre0 left promiscuous mode [ 1078.924070][T16279] device syz_tun left promiscuous mode [ 1078.930186][T16279] device ip6gretap0 left promiscuous mode [ 1078.936668][T16279] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.943801][T16279] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.950965][T16279] device bridge0 left promiscuous mode [ 1078.957373][T16279] device dummy0 left promiscuous mode [ 1078.963479][T16279] device veth0 left promiscuous mode [ 1078.969538][T16279] device veth1 left promiscuous mode [ 1078.975681][T16279] device wg0 left promiscuous mode [ 1078.981430][T16279] device wg1 left promiscuous mode [ 1078.988081][T16279] device wg2 left promiscuous mode [ 1078.993695][T16279] device veth0_to_bridge left promiscuous mode [ 1079.001138][T16279] device veth1_to_bridge left promiscuous mode [ 1079.008386][T16279] device veth0_to_bond left promiscuous mode [ 1079.014963][T16279] device bond_slave_0 left promiscuous mode [ 1079.021370][T16279] device veth1_to_bond left promiscuous mode [ 1079.027918][T16279] device bond_slave_1 left promiscuous mode [ 1079.034486][T16279] device veth0_to_team left promiscuous mode [ 1079.041024][T16279] device team_slave_0 left promiscuous mode [ 1079.047564][T16279] device veth1_to_team left promiscuous mode [ 1079.054179][T16279] device team_slave_1 left promiscuous mode [ 1079.060692][T16279] device veth0_to_batadv left promiscuous mode [ 1079.067485][T16279] device batadv_slave_0 left promiscuous mode [ 1079.074155][T16279] device veth1_to_batadv left promiscuous mode [ 1079.080880][T16279] device batadv_slave_1 left promiscuous mode [ 1079.087574][T16279] device xfrm0 left promiscuous mode [ 1079.093001][T16279] device veth0_to_hsr left promiscuous mode [ 1079.100117][T16279] device hsr_slave_0 left promiscuous mode [ 1079.106463][T16279] device veth1_to_hsr left promiscuous mode [ 1079.112938][T16279] device hsr_slave_1 left promiscuous mode [ 1079.119236][T16279] device veth1_virt_wifi left promiscuous mode [ 1079.125944][T16279] device veth0_virt_wifi left promiscuous mode [ 1079.132632][T16279] device veth1_vlan left promiscuous mode [ 1079.141449][T16279] device vlan0 left promiscuous mode [ 1079.146904][T16279] device vlan1 left promiscuous mode [ 1079.153070][T16279] device veth0_macvtap left promiscuous mode [ 1079.159680][T16279] device macsec0 left promiscuous mode [ 1079.166488][ T7972] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1079.179587][T15000] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 1079.202286][T15000] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 1079.212339][ T7972] ums-cypress 3-1:1.0: USB Mass Storage device detected [ 1079.226664][T15000] EXT4-fs error (device loop1): ext4_release_dquot:6236: comm kworker/u4:9: Failed to release dquot type 0 [ 1079.266924][T16287] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16287 comm=syz.4.4801 [ 1080.057487][ T7972] usb 3-1: USB disconnect, device number 106 [ 1080.213031][T16295] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16295 comm=syz.0.4803 [ 1080.230059][T10282] EXT4-fs error (device loop1): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1080.243366][T10282] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1080.253213][T10282] EXT4-fs error (device loop1): ext4_quota_off:6506: inode #3: comm syz-executor: mark_inode_dirty error [ 1080.280764][T16299] loop3: detected capacity change from 0 to 256 [ 1080.466537][T16309] loop1: detected capacity change from 0 to 512 [ 1080.767756][T16315] loop2: detected capacity change from 0 to 4096 [ 1080.785548][T16315] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1080.792939][T16315] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1080.805448][T16309] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 1080.818533][T16309] ext4 filesystem being mounted at /319/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1080.834209][T16315] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 1081.338054][T16337] loop3: detected capacity change from 0 to 512 [ 1081.360042][T16337] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1081.389836][T16337] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16337 comm=syz.3.4815 [ 1081.402983][T16337] fuse: Bad value for 'fd' [ 1081.516565][T16346] loop3: detected capacity change from 0 to 4096 [ 1081.575395][T16346] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 1081.700320][T16346] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1081.781262][T16346] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 1081.811963][T16352] loop1: detected capacity change from 0 to 512 [ 1081.843492][T16352] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 1081.855998][T16352] ext4 filesystem being mounted at /321/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1081.877215][T16361] loop3: detected capacity change from 0 to 512 [ 1081.918928][T16363] loop1: detected capacity change from 0 to 512 [ 1081.933655][T16361] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1081.948580][T16361] EXT4-fs (loop3): mount failed [ 1081.973388][T16363] EXT4-fs warning (device loop1): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1081.988487][T16363] EXT4-fs (loop1): mount failed [ 1082.477491][ T30] audit: type=1400 audit(1757369973.385:7930): avc: denied { create } for pid=16372 comm="syz.0.4825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1082.825091][T16384] loop1: detected capacity change from 0 to 256 [ 1082.829280][T16382] loop3: detected capacity change from 0 to 512 [ 1082.871952][T16382] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1082.887283][T16382] EXT4-fs (loop3): mount failed [ 1082.947738][T16389] loop1: detected capacity change from 0 to 4096 [ 1082.964531][T16389] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1082.985367][T16389] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1083.062515][T16389] System zones: 0-5 [ 1083.067522][T16389] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 1084.023751][T16407] loop3: detected capacity change from 0 to 512 [ 1084.041212][T16410] FAULT_INJECTION: forcing a failure. [ 1084.041212][T16410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1084.055745][T16410] CPU: 0 PID: 16410 Comm: syz.2.4836 Not tainted syzkaller #0 [ 1084.063226][T16410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1084.065915][T16407] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 1084.073363][T16410] Call Trace: [ 1084.073373][T16410] [ 1084.073381][T16410] __dump_stack+0x21/0x30 [ 1084.073406][T16410] dump_stack_lvl+0xee/0x150 [ 1084.073422][T16410] ? show_regs_print_info+0x20/0x20 [ 1084.086224][T16407] ext4 filesystem being mounted at /351/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1084.088997][T16410] dump_stack+0x15/0x20 [ 1084.089021][T16410] should_fail+0x3c1/0x510 [ 1084.089037][T16410] should_fail_usercopy+0x1a/0x20 [ 1084.089052][T16410] _copy_from_user+0x20/0xd0 [ 1084.089070][T16410] __se_sys_memfd_create+0x131/0x3b0 [ 1084.139858][T16410] __x64_sys_memfd_create+0x5b/0x70 [ 1084.145075][T16410] x64_sys_call+0x473/0x9a0 [ 1084.149571][T16410] do_syscall_64+0x4c/0xa0 [ 1084.153971][T16410] ? clear_bhb_loop+0x50/0xa0 [ 1084.158638][T16410] ? clear_bhb_loop+0x50/0xa0 [ 1084.163305][T16410] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1084.169180][T16410] RIP: 0033:0x7fd33e5a1be9 [ 1084.173639][T16410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1084.182005][ T343] kworker/dying (343) used greatest stack depth: 19520 bytes left [ 1084.193312][T16410] RSP: 002b:00007fd33d009e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 1084.193335][T16410] RAX: ffffffffffffffda RBX: 0000000000000517 RCX: 00007fd33e5a1be9 [ 1084.193347][T16410] RDX: 00007fd33d009ef0 RSI: 0000000000000000 RDI: 00007fd33e6257e8 [ 1084.193358][T16410] RBP: 00002000000000c0 R08: 00007fd33d009bb7 R09: 00007fd33d009e40 [ 1084.233356][T16410] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040 [ 1084.241309][T16410] R13: 00007fd33d009ef0 R14: 00007fd33d009eb0 R15: 0000200000000000 [ 1084.249261][T16410] [ 1084.347443][T16421] loop2: detected capacity change from 0 to 256 [ 1084.552329][T16427] fuse: Bad value for 'fd' [ 1085.120981][T16424] loop1: detected capacity change from 0 to 512 [ 1085.146062][T16436] loop3: detected capacity change from 0 to 512 [ 1085.227662][T16436] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1085.254396][T16424] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 1085.311995][ T30] audit: type=1400 audit(1757369976.155:7931): avc: denied { mounton } for pid=16423 comm="syz.1.4842" path="/327/file0" dev="tmpfs" ino=1816 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1085.335034][T16431] loop2: detected capacity change from 0 to 256 [ 1085.416717][T16436] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16436 comm=syz.3.4844 [ 1085.674406][T16424] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 1085.684207][T16424] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 1085.694716][T16436] fuse: Bad value for 'fd' [ 1085.708918][T16424] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 1085.740396][T16424] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 1085.748804][T16424] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1085.755912][T16424] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.4842: bg 0: block 34: padding at end of block bitmap is not set [ 1085.770619][T16424] Quota error (device loop1): write_blk: dquota write failed [ 1085.778116][T16424] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 1085.788642][T16424] EXT4-fs error (device loop1): ext4_acquire_dquot:6200: comm syz.1.4842: Failed to acquire dquot type 1 [ 1085.804248][T16424] EXT4-fs (loop1): 1 truncate cleaned up [ 1085.814827][T16424] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,barrier,,errors=continue. Quota mode: writeback. [ 1086.431542][T16469] loop2: detected capacity change from 0 to 8192 [ 1086.529736][T16474] syz.1.4857[16474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1086.529907][T16474] syz.1.4857[16474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1086.578107][T16474] syz.1.4857[16474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1086.815620][T16474] syz.1.4857[16474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1086.898680][ T30] audit: type=1400 audit(1757369977.795:7932): avc: denied { read } for pid=16468 comm="syz.2.4856" name="loop-control" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1086.942493][ T30] audit: type=1400 audit(1757369977.795:7933): avc: denied { open } for pid=16468 comm="syz.2.4856" path="/dev/loop-control" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1087.351896][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1087.379657][T16487] loop3: detected capacity change from 0 to 512 [ 1087.425676][T16487] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1087.590954][T16487] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16487 comm=syz.3.4861 [ 1087.734030][T16487] fuse: Bad value for 'fd' [ 1087.831969][ T338] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 1088.073675][T16512] loop3: detected capacity change from 0 to 1024 [ 1088.506305][T16512] EXT4-fs (loop3): Ignoring removed bh option [ 1088.618341][T16512] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 2: comm syz.3.4869: lblock 2 mapped to illegal pblock 2 (length 1) [ 1088.632988][ T338] usb 3-1: Using ep0 maxpacket: 8 [ 1088.638863][T16512] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 1088.647132][T16512] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 48: comm syz.3.4869: lblock 0 mapped to illegal pblock 48 (length 1) [ 1088.704004][T16512] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1088.712861][T16512] EXT4-fs error (device loop3): ext4_acquire_dquot:6200: comm syz.3.4869: Failed to acquire dquot type 0 [ 1088.725028][T16512] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1088.735319][T16512] EXT4-fs error (device loop3): ext4_evict_inode:283: inode #11: comm syz.3.4869: mark_inode_dirty error [ 1088.748205][T16512] EXT4-fs warning (device loop3): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 1088.758644][T16512] EXT4-fs (loop3): 1 orphan inode deleted [ 1088.764475][T16512] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x0000000000000001,nodelalloc,inlinecrypt,,errors=continue. Quota mode: writeback. [ 1088.868262][T16512] netlink: 'syz.3.4869': attribute type 27 has an invalid length. [ 1088.883721][T16512] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #2: block 16: comm syz.3.4869: lblock 0 mapped to illegal pblock 16 (length 1) [ 1088.898680][ T647] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 1088.932072][ T338] usb 3-1: unable to get BOS descriptor set [ 1089.022698][ T338] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 123, changing to 10 [ 1089.362115][ T338] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1089.392459][ T647] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 1089.400992][ T647] EXT4-fs error (device loop3): ext4_release_dquot:6236: comm kworker/u4:8: Failed to release dquot type 0 [ 1089.463466][T16519] FAULT_INJECTION: forcing a failure. [ 1089.463466][T16519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1089.476675][T16519] CPU: 1 PID: 16519 Comm: syz.1.4870 Not tainted syzkaller #0 [ 1089.484138][T16519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1089.494190][T16519] Call Trace: [ 1089.497472][T16519] [ 1089.500399][T16519] __dump_stack+0x21/0x30 [ 1089.504818][T16519] dump_stack_lvl+0xee/0x150 [ 1089.509402][T16519] ? show_regs_print_info+0x20/0x20 [ 1089.514606][T16519] dump_stack+0x15/0x20 [ 1089.518765][T16519] should_fail+0x3c1/0x510 [ 1089.523172][T16519] should_fail_usercopy+0x1a/0x20 [ 1089.528180][T16519] _copy_from_user+0x20/0xd0 [ 1089.532767][T16519] __se_sys_memfd_create+0x131/0x3b0 [ 1089.538040][T16519] __x64_sys_memfd_create+0x5b/0x70 [ 1089.543228][T16519] x64_sys_call+0x473/0x9a0 [ 1089.547713][T16519] do_syscall_64+0x4c/0xa0 [ 1089.552144][T16519] ? clear_bhb_loop+0x50/0xa0 [ 1089.556804][T16519] ? clear_bhb_loop+0x50/0xa0 [ 1089.561463][T16519] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1089.567340][T16519] RIP: 0033:0x7ff8d8ef2be9 [ 1089.571736][T16519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1089.591413][T16519] RSP: 002b:00007ff8d795ae18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 1089.599817][T16519] RAX: ffffffffffffffda RBX: 0000000000000517 RCX: 00007ff8d8ef2be9 [ 1089.607772][T16519] RDX: 00007ff8d795aef0 RSI: 0000000000000000 RDI: 00007ff8d8f767e8 [ 1089.615729][T16519] RBP: 00002000000000c0 R08: 00007ff8d795abb7 R09: 00007ff8d795ae40 [ 1089.623680][T16519] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040 [ 1089.631720][T16519] R13: 00007ff8d795aef0 R14: 00007ff8d795aeb0 R15: 0000200000000000 [ 1089.639771][T16519] [ 1089.648669][T10142] EXT4-fs error (device loop3): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1089.662175][T10142] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1089.671885][T10142] EXT4-fs error (device loop3): ext4_quota_off:6506: inode #3: comm syz-executor: mark_inode_dirty error [ 1089.703493][ T338] usb 3-1: New USB device found, idVendor=1b96, idProduct=0011, bcdDevice= 0.40 [ 1089.709190][T16523] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4874'. [ 1089.721585][ T338] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1089.725206][T16523] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4874'. [ 1089.731972][ T338] usb 3-1: Product: Њ [ 1089.744982][ T338] usb 3-1: Manufacturer: Ж [ 1089.749512][ T338] usb 3-1: SerialNumber: ⒚쟠 [ 1089.784672][T16528] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16528 comm=syz.4.4877 [ 1089.872832][T16541] loop1: detected capacity change from 0 to 256 [ 1090.748029][T16545] netlink: 'syz.4.4880': attribute type 27 has an invalid length. [ 1091.239398][T16554] Invalid ELF header type: 2 != 1 [ 1091.770391][ T30] audit: type=1400 audit(1757369982.145:7934): avc: denied { sys_module } for pid=16550 comm="syz.2.4885" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1091.825279][ T30] audit: type=1400 audit(1757369982.145:7935): avc: denied { module_load } for pid=16550 comm="syz.2.4885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 1092.001375][T16561] loop2: detected capacity change from 0 to 512 [ 1092.061485][T16561] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1092.100429][T16556] loop3: detected capacity change from 0 to 40427 [ 1092.110828][T16561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16561 comm=syz.2.4888 [ 1092.124222][T16561] fuse: Bad value for 'fd' [ 1092.171920][ T338] usbhid 3-1:1.0: can't add hid device: -71 [ 1092.178222][ T338] usbhid: probe of 3-1:1.0 failed with error -71 [ 1092.195940][ T338] usb 3-1: USB disconnect, device number 107 [ 1092.266449][T16556] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1092.287871][T16556] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1092.304839][ T30] audit: type=1400 audit(1757369983.215:7936): avc: denied { map } for pid=16555 comm="syz.3.4886" path="/360/file0/memory.events.local" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1092.329620][T16555] attempt to access beyond end of device [ 1092.329620][T16555] loop3: rw=10241, want=45104, limit=40427 [ 1092.343953][T16556] attempt to access beyond end of device [ 1092.343953][T16556] loop3: rw=2049, want=45104, limit=40427 [ 1092.363345][T10142] attempt to access beyond end of device [ 1092.363345][T10142] loop3: rw=2049, want=45112, limit=40427 [ 1092.393253][T16589] loop2: detected capacity change from 0 to 4096 [ 1092.409706][T16589] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1092.417747][T16589] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1092.426221][T16589] System zones: 0-5 [ 1092.431017][T16589] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 1092.521194][T16596] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4898'. [ 1092.694995][T16600] loop2: detected capacity change from 0 to 512 [ 1092.724891][T16601] loop3: detected capacity change from 0 to 1024 [ 1092.756831][T16601] EXT4-fs (loop3): Ignoring removed bh option [ 1092.831172][T16601] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 2: comm syz.3.4899: lblock 2 mapped to illegal pblock 2 (length 1) [ 1092.846206][T16601] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 1092.854571][T16601] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 48: comm syz.3.4899: lblock 0 mapped to illegal pblock 48 (length 1) [ 1092.870076][T16601] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1092.879147][T16601] EXT4-fs