last executing test programs: 18.634682388s ago: executing program 4 (id=257): syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000ac0)=ANY=[@ANYBLOB="00631dda01aef2b0bad477a11d13ec0c19456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d24c60c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e9000001001d0149e6d308cbe315789f4baffe39bbced9b1d4db174c6121d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac10222664bbc980b4e99027c53ae2c6cc05d3be246e5837cbf286225d43e8c1d2e3fda86b86906b79fdedae7f3bbe362e8ad7f2b370442013de1788be93a3d553c2e1f5b559393d964df51bf393f52ecbe6f832b222231fbb9fee9e0343c2d3d567f7cff6d0b25303bcbcc99c879d3bc", @ANYRES32, @ANYRES8, @ANYRESDEC=0x0, @ANYBLOB="a263c7eb1e6adf67d2af47acac3328a07d5f9d77103d4c4d25d6c8fca7b979e962459b667513e7c600135f2d913ee9d7bbeb431f1ced3ad18082d2f59715768a784926a1b35ffb0be8b62abc7e5e4cfb3f501d735796969f5b0eeb17156c1288540362df02b278ee9fcf0d99f300841c7b59cfc3bb08118d351848ac0268d4af4d177eab690bdf43fde123b8fee79c55783960eb15147358c6080775cbe751580bea09917dfcdef05b6093552148a24ae894631546b9dfa6ee5ec638e75879", @ANYRESDEC, @ANYRES64=0x0, @ANYRES32, @ANYRES64], 0x1, 0x286, &(0x7f0000001300)="$eJzs3M1OE18Yx/Ef0P8fBKFVFAVjfKIb3UygXkFDIDE20SA1viQmg0y16dCSToOpMcLOrddBXLozMd4AG6/AhTs2LlkYxzAdoYUS0USGl+9nM2c4/Jozec5MnkWn6w/eLpSLgVN06+ruMqWkAW1IGXWrR01d8bE7Gv+vViu6MZz/cvnew0e3c/n81IzZdG72ZtbMhq58fPHq3dVP9YH774c+9Got82T9W/br2sja6PqP2eelwEqBVap1c22uWq27c75n86Wg7Jjd9T038KxUCbxa23zRry4uNsytzA/2L9a8IDC30rCy17B61eq1hrnP3FLFHMexwX7hdwqrMzNuLulV4N+q1XLupKSxXTOF1UQWBAAAEtWh/1/5m/4/FZ/T/x8l9P/HTnr3nzb7/8fx/duO/h8AAAAAAAAAAAAAAAAAAAAAgKNgIwzTYRimfx3/k6I3fML4/JSkfkkDkk5LGpQ0FL9mkJF0RtJZScOSzkk6L2lE0gVJFyWNtnxW0teK3faqfw/1PxH2ef/3ifofSzz/T7aWH+7pkxbeLBWWCs1jcz5XVEm+PI0rre9RLWPN8fSt/NS4RTK6tLAc55eXCj3t+QmlNzdMp/xEM2/t+d5o323ls0pvbrBO+WzHfJ+uX2vJO0rr81NV5Ws+2pPb+dcTZpN38jvyY9H/HXeObelYP8fZa76Z38f+CMc71ielsVSy1w4paLwsu77v1RgwOHyDkcOxjJM4SPrJhIOwXfSkVwIAAAAAAAAAAAAAAAAA+BMH8XXCpK8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdfgYAAP//ZlFc4g==") close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = timerfd_create(0x7, 0x0) timerfd_gettime(r0, &(0x7f0000001200)) read$FUSE(0xffffffffffffffff, &(0x7f0000001840)={0x2020}, 0x2020) mkdir(&(0x7f0000000040)='./bus\x00', 0x1) mount$incfs(&(0x7f00000004c0)='./bus\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x200088, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000080)=0xf3f, 0x4) sendto$packet(r3, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) ppoll(&(0x7f0000000280)=[{r2, 0x8000}], 0x1, &(0x7f0000000380), 0x0, 0x0) close(r1) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000500)={0x14, 0x49, 0x1, {0x10, 0x1, 0xb}}, 0x14) ioctl$XFS_IOC_FSGETXATTRA(r1, 0x801c582d, &(0x7f0000000200)) epoll_pwait(r5, &(0x7f00000000c0)=[{}], 0x1, 0xe607, 0x0, 0x0) r6 = dup3(r5, r2, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r1, 0x4, &(0x7f0000000180)='./cgroup.net/syz0\x00', &(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r6) r7 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r7, &(0x7f00000005c0), 0x10) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) sendmsg$can_bcm(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r8, 0x0, 0x80, 0x8) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x100) 18.455826127s ago: executing program 4 (id=259): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000004000000000000000000000b00000000020000000100000f020000000400000000000000010009000000000000000100000f020000000100000000fffffffa030000b8b300005f25c27ce31fd1bf1e00675251823e5786d4bbb75bce6fe245bcb4c294ab96974ffe52466a6874528274b296386953d6cab1d1fb8a54e401f0c82ac3a4de498b98afc0e8b4cafb5cc90bf73eb90d3328e6d5478a456ca9671d86213fd3bac4733c1e5152bda22de3ce63144717601961115dd82c13aeeed08a29ef722023348f856deb115f02fc716c22f11ba89a642d73b44a394edfcb61064f0ee8a16351945a79346a08cd548f52f7b4988d821fe731df81bb39ccc5e7b05aba44e99fcde06a5db86c20325b1534d12cf4b26cb0bc93a613a52193728da05870ea3a991cda7d056cf1a7f5e8ebd76695ecbd9cfa3ff4b6faa046f21bc69ede7153b1d96f5e7fc27ef2ab76fbcedfd1c76c3eb7e9c40a4fec086eed9047907a1a00"/387], &(0x7f0000000540)=""/139, 0x5c, 0x8b, 0x80000001}, 0x28) 18.432105018s ago: executing program 4 (id=260): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000006c0)='./file0\x00', 0x58e, &(0x7f00000007c0)={[{@nombcache}, {@lazytime}, {@block_validity}, {@block_validity}, {@nojournal_checksum}, {@quota}, {@jqfmt_vfsv0}]}, 0x1, 0x45c, &(0x7f0000000b80)="$eJzs289vFFUcAPDv7HaB8sOuiD9A1CoaG3+0tKBy8KLRxIMmJl7wWNtCkIUaWhMhRMEDHg2Jd+PRxL/Ak16MejLxqndDQgwXkdOa2Z1hf7Bb2rLtIPv5JNO+N/Om73375u2+mbcbwNAaT38kETsj4o+IGGtmOwuMN39dv3Z+7t9r5+eSqNff+ztplPvn2vm5vGh+3o4sM1Gq9K136ey5k7O12sKZLD+1fOqjqaWz5148cWr2+MLxhdMzR44cPjT9ysszL9168o21x3l/2tZ9ny7u3/vW+5ffmTt6+YNfvivn8XfFMSDjKx18pl4fcHXF2tWWTkYKbAhrko6BtLsqjfE/FuVodd5YvPl5oY0DNlQ90+fwhTpwD0ui6BYAxcjf6NP733zbvNlH8a6+1rwBSuO+nm3NIyNRyspUuu5vB2k8Io5euPF1usXGPIcAAOjwQzr/eaHX/K8UD7WVuy9bG6pmaym7I+KBiNgTEQ9GNMo+HBGPrLH+7kWSrP6ktQZVurL+6G4vnf+9mq1tdc7/8tlfVMtZblcj/kpy7ERt4WD2P5mIytY0P71CHT++8fuX/Y61z//SLa0/nwtm7bgysrXznPnZ5dk7ibnd1YsR+0Z6xZ/cXAlI+2JvROxb7R8td2ZPPPft/n5Fbx//CgawzlT/JuLZZv9fiK74c8nK65NT26K2cHAqvypu9etvl97tV/8dxT8Aaf9v73n934y/mrSv1y6tvY5Lf37R955mcl3Xf2vHluz3J7PLy2emI7Ykbzcb3b5/pnVuns/Lp/FPHOg9/ndH6z/xaESkF/FjEfF4RDyR9d2TEfFURBzoiqv9/vrn15/+sF/8d0P/z3f1f7WzSFf/txJbontPz0SUT/70fedfbCVX9/p3uJGayPas5vVvFe1a59UMAAAA/z+liNgZSWnyZnq0NDnZ/Az/ntheqi0uLT9/bPHj0/PN7whUo1LKn3SNtT0Pnc5u66sXm/mZPJ8dP5Q9N/6qPNrIT84t1uaLDh6G3I5bxn+pMf5Tf5WLbh2wsbYV3QCgSG3r6EmR7QA2n+9rw/Ay/mF49Rj/o0W0A9h8vd7/PyugHcDm6xr/lv1giLj/h+Fl/MPwah//PgAAQ2NpNG7/JfleiW2xnrMk7plElO6KZgwmkaxzFKw2sbPoANeeKPqVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDD+CwAA//9MX/Ao") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x100, 0x198) lseek(r0, 0xfffffffffffffffc, 0x2) setresgid(0xee00, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0) syz_usb_control_io$rtl8150(r1, 0x0, 0x0) syz_usb_connect$uac2(0x5, 0xcd, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x2466, 0x8010, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbb, 0x3, 0x1, 0x1, 0x90, 0xa, {0x8, 0xb, 0x0, 0x2, 0x1, 0xf8, 0x20, 0x1}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x401, 0x7, 0x9, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x0, 0x3ff, 0x4, "6f2030036c99cf"}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x80, 0xf, 0x6, 0x1, 0x7}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0x1, 0x2, 0x5}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x4, 0x10, 0x40, 0x5}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x8001, 0x7fff, 0xe, 0x8e}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x9, 0x3, 0x27, {0x8, 0x25, 0x1, 0x82, 0x30, 0x4, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x6, 0x87, 0x63, 0x5, 0x2}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x20, 0xd, 0x5, 0x6, 0x6}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x9, 0xff, 0x7f}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x6, 0x6, 0x6, {0x8, 0x25, 0x1, 0x82, 0x30, 0x0, 0x7}}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x201, 0xe2, 0x0, 0x2, 0x8, 0x32}, 0x5, &(0x7f0000000240)={0x5, 0xf, 0x5}, 0x4, [{0x10, &(0x7f00000003c0)=@string={0x10, 0x3, "afdb043615222a474e4d74e054c5"}}, {0x38, &(0x7f0000000400)=@string={0x38, 0x3, "c482147e2331242864e5d8f100d993ce12008e6c268190f58b2bee0d7eb809ed4c2a6ff84cbb5732275ff57281671b3a5e17abf9d9ce"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x804}}, {0x100, &(0x7f0000000880)=@string={0x100, 0x3, "8ec9e9f189ed69954f87c42660b303dce2ecce022b3dcea038ea7886cf76cb6766e7d8437098a0181c5029b4eba8e430917560f403db85c052400b2877967651b76fb62b4e435e3aa5c4b410c1be75a92c41aae799fdea466661227ebc01459319351c831e6def1aeb59dcb2eaf8c0d322b3f093ca734532d91a996ed47c5d9c6f5b91d1aae2e391eddbdf82e64b9bcda7248b7e33bdbfbdd0792ef5b24cc26fd4169997e7f53d74d0e7c8b6f2a4767d452c962eb439c62ff8aee5c5ef88f4b10a27721630f94747f20c09fc63d535bb51ad832662281d35358fd85fe6b5631b2d9adf4a1f272a6dbf5530e846702af2921690bff5e440be6bf5df4afe59"}}]}) syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000002400)=ANY=[@ANYBLOB="200e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r1, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000580)={0x0, 0x16, 0x2, "f610"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000005c0)={0x44, &(0x7f00000002c0)={0x0, 0x8, 0xf7, "f33a940326227d07f2e876b170e64f11bfae795765242def7c744ff8f9749a2790b0d82744d53e12cb19dcb2afea475f8dacc2c4555f7001a9d13eb6efa87a0ebfb2e6ea97067ec4a2f84a7e05abd8c4cad0d79965e1bc13b75e3b57fc730421a82512ef6e5b7cfe95b0c6132cc455d375d40fdb10a7ce1fcbc58005fb67950fdadfabf2c6373c600f1dc903bf2065c4f6b9f9160970580f7cbf1fdb8d61e0d80a90e2f71873c3fcbdc39cf183f38136b74e024c3e5e9e96b6d447e3e141eba612f970b27c7c98fada97876559ebc7d66cf377d3829ee28b29aaa3c00dba4040c08050951c12b30701917275f6e334c45e5db6f8d9b345"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs$pagemap(r3, &(0x7f0000000280)) getdents(r0, 0x0, 0x58) 15.215653819s ago: executing program 4 (id=286): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getpriority(0xfffffffffffffffd, 0x0) bind$inet6(r0, &(0x7f00000013c0)={0xa, 0x4e22, 0x9, @rand_addr=' \x01\x00', 0x28}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty=0xe0ffffff}, 0x5635}, 0x1c) r1 = syz_clone(0x200000, &(0x7f0000000000)="e6e207f696d21d6b963aac1062250c869c941d9f128d2ce160d10257b8812704d9632d031a10a3aaaba77dbf360eecca269f6ff3c7aaaaf5103aa6d347430ecd564d76648615a55d2200d4d9280bded47875c355f9a115013ea311e8a47c354749545f8775331ba7df3b1dc587e33071aabdc5edd245330e5bac427834cbe7cea868398ee606d68c7d", 0x89, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000180)="abd08bb13c439214bb119a1b3bc8aec6cf53994e1501c57f9381f008b72d2ee32e7e637e300054dc755aa871646484a8267410bc7ae27027feba47") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x8, @remote, 0xfffffffb}, 0x1c) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000240)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000200)=0x1, 0x4) r3 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@private0, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x3, 0x4e1f, 0x0, 0x2}, {0xfffffffffffffffd, 0xb, 0x4, 0x400, 0x8001, 0x3, 0x0, 0xd3d}, {0x0, 0x200000000000000, 0x7fff, 0x3}, 0xbfd1, 0x1, 0x1}, {{@in=@empty, 0x4d6, 0x3c}, 0xa, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2c19}}, 0xe8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) capset(&(0x7f00000001c0)={0x39900612, r1}, &(0x7f0000000200)={0x80000001, 0x2, 0x5, 0x1, 0x2, 0x3}) 14.887675646s ago: executing program 4 (id=289): r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000002080), 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000005d40), 0x8000, 0x0) r2 = fcntl$getown(r0, 0x9) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbbd, {0x0, 0x0, 0x0, r4, {0xb, 0xb}, {0x0, 0xfff3}, {0xd, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041010}, 0x10) syz_open_procfs(r2, &(0x7f0000000000)='fd/3\x00') lseek(r1, 0x80000001, 0x1) read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020) 14.778602651s ago: executing program 4 (id=291): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000019080)=0x30) fgetxattr(r0, &(0x7f0000000240)=@known='system.sockprotoname\x00', &(0x7f0000000040)=""/5, 0x5) ioctl$NILFS_IOCTL_GET_SUSTAT(r0, 0x80306e85, &(0x7f0000000280)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f00000002c0)={[{@abort}, {@nolazytime}, {@noquota}, {@nomblk_io_submit}, {@lazytime, 0x0}, {@jqfmt_vfsold}, {@mblk_io_submit}, {@resgid}, {@grpjquota}, {@commit={'commit', 0x3d, 0x5}}, {@data_err_abort}, {@nouid32}, {@errors_remount}, {@noacl}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@journal_async_commit}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@jqfmt_vfsv1}, {@errors_continue}, {@errors_remount}, {@data_err_ignore}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}], 0x2c}, 0x1, 0x50a, &(0x7f0000000e40)="$eJzs3E1vVFUfAPD/nU4pfaBP+/C88vLIKBqJRkrL68IFEE3YmGg0Bpe1LQQpYGhNgDRSjIHEhYZP4MvOxE/gRt0YNS40biFujQkx3YAuzDV35k6Z9nbaYeyLpb9fMtNz7j137vnfe0/nnHtmJoB1q5I9JRGbI+JmRPTWsrMLVGp/7k5PDv86PTmcRJq++EtSLXdnenK4XrS+3aZapvrSpbeT2F7cbdf4pctnhsbGRi/kC/onSnnq7NCp0VOj5wYPH96/r/vQwcEDczbtbCvOrE53tr15fsfW46/ceG74xI1Xv/4kq2+ar2+Mo6av+ryh5T10FJZUojL7WDZ4rPWqrwk9DemknD2XVq8ytCy7ast5q7oZvdFRzdX0xrNvrWrlgGWVpmnaVVg68142lTZKktoGaXo1BR4ASax2DYDVUX+jvzOdjVQnh4vj4Afb7aNRHQFlcd/NH7U15eoIttJXGxu1d9dhcf+KiBNTv72fPWLe+xCZYg8NAKBdnx+NuH6s1u+oP2prSvGfhnJ/z+eG+iLiHxGxJSL+mfdf/h1RLfvfiPhfwzY9LcwCVObki/2f77vzRGN3dclk/b+n87mt2f2/mZr3deS5nmr8ncnJ02Oje/Njsjs6u7L8QPGlZzptXzzzw3vN9l9p6P9lj2z/9b5gXo+fy3O6fyNDE0NLdTRuX60e2CvF+JMoJ/VUxNaI2NbG62fH7PQTH+9otn5W/Fmchfjfbf7i5TYqNEf6YcTjtfM/FXPij3z+L6nOT559vX/80uWnTjfOTw4cOjh4oH9jjI3u7a9fFUXffHft+TxZGEYscP7rTWNZJ9Ky8/+3ea//mZnLviw1M187fv/7uHbretMxZbvX/4bkpWq6Pj97cWhi4sJAxIZkqrh88N62F4e6Z5XP4t+9a/72vyXi9w/y7bZHRHYR/z8iHoqInXndH46IRyJi1wLxf3Xs0deaDSEXj395ZfGP3Nf5b5Y48m3E/Ks6znz5aWHH71QK8XdGs/O/v5ranS8ZGZrYuFhcC9W0MfGnDyAAAACsATsjYnMkpT35jabNUSrt2ROxaeYOyvjEkyfPv3FupPYdgb7oLNXvdPU23A8dyO8NZ/lsq8GGfLZ+X/W+cZqmaXeWz8bv3T0RL3y2uuHDurapSfvP/FT8SgvwoLmvebRm32gD1qS57f9Wy1su/QcygJW1BJ+jAdYo7R/Wr5bbf+EjjP5zwFpXnqchX4m4uzq1AVbSfO/iLxeWHFmRugArSy8e1q/2278PA8Ba5/0f1qWWviTfRmLL8QXKJOXl2WnzRCkW/hWAvoj6knqfZuEX/LEUsTQ17FjSSLtnndPSvGU2xlLsK0qLlimXW/8hhpVNlP4a1agluiJikat35mK7Uk9cXu6KVRvBR/f+U/gNSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYG36IwAA//+xydip") 14.723600973s ago: executing program 32 (id=291): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x4) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000019080)=0x30) fgetxattr(r0, &(0x7f0000000240)=@known='system.sockprotoname\x00', &(0x7f0000000040)=""/5, 0x5) ioctl$NILFS_IOCTL_GET_SUSTAT(r0, 0x80306e85, &(0x7f0000000280)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f00000002c0)={[{@abort}, {@nolazytime}, {@noquota}, {@nomblk_io_submit}, {@lazytime, 0x0}, {@jqfmt_vfsold}, {@mblk_io_submit}, {@resgid}, {@grpjquota}, {@commit={'commit', 0x3d, 0x5}}, {@data_err_abort}, {@nouid32}, {@errors_remount}, {@noacl}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@journal_async_commit}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@jqfmt_vfsv1}, {@errors_continue}, {@errors_remount}, {@data_err_ignore}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}], 0x2c}, 0x1, 0x50a, &(0x7f0000000e40)="$eJzs3E1vVFUfAPD/nU4pfaBP+/C88vLIKBqJRkrL68IFEE3YmGg0Bpe1LQQpYGhNgDRSjIHEhYZP4MvOxE/gRt0YNS40biFujQkx3YAuzDV35k6Z9nbaYeyLpb9fMtNz7j137vnfe0/nnHtmJoB1q5I9JRGbI+JmRPTWsrMLVGp/7k5PDv86PTmcRJq++EtSLXdnenK4XrS+3aZapvrSpbeT2F7cbdf4pctnhsbGRi/kC/onSnnq7NCp0VOj5wYPH96/r/vQwcEDczbtbCvOrE53tr15fsfW46/ceG74xI1Xv/4kq2+ar2+Mo6av+ryh5T10FJZUojL7WDZ4rPWqrwk9DemknD2XVq8ytCy7ast5q7oZvdFRzdX0xrNvrWrlgGWVpmnaVVg68142lTZKktoGaXo1BR4ASax2DYDVUX+jvzOdjVQnh4vj4Afb7aNRHQFlcd/NH7U15eoIttJXGxu1d9dhcf+KiBNTv72fPWLe+xCZYg8NAKBdnx+NuH6s1u+oP2prSvGfhnJ/z+eG+iLiHxGxJSL+mfdf/h1RLfvfiPhfwzY9LcwCVObki/2f77vzRGN3dclk/b+n87mt2f2/mZr3deS5nmr8ncnJ02Oje/Njsjs6u7L8QPGlZzptXzzzw3vN9l9p6P9lj2z/9b5gXo+fy3O6fyNDE0NLdTRuX60e2CvF+JMoJ/VUxNaI2NbG62fH7PQTH+9otn5W/Fmchfjfbf7i5TYqNEf6YcTjtfM/FXPij3z+L6nOT559vX/80uWnTjfOTw4cOjh4oH9jjI3u7a9fFUXffHft+TxZGEYscP7rTWNZJ9Ky8/+3ea//mZnLviw1M187fv/7uHbretMxZbvX/4bkpWq6Pj97cWhi4sJAxIZkqrh88N62F4e6Z5XP4t+9a/72vyXi9w/y7bZHRHYR/z8iHoqInXndH46IRyJi1wLxf3Xs0deaDSEXj395ZfGP3Nf5b5Y48m3E/Ks6znz5aWHH71QK8XdGs/O/v5ranS8ZGZrYuFhcC9W0MfGnDyAAAACsATsjYnMkpT35jabNUSrt2ROxaeYOyvjEkyfPv3FupPYdgb7oLNXvdPU23A8dyO8NZ/lsq8GGfLZ+X/W+cZqmaXeWz8bv3T0RL3y2uuHDurapSfvP/FT8SgvwoLmvebRm32gD1qS57f9Wy1su/QcygJW1BJ+jAdYo7R/Wr5bbf+EjjP5zwFpXnqchX4m4uzq1AVbSfO/iLxeWHFmRugArSy8e1q/2278PA8Ba5/0f1qWWviTfRmLL8QXKJOXl2WnzRCkW/hWAvoj6knqfZuEX/LEUsTQ17FjSSLtnndPSvGU2xlLsK0qLlimXW/8hhpVNlP4a1agluiJikat35mK7Uk9cXu6KVRvBR/f+U/gNSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYG36IwAA//+xydip") 1.939918994s ago: executing program 3 (id=485): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001006000"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x4) 1.847771368s ago: executing program 3 (id=492): openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 1.767481301s ago: executing program 3 (id=495): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)) 1.036640108s ago: executing program 0 (id=514): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@deltaction={0x34, 0x18, 0x1, 0x70bd2c, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x8d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844) 955.730593ms ago: executing program 0 (id=516): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)={0x28, 0x1, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_USERDATA={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c004}, 0x4) 955.365503ms ago: executing program 0 (id=517): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000009c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x470bd30, 0x25dfdbff, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0xb, 0x2, 0x4, 0x2, 0x0, 0x800, 0x1}}, {0x6, 0x2, [0x1]}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x44080) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000) 954.432433ms ago: executing program 5 (id=519): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd7000fedbdf25200000000c00060000000000000000001c002d800500040001000000050001000600000008000200120000000c00060001"], 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x40) 941.634803ms ago: executing program 0 (id=520): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r0, &(0x7f0000000040)={0x10, @short={0x2, 0x1}}, 0x14) 936.376073ms ago: executing program 3 (id=521): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x17443000) mount$tmpfs(0x0, 0x0, &(0x7f0000000f80), 0x1000400, 0x0) 886.292576ms ago: executing program 5 (id=522): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 886.007856ms ago: executing program 3 (id=523): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x25dfdbff, {{@in=@multicast1, @in6=@mcast2, 0x4, 0x0, 0x4e21, 0x2, 0x80ff, 0x0, 0x0, 0x21, 0x0, 0xee00}, {@in6=@dev={0xfe, 0x80, '\x00', 0x35}, 0x4d2, 0x32}, @in6=@private2, {0x5, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x100, 0x1}, {}, 0x70bd2c, 0x3505, 0xa, 0x4, 0x0, 0x50}}, 0xf0}, 0x1, 