last executing test programs: 3.507910189s ago: executing program 0 (id=3375): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000040)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r5, 0x0, 0x0) 3.456607584s ago: executing program 1 (id=3377): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) io_submit(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 3.382453311s ago: executing program 3 (id=3379): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000003c0)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 3.353516554s ago: executing program 3 (id=3380): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x28, 0x26, 0xa01, 0x0, 0x0, {0xa}, [@nested={0x14, 0xdd, 0x0, 0x1, [@nested={0x10, 0x67, 0x0, 0x1, [@typed={0xc, 0x13f, 0x0, 0x0, @u64=0x10}]}]}]}, 0x28}}, 0x0) 2.371129293s ago: executing program 1 (id=3382): socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}]}) 2.368720283s ago: executing program 3 (id=3384): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f00000003c0)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x110) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000200000000050005"], 0x80}}, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0) 2.237108296s ago: executing program 2 (id=3387): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 2.172978102s ago: executing program 0 (id=3388): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) flock(0xffffffffffffffff, 0x1) 2.145202755s ago: executing program 2 (id=3389): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$sock(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4040000) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x80, 0x0, 0x0) syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 2.064691743s ago: executing program 2 (id=3391): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, 0x0, 0x809d) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) write$vga_arbiter(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x3010011, &(0x7f0000000980)={[{@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@utf8no}, {@shortname_win95}, {@shortname_mixed}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@utf8}, {@uni_xlateno}, {@uni_xlate}, {@utf8}, {@fat=@codepage={'codepage', 0x3d, '932'}}, {@shortname_winnt}, {@shortname_lower}, {@shortname_win95}, {@uni_xlateno}, {@utf8no}]}, 0x1, 0x36b, &(0x7f0000000500)="$eJzs3U1oY0UcAPB/+tKkXdD2JgpC9CZo2e5NL7ZIFxZ7UQl+HMTgdlWSKrRYbA+b1oPiUfCoJ28KevAgHkVQxJsHr64gq+JB97bg4kjy8vGapN3uYivF3w+aTGfmP/N/HySv4WX6wlI0L07HpWvXrsbMTCnKS48txfVSzEcWfbsxrjKhDgA4Ha6nFH+m3GjbzOSQ0gmkBQAco+77/0sRUYv5vObNrw/rn7z7A8Cp1/v7f/awPgd8DhDx2rGkBAAcs7HP/+/f11zp/pT7v5YLdwUAAKfVU88+9/jyasSTtdpMxPrbW/WtejwybF++FK9EK9bibMzFjYj8QqHzUOo+nr+wunK2Vqu145f5qEfEVC+wnl8pLGfd+GosxlzM9+J7Vxsppez8Z6sri7WuiNhtd+eP9dJWfTrO9Ob/8UysDS88+oN0nyIurK6cq/UGqK/349sRe8MbFTr5L8RcfP/iYJiU+ncwrq5cXuwnPYzfqlfj4mAvHPgJCAAAAAAAAAAAAAAAAAAAAAAA3JaF2sD8YP2c1HnOV8pZWJjQ3l0fJ4/vrQ+0l68PlKopUvrjjYfq72Sxb32g0fV5tiwkCAAAAAAAAAAAAAAAAAAAAAOb25VotFprG5vbO81iob2xuT0VEZ2aV7/95KvZGO9zk0I5n6IaMZii1pt2p9lIWb9zyiLGw7PO5P2ajz4fZFzsUx1sxcQ0qgc3tVp33Pfz+8Oae7P+yH8P+2QxeQOzQhqPjoy8fmee0q3sqEHhXLGmOj77lZRSoeatYvjl58cHjFJE+dYP3E5zKg7ukzqFb66+fHd/7ze+TLkHHpx7+sp7H/7WbLQ6M0f3CFY2Nm+kZqPU73yE2XvDpe4hGJ4bpcgLpeKZUD5swL39NY3sh9+fuefd7462E1Kx5vXO+TzSJ8s359PR8Epe6KQ50jQ7DJ/ubURrbXrCyX+zwm0c07s++OLjlH769chTDE2NvWyU/p1XHwAAAAAAAAAAAAAAAAAAoKjwXfHel67becP0YVEPP3FC6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiRj+//9CYW83RmqOUvirPSGquraxGVH5rzcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/uX8CAAD//3wwZok=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r4, 0xffffffffffffffff, 0x7}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) 2.063705643s ago: executing program 4 (id=3392): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) dup2(0xffffffffffffffff, 0xffffffffffffffff) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, 0x0, 0x0, 0x2000000022, &(0x7f0000000480)={0x77359400}) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x285c, 0x4) sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0208000002"], 0x10}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 1.99729029s ago: executing program 0 (id=3393): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) io_submit(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 1.99326262s ago: executing program 4 (id=3394): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="02070009"], 0x10}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 1.925071407s ago: executing program 4 (id=3395): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x28, 0x26, 0xa01, 0x0, 0x0, {0xa}, [@nested={0x14, 0xdd, 0x0, 0x1, [@nested={0x10, 0x67, 0x0, 0x1, [@typed={0xc, 0x13f, 0x0, 0x0, @u64=0x10}]}]}]}, 0x28}}, 0x0) 1.450550375s ago: executing program 3 (id=3396): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) timerfd_create(0x0, 0x81000) 1.438088086s ago: executing program 3 (id=3397): mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x75, 0x10b701) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = epoll_create(0x401) r5 = eventfd2(0xfffffffc, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f00000007c0)={0x90000001}) epoll_pwait(r4, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) signalfd(0xffffffffffffffff, 0x0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1c917, &(0x7f0000000600)={[{}, {@noblock_validity}, {@nolazytime}, {@journal_dev={'journal_dev', 0x3d, 0xd41}}, {@nogrpid}, {@nobh}, {@errors_remount}, {@noinit_itable}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}, 0x32}]}, 0x9f, 0x4f2, &(0x7f0000000a40)="$eJzs3V1rHNcZAOB3Rlp/ypVMe+Ea6praRXJb70pWbYteuB+U9srQ1r2urUorIbTSCu3KtoRpZfoDCqW0hUKhV7kJ5AcEgn9CCBiS+5CEhJDYyYUvEm/YL3/Iu5KMV1qhfR4YzTlnZvSed5ed3TMzzATQs05HxJmIeFypVM5FxGCjPW1MP6pW1uvrPXxwZ6o6JVGpXPssiUjqbdVVRp75n0frm8ShiPjDbyP+nLwYt7S6Nj9ZKOSXG/VceWEpV1pdOz+3MDmbn80vjo+PXZq4PHFxYrQjeQ5ExJVff/Svv7/2mytv/eTW+9c/GflL0miPeJpHp9VTz9Rei6b+iFjeiWBd0NfIJ9NsaPFeAwCwdzR/5/8gIs7FYPTVfs0BAAAA+0nl5wPxVRJRAQAAAPattHYNbJJmG9cBDESaZrP1a3i/E0fSQrFU/vFMcWVxun6t7FBk0pm5Qn60ca3wUGSSan2sVn5av7ChPh4RxyPin4OHa/XsVLEw3e2DHwAAANAjjm4Y/385WB//AwAAAPvMULc7AAAAAOw4438AAADY/4z/AQAAYF/73dWr1anSfP719M3VlfnizfPT+dJ8dmFlKjtVXF7KzhaLs7V79i1s9f8KxeLST2Nx5XaunC+Vc6XVtesLxZXF8vW55x6BDQAAAOyi49+/914SEes/O1ybqg50u1PAruh/mZU/3Ll+ALuvr9sdALrmpb7/gX0l0+0OAF2XRMT/Nlne9uKdt3emPwAAQOcNf7f1+f9ky2MD6+kudRHYIY7/Qe9y/h96l/P/0Lsy0RcG8tDbki2Wv/r5/0rlpToEAAB03EBtStJsRO04wECkaTYbcaz2WIBMMjNXyI9GxLci4t3BzMFqfay2ZbLlmAEAAAAAAAAAAAAAAAAAAAAAAAAAqKtUkqgAAAAA+1pE+nHSeP7X8ODZgY3HBw4kjwZr84i49d9r/749WS4vj1XbP3/SXv5Po/1CN45gAAAAABs1x+nNcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNLDB3emmtNuxv30lxEx1Cp+fxyqzQ9FJiKOfJFE/zPbJRHR14H463cj4ld/ahE/qXYrhhq9aBX/cKfin2iV/+bx04g42oH40MvuVfc/v2j1+UvjdG2+8fN38Mm2/R2I337/lz7Z//W12f8c22aMk/ffyLWNfzfiZH/r/U8zftIm/pltxr/xx7W1dssq/48Ybvn9kzwXK1deWMqVVtfOzy1MzuZn84vj42OXJi5PXJwYzc3MFfKNvy1j/ON7bz7eLP8jbeIPbZH/2W3m//X92w++XS9mWsUfOdP6/T/RJn7a+O77YaNcXT7cLK/Xy8869fo7pzbLf7pN/lu9/yPbzP/c7//2wTZXBQB2QWl1bX6yUMgv93ThlV6N6s+iPZGFwlaFSmPw1mz5617p2B4sND8Tj7qzYwIAADruxTHwdtzYuQ4BAAAAAAAAAAAAAAAAAABAD+rMPcOa98Te/O56Tev12Qv3QgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6KZvAgAA//9F0tDB") socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x4000) timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x7c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 1.437330446s ago: executing program 1 (id=3398): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x28181, 0x0) 1.404729209s ago: executing program 1 (id=3399): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r3, 0x0, 0x0, 0x805, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r5 = openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r7, 0x0, 0x0, 0x4) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x28181, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000a40)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") 992.00472ms ago: executing program 0 (id=3400): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000ff01"], 0x50) 982.748181ms ago: executing program 2 (id=3401): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$sock(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4040000) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x80, 0x0, 0x0) syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 980.069312ms ago: executing program 4 (id=3402): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001800", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 494.75273ms ago: executing program 4 (id=3403): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000380)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) flock(0xffffffffffffffff, 0x1) 444.870045ms ago: executing program 0 (id=3404): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x200000, 0x0) 444.443065ms ago: executing program 2 (id=3405): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, 0x0, 0x0, 0x2000000022, &(0x7f0000000480)={0x77359400}) 433.741146ms ago: executing program 4 (id=3406): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f00000003c0)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x110) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000200000000050005"], 0x80}}, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0) 394.44878ms ago: executing program 1 (id=3407): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) timerfd_create(0x0, 0x81000) 394.05836ms ago: executing program 2 (id=3408): socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}]}) 374.870552ms ago: executing program 0 (id=3409): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0xc300) 218.305278ms ago: executing program 3 (id=3410): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) tkill(0x0, 0x12) prlimit64(0x0, 0xe, &(0x7f0000000240)={0xc, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd5cd7000) futex(&(0x7f0000000280)=0x1, 0x7, 0x1, &(0x7f0000000300), 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) syz_clone3(0x0, 0x0) tkill(r1, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002400), 0x80040, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x200, 0x0, 0x1, 0x3}, 0x20) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406a05150000000000000109022400010000c00509040000810300000009210000280122"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@global=@item_012={0x1, 0x1, 0x8, "1f"}, @main=@item_012={0x2, 0x0, 0x8, 'Q;'}, @local=@item_012={0x1, 0x2, 0x5, "94"}]}}, 0x0}, 0x0) 0s ago: executing program 1 (id=3411): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000050000"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) io_submit(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) kernel console output (not intermixed with test programs): ink becomes ready [ 250.378415][ T3718] netlink: 'syz.3.1039': attribute type 4 has an invalid length. [ 251.181795][ T3729] netlink: 'syz.3.1042': attribute type 4 has an invalid length. [ 251.311761][ T3730] overlayfs: failed to resolve './bus': -2 [ 252.559854][ T24] audit: type=1326 audit(1763256961.380:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3747 comm="syz.2.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 252.653226][ T3749] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1048'. [ 252.720161][ T3749] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1048'. [ 252.726528][ T3751] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=3751 comm=syz.2.1050 [ 253.017200][ T3761] netlink: 'syz.1.1052': attribute type 4 has an invalid length. [ 253.189083][ T3758] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 253.239381][ T3771] netlink: 'syz.0.1056': attribute type 4 has an invalid length. [ 253.805362][ T3784] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1063'. [ 253.827644][ T3786] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=3786 comm=syz.3.1064 [ 253.839510][ T3784] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1063'. [ 253.995868][ T3787] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1062'. [ 254.291882][ T3794] netlink: 'syz.2.1067': attribute type 4 has an invalid length. [ 254.921066][ T3809] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1072'. [ 254.958850][ T3809] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1072'. [ 255.057975][ T3811] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 255.080564][ T3811] EXT4-fs (loop1): external journal has bad superblock [ 255.339468][ T24] kauditd_printk_skb: 15 callbacks suppressed [ 255.339491][ T24] audit: type=1326 audit(1763256964.160:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 255.716808][ T24] audit: type=1326 audit(1763256964.200:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 255.812115][ T3819] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1075'. [ 256.211478][ T3820] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1075'. [ 256.251772][ T24] audit: type=1326 audit(1763256964.200:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 256.360871][ T3825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1076'. [ 256.416519][ T24] audit: type=1326 audit(1763256964.200:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 256.440145][ T24] audit: type=1326 audit(1763256964.200:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 256.501088][ T24] audit: type=1326 audit(1763256964.210:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 256.594678][ T3835] tipc: Enabling of bearer rejected, already enabled [ 256.708450][ T3834] netlink: 'syz.1.1079': attribute type 4 has an invalid length. [ 256.807898][ T24] audit: type=1326 audit(1763256964.210:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3810 comm="syz.1.1073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b1350d6c9 code=0x7ffc0000 [ 257.722228][ T3844] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1086'. [ 257.752264][ T3844] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1086'. [ 258.258746][ T24] audit: type=1400 audit(1763256967.080:434): avc: denied { bind } for pid=3853 comm="syz.0.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 258.265409][ T3847] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1084'. [ 258.285487][ T24] audit: type=1400 audit(1763256967.090:435): avc: denied { connect } for pid=3853 comm="syz.0.