last executing test programs: 15.212982561s ago: executing program 0 (id=739): sendmsg(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r1 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400000101292000090509"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) 13.811695481s ago: executing program 2 (id=743): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x18) unlinkat(0xffffffffffffffff, 0x0, 0x0) 13.811496501s ago: executing program 2 (id=744): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}, 0x8022}], 0x1, 0x40000121, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @loopback, 0x4}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000080)=0x2, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x80, 0x0, 0x0) 11.734123616s ago: executing program 2 (id=745): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x4d, 0x0, 0x0) close_range(r0, r0, 0x2) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000380)={0x3, 0x80, 0x40, 0x0}) 11.338093329s ago: executing program 2 (id=752): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 11.17464797s ago: executing program 3 (id=758): gettid() sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, 0x0, 0x809d) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map, 0xffffffffffffffff, 0x7}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$RTC_PIE_ON(r0, 0x7005) 10.479213455s ago: executing program 0 (id=760): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eeb1948bf42bc7fc2cb274849c9524154fa24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a8684853abf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000400000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f500000010000000000944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a808000000000000000562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844892f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b57"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='mm_page_alloc\x00', r0}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 10.393677235s ago: executing program 0 (id=761): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000340)) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x18, 0x30, 0x12f, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10) r6 = socket$packet(0x11, 0x3, 0x300) futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000140), 0xc5000001) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000001c00)={0x1, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}]}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r7}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x8a, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}]}, 0x4, 0x44d, &(0x7f0000000900)="$eJzs3MtvG0UYAPDPdpw0fZBQyqOhhUBBRDySJn3QA5cikDiAhASHIk4hSatQt0FNkGgVQeAQjqgSd8QRib+AC+WCgBMSV7gjpAjl0sLJaO3d1E3sJE6cuNS/n7TJjGesmW93xx7Peh1AxxpM/uQi9kfE7xHRV83eWWGw+u/W8vzEP8vzE7kol9/6O1epd3N5fiKrmj1vXzVTLq/T7uK7EeOl0tSVND8yd+mDkdmr116YvjR+YerC1OWxM2dOnjjafXrsVEviTOK6OfDxzJHDr71z/Y2Jc9ff+/nbpL/70/LaOFplsLp363q61Y212YGadK6rjR2hKYWISA5XsTL++6IQvStlffHqZ23tHLCjyuV8uadx8UIZuIclE3WgE2Vv9Mnn32zbpanHXWHpbKysY9xKt2pJV+TTOsX0M9JOGIyIcwv/fpVssUPrEAAAtW6cjYjn683/8vFQTb370mso/RFxf0QcjIgHIuJQRDwYUan7cEQ80mT7q6+QrJ3/lPu2FNgmJfO/l9JrW3fO/7LZX/QX0tyBSvzF3Pnp0tTxdJ8MRbEnyY+u08YPr/z2RaOy2vlfsiXtZ3PBtB9/da1aoJscnxvfTsy1lj6NGOiqF39uZc6bzI8PR8TAFtuYfvabI43K+jeMfx0tmJSXv454pnr8F2JV/Jlcw+uToy+eHjs1sidKU8dHsrNirV9+XXyzUfsbH/+dtXSjHHvrnv8r8ffn9kTMXr12sXK9drb5Nhb/+LzhZ5qtnv/dubcr6e70sY/G5+aujEZ0515f+/jY7edm+ax+cv4PHas//g/G7T3xaEQkJ/HRiHgsIh5P+/5ERDwZEcfWif+nl596v/n411mVb6Ek/smNjn/UHv/mE4WLP37XfPyZ5PifrKSG0kc28/q32Q5uZ98BAADA/0W+8h34XH54JZ3PDw9Xv8N/KPbmSzOzc8+dn/nw8mT1u/L9UcxnK119Neuho+laXpYfW5U/ka4bf1noreSHJ2ZKk+0OHjrcvgbjP/Fnod29A3ac+7Wgcxn/0LmMf+hcxj90LuMfOle98f9JG/oB7L4N3v97d6sfwO4z/4fOZfxD5zL+oSM1vDc+v61b/iXalPi+e3u/1bD5ROTvkpDvmUQx6hZ1bfrHLLaY6Klb1O5XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4LwAA//+KpOMG") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_open_dev$usbfs(0x0, 0xf, 0xc340) 10.254206586s ago: executing program 4 (id=767): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000"], 0x48) setregid(0xffffffffffffffff, 0x0) read$FUSE(r3, &(0x7f0000001680)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) setgroups(0x2, &(0x7f0000000000)=[0x0, 0x0]) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000001c0)={0x1, 0x1, 0x10000000000000a, 0x10000}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00032dbd7000fddbdf250100000000000000014100000018006574683a74756e6c30000000000000000000000000a2b9e7115876c55e9045eb1210d2d99beebbb8d84e726eaec20b83a10c050eee5e05bc584a0db3e2879328525675e8c46d4e79d40a02ba6d7a0df28a10931f2460077446a9c9a42396d2c4ef7edf56bf656be777c5010954dcfb668492fa8bd0aac86c20bd1e86afac112796f1c9c831d016687256361b841a60b36dc34e8a3c3de40d1aa7c4f11dc4b102"], 0x34}, 0x1, 0x0, 0x0, 0x20040851}, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x182800, 0x0) ioctl$RTC_AIE_ON(r6, 0x7001) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r4, 0x81, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) 9.859507509s ago: executing program 3 (id=768): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) 8.871411976s ago: executing program 1 (id=769): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) 8.677676798s ago: executing program 0 (id=770): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "e61089d0"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x24, 0x0, &(0x7f00000016c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00031300400013032ee03971d51b2a7ddd0236a3f837f9340ca937cc8eac45a07795452e491d596837066669509ce909d2397328eb2564970eb8d78b804ee0ab3287c7ef9aac55f0efc5a76d2be3acda12fb56865ced3794"], 0x0, 0x0, 0x0}, 0x0) 8.675742798s ago: executing program 4 (id=771): r0 = creat(&(0x7f0000000200)='./file1\x00', 0x12e) close(r0) r1 = socket(0x1e, 0x2, 0x0) dup3(r1, 0xffffffffffffffff, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 8.642518308s ago: executing program 3 (id=772): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000052000100000000000000000002"], 0x20}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 8.633538358s ago: executing program 4 (id=773): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000009"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r1, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r0}, 0x20) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) 8.617714858s ago: executing program 4 (id=774): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000"], 0x48) setregid(0xffffffffffffffff, 0x0) setgroups(0x2, &(0x7f0000000000)=[0x0, 0x0]) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, &(0x7f00000001c0)={0x1, 0x1, 0x10000000000000a, 0x10000}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00032dbd7000fddbdf250100000000000000014100000018006574683a74756e6c30000000000000000000000000a2b9e7115876c55e9045eb1210d2d99beebbb8d84e726eaec20b83a10c050eee5e05bc584a0db3e2879328525675e8c46d4e79d40a02ba6d7a0df28a10931f2460077446a9c9a42396d2c4ef7edf56bf656be777c5010954dcfb668492fa8bd0aac86c20bd1e86afac112796f1c9c831d016687256361b841a60b36dc34e8a3c3de40d1aa7c4f11dc4b102"], 0x34}, 0x1, 0x0, 0x0, 0x20040851}, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x182800, 0x0) ioctl$RTC_AIE_ON(r6, 0x7001) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x81, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) 8.461737069s ago: executing program 3 (id=775): write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x9, 0x0, 0x1, 0x400}, 0x36, [0xf7fffffe, 0x0, 0x0, 0x0, 0x1, 0xfffffffc, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xa, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x9f1, 0x0, 0x0, 0x4, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x6, 0x0, 0x58, 0x10000000, 0x9, 0x0, 0xffffbffc, 0xfffffff8, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0xb, 0x3, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0xf], [0x2, 0x1, 0x0, 0xffffbffd, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40, 0x400, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55], [0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xbd8f, 0x0, 0x4, 0x0, 0xfffffffd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10001, 0x810, 0x0, 0x0, 0x0, 0x80003c, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0xffffffff, 0x0, 0x1, 0x0, 0xc9d2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x4, 0x2000000], [0x4, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xb1, 0x5, 0x0, 0x4, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xffffffff, 0x6, 0x0, 0x0, 0x1000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x8f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 8.461323819s ago: executing program 3 (id=776): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000340)) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x18, 0x30, 0x12f, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) socket$packet(0x11, 0x3, 0x300) futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000140), 0xc5000001) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r6}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x8a, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}]}, 0x4, 0x44d, &(0x7f0000000900)="$eJzs3MtvG0UYAPDPdpw0fZBQyqOhhUBBRDySJn3QA5cikDiAhASHIk4hSatQt0FNkGgVQeAQjqgSd8QRib+AC+WCgBMSV7gjpAjl0sLJaO3d1E3sJE6cuNS/n7TJjGesmW93xx7Peh1AxxpM/uQi9kfE7xHRV83eWWGw+u/W8vzEP8vzE7kol9/6O1epd3N5fiKrmj1vXzVTLq/T7uK7EeOl0tSVND8yd+mDkdmr116YvjR+YerC1OWxM2dOnjjafXrsVEviTOK6OfDxzJHDr71z/Y2Jc9ff+/nbpL/70/LaOFplsLp363q61Y212YGadK6rjR2hKYWISA5XsTL++6IQvStlffHqZ23tHLCjyuV8uadx8UIZuIclE3WgE2Vv9Mnn32zbpanHXWHpbKysY9xKt2pJV+TTOsX0M9JOGIyIcwv/fpVssUPrEAAAtW6cjYjn683/8vFQTb370mso/RFxf0QcjIgHIuJQRDwYUan7cEQ80mT7q6+QrJ3/lPu2FNgmJfO/l9JrW3fO/7LZX/QX0tyBSvzF3Pnp0tTxdJ8MRbEnyY+u08YPr/z2RaOy2vlfsiXtZ3PBtB9/da1aoJscnxvfTsy1lj6NGOiqF39uZc6bzI8PR8TAFtuYfvabI43K+jeMfx0tmJSXv454pnr8F2JV/Jlcw+uToy+eHjs1sidKU8dHsrNirV9+XXyzUfsbH/+dtXSjHHvrnv8r8ffn9kTMXr12sXK9drb5Nhb/+LzhZ5qtnv/dubcr6e70sY/G5+aujEZ0515f+/jY7edm+ax+cv4PHas//g/G7T3xaEQkJ/HRiHgsIh5P+/5ERDwZEcfWif+nl596v/n411mVb6Ek/smNjn/UHv/mE4WLP37XfPyZ5PifrKSG0kc28/q32Q5uZ98BAADA/0W+8h34XH54JZ3PDw9Xv8N/KPbmSzOzc8+dn/nw8mT1u/L9UcxnK119Neuho+laXpYfW5U/ka4bf1noreSHJ2ZKk+0OHjrcvgbjP/Fnod29A3ac+7Wgcxn/0LmMf+hcxj90LuMfOle98f9JG/oB7L4N3v97d6sfwO4z/4fOZfxD5zL+oSM1vDc+v61b/iXalPi+e3u/1bD5ROTvkpDvmUQx6hZ1bfrHLLaY6Klb1O5XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4LwAA//+KpOMG") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_open_dev$usbfs(0x0, 0xf, 0xc340) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x7c7, 0x3, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x86, 0x4, 0x0, @empty, @local}}}}) 7.631497065s ago: executing program 1 (id=777): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000000c0)={0x43, 0x3, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0) 7.562181136s ago: executing program 2 (id=778): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x10001, 0xfffffffd, 0x402}) 7.430792166s ago: executing program 1 (id=779): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000000}}, {@jqfmt_vfsv0}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP") chdir(&(0x7f0000000100)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x40) getdents64(r0, &(0x7f0000000d00)=""/65, 0x41) 7.273270698s ago: executing program 1 (id=780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000600)=[@text16={0x10, 0x0}], 0x1, 0x74, 0x0, 0xfffffcda) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0400000000000000850400000000000005"]) 5.823987098s ago: executing program 0 (id=781): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000340)) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x18, 0x30, 0x12f, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000100)={0x22, 0x6}, 0x4) futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000140), 0xc5000001) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r7}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x8a, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}]}, 0x4, 0x44d, &(0x7f0000000900)="$eJzs3MtvG0UYAPDPdpw0fZBQyqOhhUBBRDySJn3QA5cikDiAhASHIk4hSatQt0FNkGgVQeAQjqgSd8QRib+AC+WCgBMSV7gjpAjl0sLJaO3d1E3sJE6cuNS/n7TJjGesmW93xx7Peh1AxxpM/uQi9kfE7xHRV83eWWGw+u/W8vzEP8vzE7kol9/6O1epd3N5fiKrmj1vXzVTLq/T7uK7EeOl0tSVND8yd+mDkdmr116YvjR+YerC1OWxM2dOnjjafXrsVEviTOK6OfDxzJHDr71z/Y2Jc9ff+/nbpL/70/LaOFplsLp363q61Y212YGadK6rjR2hKYWISA5XsTL++6IQvStlffHqZ23tHLCjyuV8uadx8UIZuIclE3WgE2Vv9Mnn32zbpanHXWHpbKysY9xKt2pJV+TTOsX0M9JOGIyIcwv/fpVssUPrEAAAtW6cjYjn683/8vFQTb370mso/RFxf0QcjIgHIuJQRDwYUan7cEQ80mT7q6+QrJ3/lPu2FNgmJfO/l9JrW3fO/7LZX/QX0tyBSvzF3Pnp0tTxdJ8MRbEnyY+u08YPr/z2RaOy2vlfsiXtZ3PBtB9/da1aoJscnxvfTsy1lj6NGOiqF39uZc6bzI8PR8TAFtuYfvabI43K+jeMfx0tmJSXv454pnr8F2JV/Jlcw+uToy+eHjs1sidKU8dHsrNirV9+XXyzUfsbH/+dtXSjHHvrnv8r8ffn9kTMXr12sXK9drb5Nhb/+LzhZ5qtnv/dubcr6e70sY/G5+aujEZ0515f+/jY7edm+ax+cv4PHas//g/G7T3xaEQkJ/HRiHgsIh5P+/5ERDwZEcfWif+nl596v/n411mVb6Ek/smNjn/UHv/mE4WLP37XfPyZ5PifrKSG0kc28/q32Q5uZ98BAADA/0W+8h34XH54JZ3PDw9Xv8N/KPbmSzOzc8+dn/nw8mT1u/L9UcxnK119Neuho+laXpYfW5U/ka4bf1noreSHJ2ZKk+0OHjrcvgbjP/Fnod29A3ac+7Wgcxn/0LmMf+hcxj90LuMfOle98f9JG/oB7L4N3v97d6sfwO4z/4fOZfxD5zL+oSM1vDc+v61b/iXalPi+e3u/1bD5ROTvkpDvmUQx6hZ1bfrHLLaY6Klb1O5XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4LwAA//+KpOMG") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_open_dev$usbfs(0x0, 0xf, 0xc340) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x7c7, 0x3, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x86, 0x4, 0x0, @empty, @local}}}}) 5.803722378s ago: executing program 1 (id=782): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000"], 0x48) setregid(0xffffffffffffffff, 0x0) read$FUSE(r3, &(0x7f0000001680)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r5, 0x26, &(0x7f00000001c0)={0x1, 0x1, 0x10000000000000a, 0x10000}) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00032dbd7000fddbdf250100000000000000014100000018006574683a74756e6c30000000000000000000000000a2b9e7115876c55e9045eb1210d2d99beebbb8d84e726eaec20b83a10c050eee5e05bc584a0db3e2879328525675e8c46d4e79d40a02ba6d7a0df28a10931f2460077446a9c9a42396d2c4ef7edf56bf656be777c5010954dcfb668492fa8bd0aac86c20bd1e86afac112796f1c9c831d016687256361b841a60b36dc34e8a3c3de40d1aa7c4f11dc4b102"], 0x34}, 0x1, 0x0, 0x0, 0x20040851}, 0x0) fcntl$lock(r5, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x182800, 0x0) ioctl$RTC_AIE_ON(r7, 0x7001) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r4, 0x81, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) 3.560725214s ago: executing program 2 (id=783): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000340)) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x18, 0x30, 0x12f, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10) r6 = socket$packet(0x11, 0x3, 0x300) futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000140), 0xc5000001) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000001c00)={0x1, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}]}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r7}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x8a, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}]}, 0x4, 0x44d, &(0x7f0000000900)="$eJzs3MtvG0UYAPDPdpw0fZBQyqOhhUBBRDySJn3QA5cikDiAhASHIk4hSatQt0FNkGgVQeAQjqgSd8QRib+AC+WCgBMSV7gjpAjl0sLJaO3d1E3sJE6cuNS/n7TJjGesmW93xx7Peh1AxxpM/uQi9kfE7xHRV83eWWGw+u/W8vzEP8vzE7kol9/6O1epd3N5fiKrmj1vXzVTLq/T7uK7EeOl0tSVND8yd+mDkdmr116YvjR+YerC1OWxM2dOnjjafXrsVEviTOK6OfDxzJHDr71z/Y2Jc9ff+/nbpL/70/LaOFplsLp363q61Y212YGadK6rjR2hKYWISA5XsTL++6IQvStlffHqZ23tHLCjyuV8uadx8UIZuIclE3WgE2Vv9Mnn32zbpanHXWHpbKysY9xKt2pJV+TTOsX0M9JOGIyIcwv/fpVssUPrEAAAtW6cjYjn683/8vFQTb370mso/RFxf0QcjIgHIuJQRDwYUan7cEQ80mT7q6+QrJ3/lPu2FNgmJfO/l9JrW3fO/7LZX/QX0tyBSvzF3Pnp0tTxdJ8MRbEnyY+u08YPr/z2RaOy2vlfsiXtZ3PBtB9/da1aoJscnxvfTsy1lj6NGOiqF39uZc6bzI8PR8TAFtuYfvabI43K+jeMfx0tmJSXv454pnr8F2JV/Jlcw+uToy+eHjs1sidKU8dHsrNirV9+XXyzUfsbH/+dtXSjHHvrnv8r8ffn9kTMXr12sXK9drb5Nhb/+LzhZ5qtnv/dubcr6e70sY/G5+aujEZ0515f+/jY7edm+ax+cv4PHas//g/G7T3xaEQkJ/HRiHgsIh5P+/5ERDwZEcfWif+nl596v/n411mVb6Ek/smNjn/UHv/mE4WLP37XfPyZ5PifrKSG0kc28/q32Q5uZ98BAADA/0W+8h34XH54JZ3PDw9Xv8N/KPbmSzOzc8+dn/nw8mT1u/L9UcxnK119Neuho+laXpYfW5U/ka4bf1noreSHJ2ZKk+0OHjrcvgbjP/Fnod29A3ac+7Wgcxn/0LmMf+hcxj90LuMfOle98f9JG/oB7L4N3v97d6sfwO4z/4fOZfxD5zL+oSM1vDc+v61b/iXalPi+e3u/1bD5ROTvkpDvmUQx6hZ1bfrHLLaY6Klb1O5XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4LwAA//+KpOMG") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_open_dev$usbfs(0x0, 0xf, 0xc340) 2.328377873s ago: executing program 0 (id=784): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448e1, &(0x7f00000001c0)) 2.328037913s ago: executing program 4 (id=785): close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00'], 0x48) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000e00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) io_setup(0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, &(0x7f0000000480)={'filter\x00', 0xb001, 0x2, 0x3c8, 0x0, 0x1f8, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @dev={0xac, 0x14, 0x14, 0x21}, @dev={0xac, 0x14, 0x14, 0x15}, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000002780)={'syz', 0x3}, &(0x7f00000027c0)=',*[\\/&)\x00', 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) 2.253609984s ago: executing program 4 (id=786): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000340)) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002600)=@newtaction={0x18, 0x30, 0x12f, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='xfrm0\x00', 0x10) r6 = socket$packet(0x11, 0x3, 0x300) futex(&(0x7f0000000040), 0x5, 0x0, 0x0, &(0x7f0000000140), 0xc5000001) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000001c00)={0x1, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}]}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r7}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x8a, &(0x7f0000000240)={[{@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}]}, 0x4, 