last executing test programs: 41.584516525s ago: executing program 3 (id=1671): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) openat$ppp(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$FS_IOC_GETFSUUID(r2, 0x80111500, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x6}, {0xd}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0xa, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x8000, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40080}, 0x4000440) 41.364908475s ago: executing program 3 (id=1675): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r1, 0xe4}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1804"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r2, 0x4010744d, &(0x7f0000000180)) 41.272871926s ago: executing program 3 (id=1679): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf50, 0x2925, 0xffff, 0x9dff, 0xf, "9402080100"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2) 40.932607848s ago: executing program 3 (id=1684): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb101e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x3) 40.893596348s ago: executing program 3 (id=1685): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1}, 0x18) r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) 40.49484427s ago: executing program 3 (id=1691): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x3, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff1, 0x2}, {}, {0x3, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8100}, @TCA_FLOWER_KEY_VLAN_ID={0x6, 0x17, 0x91d}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084) 40.49467938s ago: executing program 32 (id=1691): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x3, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff1, 0x2}, {}, {0x3, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8100}, @TCA_FLOWER_KEY_VLAN_ID={0x6, 0x17, 0x91d}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084) 1.85778576s ago: executing program 2 (id=2617): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r3}, 0x10) close(r1) 1.780419791s ago: executing program 2 (id=2621): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x609e495c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r4, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0) 1.655541362s ago: executing program 0 (id=2627): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x75, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000004000), 0x0}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.615645431s ago: executing program 4 (id=2630): openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0) r0 = socket$inet(0x2, 0x3, 0x5) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.564293282s ago: executing program 4 (id=2631): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0) close(r4) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) splice(r0, 0x0, r2, 0x0, 0x1100000000f336, 0x0) 1.558286952s ago: executing program 2 (id=2632): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r3, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) close_range(r2, 0xffffffffffffffff, 0x0) 1.506835352s ago: executing program 2 (id=2633): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = syz_io_uring_setup(0x8c3, &(0x7f0000000140)={0x0, 0x9299, 0x0, 0x2, 0xbedffffc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r1, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000500)={0x7, 0x20009dc6, 0x0, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 1.426390902s ago: executing program 2 (id=2635): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.320123333s ago: executing program 2 (id=2637): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="b4f2cd22d3842aabf395990a1ef1863e7ebb884b7ec4f7651feaf965e0fe93377ef1e641747c8efa5b4f6abc51593330062aef3e06572ab1b36c68e6fea4c6eb78914348f82e3663f204bbb3d22fdeab379aa5d4605023a6390e3781bbddc3fc4d9be11c6ddda10f123a913cfdb1b95fcccafa183404636d0271d7cdc4fd83cd5abb8f48db2552de1006dc11eeff7a69351659c8b8cc94c41e79214658be5a9f97242d03f7bff89ee098a590e7c65af5d2d762a933f364cbf076c9cecc3cdba361c953a83f0d0ead7f4fb7dcc27f877ee0208edf7e661405cc36bdbd2aa6c6d44361b6677f34f00623f385", @ANYRESHEX=r0, @ANYRES64=r0, @ANYRESDEC=r0, @ANYRESOCT=r0, @ANYRES64=r0], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'}) sendto$isdn(r3, &(0x7f00000003c0)={0x80, 0x8}, 0x8, 0x24000801, 0x0, 0x0) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 1.253341983s ago: executing program 0 (id=2640): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x6, 0x0, 0x7ffc1ffb}]}) r0 = socket$unix(0x1, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) accept(r2, 0x0, 0x0) 1.230037503s ago: executing program 0 (id=2642): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0) sendmsg$tipc(r2, &(0x7f00000000c0)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1}, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc084}, 0x20000090) 1.207155104s ago: executing program 0 (id=2644): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000000000000000000000000008500000036000000c50000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r2, r1}, 0x40) syz_emit_ethernet(0x104a, &(0x7f0000005140)=ANY=[], 0x0) 1.205583454s ago: executing program 5 (id=2645): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000) 1.146927094s ago: executing program 0 (id=2646): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000}, 0x20000840) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) mlock2(&(0x7f0000009000/0x3000)=nil, 0x3000, 0x0) mlock2(&(0x7f0000008000/0x3000)=nil, 0x3000, 0x0) 1.110905754s ago: executing program 5 (id=2647): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fffffff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 1.091400884s ago: executing program 5 (id=2648): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000002040)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r1, 