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 258.307974][ T376] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 259.045017][ T3871] EXT4-fs (loop0): Ignoring removed nobh option [ 259.051726][ T3871] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 259.083281][ T376] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.149007][ T3871] EXT4-fs (loop0): orphan cleanup on readonly fs [ 259.159672][ T3871] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 259.174995][ T3871] EXT4-fs (loop0): Remounting filesystem read-only [ 259.182045][ T3871] Quota error (device loop0): write_blk: dquota write failed [ 259.189617][ T3871] EXT4-fs error (device loop0): ext4_acquire_dquot:6226: comm syz.0.1091: Failed to acquire dquot type 0 [ 259.201997][ T3871] EXT4-fs (loop0): 1 truncate cleaned up [ 259.948458][ T376] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.958429][ T376] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 259.967496][ T376] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.977772][ T376] usb 2-1: config 0 descriptor?? [ 259.983444][ T3871] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 260.093779][ T3879] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1097'. [ 260.104313][ T3879] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1097'. [ 260.154674][ T3882] netlink: 'syz.2.1096': attribute type 4 has an invalid length. [ 261.144236][ T376] uclogic 0003:256C:006D.0002: failed retrieving Huion firmware version: -71 [ 261.156242][ T3890] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 261.166051][ T3890] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 261.179087][ T3890] EXT4-fs error (device loop3): ext4_get_journal_inode:5243: inode #5: comm syz.3.1100: unexpected bad inode w/o EXT4_IGET_BAD [ 261.194204][ T3890] EXT4-fs (loop3): no journal found [ 261.199432][ T3890] EXT4-fs (loop3): can't get journal size [ 261.267179][ T3890] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue [ 261.345746][ T376] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 261.428147][ T376] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 261.558231][ T376] usb 2-1: USB disconnect, device number 7 [ 261.569063][ T3897] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 261.998684][ T3897] EXT4-fs (loop2): external journal has bad superblock [ 262.219055][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 262.227114][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 262.311795][ T3915] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1108'. [ 262.321288][ T3915] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1108'. [ 262.522261][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 262.522285][ T24] audit: type=1326 audit(1763256971.340:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 262.712900][ T24] audit: type=1326 audit(1763256971.380:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 262.762217][ T24] audit: type=1326 audit(1763256971.390:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 262.810697][ T24] audit: type=1326 audit(1763256971.390:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 262.846342][ T24] audit: type=1326 audit(1763256971.390:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 262.879050][ T24] audit: type=1326 audit(1763256971.420:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 262.902731][ T24] audit: type=1326 audit(1763256971.420:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 263.174475][ T3933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'. [ 263.245454][ T3922] EXT4-fs (loop0): external journal device major/minor numbers have changed [ 263.262241][ T24] audit: type=1326 audit(1763256971.420:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 263.321258][ T3922] EXT4-fs (loop0): external journal has bad superblock [ 263.402850][ T24] audit: type=1326 audit(1763256971.430:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 263.506985][ T24] audit: type=1326 audit(1763256971.430:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.2.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 264.043927][ T3942] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1120'. [ 264.055014][ T3942] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1120'. [ 264.290937][ T3947] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1117'. [ 264.421486][ T3949] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 264.429181][ T3949] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 264.518618][ T3943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1118'. [ 266.557967][ T3960] EXT4-fs (loop2): Ignoring removed nobh option [ 266.564594][ T3960] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 266.590987][ T3960] EXT4-fs (loop2): orphan cleanup on readonly fs [ 266.602131][ T3960] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 266.617597][ T3960] EXT4-fs (loop2): Remounting filesystem read-only [ 266.625102][ T3960] EXT4-fs error (device loop2): ext4_acquire_dquot:6226: comm syz.2.1121: Failed to acquire dquot type 0 [ 266.637905][ T3960] EXT4-fs (loop2): 1 truncate cleaned up [ 266.648081][ T3960] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 266.668478][ T3964] EXT4-fs (loop3): Ignoring removed nobh option [ 266.674828][ T3964] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 266.686131][ T3964] EXT4-fs (loop3): orphan cleanup on readonly fs [ 266.693238][ T3964] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 267.269033][ T3976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1125'. [ 267.289907][ T3964] EXT4-fs (loop3): Remounting filesystem read-only [ 267.296599][ T3964] EXT4-fs error (device loop3): ext4_acquire_dquot:6226: comm syz.3.1123: Failed to acquire dquot type 0 [ 267.308150][ T3964] EXT4-fs (loop3): 1 truncate cleaned up [ 267.313996][ T3964] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 269.082899][ T3988] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1131'. [ 269.109918][ T3988] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1131'. [ 270.422494][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 270.430175][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 270.588190][ T4021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1138'. [ 270.613998][ T4006] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 270.650629][ T4006] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 270.849696][ T4029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1140'. [ 270.940327][ T4032] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1142'. [ 270.952485][ T4027] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 270.972657][ T4027] EXT4-fs (loop3): external journal has bad superblock [ 270.983237][ T4032] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1142'. [ 271.082624][ T24] kauditd_printk_skb: 16 callbacks suppressed [ 271.082638][ T24] audit: type=1326 audit(1763256979.900:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.124699][ T24] audit: type=1326 audit(1763256979.930:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.155499][ T24] audit: type=1326 audit(1763256979.930:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.179242][ T4034] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 271.200253][ T4034] EXT4-fs (loop0): 1 truncate cleaned up [ 271.209450][ T4034] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 271.227001][ T24] audit: type=1326 audit(1763256979.930:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.250706][ T24] audit: type=1326 audit(1763256979.940:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.274370][ T24] audit: type=1326 audit(1763256979.940:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.303275][ T24] audit: type=1326 audit(1763256979.940:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4026 comm="syz.3.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f217fbb86c9 code=0x7ffc0000 [ 271.754482][ T4051] EXT4-fs (loop2): Ignoring removed nobh option [ 271.760817][ T4051] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 271.816395][ T4051] EXT4-fs (loop2): orphan cleanup on readonly fs [ 271.827815][ T4051] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 271.869870][ T4051] EXT4-fs (loop2): Remounting filesystem read-only [ 271.892655][ T4051] Quota error (device loop2): write_blk: dquota write failed [ 271.901242][ T4059] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1149'. [ 271.915746][ T4051] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 271.925776][ T4051] EXT4-fs error (device loop2): ext4_acquire_dquot:6226: comm syz.2.1144: Failed to acquire dquot type 0 [ 271.937718][ T4051] EXT4-fs (loop2): 1 truncate cleaned up [ 271.943840][ T4051] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 272.356826][ T4062] EXT4-fs (loop1): Ignoring removed nobh option [ 272.363354][ T4062] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 272.465270][ T4062] EXT4-fs (loop1): orphan cleanup on readonly fs [ 272.475076][ T4062] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 272.490256][ T4062] EXT4-fs (loop1): Remounting filesystem read-only [ 272.497169][ T4062] Quota error (device loop1): write_blk: dquota write failed [ 272.504794][ T4062] EXT4-fs error (device loop1): ext4_acquire_dquot:6226: comm syz.1.1150: Failed to acquire dquot type 0 [ 272.517033][ T4062] EXT4-fs (loop1): 1 truncate cleaned up [ 272.523262][ T4062] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 272.983418][ T4069] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 273.047335][ T4071] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1153'. [ 273.063589][ T4071] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1153'. [ 273.132237][ T4073] 9pnet: Insufficient options for proto=fd [ 273.339566][ T4085] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 273.598441][ T541] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 274.014266][ T541] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.028035][ T4088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1159'. [ 274.110794][ T4093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1161'. [ 274.125112][ T541] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.142940][ T541] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 274.155206][ T541] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.164749][ T541] usb 1-1: config 0 descriptor?? [ 274.666123][ T4118] EXT4-fs (loop3): Ignoring removed nobh option [ 274.672638][ T4118] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 274.733054][ T4118] EXT4-fs (loop3): orphan cleanup on readonly fs [ 274.742112][ T4118] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 274.756985][ T4118] EXT4-fs (loop3): Remounting filesystem read-only [ 274.763996][ T4118] EXT4-fs error (device loop3): ext4_acquire_dquot:6226: comm syz.3.1165: Failed to acquire dquot type 0 [ 274.775993][ T4118] EXT4-fs (loop3): 1 truncate cleaned up [ 274.782356][ T4118] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 274.927984][ T4117] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 275.334159][ T541] usbhid 1-1:0.0: can't add hid device: -71 [ 275.340188][ T541] usbhid: probe of 1-1:0.0 failed with error -71 [ 275.354921][ T541] usb 1-1: USB disconnect, device number 4 [ 275.501271][ T4125] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1173'. [ 275.630904][ T4144] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1180'. [ 275.641199][ T4144] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1180'. [ 277.212506][ T4145] EXT4-fs (loop2): Ignoring removed nobh option [ 277.219023][ T4145] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 277.268660][ T4145] EXT4-fs (loop2): orphan cleanup on readonly fs [ 277.278334][ T4145] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 277.293483][ T4145] EXT4-fs (loop2): Remounting filesystem read-only [ 277.300445][ T4145] __quota_error: 6 callbacks suppressed [ 277.300465][ T4145] Quota error (device loop2): write_blk: dquota write failed [ 277.313743][ T4145] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 277.323890][ T4145] EXT4-fs error (device loop2): ext4_acquire_dquot:6226: comm syz.2.1176: Failed to acquire dquot type 0 [ 277.339602][ T4145] EXT4-fs (loop2): 1 truncate cleaned up [ 277.346136][ T4145] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 277.791753][ T4148] EXT4-fs (loop1): 1 orphan inode deleted [ 277.797721][ T4148] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,,errors=continue [ 277.807453][ T4148] ext4 filesystem being mounted at /234/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 278.064235][ T4163] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 278.071964][ T4163] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 278.288005][ T4169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1187'. [ 278.489491][ T4161] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 278.519223][ T4161] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 278.684553][ T25] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 279.214388][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.244192][ T4161] EXT4-fs error (device loop0): ext4_get_journal_inode:5243: inode #5: comm syz.0.1183: unexpected bad inode w/o EXT4_IGET_BAD [ 279.247360][ T25] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 279.304683][ T4161] EXT4-fs (loop0): no journal found [ 279.309979][ T4161] EXT4-fs (loop0): can't get journal size [ 279.350894][ T4161] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue [ 279.472454][ T4180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1191'. [ 279.528839][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 129 [ 279.543528][ T25] usb 3-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 279.552880][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.563521][ T25] usb 3-1: config 0 descriptor?? [ 279.664826][ T25] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 280.617896][ T4198] EXT4-fs (loop0): Ignoring removed nobh option [ 280.624495][ T4198] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 280.699667][ T4198] EXT4-fs (loop0): orphan cleanup on readonly fs [ 280.710506][ T4198] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 280.726013][ T4198] EXT4-fs (loop0): Remounting filesystem read-only [ 280.733109][ T4198] Quota error (device loop0): write_blk: dquota write failed [ 280.740784][ T4198] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 280.750838][ T4198] EXT4-fs error (device loop0): ext4_acquire_dquot:6226: comm syz.0.1192: Failed to acquire dquot type 0 [ 280.763991][ T4198] EXT4-fs (loop0): 1 truncate cleaned up [ 280.770456][ T4198] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 280.928177][ T4192] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 281.891961][ T541] usb 3-1: USB disconnect, device number 8 [ 284.332256][ T4249] EXT4-fs (loop3): 1 orphan inode deleted [ 284.338099][ T4249] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,,errors=continue [ 284.347978][ T4249] ext4 filesystem being mounted at /242/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.149045][ T4260] EXT4-fs (loop0): Ignoring removed nobh option [ 286.155437][ T4260] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 286.183203][ T4260] EXT4-fs (loop0): orphan