error (device loop3): ext4_acquire_dquot:6200: comm syz.3.4899: Failed to acquire dquot type 0 [ 1092.891581][T16601] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1092.901874][T16601] EXT4-fs error (device loop3): ext4_evict_inode:283: inode #11: comm syz.3.4899: mark_inode_dirty error [ 1092.916970][T16601] EXT4-fs warning (device loop3): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 1092.927449][T16601] EXT4-fs (loop3): 1 orphan inode deleted [ 1092.933286][T16601] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x0000000000000001,nodelalloc,inlinecrypt,,errors=continue. Quota mode: writeback. [ 1094.122270][T16599] netlink: 'syz.3.4899': attribute type 27 has an invalid length. [ 1094.126967][ T647] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 1094.145817][T16599] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #2: block 16: comm syz.3.4899: lblock 0 mapped to illegal pblock 16 (length 1) [ 1094.182198][ T647] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 1094.198070][ T647] EXT4-fs error (device loop3): ext4_release_dquot:6236: comm kworker/u4:8: Failed to release dquot type 0 [ 1094.214449][T16610] loop1: detected capacity change from 0 to 256 [ 1094.249838][T16616] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16616 comm=syz.4.4906 [ 1094.315906][T10142] EXT4-fs error (device loop3): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1094.329653][T10142] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1094.344986][T10142] EXT4-fs error (device loop3): ext4_quota_off:6506: inode #3: comm syz-executor: mark_inode_dirty error [ 1094.396797][ T30] audit: type=1400 audit(1757369985.305:7937): avc: denied { mounton } for pid=16606 comm="syz.1.4901" path="/338/file0/file0" dev="loop1" ino=1048860 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 1094.440923][T16624] incfs: Can't find or create .incomplete dir in ./file0 [ 1094.448264][T16624] incfs: mount failed -28 [ 1094.501067][T16627] overlayfs: failed to clone upperpath [ 1096.591104][T16653] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16653 comm=syz.0.4918 [ 1096.696811][T16664] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 1096.741465][ T30] audit: type=1400 audit(1757369987.635:7938): avc: denied { relabelto } for pid=16662 comm="syz.4.4922" name="461" dev="tmpfs" ino=2553 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 1096.768150][ T30] audit: type=1400 audit(1757369987.635:7939): avc: denied { associate } for pid=16662 comm="syz.4.4922" name="461" dev="tmpfs" ino=2553 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0" [ 1096.829369][ T30] audit: type=1400 audit(1757369987.635:7940): avc: denied { write } for pid=16662 comm="syz.4.4922" name="461" dev="tmpfs" ino=2553 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 1096.855867][ T30] audit: type=1400 audit(1757369987.635:7941): avc: denied { remove_name } for pid=16662 comm="syz.4.4922" name="bus" dev="tmpfs" ino=2558 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 1096.884992][T16670] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4919'. [ 1096.888457][ T30] audit: type=1400 audit(1757369987.635:7942): avc: denied { add_name } for pid=16662 comm="syz.4.4922" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 1096.929603][ T30] audit: type=1400 audit(1757369987.635:7943): avc: denied { unlink } for pid=9609 comm="syz-executor" name="bus" dev="tmpfs" ino=2559 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1096.953689][ T30] audit: type=1400 audit(1757369987.645:7944): avc: denied { rmdir } for pid=9609 comm="syz-executor" name="461" dev="tmpfs" ino=2553 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 1096.986282][ T30] audit: type=1326 audit(1757369987.645:7945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16666 comm="syz.0.4924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98385b1be9 code=0x7ffc0000 [ 1096.998722][T16675] loop2: detected capacity change from 0 to 256 [ 1097.151842][T16675] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 1097.202155][T16680] loop2: detected capacity change from 0 to 512 [ 1097.267537][T16680] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1097.288723][T16680] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16680 comm=syz.2.4928 [ 1097.302206][T16680] fuse: Bad value for 'fd' [ 1097.480277][T16686] loop2: detected capacity change from 0 to 512 [ 1097.492835][T16688] loop3: detected capacity change from 0 to 512 [ 1097.515160][T16688] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1097.534894][T16686] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1097.539203][T16688] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16688 comm=syz.3.4931 [ 1097.565847][T16688] fuse: Bad value for 'fd' [ 1097.642791][T16686] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16686 comm=syz.2.4930 [ 1097.663273][T16686] fuse: Bad value for 'fd' [ 1097.837407][T16707] loop1: detected capacity change from 0 to 512 [ 1097.896340][T16707] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1098.147679][T16707] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #2: block 9: comm syz.1.4938: lblock 0 mapped to illegal pblock 9 (length 1) [ 1098.207379][T16704] loop3: detected capacity change from 0 to 40427 [ 1098.224358][T16707] EXT4-fs (loop1): mount failed [ 1098.234767][T16704] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1098.282755][T16704] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1098.369206][T16717] attempt to access beyond end of device [ 1098.369206][T16717] loop3: rw=2049, want=79872, limit=40427 [ 1098.396001][T16717] attempt to access beyond end of device [ 1098.396001][T16717] loop3: rw=2049, want=81920, limit=40427 [ 1098.424592][T16717] attempt to access beyond end of device [ 1098.424592][T16717] loop3: rw=2049, want=51200, limit=40427 [ 1098.454783][T16720] loop1: detected capacity change from 0 to 512 [ 1098.461433][T16717] attempt to access beyond end of device [ 1098.461433][T16717] loop3: rw=2049, want=53248, limit=40427 [ 1098.483757][T16720] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1098.499880][T16717] attempt to access beyond end of device [ 1098.499880][T16717] loop3: rw=2049, want=59392, limit=40427 [ 1098.516634][T16717] attempt to access beyond end of device [ 1098.516634][T16717] loop3: rw=2049, want=61480, limit=40427 [ 1098.618136][T10142] attempt to access beyond end of device [ 1098.618136][T10142] loop3: rw=2049, want=45104, limit=40427 [ 1098.630216][T16720] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16720 comm=syz.1.4940 [ 1098.644052][T16720] fuse: Bad value for 'fd' [ 1099.496810][T16744] loop1: detected capacity change from 0 to 512 [ 1099.528463][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 1099.528478][ T30] audit: type=1400 audit(1757369990.435:7972): avc: denied { unmount } for pid=10142 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 1099.593285][T16744] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1099.621099][T16744] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16744 comm=syz.1.4946 [ 1099.648617][T16754] loop3: detected capacity change from 0 to 4096 [ 1099.652582][T16744] fuse: Bad value for 'fd' [ 1099.665127][ T30] audit: type=1400 audit(1757369990.575:7973): avc: denied { create } for pid=16752 comm="syz.4.4951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1099.684955][T16754] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 1099.692408][T16754] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1099.703689][T16754] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,inode_readahead_blks=0x0000000000000000,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 1099.735459][T16754] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 1100.007323][T16771] loop1: detected capacity change from 0 to 512 [ 1100.050625][T16771] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1100.090171][T16771] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16771 comm=syz.1.4956 [ 1100.103340][T16771] fuse: Bad value for 'fd' [ 1101.405163][T16789] loop2: detected capacity change from 0 to 512 [ 1101.441095][T16789] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1101.463872][T16789] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16789 comm=syz.2.4965 [ 1101.494963][T16789] fuse: Bad value for 'fd' [ 1101.521165][T16801] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16801 comm=syz.4.4964 [ 1101.659478][T16811] loop2: detected capacity change from 0 to 512 [ 1102.182099][T16811] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1102.214252][T16811] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16811 comm=syz.2.4971 [ 1102.228325][T16811] fuse: Bad value for 'fd' [ 1103.878291][T16846] loop3: detected capacity change from 0 to 256 [ 1103.895441][T16848] loop2: detected capacity change from 0 to 512 [ 1104.018919][T16848] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 1104.018919][T16848] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1104.018919][T16848] [ 1104.060653][T16848] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5 [ 1104.060653][T16848] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1104.060653][T16848] [ 1104.142660][T16848] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a80200a8, mo2=0102] [ 1104.160099][T16848] System zones: 