0x400, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='leases_conflict\x00', r3}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) 709.540806ms ago: executing program 4 (id=2650): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000100)=@security={'security\x00', 0xe, 0x4, 0x2d0, 0xffffffff, 0xd0, 0x1d8, 0xd0, 0xffffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@ip={@remote, @empty, 0xff000000, 0xffffff00, 'veth0_vlan\x00', 'ip6erspan0\x00', {0xff}, {}, 0x21, 0x2}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @broadcast, 0x0, 0xa, [0x15, 0x1d, 0x3, 0x3b, 0x5, 0x16, 0x26, 0xa, 0x2b, 0x20, 0x29, 0x3, 0x25, 0x15, 0x32, 0x24], 0x0, 0x100, 0x10001}}}, {{@ip={@broadcast, @multicast1, 0x0, 0xffffff00, 'veth1\x00', 'batadv0\x00', {0xff}, {0xff}, 0x16, 0x1}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x4, 0x0, 0x0, 0x5, 0x2], 0x3, 0x1}, {0xffffffffffffffff, [0x3, 0x5, 0x7, 0x2, 0x1], 0x2, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x330) r1 = open(0x0, 0x64842, 0x389b0d52417bb201) pwritev2(r1, 0x0, 0x0, 0x7000, 0x0, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0xc0, 0x8, 0xfa04, 0xc0, 0x6c02, 0x178, 0x194, 0x194, 0x178, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'erspan0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0xffff, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248) 685.846006ms ago: executing program 4 (id=2651): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@version_u}]}}) 566.822027ms ago: executing program 1 (id=2653): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0x20) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000000040)='./file0/../file0\x00', 0x804000, 0x184) 555.258667ms ago: executing program 4 (id=2654): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r0}, 0x10) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 473.674078ms ago: executing program 1 (id=2655): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) request_key(0x0, 0x0, 0x0, 0x0) 271.076479ms ago: executing program 0 (id=2656): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000abd92de000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00'}, 0x10) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000180)="480000001400190d7ebdeb75fd0d9c562c84d8c033aae421962ea6ff3cd3c461ebe430a2ed7a80ffe0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6", 0x48}], 0x1) 217.671539ms ago: executing program 5 (id=2657): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r2}, 0x18) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20010814) close(r0) 176.010249ms ago: executing program 1 (id=2658): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(0xffffffffffffffff) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rename(0x0, 0x0) 175.396689ms ago: executing program 4 (id=2659): socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2, 0x0, 0x10}, 0x18) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) 86.969249ms ago: executing program 5 (id=2660): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r2, &(0x7f00000002c0)={@val={0x0, 0x6003}, @void, @eth={@broadcast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x67, 0x0, 0x3, 0x2f, 0x0, @private=0x1fe1, @multicast1}, {0xa000, 0x86dd, 0xc, 0x0, @opaque="f842651e"}}}}}}, 0x32) 60.59894ms ago: executing program 1 (id=2662): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r2, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 26.66019ms ago: executing program 1 (id=2663): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x0, 0x0, 0xfffffffd, 0xe58}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) 15.21142ms ago: executing program 5 (id=2664): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x6, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=2665): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x40) syz_usb_disconnect(r2) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)={0x114, 0x29, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac0b}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8", @typed={0x8, 0x145, 0x0, 0x0, @ipv4=@remote}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) kernel console output (not intermixed with test programs): 64.066971][ T5325] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.077809][ T5325] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.089080][ T5325] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.200216][ T3681] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 64.200246][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 64.234270][ T5879] syzkaller0: entered allmulticast mode [ 64.240328][ T5878] bridge: RTM_NEWNEIGH with invalid ether address [ 64.250286][ T5879] syzkaller0: entered promiscuous mode [ 64.259473][ T5879] syzkaller0 (unregistering): left allmulticast mode [ 64.266337][ T5879] syzkaller0 (unregistering): left promiscuous mode [ 64.440744][ T5895] loop2: detected capacity change from 0 to 512 [ 64.460385][ T5895] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 64.491870][ T5895] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 64.521507][ T5895] EXT4-fs (loop2): 1 truncate cleaned up [ 64.527518][ T5895] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.581192][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.820769][ T5911] bridge: RTM_NEWNEIGH with invalid ether address [ 65.215974][ T5940] bridge_slave_1: left promiscuous mode [ 65.221810][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.262680][ T5940] bridge_slave_0: left promiscuous mode [ 65.268432][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.401642][ T5950] __nla_validate_parse: 2 callbacks suppressed [ 65.401655][ T5950] netlink: 32 bytes leftover after parsing attributes in process `syz.3.989'. [ 65.423250][ T5950] loop3: detected capacity change from 0 to 164 [ 65.433734][ T5954] netlink: 8 bytes leftover after parsing attributes in process `syz.2.990'. [ 