cleanup on readonly fs [ 286.190293][ T4260] EXT4-fs error (device loop0): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 286.205178][ T4260] EXT4-fs (loop0): Remounting filesystem read-only [ 286.211771][ T4260] Quota error (device loop0): write_blk: dquota write failed [ 286.219228][ T4260] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 286.229540][ T4260] EXT4-fs error (device loop0): ext4_acquire_dquot:6226: comm syz.0.1212: Failed to acquire dquot type 0 [ 286.242640][ T4260] EXT4-fs (loop0): 1 truncate cleaned up [ 286.250977][ T4260] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 286.443172][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 286.511322][ T4277] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1218'. [ 286.583549][ T4279] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1219'. [ 286.593496][ T4279] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1219'. [ 287.313418][ T4293] tipc: Started in network mode [ 287.318419][ T4293] tipc: Own node identity ac14140f, cluster identity 4711 [ 287.325689][ T4293] tipc: New replicast peer: 255.255.255.255 [ 287.331886][ T4293] tipc: Enabled bearer , priority 10 [ 287.400232][ T4296] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1225'. [ 287.428215][ T4296] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1225'. [ 287.727473][ T4302] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 287.773167][ T4302] EXT4-fs (loop0): 1 truncate cleaned up [ 287.780990][ T4302] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 288.175498][ T4314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1231'. [ 288.444164][ T1887] tipc: 32-bit node address hash set to f1414ac [ 288.653748][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 288.876916][ T4329] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 289.116372][ T4337] EXT4-fs (loop0): external journal device major/minor numbers have changed [ 289.136481][ T4337] EXT4-fs (loop0): external journal has bad superblock [ 289.237192][ T4344] tipc: Enabling of bearer rejected, already enabled [ 289.403084][ T4347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1242'. [ 289.438153][ T4350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1244'. [ 290.938785][ T4380] netlink: 'syz.1.1256': attribute type 4 has an invalid length. [ 291.348609][ T4378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1255'. [ 292.271078][ T4402] tipc: Enabling of bearer rejected, already enabled [ 294.104141][ T541] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 294.834238][ T541] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 294.852759][ T541] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 294.877199][ T541] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 129 [ 294.900522][ T541] usb 3-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 294.917899][ T541] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.927651][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 294.934004][ T541] usb 3-1: config 0 descriptor?? [ 294.985134][ T541] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 295.485714][ T4436] erofs: (device loop0): mounted with root inode @ nid 36. [ 295.588041][ T4436] erofs: (device loop0): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 295.624421][ T42] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -5 in[4096, 0] out[4868] [ 296.288051][ T541] usb 3-1: USB disconnect, device number 9 [ 296.375703][ T4438] EXT4-fs (loop1): 1 orphan inode deleted [ 296.381490][ T4438] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,,errors=continue [ 296.390985][ T4438] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 296.526723][ T4454] tipc: Enabling of bearer rejected, already enabled [ 296.984512][ T4455] erofs: (device loop2): mounted with root inode @ nid 36. [ 297.001702][ T4455] erofs: (device loop2): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 297.081369][ T42] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -5 in[4096, 0] out[4868] [ 297.853725][ T24] audit: type=1326 audit(1763257006.670:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 297.908061][ T24] audit: type=1326 audit(1763257006.670:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 297.963390][ T4475] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 297.994270][ T24] audit: type=1326 audit(1763257006.670:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 298.661180][ T24] audit: type=1326 audit(1763257006.670:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 298.906321][ T24] audit: type=1326 audit(1763257006.670:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 299.064118][ T24] audit: type=1326 audit(1763257006.670:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 299.108285][ T4485] 9pnet: Insufficient options for proto=fd [ 299.149376][ T24] audit: type=1326 audit(1763257006.670:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 299.176486][ T4486] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 299.213230][ T24] audit: type=1326 audit(1763257006.670:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 299.236862][ T24] audit: type=1326 audit(1763257006.670:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 299.260574][ T24] audit: type=1326 audit(1763257006.670:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4470 comm="syz.4.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 299.447817][ T4493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1291'. [ 299.468851][ T4491] tipc: Enabling of bearer rejected, already enabled [ 299.667204][ T4497] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 299.678233][ T4497] EXT4-fs (loop3): external journal has bad superblock [ 299.894631][ T4511] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1299'. [ 299.923546][ T4514] 9pnet: Insufficient options for proto=fd [ 300.896863][ T4530] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 302.694627][ T4535] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1305'. [ 303.269718][ T4544] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 303.742182][ T4558] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 303.756756][ T4557] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1310'. [ 307.001085][ T4590] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1323'. [ 307.866082][ T4596] EXT4-fs (loop3): Ignoring removed nobh option [ 307.872545][ T4596] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 307.998644][ T4596] EXT4-fs (loop3): orphan cleanup on readonly fs [ 308.008043][ T4596] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 308.023020][ T4596] EXT4-fs (loop3): Remounting filesystem read-only [ 308.029912][ T4596] __quota_error: 16 callbacks suppressed [ 308.029929][ T4596] Quota error (device loop3): write_blk: dquota write failed [ 308.043088][ T4596] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 308.052963][ T4596] EXT4-fs error (device loop3): ext4_acquire_dquot:6226: comm syz.3.1324: Failed to acquire dquot type 0 [ 308.065748][ T4596] EXT4-fs (loop3): 1 truncate cleaned up [ 308.080242][ T4596] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 308.373331][ T4611] 9pnet: Insufficient options for proto=fd [ 308.408006][ T4607] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 308.484610][ T4607] EXT4-fs (loop1): 1 truncate cleaned up [ 308.493653][ T4607] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 308.624887][ T4628] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 309.175798][ T4629] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 309.508449][ T4640] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1335'. [ 311.431290][ T4669] erofs: (device loop1): mounted with root inode @ nid 36. [ 311.465408][ T4669] erofs: (device loop1): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 311.777628][ T41] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -5 in[4096, 0] out[4868] [ 312.592559][ T4687] 9pnet: Insufficient options for proto=fd [ 312.621275][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 312.813985][ T4691] EXT4-fs (loop3): Test dummy encryption mode enabled [ 312.846440][ T4691] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,nobarrier,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue [ 315.820291][ T24] audit: type=1326 audit(1763257024.640:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 315.892728][ T24] audit: type=1326 audit(1763257024.670:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 315.925679][ T24] audit: type=1326 audit(1763257024.670:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 315.986784][ T24] audit: type=1326 audit(1763257024.670:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.010456][ T24] audit: type=1326 audit(1763257024.670:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.522951][ T24] audit: type=1326 audit(1763257024.680:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.549274][ T24] audit: type=1326 audit(1763257024.680:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.575627][ T4741] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 316.593756][ T24] audit: type=1326 audit(1763257024.680:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.618966][ T4741] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 316.629660][ T4741] EXT4-fs error (device loop3): ext4_get_journal_inode:5243: inode #5: comm syz.3.1373: unexpected bad inode w/o EXT4_IGET_BAD [ 316.650674][ T24] audit: type=1326 audit(1763257024.680:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.674416][ T24] audit: type=1326 audit(1763257024.680:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4733 comm="syz.4.1370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 316.698659][ T4750] tipc: Started in network mode [ 316.703579][ T4750] tipc: Own node identity ac14140f, cluster identity 4711 [ 316.710820][ T4750] tipc: New replicast peer: 255.255.255.255 [ 316.716976][ T4750] tipc: Enabled bearer , priority 10 [ 316.780707][ T4741] EXT4-fs (loop3): no journal found [ 316.786129][ T4741] EXT4-fs (loop3): can't get journal size [ 316.801393][ T4754] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 316.812187][ T4741] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue [ 317.903508][ T1887] tipc: 32-bit node address hash set to f1414ac [ 318.690426][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 318.699689][ T4779] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 318.925213][ T4782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1384'. [ 319.087477][ T4787] tipc: Enabling of bearer rejected, already enabled [ 320.427168][ T4810] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 320.964682][ T4818] EXT4-fs (loop3): Ignoring removed nobh option [ 320.971058][ T4818] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 320.981915][ T4818] EXT4-fs (loop3): orphan cleanup on readonly fs [ 320.989212][ T4818] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 321.003552][ T4818] EXT4-fs (loop3): Remounting filesystem read-only [ 321.010261][ T4818] __quota_error: 28 callbacks suppressed [ 321.010271][ T4818] Quota error (device loop3): write_blk: dquota write failed [ 321.023429][ T4818] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 321.033553][ T4818] EXT4-fs error (device loop3): ext4_acquire_dquot:6226: comm syz.3.1397: Failed to acquire dquot type 0 [ 321.045191][ T4818] EXT4-fs (loop3): 1 truncate cleaned up [ 321.051180][ T4818] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 321.924960][ T4831] tipc: Started in network mode [ 321.929980][ T4831] tipc: Own node identity ac14140f, cluster identity 4711 [ 321.937224][ T4831] tipc: New replicast peer: 255.255.255.255 [ 321.943324][ T4831] tipc: Enabled bearer , priority 10 [ 322.054210][ T4838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1402'. [ 322.375787][ T4850] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 322.389755][ T4850] EXT4-fs (loop3): 1 truncate cleaned up [ 322.396124][ T4850] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 323.064113][ T1886] tipc: 32-bit node address hash set to f1414ac [ 324.701938][ T4892] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1420'. [ 324.911649][ T4893] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 324.976276][ T4891] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 324.988378][ T4891] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 325.010459][ T4891] EXT4-fs error (device loop3): ext4_get_journal_inode:5243: inode #5: comm syz.3.1421: unexpected bad inode w/o EXT4_IGET_BAD [ 325.028917][ T4891] EXT4-fs (loop3): no journal found [ 325.037340][ T4891] EXT4-fs (loop3): can't get journal size [ 325.043913][ T4891] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue [ 325.219432][ T4908] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1427'. [ 325.310579][ T4912] netlink: 'syz.3.1429': attribute type 4 has an invalid length. [ 326.492729][ T4925] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1434'. [ 327.276649][ T4934] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1438'. [ 328.218586][ T4966] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 328.657974][ T4972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1451'. [ 328.732554][ T4986] process 'syz.0.1458' launched './file0' with NULL argv: empty string added [ 328.993520][ T4984] 9pnet: Insufficient options for proto=fd [ 330.556301][ T5005] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 331.310871][ T5019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1466'. [ 331.319920][ T24] audit: type=1400 audit(1763257040.130:532): avc: denied { mount } for pid=5015 comm="syz.2.1468" name="/" dev="configfs" ino=13747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 331.354309][ T5014] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 331.370102][ T5014] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 331.480647][ T5031] 9pnet: Insufficient options for proto=fd [ 333.018682][ T5050] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 333.163617][ T5047] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 333.173562][ T5047] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 333.189332][ T5047] EXT4-fs error (device loop3): ext4_get_journal_inode:5243: inode #5: comm syz.3.1475: unexpected bad inode w/o EXT4_IGET_BAD [ 333.203452][ T5047] EXT4-fs (loop3): no journal found [ 333.208852][ T5047] EXT4-fs (loop3): can't get journal size [ 333.232703][ T5047] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue [ 333.341986][ T5059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1481'. [ 333.455013][ T24] audit: type=1326 audit(1763257042.280:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5066 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 333.492637][ T24] audit: type=1326 