1-12 [ 1104.166011][T16848] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.4979: error while reading EA inode 32 err=-116 [ 1104.166623][T16859] loop1: detected capacity change from 0 to 512 [ 1104.191653][T16848] EXT4-fs (loop2): Remounting filesystem read-only [ 1104.199570][T16848] EXT4-fs (loop2): 1 orphan inode deleted [ 1104.205558][T16848] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,debug,nouser_xattr,noacl,nojournal_checksum,jqfmt=vfsv1,abort,auto_da_alloc,minixdf,. Quota mode: none. [ 1104.255143][T16859] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 1104.281919][T16859] ext4 filesystem being mounted at /349/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1104.397975][T16864] FAULT_INJECTION: forcing a failure. [ 1104.397975][T16864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1104.411081][T16864] CPU: 1 PID: 16864 Comm: syz.2.4979 Not tainted syzkaller #0 [ 1104.418549][T16864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1104.428596][T16864] Call Trace: [ 1104.431867][T16864] [ 1104.434800][T16864] __dump_stack+0x21/0x30 [ 1104.439154][T16864] dump_stack_lvl+0xee/0x150 [ 1104.443744][T16864] ? show_regs_print_info+0x20/0x20 [ 1104.448937][T16864] ? __switch_to_asm+0x3a/0x60 [ 1104.453690][T16864] dump_stack+0x15/0x20 [ 1104.457838][T16864] should_fail+0x3c1/0x510 [ 1104.462251][T16864] should_fail_usercopy+0x1a/0x20 [ 1104.467268][T16864] _copy_from_user+0x20/0xd0 [ 1104.471852][T16864] kstrtouint_from_user+0xbe/0x200 [ 1104.476960][T16864] ? preempt_schedule_irq+0xbb/0x110 [ 1104.482252][T16864] ? kstrtol_from_user+0x260/0x260 [ 1104.487539][T16864] ? __switch_to_asm+0x3a/0x60 [ 1104.492304][T16864] ? irqentry_exit_cond_resched+0x29/0x30 [ 1104.498118][T16864] ? irqentry_exit+0x37/0x40 [ 1104.502803][T16864] proc_fail_nth_write+0x85/0x1f0 [ 1104.507830][T16864] ? proc_fail_nth_read+0x210/0x210 [ 1104.513024][T16864] ? proc_fail_nth_read+0x210/0x210 [ 1104.518217][T16864] vfs_write+0x3ee/0xf70 [ 1104.522460][T16864] ? file_end_write+0x1b0/0x1b0 [ 1104.527303][T16864] ? __kasan_check_write+0x14/0x20 [ 1104.532414][T16864] ? mutex_lock+0x95/0x1a0 [ 1104.536824][T16864] ? wait_for_completion_killable_timeout+0x10/0x10 [ 1104.543514][T16864] ? __fget_files+0x2c4/0x320 [ 1104.548200][T16864] ? __fdget_pos+0x2d2/0x380 [ 1104.552883][T16864] ? ksys_write+0x71/0x240 [ 1104.557296][T16864] ksys_write+0x140/0x240 [ 1104.561624][T16864] ? __ia32_sys_read+0x90/0x90 [ 1104.566395][T16864] ? __kasan_check_write+0x14/0x20 [ 1104.571521][T16864] ? switch_fpu_return+0x15d/0x2c0 [ 1104.576633][T16864] __x64_sys_write+0x7b/0x90 [ 1104.581222][T16864] x64_sys_call+0x8ef/0x9a0 [ 1104.585722][T16864] do_syscall_64+0x4c/0xa0 [ 1104.590135][T16864] ? clear_bhb_loop+0x50/0xa0 [ 1104.594816][T16864] ? clear_bhb_loop+0x50/0xa0 [ 1104.599591][T16864] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1104.605482][T16864] RIP: 0033:0x7fd33e5a069f [ 1104.609896][T16864] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1104.629518][T16864] RSP: 002b:00007fd33cfc8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1104.637926][T16864] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd33e5a069f [ 1104.645882][T16864] RDX: 0000000000000001 RSI: 00007fd33cfc80a0 RDI: 000000000000000a [ 1104.653923][T16864] RBP: 00007fd33cfc8090 R08: 0000000000000000 R09: 0000000000000000 [ 1104.661875][T16864] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1104.670000][T16864] R13: 00007fd33e7d9218 R14: 00007fd33e7d9180 R15: 00007ffc54a17638 [ 1104.677954][T16864] [ 1104.681217][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1105.309222][T16877] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16877 comm=syz.4.4989 [ 1105.538207][T16885] netlink: 71 bytes leftover after parsing attributes in process `syz.4.4992'. [ 1105.927586][ T30] audit: type=1400 audit(1757369996.835:7974): avc: denied { create } for pid=16901 comm="syz.4.4997" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1105.975664][ T30] audit: type=1400 audit(1757369996.855:7975): avc: denied { mounton } for pid=16901 comm="syz.4.4997" path="/480/file0" dev="tmpfs" ino=2669 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1106.022772][ T30] audit: type=1400 audit(1757369996.935:7976): avc: denied { unlink } for pid=9609 comm="syz-executor" name="file0" dev="tmpfs" ino=2669 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1106.338048][T16913] loop1: detected capacity change from 0 to 256 [ 1106.774783][ T30] audit: type=1400 audit(1757369997.685:7977): avc: denied { read } for pid=16918 comm="syz.0.5002" name="file0" dev="tmpfs" ino=2348 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1106.800533][ T30] audit: type=1400 audit(1757369997.705:7978): avc: denied { open } for pid=16918 comm="syz.0.5002" path="/422/file0" dev="tmpfs" ino=2348 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1106.910546][T16921] loop2: detected capacity change from 0 to 4096 [ 1106.940903][T16921] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1107.204494][T16921] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1107.223035][T16921] System zones: 0-5 [ 1107.240324][T16921] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 1107.747405][T16937] loop3: detected capacity change from 0 to 256 [ 1107.775705][T16937] FAULT_INJECTION: forcing a failure. [ 1107.775705][T16937] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1107.825603][T16937] CPU: 0 PID: 16937 Comm: syz.3.5006 Not tainted syzkaller #0 [ 1107.833099][T16937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1107.843153][T16937] Call Trace: [ 1107.846695][T16937] [ 1107.849740][T16937] __dump_stack+0x21/0x30 [ 1107.854184][T16937] dump_stack_lvl+0xee/0x150 [ 1107.858778][T16937] ? show_regs_print_info+0x20/0x20 [ 1107.863988][T16937] ? do_sys_openat2+0x6a7/0x7b0 [ 1107.868923][T16937] ? x64_sys_call+0x219/0x9a0 [ 1107.873594][T16937] ? _kstrtoull+0x3c0/0x4d0 [ 1107.878439][T16937] dump_stack+0x15/0x20 [ 1107.882589][T16937] should_fail+0x3c1/0x510 [ 1107.887004][T16937] should_fail_alloc_page+0x55/0x80 [ 1107.892197][T16937] prepare_alloc_pages+0x156/0x600 [ 1107.897302][T16937] ? __alloc_pages_bulk+0xab0/0xab0 [ 1107.902498][T16937] ? __kasan_check_write+0x14/0x20 [ 1107.907619][T16937] __alloc_pages+0x10a/0x440 [ 1107.912209][T16937] ? prep_new_page+0x110/0x110 [ 1107.916975][T16937] new_slab+0xa1/0x4d0 [ 1107.921044][T16937] ___slab_alloc+0x381/0x810 [ 1107.925631][T16937] ? __mutex_lock_slowpath+0x10/0x10 [ 1107.930915][T16937] ? getname_flags+0xb9/0x500 [ 1107.935592][T16937] ? getname_flags+0xb9/0x500 [ 1107.940265][T16937] __slab_alloc+0x49/0x90 [ 1107.944590][T16937] ? getname_flags+0xb9/0x500 [ 1107.949260][T16937] kmem_cache_alloc+0x138/0x260 [ 1107.954138][T16937] getname_flags+0xb9/0x500 [ 1107.958640][T16937] __x64_sys_mkdir+0x5f/0x80 [ 1107.963240][T16937] x64_sys_call+0x124/0x9a0 [ 1107.967744][T16937] do_syscall_64+0x4c/0xa0 [ 1107.972603][T16937] ? clear_bhb_loop+0x50/0xa0 [ 1107.977403][T16937] ? clear_bhb_loop+0x50/0xa0 [ 1107.982075][T16937] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1107.987977][T16937] RIP: 0033:0x7f303dcbebe9 [ 1107.992389][T16937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1108.012068][T16937] RSP: 002b:00007f303c727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1108.020465][T16937] RAX: ffffffffffffffda RBX: 00007f303def5fa0 RCX: 00007f303dcbebe9 [ 1108.028420][T16937] RDX: 0000000000000000 RSI: fffffffffffffffe RDI: 0000200000000300 [ 1108.036462][T16937] RBP: 00007f303c727090 R08: 0000000000000000 R09: 0000000000000000 [ 1108.044415][T16937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1108.052368][T16937] R13: 00007f303def6038 R14: 00007f303def5fa0 R15: 00007ffe571722d8 [ 1108.060327][T16937] [ 1108.145510][ T30] audit: type=1400 audit(1757369999.055:7979): avc: denied { execute } for pid=16920 comm="syz.2.5003" path="/366/file0/file0/cgroup.controllers" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1108.456566][T16951] netlink: 184 bytes leftover after parsing attributes in process `syz.1.5010'. [ 1108.545905][T16950] loop2: detected capacity change from 0 to 40427 [ 1108.564911][T16950] F2FS-fs (loop2): invalid crc value [ 1108.592976][T16950] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1108.649624][T16950] F2FS-fs (loop2): Start checkpoint disabled! [ 1108.656537][T16950] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 1109.040633][T16957] FAULT_INJECTION: forcing a failure. [ 1109.040633][T16957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1109.053773][T16957] CPU: 0 PID: 16957 Comm: syz.2.5009 Not tainted syzkaller #0 [ 1109.061243][T16957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1109.071296][T16957] Call Trace: [ 1109.074575][T16957] [ 1109.077496][T16957] __dump_stack+0x21/0x30 [ 1109.081827][T16957] dump_stack_lvl+0xee/0x150 [ 1109.086849][T16957] ? show_regs_print_info+0x20/0x20 [ 1109.092219][T16957] ? __kernel_text_address+0xa0/0x100 [ 1109.097597][T16957] dump_stack+0x15/0x20 [ 1109.101833][T16957] should_fail+0x3c1/0x510 [ 1109.106244][T16957] should_fail_usercopy+0x1a/0x20 [ 1109.111266][T16957] _copy_from_user+0x20/0xd0 [ 1109.115865][T16957] __copy_msghdr_from_user+0x448/0x5e0 [ 1109.121326][T16957] ? __ia32_sys_shutdown+0x1e0/0x1e0 [ 1109.126602][T16957] ? kasan_set_track+0x5b/0x70 [ 