0x0, 0x0, 0x880}, 0x2014) 885.811306ms ago: executing program 0 (id=524): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) fremovexattr(0xffffffffffffffff, 0x0) 885.317216ms ago: executing program 5 (id=525): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000180)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@delalloc}, {@noload}, {@errors_remount}, {@usrjquota}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) 823.626779ms ago: executing program 3 (id=526): bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360) 823.332419ms ago: executing program 0 (id=527): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xd, r3, 0x0, 0x0) ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000740)={0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r4 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x1) fchdir(r5) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000040)=""/53, 0x2457a0be381e3a04) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20500, 0x0) 659.886277ms ago: executing program 1 (id=529): socket$nl_route(0x10, 0x3, 0x0) ioperm(0x0, 0x7, 0x80006) mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) syz_socket_connect_nvme_tcp() syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x40c, &(0x7f0000000240)={[{@init_itable}, {@quota}, {@nojournal_checksum}, {@grpjquota}, {@lazytime}, {@block_validity}, {}]}, 0xff, 0x501, &(0x7f0000000e80)="$eJzs3c9vY0cdAPCvndhxsmmTlh4AQbu0hQWt1km8bVT1AOWEEKqE6BGkbUi8URQ7jmKnNGEP6ZkrEpU4wZE/gHNP3LkguHEpByR+RKAGiYPRe37OehN7E20SO8Sfj/T0Zt54/Z2J982sv1l7AhhbtyPiICKKEfF+RMxl13PZEe90juRxnx0+Wj06fLSai3b7vX/k0vbkWvT8mcSt7DlLEfGD70T8OHc6bnNvf3OlVqvuZPWFVn17obm3f2+jvrJeXa9uVSrLS8uLb91/s3JpY32lXsxKX/709wff+GnSrdnsSu84LlNn6IXjOInJiPjeVQQbgYlsPMVRd4Rnko+IFyPi1fT+n4uJ9NUEAG6ydnsu2nO9dQDgpos0B5bLl7NcwGzk8+VyJ4f3Uszka41m6+7Dxu7WWidXNh+F/MONWnUxyxXORyGX1JfS8uN65UT9fkS8EBE/n5pO6+XVRm1thP/uAYBxduvE+v/vqc76DwDccKVRdwAAGDrrPwCMH+s/AIwf6z8AjJ/O+j896m4AAEPk/T8AjB/rPwCMle+/+25ytI+y779e+2Bvd7Pxwb21anOzXN9dLa82drbL643GevqdPfWznq/WaGwvvRG7H85/c7vZWmju7T+oN3a3Wg/S7/V+UC2kjzoYwsgAgEFeeOWTP+WSFfnt6fSInr0cCiPtGXDV8qPuADAyE6PuADAydvuC8XWB9/jSA3BD9Nmi9wmlfh8Q6m4gAvxfuvMF+X8YVz35f/8LGMaM/D+ML/l/GF/tdu68e/7HeR8IAFxvcvzAgN//v5idf5P9cuBHaycf8fFV9goAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACut+7+v+VsL/DZyOfL5YjnImI+CrmHG7XqYkQ8HxF/nCpMJfWlEfcZALio/F9z2f5fd+Zen32i6eVbx8ViRPzkl+/94sOVVmvnDxHF3D+nutdbH2fXK8PvPQBwtu46nZ573sh/dvhotXsMsz9/+3ZElDrxjw6LcXQcfzIm03MpChEx869cVu/I9eQuLuLgo4j4fL/x52I2zYF0dj49GT+J/dxQ4+efiJ9P2zrn5GfxuUvoC4ybT5L5551+918+bqfn/vd/KZ2hLi6b/5KnWj1K58DH8bvz38SA+e/2eWO88bvvdkrTp9s+ivjiZEQ39lHP/NONnxsQ//Vzxv/zl15+dVBb+1cRd6J//N5YC6369kJzb//eRn1lvbpe3apUlpeWF9+6/2ZlIc1RLwxeDf7+9t3nB7Ul458ZEL90xvi/es7x//q/7//wK0+J//XX+sXPx0tPiZ+siV87Z/yVmd+WBrUl8dcGjP+s1//uOeN/+pf9U9uGAwCj09zb31yp1ao7Cte5UMxeruvSn0GF0hX3MPkZXI+Rni58a1ixitG/6Wev9f1L0m4/U6xBM8ZlZN2A6+D4po+I/4y6MwAAAAAAAAAAAAAAQF/D+MTSqMcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAzfW/AAAA//+Y9srv") openat$hwrng(0xffffffffffffff9c, 0x0, 0xa8080, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x4040) close(0xffffffffffffffff) 327.571434ms ago: executing program 2 (id=530): syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x8000, &(0x7f00000000c0), 0x2, 0xbde, &(0x7f0000001f40)="$eJzs3N1rXGUaAPDnnEw+2mZ30mVZtnuzXZalhWWnSZeUbVnYdumyN14Ieis0ppMSMv0gidSkuZjoP+DXteCNoBbFC3vdG0VvvdH2VvFCKBIbBRGNnPlIYjOTpGYmJ6a/H7yZ9z3vJM/z5CRz3hfmTACPrKPZlzTiSERcSCKKjeNpRPTVegMR1frzlpcWxr9dWhhPYmXlia+SSCLi/tLCePNnJY3HQ43BQER8/N8kfvf8xrgzc/NTY5VKeboxPjF7+dqJmbn5f0xeHrtUvlS+MnLqX6MnR08Nnx7tWK3ffXb21jd/+f8X1e/f/OHm1y+/nsTZGGzMra+jQway31rSYqIQEWMdDpaXnkY96+tMClt809ofFwAAuyxdt4b7QxSjJ9YWb8V4/5NckwMAAAA6YqUnYgUAAADY5xL7fwAAANjnmu8DuL+0MN5s+b4jYXfdOxcRQ/X6lxutPlOIau1xIHoj4uD9JNbf1prUv23HjkbE53dPv5O16M59yJuqLkbEH1ud/6RW/1DtLu6N9acRMdyB+EcfGK/G3+oe4g7ZSf1nOxC/bf0A0EW3z9UvZBuvf+nq+idaXP8KLa5dv0Te17/m+m95w/pvrf6eNuu/x7cZ48Ybr15vN5fV/+9b/3u72bL42eOOinoI9xYj/lRoVX+yWn/Spv4L24xR/PF6ud1c3vWvvBZxLFrX35Rs/vlEJyYmK+Xh+teWMRY/Gn2rXfy868/O/8E29Tc//6nd+b+2zRhPnT//7oaDd9e6m9efftmXPFnrNT8y6Nmx2dnpkYi+5LGNx09unkvzOc2fkdV//K+b//+3qj97Tag2fg/ZXmCx8ZiNn3sg5n9u3nivXT7N/V+e5/9im/O/vv4PCxvP/wvbjPG3D1463m5u/f43a1n85l4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJrSiBiMJC2t9tO0VIo4FBG/j4Np5erM7N8nrj5z5WI2FzEUvenEZKU8HBHF+jjJxiO1/tr45APjf0bE4Yh4pXigNi6NX61czLt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVh2KiMFI0lJEpBGxXEzTUinvrAAAAICOG8o7AQAAAKDr7P8BAABg/7P/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMsO//n2nSQiqmcO1FqmrzHXm2tmQLeleScA5KYn7wSA3BTyTgDIzUPu8S0XYB9KtpgfaDvT3/FcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANi7jh25fSeJiOqZA7WW6WvM9eaaGdBt6bp+kmMewO7r2WyysHt5ALvvIf/FN325AH5lLPrhkbfVy8DA2nOqP5/p71pOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOw9g7WWpKWI6GscK5UifhMRQ9GbTExWysMR8duI+LTY25+NR3LOGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM6bmZufGqtUytNZJ41GZ/VIFzo9jchdDNGdTlLPu7pX8tnfnf4Xt3rO07HDEH2xJyrdo508X5UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjLzNz81FilUp6eyTsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG8zc/NTY5VKebqLnbxrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPz8FAAD//9r4Bjg=") rmdir(&(0x7f0000000000)='./file0\x00') 309.114855ms ago: executing program 2 (id=531): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x1c, 0x1e, 0xa01, 0x0, 0x0, {0x3}, [@typed={0x5, 0x0, 0x0, 0x0, @binary="a2"}]}, 0x1c}}, 0x4000) 306.933945ms ago: executing program 5 (id=532): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 243.764968ms ago: executing program 2 (id=533): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)={0x14, 0x1, 0x3, 0x401, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) 243.512938ms ago: executing program 2 (id=534): ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0xd2) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00') ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000001680)={0x0, 0x401, 0x1, [0x8000000000000000, 0xfffffffffffffff9, 0x145, 0x8], [0x3, 0x8, 0x6, 0x4, 0x800, 0x3, 0x0, 0x6, 0x80000000, 0x2, 0x3, 0x8000, 0xfffffffffffffff8, 0x7, 0x4, 0x0, 0x1f, 0x7fff, 0x8000000000000000, 0x3, 0xed, 0x8, 0x2, 0x800, 0x0, 0x5, 0x8, 0x6, 0x1, 0x9, 0x3, 0xb52c, 0x9, 0x4, 0x7fff, 0xf0d2, 0xffffffffffff7fff, 0x8, 0xfff, 0x80, 0x2, 0x7, 0x9, 0x4, 0x3, 0xffff, 0xffffffffffffffff, 0x2, 0x1, 0x1, 0x7fff, 0x7fff, 0xa6fb, 0xff, 0x100000000, 0xd, 0x2, 0xe, 0x80000000, 0x564f, 0x2, 0x0, 0x9, 0x1b7, 0x11c0, 0x2, 0x5ce20760, 0x2, 0x40, 0x5002, 0x80, 0x8000000000000001, 0x8000000000000001, 0x9, 0x7fff, 0xd61, 0x3, 0x1, 0x10000, 0x6, 0x100000001, 0x8000000000000000, 0x5, 0xfff, 0x3, 0xb1a3, 0x3, 0xcb3, 0x8, 0x9, 0xff, 0x9, 0x10000, 0x1, 0x5, 0x800, 0x5, 0x3, 0x7, 0x200, 0x8, 0x200, 0x8, 0x4, 0x6, 0x10, 0x3, 0xffffffffffffffff, 0x6, 0x7, 0xc1, 0xf1f9, 0x6, 0x9, 0x7, 0x401, 0x2, 0x100000000, 0x1, 0xa4a0, 0x6]}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) ioctl$BLKTRACESETUP(r0, 0xc0481273, 0x0) 172.240592ms ago: executing program 1 (id=535): unshare(0x2020400) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, 0x0, 0x20000004) 124.158584ms ago: executing program 2 (id=536): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="00631dda01aef2b0bad477a11d13ec0c19456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d24c60c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e9000001001d0149e6d308cbe315789f4baffe39bbced9b1d4db174c6121d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac10222664bbc980b4e99027c53ae2c6cc05d3be246e5837cbf286225d43e8c1d2e3fda86b86906b79fdedae7f3bbe362e8ad7f2b370442013de1788be93a3d553c2e1f5b559393d964df51bf393f52ecbe6f832b222231fbb9fee9e0343c2d3d567f7cff6d0b25303bcbcc99c879d3bc"], 0x1, 0x286, &(0x7f0000001300)="$eJzs3M1OE18Yx/Ef0P8fBKFVFAVjfKIb3UygXkFDIDE20SA1viQmg0y16dCSToOpMcLOrddBXLozMd4AG6/AhTs2LlkYxzAdoYUS0USGl+9nM2c4/Jozec5MnkWn6w/eLpSLgVN06+ruMqWkAW1IGXWrR01d8bE7Gv+vViu6MZz/cvnew0e3c/n81IzZdG72ZtbMhq58fPHq3dVP9YH774c+9Got82T9W/br2sja6PqP2eelwEqBVap1c22uWq27c75n86Wg7Jjd9T038KxUCbxa23zRry4uNsytzA/2L9a8IDC30rCy17B61eq1hrnP3FLFHMexwX7hdwqrMzNuLulV4N+q1XLupKSxXTOF1UQWBAAAEtWh/1/5m/4/FZ/T/x8l9P/HTnr3nzb7/8fx/duO/h8AAAAAAAAAAAAAAAAAAAAAgKNgIwzTYRimfx3/k6I3fML4/JSkfkkDkk5LGpQ0FL9mkJF0RtJZScOSzkk6L2lE0gVJFyWNtnxW0teK3faqfw/1PxH2ef/3ifofSzz/T7aWH+7pkxbeLBWWCs1jcz5XVEm+PI0rre9RLWPN8fSt/NS4RTK6tLAc55eXCj3t+QmlNzdMp/xEM2/t+d5o323ls0pvbrBO+WzHfJ+uX2vJO0rr81NV5Ws+2pPb+dcTZpN38jvyY9H/HXeObelYP8fZa76Z38f+CMc71ielsVSy1w4paLwsu77v1RgwOHyDkcOxjJM4SPrJhIOwXfSkVwIAAAAAAAAAAAAAAAAA+BMH8XXCpK8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdfgYAAP//ZlFc4g==") ioctl$FIBMAP(0xffffffffffffffff, 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) getdents64(r0, 0x0, 0x0) r1 = inotify_init1(0x80000) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x570009ec) getdents64(r0, 0x0, 0x0) 59.735407ms ago: executing program 5 (id=537): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x149040) ioctl$EVIOCGEFFECTS(r0, 0x80044584, 0x0) 59.548848ms ago: executing program 1 (id=538): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x0, 0x2, 0x9}, 0x20) 59.403177ms ago: executing program 5 (id=539): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000380)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x7, 0x7}, {}, {0x8, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0x7, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0x0, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) 55.186418ms ago: executing program 2 (id=540): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 48.672618ms ago: executing program 1 (id=541): r0 = socket(0xa, 0x3, 0x3a) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000040)=0xd, 0x4) 563.33µs ago: executing program 1 (id=542): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='hybla', 0x5) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000000)='D', 0x1, 0x28004044, &(0x7f0000000140)={0xa, 0x4001, 0xfffc, @empty, 0xfffffffd}, 0x1c) 0s ago: executing program 1 (id=543): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000002, 0x4080172, 0xffffffffffffffff, 0x6acc3000) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x303}, "0e57b3d487e2db32", "a9df7ccffde8899f914d4f2c3e263509", "3c36a51c", "6775c975b6b15e11"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f64e40992f79ecf0", "53c272d8b763f690b35605dff8a4a8d2", "021000", "72392a24199b5903"}, 0x28) writev(r0, &(0x7f0000000800)=[{&(0x7f00000005c0)="c800b66cf7e6a5", 0x7}], 0x1) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000001980)=""/4099, 0x1003}], 0x1) kernel console output (not intermixed with test programs): ty_file_permission+0x83/0xa0 [ 38.191754][ T617] do_sendfile+0x5ed/0xea0 [ 38.196152][ T617] ? do_preadv+0x390/0x390 [ 38.200548][ T617] ? fput_many+0x15a/0x1a0 [ 38.204957][ T617] ? fput+0x1a/0x20 [ 38.208742][ T617] __x64_sys_sendfile64+0x199/0x1f0 [ 38.213917][ T617] ? __ia32_sys_read+0x90/0x90 [ 38.218659][ T617] ? __ia32_sys_sendfile+0x190/0x190 [ 38.223939][ T617] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 38.229992][ T617] x64_sys_call+0x88d/0x9a0 [ 38.234478][ T617] do_syscall_64+0x4c/0xa0 [ 38.238877][ T617] ? clear_bhb_loop+0x50/0xa0 [ 38.243532][ T617] ? clear_bhb_loop+0x50/0xa0 [ 38.248191][ T617] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 38.254071][ T617] RIP: 0033:0x7fd9b2bb7799 [ 38.258469][ T617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 38.278402][ T617] RSP: 002b:00007fd9b1612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 38.286818][ T617] RAX: ffffffffffffffda RBX: 00007fd9b2e30fa0 RCX: 00007fd9b2bb7799 [ 38.294786][ T617] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 38.302738][ T617] RBP: 00007fd9b1612090 R08: 0000000000000000 R09: 0000000000000000 [ 38.310692][ T617] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 38.318656][ T617] R13: 00007fd9b2e31038 R14: 00007fd9b2e30fa0 R15: 00007ffd8e6f6698 [ 38.326636][ T617] [ 38.346919][ T592] netlink: 24 bytes leftover after parsing attributes in process `syz.2.73'. [ 38.351548][ T30] audit: type=1400 audit(1773886802.956:232): avc: denied { sys_admin } for pid=625 comm="syz.1.81" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 38.378793][ T592] netlink: 24 bytes leftover after parsing attributes in process `syz.2.73'. [ 38.393660][ T605] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 38.414452][ T30] audit: type=1400 audit(1773886803.006:233): avc: denied { create } for pid=591 comm="syz.2.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.453800][ T26] aqc111: probe of 3-1:1.105 failed with error -22 [ 38.466597][ T6] usb 4-1: USB disconnect, device number 3 [ 38.470261][ T30] audit: type=1400 audit(1773886803.006:234): avc: denied { setopt } for pid=591 comm="syz.2.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.566265][ T30] audit: type=1400 audit(1773886803.006:235): avc: denied { read } for pid=591 comm="syz.2.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.591624][ T30] audit: type=1326 audit(1773886803.176:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=632 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ede5c799 code=0x7ffc0000 [ 38.615073][ T30] audit: type=1326 audit(1773886803.176:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=632 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ede5c799 code=0x7ffc0000 [ 38.707928][ T26] usb 3-1: USB disconnect, device number 3 [ 38.889895][ T30] audit: type=1326 audit(1773886803.176:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=632 comm="syz.3.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7ff0ede5c799 code=0x7ffc0000 [ 38.948868][ T634] FAT-fs (loop3): Directory bread(block 64) failed [ 38.959912][ T634] FAT-fs (loop3): Directory bread(block 65) failed [ 38.975037][ T634] FAT-fs (loop3): Directory bread(block 66) failed [ 38.989345][ T634] FAT-fs (loop3): Directory bread(block 67) failed [ 39.018278][ T634] FAT-fs (loop3): Directory bread(block 68) failed [ 39.028385][ T634] FAT-fs (loop3): Directory bread(block 69) failed [ 39.035205][ T456] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 39.044963][ T643] netlink: 164 bytes leftover after parsing attributes in process `syz.0.82'. [ 39.067177][ T634] FAT-fs (loop3): Directory bread(block 70) failed [ 39.074733][ T634] FAT-fs (loop3): Directory bread(block 71) failed [ 39.081316][ T634] FAT-fs (loop3): Directory bread(block 72) failed [ 39.088318][ T634] FAT-fs (loop3): Directory bread(block 73) failed [ 39.150699][ T648] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 39.173727][ T648] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.363968][ T656] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 39.384232][ T656] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.397209][ T660] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 39.409753][ T660] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.453683][ T456] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.477358][ T665] netlink: 'syz.0.90': attribute type 3 has an invalid length. [ 39.495136][ T456] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.523579][ T456] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 39.546881][ T666] FAULT_INJECTION: forcing a failure. [ 39.546881][ T666] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 39.560246][ T456] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 39.573771][ T456] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.588673][ T456] usb 2-1: config 0 descriptor?? [ 39.595212][ T666] CPU: 0 PID: 666 Comm: syz.2.92 Not tainted syzkaller #0 [ 39.602337][ T666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 39.612388][ T666] Call Trace: [ 39.615662][ T666] [ 39.618610][ T666] __dump_stack+0x21/0x30 [ 39.622949][ T666] dump_stack_lvl+0x110/0x170 [ 39.627626][ T666] ? show_regs_print_info+0x20/0x20 [ 39.632823][ T666] ? format_decode+0x1bb/0x1520 [ 39.637672][ T666] dump_stack+0x15/0x20 [ 39.641825][ T666] should_fail+0x3c1/0x510 [ 39.646237][ T666] should_fail_usercopy+0x1a/0x20 [ 39.651262][ T666] _copy_from_user+0x20/0xd0 [ 39.655938][ T666] kstrtouint_from_user+0xd3/0x220 [ 39.661235][ T666] ? kstrtol_from_user+0x2a0/0x2a0 [ 39.666444][ T666] ? 