audit(1763257042.310:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5066 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 333.524201][ T24] audit: type=1326 audit(1763257042.310:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5066 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 333.624071][ T5074] overlayfs: missing 'lowerdir' [ 333.667391][ T5069] EXT4-fs (loop3): Test dummy encryption mode enabled [ 333.832141][ T5069] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,nobarrier,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue [ 333.847563][ T24] audit: type=1326 audit(1763257042.310:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5066 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 333.900692][ T24] audit: type=1326 audit(1763257042.310:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5066 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce6a85c6c9 code=0x7ffc0000 [ 335.692587][ T5097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1494'. [ 335.919685][ T5104] tipc: Enabling of bearer rejected, already enabled [ 336.222244][ T5123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1505'. [ 337.056103][ T5143] tipc: Enabling of bearer rejected, already enabled [ 338.435191][ T5156] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1516'. [ 338.886694][ T5180] netlink: 'syz.1.1526': attribute type 4 has an invalid length. [ 339.349721][ T5186] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1528'. [ 339.569609][ T5201] tipc: Enabling of bearer rejected, already enabled [ 339.612537][ T5205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1533'. [ 341.724992][ T5238] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 341.732693][ T5238] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 341.933350][ T5239] netlink: 'syz.4.1543': attribute type 4 has an invalid length. [ 343.462129][ T5267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1556'. [ 343.541893][ C1] hrtimer: interrupt took 22337 ns [ 344.242882][ T5280] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 344.261939][ T5275] erofs: (device loop3): mounted with root inode @ nid 36. [ 344.280012][ T5275] erofs: (device loop3): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 344.299916][ T42] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -5 in[4096, 0] out[4868] [ 345.678233][ T5289] netlink: 'syz.1.1564': attribute type 4 has an invalid length. [ 345.687102][ T5286] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 345.743231][ T5294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1566'. [ 345.848664][ T5311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1573'. [ 346.515184][ T5321] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 346.523464][ T5321] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 347.693544][ T5332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1576'. [ 348.030862][ T5333] overlayfs: failed to clone upperpath [ 349.477623][ T5361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1591'. [ 349.724648][ T24] audit: type=1400 audit(1763257058.550:538): avc: denied { search } for pid=5377 comm="syz.3.1598" name="/" dev="configfs" ino=13747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 349.785098][ T24] audit: type=1400 audit(1763257058.550:539): avc: denied { read } for pid=5377 comm="syz.3.1598" name="/" dev="configfs" ino=13747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 349.845570][ T24] audit: type=1400 audit(1763257058.550:540): avc: denied { open } for pid=5377 comm="syz.3.1598" path="/" dev="configfs" ino=13747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 350.654464][ T5390] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1603'. [ 350.775841][ T24] audit: type=1326 audit(1763257059.600:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 350.834740][ T24] audit: type=1326 audit(1763257059.600:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 351.019601][ T24] audit: type=1326 audit(1763257059.600:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 351.205996][ T24] audit: type=1326 audit(1763257059.600:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 351.229451][ T24] audit: type=1326 audit(1763257059.600:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.4.1607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836af0c6c9 code=0x7ffc0000 [ 351.285312][ T5409] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=5409 comm=syz.1.1611 [ 351.312351][ T5411] 9pnet: Insufficient options for proto=fd [ 351.632243][ T5422] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1616'. [ 352.446463][ T24] audit: type=1326 audit(1763257061.270:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5459 comm="syz.0.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a30ab66c9 code=0x7ffc0000 [ 352.512484][ T24] audit: type=1326 audit(1763257061.300:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5459 comm="syz.0.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f9a30ab66c9 code=0x7ffc0000 [ 352.562254][ T5472] 9pnet: Insufficient options for proto=fd [ 352.750828][ T5486] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1643'. [ 353.044498][ T5502] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1651'. [ 354.094280][ T5531] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 354.103118][ T5531] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 355.015136][ T5537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1664'. [ 355.085751][ T5540] netlink: 'syz.4.1665': attribute type 4 has an invalid length. [ 355.252878][ T5552] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=5552 comm=syz.4.1671 [ 355.661961][ T5564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1675'. [ 356.208103][ T5573] netlink: 'syz.0.1677': attribute type 4 has an invalid length. [ 358.175802][ T5606] netlink: 'syz.3.1689': attribute type 4 has an invalid length. [ 358.865636][ T5612] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 358.873317][ T5612] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 358.957043][ T5614] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=5614 comm=syz.3.1692 [ 360.294134][ T5643] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 360.666707][ T5648] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1707'. [ 362.448966][ T24] kauditd_printk_skb: 2 callbacks suppressed [ 362.448980][ T24] audit: type=1400 audit(1763257071.270:550): avc: denied { bind } for pid=5677 comm="syz.0.1716" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 362.550044][ T5684] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1718'. [ 362.589949][ T5689] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=5689 comm=syz.4.1721 [ 362.604251][ T5685] overlayfs: failed to clone upperpath [ 362.614661][ T5691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1722'. [ 363.561852][ T5718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1732'. [ 363.614587][ T5720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1734'. [ 363.748125][ T5728] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1737'. [ 363.860933][ T5732] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1736'. [ 366.713671][ T24] audit: type=1400 audit(1763257075.530:551): avc: denied { setopt } for pid=5748 comm="syz.2.1743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 367.412973][ T5761] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1744'. [ 367.524157][ T5768] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1751'. [ 367.629957][ T5771] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1750'. [ 368.058093][ T5789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1757'. [ 368.692153][ T5793] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 369.597341][ T5800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1760'. [ 369.712604][ T5803] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1762'. [ 369.765625][ T5806] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1763'. [ 370.061256][ T5819] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1768'. [ 370.819894][ T5828] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1771'. [ 370.846214][ T5830] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1774'. [ 372.445661][ T5857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1783'. [ 372.483997][ T5863] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1781'. [ 374.028519][ T5889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1794'. [ 374.049469][ T5888] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=5888 comm=syz.4.1795 [ 374.376745][ T5911] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1803'. [ 374.621047][ T5935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1813'. [ 375.136370][ T5955] 9pnet: Insufficient options for proto=fd [ 376.973989][ T5984] 9pnet: Insufficient options for proto=fd [ 377.168948][ T5992] netlink: 'syz.0.1835': attribute type 4 has an invalid length. [ 378.089870][ T6011] netlink: 'syz.3.1842': attribute type 13 has an invalid length. [ 378.100592][ T6011] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 378.110280][ T6011] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 378.122003][ T6011] gretap0: refused to change device tx_queue_len [ 378.129085][ T6011] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 379.898606][ T6021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1844'. [ 381.714864][ T24] audit: type=1400 audit(1763257090.280:552): avc: denied { setattr } for pid=6040 comm="syz.1.1854" name="/" dev="configfs" ino=13747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 383.475041][ T6079] overlayfs: failed to clone upperpath [ 383.538095][ T6081] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 383.754726][ T6083] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=6083 comm=syz.0.1868 [ 383.926252][ T6097] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=6097 comm=syz.4.1875 [ 383.990281][ T6102] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 384.013337][ T6102] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 384.768470][ T6110] overlayfs: failed to clone upperpath [ 388.044351][ T6152] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 389.255006][ T6176] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 390.230249][ T6185] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=6185 comm=syz.4.1904 [ 390.993992][ T6205] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 392.133593][ T24] audit: type=1400 audit(1763257100.940:553): avc: denied { mount } for pid=6213 comm="syz.1.1914" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 392.400247][ T6225] tipc: Enabling of bearer rejected, already enabled [ 393.262786][ T6241] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 397.532140][ T6277] overlayfs: failed to clone upperpath [ 397.763474][ T6281] tipc: Enabling of bearer rejected, already enabled [ 401.675951][ T6315] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 402.068082][ T6319] 9pnet: Insufficient options for proto=fd [ 404.788736][ T6396] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 407.053402][ T6433] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1975'. [ 407.618121][ T6447] netlink: 'syz.1.1983': attribute type 13 has an invalid length. [ 407.632494][ T6447] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 407.680962][ T6447] gretap0: refused to change device tx_queue_len [ 407.687729][ T6447] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 411.895079][ T6518] netlink: 'syz.1.2008': attribute type 13 has an invalid length. [ 411.903006][ T6518] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 412.056136][ T6518] gretap0: refused to change device tx_queue_len [ 412.062872][ T6518] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 413.964509][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2018'. [ 414.089347][ T6543] netlink: 'syz.4.2017': attribute type 13 has an invalid length. [ 414.104359][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 414.120851][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 414.275162][ T6543] gretap0: refused to change device tx_queue_len [ 414.284514][ T6543] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 417.285387][ T6579] netlink: 'syz.4.2032': attribute type 13 has an invalid length. [ 417.293461][ T6579] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 417.304430][ T6579] gretap0: refused to change device tx_queue_len [ 417.311319][ T6579] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 418.341580][ T6598] netlink: 'syz.4.2037': attribute type 13 has an invalid length. [ 418.349665][ T6598] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 418.360302][ T6598] gretap0: refused to change device tx_queue_len [ 418.367462][ T6598] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 419.629672][ T6605] netlink: 'syz.3.2040': attribute type 13 has an invalid length. [ 419.637745][ T6605] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 419.648935][ T6605] gretap0: refused to change device tx_queue_len [ 419.655885][ T6605] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 421.630957][ T6625] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2045'. [ 422.445706][ T6642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2053'. [ 427.338607][ T6737] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=6737 comm=syz.1.2088 [ 428.440612][ T6769] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2094'. [ 428.852186][ T6776] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2102'. [ 428.977845][ T6786] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 432.518418][ T6839] netlink: 'syz.3.2117': attribute type 13 has an invalid length. [ 432.526492][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 432.537993][ T6839] gretap0: refused to change device tx_queue_len [ 432.545055][ T6839] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 438.332402][ T6907] netlink: 'syz.2.2140': attribute type 13 has an invalid length. [ 438.871408][ T6907] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 438.904830][ T6907] gretap0: refused to change device tx_queue_len [ 438.911438][ T6907] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 438.981271][ T6917] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2146'. [ 440.366544][ T6941] tipc: Enabling of bearer rejected, already enabled [ 441.169189][ T6950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2154'. [ 441.563451][ T6957] netlink: 'syz.0.2158': attribute type 13 has an invalid length. [ 441.582885][ T6957] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 441.600065][ T6957] gretap0: refused to change device tx_queue_len [ 441.607015][ T6957] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 442.038655][ T6963] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2159'. [ 442.229007][ T6966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2161'. [ 445.773574][ T6995] netlink: 'syz.0.2171': attribute type 4 has an invalid length. [ 446.170470][ T7012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2175'. [ 447.828688][ T7033] netlink: 'syz.4.2185': attribute type 4 has an invalid length. [ 450.752410][ T7093] tipc: Enabling of bearer rejected, already enabled [ 452.345496][ T7113] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2217'. [ 453.630573][ T7136] tipc: Enabling of bearer rejected, already enabled [ 454.557877][ T7146] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2226'. [ 454.937198][ T7160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2233'. [ 454.988300][ T7161] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2231'. [ 456.723322][ T7192] netlink: 'syz.0.2243': attribute type 13 has an invalid length. [ 456.734252][ T7192] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 456.743407][ T7192] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 456.754467][ T7192] gretap0: refused to change device tx_queue_len [ 456.761510][ T7192] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 456.896881][ T7191] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2242'. [ 457.300913][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2245'. [ 457.334494][ T24] audit: type=1400 audit(1763257166.160:554): avc: denied { read } for pid=7202 comm="syz.4.2248" path="socket:[36057]" dev="sockfs" ino=36057 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 459.949734][ T7244] netlink: 'syz.1.2260': attribute type 13 has an invalid length. [ 459.957966][ T7244] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 459.970697][ T7244] gretap0: refused to change device tx_queue_len [ 459.977388][ T7244] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 460.075076][ T7247] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2262'. [ 460.542728][ T7254] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2259'. [ 461.153951][ T7266] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2269'. [ 462.987386][ T7288] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=7288 comm=syz.3.2278 [ 463.193688][ T7307] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=7307 comm=syz.3.2285 [ 463.299605][ T7305] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2280'. [ 465.475464][ T7343] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2300'. [ 465.531807][ T7353] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2302'. [ 468.248801][ T7413] tipc: Enabling of bearer rejected, already enabled [ 470.893478][ T7458] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=7458 comm=syz.1.2342 [ 473.722789][ T7537] netlink: 'syz.1.2364': attribute type 27 has an invalid length. [ 474.607500][ T7559] netlink: 'syz.0.2377': attribute type 13 has an invalid length. [ 474.615421][ T7559] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 474.623700][ T7559] gretap0: refused to change device tx_queue_len [ 474.630506][ T7559] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 475.406520][ T7571] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2381'. [ 478.319162][ T7600] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2392'. [ 481.895888][ T7677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2415'. [ 483.596148][ T7693] netlink: 'syz.4.2423': attribute type 13 has an invalid length. [ 483.605031][ T7693] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 483.612727][ T7693] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 483.620879][ T7693] gretap0: refused to change device tx_queue_len [ 483.627462][ T7693] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 483.939471][ T7715] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2430'. [ 484.684901][ T7735] netlink: 'syz.3.2438': attribute type 13 has an invalid length. [ 484.818345][ T7735] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 485.265799][ T7735] gretap0: refused to change device tx_queue_len [ 485.272491][ T7735] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 487.553014][ T7787] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2456'. [ 487.777677][ T7789] 9pnet: Insufficient options for proto=fd [ 491.718090][ T7833] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=7833 comm=syz.4.2472 [ 492.080628][ T7845] netlink: 'syz.1.2475': attribute type 13 has an invalid length. [ 492.088597][ T7845] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 492.098469][ T7845] gretap0: refused to change device tx_queue_len [ 492.156961][ T7845] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 493.143304][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2485'. [ 497.464553][ T7929] overlayfs: failed to clone upperpath [ 498.736989][ T7946] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2508'. [ 498.970511][ T7958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2512'. [ 498.988102][ T7958] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2512'. [ 499.954448][ T7976] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2521'. [ 506.160205][ T8089] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2560'. [ 507.131665][ T8107] netlink: 'syz.2.2566': attribute type 13 has an invalid length. [ 507.139774][ T8107] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 507.151176][ T8107] gretap0: refused to change device tx_queue_len [ 507.158218][ T8107] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 508.302819][ T8111] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=8111 comm=syz.4.2567 [ 508.485109][ T24] audit: type=1400 audit(1763257217.310:555): avc: denied { mounton } for pid=8118 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 508.546273][ T2431] tipc: Disabling bearer [ 508.551932][ T2431] tipc: Left network mode [ 508.667524][ T8118] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.684040][ T8118] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.701890][ T8118] device bridge_slave_0 entered promiscuous mode [ 508.716897][ T8118] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.734037][ T8118] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.751857][ T8118] device bridge_slave_1 entered promiscuous mode [ 508.801081][ T8126] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2572'. [ 508.870809][ T8118] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.877925][ T8118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 508.885342][ T8118] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.892379][ T8118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 508.952105][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 509.007527][ T3965] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.270915][ T3965] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.356139][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 509.368920][ T3965] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.376034][ T3965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.399975][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 509.421966][ T3965] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.429101][ T3965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.470090][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 509.486639][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 509.515302][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 509.540187][ T8118] device veth0_vlan entered promiscuous mode [ 509.552117][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 509.564598][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 509.579412][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 509.597577][ T2431] device veth1_macvtap left promiscuous mode [ 509.604826][ T2431] device veth0_vlan left promiscuous mode [ 509.769349][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 509.778483][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 509.851685][ T8154] overlayfs: failed to clone upperpath [ 509.991165][ T8118] device veth1_macvtap entered promiscuous mode [ 510.838957][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 510.864793][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 510.893703][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 510.934552][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 511.006416][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 511.984156][ T439] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 512.354415][ T439] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 512.505894][ T439] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 512.544040][ T439] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 129 [ 512.668757][ T439] usb 5-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 512.687187][ T439] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.673651][ T439] usb 5-1: config 0 descriptor?? [ 513.724622][ T439] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 515.219917][ T5365] usb 5-1: USB disconnect, device number 2 [ 515.717017][ T8231] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=8231 comm=syz.4.2612 [ 517.183196][ T8245] netlink: 'syz.3.2614': attribute type 13 has an invalid length. [ 517.191123][ T8245] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 517.199814][ T8245] gretap0: refused to change device tx_queue_len [ 517.206665][ T8245] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 517.460417][ T8253] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2618'. [ 519.043696][ T24] audit: type=1326 audit(1763257227.860:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8264 comm="syz.4.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbba67946c9 code=0x7ffc0000 [ 519.958628][ T24] audit: type=1326 audit(1763257227.900:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8264 comm="syz.4.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fbba67946c9 code=0x7ffc0000 [ 519.998742][ T24] audit: type=1326 audit(1763257227.900:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8264 comm="syz.4.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbba67946c9 code=0x7ffc0000 [ 520.087061][ T8275] FAT-fs (loop4): Directory bread(block 64) failed [ 520.093642][ T8275] FAT-fs (loop4): Directory bread(block 65) failed [ 520.105298][ T8275] FAT-fs (loop4): Directory bread(block 66) failed [ 520.111948][ T8275] FAT-fs (loop4): Directory bread(block 67) failed [ 520.119103][ T8275] FAT-fs (loop4): Directory bread(block 68) failed [ 520.125751][ T8275] FAT-fs (loop4): Directory bread(block 69) failed [ 520.132538][ T8275] FAT-fs (loop4): Directory bread(block 70) failed [ 520.139209][ T8275] FAT-fs (loop4): Directory bread(block 71) failed [ 520.146132][ T8275] FAT-fs (loop4): Directory bread(block 72) failed [ 520.154066][ T8275] FAT-fs (loop4): Directory bread(block 73) failed [ 520.224462][ T8294] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2633'. [ 523.372440][ T8324] netlink: 'syz.4.2638': attribute type 13 has an invalid length. [ 523.383196][ T8324] gretap0: refused to change device tx_queue_len [ 523.389792][ T8324] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 524.446529][ T8341] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2647'. [ 524.605932][ T8359] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2650'. [ 525.124135][ T8363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2653'. [ 525.530753][ T8376] netlink: 'syz.4.2659': attribute type 13 has an invalid length. [ 525.539498][ T8376] gretap0: refused to change device tx_queue_len [ 525.546145][ T8376] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 525.903329][ T8384] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2661'. [ 526.705685][ T8409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2672'. [ 526.805983][ T8412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2673'. [ 526.826144][ T8414] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2674'. [ 529.011304][ T8451] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2686'. [ 529.529016][ T8461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2691'. [ 530.754579][ T8497] tipc: Started in network mode [ 530.759659][ T8497] tipc: Own node identity ac14140f, cluster identity 4711 [ 530.767249][ T8497] tipc: New replicast peer: 255.255.255.255 [ 530.773623][ T8497] tipc: Enabled bearer , priority 10 [ 531.713637][ T8512] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 531.778954][ T8512] ext4 filesystem being mounted at /22/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 531.894013][ T439] tipc: 32-bit node address hash set to f1414ac [ 532.542462][ T8527] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2716'. [ 532.689958][ T8540] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2720'. [ 534.711543][ T8565] netlink: 'syz.2.2727': attribute type 13 has an invalid length. [ 534.737456][ T8565] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 535.888316][ T8565] gretap0: refused to change device tx_queue_len [ 535.895011][ T8565] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 537.330135][ T8605] netlink: 'syz.1.2740': attribute type 13 has an invalid length. [ 537.338679][ T8605] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 537.375782][ T8605] gretap0: refused to change device tx_queue_len [ 537.384732][ T8605] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 541.951506][ T8676] netlink: 'syz.1.2765': attribute type 13 has an invalid length. [ 541.959802][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 541.968152][ T8676] gretap0: refused to change device tx_queue_len [ 541.975030][ T8676] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 542.326798][ T8693] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2767'. [ 542.510924][ T8694] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2771'. [ 543.358435][ T8717] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 543.379751][ T8717] EXT4-fs (loop4): 1 truncate cleaned up [ 543.387330][ T8717] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 544.094041][ T8737] netlink: 'syz.0.2787': attribute type 13 has an invalid length. [ 544.102118][ T8737] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 544.113278][ T8737] gretap0: refused to change device tx_queue_len [ 544.120348][ T8737] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 545.297485][ T8741] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2789'. [ 545.668007][ T8747] EXT4-fs (loop4): Ignoring removed nobh option [ 545.674901][ T8747] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 545.814360][ T8747] EXT4-fs (loop4): orphan cleanup on readonly fs [ 545.825557][ T8747] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 545.840988][ T8747] EXT4-fs (loop4): Remounting filesystem