1109.131358][T16957] ? kasan_set_track+0x4a/0x70 [ 1109.136109][T16957] ? kasan_set_free_info+0x23/0x40 [ 1109.141216][T16957] ? ____kasan_slab_free+0x125/0x160 [ 1109.146491][T16957] ? __kasan_slab_free+0x11/0x20 [ 1109.151497][T16957] ? kmem_cache_free+0x100/0x320 [ 1109.156433][T16957] ___sys_sendmsg+0x156/0x260 [ 1109.161112][T16957] ? _kstrtoull+0x3c0/0x4d0 [ 1109.165697][T16957] ? __sys_sendmsg+0x250/0x250 [ 1109.170466][T16957] ? __fdget+0x1a1/0x230 [ 1109.174711][T16957] __sys_sendmmsg+0x278/0x480 [ 1109.179391][T16957] ? __ia32_sys_sendmsg+0x2a0/0x2a0 [ 1109.184591][T16957] ? __ia32_sys_read+0x90/0x90 [ 1109.189350][T16957] __x64_sys_sendmmsg+0xa0/0xb0 [ 1109.194196][T16957] x64_sys_call+0x6c6/0x9a0 [ 1109.198687][T16957] do_syscall_64+0x4c/0xa0 [ 1109.203099][T16957] ? clear_bhb_loop+0x50/0xa0 [ 1109.207768][T16957] ? clear_bhb_loop+0x50/0xa0 [ 1109.212438][T16957] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1109.218325][T16957] RIP: 0033:0x7fd33e5a1be9 [ 1109.222733][T16957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1109.242599][T16957] RSP: 002b:00007fd33cfe9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1109.251005][T16957] RAX: ffffffffffffffda RBX: 00007fd33e7d9090 RCX: 00007fd33e5a1be9 [ 1109.258962][T16957] RDX: 0000000000000003 RSI: 0000200000004540 RDI: 0000000000000004 [ 1109.266938][T16957] RBP: 00007fd33cfe9090 R08: 0000000000000000 R09: 0000000000000000 [ 1109.274893][T16957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1109.283018][T16957] R13: 00007fd33e7d9128 R14: 00007fd33e7d9090 R15: 00007ffc54a17638 [ 1109.290977][T16957] [ 1109.833522][T16964] incfs_lookup_dentry err:-5 [ 1109.846587][T16964] incfs: Can't find or create .index dir in ./file0 [ 1109.853460][T16964] incfs: mount failed -5 [ 1111.392998][T16979] loop2: detected capacity change from 0 to 512 [ 1111.444121][T16979] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1111.478102][T16979] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=16979 comm=syz.2.5017 [ 1111.518832][T16979] fuse: Bad value for 'fd' [ 1111.605637][T16987] loop1: detected capacity change from 0 to 4096 [ 1111.640955][T16987] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1111.651465][T16987] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1111.660234][T16987] System zones: 0-5 [ 1111.665088][T16987] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 1111.751872][ T559] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1111.954068][T17003] loop2: detected capacity change from 0 to 512 [ 1111.994330][T17003] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1112.001862][T17003] EXT4-fs (loop2): Test dummy encryption mode enabled [ 1112.008793][T17003] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 1112.015984][T17003] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1112.128776][T17003] EXT4-fs (loop2): 1 truncate cleaned up [ 1112.134530][T17003] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 1112.156435][T17003] FAULT_INJECTION: forcing a failure. [ 1112.156435][T17003] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1112.169833][T17003] CPU: 0 PID: 17003 Comm: syz.2.5024 Not tainted syzkaller #0 [ 1112.177388][T17003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1112.187426][T17003] Call Trace: [ 1112.190708][T17003] [ 1112.193654][T17003] __dump_stack+0x21/0x30 [ 1112.198067][T17003] dump_stack_lvl+0xee/0x150 [ 1112.202638][T17003] ? show_regs_print_info+0x20/0x20 [ 1112.207828][T17003] ? pick_next_pushable_task+0x210/0x210 [ 1112.213445][T17003] dump_stack+0x15/0x20 [ 1112.217581][T17003] should_fail+0x3c1/0x510 [ 1112.222021][T17003] should_fail_alloc_page+0x55/0x80 [ 1112.227202][T17003] prepare_alloc_pages+0x156/0x600 [ 1112.232303][T17003] ? __alloc_pages_bulk+0xab0/0xab0 [ 1112.237569][T17003] __alloc_pages+0x10a/0x440 [ 1112.242139][T17003] ? prep_new_page+0x110/0x110 [ 1112.246884][T17003] ? find_lowest_rq+0x172/0x660 [ 1112.251716][T17003] ? release_firmware_map_entry+0x190/0x190 [ 1112.257606][T17003] new_slab+0xa1/0x4d0 [ 1112.261666][T17003] ___slab_alloc+0x381/0x810 [ 1112.266242][T17003] ? security_file_permission+0x79/0xa0 [ 1112.271891][T17003] ? getname_flags+0xb9/0x500 [ 1112.276562][T17003] ? getname_flags+0xb9/0x500 [ 1112.281307][T17003] __slab_alloc+0x49/0x90 [ 1112.285618][T17003] ? getname_flags+0xb9/0x500 [ 1112.290276][T17003] kmem_cache_alloc+0x138/0x260 [ 1112.295110][T17003] getname_flags+0xb9/0x500 [ 1112.299596][T17003] getname+0x19/0x20 [ 1112.303472][T17003] do_sys_openat2+0xd9/0x7b0 [ 1112.308045][T17003] ? __kasan_check_write+0x14/0x20 [ 1112.313141][T17003] ? fput_many+0x15a/0x1a0 [ 1112.317541][T17003] ? do_sys_open+0xe0/0xe0 [ 1112.322027][T17003] ? fput+0x1a/0x20 [ 1112.325822][T17003] ? ksys_write+0x1eb/0x240 [ 1112.330307][T17003] __x64_sys_openat+0x136/0x160 [ 1112.335138][T17003] x64_sys_call+0x219/0x9a0 [ 1112.339628][T17003] do_syscall_64+0x4c/0xa0 [ 1112.344028][T17003] ? clear_bhb_loop+0x50/0xa0 [ 1112.348694][T17003] ? clear_bhb_loop+0x50/0xa0 [ 1112.353352][T17003] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1112.359239][T17003] RIP: 0033:0x7fd33e5a1be9 [ 1112.363639][T17003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1112.383441][T17003] RSP: 002b:00007fd33cfc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1112.391838][T17003] RAX: ffffffffffffffda RBX: 00007fd33e7d9180 RCX: 00007fd33e5a1be9 [ 1112.399792][T17003] RDX: 000000000000275a RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1112.407749][T17003] RBP: 00007fd33cfc8090 R08: 0000000000000000 R09: 0000000000000000 [ 1112.415710][T17003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1112.423667][T17003] R13: 00007fd33e7d9218 R14: 00007fd33e7d9180 R15: 00007ffc54a17638 [ 1112.431636][T17003] [ 1113.532394][ T559] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1113.603384][ T559] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1113.694799][ T559] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1113.722198][ T559] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1113.740544][ T559] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1113.762490][ T559] usb 4-1: config 0 descriptor?? [ 1113.948534][T17021] loop1: detected capacity change from 0 to 512 [ 1113.983070][T17021] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 1113.990334][T17021] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1113.997288][T17021] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 1114.004711][T17021] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1114.016597][T17021] EXT4-fs (loop1): 1 truncate cleaned up [ 1114.022360][T17021] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 1114.242563][ T559] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 1114.250043][ T559] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 1114.257629][ T559] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 1114.265169][ T559] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 1114.272842][ T559] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 1114.280344][ T559] plantronics 0003:047F:FFFF.004A: unknown main item tag 0x0 [ 1114.287739][ T559] plantronics 0003:047F:FFFF.004A: report_id 0 is invalid [ 1114.294879][ T559] plantronics 0003:047F:FFFF.004A: item 0 1 1 8 parsing failed [ 1114.302684][ T559] plantronics 0003:047F:FFFF.004A: parse failed [ 1114.308964][ T559] plantronics: probe of 0003:047F:FFFF.004A failed with error -22 [ 1114.444330][ T394] usb 4-1: USB disconnect, device number 111 [ 1114.611853][ T559] usb 3-1: new full-speed USB device number 108 using dummy_hcd [ 1114.631123][T17032] fuse: Bad value for 'group_id' [ 1114.824681][T17023] 9pnet: p9_fd_create_tcp (17023): problem connecting socket to 127.0.0.1 [ 1115.021949][ T559] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 1115.035483][ T559] usb 3-1: New USB device found, idVendor=06a3, idProduct=0cd0, bcdDevice= 0.00 [ 1115.044944][ T559] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1115.061776][ T559] usb 3-1: config 0 descriptor?? [ 1115.069339][T17044] loop3: detected capacity change from 0 to 4096 [ 1115.349674][T17044] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1115.362938][T17044] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1115.371456][T17044] System zones: 0-5 [ 1115.376315][T17044] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 1117.201917][ T559] usbhid 3-1:0.0: can't add hid device: -71 [ 1117.207910][ T559] usbhid: probe of 3-1:0.0 failed with error -71 [ 1117.235867][ T559] usb 3-1: USB disconnect, device number 108 [ 1117.673403][ T30] audit: type=1326 audit(1757370008.585:7980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.217601][T17092] loop3: detected capacity change from 0 to 40427 [ 1118.297733][T17092] F2FS-fs (loop3): Unrecognized mount option "errors=continue" or missing value [ 1118.354701][ T30] audit: type=1326 audit(1757370008.585:7981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.471948][ T30] audit: type=1326 audit(1757370008.655:7982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.497105][ T30] audit: type=1326 audit(1757370008.655:7983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.551891][ T30] audit: type=1326 audit(1757370008.655:7984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.687686][ T30] audit: type=1326 