0xffffffff81000000 [ 39.670598][ T666] ? _copy_to_user+0x78/0x90 [ 39.675187][ T666] ? simple_read_from_buffer+0x10f/0x160 [ 39.680910][ T666] proc_fail_nth_write+0x8b/0x200 [ 39.685945][ T666] ? proc_fail_nth_read+0x220/0x220 [ 39.691237][ T666] ? security_file_permission+0x79/0xa0 [ 39.696789][ T666] ? security_file_permission+0x83/0xa0 [ 39.702334][ T666] ? proc_fail_nth_read+0x220/0x220 [ 39.707671][ T666] vfs_write+0x3f9/0xfd0 [ 39.711917][ T666] ? file_end_write+0x1b0/0x1b0 [ 39.716943][ T666] ? __kasan_check_write+0x14/0x20 [ 39.722162][ T666] ? mutex_lock+0x9b/0x1c0 [ 39.726592][ T666] ? wait_for_completion_killable_timeout+0x10/0x10 [ 39.733287][ T666] ? __fget_files+0x2c4/0x320 [ 39.738084][ T666] ? __fdget_pos+0x2d2/0x380 [ 39.742693][ T666] ? ksys_write+0x71/0x250 [ 39.747113][ T666] ksys_write+0x149/0x250 [ 39.751444][ T666] ? __ia32_sys_read+0x90/0x90 [ 39.756214][ T666] ? debug_smp_processor_id+0x17/0x20 [ 39.761585][ T666] __x64_sys_write+0x7b/0x90 [ 39.766180][ T666] x64_sys_call+0x8ef/0x9a0 [ 39.770682][ T666] do_syscall_64+0x4c/0xa0 [ 39.775098][ T666] ? clear_bhb_loop+0x50/0xa0 [ 39.779817][ T666] ? clear_bhb_loop+0x50/0xa0 [ 39.784513][ T666] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 39.790419][ T666] RIP: 0033:0x7f52c3a6dfce [ 39.794836][ T666] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 39.814552][ T666] RSP: 002b:00007f52c24e6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 39.823152][ T666] RAX: ffffffffffffffda RBX: 00007f52c24e76c0 RCX: 00007f52c3a6dfce [ 39.831138][ T666] RDX: 0000000000000001 RSI: 00007f52c24e70a0 RDI: 0000000000000004 [ 39.839174][ T666] RBP: 00007f52c24e7090 R08: 0000000000000000 R09: 0000000000000000 [ 39.847161][ T666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.855578][ T666] R13: 00007f52c3d27128 R14: 00007f52c3d27090 R15: 00007ffe91f66e88 [ 39.863555][ T666] [ 40.149550][ T671] netlink: 12 bytes leftover after parsing attributes in process `syz.2.94'. [ 40.193669][ T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 40.277791][ T686] set_capacity_and_notify: 5 callbacks suppressed [ 40.277805][ T686] loop0: detected capacity change from 0 to 2039 [ 40.314498][ T456] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 40.323844][ T456] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 40.332208][ T101] loop0: p1 < > p3 [ 40.337508][ T101] loop0: p3 size 134217728 extends beyond EOD, truncated [ 40.345838][ T683] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 40.363315][ T686] loop0: p1 < > p3 [ 40.368697][ T686] loop0: p3 size 134217728 extends beyond EOD, truncated [ 40.376842][ T456] plantronics 0003:047F:FFFF.0003: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 40.389855][ T683] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.406712][ T101] loop0: p1 < > p3 [ 40.411146][ T101] loop0: p3 size 134217728 extends beyond EOD, truncated [ 40.433695][ T6] usb 4-1: Using ep0 maxpacket: 32 [ 40.522960][ T406] usb 2-1: USB disconnect, device number 5 [ 40.540066][ T694] loop0: detected capacity change from 0 to 512 [ 40.551772][ T695] fido_id[695]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 40.553652][ T6] usb 4-1: config index 0 descriptor too short (expected 548, got 36) [ 40.594402][ T340] udevd[340]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 40.594434][ T349] udevd[349]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 40.624502][ T694] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 40.624502][ T694] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 40.624502][ T694] [ 40.642640][ T6] usb 4-1: config 127 has too many interfaces: 193, using maximum allowed: 32 [ 40.656232][ T348] udevd[348]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 40.656245][ T340] udevd[340]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 40.683575][ T6] usb 4-1: config 127 contains an unexpected descriptor of type 0x2, skipping [ 40.683667][ T694] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 40.692438][ T6] usb 4-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 40.692458][ T6] usb 4-1: config 127 has 0 interfaces, different from the descriptor's value: 193 [ 40.731087][ T348] udevd[348]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 40.741869][ T340] udevd[340]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 40.772778][ T694] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.813995][ T694] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=80026019, mo2=0000] [ 40.823903][ T694] EXT4-fs (loop0): 1 truncate cleaned up [ 40.833756][ T694] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nombcache,acl,barrier=0x000000000000000c,noacl,max_batch_time=0x0000000000000006,nodioread_nolock,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 40.858436][ T10] EXT4-fs error (device loop0): ext4_release_dquot:6261: comm kworker/u4:1: Failed to release dquot type 1 [ 40.863668][ T6] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 40.903610][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.919982][ T6] usb 4-1: Product: syz [ 40.921029][ T699] loop0: detected capacity change from 0 to 512 [ 40.932667][ T6] usb 4-1: Manufacturer: syz [ 40.943607][ T6] usb 4-1: SerialNumber: syz [ 41.031676][ T699] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 41.053674][ T699] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.118951][ T692] loop4: detected capacity change from 0 to 131072 [ 41.138706][ T692] F2FS-fs (loop4): Invalid log sectors per block(570425347) log sectorsize(9) [ 41.157759][ T692] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 41.248365][ T692] F2FS-fs (loop4): invalid crc value [ 41.267393][ T692] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 41.329116][ T692] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=3000000, run fsck to fix. [ 41.346665][ T720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.93'. [ 41.349190][ T692] F2FS-fs (loop4): Bad quota inode 2:50331648 [ 41.373616][ T456] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 41.385284][ T720] loop3: detected capacity change from 0 to 512 [ 41.392131][ T692] F2FS-fs (loop4): Failed to enable quota tracking (type=2, err=-22). Please run fsck to fix. [ 41.410207][ T692] F2FS-fs (loop4): Cannot turn on quotas: error -22 [ 41.437845][ T692] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 41.438129][ T715] loop0: detected capacity change from 0 to 40427 [ 41.447718][ T692] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 41.474223][ T715] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 41.480597][ T715] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 41.528094][ T720] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 41.537309][ T715] F2FS-fs (loop0): invalid crc value [ 41.553710][ T720] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 41.572789][ T715] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 41.634014][ T715] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 41.643606][ T715] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 41.653712][ T456] usb 2-1: device descriptor read/64, error -71 [ 41.980629][ T30] kauditd_printk_skb: 92 callbacks suppressed [ 41.980642][ T30] audit: type=1400 audit(1773886806.586:330): avc: denied { setattr } for pid=691 comm="syz.4.99" name="file1" dev="loop4" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.009258][ T715] F2FS-fs (loop0): Start checkpoint disabled! [ 42.015658][ T715] attempt to access beyond end of device [ 42.015658][ T715] loop0: rw=2049, want=45104, limit=40427 [ 42.027081][ T30] audit: type=1400 audit(1773886806.626:331): avc: denied { remove_name } for pid=691 comm="syz.4.99" name="file1" dev="loop4" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.043621][ T456] usb 2-1: device descriptor read/64, error -71 [ 42.494040][ T456] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 42.577717][ T732] loop0: detected capacity change from 0 to 512 [ 42.657961][ T732] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 42.675529][ T732] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.686021][ T30] audit: type=1400 audit(1773886807.286:332): avc: denied { ioctl } for pid=733 comm="syz.4.107" path="socket:[16802]" dev="sockfs" ino=16802 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 42.698778][ T741] netlink: 'syz.4.107': attribute type 13 has an invalid length. [ 42.722298][ T741] gretap0: refused to change device tx_queue_len [ 42.729413][ T741] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 42.737944][ T30] audit: type=1400 audit(1773886807.346:333): avc: denied { read } for pid=742 comm="syz.2.110" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 42.778288][ T743] binder: 742:743 ioctl c018620c 200000000380 returned -1 [ 42.785785][ T456] usb 2-1: device descriptor read/64, error -71 [ 42.796623][ T743] binder: 742:743 ioctl 84009422 200000000240 returned -22 [ 42.804945][ T30] audit: type=1400 audit(1773886807.366:334): avc: denied { open } for pid=742 comm="syz.2.110" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 42.829718][ T30] audit: type=1400 audit(1773886807.386:335): avc: denied { ioctl } for pid=742 comm="syz.2.110" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 42.867264][ T745] tipc: Enabling of bearer rejected, failed to enable media [ 43.003592][ T759] netlink: 'syz.2.115': attribute type 3 has an invalid length. [ 43.038257][ T6] usb 4-1: USB disconnect, device number 4 [ 43.183583][ T456] usb 2-1: device descriptor read/64, error -71 [ 43.279597][ T30] audit: type=1400 audit(1773886807.886:336): avc: denied { create } for pid=774 comm="syz.3.121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 43.304098][ T456] usb usb2-port1: attempt power cycle [ 43.593608][ T6] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 43.713599][ T456] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 43.728858][ T771] loop4: detected capacity change from 0 to 262144 [ 43.807108][ T771] F2FS-fs (loop4): Found nat_bits in checkpoint [ 43.832163][ T771] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 43.833623][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 43.883660][ T456] usb 2-1: device descriptor read/8, error -71 [ 44.179688][ T6] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.189996][ T6] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 44.203812][ T6] usb 4-1: config 0 interface 0 has no altsetting 0 [ 44.210553][ T6] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 44.220193][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.231376][ T6] usb 4-1: config 0 descriptor?? [ 44.275517][ T6] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 44.333681][ T456] usb 2-1: device descriptor read/8, error -71 [ 44.477705][ T777] netlink: 52 bytes leftover after parsing attributes in process `syz.3.122'. [ 44.486984][ T777] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 44.503160][ T30] audit: type=1400 audit(1773886809.106:337): avc: denied { append } for pid=776 comm="syz.3.122" name="usbmon2" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 44.527031][ T777] loop3: detected capacity change from 0 to 1024 [ 44.527123][ T30] audit: type=1400 audit(1773886809.116:338): avc: denied { open } for pid=776 comm="syz.3.122" path="/dev/usbmon2" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 44.585806][ T777] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 44.623631][ T456] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 44.677555][ T777] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,barrier=0x0000000000000006,data_err=ignore,barrier=0x00000000000000ad,errors=remount-ro,grpquota,noblock_validity,discard,data_err=ignore,errors=remount-ro,. Quota mode: writeback. [ 44.736936][ T777] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.122: bg 0: block 504: padding at end of block bitmap is not set [ 44.754926][ T777] EXT4-fs (loop3): Remounting filesystem read-only [ 44.761795][ T777] overlayfs: failed to set xattr on upper [ 44.838567][ T800] loop4: detected capacity change from 0 to 256 [ 44.844952][ T456] usb 2-1: device descriptor read/8, error -71 [ 44.846562][ T800] exfat: Deprecated parameter 'utf8' [ 44.861394][ T800] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 44.879967][ T30] audit: type=1400 audit(1773886809.486:339): avc: denied { mounton } for pid=799 comm="syz.4.127" path="/32/file0" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.880014][ T800] 9pnet: Insufficient options for proto=fd [ 45.053636][ T26] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 45.123699][ T456] usb 2-1: device descriptor read/8, error -71 [ 45.200497][ T805] raw_sendmsg: syz.1.129 forgot to set AF_INET. Fix it! [ 45.213783][ T406] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 45.248233][ T806] EXT4-fs error (device loop1): ext4_get_branch:178: inode #13: block 1024: comm syz.1.129: invalid block [ 45.253706][ T456] usb usb2-port1: unable to enumerate USB device [ 45.261061][ T806] EXT4-fs (loop1): Remounting filesystem read-only [ 45.272859][ T806] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.129: invalid indirect mapped block 1024 (level 0) [ 45.287003][ T806] EXT4-fs (loop1): Remounting filesystem read-only [ 45.293526][ T806] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.129: bg 0: block 35: padding at end of block bitmap is not set [ 45.307867][ T806] EXT4-fs (loop1): Remounting filesystem read-only [ 45.314719][ T806] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 45.323843][ T806] EXT4-fs (loop1): Remounting filesystem read-only [ 45.330471][ T806] EXT4-fs (loop1): 1 truncate cleaned up [ 45.336206][ T806] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,lazytime,. Quota mode: none. [ 45.411117][ T813] set_capacity_and_notify: 1 callbacks suppressed [ 45.411128][ T813] loop1: detected capacity change from 0 to 128 [ 45.424030][ T26] usb 3-1: config 1 has an invalid descriptor of length 196, skipping remainder of the config [ 45.434644][ T26] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.446324][ T26] usb 3-1: too many endpoints for config 1 interface 1 altsetting 9: 234, using maximum allowed: 30 [ 45.457267][ T26] usb 3-1: config 1 interface 1 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 234 [ 45.470335][ T26] usb 3-1: config 1 interface 1 has no altsetting 1 [ 45.477869][ T813] FAT-fs (loop1): bogus number of FAT sectors [ 45.484133][ T813] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 45.493526][ T813] FAT-fs (loop1): Can't find a valid FAT filesystem [ 45.573647][ T406] usb 5-1: config 4 has an invalid interface number: 121 but max is 0 [ 45.584609][ T406] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 45.595011][ T26] usb 3-1: New USB device found, idVendor=0525, idProduct=bfa1, bcdDevice= 0.40 [ 45.604086][ T406] usb 5-1: config 4 has no interface number 0 [ 45.610206][ T406] usb 5-1: config 4 interface 121 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 45.624587][ T26] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 45.632607][ T26] usb 3-1: Product: syz [ 45.636814][ T26] usb 3-1: SerialNumber: syz [ 45.641729][ T406] usb 5-1: config 4 interface 121 has no altsetting 0 [ 45.684064][ T26] cdc_ncm 3-1:1.0: NCM or ECM functional descriptors missing [ 45.691488][ T26] cdc_ncm 3-1:1.0: bind() failure [ 45.703202][ T26] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 45.710180][ T26] cdc_ncm 3-1:1.1: bind() failure [ 45.822365][ T823] loop0: detected capacity change from 0 to 256 [ 45.863867][ T406] usb 5-1: New USB device found, idVendor=6b86, idProduct=c211, bcdDevice=25.ca [ 45.941999][ T406] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.020080][ T406] usb 5-1: Product: syz [ 46.024743][ T406] usb 5-1: Manufacturer: syz [ 46.029395][ T406] usb 5-1: SerialNumber: syz [ 46.039482][ T26] usb 3-1: USB disconnect, device number 4 [ 46.084095][ T406] usb-storage 5-1:4.121: USB Mass Storage device detected [ 46.288082][ T26] usb 5-1: USB disconnect, device number 2 [ 46.340418][ T406] usb 4-1: USB disconnect, device number 5 [ 46.393934][ T834] loop3: detected capacity change from 0 to 512 [ 46.415451][ T834] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 46.428188][ T834] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.446732][ T834] FAULT_INJECTION: forcing a failure. [ 46.446732][ T834] name failslab, interval 1, probability 0, space 0, times 0 [ 46.459844][ T834] CPU: 1 PID: 834 Comm: syz.3.137 Not tainted syzkaller #0 [ 46.467048][ T834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 46.469216][ T819] loop1: detected capacity change from 0 to 262144 [ 46.477097][ T834] Call Trace: [ 46.477104][ T834] [ 46.477110][ T834] __dump_stack+0x21/0x30 [ 46.477131][ T834] dump_stack_lvl+0x110/0x170 [ 46.498999][ T834] ? show_regs_print_info+0x20/0x20 [ 46.504158][ T819] F2FS-fs (loop1): Found nat_bits in checkpoint [ 46.504208][ T834] dump_stack+0x15/0x20 [ 46.514568][ T834] should_fail+0x3c1/0x510 [ 46.518985][ T834] __should_failslab+0xa4/0xe0 [ 46.523751][ T834] should_failslab+0x9/0x20 [ 46.528255][ T834] slab_pre_alloc_hook+0x3b/0xe0 [ 46.533193][ T834] ? mempool_alloc_slab+0x1d/0x30 [ 46.536824][ T819] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 46.538216][ T834] kmem_cache_alloc+0x44/0x260 [ 46.550590][ T834] ? ext4_map_blocks+0x831/0x1b30 [ 46.555858][ T834] mempool_alloc_slab+0x1d/0x30 [ 46.560878][ T834] ? mempool_free+0x340/0x340 [ 46.565555][ T834] mempool_alloc+0x157/0x490 [ 46.570247][ T834] ? __kasan_slab_alloc+0x69/0xf0 [ 46.575276][ T834] ? ext4_issue_zeroout+0x250/0x250 [ 46.580487][ T834] ? mempool_resize+0x850/0x850 [ 46.585350][ T834] ? ext4_set_iomap+0x63f/0x900 [ 46.590206][ T834] ? sanity+0x1e7/0x500 [ 46.594356][ T834] bio_alloc_bioset+0x136/0x940 [ 46.599208][ T834] iomap_dio_bio_iter+0xa6a/0x18d0 [ 46.604330][ T834] __iomap_dio_rw+0xcb9/0x1a20 [ 46.609089][ T834] ? iomap_dio_complete+0x6f0/0x6f0 [ 46.614261][ T834] ? downgrade_write+0x430/0x430 [ 46.619180][ T834] ? __kasan_kmalloc+0xec/0x110 [ 46.624008][ T834] ? __kasan_kmalloc+0xda/0x110 [ 46.628850][ T834] ? __kmalloc+0x13d/0x2c0 [ 46.633335][ T834] ? splice_direct_to_actor+0x991/0xb50 [ 46.638855][ T834] ? down_read+0xab/0x100 [ 46.643160][ T834] ? __down_common+0x380/0x380 [ 46.647899][ T834] iomap_dio_rw+0x3e/0x90 [ 46.652215][ T834] ext4_file_read_iter+0x3fe/0x510 [ 46.657325][ T834] generic_file_splice_read+0x3ec/0x5f0 [ 46.662892][ T834] ? splice_shrink_spd+0xb0/0xb0 [ 46.667843][ T834] ? __kasan_check_read+0x11/0x20 [ 46.672879][ T834] ? fsnotify_perm+0x269/0x5b0 [ 46.677827][ T834] ? security_file_permission+0x83/0xa0 [ 46.683386][ T834] ? rw_verify_area+0xa7/0x1c0 [ 46.688160][ T834] splice_direct_to_actor+0x40f/0xb50 [ 46.693722][ T834] ? do_splice_direct+0x2d0/0x2d0 [ 46.698868][ T834] ? pipe_to_sendpage+0x320/0x320 [ 46.703910][ T834] ? security_file_permission+0x83/0xa0 [ 46.709460][ T834] ? rw_verify_area+0xa7/0x1c0 [ 46.714322][ T834] do_splice_direct+0x1c2/0x2d0 [ 46.719162][ T834] ? splice_direct_to_actor+0xb50/0xb50 [ 46.724706][ T834] ? security_file_permission+0x83/0xa0 [ 46.730238][ T834] do_sendfile+0x5ed/0xea0 [ 46.734633][ T834] ? do_preadv+0x390/0x390 [ 46.739065][ T834] ? fput_many+0x15a/0x1a0 [ 46.743455][ T834] ? fput+0x1a/0x20 [ 46.747340][ T834] __x64_sys_sendfile64+0x199/0x1f0 [ 46.752523][ T834] ? __ia32_sys_read+0x90/0x90 [ 46.757282][ T834] ? __ia32_sys_sendfile+0x190/0x190 [ 46.762576][ T834] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 46.768663][ T834] x64_sys_call+0x88d/0x9a0 [ 46.773175][ T834] do_syscall_64+0x4c/0xa0 [ 46.777683][ T834] ? clear_bhb_loop+0x50/0xa0 [ 46.782363][ T834] ? clear_bhb_loop+0x50/0xa0 [ 46.787081][ T834] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.793072][ T834] RIP: 0033:0x7ff0ede5c799 [ 46.797578][ T834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 46.817194][ T834] RSP: 002b:00007ff0ec8b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 46.825617][ T834] RAX: ffffffffffffffda RBX: 00007ff0ee0d5fa0 RCX: 00007ff0ede5c799 [ 46.834015][ T834] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 46.842089][ T834] RBP: 00007ff0ec8b7090 R08: 0000000000000000 R09: 0000000000000000 [ 46.850071][ T834] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 46.858082][ T834] R13: 00007ff0ee0d6038 R14: 00007ff0ee0d5fa0 R15: 00007ffe6687f5a8 [ 46.866153][ T834] [ 47.057484][ T854] 9pnet: Insufficient options for proto=fd [ 47.104503][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 47.104517][ T30] audit: type=1400 audit(1773886811.716:350): avc: denied { bind } for pid=861 comm="syz.2.