read-only [ 545.848199][ T8747] Quota error (device loop4): write_blk: dquota write failed [ 545.855919][ T8747] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 545.865934][ T8747] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.2790: Failed to acquire dquot type 0 [ 545.879167][ T8747] EXT4-fs (loop4): 1 truncate cleaned up [ 545.885698][ T8747] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 546.567123][ T8757] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2793'. [ 547.692686][ T8776] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2801'. [ 548.429682][ T8799] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2808'. [ 548.764411][ T8803] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2811'. [ 549.003593][ T8806] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2813'. [ 549.216594][ T8816] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2814'. [ 550.464894][ T8824] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 550.490031][ T8824] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 551.436193][ T8842] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2824'. [ 551.951190][ T8858] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2828'. [ 551.963151][ T8855] EXT4-fs (loop4): Ignoring removed nobh option [ 551.969673][ T8855] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 552.054978][ T8855] EXT4-fs (loop4): orphan cleanup on readonly fs [ 552.064874][ T8855] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 552.080103][ T8855] EXT4-fs (loop4): Remounting filesystem read-only [ 552.087033][ T8855] Quota error (device loop4): write_blk: dquota write failed [ 552.094654][ T8855] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 552.104567][ T8855] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.2826: Failed to acquire dquot type 0 [ 552.117092][ T8855] EXT4-fs (loop4): 1 truncate cleaned up [ 552.123454][ T8855] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 552.914671][ T8874] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2831'. [ 553.171886][ T8875] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2834'. [ 553.184175][ T8875] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2834'. [ 554.466800][ T8898] overlayfs: failed to resolve './bus': -2 [ 557.332324][ T24] audit: type=1400 audit(1763257266.150:559): avc: denied { write } for pid=8957 comm="syz.2.2865" path="socket:[41646]" dev="sockfs" ino=41646 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 557.553545][ T8968] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=8968 comm=syz.0.2869 [ 557.593820][ T8971] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2870'. [ 557.707575][ T8985] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2874'. [ 558.297067][ T8993] EXT4-fs (loop4): Ignoring removed nobh option [ 558.303701][ T8993] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 559.072469][ T8993] EXT4-fs (loop4): orphan cleanup on readonly fs [ 559.081566][ T8993] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 559.096340][ T8993] EXT4-fs (loop4): Remounting filesystem read-only [ 559.103165][ T8993] Quota error (device loop4): write_blk: dquota write failed [ 559.110836][ T8993] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 559.121056][ T8993] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.2879: Failed to acquire dquot type 0 [ 559.464204][ T8993] EXT4-fs (loop4): 1 truncate cleaned up [ 559.470695][ T8993] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 560.011524][ T9009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2883'. [ 560.024389][ T9009] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2883'. [ 560.984471][ T9027] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 561.041391][ T9027] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 561.180462][ T9029] overlayfs: failed to clone upperpath [ 561.870803][ T9040] EXT4-fs (loop4): 1 orphan inode deleted [ 561.876680][ T9040] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,,errors=continue [ 561.886567][ T9040] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 562.648657][ T9056] netlink: 'syz.3.2897': attribute type 13 has an invalid length. [ 562.656733][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 562.667875][ T9056] gretap0: refused to change device tx_queue_len [ 562.674850][ T9056] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 564.108472][ T9060] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 564.144239][ T9060] EXT4-fs (loop4): 1 truncate cleaned up [ 564.159504][ T9060] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 566.564898][ T9104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2914'. [ 566.594026][ T9104] device bridge_slave_1 left promiscuous mode [ 566.601041][ T9106] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2915'. [ 566.614147][ T9104] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.637093][ T9104] device bridge_slave_0 left promiscuous mode [ 566.660563][ T9104] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.722853][ T9168] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2933'. [ 570.579533][ T9187] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.593822][ T9187] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.601675][ T9187] device bridge_slave_0 entered promiscuous mode [ 570.609285][ T9187] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.616520][ T9187] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.624181][ T9187] device bridge_slave_1 entered promiscuous mode [ 570.715670][ T831] tipc: Disabling bearer [ 570.721168][ T831] tipc: Left network mode [ 570.750759][ T9187] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.757887][ T9187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 570.765191][ T9187] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.772236][ T9187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.878256][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.889463][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.930116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 570.944437][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 570.975121][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 570.987041][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.994126][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 571.006217][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 571.016632][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.023694][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.032894][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 571.045516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 571.071046][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 571.085566][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 571.095636][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 571.110904][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 571.124886][ T9187] device veth0_vlan entered promiscuous mode [ 571.134257][ T9205] netlink: 'syz.4.2946': attribute type 13 has an invalid length. [ 571.152097][ T9205] gretap0: refused to change device tx_queue_len [ 571.159521][ T9205] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 571.189398][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 571.203190][ T9187] device veth1_macvtap entered promiscuous mode [ 571.237427][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 571.252243][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 571.445231][ T831] device veth1_macvtap left promiscuous mode [ 571.457258][ T831] device veth0_vlan left promiscuous mode [ 572.231893][ T9220] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2950'. [ 572.253389][ T9220] device bridge_slave_1 left promiscuous mode [ 572.267872][ T9220] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.286969][ T9220] device bridge_slave_0 left promiscuous mode [ 572.301456][ T9220] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.539925][ T9248] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 573.552768][ T9248] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 573.998839][ T9257] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 574.045318][ T9257] EXT4-fs (loop4): 1 truncate cleaned up [ 574.051226][ T9257] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 574.110460][ T9265] netlink: 'syz.3.2963': attribute type 13 has an invalid length. [ 574.136919][ T9265] gretap0: refused to change device tx_queue_len [ 574.143601][ T9265] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 574.725241][ T9287] netlink: 'syz.1.2974': attribute type 13 has an invalid length. [ 574.733306][ T9287] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 574.744263][ T9287] gretap0: refused to change device tx_queue_len [ 574.751255][ T9287] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 575.440453][ T9294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2976'. [ 576.540238][ T9307] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2979'. [ 577.432848][ T9323] netlink: 'syz.2.2985': attribute type 13 has an invalid length. [ 577.440984][ T9323] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 577.460711][ T9323] gretap0: refused to change device tx_queue_len [ 577.467885][ T9323] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 579.239190][ T9338] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2992'. [ 579.377932][ T5] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 579.394796][ T9343] overlayfs: failed to clone upperpath [ 580.028056][ T9355] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2996'. [ 580.794748][ T5] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 580.896107][ T5] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 580.986415][ T5] usb 4-1: config 220 interface 0 has no altsetting 0 [ 581.874069][ T5] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 581.883306][ T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.891520][ T5] usb 4-1: Product: syz [ 581.895923][ T5] usb 4-1: Manufacturer: syz [ 581.900532][ T5] usb 4-1: SerialNumber: syz [ 582.128170][ T9394] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 ! [ 582.214067][ T5] uvcvideo: Found UVC 0.00 device syz (8086:0b07) [ 582.222792][ T5] uvcvideo: No valid video chain found. [ 582.238093][ T5] usb 4-1: USB disconnect, device number 5 [ 582.311631][ T9404] netlink: 'syz.0.3011': attribute type 13 has an invalid length. [ 582.319896][ T9404] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 582.347478][ T9404] gretap0: refused to change device tx_queue_len [ 582.354883][ T9404] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 584.268797][ T9414] EXT4-fs (loop4): 1 orphan inode deleted [ 584.274681][ T9414] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,,errors=continue [ 584.284503][ T9414] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 584.771376][ T9436] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 ! [ 586.556831][ T9456] EXT4-fs (loop4): 1 orphan inode deleted [ 586.562668][ T9456] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,,errors=continue [ 586.572587][ T9456] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 587.104376][ T9473] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 ! [ 587.758591][ T9481] overlayfs: failed to clone upperpath [ 587.996814][ T9494] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3044'. [ 588.084373][ T9503] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 588.104608][ T9497] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3041'. [ 588.712909][ T7] tipc: Disabling bearer [ 588.718819][ T7] tipc: Left network mode [ 588.765429][ T9520] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.772574][ T9520] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.780687][ T9520] device bridge_slave_0 entered promiscuous mode [ 588.796290][ T9520] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.803443][ T9520] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.811231][ T9520] device bridge_slave_1 entered promiscuous mode [ 588.909161][ T9520] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.916299][ T9520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.923660][ T9520] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.930734][ T9520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.973181][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 589.337418][ T9537] EXT4-fs (loop3): Ignoring removed nobh option [ 589.343967][ T9537] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 589.369077][ T9537] EXT4-fs (loop3): orphan cleanup on readonly fs [ 589.376284][ T9537] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 589.390775][ T9537] EXT4-fs (loop3): Remounting filesystem read-only [ 589.397429][ T9537] Quota error (device loop3): write_blk: dquota write failed [ 589.404870][ T9537] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 589.414703][ T9537] EXT4-fs error (device loop3): ext4_acquire_dquot:6226: comm syz.3.3062: Failed to acquire dquot type 0 [ 589.426275][ T9537] EXT4-fs (loop3): 1 truncate cleaned up [ 589.432122][ T9537] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 589.483275][ T3965] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.504352][ T3965] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.518583][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 589.530159][ T3965] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.537266][ T3965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 589.555225][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 589.570306][ T3965] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.577431][ T3965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 589.651849][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 589.666065][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 589.684237][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 589.696075][ T9554] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3067'. [ 589.713235][ T9520] device veth0_vlan entered promiscuous mode [ 589.760006][ T9552] overlayfs: failed to clone upperpath [ 589.767469][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 589.779872][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 589.788057][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 590.005472][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 590.019815][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 590.043640][ T9520] device veth1_macvtap entered promiscuous mode [ 590.107037][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 590.116410][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 590.125126][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 590.179394][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 