audit(1757370008.655:7985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.901409][ T30] audit: type=1326 audit(1757370008.655:7986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1118.958698][ T30] audit: type=1326 audit(1757370008.655:7987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1119.014060][ T30] audit: type=1326 audit(1757370008.655:7988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1119.085990][T17089] loop2: detected capacity change from 0 to 40427 [ 1119.094654][ T30] audit: type=1326 audit(1757370008.705:7989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17090 comm="syz.4.5050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25c6652be9 code=0x7ffc0000 [ 1119.117326][T17089] F2FS-fs (loop2): fault_type options not supported [ 1119.128478][T17089] F2FS-fs (loop2): invalid crc value [ 1119.148089][T17089] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 1119.188932][T17089] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1119.390135][T17117] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5055'. [ 1119.442882][T17123] loop2: detected capacity change from 0 to 512 [ 1119.478749][T17124] loop3: detected capacity change from 0 to 512 [ 1119.489847][T17123] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1119.511920][T17123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=17123 comm=syz.2.5056 [ 1119.525815][T17123] fuse: Bad value for 'fd' [ 1119.534983][T17124] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 1119.542290][T17124] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1119.549159][T17124] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 1119.556367][T17124] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1119.573302][T17124] EXT4-fs (loop3): 1 truncate cleaned up [ 1119.579156][T17124] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 1119.973920][T17146] loop2: detected capacity change from 0 to 512 [ 1120.008060][T17146] EXT4-fs (loop2): Journaled quota options ignored when QUOTA feature is enabled [ 1120.051943][ T394] usb 2-1: new full-speed USB device number 97 using dummy_hcd [ 1120.492297][ T394] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 1120.565741][ T394] usb 2-1: New USB device found, idVendor=06a3, idProduct=0cd0, bcdDevice= 0.00 [ 1120.654049][ T394] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.736205][ T394] usb 2-1: config 0 descriptor?? [ 1120.865774][T17145] loop2: detected capacity change from 0 to 1024 [ 1121.094773][T17145] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1121.105405][T17145] ext4 filesystem being mounted at /379/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1121.528755][ T336] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm kworker/u4:4: bg 0: block 393: padding at end of block bitmap is not set [ 1121.543715][ T336] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 1 with error 28 [ 1121.556306][ T336] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1121.556306][ T336] [ 1121.566520][ T336] EXT4-fs (loop2): Total free blocks count 0 [ 1121.572549][ T336] EXT4-fs (loop2): Free/Dirty block details [ 1121.578556][ T336] EXT4-fs (loop2): free_blocks=0 [ 1121.579096][T17162] FAULT_INJECTION: forcing a failure. [ 1121.579096][T17162] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1121.597246][ T394] usbhid 2-1:0.0: can't add hid device: -71 [ 1121.603452][ T394] usbhid: probe of 2-1:0.0 failed with error -71 [ 1121.612501][ T394] usb 2-1: USB disconnect, device number 97 [ 1121.618456][T17162] CPU: 1 PID: 17162 Comm: syz.3.5070 Not tainted syzkaller #0 [ 1121.625915][T17162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1121.635972][T17162] Call Trace: [ 1121.637860][ T336] EXT4-fs (loop2): dirty_blocks=16 [ 1121.639245][T17162] [ 1121.639254][T17162] __dump_stack+0x21/0x30 [ 1121.644428][ T336] EXT4-fs (loop2): Block reservation details [ 1121.647253][T17162] dump_stack_lvl+0xee/0x150 [ 1121.651584][ T336] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 1121.657507][T17162] ? show_regs_print_info+0x20/0x20 [ 1121.657530][T17162] dump_stack+0x15/0x20 [ 1121.677511][T17162] should_fail+0x3c1/0x510 [ 1121.681923][T17162] should_fail_usercopy+0x1a/0x20 [ 1121.686929][T17162] strncpy_from_user+0x24/0x2e0 [ 1121.691773][T17162] ? kmem_cache_alloc+0xf7/0x260 [ 1121.696700][T17162] getname_flags+0xf4/0x500 [ 1121.701187][T17162] __x64_sys_rename+0x5f/0x90 [ 1121.705852][T17162] x64_sys_call+0x680/0x9a0 [ 1121.710336][T17162] do_syscall_64+0x4c/0xa0 [ 1121.714736][T17162] ? clear_bhb_loop+0x50/0xa0 [ 1121.719394][T17162] ? clear_bhb_loop+0x50/0xa0 [ 1121.724052][T17162] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1121.729934][T17162] RIP: 0033:0x7f303dcbebe9 [ 1121.734342][T17162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1121.753935][T17162] RSP: 002b:00007f303c727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 1121.762339][T17162] RAX: ffffffffffffffda RBX: 00007f303def5fa0 RCX: 00007f303dcbebe9 [ 1121.770295][T17162] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000200000000040 [ 1121.778247][T17162] RBP: 00007f303c727090 R08: 0000000000000000 R09: 0000000000000000 [ 1121.786199][T17162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1121.794153][T17162] R13: 00007f303def6038 R14: 00007f303def5fa0 R15: 00007ffe571722d8 [ 1121.802212][T17162] [ 1121.869451][T17172] FAULT_INJECTION: forcing a failure. [ 1121.869451][T17172] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1121.882641][T17172] CPU: 0 PID: 17172 Comm: syz.3.5073 Not tainted syzkaller #0 [ 1121.890105][T17172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1121.900155][T17172] Call Trace: [ 1121.903422][T17172] [ 1121.906523][T17172] __dump_stack+0x21/0x30 [ 1121.910880][T17172] dump_stack_lvl+0xee/0x150 [ 1121.915458][T17172] ? show_regs_print_info+0x20/0x20 [ 1121.920768][T17172] dump_stack+0x15/0x20 [ 1121.924923][T17172] should_fail+0x3c1/0x510 [ 1121.929351][T17172] should_fail_usercopy+0x1a/0x20 [ 1121.934365][T17172] _copy_from_user+0x20/0xd0 [ 1121.938942][T17172] strndup_user+0xb1/0x150 [ 1121.943341][T17172] __se_sys_mount+0x9c/0x380 [ 1121.947913][T17172] ? fput+0x1a/0x20 [ 1121.951706][T17172] ? __x64_sys_mount+0xd0/0xd0 [ 1121.956466][T17172] ? __ia32_sys_read+0x90/0x90 [ 1121.961210][T17172] __x64_sys_mount+0xbf/0xd0 [ 1121.965802][T17172] x64_sys_call+0x6bf/0x9a0 [ 1121.970285][T17172] do_syscall_64+0x4c/0xa0 [ 1121.974691][T17172] ? clear_bhb_loop+0x50/0xa0 [ 1121.979356][T17172] ? clear_bhb_loop+0x50/0xa0 [ 1121.984111][T17172] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1121.990013][T17172] RIP: 0033:0x7f303dcbebe9 [ 1121.994421][T17172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1122.014188][T17172] RSP: 002b:00007f303c727038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1122.022671][T17172] RAX: ffffffffffffffda RBX: 00007f303def5fa0 RCX: 00007f303dcbebe9 [ 1122.030634][T17172] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000 [ 1122.038593][T17172] RBP: 00007f303c727090 R08: 0000200000000780 R09: 0000000000000000 [ 1122.046544][T17172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1122.054501][T17172] R13: 00007f303def6038 R14: 00007f303def5fa0 R15: 00007ffe571722d8 [ 1122.062461][T17172] [ 1122.082383][T17174] overlayfs: failed to resolve './file0': -2 [ 1122.103997][T17176] 9pnet: Insufficient options for proto=fd [ 1122.144563][T17180] overlayfs: failed to clone upperpath [ 1122.275472][T17188] 9pnet: Insufficient options for proto=fd [ 1122.390098][T17192] netlink: 'syz.4.5078': attribute type 27 has an invalid length. [ 1122.596801][T17196] loop2: detected capacity change from 0 to 256 [ 1123.430051][T17220] loop3: detected capacity change from 0 to 512 [ 1123.538011][T17220] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resgid=0x0000000000000000,discard,,errors=continue. Quota mode: none. [ 1123.556675][T17220] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pid=17220 comm=syz.3.5094 [ 1123.571181][T17220] fuse: Bad value for 'fd' [ 1123.767670][T17240] loop2: detected capacity change from 0 to 1024 [ 1123.814301][T17240] EXT4-fs (loop2): Ignoring removed bh option [ 1123.883303][T17240] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 2: comm syz.2.5098: lblock 2 mapped to illegal pblock 2 (length 1) [ 1123.898118][T17240] __quota_error: 42 callbacks suppressed [ 1123.898144][T17240] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 1123.912147][T17240] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 48: comm syz.2.5098: lblock 0 mapped to illegal pblock 48 (length 1) [ 1123.929045][T17240] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 1123.937916][T17240] EXT4-fs error (device loop2): ext4_acquire_dquot:6200: comm syz.2.5098: Failed to acquire dquot type 0 [ 1123.950418][T17240] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1123.960960][T17240] EXT4-fs error (device loop2): ext4_evict_inode:283: inode #11: comm syz.2.5098: mark_inode_dirty error [ 1123.973342][T17240] EXT4-fs warning (device loop2): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 1123.983761][T17240] EXT4-fs (loop2): 1 orphan inode deleted [ 1123.989516][T17240] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x0000000000000001,nodelalloc,inlinecrypt,,errors=continue. Quota mode: writeback. [ 1124.037467][T17240] netlink: 'syz.2.5098': attribute type 27 