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 47.136541][ T863] loop0: detected capacity change from 0 to 16 [ 47.173871][ T863] erofs: (device loop0): mounted with root inode @ nid 36. [ 47.182093][ T863] attempt to access beyond end of device [ 47.182093][ T863] loop0: rw=524288, want=1072, limit=16 [ 47.193631][ T49] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000] [ 47.198577][ T864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.145'. [ 47.213694][ T30] audit: type=1400 audit(1773886811.806:351): avc: denied { setopt } for pid=861 comm="syz.2.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 47.243886][ T865] erofs: (device loop0): z_erofs_readahead: readahead error at page 4 @ nid 89 [ 47.252918][ T865] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 4 @ nid 89 [ 47.263240][ T865] attempt to access beyond end of device [ 47.263240][ T865] loop0: rw=524288, want=56, limit=16 [ 47.275173][ T865] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 47.293393][ T865] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 47.315070][ T864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.145'. [ 47.339732][ T864] netlink: 20 bytes leftover after parsing attributes in process `syz.2.145'. [ 47.341201][ T30] audit: type=1400 audit(1773886811.926:352): avc: denied { write } for pid=861 comm="syz.2.145" name="ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.378314][ T30] audit: type=1400 audit(1773886811.936:353): avc: denied { wake_alarm } for pid=855 comm="syz.3.144" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 47.385625][ T864] netlink: 20 bytes leftover after parsing attributes in process `syz.2.145'. [ 47.399853][ T30] audit: type=1326 audit(1773886811.936:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=867 comm="syz.4.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 47.449222][ T30] audit: type=1326 audit(1773886811.936:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=867 comm="syz.4.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 47.473980][ T30] audit: type=1326 audit(1773886811.936:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=867 comm="syz.4.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 47.490080][ T873] loop4: detected capacity change from 0 to 8192 [ 47.497691][ T30] audit: type=1326 audit(1773886811.936:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=867 comm="syz.4.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 47.527513][ T30] audit: type=1326 audit(1773886811.936:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=867 comm="syz.4.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 47.551109][ T30] audit: type=1326 audit(1773886811.936:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=867 comm="syz.4.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 47.614557][ T340] loop4: p1 < > p2 < p5 > p4 [ 47.620783][ T406] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 47.623790][ T340] loop4: p4 size 16776960 extends beyond EOD, truncated [ 47.631355][ T406] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 47.645801][ T340] loop4: p5 size 16776960 extends beyond EOD, truncated [ 47.655682][ T406] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 47.678310][ T876] SELinux: Context system_u:object is not valid (left unmapped). [ 47.688770][ T873] loop4: p1 < > p2 < p5 > p4 [ 47.695480][ T873] loop4: p4 size 16776960 extends beyond EOD, truncated [ 47.713966][ T873] loop4: p5 size 16776960 extends beyond EOD, truncated [ 47.941840][ T882] loop0: detected capacity change from 0 to 512 [ 47.970597][ T882] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 47.992280][ T882] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.040124][ T886] loop3: detected capacity change from 0 to 16 [ 48.056058][ T882] FAULT_INJECTION: forcing a failure. [ 48.056058][ T882] name failslab, interval 1, probability 0, space 0, times 0 [ 48.133618][ T882] CPU: 0 PID: 882 Comm: syz.0.151 Not tainted syzkaller #0 [ 48.140936][ T882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 48.151364][ T882] Call Trace: [ 48.154646][ T882] [ 48.157579][ T882] __dump_stack+0x21/0x30 [ 48.161915][ T882] dump_stack_lvl+0x110/0x170 [ 48.166596][ T882] ? show_regs_print_info+0x20/0x20 [ 48.171798][ T882] ? __kasan_check_read+0x11/0x20 [ 48.177005][ T882] ? preempt_schedule_irq+0xca/0x120 [ 48.182304][ T882] ? __cond_resched+0xd0/0xd0 [ 48.187072][ T882] ? mempool_alloc+0x164/0x490 [ 48.192009][ T882] dump_stack+0x15/0x20 [ 48.196394][ T882] should_fail+0x3c1/0x510 [ 48.200811][ T882] __should_failslab+0xa4/0xe0 [ 48.205670][ T882] should_failslab+0x9/0x20 [ 48.210181][ T882] slab_pre_alloc_hook+0x3b/0xe0 [ 48.215210][ T882] ? bio_alloc_bioset+0x4b1/0x940 [ 48.220334][ T882] kmem_cache_alloc+0x44/0x260 [ 48.225100][ T882] bio_alloc_bioset+0x4b1/0x940 [ 48.229954][ T882] iomap_dio_bio_iter+0xa6a/0x18d0 [ 48.235421][ T882] __iomap_dio_rw+0xcb9/0x1a20 [ 48.240274][ T882] ? perf_sched_cb_inc+0x240/0x240 [ 48.245400][ T882] ? iomap_dio_complete+0x6f0/0x6f0 [ 48.250791][ T882] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 48.256432][ T882] iomap_dio_rw+0x3e/0x90 [ 48.260847][ T882] ext4_file_read_iter+0x3fe/0x510 [ 48.265963][ T882] generic_file_splice_read+0x3ec/0x5f0 [ 48.271514][ T882] ? splice_shrink_spd+0xb0/0xb0 [ 48.276462][ T882] ? __kasan_check_read+0x11/0x20 [ 48.281494][ T882] ? fsnotify_perm+0x269/0x5b0 [ 48.286258][ T882] ? security_file_permission+0x83/0xa0 [ 48.291813][ T882] ? rw_verify_area+0xa7/0x1c0 [ 48.296586][ T882] splice_direct_to_actor+0x40f/0xb50 [ 48.301973][ T882] ? do_splice_direct+0x2d0/0x2d0 [ 48.307010][ T882] ? pipe_to_sendpage+0x320/0x320 [ 48.312112][ T882] ? security_file_permission+0x83/0xa0 [ 48.317694][ T882] ? rw_verify_area+0xa7/0x1c0 [ 48.322455][ T882] do_splice_direct+0x1c2/0x2d0 [ 48.327397][ T882] ? splice_direct_to_actor+0xb50/0xb50 [ 48.332944][ T882] ? security_file_permission+0x83/0xa0 [ 48.338506][ T882] do_sendfile+0x5ed/0xea0 [ 48.343106][ T882] ? do_preadv+0x390/0x390 [ 48.347540][ T882] ? fput_many+0x15a/0x1a0 [ 48.351953][ T882] ? fput+0x1a/0x20 [ 48.355754][ T882] __x64_sys_sendfile64+0x199/0x1f0 [ 48.360951][ T882] ? __ia32_sys_sendfile+0x190/0x190 [ 48.366338][ T882] ? __kasan_check_write+0x14/0x20 [ 48.371461][ T882] ? switch_fpu_return+0x15d/0x2c0 [ 48.376586][ T882] x64_sys_call+0x88d/0x9a0 [ 48.381146][ T882] do_syscall_64+0x4c/0xa0 [ 48.385746][ T882] ? clear_bhb_loop+0x50/0xa0 [ 48.390687][ T882] ? clear_bhb_loop+0x50/0xa0 [ 48.395452][ T882] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.401361][ T882] RIP: 0033:0x7fd9b2bb7799 [ 48.405787][ T882] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 48.425578][ T882] RSP: 002b:00007fd9b1612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 48.433997][ T882] RAX: ffffffffffffffda RBX: 00007fd9b2e30fa0 RCX: 00007fd9b2bb7799 [ 48.441971][ T882] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 48.449962][ T882] RBP: 00007fd9b1612090 R08: 0000000000000000 R09: 0000000000000000 [ 48.457938][ T882] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 48.465931][ T882] R13: 00007fd9b2e31038 R14: 00007fd9b2e30fa0 R15: 00007ffd8e6f6698 [ 48.474179][ T882] [ 48.484518][ T886] erofs: (device loop3): mounted with root inode @ nid 36. [ 48.619077][ T898] netlink: 'syz.0.155': attribute type 13 has an invalid length. [ 48.814154][ T902] xt_CT: No such helper "pptp" [ 49.073677][ T456] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 49.313086][ T894] loop1: detected capacity change from 0 to 131072 [ 49.323588][ T456] usb 5-1: Using ep0 maxpacket: 16 [ 49.370818][ T894] F2FS-fs (loop1): invalid crc value [ 49.394824][ T894] F2FS-fs (loop1): Found nat_bits in checkpoint [ 49.443657][ T456] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.461339][ T456] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 49.481429][ T456] usb 5-1: config 0 interface 0 has no altsetting 0 [ 49.482915][ T894] F2FS-fs (loop1): recover fsync data on readonly fs [ 49.501618][ T456] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 49.511262][ T894] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 49.518972][ T456] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.539853][ T456] usb 5-1: config 0 descriptor?? [ 49.832439][ T911] loop3: detected capacity change from 0 to 4096 [ 49.865997][ T911] EXT4-fs (loop3): Test dummy encryption mode enabled [ 49.897912][ T911] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 49.909174][ T911] System zones: 0-5 [ 49.914241][ T911] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback. [ 49.954143][ T914] exfat: Deprecated parameter 'utf8' [ 50.001001][ T914] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 50.030751][ T914] 9pnet: Insufficient options for proto=fd [ 50.036855][ T456] hid (null): unknown global tag 0xc [ 50.050932][ T456] hid (null): bogus close delimiter [ 50.057275][ T907] F2FS-fs (loop0): Found nat_bits in checkpoint [ 50.099499][ T907] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 50.129032][ T925] netlink: 'syz.1.161': attribute type 2 has an invalid length. [ 50.152874][ T925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.161'. [ 50.181827][ T925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.161'. [ 50.237228][ T286] usb 5-1: USB disconnect, device number 3 [ 50.542826][ T929] set_capacity_and_notify: 2 callbacks suppressed [ 50.542841][ T929] loop3: detected capacity change from 0 to 8192 [ 50.604568][ T929] loop3: p1 < > p2 < p5 > p4 [ 50.630052][ T929] loop3: p4 size 16776960 extends beyond EOD, truncated [ 50.640740][ T929] loop3: p5 size 16776960 extends beyond EOD, truncated [ 50.678740][ T456] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 50.690732][ T456] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 50.707783][ T456] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz1 [ 50.952762][ T934] loop1: detected capacity change from 0 to 512 [ 51.007591][ T937] loop4: detected capacity change from 0 to 256 [ 51.051533][ T940] loop1: detected capacity change from 0 to 4096 [ 51.129720][ T940] EXT4-fs (loop1): Test dummy encryption mode enabled [ 51.129745][ T940] EXT4-fs (loop1): Ignoring removed oldalloc option [ 51.137322][ T940] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 51.137378][ T940] System zones: 0-5 [ 51.164350][ T940] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,i_version,oldalloc,delalloc,barrier,,errors=continue. Quota mode: writeback. [ 51.349967][ T302] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 51.652181][ T953] loop0: detected capacity change from 0 to 512 [ 51.653633][ T302] usb 5-1: device descriptor read/64, error -71 [ 51.682671][ T959] loop3: detected capacity change from 0 to 256 [ 51.691652][ T953] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 51.691723][ T953] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.700996][ T953] FAULT_INJECTION: forcing a failure. [ 51.700996][ T953] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 51.727365][ T959] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 51.728355][ T26] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 51.740985][ T953] CPU: 0 PID: 953 Comm: syz.0.164 Not tainted syzkaller #0 [ 51.755236][ T953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 51.755251][ T953] Call Trace: [ 51.755256][ T953] [ 51.755262][ T953] __dump_stack+0x21/0x30 [ 51.755285][ T953] dump_stack_lvl+0x110/0x170 [ 51.755300][ T953] ? show_regs_print_info+0x20/0x20 [ 51.755317][ T953] dump_stack+0x15/0x20 [ 51.755330][ T953] should_fail+0x3c1/0x510 [ 51.755345][ T953] should_fail_alloc_page+0x55/0x80 [ 51.755360][ T953] prepare_alloc_pages+0x156/0x610 [ 51.755378][ T953] ? __alloc_pages_bulk+0xad0/0xad0 [ 51.755394][ T953] ? arch_stack_walk+0xee/0x140 [ 51.755412][ T953] __alloc_pages+0x11d/0x460 [ 51.755426][ T953] ? prep_new_page+0x110/0x110 [ 51.755445][ T953] ? __kasan_slab_alloc+0xcf/0xf0 [ 51.755462][ T953] push_pipe+0x36b/0x630 [ 51.755480][ T953] pipe_get_pages+0x2a3/0x500 [ 51.755499][ T953] iov_iter_get_pages+0x4b4/0x5c0 [ 51.755516][ T953] bio_iov_iter_get_pages+0x454/0x12f0 [ 51.755544][ T953] ? fscrypt_set_bio_crypt_ctx+0x17e/0x500 [ 51.755566][ T953] ? bio_release_pages+0x340/0x340 [ 51.755583][ T953] iomap_dio_bio_iter+0xd66/0x18d0 [ 51.755605][ T953] __iomap_dio_rw+0xcb9/0x1a20 [ 51.755628][ T953] ? iomap_dio_complete+0x6f0/0x6f0 [ 51.755647][ T953] ? downgrade_write+0x430/0x430 [ 51.755664][ T953] ? __kasan_kmalloc+0xec/0x110 [ 51.755678][ T953] ? __kasan_kmalloc+0xda/0x110 [ 51.755692][ T953] ? __kmalloc+0x13d/0x2c0 [ 51.755708][ T953] ? splice_direct_to_actor+0x991/0xb50 [ 51.755726][ T953] ? down_read+0xab/0x100 [ 51.755742][ T953] ? __down_common+0x380/0x380 [ 51.755757][ T953] iomap_dio_rw+0x3e/0x90 [ 51.755774][ T953] ext4_file_read_iter+0x3fe/0x510 [ 51.755792][ T953] generic_file_splice_read+0x3ec/0x5f0 [ 51.755811][ T953] ? splice_shrink_spd+0xb0/0xb0 [ 51.755828][ T953] ? __kasan_check_read+0x11/0x20 [ 51.755844][ T953] ? fsnotify_perm+0x269/0x5b0 [ 51.755863][ T953] ? security_file_permission+0x83/0xa0 [ 51.755880][ T953] ? rw_verify_area+0xa7/0x1c0 [ 51.755896][ T953] splice_direct_to_actor+0x40f/0xb50 [ 51.755916][ T953] ? do_splice_direct+0x2d0/0x2d0 [ 51.755935][ T953] ? pipe_to_sendpage+0x320/0x320 [ 51.755952][ T953] ? security_file_permission+0x83/0xa0 [ 51.755970][ T953] ? rw_verify_area+0xa7/0x1c0 [ 51.755984][ T953] do_splice_direct+0x1c2/0x2d0 [ 51.756003][ T953] ? splice_direct_to_actor+0xb50/0xb50 [ 51.756022][ T953] ? security_file_permission+0x83/0xa0 [ 51.756041][ T953] do_sendfile+0x5ed/0xea0 [ 51.756058][ T953] ? do_preadv+0x390/0x390 [ 51.756074][ T953] ? fput_many+0x15a/0x1a0 [ 51.756089][ T953] ? fput+0x1a/0x20 [ 51.756103][ T953] __x64_sys_sendfile64+0x199/0x1f0 [ 51.756119][ T953] ? __ia32_sys_read+0x90/0x90 [ 51.756134][ T953] ? __ia32_sys_sendfile+0x190/0x190 [ 51.756151][ T953] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 51.756169][ T953] x64_sys_call+0x88d/0x9a0 [ 51.756185][ T953] do_syscall_64+0x4c/0xa0 [ 51.756201][ T953] ? clear_bhb_loop+0x50/0xa0 [ 51.756216][ T953] ? clear_bhb_loop+0x50/0xa0 [ 51.756230][ T953] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.756250][ T953] RIP: 0033:0x7fd9b2bb7799 [ 51.756263][ T953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 51.756277][ T953] RSP: 002b:00007fd9b1612028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 51.756295][ T953] RAX: ffffffffffffffda RBX: 00007fd9b2e30fa0 RCX: 00007fd9b2bb7799 [ 51.756308][ T953] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 51.756318][ T953] RBP: 00007fd9b1612090 R08: 0000000000000000 R09: 0000000000000000 [ 51.756328][ T953] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 51.756339][ T953] R13: 00007fd9b2e31038 R14: 00007fd9b2e30fa0 R15: 00007ffd8e6f6698 [ 51.756354][ T953] [ 51.795603][ T959] incfs: Can't find or create .index dir in ./file0 [ 51.813617][ T286] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 51.815538][ T959] incfs: mount failed -28 [ 51.851421][ T960] netlink: 12 bytes leftover after parsing attributes in process `syz.3.173'. [ 51.991214][ T961] incfs: Can't find or create .index dir in ./file0 [ 52.172768][ T302] usb 5-1: device descriptor read/64, error -71 [ 52.173039][ T961] incfs: mount failed -28 [ 52.193934][ T26] usb 2-1: Using ep0 maxpacket: 32 [ 52.293289][ T978] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.294015][ T978] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 52.312957][ T982] netlink: 36 bytes leftover after parsing attributes in process `syz.0.179'. [ 52.327194][ T26] usb 2-1: config index 0 descriptor too short (expected 548, got 36) [ 52.327219][ T26] usb 2-1: config 127 has too many interfaces: 193, using maximum allowed: 32 [ 52.327237][ T26] usb 2-1: config 127 contains an unexpected descriptor of type 0x2, skipping [ 52.327251][ T26] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 52.327267][ T26] usb 2-1: config 127 has 0 interfaces, different from the descriptor's value: 193 [ 52.330257][ T982] input: syz1 as /devices/virtual/input/input7 [ 52.336130][ T286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 52.346690][ T30] kauditd_printk_skb: 65 callbacks suppressed [ 52.346704][ T30] audit: type=1400 audit(1773886816.956:425): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=900 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.357032][ T286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 52.367967][ T982] loop0: detected capacity change from 0 to 16 [ 52.376825][ T286] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 52.381692][ T30] audit: type=1400 audit(1773886816.956:426): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=900 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.391929][ T286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.398298][ T30] audit: type=1400 audit(1773886816.956:427): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=900 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.424096][ T286] usb 3-1: config 0 descriptor?? [ 52.473654][ T302] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 52.526992][ T978] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.663681][ T982] loop0: detected capacity change from 0 to 40427 [ 52.663846][ T26] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 52.663869][ T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.663886][ T26] usb 2-1: Product: syz [ 52.663898][ T26] usb 2-1: Manufacturer: syz [ 52.663908][ T26] usb 2-1: SerialNumber: syz [ 52.787549][ T991] loop0: detected capacity change from 0 to 1024 [ 52.811575][ T991] EXT4-fs (loop0): Ignoring removed orlov option [ 52.826203][ T991] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,bsddf,nombcache,inode_readahead_blks=0x0000000000000000,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,grpjquota=,,errors=continue. Quota mode: none. [ 52.913619][ T302] usb 5-1: device descriptor read/64, error -71 [ 52.975782][ T995] EXT4-fs error (device loop0): __ext4_new_inode:1286: comm syz.0.182: failed to insert inode 12: doubly allocated? [ 52.989498][ T39] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 53.003652][ T286] usbhid 3-1:0.0: can't add hid device: -71 [ 53.003716][ T286] usbhid: probe of 3-1:0.0 failed with error -71 [ 53.010161][ T286] usb 3-1: USB disconnect, device number 5 [ 53.100023][ T998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.168'. [ 53.102330][ T998] loop1: detected capacity change from 0 to 512 [ 53.138115][ T998] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 53.138331][ T998] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal [ 53.273576][ T39] usb 4-1: Using ep0 maxpacket: 16 [ 53.383598][ T302] usb 5-1: device descriptor read/64, error -71 [ 53.393785][ T39] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.393816][ T39] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.393836][ T39] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 53.393859][ T39] usb 4-1: config 0 interface 0 has no altsetting 0 [ 53.393884][ T39] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 53.393904][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.394853][ T39] usb 4-1: config 0 descriptor?? [ 53.503676][ T302] usb usb5-port1: attempt power cycle [ 53.731455][ T1004] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.755198][ T1004] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none. [ 53.785105][ T606] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 53.895062][ T1013] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 53.908614][ T1013] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.913607][ T302] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 53.921128][ T1013] EXT4-fs error (device loop0): ext4_lookup:1858: inode #12: comm syz.0.187: iget: bad i_size value: 2533274857506816 [ 53.953853][ T1019] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3ec, utbl_chksum : 0xe619d30d) [ 53.961313][ T1021] fuse: Bad value for 'group_id' [ 53.977012][ T30] audit: type=1400 audit(1773886818.586:428): avc: denied { ioctl } for pid=1020 comm="syz.4.188" path="socket:[18195]" dev="sockfs" ino=18195 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 54.023719][ T39] usbhid 4-1:0.0: can't add hid device: -71 [ 54.034749][ T39] usbhid: probe of 4-1:0.0 failed with error -71 [ 54.042841][ T39] usb 4-1: USB disconnect, device number 6 [ 54.055153][ T1027] netlink: 164 bytes leftover after parsing attributes in process `syz.3.192'. [ 54.073602][ T606] usb 3-1: device descriptor read/64, error -71 [ 54.095694][ T1023] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 54.108512][ T1023] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.120580][ T1025] EXT4-fs (loop0): Test dummy encryption mode enabled [ 54.133707][ T1025] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption=v1,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: none. [ 54.149940][ T1025] ext4 filesystem being mounted at /45/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 54.164534][ T1025] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 54.175230][ T1025] xt_hashlimit: size too large, truncated to 1048576 [ 54.185345][ T1034] EXT4-fs error (device loop3): ext4_iget_extra_inode:4597: inode #15: comm syz.3.193: corrupted in-inode xattr [ 54.217622][ T1034] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.193: couldn't read orphan inode 15 (err -117) [ 54.237185][ T1034] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000040000ff,debug_want_extra_isize=0x000000000000005c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue. Quota mode: none. [ 54.266579][ T30] audit: type=1400 audit(1773886818.876:429): avc: denied { append } for pid=1024 comm="syz.0.190" path="/45/mnt/net_prio.prioidx" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.298005][ T1032] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check. [ 54.319993][ T30] audit: type=1400 audit(1773886818.926:430): avc: denied { map } for pid=1043 comm="syz.4.196" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 54.371911][ T1048] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 54.459920][ T30] audit: type=1400 audit(1773886819.066:431): avc: denied { connect } for pid=1055 comm="syz.0.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.504994][ T302] usb 5-1: device not accepting address 6, error -71 [ 54.575796][ T606] usb 3-1: device descriptor read/64, error -71 [ 54.582141][ T26] usb 2-1: USB disconnect, device number 10 [ 54.624365][ T1054] EXT4-fs error (device loop4): __ext4_iget:4943: inode #11: block 1: comm syz.4.199: invalid block [ 54.652341][ T1054] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.199: couldn't read orphan inode 11 (err -117) [ 54.674041][ T1054] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 54.713641][ T6] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 54.843582][ T606] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 55.022316][ T1054] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #2: comm syz.4.199: Directory hole found for htree leaf block 0 [ 55.037418][ T1054] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #2: comm syz.4.199: Directory hole found for htree leaf block 0 [ 55.051244][ T1054] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #2: comm syz.4.199: Directory hole found for htree leaf block 0 [ 55.065758][ T30] audit: type=1400 audit(1773886819.676:432): avc: denied { connect } for pid=1053 comm="syz.4.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 55.065942][ T1054] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #2: comm syz.4.199: Directory hole found for htree leaf block 0 [ 55.103694][ T6] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12349, setting to 64 [ 55.122086][ T6] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 55.123661][ T606] usb 3-1: device descriptor read/64, error -71 [ 55.132100][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.137545][ T30] audit: type=1400 audit(1773886819.676:433): avc: denied { create } for pid=1053 comm="syz.4.199" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 55.453848][ T30] audit: type=1400 audit(1773886820.066:434): avc: denied { relabelfrom } for pid=1028 comm="syz.3.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 55.563594][ T606] usb 3-1: device descriptor read/64, error -71 [ 55.662445][ T1058] set_capacity_and_notify: 9 callbacks suppressed [ 55.662459][ T1058] loop1: detected capacity change from 0 to 262144 [ 55.667705][ T1061] loop0: detected capacity change from 0 to 262144 [ 55.685175][ T606] usb usb3-port1: attempt power cycle [ 55.699582][ T1058] F2FS-fs (loop1): Found nat_bits in checkpoint [ 55.699655][ T1061] F2FS-fs (loop0): Found nat_bits in checkpoint [ 55.714137][ T302] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 55.748331][ T1061] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 55.768768][ T1058] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 56.183491][ T302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.194855][ T302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.205990][ T302] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 56.220169][ T302] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 56.322287][ T606] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 56.753470][ T302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.764212][ T302] usb 5-1: config 0 descriptor?? [ 57.233605][ T606] usb 3-1: device not accepting address 8, error -71 [ 57.479731][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 57.479747][ T30] audit: type=1326 audit(1773886822.086:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1090 comm="syz.4.202" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fa7e7938799 code=0x7ffc0000 [ 57.643308][ T1034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.193'. [ 57.857606][ T30] audit: type=1326 audit(1773886822.466:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1100 comm="syz.0.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9b2bb7799 code=0x7ffc0000 [ 57.885713][ T30] audit: type=1326 audit(1773886822.466:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1100 comm="syz.0.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd9b2bb7799 code=0x7ffc0000 [ 57.923600][ T606] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 57.934116][ T1105] loop0: detected capacity change from 0 to 512 [ 57.940860][ T30] audit: type=1326 audit(1773886822.466:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1100 comm="syz.0.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9b2bb7799 code=0x7ffc0000 [ 57.972135][ T30] audit: type=1326 audit(1773886822.466:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1100 comm="syz.0.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd9b2bb7799 code=0x7ffc0000 [ 57.975784][ T1109] loop1: detected capacity change from 0 to 512 [ 58.000962][ T30] audit: type=1326 audit(1773886822.466:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1100 comm="syz.0.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9b2bb7799 code=0x7ffc0000 [ 58.027095][ T30] audit: type=1326 audit(1773886822.466:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1100 comm="syz.0.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9b2bb7799 code=0x7ffc0000 [ 58.050377][ T606] usb 3-1: Using ep0 maxpacket: 32 [ 58.069615][ T1105] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 58.073095][ T1109] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 58.082604][ T1105] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.095996][ T1109] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.123266][ T1109] FAULT_INJECTION: forcing a failure. [ 58.123266][ T1109] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 58.137080][ T1109] CPU: 1 PID: 1109 Comm: syz.1.213 Not tainted syzkaller #0 [ 58.144458][ T1109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 58.154781][ T1109] Call Trace: [ 58.158426][ T1109] [ 58.161350][ T1109] __dump_stack+0x21/0x30 [ 58.165770][ T1109] dump_stack_lvl+0x110/0x170 [ 58.170436][ T1109] ? show_regs_print_info+0x20/0x20 [ 58.175623][ T1109] ? blk_try_enter_queue+0x165/0x350 [ 58.180904][ T1109] dump_stack+0x15/0x20 [ 58.185137][ T1109] should_fail+0x3c1/0x510 [ 58.189629][ T1109] should_fail_alloc_page+0x55/0x80 [ 58.194935][ T1109] prepare_alloc_pages+0x156/0x610 [ 58.200210][ T1109] ? __alloc_pages_bulk+0xad0/0xad0 [ 58.205653][ T1109] __alloc_pages+0x11d/0x460 [ 58.210229][ T1109] ? prep_new_page+0x110/0x110 [ 58.215063][ T1109] ? ext4_issue_zeroout+0x250/0x250 [ 58.220242][ T1109] push_pipe+0x36b/0x630 [ 58.224496][ T1109] pipe_zero+0xa8/0x370 [ 58.228783][ T1109] ? iov_iter_npages+0x28c/0x5d0 [ 58.233710][ T1109] iov_iter_zero+0x4af/0xef0 [ 58.238500][ T1109] ? copy_page_from_iter+0x680/0x680 [ 58.243875][ T1109] ? iomap_iter+0x6f6/0xaf0 [ 58.248366][ T1109] __iomap_dio_rw+0xfb7/0x1a20 [ 58.253128][ T1109] ? iomap_dio_complete+0x6f0/0x6f0 [ 58.258315][ T1109] ? downgrade_write+0x430/0x430 [ 58.263416][ T1109] ? __kasan_kmalloc+0xec/0x110 [ 58.268257][ T1109] ? __kasan_kmalloc+0xda/0x110 [ 58.273089][ T1109] ? __kmalloc+0x13d/0x2c0 [ 58.277486][ T1109] ? splice_direct_to_actor+0x991/0xb50 [ 58.283112][ T1109] ? down_read+0xab/0x100 [ 58.287425][ T1109] ? __down_common+0x380/0x380 [ 58.292190][ T1109] iomap_dio_rw+0x3e/0x90 [ 58.296591][ T1109] ext4_file_read_iter+0x3fe/0x510 [ 58.301691][ T1109] generic_file_splice_read+0x3ec/0x5f0 [ 58.307227][ T1109] ? splice_shrink_spd+0xb0/0xb0 [ 58.312148][ T1109] ? __kasan_check_read+0x11/0x20 [ 58.317152][ T1109] ? fsnotify_perm+0x269/0x5b0 [ 58.321974][ T1109] ? security_file_permission+0x83/0xa0 [ 58.327500][ T1109] ? rw_verify_area+0xa7/0x1c0 [ 58.332245][ T1109] splice_direct_to_actor+0x40f/0xb50 [ 58.337608][ T1109] ? do_splice_direct+0x2d0/0x2d0 [ 58.342638][ T1109] ? pipe_to_sendpage+0x320/0x320 [ 58.347655][ T1109] ? security_file_permission+0x83/0xa0 [ 58.353215][ T1109] ? rw_verify_area+0xa7/0x1c0 [ 58.357971][ T1109] do_splice_direct+0x1c2/0x2d0 [ 58.362992][ T1109] ? splice_direct_to_actor+0xb50/0xb50 [ 58.368792][ T1109] ? security_file_permission+0x83/0xa0 [ 58.374418][ T1109] do_sendfile+0x5ed/0xea0 [ 58.378825][ T1109] ? do_preadv+0x390/0x390 [ 58.383401][ T1109] ? fput_many+0x15a/0x1a0 [ 58.387976][ T1109] ? fput+0x1a/0x20 [ 58.391782][ T1109] __x64_sys_sendfile64+0x199/0x1f0 [ 58.397163][ T1109] ? __ia32_sys_read+0x90/0x90 [ 58.402087][ T1109] ? __ia32_sys_sendfile+0x190/0x190 [ 58.407704][ T1109] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 58.413900][ T1109] x64_sys_call+0x88d/0x9a0 [ 58.418539][ T1109] do_syscall_64+0x4c/0xa0 [ 58.423045][ T1109] ? clear_bhb_loop+0x50/0xa0 [ 58.427834][ T1109] ? clear_bhb_loop+0x50/0xa0 [ 58.432530][ T1109] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 58.438779][ T1109] RIP: 0033:0x7fcec6292799 [ 58.443557][ T1109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 58.463738][ T1109] RSP: 002b:00007fcec4ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 58.472415][ T1109] RAX: ffffffffffffffda RBX: 00007fcec650bfa0 RCX: 00007fcec6292799 [ 58.480505][ T1109] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 58.489022][ T1109] RBP: 00007fcec4ced090 R08: 0000000000000000 R09: 0000000000000000 [ 58.497504][ T1109] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000002 [ 58.505559][ T1109] R13: 00007fcec650c038 R14: 00007fcec650bfa0 R15: 00007ffdb4b36a18 [ 58.513900][ T1109] [ 58.529623][ T286] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 58.538178][ T286] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 58.548092][ T286] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz1 [ 58.552563][ T1118] loop0: detected capacity change from 0 to 2048 [ 58.565104][ T606] usb 3-1: config index 0 descriptor too short (expected 548, got 36) [ 58.574486][ T606] usb 3-1: config 127 has too many interfaces: 193, using maximum allowed: 32 [ 58.583433][ T606] usb 3-1: config 127 contains an unexpected descriptor of type 0x2, skipping [ 58.592599][ T302] usbhid 5-1:0.0: can't add hid device: -71 [ 58.599306][ T606] usb 3-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 58.610062][ T302] usbhid: probe of 5-1:0.0 failed with error -71 [ 58.617418][ T606] usb 3-1: config 127 has 0 interfaces, different from the descriptor's value: 193 [ 58.632306][ T302] usb 5-1: USB disconnect, device number 7 [ 58.634450][ T1118] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 58.667021][ T1118] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.691276][ T1124] fs-verity: sha512 using implementation "sha512-avx2" [ 58.711513][ T1118] syz.0.214 (1118) used greatest stack depth: 20928 bytes left [ 58.753689][ T6] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 58.775045][ T1126] loop0: detected capacity change from 0 to 128 [ 58.782615][ T6] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input8 [ 58.793683][ T606] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 58.803256][ T606] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.804775][ T6] usb 4-1: USB disconnect, device number 7 [ 58.813346][ T606] usb 3-1: Product: syz [ 58.817376][ C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 58.832061][ T606] usb 3-1: Manufacturer: syz [ 58.837569][ T606] usb 3-1: SerialNumber: syz [ 58.840711][ T1126] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 58.870440][ T1126] ext4 filesystem being mounted at /52/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 58.984153][ T1132] netlink: 48 bytes leftover after parsing attributes in process `syz.0.219'. [ 58.993436][ T1132] netlink: 28 bytes leftover after parsing attributes in process `syz.0.219'. [ 59.002568][ T1132] netlink: 28 bytes leftover after parsing attributes in process `syz.0.219'. [ 59.011679][ T1132] netlink: 'syz.0.219': attribute type 8 has an invalid length. [ 59.098648][ T1135] netlink: 164 bytes leftover after parsing attributes in process `syz.0.220'. [ 59.298788][ T1139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.210'. [ 59.520336][ T1123] loop1: detected capacity change from 0 to 262144 [ 59.543627][ T286] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 59.598119][ T1123] F2FS-fs (loop1): Found nat_bits in checkpoint [ 59.649925][ T1123] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 59.769269][ T1148] loop3: detected capacity change from 0 to 8192 [ 60.157577][ T286] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 60.176382][ T286] usb 1-1: config 0 has an invalid interface association descriptor of length 5, skipping [ 60.217358][ T286] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 60.238931][ T286] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 60.263759][ T286] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 60.286337][ T286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.309487][ T286] usb 1-1: config 0 descriptor?? [ 60.497663][ T1160] netlink: 9 bytes leftover after parsing attributes in process `syz.4.227'. [ 60.506958][ T1160] device gretap0 entered promiscuous mode [ 60.514326][ T1160] netlink: 5 bytes leftover after parsing attributes in process `syz.4.227'. [ 60.526618][ T1160] 0{X: renamed from gretap0 [ 60.535566][ T1160] device 30{X left promiscuous mode [ 60.541738][ T1160] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 60.562361][ T6] usb 1-1: USB disconnect, device number 4 [ 60.615188][ T606] usb 3-1: USB disconnect, device number 9 [ 60.645238][ T1164] loop4: detected capacity change from 0 to 128 [ 60.712948][ T1164] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.735772][ T1164] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 60.765128][ T30] audit: type=1400 audit(1773886825.376:480): avc: denied { append } for pid=1170 comm="syz.2.230" name="hwrng" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 60.837444][ T1176] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.845069][ T1176] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.867688][ T30] audit: type=1400 audit(1773886825.476:481): avc: denied { create } for pid=1177 comm="syz.4.