0x44d, &(0x7f0000000900)="$eJzs3MtvG0UYAPDPdpw0fZBQyqOhhUBBRDySJn3QA5cikDiAhASHIk4hSatQt0FNkGgVQeAQjqgSd8QRib+AC+WCgBMSV7gjpAjl0sLJaO3d1E3sJE6cuNS/n7TJjGesmW93xx7Peh1AxxpM/uQi9kfE7xHRV83eWWGw+u/W8vzEP8vzE7kol9/6O1epd3N5fiKrmj1vXzVTLq/T7uK7EeOl0tSVND8yd+mDkdmr116YvjR+YerC1OWxM2dOnjjafXrsVEviTOK6OfDxzJHDr71z/Y2Jc9ff+/nbpL/70/LaOFplsLp363q61Y212YGadK6rjR2hKYWISA5XsTL++6IQvStlffHqZ23tHLCjyuV8uadx8UIZuIclE3WgE2Vv9Mnn32zbpanHXWHpbKysY9xKt2pJV+TTOsX0M9JOGIyIcwv/fpVssUPrEAAAtW6cjYjn683/8vFQTb370mso/RFxf0QcjIgHIuJQRDwYUan7cEQ80mT7q6+QrJ3/lPu2FNgmJfO/l9JrW3fO/7LZX/QX0tyBSvzF3Pnp0tTxdJ8MRbEnyY+u08YPr/z2RaOy2vlfsiXtZ3PBtB9/da1aoJscnxvfTsy1lj6NGOiqF39uZc6bzI8PR8TAFtuYfvabI43K+jeMfx0tmJSXv454pnr8F2JV/Jlcw+uToy+eHjs1sidKU8dHsrNirV9+XXyzUfsbH/+dtXSjHHvrnv8r8ffn9kTMXr12sXK9drb5Nhb/+LzhZ5qtnv/dubcr6e70sY/G5+aujEZ0515f+/jY7edm+ax+cv4PHas//g/G7T3xaEQkJ/HRiHgsIh5P+/5ERDwZEcfWif+nl596v/n411mVb6Ek/smNjn/UHv/mE4WLP37XfPyZ5PifrKSG0kc28/q32Q5uZ98BAADA/0W+8h34XH54JZ3PDw9Xv8N/KPbmSzOzc8+dn/nw8mT1u/L9UcxnK119Neuho+laXpYfW5U/ka4bf1noreSHJ2ZKk+0OHjrcvgbjP/Fnod29A3ac+7Wgcxn/0LmMf+hcxj90LuMfOle98f9JG/oB7L4N3v97d6sfwO4z/4fOZfxD5zL+oSM1vDc+v61b/iXalPi+e3u/1bD5ROTvkpDvmUQx6hZ1bfrHLLaY6Klb1O5XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4LwAA//+KpOMG") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_open_dev$usbfs(0x0, 0xf, 0xc340) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x7c7, 0x3, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x86, 0x4, 0x0, @empty, @local}}}}) 495.869µs ago: executing program 1 (id=787): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x1c000004, 0x0, {[0x2]}}, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f07"], 0x0}, 0x0) 0s ago: executing program 3 (id=788): close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00'], 0x48) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) io_setup(0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, &(0x7f0000000480)={'filter\x00', 0xb001, 0x2, 0x3c8, 0x0, 0x1f8, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @dev={0xac, 0x14, 0x14, 0x21}, @dev={0xac, 0x14, 0x14, 0x15}, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000002780)={'syz', 0x3}, &(0x7f00000027c0)=',*[\\/&)\x00', 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) kernel console output (not intermixed with test programs): mended IO charset for FAT filesystems, filesystem will be case sensitive! [ 116.388302][ T498] udevd[498]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.8/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 116.414104][ T1047] syz.2.158[1047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 116.414480][ T1047] syz.2.158[1047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 116.805750][ T1049] netlink: 180 bytes leftover after parsing attributes in process `syz.4.148'. [ 116.827338][ T1049] netlink: 180 bytes leftover after parsing attributes in process `syz.4.148'. [ 117.129974][ T1047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.158'. [ 117.291382][ T1056] loop1: detected capacity change from 0 to 1024 [ 117.374720][ T1056] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.149: Invalid block bitmap block 0 in block_group 0 [ 117.396898][ T1056] Quota error (device loop1): write_blk: dquota write failed [ 117.404533][ T1056] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 117.417702][ T1056] EXT4-fs error (device loop1): ext4_acquire_dquot:6803: comm syz.1.149: Failed to acquire dquot type 0 [ 117.435390][ T1056] EXT4-fs error (device loop1): ext4_free_blocks:6205: comm syz.1.149: Freeing blocks not in datazone - block = 0, count = 4096 [ 117.457243][ T1056] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.149: Invalid inode bitmap blk 0 in block_group 0 [ 117.473718][ T1056] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 117.483362][ T1056] EXT4-fs (loop1): 1 orphan inode deleted [ 117.489433][ T1056] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 118.029890][ T472] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 118.058259][ T472] EXT4-fs error (device loop1): ext4_release_dquot:6839: comm kworker/u4:6: Failed to release dquot type 0 [ 119.537569][ T1067] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 119.546817][ T1067] FAT-fs (loop5): unable to read boot sector [ 119.609082][ T285] EXT4-fs (loop1): unmounting filesystem. [ 119.733408][ T1074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.150'. [ 119.744109][ T1074] device gretap0 entered promiscuous mode [ 119.749943][ T1074] device macsec1 entered promiscuous mode [ 119.787426][ T1075] loop3: detected capacity change from 0 to 512 [ 121.556441][ T1077] loop4: detected capacity change from 0 to 16 [ 121.572594][ T1077] erofs: Unknown parameter '00000000000000000000006' [ 122.092183][ T1074] device gretap0 left promiscuous mode [ 122.133499][ T1075] EXT4-fs warning (device loop3): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop3. [ 123.285802][ T1085] loop2: detected capacity change from 0 to 4096 [ 123.304800][ T1085] EXT4-fs: Ignoring removed nomblk_io_submit option [ 123.312120][ T1087] syz.0.155[1087] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.312198][ T1087] syz.0.155[1087] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.362773][ T1085] EXT4-fs: Ignoring removed i_version option [ 123.381089][ T1085] EXT4-fs (loop2): cluster size (1024) smaller than block size (4096) [ 123.417903][ T1090] netlink: 4 bytes leftover after parsing attributes in process `syz.0.155'. [ 123.478247][ T1091] loop4: detected capacity change from 0 to 512 [ 123.659489][ T1091] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 123.670861][ T1091] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.159: bad orphan inode 15 [ 123.684056][ T1091] ext4_test_bit(bit=14, block=4) = 1 [ 123.689438][ T1091] is_bad_inode(inode)=0 [ 123.693678][ T1091] NEXT_ORPHAN(inode)=0 [ 123.697843][ T1091] max_ino=32 [ 123.701098][ T1091] i_nlink=1 [ 123.704649][ T1091] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 123.819751][ T1091] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 124.469668][ T287] EXT4-fs (loop4): unmounting filesystem. [ 124.560902][ T1099] loop4: detected capacity change from 0 to 512 [ 124.675634][ T1099] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 125.711467][ T1102] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 125.720695][ T1102] FAT-fs (loop7): unable to read boot sector [ 125.731577][ T1107] loop1: detected capacity change from 0 to 512 [ 126.269565][ T1106] fuse: Bad value for 'rootmode' [ 126.718245][ T1107] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 126.726390][ T1107] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.157: bad orphan inode 15 [ 126.737032][ T1107] ext4_test_bit(bit=14, block=4) = 1 [ 126.743094][ T1107] is_bad_inode(inode)=0 [ 126.747626][ T1107] NEXT_ORPHAN(inode)=0 [ 126.752012][ T1107] max_ino=32 [ 126.755272][ T1107] i_nlink=1 [ 126.758525][ T1107] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 126.844399][ T1105] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 127.847094][ T1114] netlink: 180 bytes leftover after parsing attributes in process `syz.3.165'. [ 127.856987][ T1114] netlink: 180 bytes leftover after parsing attributes in process `syz.3.165'. [ 127.889731][ T1118] loop2: detected capacity change from 0 to 1024 [ 128.089056][ T1118] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.166: Invalid block bitmap block 0 in block_group 0 [ 128.118924][ T1118] Quota error (device loop2): write_blk: dquota write failed [ 128.126614][ T1118] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 128.137091][ T1118] EXT4-fs error (device loop2): ext4_acquire_dquot:6803: comm syz.2.166: Failed to acquire dquot type 0 [ 128.153405][ T1118] EXT4-fs error (device loop2): ext4_free_blocks:6205: comm syz.2.166: Freeing blocks not in datazone - block = 0, count = 4096 [ 128.174527][ T1118] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.166: Invalid inode bitmap blk 0 in block_group 0 [ 128.192532][ T1118] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 128.202214][ T1118] EXT4-fs (loop2): 1 orphan inode deleted [ 128.208878][ T1118] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 128.487912][ T507] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-8 [ 128.513588][ T507] EXT4-fs error (device loop2): ext4_release_dquot:6839: comm kworker/u4:7: Failed to release dquot type 0 [ 130.555073][ T1133] loop4: detected capacity change from 0 to 512 [ 130.599262][ T285] EXT4-fs (loop1): unmounting filesystem. [ 130.613624][ T1133] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 130.622400][ T1133] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.168: bad orphan inode 15 [ 130.632707][ T1133] ext4_test_bit(bit=14, block=4) = 1 [ 130.638073][ T1133] is_bad_inode(inode)=0 [ 130.642236][ T1133] NEXT_ORPHAN(inode)=0 [ 130.646381][ T1133] max_ino=32 [ 130.649694][ T1133] i_nlink=1 [ 130.652845][ T1133] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 130.695579][ T1130] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 131.202098][ T1138] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 131.211514][ T1138] FAT-fs (loop1): unable to read boot sector [ 131.306131][ T1143] loop1: detected capacity change from 0 to 512 [ 131.316916][ T1143] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 131.385916][ T286] EXT4-fs (loop2): unmounting filesystem. [ 131.393162][ T287] EXT4-fs (loop4): unmounting filesystem. [ 131.535737][ T1149] loop4: detected capacity change from 0 to 8192 [ 131.591553][ T1153] loop2: detected capacity change from 0 to 1024 [ 131.629117][ T1153] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.176: Invalid block bitmap block 0 in block_group 0 [ 131.643217][ T1153] Quota error (device loop2): write_blk: dquota write failed [ 131.650652][ T1153] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 131.660652][ T1153] EXT4-fs error (device loop2): ext4_acquire_dquot:6803: comm syz.2.176: Failed to acquire dquot type 0 [ 131.665234][ T1134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.171'. [ 131.672418][ T1153] EXT4-fs error (device loop2): ext4_free_blocks:6205: comm syz.2.176: Freeing blocks not in datazone - block = 0, count = 4096 [ 131.682633][ T1134] device gretap0 entered promiscuous mode [ 131.697729][ T1153] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.176: Invalid inode bitmap blk 0 in block_group 0 [ 131.699698][ T1134] device macsec1 entered promiscuous mode [ 131.712486][ T1153] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 131.721891][ T1135] loop3: detected capacity change from 0 to 512 [ 131.726721][ T472] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-8 [ 131.741775][ T1153] EXT4-fs (loop2): 1 orphan inode deleted [ 131.747678][ T1153] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 131.747794][ T1134] device gretap0 left promiscuous mode [ 131.757912][ T340] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 131.778323][ T472] EXT4-fs error (device loop2): ext4_release_dquot:6839: comm kworker/u4:6: Failed to release dquot type 0 [ 131.791997][ T1135] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 131.801003][ T1135] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 131.819666][ T1149] loop4: p3 < > [ 131.865897][ T498] udevd[498]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 131.884468][ T1152] syz.1.172[1152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.884549][ T1152] syz.1.172[1152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.943664][ T283] EXT4-fs (loop3): unmounting filesystem. [ 131.959154][ T340] usb 1-1: unable to get BOS descriptor or descriptor too short [ 131.995142][ T1157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.172'. [ 132.247543][ T340] usb 1-1: not running at top speed; connect to a high speed hub [ 132.264681][ T340] usb 1-1: config 1 has an invalid interface number: 138 but max is 0 [ 132.273826][ T340] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.284091][ T340] usb 1-1: config 1 has no interface number 0 [ 132.290347][ T340] usb 1-1: config 1 interface 138 altsetting 252 endpoint 0xC has invalid wMaxPacketSize 0 [ 132.300465][ T340] usb 1-1: config 1 interface 138 has no altsetting 0 [ 132.310512][ T340] usb 1-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 132.328053][ T340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.354203][ T340] usb 1-1: Product: syz [ 132.358581][ T340] usb 1-1: Manufacturer: syz [ 132.359689][ T28] audit: type=1400 audit(1761906187.572:328): avc: denied { ioctl } for pid=1164 comm="syz.1.179" path="/dev/uinput" dev="devtmpfs" ino=262 ioctlcmd=0x556a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 132.363240][ T340] usb 1-1: SerialNumber: syz [ 132.436627][ T286] EXT4-fs (loop2): unmounting filesystem. [ 132.608569][ T340] usb 1-1: USB disconnect, device number 4 [ 132.651641][ T1169] loop1: detected capacity change from 0 to 512 [ 132.676680][ T1169] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 132.786910][ T1169] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.180: bad orphan inode 15 [ 132.822301][ T1169] ext4_test_bit(bit=14, block=4) = 1 [ 132.829113][ T1169] is_bad_inode(inode)=0 [ 132.833498][ T1169] NEXT_ORPHAN(inode)=0 [ 132.837829][ T1169] max_ino=32 [ 132.841138][ T1169] i_nlink=1 [ 132.844350][ T1169] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 133.617990][ T1177] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 133.627277][ T1177] FAT-fs (loop9): unable to read boot sector [ 133.647814][ T1168] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 133.890100][ T285] EXT4-fs (loop1): unmounting filesystem. [ 133.907369][ T346] udevd[346]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.138/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 133.957564][ T28] audit: type=1400 audit(1761906189.162:329): avc: denied { getopt } for pid=1184 comm="syz.1.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 134.060614][ T1190] loop4: detected capacity change from 0 to 1024 [ 134.237008][ T1192] loop2: detected capacity change from 0 to 512 [ 135.801332][ T1192] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 135.984035][ T1192] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.181: bad orphan inode 15 [ 136.028064][ T1192] ext4_test_bit(bit=14, block=4) = 1 [ 136.033460][ T1192] is_bad_inode(inode)=0 [ 136.037862][ T1192] NEXT_ORPHAN(inode)=0 [ 136.042012][ T1192] max_ino=32 [ 136.045354][ T1192] i_nlink=1 [ 136.049001][ T1192] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 136.410512][ T1190] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.185: Invalid block bitmap block 0 in block_group 0 [ 136.483728][ T1190] Quota error (device loop4): write_blk: dquota write failed [ 136.491755][ T1190] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 136.505191][ T1190] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.185: Failed to acquire dquot type 0 [ 136.529060][ T1190] EXT4-fs error (device loop4): ext4_free_blocks:6205: comm syz.4.185: Freeing blocks not in datazone - block = 0, count = 4096 [ 136.547794][ T1192] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 136.867781][ T1190] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.185: Invalid inode bitmap blk 0 in block_group 0 [ 136.881980][ T1190] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 137.036148][ T1190] EXT4-fs (loop4): 1 orphan inode deleted [ 137.041999][ T1190] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 138.190082][ T472] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 138.206791][ T472] EXT4-fs error (device loop4): ext4_release_dquot:6839: comm kworker/u4:6: Failed to release dquot type 0 [ 138.288190][ T286] EXT4-fs (loop2): unmounting filesystem. [ 138.368976][ T1209] loop2: detected capacity change from 0 to 512 [ 138.380744][ T287] EXT4-fs (loop4): unmounting filesystem. [ 138.624240][ T1209] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 138.732434][ T1215] loop4: detected capacity change from 0 to 512 [ 138.742221][ T1215] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 139.759482][ T1222] syz.2.190[1222] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.759567][ T1222] syz.2.190[1222] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 140.007999][ T1225] syz.4.194[1225] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 140.019358][ T1225] syz.4.194[1225] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 140.375414][ T1219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.190'. [ 140.435526][ T1217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.194'. [ 142.249118][ T1240] loop2: detected capacity change from 0 to 512 [ 144.528457][ T1240] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 144.538766][ T1240] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.200: bad orphan inode 15 [ 144.550442][ T1240] ext4_test_bit(bit=14, block=4) = 1 [ 144.555839][ T1240] is_bad_inode(inode)=0 [ 144.560093][ T1240] NEXT_ORPHAN(inode)=0 [ 144.564234][ T1240] max_ino=32 [ 144.567482][ T1240] i_nlink=1 [ 144.570942][ T1240] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 144.661985][ T28] audit: type=1400 audit(1761906199.872:330): avc: denied { ioctl } for pid=1245 comm="syz.4.201" path="pid:[4026532505]" dev="nsfs" ino=4026532505 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 144.702126][ T1252] loop1: detected capacity change from 0 to 256 [ 144.978649][ T340] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 145.001727][ T286] EXT4-fs (loop2): unmounting filesystem. [ 145.115527][ T1252] FAT-fs (loop1): Directory bread(block 64) failed [ 145.157398][ T1252] FAT-fs (loop1): Directory bread(block 65) failed [ 145.237314][ T1252] FAT-fs (loop1): Directory bread(block 66) failed [ 145.251688][ T1252] FAT-fs (loop1): Directory bread(block 67) failed [ 145.291161][ T1252] FAT-fs (loop1): Directory bread(block 68) failed [ 145.342701][ T1252] FAT-fs (loop1): Directory bread(block 69) failed [ 145.423091][ T1252] FAT-fs (loop1): Directory bread(block 70) failed [ 145.437752][ T1252] FAT-fs (loop1): Directory bread(block 