590.202586][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 590.383015][ T9571] EXT4-fs (loop4): Ignoring removed nobh option [ 590.389608][ T9571] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 590.500205][ T9571] EXT4-fs (loop4): orphan cleanup on readonly fs [ 590.507773][ T9571] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 590.522375][ T9571] EXT4-fs (loop4): Remounting filesystem read-only [ 590.529713][ T9571] Quota error (device loop4): write_blk: dquota write failed [ 590.537676][ T9571] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 590.548216][ T9571] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.3074: Failed to acquire dquot type 0 [ 590.559961][ T9571] EXT4-fs (loop4): 1 truncate cleaned up [ 590.567609][ T7] device veth1_macvtap left promiscuous mode [ 590.579579][ T7] device veth0_vlan left promiscuous mode [ 590.579704][ T9571] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 590.732246][ T9583] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3077'. [ 591.121897][ T9600] overlayfs: failed to clone upperpath [ 591.572660][ T9608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3085'. [ 593.022740][ T9642] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3095'. [ 593.142501][ T9644] overlayfs: failed to resolve './bus': -2 [ 593.427645][ T9647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3100'. [ 593.658932][ T9649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3101'. [ 595.629954][ T9677] EXT4-fs (loop2): Ignoring removed nobh option [ 595.636443][ T9677] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 595.691439][ T9677] EXT4-fs (loop2): orphan cleanup on readonly fs [ 595.725194][ T9677] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 595.739602][ T9677] EXT4-fs (loop2): Remounting filesystem read-only [ 595.746246][ T9677] Quota error (device loop2): write_blk: dquota write failed [ 595.753721][ T9677] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 595.763608][ T9677] EXT4-fs error (device loop2): ext4_acquire_dquot:6226: comm syz.2.3110: Failed to acquire dquot type 0 [ 595.775348][ T9677] EXT4-fs (loop2): 1 truncate cleaned up [ 595.784163][ T9677] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 595.856587][ T9684] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3113'. [ 596.181634][ T9696] overlayfs: missing 'lowerdir' [ 597.006000][ T9703] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3120'. [ 597.173527][ T9707] overlayfs: failed to resolve './bus': -2 [ 598.297290][ T9729] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3131'. [ 599.339455][ T9739] overlayfs: missing 'lowerdir' [ 600.418622][ T9751] netlink: 'syz.3.3136': attribute type 13 has an invalid length. [ 600.828112][ T9751] gretap0: refused to change device tx_queue_len [ 601.180366][ T9751] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 601.259226][ T9760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3140'. [ 601.604503][ T9768] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3142'. [ 601.659096][ T9770] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3143'. [ 602.085809][ T9773] overlayfs: failed to clone upperpath [ 603.249436][ T9788] overlayfs: missing 'lowerdir' [ 606.006558][ T9826] erofs: (device loop3): mounted with root inode @ nid 36. [ 606.025069][ T9826] erofs: (device loop3): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 606.043426][ T42] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -5 in[4096, 0] out[4868] [ 606.365657][ T9830] netlink: 'syz.4.3162': attribute type 13 has an invalid length. [ 607.016179][ T9830] gretap0: refused to change device tx_queue_len [ 607.040075][ T9830] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 607.265930][ T9838] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3164'. [ 607.653015][ T9842] overlayfs: missing 'lowerdir' [ 608.759703][ T9853] overlayfs: failed to resolve './bus': -2 [ 608.927844][ T9857] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 608.937125][ T9857] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 609.014065][ T9863] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 609.029206][ T9863] EXT4-fs (loop2): 1 truncate cleaned up [ 609.035234][ T9863] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 609.250267][ T9875] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3176'. [ 609.811600][ T9884] overlayfs: missing 'lowerdir' [ 610.769276][ T9896] netlink: 'syz.0.3183': attribute type 13 has an invalid length. [ 610.777261][ T9896] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 610.790162][ T9896] gretap0: refused to change device tx_queue_len [ 610.797354][ T9896] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 610.899007][ T9897] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 610.908273][ T9897] ext4 filesystem being mounted at /119/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 612.137034][ T9912] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3189'. [ 612.577285][ T9935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3193'. [ 612.590111][ T9935] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3193'. [ 612.776710][ T9937] overlayfs: missing 'lowerdir' [ 613.265735][ T9943] netlink: 'syz.1.3198': attribute type 13 has an invalid length. [ 613.273627][ T9943] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 613.282513][ T9943] gretap0: refused to change device tx_queue_len [ 613.289102][ T9943] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 614.184553][ T9958] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3205'. [ 614.356675][ T24] audit: type=1400 audit(1763257323.180:560): avc: denied { bind } for pid=9985 comm="syz.4.3211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 614.370605][ T9969] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.395883][ T9969] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.403336][ T9969] device bridge_slave_0 entered promiscuous mode [ 614.425779][ T9969] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.433121][ T9969] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.440730][ T9969] device bridge_slave_1 entered promiscuous mode [ 614.454044][ T24] audit: type=1400 audit(1763257323.210:561): avc: denied { listen } for pid=9985 comm="syz.4.3211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 614.478042][ T24] audit: type=1400 audit(1763257323.220:562): avc: denied { accept } for pid=9985 comm="syz.4.3211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 614.543475][ T9969] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.550581][ T9969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 614.557881][ T9969] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.564938][ T9969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 614.588742][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 614.597358][ T2431] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.605004][ T2431] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.623777][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 614.632470][ T2431] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.639564][ T2431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 614.668925][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 614.680119][ T2431] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.687196][ T2431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 614.695286][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 614.779745][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 614.789853][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 614.815140][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 614.823228][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 614.831179][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 614.840586][ T9969] device veth0_vlan entered promiscuous mode [ 615.025655][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 615.110961][ T9969] device veth1_macvtap entered promiscuous mode [ 615.372626][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 615.412718][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 615.483870][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 615.499875][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 615.584427][ T24] audit: type=1400 audit(1763257324.380:563): avc: denied { write } for pid=9969 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object" [ 615.645372][ T9] tipc: Disabling bearer [ 615.650774][ T9] tipc: Left network mode [ 615.660628][T10005] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 615.674066][ T24] audit: type=1400 audit(1763257324.380:564): avc: denied { open } for pid=9969 comm="syz-executor" path="/syzcgroup/cpu/syz0/cgroup.procs" dev="cgroup" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object" [ 615.674549][T10005] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 617.425326][ T9] device veth1_macvtap left promiscuous mode [ 617.433107][ T9] device veth0_vlan left promiscuous mode [ 618.045996][T10076] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.059334][T10076] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.070344][T10076] device bridge_slave_0 entered promiscuous mode [ 618.077830][T10076] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.084912][T10076] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.092341][T10076] device bridge_slave_1 entered promiscuous mode [ 618.150435][T10076] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.157544][T10076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 618.164824][T10076] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.171850][T10076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 618.238922][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 618.249117][ T2431] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.263152][ T2431] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.305393][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 618.316965][ T2431] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.324168][ T2431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 618.340295][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 618.362949][ T2431] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.370037][ T2431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 618.378144][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 618.386547][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 618.401646][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 618.428767][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 618.439990][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 618.521084][ T2431] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 618.616426][ T9] tipc: Disabling bearer [ 618.626127][T10076] device veth0_vlan entered promiscuous mode [ 618.632310][ T9] tipc: Left network mode [ 618.717057][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 618.738362][T10076] device veth1_macvtap entered promiscuous mode [ 618.757126][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 618.772429][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 618.899038][T10121] FAT-fs (loop1): Directory bread(block 64) failed [ 618.912079][T10121] FAT-fs (loop1): Directory bread(block 65) failed [ 618.926222][T10121] FAT-fs (loop1): Directory bread(block 66) failed [ 618.933572][T10121] FAT-fs (loop1): Directory bread(block 67) failed [ 618.946426][T10121] FAT-fs (loop1): Directory bread(block 68) failed [ 618.956572][T10121] FAT-fs (loop1): Directory bread(block 69) failed [ 618.972169][T10121] FAT-fs (loop1): Directory bread(block 70) failed [ 619.000503][T10121] FAT-fs (loop1): Directory bread(block 71) failed [ 619.019545][T10121] FAT-fs (loop1): Directory bread(block 72) failed [ 619.031756][T10121] FAT-fs (loop1): Directory bread(block 73) failed [ 619.245321][T10130] netlink: 'syz.2.3249': attribute type 13 has an invalid length. [ 619.387198][T10130] gretap0: refused to change device tx_queue_len [ 619.394071][T10130] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 620.555499][ T24] audit: type=1400 audit(1763257329.380:565): avc: denied { getopt } for pid=10142 comm="syz.3.3254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 621.095639][ T9] device veth1_macvtap left promiscuous mode [ 621.104109][ T9] device veth0_vlan left promiscuous mode [ 621.328994][T10167] overlayfs: failed to resolve './bus': -2 [ 623.007870][T10217] overlayfs: failed to resolve './bus': -2 [ 623.645943][T10231] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 623.666831][T10231] EXT4-fs (loop1): 1 truncate cleaned up [ 623.672566][T10231] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 623.934123][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3285'. [ 623.946171][T10241] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3285'. [ 624.366276][T10266] overlayfs: failed to resolve './bus': -2 [ 625.070241][T10276] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3300'. [ 625.468559][T10285] 9pnet: Insufficient options for proto=fd [ 625.549608][T10292] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3309'. [ 626.058345][T10302] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 626.075791][T10302] ext4 filesystem being mounted at /150/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 626.655203][T10315] FAT-fs (loop0): Directory bread(block 64) failed [ 626.661773][T10315] FAT-fs (loop0): Directory bread(block 65) failed [ 626.696516][T10315] FAT-fs (loop0): Directory bread(block 66) failed [ 626.703228][T10315] FAT-fs (loop0): Directory bread(block 67) failed [ 626.709926][T10315] FAT-fs (loop0): Directory bread(block 68) failed [ 626.716802][T10315] FAT-fs (loop0): Directory bread(block 69) failed [ 626.723386][T10315] FAT-fs (loop0): Directory bread(block 70) failed [ 626.730104][T10315] FAT-fs (loop0): Directory bread(block 71) failed [ 626.736778][T10315] FAT-fs (loop0): Directory bread(block 72) failed [ 626.743424][T10315] FAT-fs (loop0): Directory bread(block 73) failed [ 626.932136][T10321] overlayfs: failed to resolve './bus': -2 [ 627.234956][T10326] 9pnet: Insufficient options for proto=fd [ 627.274557][T10331] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3322'. [ 627.432290][T10339] netlink: 'syz.1.3323': attribute type 13 has an invalid length. [ 627.546193][T10339] gretap0: refused to change device tx_queue_len [ 627.553708][T10339] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 627.935502][T10341] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 627.963492][T10341] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 628.425057][T10346] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3327'. [ 628.911899][T10368] 9pnet: Insufficient options for proto=fd [ 