has an invalid length. [ 1124.049734][T17240] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #2: block 16: comm syz.2.5098: lblock 0 mapped to illegal pblock 16 (length 1) [ 1124.064510][ T45] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 1124.254980][ T45] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 1124.357670][ T45] EXT4-fs error (device loop2): ext4_release_dquot:6236: comm kworker/u4:2: Failed to release dquot type 0 [ 1124.422033][ T30] audit: type=1400 audit(1757370015.245:8032): avc: denied { append } for pid=17243 comm="syz.3.5101" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 1124.663779][T17255] fuse: Unknown parameter 'ÿbÉÛ*Ì"+ŦªD±ª_užª9ª}jáþ„' [ 1124.711224][ T9910] EXT4-fs error (device loop2): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1124.762609][ T9910] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5867: Corrupt filesystem [ 1124.821965][ T9910] EXT4-fs error (device loop2): ext4_quota_off:6506: inode #3: comm syz-executor: mark_inode_dirty error [ 1124.889079][T17260] FAULT_INJECTION: forcing a failure. [ 1124.889079][T17260] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1124.932125][T17260] CPU: 0 PID: 17260 Comm: syz.3.5108 Not tainted syzkaller #0 [ 1124.939614][T17260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1124.949703][T17260] Call Trace: [ 1124.953033][T17260] [ 1124.955971][T17260] __dump_stack+0x21/0x30 [ 1124.960307][T17260] dump_stack_lvl+0xee/0x150 [ 1124.964891][T17260] ? show_regs_print_info+0x20/0x20 [ 1124.970090][T17260] dump_stack+0x15/0x20 [ 1124.974237][T17260] should_fail+0x3c1/0x510 [ 1124.978647][T17260] should_fail_usercopy+0x1a/0x20 [ 1124.983767][T17260] _copy_to_user+0x20/0x90 [ 1124.988187][T17260] simple_read_from_buffer+0xe9/0x160 [ 1124.993651][T17260] proc_fail_nth_read+0x19a/0x210 [ 1124.998682][T17260] ? proc_fault_inject_write+0x2f0/0x2f0 [ 1125.004311][T17260] ? security_file_permission+0x83/0xa0 [ 1125.009859][T17260] ? proc_fault_inject_write+0x2f0/0x2f0 [ 1125.015506][T17260] vfs_read+0x282/0xbe0 [ 1125.019674][T17260] ? kernel_read+0x1f0/0x1f0 [ 1125.024259][T17260] ? __kasan_check_write+0x14/0x20 [ 1125.029455][T17260] ? mutex_lock+0x95/0x1a0 [ 1125.033867][T17260] ? wait_for_completion_killable_timeout+0x10/0x10 [ 1125.040452][T17260] ? __fget_files+0x2c4/0x320 [ 1125.045126][T17260] ? __fdget_pos+0x2d2/0x380 [ 1125.049713][T17260] ? ksys_read+0x71/0x240 [ 1125.054039][T17260] ksys_read+0x140/0x240 [ 1125.058271][T17260] ? vfs_write+0xf70/0xf70 [ 1125.062677][T17260] ? debug_smp_processor_id+0x17/0x20 [ 1125.068045][T17260] __x64_sys_read+0x7b/0x90 [ 1125.072541][T17260] x64_sys_call+0x96d/0x9a0 [ 1125.077038][T17260] do_syscall_64+0x4c/0xa0 [ 1125.081447][T17260] ? clear_bhb_loop+0x50/0xa0 [ 1125.086121][T17260] ? clear_bhb_loop+0x50/0xa0 [ 1125.090801][T17260] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1125.096690][T17260] RIP: 0033:0x7f303dcbd5fc [ 1125.101097][T17260] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1125.120719][T17260] RSP: 002b:00007f303c727030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1125.129134][T17260] RAX: ffffffffffffffda RBX: 00007f303def5fa0 RCX: 00007f303dcbd5fc [ 1125.137107][T17260] RDX: 000000000000000f RSI: 00007f303c7270a0 RDI: 000000000000000b [ 1125.145114][T17260] RBP: 00007f303c727090 R08: 0000000000000000 R09: 0000000000000000 [ 1125.153285][T17260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1125.161254][T17260] R13: 00007f303def6038 R14: 00007f303def5fa0 R15: 00007ffe571722d8 [ 1125.169230][T17260] [ 1125.497361][T17274] FAULT_INJECTION: forcing a failure. [ 1125.497361][T17274] name failslab, interval 1, probability 0, space 0, times 0 [ 1125.511059][T17274] CPU: 1 PID: 17274 Comm: syz.2.5110 Not tainted syzkaller #0 [ 1125.518537][T17274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1125.528595][T17274] Call Trace: [ 1125.531877][T17274] [ 1125.534809][T17274] __dump_stack+0x21/0x30 [ 1125.535055][T17267] loop1: detected capacity change from 0 to 4096 [ 1125.539144][T17274] dump_stack_lvl+0xee/0x150 [ 1125.539169][T17274] ? show_regs_print_info+0x20/0x20 [ 1125.555227][T17274] ? _raw_spin_unlock+0x4d/0x70 [ 1125.560087][T17274] dump_stack+0x15/0x20 [ 1125.564243][T17274] should_fail+0x3c1/0x510 [ 1125.568657][T17274] __should_failslab+0xa4/0xe0 [ 1125.573423][T17274] should_failslab+0x9/0x20 [ 1125.577922][T17274] slab_pre_alloc_hook+0x3b/0xe0 [ 1125.582845][T17274] ? dst_alloc+0x15c/0x1d0 [ 1125.587245][T17274] kmem_cache_alloc+0x44/0x260 [ 1125.591995][T17274] dst_alloc+0x15c/0x1d0 [ 1125.596219][T17274] ip_route_output_key_hash_rcu+0x12d7/0x20e0 [ 1125.602271][T17274] ip_route_output_flow+0x123/0x2d0 [ 1125.607451][T17274] ? ipv4_sk_update_pmtu+0x1320/0x1320 [ 1125.612894][T17274] ? memcpy+0x56/0x70 [ 1125.616862][T17274] udp_sendmsg+0x1241/0x20b0 [ 1125.621438][T17274] ? avc_denied+0x1b0/0x1b0 [ 1125.625939][T17274] ? ip_skb_dst_mtu+0x630/0x630 [ 1125.630774][T17274] ? udp_cmsg_send+0x330/0x330 [ 1125.635553][T17274] ? avc_has_perm+0x158/0x240 [ 1125.640300][T17274] ? avc_has_perm_noaudit+0x460/0x460 [ 1125.645657][T17274] ? irqentry_exit+0x37/0x40 [ 1125.650238][T17274] ? inet_send_prepare+0x60/0x4c0 [ 1125.655680][T17274] inet_sendmsg+0xa5/0xc0 [ 1125.659996][T17274] ? inet_send_prepare+0x4c0/0x4c0 [ 1125.665120][T17274] ____sys_sendmsg+0x5a2/0x8c0 [ 1125.669878][T17274] ? __sys_sendmsg_sock+0x40/0x40 [ 1125.674893][T17274] ? import_iovec+0x7c/0xb0 [ 1125.679398][T17274] ___sys_sendmsg+0x1f0/0x260 [ 1125.684058][T17274] ? _kstrtoull+0x3c0/0x4d0 [ 1125.688548][T17274] ? __sys_sendmsg+0x250/0x250 [ 1125.693298][T17274] ? __fdget+0x1a1/0x230 [ 1125.697527][T17274] __sys_sendmmsg+0x278/0x480 [ 1125.702195][T17274] ? __ia32_sys_sendmsg+0x2a0/0x2a0 [ 1125.707398][T17274] ? __ia32_sys_read+0x90/0x90 [ 1125.712144][T17274] __x64_sys_sendmmsg+0xa0/0xb0 [ 1125.716994][T17274] x64_sys_call+0x6c6/0x9a0 [ 1125.721489][T17274] do_syscall_64+0x4c/0xa0 [ 1125.726159][T17274] ? clear_bhb_loop+0x50/0xa0 [ 1125.730913][T17274] ? clear_bhb_loop+0x50/0xa0 [ 1125.735573][T17274] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1125.741454][T17274] RIP: 0033:0x7fd33e5a1be9 [ 1125.745852][T17274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1125.765619][T17274] RSP: 002b:00007fd33d00a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1125.774027][T17274] RAX: ffffffffffffffda RBX: 00007fd33e7d8fa0 RCX: 00007fd33e5a1be9 [ 1125.782074][T17274] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003 [ 1125.790033][T17274] RBP: 00007fd33d00a090 R08: 0000000000000000 R09: 0000000000000000 [ 1125.798042][T17274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1125.805994][T17274] R13: 00007fd33e7d9038 R14: 00007fd33e7d8fa0 R15: 00007ffc54a17638 [ 1125.814038][T17274] [ 1125.925261][T17267] EXT4-fs (loop1): Test dummy encryption mode enabled [ 1125.936392][T17303] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5125'. [ 1125.960883][T17267] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 1125.977782][T17267] System zones: 0-5 [ 1126.012864][T17267] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 1126.210262][ T30] audit: type=1400 audit(1757370017.115:8033): avc: denied { create } for pid=17340 comm="syz.2.5143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 1126.277504][T17344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1235 sclass=netlink_route_socket pid=17344 comm=syz.2.5144 [ 1126.649178][ T30] audit: type=1400 audit(1757370017.555:8034): avc: denied { bind } for pid=17363 comm="syz.1.5151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1126.699112][ T30] audit: type=1400 audit(1757370017.595:8035): avc: denied { read } for pid=17363 comm="syz.1.5151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1126.746372][ T30] audit: type=1400 audit(1757370017.655:8036): avc: denied { setopt } for pid=17363 comm="syz.1.5151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1127.004107][ T30] audit: type=1400 audit(1757370017.915:8037): avc: denied { create } for pid=17402 comm="syz.0.5170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1127.012696][T17410] syz.4.5172[17410] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1127.024414][T17410] syz.4.5172[17410] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1127.068241][T17421] ================================================================== [ 1127.087732][T17421] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1127.097098][T17421] Read of size 1 at addr ffff888117feabf8 by task syz.4.5178/17421 [ 1127.104986][T17421] [ 1127.107297][T17421] CPU: 1 PID: 17421 Comm: syz.4.5178 Not tainted syzkaller #0 [ 1127.114742][T17421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1127.124870][T17421] Call Trace: [ 1127.128151][T17421] [ 1127.131063][T17421] __dump_stack+0x21/0x30 [ 1127.135379][T17421] dump_stack_lvl+0xee/0x150 [ 1127.139956][T17421] ? show_regs_print_info+0x20/0x20 [ 1127.145139][T17421] ? load_image+0x3a0/0x3a0 [ 1127.149623][T17421] print_address_description+0x7f/0x2c0 [ 1127.155157][T17421] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1127.161651][T17421] kasan_report+0xf1/0x140 [ 1127.166057][T17421] ? xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1127.172541][T17421] __asan_report_load1_noabort+0x14/0x20 [ 1127.178162][T17421] xfrm_policy_inexact_list_reinsert+0x620/0x6d0 [ 1127.184483][T17421] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 1127.190621][T17421] ? xfrm_netlink_rcv+0x72/0x90 [ 1127.195456][T17421] ? netlink_unicast+0x876/0xa40 [ 1127.200418][T17421] ? netlink_sendmsg+0x86a/0xb70 [ 1127.205465][T17421] ? ____sys_sendmsg+0x5a2/0x8c0 [ 1127.210392][T17421] ? ___sys_sendmsg+0x1f0/0x260 [ 1127.215242][T17421] ? x64_sys_call+0x4b/0x9a0 [ 1127.219815][T17421] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1127.225870][T17421] xfrm_policy_inexact_alloc_chain+0x53a/0xb30 [ 1127.232099][T17421] xfrm_policy_inexact_insert+0x70/0x1130 [ 1127.237812][T17421] ? __get_hash_thresh+0x10c/0x420 [ 1127.242910][T17421] ? policy_hash_bysel+0x110/0x4f0 [ 1127.248020][T17421] xfrm_policy_insert+0x126/0x9a0 [ 1127.253033][T17421] ? xfrm_policy_construct+0x54f/0x1f00 [ 1127.258568][T17421] xfrm_add_policy+0x4d1/0x830 [ 1127.263408][T17421] ? xfrm_dump_sa_done+0xc0/0xc0 [ 1127.268338][T17421] xfrm_user_rcv_msg+0x45c/0x6e0 [ 1127.273359][T17421] ? xfrm_netlink_rcv+0x90/0x90 [ 1127.278211][T17421] ? avc_has_perm_noaudit+0x460/0x460 [ 1127.283568][T17421] ? x64_sys_call+0x4b/0x9a0 [ 1127.288143][T17421] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 1127.293500][T17421] netlink_rcv_skb+0x1e0/0x430 [ 1127.298248][T17421] ? xfrm_netlink_rcv+0x90/0x90 [ 1127.303096][T17421] ? netlink_ack+0xb60/0xb60 [ 1127.307758][T17421] ? wait_for_completion_killable_timeout+0x10/0x10 [ 1127.314425][T17421] ? __netlink_lookup+0x387/0x3b0 [ 1127.319438][T17421] xfrm_netlink_rcv+0x72/0x90 [ 1127.324101][T17421] netlink_unicast+0x876/0xa40 [ 1127.328850][T17421] netlink_sendmsg+0x86a/0xb70 [ 1127.333600][T17421] ? netlink_getsockopt+0x530/0x530 [ 1127.338781][T17421] ? sock_alloc_file+0xba/0x260 [ 1127.343619][T17421] ? security_socket_sendmsg+0x82/0xa0 [ 1127.349065][T17421] ? netlink_getsockopt+0x530/0x530 [ 1127.354246][T17421] ____sys_sendmsg+0x5a2/0x8c0 [ 1127.358996][T17421] ? __sys_sendmsg_sock+0x40/0x40 [ 1127.364095][T17421] ? import_iovec+0x7c/0xb0 [ 1127.368589][T17421] ___sys_sendmsg+0x1f0/0x260 [ 1127.373268][T17421] ? __sys_sendmsg+0x250/0x250 [ 1127.378020][T17421] ? __fdget+0x1a1/0x230 [ 1127.382291][T17421] __x64_sys_sendmsg+0x1e2/0x2a0 [ 1127.387221][T17421] ? ___sys_sendmsg+0x260/0x260 [ 1127.392274][T17421] ? __kasan_check_write+0x14/0x20 [ 1127.397377][T17421] ? switch_fpu_return+0x15d/0x2c0 [ 1127.402480][T17421] x64_sys_call+0x4b/0x9a0 [ 1127.406884][T17421] do_syscall_64+0x4c/0xa0 [ 1127.411289][T17421] ? clear_bhb_loop+0x50/0xa0 [ 1127.415966][T17421] ? clear_bhb_loop+0x50/0xa0 [ 1127.420637][T17421] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1127.426526][T17421] RIP: 0033:0x7f25c6652be9 [ 1127.430929][T17421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1127.450521][T17421] RSP: 002b:00007f25c50bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1127.458920][T17421] RAX: ffffffffffffffda RBX: 00007f25c6889fa0 RCX: 00007f25c6652be9 [ 1127.466875][T17421] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 1127.474831][T17421] RBP: 00007f25c66d5e19 R08: 0000000000000000 R09: 0000000000000000 [ 1127.482801][T17421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1127.490768][T17421] R13: 00007f25c688a038 R14: 00007f25c6889fa0 R15: 00007ffe359d32b8 [ 1127.498744][T17421] [ 1127.501758][T17421] [ 1127.504065][T17421] Allocated by task 17421: [ 1127.508470][T17421] __kasan_kmalloc+0xda/0x110 [ 1127.513139][T17421] __kmalloc+0x13d/0x2c0 [ 1127.517462][T17421] sk_prot_alloc+0xed/0x320 [ 1127.521950][T17421] sk_alloc+0x38/0x430 [ 1127.526008][T17421] pfkey_create+0x12a/0x660 [ 1127.530687][T17421] __sock_create+0x38d/0x7a0 [ 1127.535264][T17421] __sys_socket+0xec/0x190 [ 1127.539777][T17421] __x64_sys_socket+0x7a/0x90 [ 1127.544462][T17421] x64_sys_call+0x8c5/0x9a0 [ 1127.548950][T17421] do_syscall_64+0x4c/0xa0 [ 1127.553455][T17421] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1127.559346][T17421] [ 1127.561680][T17421] Last potentially related work creation: [ 1127.567374][T17421] kasan_save_stack+0x3a/0x60 [ 1127.572033][T17421] __kasan_record_aux_stack+0xd2/0x100 [ 1127.577474][T17421] kasan_record_aux_stack_noalloc+0xb/0x10 [ 1127.583265][T17421] insert_work+0x51/0x310 [ 1127.587596][T17421] __queue_work+0x8e5/0xc60 [ 1127.592117][T17421] queue_work_on+0xd2/0x140 [ 1127.596608][T17421] bpf_prog_free+0x13c/0x150 [ 1127.601203][T17421] __bpf_prog_put_rcu+0xaf/0xc0 [ 1127.606039][T17421] rcu_do_batch+0x51d/0xba0 [ 1127.610530][T17421] rcu_core+0x5e4/0xf80 [ 1127.614672][T17421] rcu_core_si+0x9/0x10 [ 1127.618812][T17421] handle_softirqs+0x250/0x560 [ 1127.623562][T17421] __irq_exit_rcu+0x52/0xf0 [ 1127.628049][T17421] irq_exit_rcu+0x9/0x10 [ 1127.632282][T17421] sysvec_apic_timer_interrupt+0x58/0xc0 [ 1127.637923][T17421] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1127.643891][T17421] [ 1127.646218][T17421] Second to last potentially related work creation: [ 1127.652789][T17421] kasan_save_stack+0x3a/0x60 [ 1127.657463][T17421] __kasan_record_aux_stack+0xd2/0x100 [ 1127.663007][T17421] kasan_record_aux_stack_noalloc+0xb/0x10 [ 1127.668980][T17421] call_rcu+0x105/0xfe0 [ 1127.673125][T17421] __bpf_prog_put_noref+0x286/0x2b0 [ 1127.678494][T17421] bpf_prog_put_deferred+0x2d4/0x3c0 [ 1127.683766][T17421] bpf_prog_release+0x243/0x250 [ 1127.688779][T17421] __fput+0x20b/0x8b0 [ 1127.692751][T17421] ____fput+0x15/0x20 [ 1127.696734][T17421] task_work_run+0x127/0x190 [ 1127.701320][T17421] exit_to_user_mode_loop+0xd0/0xe0 [ 1127.706594][T17421] exit_to_user_mode_prepare+0x5a/0xa0 [ 1127.712046][T17421] syscall_exit_to_user_mode+0x1a/0x30 [ 1127.717554][T17421] do_syscall_64+0x58/0xa0 [ 1127.722054][T17421] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1127.727935][T17421] [ 1127.730237][T17421] The buggy address belongs to the object at ffff888117fea800 [ 1127.730237][T17421] which belongs to the cache kmalloc-1k of size 1024 [ 1127.744369][T17421] The buggy address is located 1016 bytes inside of [ 1127.744369][T17421] 1024-byte region [ffff888117fea800, ffff888117feac00) [ 1127.757813][T17421] The buggy address belongs to the page: [ 1127.763435][T17421] page:ffffea00045ffa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117fe8 [ 1127.773657][T17421] head:ffffea00045ffa00 order:3 compound_mapcount:0 compound_pincount:0 [ 1127.782052][T17421] flags: 0x4000000000010200(slab|head|zone=1) [ 1127.788214][T17421] raw: 4000000000010200 0000000000000000 0000000b00000001 ffff888100043080 [ 1127.796954][T17421] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 1127.805531][T17421] page dumped because: kasan: bad access detected [ 1127.812019][T17421] page_owner tracks the page as allocated [ 1127.817806][T17421] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 9609, ts 592368344195, free_ts 591520820378 [ 1127.838625][T17421] post_alloc_hook+0x192/0x1b0 [ 1127.843384][T17421] prep_new_page+0x1c/0x110 [ 1127.848050][T17421] get_page_from_freelist+0x2cc5/0x2d50 [ 1127.853577][T17421] __alloc_pages+0x18f/0x440 [ 1127.858152][T17421] new_slab+0xa1/0x4d0 [ 1127.862207][T17421] ___slab_alloc+0x381/0x810 [ 1127.866866][T17421] __slab_alloc+0x49/0x90 [ 1127.871190][T17421] __kmalloc_track_caller+0x169/0x2c0 [ 1127.876568][T17421] __alloc_skb+0x21a/0x740 [ 1127.880978][T17421] alloc_uevent_skb+0x85/0x240 [ 1127.885732][T17421] kobject_uevent_net_broadcast+0x1a6/0x5a0 [ 1127.891612][T17421] kobject_uevent_env+0x52e/0x700 [ 1127.896624][T17421] kobject_uevent+0x1d/0x30 [ 1127.901117][T17421] __kobject_del+0xd7/0x2f0 [ 1127.905705][T17421] kobject_put+0x1db/0x270 [ 1127.910121][T17421] net_rx_queue_update_kobjects+0x40e/0x480 [ 1127.916007][T17421] page last free stack trace: [ 1127.920664][T17421] free_unref_page_prepare+0x542/0x550 [ 1127.926119][T17421] free_unref_page+0xa2/0x550 [ 1127.930785][T17421] __free_pages+0x6c/0x100 [ 1127.935195][T17421] __free_slab+0xe8/0x1e0 [ 1127.939527][T17421] __unfreeze_partials+0x160/0x190 [ 1127.944629][T17421] put_cpu_partial+0xc6/0x120 [ 1127.949389][T17421] __slab_free+0x1d4/0x290 [ 1127.953797][T17421] ___cache_free+0x104/0x120 [ 1127.958371][T17421] qlink_free+0x4d/0x90 [ 1127.962520][T17421] qlist_free_all+0x5f/0xb0 [ 1127.967006][T17421] kasan_quarantine_reduce+0x14a/0x170 [ 1127.972448][T17421] __kasan_slab_alloc+0x2f/0xf0 [ 1127.977283][T17421] slab_post_alloc_hook+0x4f/0x2b0 [ 1127.982386][T17421] __kmalloc+0x120/0x2c0 [ 1127.986618][T17421] iter_file_splice_write+0x17c/0xc30 [ 1127.991983][T17421] direct_splice_actor+0xe9/0x120 [ 1127.997020][T17421] [ 1127.999343][T17421] Memory state around the buggy address: [ 1128.004965][T17421] ffff888117feaa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1128.013019][T17421] ffff888117feab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1128.021188][T17421] >ffff888117feab80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1128.029232][T17421] ^ [ 1128.037235][T17421] ffff888117feac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1128.045291][T17421] ffff888117feac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1128.053333][T17421] ================================================================== [ 1128.061457][T17421] Disabling lock debugging due to kernel taint [ 1128.089723][ T30] audit: type=1400 audit(1757370018.995:8038): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1