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 60.907893][ T302] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 60.917190][ T302] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 60.925683][ T302] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz1 [ 60.941710][ T1186] loop1: detected capacity change from 0 to 256 [ 60.996220][ T1186] FAT-fs (loop1): Directory bread(block 64) failed [ 61.002871][ T1186] FAT-fs (loop1): Directory bread(block 65) failed [ 61.017745][ T1186] FAT-fs (loop1): Directory bread(block 66) failed [ 61.026517][ T1193] loop4: detected capacity change from 0 to 512 [ 61.032867][ T1186] FAT-fs (loop1): Directory bread(block 67) failed [ 61.042047][ T1186] FAT-fs (loop1): Directory bread(block 68) failed [ 61.048689][ T1186] FAT-fs (loop1): Directory bread(block 69) failed [ 61.055264][ T1186] FAT-fs (loop1): Directory bread(block 70) failed [ 61.061817][ T1186] FAT-fs (loop1): Directory bread(block 71) failed [ 61.077922][ T1186] FAT-fs (loop1): Directory bread(block 72) failed [ 61.086263][ T1186] FAT-fs (loop1): Directory bread(block 73) failed [ 61.110845][ T1186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 61.120382][ T30] audit: type=1400 audit(1773886825.726:482): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 61.178290][ T1193] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 61.225566][ T1193] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.281654][ T1215] loop3: detected capacity change from 0 to 128 [ 61.300800][ T1217] overlayfs: './file0' not a directory [ 61.323252][ T1215] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 61.329952][ T1220] loop0: detected capacity change from 0 to 1024 [ 61.342246][ T1215] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 61.364459][ T1220] EXT4-fs (loop0): Ignoring removed oldalloc option [ 61.371530][ T1220] EXT4-fs (loop0): Ignoring removed bh option [ 61.379108][ T1220] EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5 [ 61.379108][ T1220] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 61.379108][ T1220] [ 61.413253][ T1220] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80e8028, mo2=0002] [ 61.426452][ T1220] System zones: 1-12 [ 61.431116][ T1220] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,quota,bsddf,usrquota,dioread_lock,init_itable,oldalloc,debug,errors=remount-ro,max_dir_size_kb=0x0000000000000006,bh,nouser_xattr,. Quota mode: writeback. [ 61.466684][ T1234] fuse: Bad value for 'group_id' [ 61.483705][ T456] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 61.493361][ T1236] loop3: detected capacity change from 0 to 512 [ 61.509584][ T1234] loop4: detected capacity change from 0 to 512 [ 61.544551][ T1234] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 61.555692][ T1236] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 61.570875][ T1234] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 61.571218][ T1236] EXT4-fs (loop3): 1 truncate cleaned up [ 61.579197][ T1234] System zones: 1-12 [ 61.594479][ T1236] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier=0x0000000000000101,errors=remount-ro,. Quota mode: none. [ 61.610471][ T1234] EXT4-fs (loop4): 1 truncate cleaned up [ 61.618941][ T1234] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,init_itable=0x0000000000000003,max_dir_size_kb=0x0000000000000001,,errors=continue. Quota mode: none. [ 61.688092][ T1248] fuse: Bad value for 'group_id' [ 61.733598][ T456] usb 2-1: Using ep0 maxpacket: 32 [ 61.808022][ T1257] netlink: 4 bytes leftover after parsing attributes in process `syz.4.253'. [ 61.830968][ T1260] loop4: detected capacity change from 0 to 512 [ 61.853687][ T456] usb 2-1: config index 0 descriptor too short (expected 548, got 36) [ 61.865365][ T456] usb 2-1: config 127 has too many interfaces: 193, using maximum allowed: 32 [ 61.868525][ T1262] loop0: detected capacity change from 0 to 4096 [ 61.874701][ T456] usb 2-1: config 127 contains an unexpected descriptor of type 0x2, skipping [ 61.890249][ T456] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 61.895119][ T1262] EXT4-fs (loop0): Test dummy encryption mode enabled [ 61.901103][ T456] usb 2-1: config 127 has 0 interfaces, different from the descriptor's value: 193 [ 61.907687][ T1262] EXT4-fs (loop0): Ignoring removed oldalloc option [ 61.917889][ T1260] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 61.937022][ T1260] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.938956][ T1262] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 61.956105][ T1262] System zones: 0-5 [ 61.961018][ T1262] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,i_version,oldalloc,delalloc,barrier,,errors=continue. Quota mode: writeback. [ 62.052120][ T1267] loop4: detected capacity change from 0 to 512 [ 62.164882][ T1267] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 62.195202][ T1267] EXT4-fs (loop4): 1 truncate cleaned up [ 62.201126][ T1267] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,stripe=0x00000000000000dc,data_err=abort,noload,data_err=ignore,auto_da_alloc,,errors=continue. Quota mode: none. [ 62.219717][ T456] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 62.228906][ T456] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.238159][ T456] usb 2-1: Product: syz [ 62.243032][ T456] usb 2-1: Manufacturer: syz [ 62.247751][ T456] usb 2-1: SerialNumber: syz [ 62.260074][ T1267] device bridge0 entered promiscuous mode [ 62.300922][ T1273] loop4: detected capacity change from 0 to 128 [ 62.412408][ T1275] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 62.423242][ T1275] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 62.486275][ T1281] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.260: invalid indirect mapped block 4294967295 (level 0) [ 62.508268][ T1281] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.260: invalid indirect mapped block 4294967295 (level 1) [ 62.522859][ T1281] EXT4-fs (loop4): 1 orphan inode deleted [ 62.528883][ T1281] EXT4-fs (loop4): 1 truncate cleaned up [ 62.545781][ T1281] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,lazytime,block_validity,block_validity,nojournal_checksum,quota,jqfmt=vfsv0,,errors=continue. Quota mode: writeback. [ 62.684346][ T1290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.239'. [ 62.735502][ T1290] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 62.744023][ T1290] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal [ 62.824100][ T1292] device batadv_slave_0 entered promiscuous mode [ 62.831032][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 62.831045][ T30] audit: type=1400 audit(1773886827.436:493): avc: denied { setopt } for pid=1291 comm="syz.0.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.845185][ T1291] device batadv_slave_0 left promiscuous mode [ 62.891286][ T1299] device vlan3 entered promiscuous mode [ 62.897075][ T1299] device veth0_macvtap entered promiscuous mode [ 62.933632][ T454] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 63.173603][ T454] usb 5-1: Using ep0 maxpacket: 32 [ 63.293674][ T454] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 63.301982][ T454] usb 5-1: config 0 has no interface number 0 [ 63.308464][ T454] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 63.450736][ T30] audit: type=1400 audit(1773886828.056:494): avc: denied { remount } for pid=1308 comm="syz.0.269" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 63.451431][ T1309] netlink: 4 bytes leftover after parsing attributes in process `syz.0.269'. [ 63.483677][ T454] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 63.493742][ T454] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.505363][ T1312] mip6: mip6_destopt_init_state: state's mode is not 2: 0 [ 63.513145][ T454] usb 5-1: Product: syz [ 63.517643][ T30] audit: type=1400 audit(1773886828.116:495): avc: denied { bind } for pid=1302 comm="syz.3.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 63.538264][ T1309] netlink: 32 bytes leftover after parsing attributes in process `syz.0.269'. [ 63.538584][ T1314] SELinux: policydb magic number 0x6f726763 does not match expected magic number 0xf97cff8c [ 63.548048][ T454] usb 5-1: Manufacturer: syz [ 63.567805][ T30] audit: type=1400 audit(1773886828.146:496): avc: denied { load_policy } for pid=1308 comm="syz.0.269" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 63.588497][ T1314] SELinux: failed to load policy [ 63.591864][ T454] usb 5-1: SerialNumber: syz [ 63.604874][ T454] usb 5-1: config 0 descriptor?? [ 63.623664][ T1281] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 63.680634][ T1321] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 63.749268][ T1321] incfs: Can't find or create .index dir in ./file0 [ 63.765053][ T1321] incfs: mount failed -28 [ 63.774328][ T1321] netlink: 12 bytes leftover after parsing attributes in process `syz.0.272'. [ 63.797899][ T1321] incfs: Can't find or create .index dir in ./file0 [ 63.813920][ T1321] incfs: mount failed -28 [ 63.841004][ T1331] netlink: 164 bytes leftover after parsing attributes in process `syz.3.276'. [ 63.844131][ T1281] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 63.875669][ T1338] netlink: 12 bytes leftover after parsing attributes in process `syz.3.279'. [ 63.912491][ T30] audit: type=1400 audit(1773886828.516:497): avc: denied { nlmsg_read } for pid=1345 comm="syz.0.281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 63.934253][ T1338] EXT4-fs (loop3): Ignoring removed bh option [ 63.935374][ T30] audit: type=1400 audit(1773886828.546:498): avc: denied { map } for pid=1345 comm="syz.0.281" path="socket:[18979]" dev="sockfs" ino=18979 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 63.940470][ T1338] EXT4-fs (loop3): can't mount with both data=journal and delalloc [ 63.988242][ T30] audit: type=1400 audit(1773886828.596:499): avc: denied { ioctl } for pid=1345 comm="syz.0.281" path="/dev/usbmon2" dev="devtmpfs" ino=161 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 64.085389][ T1281] UDC core: couldn't find an available UDC or it's busy: -16 [ 64.093140][ T1281] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 64.113711][ T454] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 64.124214][ T454] asix: probe of 5-1:0.188 failed with error -61 [ 64.253673][ T26] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 64.265119][ T456] usb 2-1: USB disconnect, device number 11 [ 64.288789][ T1351] FAT-fs (loop1): Directory bread(block 64) failed [ 64.295667][ T1351] FAT-fs (loop1): Directory bread(block 65) failed [ 64.302424][ T1351] FAT-fs (loop1): Directory bread(block 66) failed [ 64.309138][ T1351] FAT-fs (loop1): Directory bread(block 67) failed [ 64.316235][ T1351] FAT-fs (loop1): Directory bread(block 68) failed [ 64.323145][ T1351] FAT-fs (loop1): Directory bread(block 69) failed [ 64.329814][ T1351] FAT-fs (loop1): Directory bread(block 70) failed [ 64.336842][ T1351] FAT-fs (loop1): Directory bread(block 71) failed [ 64.343437][ T1351] FAT-fs (loop1): Directory bread(block 72) failed [ 64.349980][ T1351] FAT-fs (loop1): Directory bread(block 73) failed [ 64.371834][ T1351] attempt to access beyond end of device [ 64.371834][ T1351] loop1: rw=0, want=1196, limit=256 [ 64.384710][ T1351] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 64.400822][ T1351] attempt to access beyond end of device [ 64.400822][ T1351] loop1: rw=0, want=1196, limit=256 [ 64.513612][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 64.633673][ T26] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.644963][ T26] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.654846][ T26] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 64.667970][ T26] usb 4-1: config 0 interface 0 has no altsetting 0 [ 64.674990][ T26] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 64.684312][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.696054][ T26] usb 4-1: config 0 descriptor?? [ 64.835805][ T30] audit: type=1400 audit(1773886829.446:500): avc: denied { create } for pid=1355 comm="syz.0.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 64.856192][ T1358] kernel profiling enabled (shift: 9) [ 65.015941][ T1338] EXT4-fs (loop3): Ignoring removed nobh option [ 65.025069][ T1338] EXT4-fs (loop3): unsupported descriptor size 0 [ 65.155266][ T1353] F2FS-fs (loop1): Found nat_bits in checkpoint [ 65.189506][ T1353] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 65.343964][ T26] hid (null): report_id 0 is invalid [ 65.350794][ T26] hid (null): report_id 0 is invalid [ 65.360226][ T26] hid (null): invalid report_count 30208 [ 65.367138][ T26] hid (null): report_id 0 is invalid [ 65.373461][ T26] hid (null): report_id 0 is invalid [ 65.380902][ T26] hid (null): report_id 0 is invalid [ 65.623030][ T456] usb 5-1: USB disconnect, device number 8 [ 65.714434][ T26] hid (null): report_id 0 is invalid [ 65.720433][ T26] hid (null): report_id 0 is invalid [ 65.726832][ T26] hid (null): report_id 0 is invalid [ 65.734019][ T26] hid (null): report_id 0 is invalid [ 65.739522][ T26] hid (null): report_id 8192 is invalid [ 65.746672][ T26] hid (null): report_id 0 is invalid [ 65.752591][ T26] hid (null): report_id 26624 is invalid [ 65.758555][ T26] hid (null): report_id 28416 is invalid [ 65.764533][ T26] hid (null): invalid report_count 49152 [ 65.770260][ T26] hid (null): invalid report_count 19968 [ 65.776246][ T26] hid (null): invalid report_count -709911595 [ 65.782353][ T26] hid (null): unknown global tag 0xc [ 65.787741][ T26] hid (null): unknown global tag 0xd [ 65.793253][ T26] hid (null): unknown global tag 0xe [ 65.808969][ T26] hid (null): unknown global tag 0xd [ 65.835660][ T1373] exfat: Unknown parameter '@' [ 65.878293][ T1371] netlink: 'syz.0.288': attribute type 7 has an invalid length. [ 65.893735][ T1371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.288'. [ 65.951186][ T30] audit: type=1400 audit(1773886830.556:501): avc: denied { unmount } for pid=1374 comm="syz.4.286" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 66.101664][ T1379] netlink: 164 bytes leftover after parsing attributes in process `syz.0.290'. [ 66.280373][ T30] audit: type=1400 audit(1773886830.886:502): avc: denied { mounton } for pid=1387 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 66.395592][ T1387] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.402820][ T1387] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.410637][ T1387] device bridge_slave_0 entered promiscuous mode [ 66.418025][ T1387] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.425767][ T1387] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.433430][ T1387] device bridge_slave_1 entered promiscuous mode [ 66.518697][ T1387] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.526012][ T1387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.533800][ T1387] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.541191][ T1387] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.580841][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.588854][ T306] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.596820][ T306] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.612465][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.656122][ T1393] set_capacity_and_notify: 9 callbacks suppressed [ 66.656138][ T1393] loop1: detected capacity change from 0 to 256 [ 66.664684][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.675896][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.683826][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.692048][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.699132][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.962573][ T45] device bridge_slave_1 left promiscuous mode [ 66.969497][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.977357][ T45] device bridge_slave_0 left promiscuous mode [ 66.986962][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.996293][ T45] device bridge0 left promiscuous mode [ 67.001963][ T45] device veth1_macvtap left promiscuous mode [ 67.010469][ T45] device veth0_vlan left promiscuous mode [ 67.040695][ T1393] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 67.109511][ T606] usb 4-1: USB disconnect, device number 8 [ 67.157981][ T1398] loop3: detected capacity change from 0 to 512 [ 67.181991][ T1393] incfs: Can't find or create .index dir in ./file0 [ 67.209597][ T1393] incfs: mount failed -28 [ 67.224745][ T1398] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.296: inode has both inline data and extents flags [ 67.239319][ T1398] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.296: couldn't read orphan inode 15 (err -117) [ 67.251781][ T1398] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.262802][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.273877][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.292312][ T1393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.287'. [ 67.302986][ T1398] 9pnet: Insufficient options for proto=fd [ 67.326356][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 67.336376][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.349917][ T1387] device veth0_vlan entered promiscuous mode [ 67.356874][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.365710][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.365778][ T1393] incfs: Can't find or create .index dir in ./file0 [ 67.374486][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.388080][ T1393] incfs: mount failed -28 [ 67.389653][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.453615][ T456] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 67.484950][ T1414] loop1: detected capacity change from 0 to 512 [ 67.584760][ T1414] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 67.603717][ T1414] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.873707][ T456] usb 