629.558587][T10386] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 629.567649][T10386] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 630.024633][T10400] 9pnet: Insufficient options for proto=fd [ 630.157540][T10411] EXT4-fs (loop1): Ignoring removed nobh option [ 630.164071][T10411] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 630.184366][T10398] overlayfs: failed to resolve './bus': -2 [ 630.418078][T10411] EXT4-fs (loop1): orphan cleanup on readonly fs [ 630.427642][T10411] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 630.443069][T10411] EXT4-fs (loop1): Remounting filesystem read-only [ 630.450015][T10411] Quota error (device loop1): write_blk: dquota write failed [ 630.457608][T10411] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 630.467510][T10411] EXT4-fs error (device loop1): ext4_acquire_dquot:6226: comm syz.1.3341: Failed to acquire dquot type 0 [ 630.479869][T10411] EXT4-fs (loop1): 1 truncate cleaned up [ 630.486048][T10411] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 631.236343][T10460] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 631.276337][T10460] EXT4-fs (loop2): 1 truncate cleaned up [ 631.287130][T10460] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 631.645896][T10476] EXT4-fs (loop1): Ignoring removed nobh option [ 631.652478][T10476] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 631.749012][T10476] EXT4-fs (loop1): orphan cleanup on readonly fs [ 631.818436][T10476] EXT4-fs error (device loop1): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 631.834283][T10476] EXT4-fs (loop1): Remounting filesystem read-only [ 631.841198][T10476] Quota error (device loop1): write_blk: dquota write failed [ 631.848877][T10476] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 631.858925][T10476] EXT4-fs error (device loop1): ext4_acquire_dquot:6226: comm syz.1.3364: Failed to acquire dquot type 0 [ 631.872611][T10476] EXT4-fs (loop1): 1 truncate cleaned up [ 631.878887][T10476] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 632.747608][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3380'. [ 632.968656][T10523] EXT4-fs (loop4): Ignoring removed nobh option [ 632.975325][T10523] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 633.193723][T10523] EXT4-fs (loop4): orphan cleanup on readonly fs [ 633.205409][T10523] EXT4-fs error (device loop4): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 19 vs 41 free clusters [ 633.221227][T10523] EXT4-fs (loop4): Remounting filesystem read-only [ 633.228406][T10523] Quota error (device loop4): write_blk: dquota write failed [ 633.236062][T10523] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 633.246178][T10523] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.3381: Failed to acquire dquot type 0 [ 633.259474][T10523] EXT4-fs (loop4): 1 truncate cleaned up [ 633.266123][T10523] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,noblock_validity,nolazytime,journal_dev=0x0000000000000d41,nogrpid,nobh,errors=remount-ro,noinit_itable,min_batch_time=0x00000000000000012 [ 633.964611][T10546] FAT-fs (loop2): Directory bread(block 64) failed [ 633.978198][T10546] FAT-fs (loop2): Directory bread(block 65) failed [ 633.990085][T10546] FAT-fs (loop2): Directory bread(block 66) failed [ 633.996965][T10546] FAT-fs (loop2): Directory bread(block 67) failed [ 634.003547][T10546] FAT-fs (loop2): Directory bread(block 68) failed [ 634.010655][T10546] FAT-fs (loop2): Directory bread(block 69) failed [ 634.017395][T10546] FAT-fs (loop2): Directory bread(block 70) failed [ 634.024116][T10546] FAT-fs (loop2): Directory bread(block 71) failed [ 634.030714][T10546] FAT-fs (loop2): Directory bread(block 72) failed [ 634.037966][T10546] FAT-fs (loop2): Directory bread(block 73) failed [ 634.163341][T10559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3395'. [ 635.088970][T10569] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 635.133625][T10569] ext4 filesystem being mounted at /31/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 635.526158][T10583] incfs: Unexpected inode type [ 635.604045][ T9969] ------------[ cut here ]------------ [ 635.614098][ T24] audit: type=1400 audit(1763257344.420:566): avc: denied { unmount } for pid=9969 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 635.645368][ T9969] WARNING: CPU: 1 PID: 9969 at fs/inode.c:304 drop_nlink+0xc5/0x110 [ 635.665508][ T9969] Modules linked in: [ 635.669478][ T9969] CPU: 1 PID: 9969 Comm: syz-executor Not tainted syzkaller #0 [ 635.687818][ T9969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 635.728430][ T9969] RIP: 0010:drop_nlink+0xc5/0x110 [ 635.733501][ T9969] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 93 22 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 bb 30 b8 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 635.776386][ T9969] RSP: 0018:ffffc90000d17cd0 EFLAGS: 00010293 [ 635.782513][ T9969] RAX: ffffffff81ab74e5 RBX: ffff88812b8e0060 RCX: ffff888112ed0000 [ 635.790553][ T9969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 635.798569][ T9969] RBP: ffffc90000d17cf8 R08: 0000000000000004 R09: 0000000000000003 [ 635.806562][ T9969] R10: fffff520001a2f88 R11: 1ffff920001a2f88 R12: dffffc0000000000 [ 635.814586][ T9969] R13: 1ffff1102571c015 R14: ffff88812b8e00a8 R15: 0000000000000000 [ 635.822627][ T9969] FS: 00005555707c4500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 635.831580][ T9969] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 635.838441][ T9969] CR2: 00007fdbfdadcdac CR3: 000000014f53c000 CR4: 00000000003506b0 [ 635.865692][ T9969] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 635.873815][ T9969] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 635.882910][ T9969] Call Trace: [ 635.886891][ T9969] shmem_rmdir+0x5b/0x90 [ 635.891299][ T9969] vfs_rmdir+0x1b3/0x3e0 [ 635.896033][ T9969] incfs_kill_sb+0xfe/0x210 [ 635.901538][ T9969] deactivate_locked_super+0xa0/0x100 [ 635.907219][ T9969] deactivate_super+0xaf/0xe0 [ 635.911937][ T9969] cleanup_mnt+0x446/0x500 [ 635.916602][ T9969] __cleanup_mnt+0x19/0x20 [ 635.921047][ T9969] task_work_run+0x127/0x190 [ 635.925831][ T9969] exit_to_user_mode_loop+0xcb/0xe0 [ 635.931045][ T9969] exit_to_user_mode_prepare+0x76/0xa0 [ 635.936776][ T9969] syscall_exit_to_user_mode+0x1d/0x40 [ 635.942372][ T9969] do_syscall_64+0x3d/0x40 [ 635.947163][ T9969] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 635.954266][ T9969] RIP: 0033:0x7fcb7455c9f7 [ 635.958763][ T9969] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 635.978621][ T9969] RSP: 002b:00007ffc79bc3158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 635.987155][ T9969] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcb7455c9f7 [ 635.995252][ T9969] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc79bc3210 [ 636.003319][ T9969] RBP: 00007ffc79bc3210 R08: 0000000000000000 R09: 0000000000000000 [ 636.011534][ T9969] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc79bc42a0 [ 636.019816][ T9969] R13: 00007fcb745ddd7d R14: 000000000009b294 R15: 00007ffc79bc42e0 [ 636.027882][ T9969] ---[ end trace fbc0a0b71f6ed916 ]--- [ 636.033466][ T9969] ================================================================== [ 636.041647][ T9969] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 636.047894][ T9969] Write of size 4 at addr 0000000000000170 by task syz-executor/9969 [ 636.055933][ T9969] [ 636.058249][ T9969] CPU: 0 PID: 9969 Comm: syz-executor Tainted: G W syzkaller #0 [ 636.067160][ T9969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 636.077194][ T9969] Call Trace: [ 636.080477][ T9969] __dump_stack+0x21/0x24 [ 636.084808][ T9969] dump_stack_lvl+0x169/0x1d8 [ 636.089500][ T9969] ? thaw_kernel_threads+0x220/0x220 [ 636.094779][ T9969] ? show_regs_print_info+0x18/0x18 [ 636.099964][ T9969] ? _raw_spin_lock+0x8e/0xe0 [ 636.104628][ T9969] ? _raw_spin_trylock_bh+0x130/0x130 [ 636.109997][ T9969] ? ihold+0x20/0x60 [ 636.113894][ T9969] kasan_report+0xd8/0x130 [ 636.118310][ T9969] ? ihold+0x20/0x60 [ 636.122204][ T9969] kasan_check_range+0x280/0x290 [ 636.127220][ T9969] __kasan_check_write+0x14/0x20 [ 636.132143][ T9969] ihold+0x20/0x60 [ 636.135856][ T9969] vfs_rmdir+0x247/0x3e0 [ 636.140087][ T9969] incfs_kill_sb+0xfe/0x210 [ 636.144581][ T9969] deactivate_locked_super+0xa0/0x100 [ 636.149939][ T9969] deactivate_super+0xaf/0xe0 [ 636.154620][ T9969] cleanup_mnt+0x446/0x500 [ 636.159038][ T9969] __cleanup_mnt+0x19/0x20 [ 636.163443][ T9969] task_work_run+0x127/0x190 [ 636.168032][ T9969] exit_to_user_mode_loop+0xcb/0xe0 [ 636.173227][ T9969] exit_to_user_mode_prepare+0x76/0xa0 [ 636.178690][ T9969] syscall_exit_to_user_mode+0x1d/0x40 [ 636.184153][ T9969] do_syscall_64+0x3d/0x40 [ 636.188575][ T9969] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 636.194452][ T9969] RIP: 0033:0x7fcb7455c9f7 [ 636.198855][ T9969] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 636.218474][ T9969] RSP: 002b:00007ffc79bc3158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 636.226888][ T9969] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcb7455c9f7 [ 636.234847][ T9969] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc79bc3210 [ 636.242805][ T9969] RBP: 00007ffc79bc3210 R08: 0000000000000000 R09: 0000000000000000 [ 636.250782][ T9969] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc79bc42a0 [ 636.258747][ T9969] R13: 00007fcb745ddd7d R14: 000000000009b294 R15: 00007ffc79bc42e0 [ 636.266711][ T9969] ================================================================== [ 636.274781][ T9969] Disabling lock debugging due to kernel taint [ 636.281235][ T9969] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 636.284738][ T24] audit: type=1400 audit(1763257345.100:567): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 636.289056][ T9969] #PF: supervisor write access in kernel mode [ 636.310966][ T24] audit: type=1400 audit(1763257345.110:568): avc: denied { search } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 636.316792][ T9969] #PF: error_code(0x0002) - not-present page [ 636.316809][ T9969] PGD 10a7c3067 P4D 10a7c3067 PUD 0 [ 636.338630][ T24] audit: type=1400 audit(1763257345.110:569): avc: denied { write } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 636.344030][ T9969] [ 636.344043][ T9969] Oops: 0002 [#1] PREEMPT SMP KASAN [ 636.344057][ T9969] CPU: 1 PID: 9969 Comm: syz-executor Tainted: G B W syzkaller #0 [ 636.344071][ T9969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 636.349800][ T24] audit: type=1400 audit(1763257345.110:570): avc: denied { add_name } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 636.370519][ T9969] RIP: 0010:ihold+0x26/0x60 [ 636.370532][ T9969] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 d1 28 b8 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 80 1a f2 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 51 [ 636.370540][ T9969] RSP: 0018:ffffc90000d17d10 EFLAGS: 00010246 [ 636.370552][ T9969] RAX: ffff888112ed0000 RBX: 0000000000000000 RCX: 0000000000000286 [ 636.370560][ T9969] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 636.370567][ T9969] RBP: ffffc90000d17d20 R08: 0000000000000004 R09: 0000000000000003 [ 636.370575][ T9969] R10: fffffbfff0d8ee48 R11: 1ffffffff0d8ee48 R12: 1ffff110237cd95a [ 636.370590][ T9969] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 636.373428][ T24] audit: type=1400 audit(1763257345.110:571): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 636.378093][ T9969] FS: 00005555707c4500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 636.378102][ T9969] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 636.378109][ T9969] CR2: 0000000000000170 CR3: 000000014f53c000 CR4: 00000000003506a0 [ 636.378119][ T9969] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 636.378133][ T9969] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 636.387483][ T24] audit: type=1400 audit(1763257345.110:572): avc: denied { append open } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 636.397082][ T9969] Call Trace: [ 636.397100][ T9969] vfs_rmdir+0x247/0x3e0 [ 636.397116][ T9969] incfs_kill_sb+0xfe/0x210 [ 636.397129][ T9969] deactivate_locked_super+0xa0/0x100 [ 636.397140][ T9969] deactivate_super+0xaf/0xe0 [ 636.397159][ T9969] cleanup_mnt+0x446/0x500 [ 636.596431][ T9969] __cleanup_mnt+0x19/0x20 [ 636.600841][ T9969] task_work_run+0x127/0x190 [ 636.605424][ T9969] exit_to_user_mode_loop+0xcb/0xe0 [ 636.610613][ T9969] exit_to_user_mode_prepare+0x76/0xa0 [ 636.616068][ T9969] syscall_exit_to_user_mode+0x1d/0x40 [ 636.621513][ T9969] do_syscall_64+0x3d/0x40 [ 636.625922][ T9969] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 636.631803][ T9969] RIP: 0033:0x7fcb7455c9f7 [ 636.636216][ T9969] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 636.655812][ T9969] RSP: 002b:00007ffc79bc3158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 636.664213][ T9969] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcb7455c9f7 [ 636.672176][ T9969] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc79bc3210 [ 636.680138][ T9969] RBP: 00007ffc79bc3210 R08: 0000000000000000 R09: 0000000000000000 [ 636.688102][ T9969] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc79bc42a0 [ 636.696070][ T9969] R13: 00007fcb745ddd7d R14: 000000000009b294 R15: 00007ffc79bc42e0 [ 636.704033][ T9969] Modules linked in: [ 636.707919][ T9969] CR2: 0000000000000170 [ 636.712082][ T9969] ---[ end trace fbc0a0b71f6ed917 ]--- [ 636.717535][ T9969] RIP: 0010:ihold+0x26/0x60 [ 636.722026][ T9969] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 d1 28 b8 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 80 1a f2 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 51 [ 636.741620][ T9969] RSP: 0018:ffffc90000d17d10 EFLAGS: 00010246 [ 636.747844][ T9969] RAX: ffff888112ed0000 RBX: 0000000000000000 RCX: 0000000000000286 [ 636.755924][ T9969] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 636.763907][ T9969] RBP: ffffc90000d17d20 R08: 0000000000000004 R09: 0000000000000003 [ 636.771885][ T9969] R10: fffffbfff0d8ee48 R11: 1ffffffff0d8ee48 R12: 1ffff110237cd95a [ 636.779854][ T9969] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 636.787837][ T9969] FS: 00005555707c4500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 636.796755][ T9969] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 636.803327][ T9969] CR2: 0000000000000170 CR3: 000000014f53c000 CR4: 00000000003506a0 [ 636.811290][ T9969] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 636.819252][ T9969] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 636.827217][ T9969] Kernel panic - not syncing: Fatal exception [ 636.833562][ T9969] Kernel Offset: disabled [ 636.837888][ T9969] Rebooting in 86400 seconds..