71) failed [ 145.461665][ T1252] FAT-fs (loop1): Directory bread(block 72) failed [ 145.572026][ T1252] FAT-fs (loop1): Directory bread(block 73) failed [ 146.099507][ T28] audit: type=1400 audit(1761906201.312:331): avc: denied { setopt } for pid=1270 comm="syz.2.205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.105671][ T1273] loop1: detected capacity change from 0 to 512 [ 146.126170][ T1273] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 146.688402][ T1289] syz.1.210[1289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.688663][ T1289] syz.1.210[1289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.800994][ T1285] netlink: 4 bytes leftover after parsing attributes in process `syz.1.210'. [ 147.908999][ T1294] loop4: detected capacity change from 0 to 512 [ 147.918967][ T1294] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 148.317462][ T1286] loop3: detected capacity change from 0 to 512 [ 149.452825][ T1295] loop2: detected capacity change from 0 to 512 [ 149.803906][ T1294] syz.4.218[1294] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.803981][ T1294] syz.4.218[1294] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.814405][ T1295] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 149.845704][ T1295] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.215: bad orphan inode 15 [ 149.858781][ T1295] ext4_test_bit(bit=14, block=4) = 1 [ 149.864114][ T1295] is_bad_inode(inode)=0 [ 149.868325][ T1295] NEXT_ORPHAN(inode)=0 [ 149.872429][ T1295] max_ino=32 [ 149.875663][ T1295] i_nlink=1 [ 149.878932][ T1295] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 149.903184][ T1300] netlink: 4 bytes leftover after parsing attributes in process `syz.4.218'. [ 150.098502][ T286] EXT4-fs (loop2): unmounting filesystem. [ 150.907599][ T1302] loop1: detected capacity change from 0 to 128 [ 150.921426][ T28] audit: type=1400 audit(1761906206.132:332): avc: denied { ioctl } for pid=1307 comm="syz.0.223" path="socket:[18754]" dev="sockfs" ino=18754 ioctlcmd=0x48cc scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 150.936328][ T1305] loop2: detected capacity change from 0 to 256 [ 150.998718][ T1305] exFAT-fs (loop2): Invalid exboot-signature(sector = 2): 0x1119abd0 [ 151.036636][ T1305] exFAT-fs (loop2): Invalid exboot-signature(sector = 5): 0x1119abd0 [ 151.142251][ T1286] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 151.151929][ T1319] loop1: detected capacity change from 0 to 1024 [ 151.163865][ T1286] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.212: bad orphan inode 15 [ 151.266435][ T1319] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.225: Invalid block bitmap block 0 in block_group 0 [ 151.282197][ T1319] Quota error (device loop1): write_blk: dquota write failed [ 151.289750][ T1319] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 151.299905][ T1319] EXT4-fs error (device loop1): ext4_acquire_dquot:6803: comm syz.1.225: Failed to acquire dquot type 0 [ 151.314096][ T1319] EXT4-fs error (device loop1): ext4_free_blocks:6205: comm syz.1.225: Freeing blocks not in datazone - block = 0, count = 4096 [ 151.329378][ T1319] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.225: Invalid inode bitmap blk 0 in block_group 0 [ 151.342922][ T10] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 151.353064][ T1319] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 151.363213][ T1319] EXT4-fs (loop1): 1 orphan inode deleted [ 151.369086][ T1319] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 151.463124][ T10] EXT4-fs error (device loop1): ext4_release_dquot:6839: comm kworker/u4:1: Failed to release dquot type 0 [ 151.586853][ T1286] ext4_test_bit(bit=14, block=4) = 1 [ 151.592335][ T1286] is_bad_inode(inode)=0 [ 151.596630][ T1286] NEXT_ORPHAN(inode)=0 [ 151.600756][ T1286] max_ino=32 [ 151.603996][ T1286] i_nlink=1 [ 151.607275][ T1286] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 151.900112][ T1305] exFAT-fs (loop2): Invalid exboot-signature(sector = 6): 0x00000000 [ 151.936351][ T1305] exFAT-fs (loop2): Invalid exboot-signature(sector = 7): 0x00000000 [ 151.947278][ T283] EXT4-fs (loop3): unmounting filesystem. [ 151.973761][ T1305] exFAT-fs (loop2): Invalid exboot-signature(sector = 8): 0x00000000 [ 151.995603][ T1305] exFAT-fs (loop2): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e) [ 152.018278][ T1305] exFAT-fs (loop2): invalid boot region [ 152.030097][ T1305] exFAT-fs (loop2): failed to recognize exfat type [ 152.324072][ T28] audit: type=1400 audit(1761906207.532:333): avc: denied { write } for pid=1334 comm="syz.2.235" name="001" dev="devtmpfs" ino=176 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 152.354998][ T1335] usb usb5: usbfs: process 1335 (syz.2.235) did not claim interface 0 before use [ 152.377236][ T28] audit: type=1400 audit(1761906207.582:334): avc: denied { read write } for pid=1336 comm="syz.4.236" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 152.388085][ T285] EXT4-fs (loop1): unmounting filesystem. [ 152.406151][ T28] audit: type=1400 audit(1761906207.612:335): avc: denied { open } for pid=1336 comm="syz.4.236" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 152.484962][ T28] audit: type=1400 audit(1761906207.692:336): avc: denied { write } for pid=1344 comm="syz.0.239" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 152.510280][ T1351] random: crng reseeded on system resumption [ 152.544908][ T28] audit: type=1400 audit(1761906207.712:337): avc: denied { connect } for pid=1347 comm="syz.3.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 152.566838][ T28] audit: type=1400 audit(1761906207.722:338): avc: denied { open } for pid=1344 comm="syz.0.239" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 152.697177][ T1375] loop4: detected capacity change from 0 to 128 [ 152.728675][ T1375] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 152.740631][ T1377] netlink: 144 bytes leftover after parsing attributes in process `syz.0.253'. [ 152.749795][ T1375] FAT-fs (loop4): Filesystem has been set read-only [ 152.758292][ T1377] netlink: 16 bytes leftover after parsing attributes in process `syz.0.253'. [ 152.787143][ T1377] netlink: 16 bytes leftover after parsing attributes in process `syz.0.253'. [ 152.832892][ T1383] loop4: detected capacity change from 0 to 512 [ 152.905023][ T1383] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 152.914396][ T1383] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.951509][ T287] EXT4-fs (loop4): unmounting filesystem. [ 152.959344][ T1398] netlink: 16 bytes leftover after parsing attributes in process `syz.0.262'. [ 152.984892][ T1402] netlink: 680 bytes leftover after parsing attributes in process `syz.4.261'. [ 154.175731][ T1415] loop1: detected capacity change from 0 to 256 [ 154.200835][ T1415] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 154.737715][ T1406] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 154.746905][ T1406] FAT-fs (loop7): unable to read boot sector [ 154.758992][ T1409] loop4: detected capacity change from 0 to 512 [ 155.795872][ T1438] loop1: detected capacity change from 0 to 256 [ 155.823302][ T1438] FAT-fs (loop1): Directory bread(block 64) failed [ 155.832147][ T1438] FAT-fs (loop1): Directory bread(block 65) failed [ 155.839113][ T1438] FAT-fs (loop1): Directory bread(block 66) failed [ 155.842561][ T1434] loop3: detected capacity change from 0 to 512 [ 155.846385][ T1438] FAT-fs (loop1): Directory bread(block 67) failed [ 155.854713][ T1434] EXT4-fs: Ignoring removed mblk_io_submit option [ 155.866253][ T1438] FAT-fs (loop1): Directory bread(block 68) failed [ 155.873752][ T1409] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 155.874157][ T1438] FAT-fs (loop1): Directory bread(block 69) failed [ 155.882658][ T1409] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.265: bad orphan inode 15 [ 155.888442][ T1438] FAT-fs (loop1): Directory bread(block 70) failed [ 155.899430][ T1409] ext4_test_bit(bit=14, block=4) = 1 [ 155.905389][ T1438] FAT-fs (loop1): Directory bread(block 71) failed [ 155.910724][ T1409] is_bad_inode(inode)=0 [ 155.910736][ T1409] NEXT_ORPHAN(inode)=0 [ 155.910743][ T1409] max_ino=32 [ 155.910750][ T1409] i_nlink=1 [ 155.918081][ T1438] FAT-fs (loop1): Directory bread(block 72) failed [ 155.922169][ T1409] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 155.943130][ T340] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 155.963761][ T1438] FAT-fs (loop1): Directory bread(block 73) failed [ 155.997090][ T287] EXT4-fs (loop4): unmounting filesystem. [ 156.003513][ T1434] EXT4-fs (loop3): orphan cleanup on readonly fs [ 156.010035][ T1434] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 156.028636][ T1434] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.274: attempt to clear invalid blocks 2 len 1 [ 156.056143][ T1434] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 156.070696][ T1434] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.274: invalid indirect mapped block 1819239214 (level 0) [ 156.091437][ T1434] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.274: invalid indirect mapped block 1819239214 (level 1) [ 156.179094][ T1434] EXT4-fs (loop3): 1 truncate cleaned up [ 156.184930][ T1434] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 156.581989][ T340] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 156.702477][ T340] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 156.710974][ T340] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 156.720112][ T340] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 156.733590][ T340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 156.746976][ T340] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 156.748010][ T1453] random: crng reseeded on system resumption [ 156.760187][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 156.760204][ T28] audit: type=1400 audit(1761906211.962:345): avc: denied { append } for pid=1452 comm="syz.2.280" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 156.816912][ T340] usb 1-1: string descriptor 0 read error: -22 [ 156.824276][ T28] audit: type=1400 audit(1761906212.022:346): avc: denied { ioctl } for pid=1452 comm="syz.2.280" path="/dev/snapshot" dev="devtmpfs" ino=91 ioctlcmd=0x330d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 156.849280][ T340] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 156.871364][ T340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.886241][ T1456] netlink: 448 bytes leftover after parsing attributes in process `syz.2.281'. [ 156.921093][ T340] usb 1-1: config 0 descriptor?? [ 156.936346][ T1423] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 156.949726][ T340] hub 1-1:0.0: bad descriptor, ignoring hub [ 156.967075][ T340] hub: probe of 1-1:0.0 failed with error -5 [ 157.006817][ T340] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 157.052479][ T28] audit: type=1400 audit(1761906212.262:347): avc: denied { read } for pid=88 comm="acpid" name="event3" dev="devtmpfs" ino=873 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 157.727726][ T1462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.274'. [ 158.691969][ T1469] loop2: detected capacity change from 0 to 1024 [ 158.780162][ T283] EXT4-fs (loop3): unmounting filesystem. [ 158.792902][ T335] usb 1-1: USB disconnect, device number 5 [ 158.838024][ T1469] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.284: Invalid block bitmap block 0 in block_group 0 [ 158.852862][ T1469] Quota error (device loop2): write_blk: dquota write failed [ 158.860321][ T1469] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 158.870286][ T1469] EXT4-fs error (device loop2): ext4_acquire_dquot:6803: comm syz.2.284: Failed to acquire dquot type 0 [ 158.881950][ T1469] EXT4-fs error (device loop2): ext4_free_blocks:6205: comm syz.2.284: Freeing blocks not in datazone - block = 0, count = 4096 [ 158.895446][ T1469] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.284: Invalid inode bitmap blk 0 in block_group 0 [ 158.908223][ T1469] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 158.916882][ T1469] EXT4-fs (loop2): 1 orphan inode deleted [ 158.922828][ T1469] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 158.948715][ T28] audit: type=1400 audit(1761906212.262:348): avc: denied { open } for pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=873 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 158.972130][ T28] audit: type=1400 audit(1761906212.262:349): avc: denied { ioctl } for pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=873 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 158.992126][ T788] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-8 [ 159.017550][ T788] EXT4-fs error (device loop2): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 159.033466][ T1480] usb usb5: usbfs: process 1480 (syz.3.288) did not claim interface 0 before use [ 159.055022][ T1475] loop4: detected capacity change from 0 to 256 [ 159.072566][ T1475] FAT-fs (loop4): Directory bread(block 64) failed [ 159.079179][ T1475] FAT-fs (loop4): Directory bread(block 65) failed [ 159.085730][ T1475] FAT-fs (loop4): Directory bread(block 66) failed [ 159.093047][ T1475] FAT-fs (loop4): Directory bread(block 67) failed [ 159.100325][ T1475] FAT-fs (loop4): Directory bread(block 68) failed [ 159.106951][ T1475] FAT-fs (loop4): Directory bread(block 69) failed [ 159.113649][ T1475] FAT-fs (loop4): Directory bread(block 70) failed [ 159.134035][ T1475] FAT-fs (loop4): Directory bread(block 71) failed [ 159.194592][ T1475] FAT-fs (loop4): Directory bread(block 72) failed [ 159.217147][ T1475] FAT-fs (loop4): Directory bread(block 73) failed [ 159.296698][ T286] EXT4-fs (loop2): unmounting filesystem. [ 159.375970][ T28] audit: type=1400 audit(1761906214.582:350): avc: denied { append } for pid=1491 comm="syz.4.294" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 159.461967][ T1501] loop4: detected capacity change from 0 to 512 [ 159.522744][ T1501] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 159.540811][ T1501] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.802677][ T1507] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 159.812261][ T1507] FAT-fs (loop5): unable to read boot sector [ 160.396490][ T1501] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.299: corrupted xattr block 33 [ 160.419925][ T28] audit: type=1400 audit(1761906215.632:351): avc: denied { read write } for pid=1509 comm="syz.2.300" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 160.445696][ T340] hid-generic 0006:0004:0800.0002: item fetching failed at offset 3/4 [ 160.457760][ T1501] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 160.467058][ T340] hid-generic: probe of 0006:0004:0800.0002 failed with error -22 [ 160.505626][ T1511] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.299: corrupted xattr block 33 [ 160.517701][ T1501] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.299: corrupted xattr block 33 [ 160.538329][ T1511] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 160.568606][ T1501] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 160.590407][ T1515] loop2: detected capacity change from 0 to 512 [ 160.599121][ T1501] EXT4-fs error (device loop4): ext4_ext_remove_space:2930: inode #15: comm syz.4.299: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 160.637971][ T1515] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 160.668945][ T1501] EXT4-fs error (device loop4): ext4_evict_inode:290: comm syz.4.299: couldn't truncate inode 15 (err -117) [ 160.714816][ T287] EXT4-fs (loop4): unmounting filesystem. [ 161.198359][ T1521] loop4: detected capacity change from 0 to 1024 [ 161.258093][ T1518] syz.2.302[1518] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 161.258176][ T1518] syz.2.302[1518] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 161.308544][ T1521] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.303: Invalid block bitmap block 0 in block_group 0 [ 161.333511][ T1521] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.303: Failed to acquire dquot type 0 [ 161.345148][ T1521] EXT4-fs error (device loop4): ext4_free_blocks:6205: comm syz.4.303: Freeing blocks not in datazone - block = 0, count = 4096 [ 161.358777][ T1521] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.303: Invalid inode bitmap blk 0 in block_group 0 [ 161.371555][ T1521] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 161.380268][ T1521] EXT4-fs (loop4): 1 orphan inode deleted [ 161.386046][ T1521] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 161.959597][ T1531] loop1: detected capacity change from 0 to 512 [ 163.797931][ T39] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 163.805821][ T788] __quota_error: 6 callbacks suppressed [ 163.805837][ T788] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 163.821379][ T1531] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 163.829884][ T1531] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.306: bad orphan inode 15 [ 163.831955][ T788] EXT4-fs error (device loop4): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 163.851288][ T1531] ext4_test_bit(bit=14, block=4) = 1 [ 163.856598][ T1531] is_bad_inode(inode)=0 [ 163.861458][ T1531] NEXT_ORPHAN(inode)=0 [ 163.865543][ T1531] max_ino=32 [ 163.869448][ T1531] i_nlink=1 [ 163.872613][ T1531] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 163.890444][ T1530] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 163.928830][ T287] EXT4-fs (loop4): unmounting filesystem. [ 163.997585][ T39] usb 4-1: Using ep0 maxpacket: 8 [ 164.003877][ T39] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 164.044524][ T39] usb 4-1: config 179 has no interface number 0 [ 164.063994][ T285] EXT4-fs (loop1): unmounting filesystem. [ 164.089062][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 164.121079][ T1538] loop4: detected capacity change from 0 to 512 [ 164.131019][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 164.158322][ T1538] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 164.182767][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 164.201379][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 164.213597][ T39] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 164.288105][ T39] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 164.297873][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.307782][ T1527] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 164.415286][ T1542] syz.4.310[1542] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.415376][ T1542] syz.4.310[1542] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.476113][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 164.495666][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 164.511073][ T1545] netlink: 4 bytes leftover after parsing attributes in process `syz.4.310'. [ 164.579502][ T39] usb 4-1: USB disconnect, device number 3 [ 164.760368][ T1551] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 164.769964][ T1551] FAT-fs (loop1): unable to read boot sector [ 165.282438][ T1552] netlink: 4 bytes leftover after parsing attributes in process `syz.3.313'. [ 165.293153][ T1552] device gretap0 entered promiscuous mode [ 165.298950][ T1552] device macsec1 entered promiscuous mode [ 165.322825][ T1552] device gretap0 left promiscuous mode [ 165.335210][ T1553] loop3: detected capacity change from 0 to 512 [ 165.388784][ T1553] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 165.398291][ T1553] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.549031][ T283] EXT4-fs (loop3): unmounting filesystem. [ 165.575888][ T1563] loop1: detected capacity change from 0 to 2048 [ 165.583386][ T1565] syz.0.318[1565] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.583468][ T1565] syz.0.318[1565] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.649815][ T28] audit: type=1400 audit(1761906220.862:356): avc: denied { nlmsg_write } for pid=1566 comm="syz.2.