1-1: unable to get BOS descriptor or descriptor too short [ 67.923650][ T456] usb 1-1: not running at top speed; connect to a high speed hub [ 68.003650][ T456] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 68.023617][ T456] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 68.193812][ T456] usb 1-1: New USB device found, idVendor=17cc, idProduct=1940, bcdDevice= 0.40 [ 68.213241][ T456] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.223325][ T456] usb 1-1: Product: syz [ 68.233431][ T456] usb 1-1: Manufacturer: syz [ 68.243579][ T456] usb 1-1: SerialNumber: syz [ 68.406279][ T1412] loop3: detected capacity change from 0 to 262144 [ 68.434889][ T1412] F2FS-fs (loop3): Found nat_bits in checkpoint [ 68.470486][ T1412] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 68.653354][ T1422] SELinux: security_context_str_to_sid(5] S9q#) failed for (dev ?, type ?) errno=-22 [ 68.665929][ T1422] SELinux: security_context_str_to_sid(5] S9q#) failed for (dev pstore, type pstore) errno=-22 [ 68.707802][ T1422] loop0: detected capacity change from 0 to 512 [ 70.194420][ T1433] loop3: detected capacity change from 0 to 131072 [ 70.210999][ T1433] F2FS-fs (loop3): Invalid log sectorsize (67108873) [ 70.226244][ T1433] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 70.237020][ T1433] F2FS-fs (loop3): invalid crc value [ 70.244246][ T1433] F2FS-fs (loop3): Found nat_bits in checkpoint [ 70.277725][ T1404] sched: RT throttling activated [ 70.283104][ T1433] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 70.287490][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.288130][ T1433] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 70.295768][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.321273][ T1387] device veth1_macvtap entered promiscuous mode [ 70.402061][ T30] audit: type=1400 audit(1773886835.006:503): avc: denied { mount } for pid=1387 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 70.428575][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.437112][ T30] audit: type=1400 audit(1773886835.026:504): avc: denied { mounton } for pid=1387 comm="syz-executor" path="/root/syzkaller.hDM0Fz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 70.495028][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.506141][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.516936][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.540228][ T1446] device bridge0 entered promiscuous mode [ 70.546838][ T1446] bridge0: port 3(macsec1) entered blocking state [ 70.553322][ T1446] bridge0: port 3(macsec1) entered disabled state [ 70.562465][ T1446] device bridge0 left promiscuous mode [ 70.593655][ T1443] netlink: 60 bytes leftover after parsing attributes in process `syz.2.305'. [ 70.609921][ T1443] netlink: 20 bytes leftover after parsing attributes in process `syz.2.305'. [ 70.652195][ T1455] loop3: detected capacity change from 0 to 512 [ 70.668726][ T1459] loop0: detected capacity change from 0 to 256 [ 70.672024][ T1457] netlink: 12 bytes leftover after parsing attributes in process `syz.2.310'. [ 70.696459][ T1459] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 70.714582][ T1455] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 70.727074][ T30] audit: type=1400 audit(1773886835.326:505): avc: denied { accept } for pid=1462 comm="syz.2.311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 70.733536][ T1455] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.773717][ T456] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 70.782543][ T456] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 70.789694][ T286] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 70.797574][ T6] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 70.807985][ T456] usb 1-1: USB disconnect, device number 5 [ 70.821198][ T1466] loop3: detected capacity change from 0 to 512 [ 70.828903][ T30] audit: type=1400 audit(1773886835.436:506): avc: denied { create } for pid=1458 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 70.900618][ T1466] loop3: detected capacity change from 0 to 1024 [ 70.926300][ T1466] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 70.936949][ T1466] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 70.942356][ T1471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 70.947074][ T1466] EXT4-fs error (device loop3): ext4_acquire_dquot:6225: comm syz.3.312: Failed to acquire dquot type 0 [ 70.962746][ T1471] ext4 filesystem being mounted at /80/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 70.969809][ T1466] EXT4-fs (loop3): 1 truncate cleaned up [ 70.985914][ T1466] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 70.993831][ T1322] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 71.053685][ T6] usb 6-1: Using ep0 maxpacket: 32 [ 71.065440][ T30] audit: type=1326 audit(1773886835.676:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1476 comm="syz.0.315" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9b2bb7799 code=0x0 [ 71.183676][ T286] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 71.194003][ T6] usb 6-1: config index 0 descriptor too short (expected 548, got 36) [ 71.202175][ T6] usb 6-1: config 127 has too many interfaces: 193, using maximum allowed: 32 [ 71.211942][ T286] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 71.221035][ T6] usb 6-1: config 127 contains an unexpected descriptor of type 0x2, skipping [ 71.230251][ T6] usb 6-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 71.240715][ T6] usb 6-1: config 127 has 0 interfaces, different from the descriptor's value: 193 [ 71.253842][ T1322] usb 3-1: Using ep0 maxpacket: 32 [ 71.261994][ T1478] F2FS-fs (loop0): Corrupted extension count (64 + 1 > 64) [ 71.269575][ T1478] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 71.278266][ T1478] F2FS-fs (loop0): Unrecognized mount option "filter" or missing value [ 71.373652][ T1322] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.385199][ T286] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 71.394551][ T1322] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.404830][ T6] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 71.414909][ T286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.423015][ T286] usb 2-1: Product: syz [ 71.427617][ T6] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.436076][ T6] usb 6-1: Product: syz [ 71.440471][ T286] usb 2-1: Manufacturer: syz [ 71.445392][ T6] usb 6-1: Manufacturer: syz [ 71.450278][ T6] usb 6-1: SerialNumber: syz [ 71.455228][ T286] usb 2-1: SerialNumber: syz [ 71.460505][ T286] usb 2-1: config 0 descriptor?? [ 71.465257][ T1478] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 71.553709][ T1322] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 71.563199][ T1322] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 71.571758][ T1322] usb 3-1: Product: syz [ 71.576251][ T1322] usb 3-1: Manufacturer: syz [ 71.614178][ T1322] hub 3-1:4.0: USB hub found [ 71.738789][ T1445] netlink: 'syz.1.306': attribute type 3 has an invalid length. [ 71.855847][ T1486] netlink: 8 bytes leftover after parsing attributes in process `syz.5.292'. [ 71.879228][ T1486] set_capacity_and_notify: 3 callbacks suppressed [ 71.879252][ T1486] loop5: detected capacity change from 0 to 512 [ 71.996770][ T1322] hub 3-1:4.0: 2 ports detected [ 72.001935][ T1486] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 72.010388][ T1486] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal [ 72.095046][ T1485] loop1: detected capacity change from 0 to 40427 [ 72.121317][ T1485] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 72.132122][ T1490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.318'. [ 72.144375][ T1485] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 72.152789][ T1485] F2FS-fs (loop1): Unrecognized mount option "resuid= " or missing value [ 72.162342][ T1490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.318'. [ 72.225954][ T1496] loop3: detected capacity change from 0 to 512 [ 72.256785][ T1496] EXT4-fs warning (device loop3): ext4_xattr_inode_get:506: inode #11: comm syz.3.321: EA inode hash validation failed [ 72.273742][ T1496] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 72.287082][ T1496] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.321: iget: bad extra_isize 90 (inode size 256) [ 72.302814][ T1496] EXT4-fs (loop3): Remounting filesystem read-only [ 72.309199][ T1499] loop0: detected capacity change from 0 to 512 [ 72.309464][ T1496] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.321: error while reading EA inode 11 err=-117 [ 72.334269][ T1496] EXT4-fs (loop3): Remounting filesystem read-only [ 72.344223][ T1499] EXT4-fs (loop0): Unrecognized mount option "mask=^MAY_EXEC" or missing value [ 72.347876][ T1496] EXT4-fs (loop3): 1 orphan inode deleted [ 72.363132][ T1496] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,max_batch_time=0x0000000000000000,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none. [ 72.429701][ T1499] process 'syz.0.322' launched './file1' with NULL argv: empty string added [ 72.432150][ T1501] loop3: detected capacity change from 0 to 512 [ 72.445558][ T30] audit: type=1400 audit(1773886837.056:508): avc: denied { execute } for pid=1498 comm="syz.0.322" name="file1" dev="tmpfs" ino=501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 72.468830][ T30] audit: type=1400 audit(1773886837.056:509): avc: denied { execute_no_trans } for pid=1498 comm="syz.0.322" path="/85/file1" dev="tmpfs" ino=501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 72.486833][ T1506] loop0: detected capacity change from 0 to 512 [ 72.539584][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 72.551090][ T1506] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 72.576533][ T1506] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.325: bg 0: block 217: padding at end of block bitmap is not set [ 72.709795][ T1522] netlink: 'syz.0.331': attribute type 27 has an invalid length. [ 72.783137][ T1522] device vlan3 left promiscuous mode [ 72.790786][ T1522] device veth0_macvtap left promiscuous mode [ 72.852128][ T1537] loop0: detected capacity change from 0 to 512 [ 72.894936][ T1537] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 72.907678][ T1537] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.924573][ T30] audit: type=1400 audit(1773886837.536:510): avc: denied { append } for pid=1536 comm="syz.0.332" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 72.947581][ T406] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 73.173654][ T1322] hub 3-1:4.0: hub_hub_status failed (err = -32) [ 73.180260][ T1322] hub 3-1:4.0: config failed, can't get hub status (err -32) [ 73.203616][ T406] usb 4-1: Using ep0 maxpacket: 32 [ 73.214353][ T1322] usb 3-1: USB disconnect, device number 10 [ 73.283680][ T1529] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 73.343624][ T406] usb 4-1: config index 0 descriptor too short (expected 548, got 36) [ 73.352587][ T406] usb 4-1: config 127 has too many interfaces: 193, using maximum allowed: 32 [ 73.366840][ T406] usb 4-1: config 127 contains an unexpected descriptor of type 0x2, skipping [ 73.376571][ T406] usb 4-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 73.387346][ T406] usb 4-1: config 127 has 0 interfaces, different from the descriptor's value: 193 [ 73.541250][ T1577] netlink: 84 bytes leftover after parsing attributes in process `syz.1.349'. [ 73.553951][ T406] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 73.572524][ T1529] usb 1-1: device descriptor read/64, error -71 [ 73.579264][ T286] usb 2-1: USB disconnect, device number 12 [ 73.588597][ T6] usb 6-1: USB disconnect, device number 2 [ 73.593941][ T406] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.634649][ T406] usb 4-1: Product: syz [ 73.646890][ T1588] loop1: detected capacity change from 0 to 512 [ 73.657310][ T1580] device syzkaller0 entered promiscuous mode [ 73.663498][ T406] usb 4-1: Manufacturer: syz [ 73.668731][ T406] usb 4-1: SerialNumber: syz [ 73.685580][ T1588] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 73.709998][ T1588] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.801315][ T1593] netlink: 4 bytes leftover after parsing attributes in process `syz.5.356'. [ 73.869467][ T1597] loop5: detected capacity change from 0 to 512 [ 73.893431][ T1597] EXT4-fs (loop5): 1 truncate cleaned up [ 73.899504][ T1597] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,delalloc,noload,errors=remount-ro,usrjquota=,. Quota mode: none. [ 74.013613][ T1529] usb 1-1: device descriptor read/64, error -71 [ 74.400448][ T1627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.330'. [ 74.457695][ T1627] loop3: detected capacity change from 0 to 512 [ 74.475809][ T1627] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 74.495405][ T1627] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 74.553664][ T1529] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 74.823601][ T1529] usb 1-1: device descriptor read/64, error -71 [ 75.146370][ T1651] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.164742][ T1651] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000004,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none. [ 75.213638][ T1529] usb 1-1: device descriptor read/64, error -71 [ 75.305505][ T1655] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,nojournal_checksum,,errors=continue. Quota mode: none. [ 75.333698][ T1529] usb usb1-port1: attempt power cycle [ 75.375658][ T1663] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 75.386611][ T1663] ext4 filesystem being mounted at /68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 75.487522][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 75.487561][ T30] audit: type=1400 audit(1773886840.096:522): avc: denied { setattr } for pid=1662 comm="syz.1.383" path="/68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 75.543909][ T30] audit: type=1400 audit(1773886840.096:523): avc: denied { ioctl } for pid=1662 comm="syz.1.383" path="/68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop1" ino=12 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 75.636228][ T1668] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 75.651048][ T1668] FAT-fs (loop5): Filesystem has been set read-only [ 75.665476][ T1668] attempt to access beyond end of device [ 75.665476][ T1668] loop5: rw=524288, want=2073, limit=128 [ 75.679271][ T1668] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 75.687599][ T1668] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 75.701831][ T1670] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 75.733718][ T1670] attempt to access beyond end of device [ 75.733718][ T1670] loop5: rw=524288, want=2073, limit=128 [ 75.753682][ T1529] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 75.808922][ T406] usb 4-1: USB disconnect, device number 9 [ 75.845001][ T1670] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 75.862219][ T1670] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 75.883624][ T1529] usb 1-1: device descriptor read/8, error -71 [ 75.944231][ T1682] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 76.028634][ T1670] attempt to access beyond end of device [ 76.028634][ T1670] loop5: rw=0, want=2073, limit=128 [ 76.158475][ T1668] attempt to access beyond end of device [ 76.158475][ T1668] loop5: rw=0, want=2073, limit=128 [ 76.169646][ T1668] attempt to access beyond end of device [ 76.169646][ T1668] loop5: rw=0, want=2073, limit=128 [ 76.180751][ T1670] attempt to access beyond end of device [ 76.180751][ T1670] loop5: rw=0, want=2073, limit=128 [ 76.191637][ T1668] attempt to access beyond end of device [ 76.191637][ T1668] loop5: rw=0, want=2073, limit=128 [ 76.213988][ T1668] attempt to access beyond end of device [ 76.213988][ T1668] loop5: rw=0, want=2073, limit=128 [ 76.228910][ T1668] attempt to access beyond end of device [ 76.228910][ T1668] loop5: rw=0, want=2073, limit=128 [ 76.241444][ T1668] attempt to access beyond end of device [ 76.241444][ T1668] loop5: rw=0, want=2073, limit=128 [ 76.303613][ T1529] usb 1-1: device descriptor read/8, error -71 [ 76.322359][ T1692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.394'. [ 76.364799][ T1689] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 76.391637][ T30] audit: type=1400 audit(1773886840.996:524): avc: denied { read } for pid=1688 comm="syz.1.391" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 76.414411][ T30] audit: type=1400 audit(1773886840.996:525): avc: denied { map } for pid=1688 comm="syz.1.391" path=2F36392F66696C65312F02 dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 76.454878][ T1697] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 76.460431][ T30] audit: type=1400 audit(1773886841.066:526): avc: denied { mount } for pid=1699 comm="syz.5.397" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1 [ 76.485607][ T1697] EXT4-fs error (device loop0): ext4_empty_dir:3166: inode #11: block 623: comm syz.0.396: Attempting to read directory block (623) that is past i_size (638464) [ 76.618645][ T1706] EXT4-fs (loop5): Ignoring removed orlov option [ 76.637581][ T1706] EXT4-fs (loop5): Ignoring removed nobh option [ 76.682101][ T1714] SELinux: Context is not valid (left unmapped). [ 76.689985][ T1714] SELinux: Context netdevsim025 is not valid (left unmapped). [ 76.698938][ T1706] EXT4-fs (loop5): mounted filesystem without journal. Opts: data_err=ignore,errors=remount-ro,sysvgroups,nolazytime,nodioread_nolock,orlov,nogrpid,noauto_da_alloc,nobh,. Quota mode: none. [ 76.949637][ T1730] set_capacity_and_notify: 8 callbacks suppressed [ 76.949655][ T1730] loop3: detected capacity change from 0 to 512 [ 77.018214][ T1729] loop0: detected capacity change from 0 to 4096 [ 77.060658][ T1729] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 77.083226][ T1730] EXT4-fs (loop3): 1 truncate cleaned up [ 77.091028][ T1730] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 77.138797][ T1729] EXT4-fs error (device loop0): ext4_do_update_inode:5253: inode #15: comm syz.0.409: corrupted inode