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 165.684689][ T1570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.318'. [ 165.705257][ T1563] GPT:first_usable_lbas don't match. [ 165.715780][ T1563] GPT:34 != 290 [ 165.719371][ T1563] GPT: Use GNU Parted to correct GPT errors. [ 165.726505][ T1563] loop1: p1 p2 p3 [ 165.791647][ T28] audit: type=1400 audit(1761906220.932:357): avc: denied { write } for pid=1571 comm="syz.2.321" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 166.434472][ T1574] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 166.443685][ T1574] FAT-fs (loop7): unable to read boot sector [ 166.503416][ T1590] loop4: detected capacity change from 0 to 16 [ 166.511227][ T1590] erofs: (device loop4): mounted with root inode @ nid 36. [ 166.757767][ T19] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 167.066701][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 167.073956][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 23, changing to 8 [ 167.102085][ T1599] loop1: detected capacity change from 0 to 512 [ 167.108849][ T19] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 167.174168][ T1600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.330'. [ 167.184816][ T1600] device macsec0 entered promiscuous mode [ 167.190610][ T1600] device gretap0 entered promiscuous mode [ 167.228784][ T1601] loop4: detected capacity change from 0 to 512 [ 167.251228][ T1600] device gretap0 left promiscuous mode [ 167.385660][ T1599] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 167.411315][ T1601] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 167.420728][ T1601] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.464934][ T1606] loop3: detected capacity change from 0 to 256 [ 167.487699][ T1604] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 167.636994][ T1604] EXT4-fs (loop4): Remounting filesystem read-only [ 167.686721][ T19] usb 3-1: New USB device found, idVendor=04b3, idProduct=3109, bcdDevice= 0.00 [ 167.696306][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.706138][ T19] usb 3-1: config 0 descriptor?? [ 168.115356][ T19] lenovo 0003:04B3:3109.0003: unknown main item tag 0x0 [ 168.122432][ T19] lenovo 0003:04B3:3109.0003: unknown main item tag 0x0 [ 168.129701][ T19] lenovo 0003:04B3:3109.0003: unknown main item tag 0x0 [ 168.136683][ T19] lenovo 0003:04B3:3109.0003: unknown main item tag 0x0 [ 168.143958][ T19] lenovo 0003:04B3:3109.0003: unknown main item tag 0x0 [ 168.152135][ T19] lenovo 0003:04B3:3109.0003: hidraw0: USB HID v0.05 Device [HID 04b3:3109] on usb-dummy_hcd.2-1/input0 [ 168.318791][ T19] usb 3-1: USB disconnect, device number 2 [ 168.839811][ T1612] loop2: detected capacity change from 0 to 512 [ 168.857178][ T1612] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 168.905842][ T1613] fido_id[1613]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 169.097802][ T1615] syz.2.335[1615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 169.097883][ T1615] syz.2.335[1615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 169.228519][ T1615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.335'. [ 170.869749][ T287] EXT4-fs (loop4): unmounting filesystem. [ 170.963226][ T1618] loop2: detected capacity change from 0 to 512 [ 170.973211][ T1625] loop1: detected capacity change from 0 to 256 [ 170.980093][ T1618] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 171.038544][ T1625] FAT-fs (loop1): Directory bread(block 64) failed [ 171.052410][ T1625] FAT-fs (loop1): Directory bread(block 65) failed [ 171.059329][ T1625] FAT-fs (loop1): Directory bread(block 66) failed [ 171.065868][ T1625] FAT-fs (loop1): Directory bread(block 67) failed [ 171.073281][ T1625] FAT-fs (loop1): Directory bread(block 68) failed [ 171.080057][ T1625] FAT-fs (loop1): Directory bread(block 69) failed [ 171.088337][ T1625] FAT-fs (loop1): Directory bread(block 70) failed [ 171.094964][ T1625] FAT-fs (loop1): Directory bread(block 71) failed [ 171.104093][ T1625] FAT-fs (loop1): Directory bread(block 72) failed [ 171.112269][ T1625] FAT-fs (loop1): Directory bread(block 73) failed [ 171.204016][ T1645] syz.2.336[1645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.204098][ T1645] syz.2.336[1645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.227623][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 171.270265][ T1651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.336'. [ 171.365024][ T1656] loop3: detected capacity change from 0 to 1024 [ 171.536281][ T1656] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 171.544964][ T39] usb 5-1: Using ep0 maxpacket: 8 [ 171.551250][ T1656] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.556655][ T1664] loop1: detected capacity change from 0 to 512 [ 171.571167][ T1660] netlink: 4 bytes leftover after parsing attributes in process `syz.0.352'. [ 171.587061][ T1660] device macsec0 entered promiscuous mode [ 171.592901][ T1660] device gretap0 entered promiscuous mode [ 171.600287][ T1660] device gretap0 left promiscuous mode [ 171.609927][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.619092][ T1664] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 171.665216][ T39] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.690433][ T39] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.690571][ T788] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 171.712105][ T39] usb 5-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 171.721273][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.731155][ T788] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 171.777376][ T788] EXT4-fs (loop3): This should not happen!! Data will be lost [ 171.777376][ T788] [ 171.788684][ T788] EXT4-fs (loop3): Total free blocks count 0 [ 171.794740][ T788] EXT4-fs (loop3): Free/Dirty block details [ 171.801274][ T788] EXT4-fs (loop3): free_blocks=4293918720 [ 171.807144][ T788] EXT4-fs (loop3): dirty_blocks=16 [ 171.812610][ T788] EXT4-fs (loop3): Block reservation details [ 171.818756][ T788] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 172.006019][ T1668] syz.1.353[1668] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 172.006105][ T1668] syz.1.353[1668] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 172.267167][ T39] usb 5-1: config 0 descriptor?? [ 172.288709][ T283] EXT4-fs (loop3): unmounting filesystem. [ 175.211961][ T1679] loop3: detected capacity change from 0 to 1024 [ 175.895582][ T1687] SELinux: failed to load policy [ 177.757650][ T1679] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.354: Invalid block bitmap block 0 in block_group 0 [ 177.899787][ T39] usbhid 5-1:0.0: can't add hid device: -71 [ 177.905830][ T39] usbhid: probe of 5-1:0.0 failed with error -71 [ 177.927254][ T39] usb 5-1: USB disconnect, device number 3 [ 177.967629][ T1679] Quota error (device loop3): write_blk: dquota write failed [ 177.975094][ T1679] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 177.985114][ T1679] EXT4-fs error (device loop3): ext4_acquire_dquot:6803: comm syz.3.354: Failed to acquire dquot type 0 [ 178.016564][ T1702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.365'. [ 178.066564][ T28] audit: type=1400 audit(1761906233.272:358): avc: denied { append } for pid=1704 comm="syz.4.366" name="usbmon5" dev="devtmpfs" ino=174 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 178.113743][ T1679] EXT4-fs error (device loop3): ext4_free_blocks:6205: comm syz.3.354: Freeing blocks not in datazone - block = 0, count = 4096 [ 178.128412][ T1679] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.354: Invalid inode bitmap blk 0 in block_group 0 [ 178.199158][ T1679] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 178.235289][ T788] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 178.244653][ T788] EXT4-fs error (device loop3): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 178.279177][ T1679] EXT4-fs (loop3): 1 orphan inode deleted [ 178.285321][ T1679] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 178.319221][ T1716] syz.0.367[1716] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 178.319302][ T1716] syz.0.367[1716] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.241331][ T1718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'. [ 180.746867][ T283] EXT4-fs (loop3): unmounting filesystem. [ 182.858877][ T1737] usb usb8: usbfs: process 1737 (syz.3.372) did not claim interface 1 before use [ 182.991485][ T1747] loop2: detected capacity change from 0 to 512 [ 182.998382][ T1747] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 183.365460][ T1748] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 183.375059][ T1748] FAT-fs (loop3): unable to read boot sector [ 183.595710][ T1750] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 183.605062][ T1750] FAT-fs (loop1): unable to read boot sector [ 184.162690][ T1754] loop1: detected capacity change from 0 to 512 [ 184.187573][ T1754] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 184.218682][ T1754] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002] [ 184.229895][ T1754] System zones: 1-12 [ 184.248324][ T1754] EXT4-fs (loop1): 1 truncate cleaned up [ 184.254011][ T1754] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 184.288902][ T335] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 184.296493][ T28] audit: type=1400 audit(1761906239.502:359): avc: denied { create } for pid=1753 comm="syz.1.381" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 184.331635][ T285] EXT4-fs (loop1): unmounting filesystem. [ 184.338163][ T28] audit: type=1400 audit(1761906239.552:360): avc: denied { read write } for pid=1765 comm="syz.0.386" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 184.361610][ T28] audit: type=1400 audit(1761906239.552:361): avc: denied { ioctl open } for pid=1765 comm="syz.0.386" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 184.486993][ T1773] syz.2.379[1773] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 184.487097][ T1773] syz.2.379[1773] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 186.568128][ T335] usb 4-1: device descriptor read/all, error -71 [ 188.164127][ T1802] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 188.173671][ T1802] FAT-fs (loop1): unable to read boot sector [ 188.980837][ T28] audit: type=1400 audit(1761906244.192:362): avc: denied { append } for pid=1814 comm="syz.1.404" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 189.017674][ T340] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 189.198034][ T1827] syz.0.406[1827] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.198119][ T1827] syz.0.406[1827] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.815893][ T28] audit: type=1400 audit(1761906245.022:363): avc: denied { write } for pid=1830 comm="syz.4.410" path="socket:[19448]" dev="sockfs" ino=19448 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 191.217877][ T335] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 191.377854][ T1848] loop4: detected capacity change from 0 to 1024 [ 191.411602][ T1848] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.415: Invalid block bitmap block 0 in block_group 0 [ 191.425311][ T1848] Quota error (device loop4): write_blk: dquota write failed [ 191.433631][ T1848] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 191.444455][ T1848] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.415: Failed to acquire dquot type 0 [ 191.457836][ T1848] EXT4-fs error (device loop4): ext4_free_blocks:6205: comm syz.4.415: Freeing blocks not in datazone - block = 0, count = 4096 [ 191.471442][ T1848] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.415: Invalid inode bitmap blk 0 in block_group 0 [ 191.472198][ T340] usb 5-1: device not accepting address 4, error -71 [ 191.490951][ T1848] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 191.499749][ T1848] EXT4-fs (loop4): 1 orphan inode deleted [ 191.505528][ T1848] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 191.515897][ T788] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 191.526201][ T788] EXT4-fs error (device loop4): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 191.538659][ T335] usb 4-1: config 0 interface 0 altsetting 66 endpoint 0x81 has invalid wMaxPacketSize 0 [ 191.548818][ T335] usb 4-1: config 0 interface 0 has no altsetting 0 [ 191.555494][ T335] usb 4-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 191.566372][ T335] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.576776][ T335] usb 4-1: config 0 descriptor?? [ 191.621282][ T28] audit: type=1400 audit(1761906246.832:364): avc: denied { write } for pid=1868 comm="syz.1.424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 191.777083][ T1871] syz.0.422[1871] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.777168][ T1871] syz.0.422[1871] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.163996][ T287] EXT4-fs (loop4): unmounting filesystem. [ 192.364377][ T1875] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 192.373744][ T1875] FAT-fs (loop9): unable to read boot sector [ 192.472930][ T335] cypress 0003:04B4:0001.0004: hidraw0: USB HID v0.01 Device [HID 04b4:0001] on usb-dummy_hcd.3-1/input0 [ 192.607724][ T335] usb 4-1: USB disconnect, device number 6 [ 193.299324][ T1887] xt_CT: You must specify a L4 protocol and not use inversions on it [ 193.469083][ T1892] loop2: detected capacity change from 0 to 512 [ 193.598101][ T1892] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #13: comm syz.2.430: iget: bad i_size value: 12154757448730 [ 193.613566][ T1892] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.430: couldn't read orphan inode 13 (err -117) [ 193.627326][ T1892] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 193.728149][ T1906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'. [ 193.777292][ T1906] device macsec0 entered promiscuous mode [ 193.783272][ T1906] device gretap0 entered promiscuous mode [ 193.918226][ T1907] loop1: detected capacity change from 0 to 512 [ 193.937328][ T1906] device gretap0 left promiscuous mode [ 194.104238][ T1907] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 194.113659][ T1907] ext4 filesystem being mounted at /91/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 194.276013][ T286] EXT4-fs (loop2): unmounting filesystem. [ 194.310725][ T28] audit: type=1400 audit(1761906249.522:365): avc: denied { bind } for pid=1916 comm="syz.3.439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 194.348699][ T28] audit: type=1400 audit(1761906249.522:366): avc: denied { name_bind } for pid=1916 comm="syz.3.439" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 194.374871][ T28] audit: type=1400 audit(1761906249.522:367): avc: denied { node_bind } for pid=1916 comm="syz.3.439" saddr=fe80::aa src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 194.397171][ T28] audit: type=1400 audit(1761906249.572:368): avc: denied { append } for pid=1921 comm="syz.2.441" name="001" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 194.423884][ T340] kernel write not supported for file /rfkill (pid: 340 comm: kworker/0:3) [ 194.441700][ T285] EXT4-fs (loop1): unmounting filesystem. [ 194.888626][ T1936] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 194.898248][ T1936] FAT-fs (loop9): unable to read boot sector [ 195.807736][ T1941] netlink: 24 bytes leftover after parsing attributes in process `syz.1.447'. [ 195.831879][ T1942] loop4: detected capacity change from 0 to 4096 [ 196.173108][ T1947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.445'. [ 196.217993][ T1947] device macsec0 entered promiscuous mode [ 196.223877][ T1947] device gretap0 entered promiscuous mode [ 196.403857][ T1947] device gretap0 left promiscuous mode [ 196.733363][ T1942] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 196.763640][ T28] audit: type=1400 audit(1761906251.972:369): avc: denied { read append open } for pid=1940 comm="syz.4.446" path="/102/file1/cgroup.controllers" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 196.796562][ T287] EXT4-fs (loop4): unmounting filesystem. [ 196.864686][ T1961] loop2: detected capacity change from 0 to 8192 [ 197.047603][ T19] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 197.055211][ T340] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 198.238515][ T1964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.454'. [ 198.251512][ T1964] device gretap0 entered promiscuous mode [ 198.257348][ T1964] device macsec1 entered promiscuous mode [ 198.298585][ T1976] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 198.307927][ T1976] FAT-fs (loop5): unable to read boot sector [ 198.310975][ T1975] loop3: detected capacity change from 0 to 512 [ 198.323369][ T1964] device gretap0 left promiscuous mode [ 198.349229][ T1975] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 198.358309][ T1975] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.358872][ T19] usb 1-1: config 0 interface 0 altsetting 66 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.379211][ T340] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.394257][ T340] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 198.407604][ T19] usb 1-1: config 0 interface 0 has no altsetting 0 [ 198.414272][ T340] usb 2-1: config 0 interface 0 has no altsetting 0 [ 198.421050][ T19] usb 1-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 198.430272][ T340] usb 2-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 198.445303][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.453885][ T340] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.462748][ T19] usb 1-1: config 0 descriptor?? [ 198.468407][ T340] usb 2-1: config 0 descriptor?? [ 198.526578][ T283] EXT4-fs (loop3): unmounting filesystem. [ 199.952022][ T1986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.460'. [ 199.962641][ T1986] device gretap0 entered promiscuous mode [ 199.968446][ T1986] device macsec1 entered promiscuous mode [ 199.975140][ T1986] device gretap0 left promiscuous mode [ 200.005062][ T1988] loop3: detected capacity change from 0 to 512 [ 200.010539][ T340] usbhid 2-1:0.0: can't add hid device: -71 [ 200.017462][ T19] usbhid 1-1:0.0: can't add hid device: -71 [ 200.023637][ T19] usbhid: probe of 1-1:0.0 failed with error -71 [ 200.031537][ T340] usbhid: probe of 2-1:0.0 failed with error -71 [ 200.048720][ T340] usb 2-1: USB disconnect, device number 4 [ 200.054688][ T19] usb 1-1: USB disconnect, device number 6 [ 200.060629][ T1997] loop2: detected capacity change from 0 to 512 [ 200.073369][ T1997] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 200.451298][ T2004] syz.2.464[2004] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.451376][ T2004] syz.2.464[2004] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.480479][ T1988] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 200.501049][ T1988] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.710028][ T283] EXT4-fs (loop3): unmounting filesystem. [ 201.072166][ T2018] loop1: detected capacity change from 0 to 512 [ 201.157382][ T2023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.470'. [ 201.177169][ T2023] device macsec0 entered promiscuous mode [ 201.182987][ T2023] device gretap0 entered promiscuous mode [ 201.359534][ T2023] device gretap0 left promiscuous mode [ 201.447401][ T2018] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 201.460562][ T2018] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.514866][ T285] EXT4-fs (loop1): unmounting filesystem. [ 203.140057][ T2045] loop4: detected capacity change from 0 to 1024 [ 203.264101][ T2049] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 203.273701][ T2049] FAT-fs (loop5): unable to read boot sector [ 203.704078][ T2045] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 203.732081][ T2045] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 203.751511][ T287] EXT4-fs (loop4): unmounting filesystem. [ 205.697566][ T2069] loop4: detected capacity change from 0 to 512 [ 205.709109][ T2069] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 205.984507][ T2081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.489'. [ 206.025861][ T2081] device macsec0 entered promiscuous mode [ 206.031822][ T2081] device gretap0 entered promiscuous mode [ 206.402839][ T2081] device gretap0 left promiscuous mode [ 206.475371][ T2088] syz.4.484[2088] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.475455][ T2088] syz.4.484[2088] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.007521][ T19] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 207.177536][ T291] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 207.208615][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.219934][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.230740][ T19] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 207.248343][ T19] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 207.256490][ T19] usb 1-1: Manufacturer: syz [ 207.278692][ T19] usb 1-1: config 0 descriptor?? [ 207.290088][ T2098] loop4: detected capacity change from 0 to 1024 [ 207.319310][ T2098] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 207.342793][ T28] audit: type=1400 audit(1761906262.552:370): avc: denied { rmdir } for pid=2097 comm="syz.4.497" name="file1" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 207.371656][ T287] EXT4-fs (loop4): unmounting filesystem. [ 207.378772][ T291] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30 [ 208.690799][ T291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 208.702098][ T291] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 208.713131][ T291] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130 [ 208.751811][ T291] usb 2-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 208.798468][ T291] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.831460][ T291] usb 2-1: config 0 descriptor?? [ 208.842336][ T291] usb 2-1: can't set config #0, error -71 [ 208.861204][ T291] usb 2-1: USB disconnect, device number 5 [ 208.952742][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 208.960034][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 208.967081][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 208.974403][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 208.981619][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 208.988675][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 208.995556][ T19] pyra 0003:1E7D:2CF6.0005: unknown main item tag 0x0 [ 209.003703][ T19] pyra 0003:1E7D:2CF6.0005: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 210.342601][ T19] pyra 0003:1E7D:2CF6.0005: couldn't init struct pyra_device [ 210.350202][ T19] pyra 0003:1E7D:2CF6.0005: couldn't install mouse [ 210.357851][ T19] pyra: probe of 0003:1E7D:2CF6.0005 failed with error -71 [ 210.372144][ T19] usb 1-1: USB disconnect, device number 7 [ 210.392668][ T2140] fido_id[2140]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 210.477348][ T2145] Illegal XDP return value 4294967274 on prog (id 214) dev N/A, expect packet loss! [ 211.038373][ T2157] loop1: detected capacity change from 0 to 512 [ 211.064211][ T2157] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.517: invalid indirect mapped block 10 (level 1) [ 211.078360][ T2157] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.517: invalid indirect mapped block 8 (level 1) [ 211.092481][ T2157] EXT4-fs (loop1): 1 truncate cleaned up [ 211.098452][ T2157] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 211.134612][ T2157] EXT4-fs (loop1): shut down requested (1) [ 211.161319][ T285] EXT4-fs (loop1): unmounting filesystem. [ 211.184576][ T28] audit: type=1400 audit(1761906266.362:371): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 211.206922][ T28] audit: type=1400 audit(1761906266.362:372): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 211.229957][ T28] audit: type=1400 audit(1761906266.362:373): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 211.303691][ T28] audit: type=1400 audit(1761906266.362:374): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 211.342660][ T28] audit: type=1400 audit(1761906266.362:375): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 211.364433][ T28] audit: type=1400 audit(1761906266.362:376): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 211.388109][ T28] audit: type=1400 audit(1761906266.362:377): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 213.177308][ T2193] loop1: detected capacity change from 0 to 1024 [ 213.756156][ T2193] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.526: Invalid block bitmap block 0 in block_group 0 [ 213.771850][ T2193] Quota error (device loop1): write_blk: dquota write failed [ 213.780072][ T2193] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 213.791624][ T2193] EXT4-fs error (device loop1): ext4_acquire_dquot:6803: comm syz.1.526: Failed to acquire dquot type 0 [ 213.803258][ T2193] EXT4-fs error (device loop1): ext4_free_blocks:6205: comm syz.1.526: Freeing blocks not in datazone - block = 0, count = 4096 [ 213.816790][ T2193] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.526: Invalid inode bitmap blk 0 in block_group 0 [ 213.829837][ T43] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 213.838904][ T2193] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 213.847653][ T2193] EXT4-fs (loop1): 1 orphan inode deleted [ 213.853420][ T2193] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 213.889151][ T43] EXT4-fs error (device loop1): ext4_release_dquot:6839: comm kworker/u4:2: Failed to release dquot type 0 [ 213.983044][ T2203] binder: BC_ATTEMPT_ACQUIRE not supported [ 213.997542][ T2203] binder: 2202:2203 ioctl c0306201 2000000003c0 returned -22 [ 214.027755][ T28] audit: type=1400 audit(1761906269.242:378): avc: denied { read } for pid=2204 comm="syz.0.533" path="socket:[21143]" dev="sockfs" ino=21143 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 214.089667][ T285] EXT4-fs (loop1): unmounting filesystem. [ 214.183258][ T28] audit: type=1400 audit(1761906269.392:379): avc: denied { listen } for pid=2217 comm="syz.1.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 214.388559][ T2219] loop3: detected capacity change from 0 to 1024 [ 214.506033][ T2219] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.538: Invalid block bitmap block 0 in block_group 0 [ 214.520139][ T2219] Quota error (device loop3): write_blk: dquota write failed [ 214.527646][ T2219] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 214.537797][ T2219] EXT4-fs error (device loop3): ext4_acquire_dquot:6803: comm syz.3.538: Failed to acquire dquot type 0 [ 214.549451][ T2219] EXT4-fs error (device loop3): ext4_free_blocks:6205: comm syz.3.538: Freeing blocks not in datazone - block = 0, count = 4096 [ 214.563203][ T2219] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.538: Invalid inode bitmap blk 0 in block_group 0 [ 214.576215][ T788] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 214.576399][ T2219] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 214.592548][ T788] EXT4-fs error (device loop3): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 214.605342][ T2219] EXT4-fs (loop3): 1 orphan inode deleted [ 214.611215][ T2219] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 215.004004][ T2236] loop4: detected capacity change from 0 to 256 [ 215.030879][ T2238] loop4: detected capacity change from 0 to 512 [ 215.038482][ T2238] EXT4-fs: Ignoring removed nobh option [ 215.046101][ T2238] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 215.054566][ T2238] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.545: invalid indirect mapped block 2683928664 (level 1) [ 215.068790][ T2238] EXT4-fs (loop4): Remounting filesystem read-only [ 215.075680][ T2238] EXT4-fs (loop4): 1 truncate cleaned up [ 215.082064][ T2238] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 215.094966][ T2238] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.545: invalid indirect mapped block 480848489 (level 1) [ 215.119896][ T2238] EXT4-fs (loop4): Remounting filesystem read-only [ 215.120229][ T283] EXT4-fs (loop3): unmounting filesystem. [ 215.136367][ T287] EXT4-fs (loop4): unmounting filesystem. [ 215.707524][ T340] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 215.887526][ T340] usb 1-1: Using ep0 maxpacket: 32 [ 215.893990][ T340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 215.905524][ T340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.915473][ T340] usb 1-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 215.924825][ T340] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.938383][ T340] usb 1-1: config 0 descriptor?? [ 216.918049][ T2257] loop4: detected capacity change from 0 to 2048 [ 216.928741][ T2259] loop2: detected capacity change from 0 to 256 [ 216.982017][ T2257] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 216.990715][ T2257] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.023108][ T2257] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 5 vs 4156096517 free clusters [ 217.047265][ T28] audit: type=1400 audit(1761906272.232:380): avc: denied { unlink } for pid=2256 comm="syz.4.552" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 217.070762][ T28] audit: type=1400 audit(1761906272.252:381): avc: denied { rename } for pid=2256 comm="syz.4.552" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 217.094855][ T340] pantherlord 0003:0E8F:0003.0006: item fetching failed at offset 0/2 [ 217.103979][ T340] pantherlord 0003:0E8F:0003.0006: parse failed [ 217.110427][ T340] pantherlord: probe of 0003:0E8F:0003.0006 failed with error -22 [ 217.249252][ T2251] loop3: detected capacity change from 0 to 512 [ 217.311915][ T340] usb 1-1: USB disconnect, device number 8 [ 217.820346][ T2251] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 217.820934][ T287] EXT4-fs (loop4): unmounting filesystem. [ 217.834159][ T2251] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.547: bad orphan inode 15 [ 217.847654][ T2251] ext4_test_bit(bit=14, block=4) = 1 [ 217.853013][ T2251] is_bad_inode(inode)=0 [ 217.857202][ T2251] NEXT_ORPHAN(inode)=0 [ 217.861439][ T2251] max_ino=32 [ 217.864679][ T2251] i_nlink=1 [ 217.867976][ T2251] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 217.884605][ T2249] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 217.894612][ T2267] loop1: detected capacity change from 0 to 512 [ 217.920879][ T2267] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 217.979598][ T2278] input: syz1 as /devices/virtual/input/input8 [ 218.055123][ T283] EXT4-fs (loop3): unmounting filesystem. [ 218.216220][ T2295] netlink: 'syz.4.567': attribute type 4 has an invalid length. [ 218.308742][ T2298] binder: 2297:2298 ioctl c018620c 2000000001c0 returned -22 [ 219.480468][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 219.480518][ T28] audit: type=1400 audit(1761906274.102:402): avc: denied { create } for pid=2306 comm="syz.1.572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 219.554950][ T28] audit: type=1400 audit(1761906274.122:403): avc: denied { write } for pid=2306 comm="syz.1.572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 219.580728][ T28] audit: type=1400 audit(1761906274.132:404): avc: denied { read } for pid=2306 comm="syz.1.572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 219.612632][ T28] audit: type=1400 audit(1761906274.152:405): avc: denied { ioctl } for pid=2306 comm="syz.1.572" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 219.671805][ T28] audit: type=1400 audit(1761906274.612:406): avc: denied { create } for pid=2290 comm="syz.3.566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 219.712855][ T28] audit: type=1400 audit(1761906274.622:407): avc: denied { map_create } for pid=2290 comm="syz.3.566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 219.750317][ T28] audit: type=1400 audit(1761906274.812:408): avc: denied { execmem } for pid=2309 comm="syz.4.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 220.862692][ T2316] loop4: detected capacity change from 0 to 512 [ 220.909986][ T28] audit: type=1400 audit(1761906275.502:409): avc: denied { map_read map_write } for pid=2309 comm="syz.4.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 220.929935][ T28] audit: type=1400 audit(1761906276.072:410): avc: denied { create } for pid=2309 comm="syz.4.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 221.145436][ T2324] loop3: detected capacity change from 0 to 1024 [ 221.158128][ T28] audit: type=1400 audit(1761906276.072:411): avc: denied { setopt } for pid=2309 comm="syz.4.