contents [ 77.196254][ T1729] EXT4-fs error (device loop0): ext4_dirty_inode:6089: inode #15: comm syz.0.409: mark_inode_dirty error [ 77.221084][ T1729] EXT4-fs error (device loop0): ext4_do_update_inode:5253: inode #15: comm syz.0.409: corrupted inode contents [ 77.279071][ T1729] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #15: comm syz.0.409: mark_inode_dirty error [ 77.321090][ T1729] EXT4-fs error (device loop0): ext4_do_update_inode:5253: inode #15: comm syz.0.409: corrupted inode contents [ 77.364912][ T1729] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #15: comm syz.0.409: mark_inode_dirty error [ 77.378170][ T1745] netlink: 20 bytes leftover after parsing attributes in process `syz.1.418'. [ 77.379621][ T1729] EXT4-fs error (device loop0): ext4_do_update_inode:5253: inode #15: comm syz.0.409: corrupted inode contents [ 77.402840][ T1729] EXT4-fs error (device loop0): ext4_truncate:4310: inode #15: comm syz.0.409: mark_inode_dirty error [ 77.429616][ T1752] loop3: detected capacity change from 0 to 128 [ 77.430383][ T1729] EXT4-fs error (device loop0) in ext4_setattr:5657: Corrupt filesystem [ 77.448914][ T1754] loop1: detected capacity change from 0 to 1024 [ 77.453271][ T1737] EXT4-fs error (device loop0): ext4_get_first_dir_block:3617: inode #12: block 80: comm syz.0.409: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 77.590154][ T1754] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 77.612938][ T1771] loop0: detected capacity change from 0 to 1024 [ 77.626636][ T1754] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3885: comm syz.1.420: Allocating blocks 497-513 which overlap fs metadata [ 77.656049][ T1774] netlink: 12 bytes leftover after parsing attributes in process `syz.5.428'. [ 77.670569][ T1754] EXT4-fs (loop1): pa ffff88813d2915e8: logic 48, phys. 193, len 20 [ 77.678803][ T1754] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1 [ 77.729937][ T1771] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 77.785984][ T1780] loop5: detected capacity change from 0 to 1024 [ 77.826981][ T1771] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3885: comm syz.0.424: Allocating blocks 497-513 which overlap fs metadata [ 77.859420][ T1782] SELinux: failed to load policy [ 77.881256][ T1784] EXT4-fs (loop0): pa ffff88813d355738: logic 48, phys. 177, len 21 [ 77.889632][ T1784] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1 [ 77.914440][ T1780] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 77.949659][ T30] audit: type=1400 audit(1773886842.556:527): avc: denied { execute } for pid=1779 comm="syz.5.430" path="/22/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 78.053404][ T1790] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3885: comm syz.5.430: Allocating blocks 497-513 which overlap fs metadata [ 78.099633][ T30] audit: type=1400 audit(1773886842.706:528): avc: denied { write } for pid=1795 comm="syz.0.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 78.183389][ T1790] EXT4-fs (loop5): pa ffff88813d3557e0: logic 64, phys. 193, len 20 [ 78.189735][ T1804] xt_hashlimit: size too large, truncated to 1048576 [ 78.192239][ T1790] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1 [ 78.224508][ T1806] loop1: detected capacity change from 0 to 256 [ 78.230912][ T30] audit: type=1400 audit(1773886842.836:529): avc: denied { name_bind } for pid=1803 comm="syz.0.440" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 78.232679][ T1790] syz.5.430 (1790) used greatest stack depth: 20032 bytes left [ 78.462720][ T1827] loop5: detected capacity change from 0 to 1024 [ 78.499365][ T1827] EXT4-fs (loop5): Ignoring removed orlov option [ 78.520742][ T1827] EXT4-fs (loop5): Ignoring removed nobh option [ 78.549644][ T30] audit: type=1400 audit(1773886843.156:530): avc: denied { bind } for pid=1837 comm="syz.3.457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 78.594521][ T1827] EXT4-fs (loop5): mounted filesystem without journal. Opts: data_err=ignore,errors=remount-ro,sysvgroups,nolazytime,nodioread_nolock,orlov,nogrpid,noauto_da_alloc,nobh,. Quota mode: none. [ 78.627762][ T1849] loop1: detected capacity change from 0 to 1024 [ 78.690484][ T1849] EXT4-fs (loop1): Ignoring removed bh option [ 78.722162][ T30] audit: type=1400 audit(1773886843.326:531): avc: denied { write } for pid=1859 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 78.743363][ T1849] EXT4-fs (loop1): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000009,commit=0x0000000000000000,usrquota,bh,,errors=continue. Quota mode: writeback. [ 78.789868][ T1849] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.857717][ T1885] netlink: 'syz.0.477': attribute type 32 has an invalid length. [ 78.878039][ T1889] EXT4-fs error (device loop1): ext4_map_blocks:740: inode #15: comm syz.1.461: lblock 0 mapped to illegal pblock 0 (length 6) [ 78.930821][ T1889] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 78.966122][ T1907] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.971273][ T1889] EXT4-fs (loop1): This should not happen!! Data will be lost [ 78.971273][ T1889] [ 78.978337][ T1905] loop0: detected capacity change from 0 to 256 [ 78.994124][ T1907] device bridge_slave_1 left promiscuous mode [ 79.006883][ T1907] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.069906][ T6] kernel write not supported for file /vcs (pid: 6 comm: kworker/0:0) [ 79.134975][ T1920] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 79.161959][ T1920] EXT4-fs (loop5): orphan cleanup on readonly fs [ 79.171179][ T1920] EXT4-fs error (device loop5): ext4_orphan_get:1400: comm syz.5.493: inode #15: comm syz.5.493: iget: illegal inode # [ 79.194377][ T1920] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.493: couldn't read orphan inode 15 (err -117) [ 79.239505][ T1920] EXT4-fs (loop5): mounted filesystem without journal. Opts: inlinecrypt,stripe=0x00000000000000a7,,errors=continue. Quota mode: none. [ 79.333185][ T1939] EXT4-fs (loop5): Ignoring removed nobh option [ 79.368941][ T1939] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,nobh,,errors=continue. Quota mode: writeback. [ 79.387187][ T1939] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.478354][ T10] EXT4-fs error (device loop1): ext4_map_blocks:740: inode #15: block 8: comm kworker/u4:1: lblock 8 mapped to illegal pblock 8 (length 8) [ 79.478579][ T1954] xt_hashlimit: size too large, truncated to 1048576 [ 79.512759][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 79.535579][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 79.535579][ T10] [ 79.552822][ T1957] EXT4-fs (loop5): 1 truncate cleaned up [ 79.562947][ T1957] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,delalloc,noload,errors=remount-ro,usrjquota=,. Quota mode: none. [ 79.574339][ T10] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm kworker/u4:1: bg 0: block 112: padding at end of block bitmap is not set [ 79.620150][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2060 with max blocks 2048 with error 28 [ 79.648373][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 79.648373][ T10] [ 79.682841][ T10] EXT4-fs (loop1): Total free blocks count 0 [ 79.711312][ T10] EXT4-fs (loop1): Free/Dirty block details [ 79.731046][ T10] EXT4-fs (loop1): free_blocks=0 [ 79.741945][ T10] EXT4-fs (loop1): dirty_blocks=19120 [ 79.888876][ T1989] IPv6: NLM_F_CREATE should be specified when creating new route [ 80.124734][ T2009] EXT4-fs (loop5): 1 truncate cleaned up [ 80.133351][ T2009] EXT4-fs (loop5): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,delalloc,noload,errors=remount-ro,usrjquota=,. Quota mode: none. [ 80.660481][ T2028] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,quota,nojournal_checksum,grpjquota=,lazytime,block_validity,bsddf,,errors=continue. Quota mode: writeback. [ 80.662927][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 80.662941][ T30] audit: type=1400 audit(1773886845.266:541): avc: denied { write } for pid=2037 comm="syz.2.534" name="vlan0" dev="proc" ino=4026532898 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 80.707494][ T2028] ext4 filesystem being mounted at /88/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.863188][ T2050] netlink: 12 bytes leftover after parsing attributes in process `syz.5.539'. [ 80.886769][ T2050] netlink: 12 bytes leftover after parsing attributes in process `syz.5.539'. [ 80.911614][ T2050] ================================================================== [ 80.919838][ T2050] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 80.928006][ T2050] Read of size 8 at addr ffff888110c452c0 by task syz.5.539/2050 [ 80.935981][ T2050] [ 80.938318][ T2050] CPU: 1 PID: 2050 Comm: syz.5.539 Not tainted syzkaller #0 [ 80.945982][ T2050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 80.953710][ T30] audit: type=1400 audit(1773886845.516:542): avc: denied { mount } for pid=2059 comm="syz.1.544" name="/" dev="ramfs" ino=22308 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 80.956450][ T2050] Call Trace: [ 80.956462][ T2050] [ 80.956470][ T2050] __dump_stack+0x21/0x30 [ 80.991732][ T2050] dump_stack_lvl+0x110/0x170 [ 80.996828][ T2050] ? show_regs_print_info+0x20/0x20 [ 81.002178][ T2050] ? load_image+0x3e0/0x3e0 [ 81.006875][ T2050] print_address_description+0x7f/0x2c0 [ 81.012607][ T2050] ? tc_setup_flow_action+0x870/0x3240 [ 81.018474][ T2050] kasan_report+0xf1/0x140 [ 81.023274][ T2050] ? tc_setup_flow_action+0x870/0x3240 [ 81.028876][ T2050] __asan_report_load8_noabort+0x14/0x20 [ 81.034613][ T2050] tc_setup_flow_action+0x870/0x3240 [ 81.039910][ T2050] mall_replace_hw_filter+0x2cc/0x8b0 [ 81.045557][ T2050] ? pcpu_block_update_hint_alloc+0x8c4/0xc50 [ 81.051745][ T2050] ? mall_set_parms+0x520/0x520 [ 81.056734][ T2050] ? tcf_exts_destroy+0xb0/0xb0 [ 81.061659][ T2050] ? pcpu_alloc+0x1170/0x16e0 [ 81.066402][ T2050] ? mall_set_parms+0x1e8/0x520 [ 81.071452][ T2050] mall_change+0x544/0x760 [ 81.075950][ T2050] ? __kasan_check_write+0x14/0x20 [ 81.081051][ T2050] ? mall_get+0xa0/0xa0 [ 81.085289][ T2050] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 81.091473][ T2050] tc_new_tfilter+0x12e5/0x18e0 [ 81.096321][ T2050] ? tcf_gate_entry_destructor+0x20/0x20 [ 81.102125][ T2050] ? security_capable+0x87/0xb0 [ 81.106961][ T2050] ? ns_capable+0x8c/0xf0 [ 81.111389][ T2050] ? netlink_net_capable+0x125/0x160 [ 81.116681][ T2050] ? tcf_gate_entry_destructor+0x20/0x20 [ 81.122401][ T2050] rtnetlink_rcv_msg+0x871/0xce0 [ 81.127422][ T2050] ? rtnetlink_bind+0x80/0x80 [ 81.132097][ T2050] ? avc_has_perm_noaudit+0x391/0x490 [ 81.137595][ T2050] ? memcpy+0x56/0x70 [ 81.141566][ T2050] ? avc_has_perm_noaudit+0x30b/0x490 [ 81.146927][ T2050] ? arch_stack_walk+0xee/0x140 [ 81.151774][ T2050] ? avc_denied+0x1b0/0x1b0 [ 81.156440][ T2050] ? stack_trace_save+0xa6/0xf0 [ 81.161402][ T2050] ? avc_has_perm+0x163/0x250 [ 81.166224][ T2050] ? avc_has_perm_noaudit+0x490/0x490 [ 81.171589][ T2050] ? x64_sys_call+0x4b/0x9a0 [ 81.176168][ T2050] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 81.181528][ T2050] netlink_rcv_skb+0x1f5/0x440 [ 81.186680][ T2050] ? rtnetlink_bind+0x80/0x80 [ 81.191642][ T2050] ? netlink_ack+0xb50/0xb50 [ 81.196236][ T2050] ? __netlink_lookup+0x387/0x3b0 [ 81.201294][ T2050] rtnetlink_rcv+0x1c/0x20 [ 81.205753][ T2050] netlink_unicast+0x876/0xa40 [ 81.210532][ T2050] netlink_sendmsg+0x879/0xb80 [ 81.215471][ T2050] ? netlink_getsockopt+0x530/0x530 [ 81.220664][ T2050] ? do_futex+0xde8/0x2800 [ 81.225078][ T2050] ? security_socket_sendmsg+0x82/0xa0 [ 81.230548][ T2050] ? netlink_getsockopt+0x530/0x530 [ 81.235767][ T2050] ____sys_sendmsg+0x5b7/0x8f0 [ 81.240633][ T2050] ? __sys_sendmsg_sock+0x40/0x40 [ 81.245896][ T2050] ? import_iovec+0x7c/0xb0 [ 81.250669][ T2050] ___sys_sendmsg+0x236/0x2e0 [ 81.255646][ T2050] ? __sys_sendmsg+0x280/0x280 [ 81.260549][ T2050] ? sock_show_fdinfo+0xa0/0xa0 [ 81.265407][ T2050] ? __fdget+0x1a1/0x230 [ 81.269645][ T2050] __x64_sys_sendmsg+0x206/0x2f0 [ 81.275977][ T2050] ? ___sys_sendmsg+0x2e0/0x2e0 [ 81.280914][ T2050] ? __kasan_check_write+0x14/0x20 [ 81.286107][ T2050] ? switch_fpu_return+0x15d/0x2c0 [ 81.291213][ T2050] x64_sys_call+0x4b/0x9a0 [ 81.295758][ T2050] do_syscall_64+0x4c/0xa0 [ 81.300434][ T2050] ? clear_bhb_loop+0x50/0xa0 [ 81.305103][ T2050] ? clear_bhb_loop+0x50/0xa0 [ 81.309772][ T2050] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.315904][ T2050] RIP: 0033:0x7f39f9b9b799 [ 81.320498][ T2050] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 81.340979][ T2050] RSP: 002b:00007f39f85f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.349493][ T2050] RAX: ffffffffffffffda RBX: 00007f39f9e14fa0 RCX: 00007f39f9b9b799 [ 81.357929][ T2050] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 81.366632][ T2050] RBP: 00007f39f9c31c99 R08: 0000000000000000 R09: 0000000000000000 [ 81.374594][ T2050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.382816][ T2050] R13: 00007f39f9e15038 R14: 00007f39f9e14fa0 R15: 00007ffe399992f8 [ 81.390883][ T2050] [ 81.394088][ T2050] [ 81.396490][ T2050] Allocated by task 2050: [ 81.400978][ T2050] __kasan_kmalloc+0xda/0x110 [ 81.406051][ T2050] __kmalloc+0x13d/0x2c0 [ 81.410633][ T2050] tcf_idr_create+0x5f/0x790 [ 81.415469][ T2050] tcf_idr_create_from_flags+0x61/0x70 [ 81.421757][ T2050] tcf_gact_init+0x342/0x570 [ 81.426456][ T2050] tcf_action_init_1+0x3ff/0x6b0 [ 81.431419][ T2050] tcf_action_init+0x233/0x7a0 [ 81.436216][ T2050] tcf_exts_validate+0x24a/0x580 [ 81.441267][ T2050] mall_set_parms+0x48/0x520 [ 81.445855][ T2050] mall_change+0x478/0x760 [ 81.450278][ T2050] tc_new_tfilter+0x12e5/0x18e0 [ 81.455315][ T2050] rtnetlink_rcv_msg+0x871/0xce0 [ 81.461199][ T2050] netlink_rcv_skb+0x1f5/0x440 [ 81.465953][ T2050] rtnetlink_rcv+0x1c/0x20 [ 81.470660][ T2050] netlink_unicast+0x876/0xa40 [ 81.475519][ T2050] netlink_sendmsg+0x879/0xb80 [ 81.480576][ T2050] ____sys_sendmsg+0x5b7/0x8f0 [ 81.485450][ T2050] ___sys_sendmsg+0x236/0x2e0 [ 81.490118][ T2050] __x64_sys_sendmsg+0x206/0x2f0 [ 81.495521][ T2050] x64_sys_call+0x4b/0x9a0 [ 81.499977][ T2050] do_syscall_64+0x4c/0xa0 [ 81.504617][ T2050] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.510514][ T2050] [ 81.513171][ T2050] The buggy address belongs to the object at ffff888110c45200 [ 81.513171][ T2050] which belongs to the cache kmalloc-192 of size 192 [ 81.527854][ T2050] The buggy address is located 0 bytes to the right of [ 81.527854][ T2050] 192-byte region [ffff888110c45200, ffff888110c452c0) [ 81.541637][ T2050] The buggy address belongs to the page: [ 81.547262][ T2050] page:ffffea0004431140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110c45 [ 81.557830][ T2050] flags: 0x4000000000000200(slab|zone=1) [ 81.563730][ T2050] raw: 4000000000000200 ffffea0004613240 0000000300000003 ffff888100042c00 [ 81.572907][ T2050] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 81.581467][ T2050] page dumped because: kasan: bad access detected [ 81.587865][ T2050] page_owner tracks the page as allocated [ 81.593609][ T2050] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 1247, ts 61713527598, free_ts 61703324843 [ 81.609834][ T2050] post_alloc_hook+0x192/0x1b0 [ 81.614711][ T2050] prep_new_page+0x1c/0x110 [ 81.619232][ T2050] get_page_from_freelist+0x2d3a/0x2dc0 [ 81.624855][ T2050] __alloc_pages+0x1a2/0x460 [ 81.629864][ T2050] new_slab+0xa1/0x4d0 [ 81.633920][ T2050] ___slab_alloc+0x381/0x810 [ 81.638494][ T2050] __slab_alloc+0x49/0x90 [ 81.642896][ T2050] kmem_cache_alloc_trace+0x146/0x270 [ 81.648530][ T2050] push_stack+0x91/0x4f0 [ 81.652872][ T2050] do_check+0xc401/0xea90 [ 81.657503][ T2050] do_check_common+0xff5/0x19b0 [ 81.662348][ T2050] bpf_check+0x33f4/0xf370 [ 81.666750][ T2050] bpf_prog_load+0x10c4/0x1640 [ 81.671495][ T2050] __sys_bpf+0x51d/0x7d0 [ 81.675750][ T2050] __x64_sys_bpf+0x7c/0x90 [ 81.680513][ T2050] x64_sys_call+0x4b9/0x9a0 [ 81.685032][ T2050] page last free stack trace: [ 81.690120][ T2050] free_unref_page_prepare+0x542/0x550 [ 81.695580][ T2050] free_unref_page+0xae/0x540 [ 81.700466][ T2050] __free_pages+0x6c/0x100 [ 81.704865][ T2050] __vunmap+0x86d/0xa00 [ 81.709207][ T2050] vfree+0x8b/0xc0 [ 81.713016][ T2050] kcov_mmap+0x8f/0x130 [ 81.717723][ T2050] mmap_file+0x60/0xb0 [ 81.721785][ T2050] mmap_region+0x1046/0x1710 [ 81.726387][ T2050] do_mmap+0x812/0xf10 [ 81.730673][ T2050] vm_mmap_pgoff+0x1ec/0x430 [ 81.735344][ T2050] ksys_mmap_pgoff+0x161/0x1d0 [ 81.740188][ T2050] __x64_sys_mmap+0xfa/0x110 [ 81.745125][ T2050] x64_sys_call+0x83/0x9a0 [ 81.749532][ T2050] do_syscall_64+0x4c/0xa0 [ 81.753942][ T2050] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.760134][ T2050] [ 81.762532][ T2050] Memory state around the buggy address: [ 81.768156][ T2050] ffff888110c45180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 81.776196][ T2050] ffff888110c45200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.784516][ T2050] >ffff888110c45280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 81.792566][ T2050] ^ [ 81.798735][ T2050] ffff888110c45300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.807083][ T2050] ffff888110c45380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 81.815133][ T2050] ================================================================== [ 81.823174][ T2050] Disabling lock debugging due to kernel taint [ 81.849695][ T30] audit: type=1400 audit(1773886846.456:543): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 81.871929][ T30] audit: type=1400 audit(1773886846.456:544): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.893956][ T30] audit: type=1400 audit(1773886846.456:545): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.916475][ T30] audit: type=1400 audit(1773886846.456:546): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.937452][ T30] audit: type=1400 audit(1773886846.456:547): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.958550][ T30] audit: type=1400 audit(1773886846.456:548): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.982303][ T30] audit: type=1400 audit(1773886846.456:549): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1