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 221.191158][ T2316] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 221.199654][ T2316] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.573: bad orphan inode 15 [ 221.210150][ T2316] ext4_test_bit(bit=14, block=4) = 1 [ 221.215484][ T2316] is_bad_inode(inode)=0 [ 221.219701][ T2316] NEXT_ORPHAN(inode)=0 [ 221.223811][ T2316] max_ino=32 [ 221.227019][ T2316] i_nlink=1 [ 221.230202][ T2316] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 221.243053][ T2316] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 221.290202][ T2324] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.576: Invalid block bitmap block 0 in block_group 0 [ 221.342395][ T2324] EXT4-fs error (device loop3): ext4_acquire_dquot:6803: comm syz.3.576: Failed to acquire dquot type 0 [ 221.412974][ T287] EXT4-fs (loop4): unmounting filesystem. [ 221.461919][ T2324] EXT4-fs error (device loop3): ext4_free_blocks:6205: comm syz.3.576: Freeing blocks not in datazone - block = 0, count = 4096 [ 221.516047][ T2314] loop1: detected capacity change from 0 to 40427 [ 221.531359][ T2314] F2FS-fs (loop1): fault_injection options not supported [ 221.593091][ T2314] F2FS-fs (loop1): invalid crc value [ 221.804910][ T2333] loop2: detected capacity change from 0 to 1024 [ 221.893583][ T2333] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.577: Invalid block bitmap block 0 in block_group 0 [ 221.908745][ T2333] EXT4-fs error (device loop2): ext4_acquire_dquot:6803: comm syz.2.577: Failed to acquire dquot type 0 [ 221.920872][ T2333] EXT4-fs error (device loop2): ext4_free_blocks:6205: comm syz.2.577: Freeing blocks not in datazone - block = 0, count = 4096 [ 221.935117][ T2333] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.577: Invalid inode bitmap blk 0 in block_group 0 [ 221.948263][ T507] EXT4-fs error (device loop2): ext4_release_dquot:6839: comm kworker/u4:7: Failed to release dquot type 0 [ 221.960425][ T2333] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 221.970043][ T2333] EXT4-fs (loop2): 1 orphan inode deleted [ 221.975871][ T2333] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 222.051338][ T2314] F2FS-fs (loop1): Found nat_bits in checkpoint [ 222.127840][ T19] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 222.195271][ T2314] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 222.307930][ T6] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 222.397780][ T19] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 222.406084][ T19] usb 5-1: config 179 has no interface number 0 [ 222.426979][ T285] syz-executor: attempt to access beyond end of device [ 222.426979][ T285] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 222.441605][ T19] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 64 [ 222.467631][ T19] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 222.497730][ T19] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 222.527563][ T19] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 222.558046][ T19] usb 5-1: config 179 interface 65 has no altsetting 0 [ 222.567728][ T19] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 222.587133][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.597571][ T6] usb 1-1: Using ep0 maxpacket: 32 [ 222.603823][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.631551][ T2332] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 222.644012][ T6] usb 1-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 222.655295][ T19] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input9 [ 222.670479][ T2324] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.576: Invalid inode bitmap blk 0 in block_group 0 [ 222.691657][ T2342] loop1: detected capacity change from 0 to 512 [ 222.701360][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.709607][ T2324] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 222.732254][ T2324] EXT4-fs (loop3): 1 orphan inode deleted [ 222.742999][ T6] usb 1-1: config 0 descriptor?? [ 222.754954][ T788] EXT4-fs error (device loop3): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 222.775410][ T2324] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 222.784902][ T2342] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 222.795159][ T286] EXT4-fs (loop2): unmounting filesystem. [ 222.821486][ T2342] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.855707][ T285] EXT4-fs (loop1): unmounting filesystem. [ 222.873856][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 222.885916][ T19] usb 5-1: USB disconnect, device number 6 [ 222.920579][ T19] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 223.175473][ T6] elo 0003:04E7:0009.0007: hidraw0: USB HID v0.00 Device [HID 04e7:0009] on usb-dummy_hcd.0-1/input0 [ 223.376407][ T6] usb 1-1: USB disconnect, device number 9 [ 223.595474][ T2361] netlink: 4 bytes leftover after parsing attributes in process `syz.4.585'. [ 223.615538][ T2361] device macsec0 entered promiscuous mode [ 223.621368][ T2361] device gretap0 entered promiscuous mode [ 223.631023][ T2361] device gretap0 left promiscuous mode [ 223.676178][ T2362] loop4: detected capacity change from 0 to 512 [ 223.844985][ T2362] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 223.854082][ T2362] ext4 filesystem being mounted at /135/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.916629][ T2368] netlink: 'syz.2.587': attribute type 7 has an invalid length. [ 223.930546][ T2368] netlink: 'syz.2.587': attribute type 5 has an invalid length. [ 223.947647][ T2368] netlink: 17 bytes leftover after parsing attributes in process `syz.2.587'. [ 224.037335][ T2382] netlink: 32 bytes leftover after parsing attributes in process `syz.0.594'. [ 225.307643][ T2390] loop1: detected capacity change from 0 to 1024 [ 225.327825][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 225.327937][ T28] audit: type=1400 audit(1761906279.682:426): avc: denied { read } for pid=2383 comm="syz.0.595" dev="nsfs" ino=4026532466 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 225.445857][ T2390] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.592: Invalid block bitmap block 0 in block_group 0 [ 225.463231][ T2390] Quota error (device loop1): write_blk: dquota write failed [ 225.470886][ T2390] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 225.484573][ T2390] EXT4-fs error (device loop1): ext4_acquire_dquot:6803: comm syz.1.592: Failed to acquire dquot type 0 [ 225.502258][ T2390] EXT4-fs error (device loop1): ext4_free_blocks:6205: comm syz.1.592: Freeing blocks not in datazone - block = 0, count = 4096 [ 225.517242][ T2390] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.592: Invalid inode bitmap blk 0 in block_group 0 [ 225.533949][ T788] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-8 [ 225.543297][ T2390] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 225.556965][ T2390] EXT4-fs (loop1): 1 orphan inode deleted [ 225.562888][ T2390] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 225.887100][ T788] EXT4-fs error (device loop1): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 0 [ 225.958245][ T2262] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 227.083790][ T28] audit: type=1400 audit(1761906279.682:427): avc: denied { open } for pid=2383 comm="syz.0.595" path="net:[4026532466]" dev="nsfs" ino=4026532466 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 227.095955][ T2262] EXT4-fs (loop4): Remounting filesystem read-only [ 227.114200][ T287] EXT4-fs (loop4): unmounting filesystem. [ 227.122278][ T28] audit: type=1400 audit(1761906279.682:428): avc: denied { create } for pid=2383 comm="syz.0.595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 227.142984][ T28] audit: type=1400 audit(1761906279.682:429): avc: denied { bind } for pid=2383 comm="syz.0.595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 227.221764][ T283] EXT4-fs (loop3): unmounting filesystem. [ 227.230832][ T285] EXT4-fs (loop1): unmounting filesystem. [ 227.275748][ T2407] serio: Serial port ptm0 [ 227.297112][ T28] audit: type=1400 audit(1761906282.502:430): avc: denied { ioctl } for pid=2409 comm="syz.1.605" path="socket:[22536]" dev="sockfs" ino=22536 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 227.372261][ T2416] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 227.405748][ T28] audit: type=1400 audit(1761906282.582:431): avc: denied { write } for pid=2412 comm="syz.3.601" name="001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 227.429281][ T28] audit: type=1400 audit(1761906282.582:432): avc: denied { map } for pid=2412 comm="syz.3.601" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 228.212330][ T2427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.608'. [ 228.225834][ T2427] device macsec0 entered promiscuous mode [ 228.231702][ T2427] device gretap0 entered promiscuous mode [ 229.075288][ T2427] device gretap0 left promiscuous mode [ 229.220869][ T2434] SELinux: failed to load policy [ 229.226044][ T2439] capability: warning: `syz.3.612' uses deprecated v2 capabilities in a way that may be insecure [ 229.347606][ T2444] loop1: detected capacity change from 0 to 256 [ 229.357252][ T2445] loop2: detected capacity change from 0 to 512 [ 229.366136][ T2445] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 229.395614][ T2444] FAT-fs (loop1): Directory bread(block 64) failed [ 229.402482][ T2444] FAT-fs (loop1): Directory bread(block 65) failed [ 229.410496][ T2444] FAT-fs (loop1): Directory bread(block 66) failed [ 229.417095][ T2444] FAT-fs (loop1): Directory bread(block 67) failed [ 229.424084][ T2444] FAT-fs (loop1): Directory bread(block 68) failed [ 229.431155][ T2444] FAT-fs (loop1): Directory bread(block 69) failed [ 229.437982][ T2444] FAT-fs (loop1): Directory bread(block 70) failed [ 229.444635][ T2444] FAT-fs (loop1): Directory bread(block 71) failed [ 229.452589][ T2444] FAT-fs (loop1): Directory bread(block 72) failed [ 229.465738][ T2444] FAT-fs (loop1): Directory bread(block 73) failed [ 229.739003][ T2462] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 231.428460][ T2468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.622'. [ 231.439381][ T2468] device macsec0 entered promiscuous mode [ 231.445262][ T2468] device gretap0 entered promiscuous mode [ 231.604067][ T2471] loop4: detected capacity change from 0 to 512 [ 231.629955][ T2468] device gretap0 left promiscuous mode [ 231.777962][ T2471] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 231.786940][ T2471] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 231.848427][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 231.848442][ T28] audit: type=1400 audit(1761906287.062:443): avc: denied { read } for pid=2477 comm="syz.3.624" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 231.884488][ T28] audit: type=1400 audit(1761906287.092:444): avc: denied { mounton } for pid=2482 comm="syz.3.627" path="/101/bus" dev="tmpfs" ino=561 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 231.918878][ T28] audit: type=1400 audit(1761906287.092:445): avc: denied { append } for pid=2482 comm="syz.3.627" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 231.958252][ T287] EXT4-fs (loop4): unmounting filesystem. [ 232.009132][ T28] audit: type=1400 audit(1761906287.222:446): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 232.097675][ T19] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 232.133782][ T2490] syz.2.615[2490] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 232.134248][ T2490] syz.2.615[2490] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 233.565127][ T2493] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 233.585716][ T2493] FAT-fs (loop7): unable to read boot sector [ 233.638176][ T28] audit: type=1400 audit(1761906288.772:447): avc: denied { create } for pid=2487 comm="syz.3.629" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 233.697543][ T28] audit: type=1400 audit(1761906288.772:448): avc: denied { mounton } for pid=2487 comm="syz.3.629" path="/102/file0" dev="tmpfs" ino=567 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 233.752839][ T28] audit: type=1400 audit(1761906288.962:449): avc: denied { unlink } for pid=283 comm="syz-executor" name="file0" dev="tmpfs" ino=567 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 233.780458][ T19] usb 1-1: Using ep0 maxpacket: 8 [ 233.791019][ T19] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 233.824147][ T19] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 233.833606][ T28] audit: type=1400 audit(1761906288.962:450): avc: denied { write } for pid=2496 comm="syz.3.630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 233.857533][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.880691][ T19] usb 1-1: config 0 descriptor?? [ 234.026515][ T2505] loop4: detected capacity change from 0 to 1024 [ 234.209098][ T2505] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.631: Invalid block bitmap block 0 in block_group 0 [ 234.260541][ T2505] Quota error (device loop4): write_blk: dquota write failed [ 234.287895][ T19] hid (null): unknown global tag 0xd [ 234.295625][ T19] hid-generic 0003:1B1C:1B09.0008: unknown global tag 0xd [ 234.324505][ T2505] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 234.365939][ T19] hid-generic 0003:1B1C:1B09.0008: item 0 4 1 13 parsing failed [ 234.398319][ T2505] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.631: Failed to acquire dquot type 0 [ 234.413101][ T19] hid-generic: probe of 0003:1B1C:1B09.0008 failed with error -22 [ 234.464300][ T2505] EXT4-fs error (device loop4): ext4_free_blocks:6205: comm syz.4.631: Freeing blocks not in datazone - block = 0, count = 4096 [ 234.493195][ T19] usb 1-1: USB disconnect, device number 10 [ 234.557650][ T2505] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.631: Invalid inode bitmap blk 0 in block_group 0 [ 234.577708][ T43] EXT4-fs error (device loop4): ext4_release_dquot:6839: comm kworker/u4:2: Failed to release dquot type 0 [ 234.639271][ T2505] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 234.671059][ T2505] EXT4-fs (loop4): 1 orphan inode deleted [ 234.676851][ T2505] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 235.487519][ T291] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 235.677582][ T291] usb 4-1: Using ep0 maxpacket: 16 [ 235.683831][ T291] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 235.717502][ T291] usb 4-1: config 0 has no interface number 0 [ 235.743849][ T291] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.767999][ T291] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.787512][ T291] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 235.817000][ T291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.848055][ T291] usb 4-1: config 0 descriptor?? [ 236.136243][ T2535] loop1: detected capacity change from 0 to 512 [ 236.169080][ T2535] EXT4-fs: Ignoring removed nobh option [ 236.200123][ T2535] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #3: comm syz.1.643: corrupted inode contents [ 236.221532][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.228540][ T2535] EXT4-fs error (device loop1): ext4_dirty_inode:6121: inode #3: comm syz.1.643: mark_inode_dirty error [ 236.240384][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.249342][ T2535] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #3: comm syz.1.643: corrupted inode contents [ 236.264455][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.278668][ T2535] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.643: mark_inode_dirty error [ 236.290932][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.306275][ T2535] EXT4-fs error (device loop1): ext4_acquire_dquot:6803: comm syz.1.643: Failed to acquire dquot type 0 [ 236.327503][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.334573][ T2535] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.643: corrupted inode contents [ 236.366937][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.376779][ T2535] EXT4-fs error (device loop1): ext4_dirty_inode:6121: inode #16: comm syz.1.643: mark_inode_dirty error [ 236.407504][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.414138][ T2535] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.643: corrupted inode contents [ 236.426391][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.433067][ T2535] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.643: mark_inode_dirty error [ 236.444606][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.451280][ T2535] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.643: corrupted inode contents [ 236.462858][ T291] uclogic 0003:28BD:0071.0009: pen parameters not found [ 236.463401][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.477148][ T2535] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 236.477220][ T291] uclogic 0003:28BD:0071.0009: interface is invalid, ignoring [ 236.493646][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.512200][ T2535] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.643: corrupted inode contents [ 236.523923][ T291] usb 4-1: USB disconnect, device number 7 [ 236.537171][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.552824][ T287] EXT4-fs (loop4): unmounting filesystem. [ 236.560227][ T2535] EXT4-fs error (device loop1): ext4_truncate:4314: inode #16: comm syz.1.643: mark_inode_dirty error [ 236.578558][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.587113][ T2535] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 236.596420][ T2535] EXT4-fs (loop1): Remounting filesystem read-only [ 236.604430][ T2535] EXT4-fs (loop1): 1 truncate cleaned up [ 236.610435][ T2535] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 236.619604][ T2535] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.707451][ T285] EXT4-fs (loop1): unmounting filesystem. [ 236.916267][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 236.916284][ T28] audit: type=1400 audit(1761906292.122:453): avc: denied { bind } for pid=2546 comm="syz.2.647" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 236.965178][ T28] audit: type=1400 audit(1761906292.152:454): avc: denied { name_bind } for pid=2546 comm="syz.2.647" src=1024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 237.014013][ T28] audit: type=1400 audit(1761906292.152:455): avc: denied { node_bind } for pid=2546 comm="syz.2.647" saddr=224.0.0.2 src=1024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 237.091340][ T28] audit: type=1400 audit(1761906292.252:456): avc: denied { create } for pid=2550 comm="syz.3.649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 237.111612][ T19] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 237.112897][ T2557] loop3: detected capacity change from 0 to 128 [ 237.141857][ T28] audit: type=1400 audit(1761906292.272:457): avc: denied { bind } for pid=2550 comm="syz.3.649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 237.190739][ T2557] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 237.212322][ T2557] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.244121][ T28] audit: type=1400 audit(1761906292.452:458): avc: denied { create } for pid=2556 comm="syz.3.652" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 237.265310][ T283] EXT4-fs (loop3): unmounting filesystem. [ 237.298603][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 237.310868][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.327531][ T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 237.346795][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.357928][ T19] usb 2-1: config 0 descriptor?? [ 237.377953][ T19] hub 2-1:0.0: USB hub found [ 237.404513][ T2562] syz.3.654[2562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.404594][ T2562] syz.3.654[2562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.418449][ T28] audit: type=1400 audit(1761906292.632:459): avc: denied { append } for pid=2561 comm="syz.3.654" name="001" dev="devtmpfs" ino=164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 237.519895][ T2568] loop4: detected capacity change from 0 to 512 [ 237.537892][ T2568] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 237.570698][ T19] hub 2-1:0.0: 1 port detected [ 237.676106][ T2570] loop3: detected capacity change from 0 to 1024 [ 237.698723][ T2571] syz.4.657[2571] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.698812][ T2571] syz.4.657[2571] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.729225][ T2570] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.655: Invalid block bitmap block 0 in block_group 0 [ 237.787521][ T291] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 237.798547][ T2570] Quota error (device loop3): write_blk: dquota write failed [ 237.820112][ T2570] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 237.848753][ T2570] EXT4-fs error (device loop3): ext4_acquire_dquot:6803: comm syz.3.655: Failed to acquire dquot type 0 [ 237.881490][ T2570] EXT4-fs error (device loop3): ext4_free_blocks:6205: comm syz.3.655: Freeing blocks not in datazone - block = 0, count = 4096 [ 237.919630][ T2570] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.655: Invalid inode bitmap blk 0 in block_group 0 [ 237.937581][ T10] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 237.946779][ T10] EXT4-fs error (device loop3): ext4_release_dquot:6839: comm kworker/u4:1: Failed to release dquot type 0 [ 237.958400][ T2570] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 237.980431][ T19] usb 2-1: USB disconnect, device number 6 [ 237.982218][ T291] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 237.999651][ T2570] EXT4-fs (loop3): 1 orphan inode deleted [ 238.005428][ T2570] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 238.029308][ T291] usb 1-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00 [ 238.057433][ T291] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.082798][ T291] usb 1-1: config 0 descriptor?? [ 238.098048][ T2566] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 238.508844][ T291] betop 0003:8380:1850.000A: unknown main item tag 0x0 [ 238.523507][ T291] betop 0003:8380:1850.000A: unknown main item tag 0x0 [ 238.537681][ T291] betop 0003:8380:1850.000A: hidraw0: USB HID v1.01 Device [HID 8380:1850] on usb-dummy_hcd.0-1/input0 [ 238.557532][ T291] betop 0003:8380:1850.000A: no inputs found [ 238.667560][ T19] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 238.716477][ T340] usb 1-1: USB disconnect, device number 11 [ 239.188628][ T19] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 239.196723][ T19] usb 5-1: config 0 has no interface number 0 [ 239.202872][ T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.213802][ T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.223617][ T19] usb 5-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 239.237805][ T19] usb 5-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 239.247163][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.256714][ T283] EXT4-fs (loop3): unmounting filesystem. [ 239.258063][ T19] usb 5-1: config 0 descriptor?? [ 239.887124][ T2604] loop3: detected capacity change from 0 to 40427 [ 239.898818][ T2604] F2FS-fs (loop3): invalid crc value [ 239.905809][ T2604] F2FS-fs (loop3): Found nat_bits in checkpoint [ 239.943497][ T2604] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 239.966197][ T283] syz-executor: attempt to access beyond end of device [ 239.966197][ T283] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 240.139612][ T19] input: HID 28bd:0042 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:28BD:0042.000B/input/input10 [ 240.162052][ T19] uclogic 0003:28BD:0042.000B: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.4-1/input1 [ 240.356227][ T2624] netlink: 4 bytes leftover after parsing attributes in process `syz.2.674'. [ 240.376644][ T2624] device macsec0 entered promiscuous mode [ 240.382441][ T2624] device gretap0 entered promiscuous mode [ 240.501235][ T2625] loop2: detected capacity change from 0 to 512 [ 240.766698][ T2624] device gretap0 left promiscuous mode [ 240.804942][ T2625] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 240.814110][ T2625] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.929010][ T19] usb 5-1: USB disconnect, device number 7 [ 241.045901][ T286] EXT4-fs (loop2): unmounting filesystem. [ 241.131888][ T2638] loop2: detected capacity change from 0 to 256 [ 241.160779][ T2638] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 242.980023][ T2626] loop3: detected capacity change from 0 to 512 [ 243.109861][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 243.109877][ T28] audit: type=1400 audit(1761906298.322:474): avc: denied { unlink } for pid=2657 comm="syz.4.686" name="#3" dev="tmpfs" ino=851 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 244.417543][ T19] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 244.607545][ T19] usb 2-1: Using ep0 maxpacket: 32 [ 244.613856][ T19] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.626594][ T19] usb 2-1: config 0 interface 0 has no altsetting 0 [ 244.633491][ T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00 [ 244.643233][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.655852][ T19] usb 2-1: config 0 descriptor?? [ 245.047754][ T2626] EXT4-fs: error -4 creating inode table initialization thread [ 245.055458][ T2626] EXT4-fs (loop3): mount failed [ 245.065294][ T19] lg-g15 0003:046D:C225.000C: item fetching failed at offset 5/6 [ 245.211031][ T2679] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 245.220833][ T2679] FAT-fs (loop9): unable to read boot sector [ 245.650997][ T19] lg-g15: probe of 0003:046D:C225.000C failed with error -22 [ 245.676568][ T19] usb 2-1: USB disconnect, device number 7 [ 245.847790][ T28] audit: type=1400 audit(1761906301.052:475): avc: denied { read write } for pid=2684 comm="syz.0.695" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 245.891776][ T2689] loop4: detected capacity change from 0 to 8192 [ 245.908625][ T28] audit: type=1400 audit(1761906301.062:476): avc: denied { open } for pid=2684 comm="syz.0.695" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 245.933755][ T2689] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 246.024419][ T2689] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1052) [ 246.033331][ T2689] FAT-fs (loop4): Filesystem has been set read-only [ 246.040308][ T2689] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1052) [ 246.049279][ T2689] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1052) [ 246.110263][ T287] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1052) [ 246.167559][ T340] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 246.274381][ T28] audit: type=1400 audit(1761906301.482:477): avc: denied { write } for pid=2704 comm="syz.1.702" name="event2" dev="devtmpfs" ino=275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 246.341112][ T2703] loop4: detected capacity change from 0 to 1024 [ 246.348786][ T340] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 246.368031][ T340] usb 1-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 246.407668][ T28] audit: type=1400 audit(1761906301.512:478): avc: denied { open } for pid=2704 comm="syz.1.702" path="/dev/input/event2" dev="devtmpfs" ino=275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 246.451929][ T2703] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz.4.701: Invalid block bitmap block 0 in block_group 0 [ 246.470283][ T340] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.507278][ T2703] Quota error (device loop4): write_blk: dquota write failed [ 246.523616][ T340] snd-usb-audio: probe of 1-1:27.0 failed with error -22 [ 246.541649][ T2703] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 246.557631][ T498] udevd[498]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 246.578992][ T28] audit: type=1400 audit(1761906301.512:479): avc: denied { ioctl } for pid=2704 comm="syz.1.702" path="/dev/input/event2" dev="devtmpfs" ino=275 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 246.615147][ T2703] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.701: Failed to acquire dquot type 0 [ 246.652180][ T2703] EXT4-fs error (device loop4): ext4_free_blocks:6205: comm syz.4.701: Freeing blocks not in datazone - block = 0, count = 4096 [ 246.690880][ T2703] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.701: Invalid inode bitmap blk 0 in block_group 0 [ 246.707558][ T10] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 246.719008][ T340] usb 1-1: USB disconnect, device number 12 [ 246.738214][ T10] EXT4-fs error (device loop4): ext4_release_dquot:6839: comm kworker/u4:1: Failed to release dquot type 0 [ 246.768743][ T2703] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 246.795197][ T2703] EXT4-fs (loop4): 1 orphan inode deleted [ 246.812422][ T2703] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 247.229193][ T2716] loop1: detected capacity change from 0 to 16 [ 247.248648][ T498] udevd[498]: incorrect erofs checksum on /dev/loop1 [ 247.256009][ T2716] erofs: (device loop1): erofs_read_superblock: dirblkbits 6 isn't supported [ 247.723604][ T2716] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 247.750860][ T2716] device bridge1 entered promiscuous mode [ 248.929021][ T2730] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 249.331420][ T2728] loop1: detected capacity change from 0 to 512 [ 249.402121][ T2724] loop3: detected capacity change from 0 to 512 [ 249.932906][ T2731] netlink: 12 bytes leftover after parsing attributes in process `syz.2.710'. [ 250.646537][ T2728] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 250.655563][ T2728] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.709: bad orphan inode 15 [ 250.666005][ T2728] ext4_test_bit(bit=14, block=4) = 1 [ 250.671379][ T2728] is_bad_inode(inode)=0 [ 250.675562][ T2728] NEXT_ORPHAN(inode)=0 [ 250.679713][ T2728] max_ino=32 [ 250.682952][ T2728] i_nlink=1 [ 250.686144][ T2728] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 250.710543][ T2727] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 250.760102][ T28] audit: type=1400 audit(1761906305.972:480): avc: denied { append } for pid=2735 comm="syz.2.711" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 250.904836][ T285] EXT4-fs (loop1): unmounting filesystem. [ 250.948207][ T2724] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 250.988472][ T2741] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 251.008023][ T28] audit: type=1400 audit(1761906306.222:481): avc: denied { write } for pid=2742 comm="syz.2.714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 251.047535][ T2724] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.708: bad orphan inode 15 [ 252.103090][ T287] EXT4-fs (loop4): unmounting filesystem. [ 252.155790][ T2761] loop2: detected capacity change from 0 to 256 [ 252.198765][ T2761] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 252.219577][ T2724] ext4_test_bit(bit=14, block=4) = 1 [ 252.224937][ T2724] is_bad_inode(inode)=0 [ 252.229158][ T2724] NEXT_ORPHAN(inode)=0 [ 252.233247][ T2724] max_ino=32 [ 252.236459][ T2724] i_nlink=1 [ 252.239653][ T2724] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 252.253840][ T28] audit: type=1400 audit(1761906307.462:482): avc: denied { read } for pid=2766 comm="syz.4.720" path="socket:[23478]" dev="sockfs" ino=23478 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 255.529179][ T2780] netlink: 4 bytes leftover after parsing attributes in process `syz.2.728'. [ 255.617781][ T28] audit: type=1400 audit(1761906310.832:483): avc: denied { read } for pid=2788 comm="syz.2.733" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 255.633476][ T283] EXT4-fs (loop3): unmounting filesystem. [ 255.652435][ T28] audit: type=1400 audit(1761906310.862:484): avc: denied { open } for pid=2788 comm="syz.2.733" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 255.675682][ T28] audit: type=1400 audit(1761906310.862:485): avc: denied { ioctl } for pid=2788 comm="syz.2.733" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 256.476918][ T28] audit: type=1400 audit(1761906311.682:486): avc: denied { setopt } for pid=2806 comm="syz.4.738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 256.558346][ T2813] process 'syz.0.739' launched './file1' with NULL argv: empty string added [ 256.602308][ T28] audit: type=1400 audit(1761906311.812:487): avc: denied { execute } for pid=2810 comm="syz.0.739" name="file1" dev="tmpfs" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 256.664979][ T28] audit: type=1400 audit(1761906311.832:488): avc: denied { execute_no_trans } for pid=2810 comm="syz.0.739" path="/144/file1" dev="tmpfs" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 257.971892][ T2822] loop4: detected capacity change from 0 to 512 [ 258.813473][ T2809] loop3: detected capacity change from 0 to 512 [ 259.891573][ T2822] EXT4-fs: failed to create workqueue [ 259.897010][ T2822] EXT4-fs (loop4): mount failed [ 260.150504][ T340] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 260.303064][ T2809] EXT4-fs: error -4 creating inode table initialization thread [ 260.310828][ T2809] EXT4-fs (loop3): mount failed [ 260.359291][ T340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 260.372198][ T340] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 260.410221][ T340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.442015][ T340] usb 1-1: Product: syz [ 260.453297][ T340] usb 1-1: Manufacturer: syz [ 260.458458][ T340] usb 1-1: SerialNumber: syz [ 260.468393][ T340] usb 1-1: config 0 descriptor?? [ 260.679895][ T340] usb 1-1: USB disconnect, device number 13 [ 260.695277][ T742] udevd[742]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 261.146618][ T2869] loop4: detected capacity change from 0 to 512 [ 261.174272][ T2869] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 261.183065][ T2869] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.759: bad orphan inode 15 [ 261.193551][ T2869] ext4_test_bit(bit=14, block=4) = 1 [ 261.199786][ T2869] is_bad_inode(inode)=0 [ 261.204108][ T2869] NEXT_ORPHAN(inode)=0 [ 261.219639][ T2869] max_ino=32 [ 261.224020][ T2869] i_nlink=1 [ 261.228165][ T2869] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 261.322979][ T2869] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 261.442191][ T287] EXT4-fs (loop4): unmounting filesystem. [ 261.457181][ T28] audit: type=1400 audit(1761906316.662:489): avc: denied { bind } for pid=2884 comm="syz.4.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 263.068810][ T28] audit: type=1400 audit(1761906318.282:490): avc: denied { create } for pid=2899 comm="syz.4.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 264.124945][ T28] audit: type=1400 audit(1761906319.332:491): avc: denied { bind } for pid=2917 comm="syz.1.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 264.146074][ T28] audit: type=1400 audit(1761906319.352:492): avc: denied { setopt } for pid=2917 comm="syz.1.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 264.188119][ T28] audit: type=1400 audit(1761906319.352:493): avc: denied { write } for pid=2917 comm="syz.1.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 264.321826][ T2923] loop1: detected capacity change from 0 to 512 [ 264.340218][ T2923] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 264.358892][ T2923] EXT4-fs (loop1): 1 orphan inode deleted [ 264.364791][ T2923] EXT4-fs (loop1): 1 truncate cleaned up [ 264.370736][ T2923] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 264.399878][ T2923] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #12: block 7: comm syz.1.779: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 264.419326][ T2923] EXT4-fs (loop1): Remounting filesystem read-only [ 264.427321][ T2923] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1440: inode #12: block 7: comm syz.1.779: path /176/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 264.449683][ T2923] EXT4-fs (loop1): Remounting filesystem read-only [ 264.466169][ T285] EXT4-fs (loop1): unmounting filesystem. [ 265.289121][ T2915] loop3: detected capacity change from 0 to 512 [ 266.890451][ T335] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 267.042617][ T2915] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 268.097716][ T2915] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.776: bad orphan inode 15 [ 269.199819][ T2915] ext4_test_bit(bit=14, block=4) = 1 [ 269.205224][ T2915] is_bad_inode(inode)=0 [ 269.209469][ T2915] NEXT_ORPHAN(inode)=0 [ 269.213587][ T2915] max_ino=32 [ 269.216832][ T2915] i_nlink=1 [ 269.220426][ T2915] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 269.435074][ T28] audit: type=1400 audit(1761906324.642:494): avc: denied { ioctl } for pid=2941 comm="syz.0.784" path="socket:[25027]" dev="sockfs" ino=25027 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 269.468271][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 269.917444][ T2949] loop2: detected capacity change from 0 to 512 [ 271.364266][ T2951] loop4: detected capacity change from 0 to 512 [ 271.477538][ T2945] Bluetooth: hci0: command 0x1003 tx timeout [ 271.495747][ T283] EXT4-fs (loop3): unmounting filesystem. [ 271.517725][ T543] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 271.548302][ T2943] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 271.610053][ T2951] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 271.620044][ T2951] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.786: bad orphan inode 15 [ 271.633403][ T2951] ext4_test_bit(bit=14, block=4) = 1 [ 271.638915][ T2951] is_bad_inode(inode)=0 [ 271.643207][ T2951] NEXT_ORPHAN(inode)=0 [ 271.647357][ T2951] max_ino=32 [ 271.650650][ T2951] i_nlink=1 [ 271.654504][ T2951] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 271.802445][ T2951] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 271.854037][ T2949] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 271.864497][ T2949] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.783: bad orphan inode 15 [ 271.876876][ T2949] ext4_test_bit(bit=14, block=4) = 1 [ 271.882326][ T2949] is_bad_inode(inode)=0 [ 271.886587][ T2949] NEXT_ORPHAN(inode)=0 [ 271.890744][ T2949] max_ino=32 [ 271.894016][ T2949] i_nlink=1 [ 271.897779][ T2949] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 272.250158][ T2948] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 272.346539][ T275] ================================================================== [ 272.354730][ T275] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480 [ 272.361769][ T275] Write of size 8 at addr ffff8881127fca00 by task syz-executor/275 [ 272.369743][ T275] [ 272.372055][ T275] CPU: 1 PID: 275 Comm: syz-executor Not tainted syzkaller #0 [ 272.379503][ T275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 272.389555][ T275] Call Trace: [ 272.392824][ T275] [ 272.395755][ T275] __dump_stack+0x21/0x24 [ 272.400078][ T275] dump_stack_lvl+0xee/0x150 [ 272.404700][ T275] ? __cfi_dump_stack_lvl+0x8/0x8 [ 272.409719][ T275] ? kasan_save_alloc_info+0x25/0x30 [ 272.415123][ T275] ? enqueue_timer+0xae/0x480 [ 272.419811][ T275] print_address_description+0x71/0x200 [ 272.425352][ T275] print_report+0x4a/0x60 [ 272.429675][ T275] kasan_report+0x122/0x150 [ 272.434172][ T275] ? enqueue_timer+0xae/0x480 [ 272.438851][ T275] __asan_report_store8_noabort+0x17/0x20 [ 272.444580][ T275] enqueue_timer+0xae/0x480 [ 272.449170][ T275] __mod_timer+0x79f/0xb30 [ 272.453584][ T275] mod_timer+0x1f/0x30 [ 272.457646][ T275] sk_reset_timer+0x22/0xb0 [ 272.462148][ T275] tcp_rearm_rto+0x312/0x700 [ 272.466735][ T275] ? tcp_rbtree_insert+0x149/0x180 [ 272.471844][ T275] tcp_event_new_data_sent+0x250/0x400 [ 272.477299][ T275] tcp_write_xmit+0x161f/0x5fb0 [ 272.482156][ T275] __tcp_push_pending_frames+0x9c/0x2f0 [ 272.487696][ T275] tcp_rcv_established+0x9ee/0x1a20 [ 272.492889][ T275] ? __cfi_tcp_rcv_established+0x10/0x10 [ 272.498518][ T275] ? ipv4_dst_check+0xf2/0x160 [ 272.503277][ T275] tcp_v4_do_rcv+0x446/0xa10 [ 272.507894][ T275] __release_sock+0x154/0x380 [ 272.512583][ T275] release_sock+0x60/0x1c0 [ 272.516992][ T275] tcp_recvmsg+0x218/0x810 [ 272.521407][ T275] ? __cfi_tcp_recvmsg+0x10/0x10 [ 272.526337][ T275] ? selinux_socket_recvmsg+0x208/0x2e0 [ 272.531900][ T275] ? __cfi_selinux_socket_recvmsg+0x10/0x10 [ 272.537794][ T275] ? avc_has_perm+0x158/0x240 [ 272.542486][ T275] inet_recvmsg+0x13b/0x470 [ 272.546992][ T275] ? pipe_write+0x14c2/0x1950 [ 272.551752][ T275] ? check_stack_object+0x126/0x140 [ 272.556949][ T275] ? __cfi_inet_recvmsg+0x10/0x10 [ 272.561971][ T275] ? security_socket_recvmsg+0x99/0xc0 [ 272.567430][ T275] sock_read_iter+0x2d3/0x380 [ 272.572120][ T275] ? __cfi_sock_read_iter+0x10/0x10 [ 272.577324][ T275] ? __kasan_check_read+0x11/0x20 [ 272.582351][ T275] ? __kasan_check_read+0x11/0x20 [ 272.587380][ T275] ? fsnotify_perm+0x269/0x5b0 [ 272.592157][ T275] vfs_read+0x41e/0x8c0 [ 272.596326][ T275] ? __cfi_vfs_read+0x10/0x10 [ 272.601015][ T275] ? __kasan_check_read+0x11/0x20 [ 272.606040][ T275] ? __fdget_pos+0x1f2/0x380 [ 272.610630][ T275] ksys_read+0x140/0x240 [ 272.614875][ T275] ? __cfi_ksys_read+0x10/0x10 [ 272.619642][ T275] ? fpregs_restore_userregs+0x128/0x260 [ 272.625278][ T275] __x64_sys_read+0x7b/0x90 [ 272.629787][ T275] x64_sys_call+0x2f/0x9a0 [ 272.634212][ T275] do_syscall_64+0x4c/0xa0 [ 272.638630][ T275] ? clear_bhb_loop+0x30/0x80 [ 272.643340][ T275] ? clear_bhb_loop+0x30/0x80 [ 272.648018][ T275] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.653944][ T275] RIP: 0033:0x7f8ed558d99d [ 272.658355][ T275] Code: a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 a8 48 00 00 0f 1f 84 00 00 00 00 00 80 3d c1 ab 22 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec [ 272.677954][ T275] RSP: 002b:00007ffd4fe91618 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 272.686361][ T275] RAX: ffffffffffffffda RBX: 00007ffd4fe91720 RCX: 00007f8ed558d99d [ 272.694326][ T275] RDX: 0000000000000004 RSI: 00007ffd4fe9162c RDI: 0000000000000003 [ 272.702285][ T275] RBP: 0000000000000000 R08: 0000000000000110 R09: 00125339beba6fa4 [ 272.710249][ T275] R10: 0000008ca4114662 R11: 0000000000000246 R12: 00007ffd4fe91a40 [ 272.718210][ T275] R13: 0000000000000004 R14: 00007ffd4fe9162c R15: 00007ffd4fe916c0 [ 272.726177][ T275] [ 272.729186][ T275] [ 272.731518][ T275] Allocated by task 2943: [ 272.735867][ T275] kasan_set_track+0x4b/0x70 [ 272.740523][ T275] kasan_save_alloc_info+0x25/0x30 [ 272.745653][ T275] __kasan_kmalloc+0x95/0xb0 [ 272.750253][ T275] __kmalloc+0xb1/0x1e0 [ 272.754413][ T275] hci_alloc_dev_priv+0x27/0x1bd0 [ 272.759431][ T275] hci_uart_tty_ioctl+0x3d6/0xa20 [ 272.764449][ T275] tty_ioctl+0x8ef/0xc60 [ 272.768689][ T275] __se_sys_ioctl+0x12f/0x1b0 [ 272.773357][ T275] __x64_sys_ioctl+0x7b/0x90 [ 272.777960][ T275] x64_sys_call+0x58b/0x9a0 [ 272.782459][ T275] do_syscall_64+0x4c/0xa0 [ 272.786872][ T275] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.792764][ T275] [ 272.795078][ T275] Freed by task 2943: [ 272.799047][ T275] kasan_set_track+0x4b/0x70 [ 272.803628][ T275] kasan_save_free_info+0x31/0x50 [ 272.808658][ T275] ____kasan_slab_free+0x132/0x180 [ 272.813766][ T275] __kasan_slab_free+0x11/0x20 [ 272.818523][ T275] slab_free_freelist_hook+0xc2/0x190 [ 272.823896][ T275] __kmem_cache_free+0xb7/0x1b0 [ 272.828740][ T275] kfree+0x6f/0xf0 [ 272.832477][ T275] hci_release_dev+0x12a3/0x13b0 [ 272.837410][ T275] bt_host_release+0x82/0x90 [ 272.841999][ T275] device_release+0xa4/0x1d0 [ 272.846581][ T275] kobject_put+0x19d/0x280 [ 272.851013][ T275] put_device+0x1f/0x30 [ 272.855162][ T275] hci_dev_cmd+0x265/0x720 [ 272.859577][ T275] hci_sock_ioctl+0x41e/0x7f0 [ 272.864249][ T275] sock_do_ioctl+0x101/0x310 [ 272.868835][ T275] sock_ioctl+0x4d8/0x6e0 [ 272.873160][ T275] __se_sys_ioctl+0x12f/0x1b0 [ 272.877827][ T275] __x64_sys_ioctl+0x7b/0x90 [ 272.882405][ T275] x64_sys_call+0x58b/0x9a0 [ 272.886901][ T275] do_syscall_64+0x4c/0xa0 [ 272.891307][ T275] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.897201][ T275] [ 272.899519][ T275] Last potentially related work creation: [ 272.905222][ T275] kasan_save_stack+0x3a/0x60 [ 272.909891][ T275] __kasan_record_aux_stack+0xb6/0xc0 [ 272.915257][ T275] kasan_record_aux_stack_noalloc+0xb/0x10 [ 272.921060][ T275] insert_work+0x51/0x300 [ 272.925379][ T275] __queue_work+0x9b1/0xd30 [ 272.929897][ T275] queue_work_on+0xd2/0x140 [ 272.934393][ T275] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 272.939501][ T275] hci_cmd_sync_status+0x53/0x120 [ 272.944521][ T275] hci_dev_cmd+0x628/0x720 [ 272.948940][ T275] hci_sock_ioctl+0x41e/0x7f0 [ 272.953614][ T275] sock_do_ioctl+0x101/0x310 [ 272.958206][ T275] sock_ioctl+0x4d8/0x6e0 [ 272.962533][ T275] __se_sys_ioctl+0x12f/0x1b0 [ 272.967208][ T275] __x64_sys_ioctl+0x7b/0x90 [ 272.971790][ T275] x64_sys_call+0x58b/0x9a0 [ 272.976288][ T275] do_syscall_64+0x4c/0xa0 [ 272.980696][ T275] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.986584][ T275] [ 272.988898][ T275] Second to last potentially related work creation: [ 272.995506][ T275] kasan_save_stack+0x3a/0x60 [ 273.000175][ T275] __kasan_record_aux_stack+0xb6/0xc0 [ 273.005546][ T275] kasan_record_aux_stack_noalloc+0xb/0x10 [ 273.011346][ T275] insert_work+0x51/0x300 [ 273.015678][ T275] __queue_work+0x9b1/0xd30 [ 273.020189][ T275] queue_work_on+0xd2/0x140 [ 273.024691][ T275] hci_cmd_timeout+0x191/0x200 [ 273.029456][ T275] process_one_work+0x71f/0xc40 [ 273.034302][ T275] worker_thread+0xa29/0x11f0 [ 273.038974][ T275] kthread+0x281/0x320 [ 273.043033][ T275] ret_from_fork+0x1f/0x30 [ 273.047444][ T275] [ 273.049758][ T275] The buggy address belongs to the object at ffff8881127fc000 [ 273.049758][ T275] which belongs to the cache kmalloc-8k of size 8192 [ 273.063823][ T275] The buggy address is located 2560 bytes inside of [ 273.063823][ T275] 8192-byte region [ffff8881127fc000, ffff8881127fe000) [ 273.077261][ T275] [ 273.079578][ T275] The buggy address belongs to the physical page: [ 273.085978][ T275] page:ffffea000449fe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881127f8000 pfn:0x1127f8 [ 273.097525][ T275] head:ffffea000449fe00 order:3 compound_mapcount:0 compound_pincount:0 [ 273.106185][ T275] flags: 0x4000000000010200(slab|head|zone=1) [ 273.112275][ T275] raw: 4000000000010200 ffffea0004f45600 dead000000000004 ffff888100043500 [ 273.120856][ T275] raw: ffff8881127f8000 0000000080020001 00000001ffffffff 0000000000000000 [ 273.129421][ T275] page dumped because: kasan: bad access detected [ 273.135833][ T275] page_owner tracks the page as allocated [ 273.141534][ T275] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 848, tgid 847 (syz.4.97), ts 90296960379, free_ts 90293957032 [ 273.163750][ T275] post_alloc_hook+0x1f5/0x210 [ 273.168509][ T275] prep_new_page+0x1c/0x110 [ 273.173005][ T275] get_page_from_freelist+0x2c7b/0x2cf0 [ 273.178632][ T275] __alloc_pages+0x1c3/0x450 [ 273.183218][ T275] alloc_slab_page+0x6e/0xf0 [ 273.187805][ T275] new_slab+0x98/0x3d0 [ 273.191872][ T275] ___slab_alloc+0x6bd/0xb20 [ 273.196454][ T275] __slab_alloc+0x5e/0xa0 [ 273.200778][ T275] __kmem_cache_alloc_node+0x203/0x2c0 [ 273.206245][ T275] __kmalloc+0xa1/0x1e0 [ 273.210416][ T275] mb_cache_create+0x187/0x5a0 [ 273.215174][ T275] ext4_xattr_create_cache+0x13/0x20 [ 273.220487][ T275] ext4_fill_super+0x593b/0x7970 [ 273.225413][ T275] get_tree_bdev+0x444/0x680 [ 273.230009][ T275] ext4_get_tree+0x1c/0x20 [ 273.234410][ T275] vfs_get_tree+0x9a/0x270 [ 273.238822][ T275] page last free stack trace: [ 273.243477][ T275] free_unref_page_prepare+0x742/0x750 [ 273.248927][ T275] free_unref_page+0x8f/0x530 [ 273.253624][ T275] __free_pages+0x67/0x100 [ 273.258039][ T275] __free_slab+0xca/0x1a0 [ 273.262364][ T275] __unfreeze_partials+0x160/0x190 [ 273.267471][ T275] put_cpu_partial+0xa9/0x100 [ 273.272141][ T275] __slab_free+0x1c4/0x280 [ 273.276551][ T275] ___cache_free+0xbf/0xd0 [ 273.280960][ T275] qlist_free_all+0xc6/0x140 [ 273.285547][ T275] kasan_quarantine_reduce+0x14a/0x170 [ 273.290994][ T275] __kasan_slab_alloc+0x24/0x80 [ 273.295846][ T275] slab_post_alloc_hook+0x4f/0x2d0 [ 273.300970][ T275] kmem_cache_alloc+0x16e/0x330 [ 273.305820][ T275] getname_flags+0xb9/0x500 [ 273.310317][ T275] user_path_at_empty+0x30/0x1c0 [ 273.315247][ T275] do_readlinkat+0xd4/0x480 [ 273.319748][ T275] [ 273.322058][ T275] Memory state around the buggy address: [ 273.327672][ T275] ffff8881127fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.335720][ T275] ffff8881127fc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.343786][ T275] >ffff8881127fca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.351829][ T275] ^ [ 273.355884][ T275] ffff8881127fca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.363933][ T275] ffff8881127fcb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.371986][ T275] ================================================================== [ 273.380033][ T275] Disabling lock debugging due to kernel taint SYZFAIL: failed to send rpc fd=3 want=4472 sent=0 n=-1 (errno 32: Broken pipe) [ 273.527603][ T287] EXT4-fs (loop4): unmounting filesystem. [ 273.533509][ T286] EXT4-fs (loop2): unmounting filesystem. [ 273.534213][ T28] audit: type=1400 audit(1761906328.742:495): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 273.557571][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 273.572777][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 273.581206][ C1] CPU: 1 PID: 2958 Comm: syz.0.789 Tainted: G B syzkaller #0 [ 273.589991][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 273.600070][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 273.605397][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 dc 28 00 4c 89 ff e8 b0 09 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 ec 50 6d 00 49 8b 7d 00 e8 93 05 [ 273.625122][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 273.631390][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888120f9a880 [ 273.639369][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 273.647340][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 273.655313][ C1] R10: ffffed10224ff939 R11: 1ffff110224ff939 R12: dffffc0000000000 [ 273.663282][ C1] R13: 0000000000000000 R14: ffff8881127fc9c8 R15: 0000000000000008 [ 273.671248][ C1] FS: 00007f02f785e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 273.680175][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 273.686777][ C1] CR2: 0000200000076030 CR3: 0000000121171000 CR4: 00000000003506a0 [ 273.694750][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 273.702716][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 273.710687][ C1] Call Trace: [ 273.713982][ C1] [ 273.716826][ C1] delayed_work_timer_fn+0x61/0x80 [ 273.721967][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 273.727776][ C1] call_timer_fn+0x46/0x2a0 [ 273.732285][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 273.738092][ C1] __run_timers+0x667/0x9a0 [ 273.742605][ C1] ? calc_index+0x200/0x200 [ 273.747110][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 273.752316][ C1] run_timer_softirq+0x6a/0xf0 [ 273.757080][ C1] handle_softirqs+0x1d7/0x600 [ 273.761843][ C1] __irq_exit_rcu+0x52/0xf0 [ 273.766344][ C1] irq_exit_rcu+0x9/0x10 [ 273.770584][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 273.776225][ C1] [ 273.779153][ C1] [ 273.782082][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 273.788068][ C1] RIP: 0010:skb_copy_datagram_iter+0x1/0x150 [ 273.794050][ C1] Code: c1 0f 8c 99 fa ff ff 48 89 df e8 7a 70 ce fd e9 8c fa ff ff 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 1d 06 a0 7c 55 <48> 89 e5 41 57 41 56 41 55 41 54 53 89 cb 49 89 d6 41 89 f7 49 89 [ 273.813654][ C1] RSP: 0018:ffffc9000f8f76d0 EFLAGS: 00000282 [ 273.819729][ C1] RAX: ffffffff844bfab0 RBX: 0000000000000000 RCX: 0000000000000000 [ 273.827714][ C1] RDX: ffffc9000f8f7d10 RSI: 0000000000000000 RDI: ffff888114f1f500 [ 273.835690][ C1] RBP: ffffc9000f8f7870 R08: dffffc0000000000 R09: ffffed10241f3511 [ 273.843665][ C1] R10: ffffed10241f3511 R11: 1ffff110241f3510 R12: 0000000000000000 [ 273.851635][ C1] R13: 1ffff92001f1eeec R14: 0000000000000000 R15: ffff888114f1f500 [ 273.859638][ C1] ? __unix_dgram_recvmsg+0x640/0xd70 [ 273.865033][ C1] ? __unix_dgram_recvmsg+0x656/0xd70 [ 273.870423][ C1] ? up_read+0x56/0x1d0 [ 273.874592][ C1] ? __cfi___unix_dgram_recvmsg+0x10/0x10 [ 273.880318][ C1] ? exc_page_fault+0x5e/0xb0 [ 273.885007][ C1] unix_dgram_recvmsg+0xc7/0xe0 [ 273.889870][ C1] ? __cfi_unix_dgram_recvmsg+0x10/0x10 [ 273.895428][ C1] ____sys_recvmsg+0x2a0/0x590 [ 273.900204][ C1] ? __sys_recvmsg_sock+0x50/0x50 [ 273.905239][ C1] ? import_iovec+0x7c/0xb0 [ 273.909748][ C1] ___sys_recvmsg+0x1b2/0x510 [ 273.914436][ C1] ? __sys_recvmsg+0x270/0x270 [ 273.919208][ C1] ? cgroup_rstat_updated+0xf5/0x370 [ 273.924498][ C1] ? asm_sysvec_call_function_single+0x1b/0x20 [ 273.930673][ C1] ? do_recvmmsg+0x52a/0x7a0 [ 273.935266][ C1] do_recvmmsg+0x359/0x7a0 [ 273.939688][ C1] ? __sys_recvmmsg+0x280/0x280 [ 273.944561][ C1] __x64_sys_recvmmsg+0x18d/0x240 [ 273.949594][ C1] ? __cfi___x64_sys_recvmmsg+0x10/0x10 [ 273.955150][ C1] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 273.961228][ C1] x64_sys_call+0x3e7/0x9a0 [ 273.965735][ C1] do_syscall_64+0x4c/0xa0 [ 273.970150][ C1] ? clear_bhb_loop+0x30/0x80 [ 273.974843][ C1] ? clear_bhb_loop+0x30/0x80 [ 273.979525][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.985421][ C1] RIP: 0033:0x7f02f698efc9 [ 273.989835][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.009443][ C1] RSP: 002b:00007f02f785e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 274.017866][ C1] RAX: ffffffffffffffda RBX: 00007f02f6be6090 RCX: 00007f02f698efc9 [ 274.025838][ C1] RDX: 03fffffffffffcb5 RSI: 00002000000000c0 RDI: 0000000000000004 [ 274.033812][ C1] RBP: 00007f02f6a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 274.041783][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 274.049751][ C1] R13: 00007f02f6be6128 R14: 00007f02f6be6090 R15: 00007ffc8ad287b8 [ 274.057735][ C1] [ 274.060764][ C1] Modules linked in: [ 274.064676][ C1] ---[ end trace 0000000000000000 ]--- [ 274.070140][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 274.075446][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 dc 28 00 4c 89 ff e8 b0 09 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 ec 50 6d 00 49 8b 7d 00 e8 93 05 [ 274.095055][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 274.101125][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888120f9a880 [ 274.109098][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 274.117069][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 274.125042][ C1] R10: ffffed10224ff939 R11: 1ffff110224ff939 R12: dffffc0000000000 [ 274.133014][ C1] R13: 0000000000000000 R14: ffff8881127fc9c8 R15: 0000000000000008 [ 274.140993][ C1] FS: 00007f02f785e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 274.149924][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 274.156506][ C1] CR2: 0000200000076030 CR3: 0000000121171000 CR4: 00000000003506a0 [ 274.164484][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 274.172464][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 274.180523][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 274.188039][ C1] Kernel Offset: disabled [ 274.192359][ C1] Rebooting in 86400 seconds..