65.437566][ T29] kauditd_printk_skb: 223 callbacks suppressed [ 65.437580][ T29] audit: type=1400 audit(1761694264.487:1424): avc: denied { mount } for pid=5949 comm="syz.3.989" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 65.442598][ T5954] netlink: 'syz.2.990': attribute type 30 has an invalid length. [ 65.449497][ T5950] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 65.494999][ T5346] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.501805][ T29] audit: type=1400 audit(1761694264.547:1425): avc: denied { unmount } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 65.525952][ T5346] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.535055][ T5346] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.544060][ T5346] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 65.566251][ T29] audit: type=1400 audit(1761694264.607:1426): avc: denied { bind } for pid=5958 comm="syz.0.992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.589071][ T5961] serio: Serial port ptm0 [ 65.603604][ T29] audit: type=1326 audit(1761694264.657:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.627112][ T29] audit: type=1326 audit(1761694264.657:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.650519][ T29] audit: type=1326 audit(1761694264.657:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.674121][ T29] audit: type=1326 audit(1761694264.657:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.697509][ T29] audit: type=1326 audit(1761694264.657:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.721057][ T29] audit: type=1326 audit(1761694264.657:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.744387][ T29] audit: type=1326 audit(1761694264.657:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5964 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f9af1efc9 code=0x7ffc0000 [ 65.774588][ T5968] loop3: detected capacity change from 0 to 256 [ 65.781826][ T5968] FAT-fs (loop3): bogus number of FAT sectors [ 65.787911][ T5968] FAT-fs (loop3): Can't find a valid FAT filesystem [ 65.873579][ T5980] loop3: detected capacity change from 0 to 512 [ 65.892349][ T5980] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.904936][ T5980] ext4 filesystem being mounted at /172/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 65.905245][ T5984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1002'. [ 65.919074][ T5980] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.1001: corrupted inode contents [ 65.930140][ T5984] team1: entered promiscuous mode [ 65.936483][ T5980] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.1001: mark_inode_dirty error [ 65.941267][ T5984] team1: entered allmulticast mode [ 65.953171][ T5980] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.1001: corrupted inode contents [ 65.957606][ T5984] 8021q: adding VLAN 0 to HW filter on device team1 [ 65.970063][ T5980] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1001: mark_inode_dirty error [ 66.012295][ T5986] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.052096][ T5986] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.088670][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.121801][ T5986] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.181601][ T5986] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.444294][ T6012] loop0: detected capacity change from 0 to 256 [ 66.699371][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.706822][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.714314][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.721772][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.729143][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.736555][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.743955][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.751334][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.758738][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.766201][ T3366] hid-generic 0003:0003:0000.0003: unknown main item tag 0x0 [ 66.774590][ T3366] hid-generic 0003:0003:0000.0003: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 67.045460][ T6058] loop2: detected capacity change from 0 to 512 [ 67.046065][ T6057] serio: Serial port ptm0 [ 67.065390][ T6058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.078185][ T6058] ext4 filesystem being mounted at /212/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 67.095092][ T6058] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #2: comm syz.2.1034: corrupted inode contents [ 67.107321][ T6058] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #2: comm syz.2.1034: mark_inode_dirty error [ 67.118830][ T6058] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #2: comm syz.2.1034: corrupted inode contents [ 67.131020][ T6058] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1034: mark_inode_dirty error [ 67.156843][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.174169][ T6063] pim6reg1: entered promiscuous mode [ 67.179565][ T6063] pim6reg1: entered allmulticast mode [ 68.390279][ T5330] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.420392][ T5330] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.433605][ T5330] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.458099][ T5330] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.751791][ T6122] loop4: detected capacity change from 0 to 1024 [ 68.767157][ T6122] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.017859][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.048356][ T6139] pim6reg1: entered promiscuous mode [ 69.053705][ T6139] pim6reg1: entered allmulticast mode [ 69.245118][ T6149] bridge: RTM_NEWNEIGH with invalid ether address [ 69.457577][ T6162] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1076'. [ 69.595620][ T6180] loop4: detected capacity change from 0 to 512 [ 69.632143][ T6180] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.654873][ T6180] ext4 filesystem being mounted at /233/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 69.673803][ T6180] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.1081: corrupted inode contents [ 69.698185][ T6180] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.1081: mark_inode_dirty error [ 69.723961][ T6180] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.1081: corrupted inode contents [ 69.750408][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.789822][ T6192] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.851313][ T6192] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.931947][ T6192] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 70.011687][ T6192] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 70.079140][ T5296] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.090886][ T5330] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.106364][ T5330] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.119096][ T5330] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.239055][ T6213] capability: warning: `syz.2.1092' uses 32-bit capabilities (legacy support in use) [ 70.458949][ T29] kauditd_printk_skb: 117 callbacks suppressed [ 70.458961][ T29] audit: type=1400 audit(1761694269.507:1551): avc: denied { bind } for pid=6230 comm="syz.1.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 70.485458][ T29] audit: type=1400 audit(1761694269.507:1552): avc: denied { name_bind } for pid=6230 comm="syz.1.1100" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 70.507317][ T29] audit: type=1400 audit(1761694269.507:1553): avc: denied { node_bind } for pid=6230 comm="syz.1.1100" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 70.530053][ T29] audit: type=1400 audit(1761694269.547:1554): avc: denied { name_connect } for pid=6230 comm="syz.1.1100" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 70.675508][ T29] audit: type=1400 audit(1761694269.727:1555): avc: denied { create } for pid=6246 comm="syz.1.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 70.700256][ T3681] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 70.706486][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 70.714017][ T29] audit: type=1400 audit(1761694269.757:1556): avc: denied { setopt } for pid=6246 comm="syz.1.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 70.749534][ T29] audit: type=1400 audit(1761694269.797:1557): avc: denied { bind } for pid=6246 comm="syz.1.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 70.755655][ T6254] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1111'. [ 70.783506][ T6254] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1111'. [ 70.803450][ T6256] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 70.877269][ T6256] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 70.935780][ T29] audit: type=1326 audit(1761694269.987:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6267 comm="syz.1.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 70.959353][ T29] audit: type=1326 audit(1761694269.987:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6267 comm="syz.1.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 70.982947][ T29] audit: type=1326 audit(1761694270.007:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6267 comm="syz.1.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 71.021676][ T6256] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 71.102346][ T6256] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 71.356888][ T6297] pim6reg1: entered promiscuous mode [ 71.362307][ T6297] pim6reg1: entered allmulticast mode [ 71.428779][ T5328] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.447684][ T5328] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.457369][ T5328] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.466814][ T5328] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.540474][ T6305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1131'. [ 71.785660][ T6311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1133'. [ 72.220507][ T6325] bond0: (slave bond_slave_0): Releasing backup interface [ 72.233957][ T6325] bond0: (slave bond_slave_1): Releasing backup interface [ 72.249935][ T6325] team0: Port device team_slave_0 removed [ 72.261124][ T6325] team0: Port device team_slave_1 removed [ 72.268193][ T6325] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.277193][ T6325] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 72.299148][ T6330] netlink: 'syz.4.1139': attribute type 1 has an invalid length. [ 72.317135][ T6330] 8021q: adding VLAN 0 to HW filter on device bond1 [ 72.331971][ T6330] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 72.347011][ T6330] bond1: (slave batadv1): making interface the new active one [ 72.355989][ T6330] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 72.510919][ T6348] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1146'. [ 72.813171][ T6357] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1150'. [ 72.871107][ T6362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1151'. [ 72.911595][ T6362] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 72.918846][ T6362] IPv6: NLM_F_CREATE should be set when creating new route [ 72.926731][ T6362] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 72.934024][ T6362] IPv6: NLM_F_CREATE should be set when creating new route [ 73.300308][ T6387] loop0: detected capacity change from 0 to 512 [ 73.320349][ T6387] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 73.360899][ T6387] EXT4-fs (loop0): 1 truncate cleaned up [ 73.366906][ T6387] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.406787][ T3321] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.515641][ T6372] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1153'. [ 73.697888][ T6409] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 73.706640][ T6409] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 73.722589][ T6413] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1172'. [ 73.784699][ T6420] xt_connbytes: Forcing CT accounting to be enabled [ 73.834323][ T6423] pimreg: entered allmulticast mode [ 73.856974][ T6423] pimreg: left allmulticast mode [ 73.892053][ T6431] loop3: detected capacity change from 0 to 512 [ 73.898874][ T6431] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 73.910068][ T6431] EXT4-fs (loop3): 1 truncate cleaned up [ 73.917051][ T6431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.962082][ T6431] EXT4-fs error (device loop3): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.3.1180: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 73.982990][ T6431] EXT4-fs (loop3): Remounting filesystem read-only [ 73.989622][ T6431] EXT4-fs warning (device loop3): ext4_rename_delete:3731: inode #2: comm syz.3.1180: Deleting old file: nlink 5, error=-117 [ 74.028394][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.139603][ T6447] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6447 comm=syz.1.1186 [ 74.383182][ T6463] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1193'. [ 74.532584][ T6469] hub 1-0:1.0: USB hub found [ 74.545010][ T6469] hub 1-0:1.0: 8 ports detected [ 74.620048][ T6477] pimreg: entered allmulticast mode [ 74.627656][ T6477] pimreg: left allmulticast mode [ 74.768451][ T6489] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 74.800642][ T36] kernel write not supported for file /589/gid_map (pid: 36 comm: kworker/1:1) [ 74.923086][ T6508] netlink: 'syz.3.1214': attribute type 10 has an invalid length. [ 74.991639][ T6508] dummy0: left allmulticast mode [ 75.000358][ T6512] netlink: 'syz.3.1214': attribute type 10 has an invalid length. [ 75.018153][ T6508] dummy0: entered allmulticast mode [ 75.037367][ T6508] team0: Port device dummy0 added [ 75.052777][ T6512] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 75.081092][ T6512] dummy0: left allmulticast mode [ 75.091723][ T6512] team0: Failed to send options change via netlink (err -105) [ 75.099460][ T6512] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 75.108622][ T6512] team0: Port device dummy0 removed [ 75.134694][ T6512] dummy0: entered allmulticast mode [ 75.140298][ T6512] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 75.225870][ T6526] syzkaller0: entered promiscuous mode [ 75.231451][ T6526] syzkaller0: entered allmulticast mode [ 75.462598][ T29] kauditd_printk_skb: 239 callbacks suppressed [ 75.462611][ T29] audit: type=1326 audit(1761694274.517:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6527 comm="syz.0.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2aa7cd5e67 code=0x7ffc0000 [ 75.493138][ T29] audit: type=1326 audit(1761694274.547:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6527 comm="syz.0.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2aa7c7b099 code=0x7ffc0000 [ 75.516592][ T29] audit: type=1326 audit(1761694274.547:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6527 comm="syz.0.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2aa7cd5e67 code=0x7ffc0000 [ 75.540184][ T29] audit: type=1326 audit(1761694274.547:1803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6527 comm="syz.0.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2aa7c7b099 code=0x7ffc0000 [ 75.563680][ T29] audit: type=1326 audit(1761694274.547:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6527 comm="syz.0.1223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 75.588081][ T29] audit: type=1400 audit(1761694274.557:1805): avc: denied { read write } for pid=3311 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.612280][ T29] audit: type=1400 audit(1761694274.557:1806): avc: denied { open } for pid=3311 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.636483][ T29] audit: type=1400 audit(1761694274.557:1807): avc: denied { ioctl } for pid=3311 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.662071][ T29] audit: type=1400 audit(1761694274.577:1808): avc: denied { map_create } for pid=6552 comm="syz.3.1232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 75.681276][ T29] audit: type=1400 audit(1761694274.577:1809): avc: denied { perfmon } for pid=6552 comm="syz.3.1232" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 75.863130][ T6568] loop4: detected capacity change from 0 to 512 [ 75.870684][ T6568] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 75.883338][ T6568] EXT4-fs (loop4): 1 truncate cleaned up [ 75.889474][ T6568] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.082307][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.108945][ T6583] vlan2: entered allmulticast mode [ 76.280650][ T6600] __nla_validate_parse: 1 callbacks suppressed [ 76.280664][ T6600] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1251'. [ 76.335579][ T6605] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1253'. [ 76.335610][ T6607] loop3: detected capacity change from 0 to 512 [ 76.412104][ T6607] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: comm syz.3.1255: Parent and EA inode have the same ino 15 [ 76.427087][ T6607] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: comm syz.3.1255: Parent and EA inode have the same ino 15 [ 76.442141][ T6618] 9pnet_fd: Insufficient options for proto=fd [ 76.448405][ T6607] EXT4-fs (loop3): 1 orphan inode deleted [ 76.460251][ T6607] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.540641][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.592948][ T6626] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1261'. [ 76.683556][ T6633] loop3: detected capacity change from 0 to 512 [ 76.709370][ T6631] loop2: detected capacity change from 0 to 1024 [ 76.720811][ T6631] EXT4-fs: Ignoring removed orlov option [ 76.729300][ T6631] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.745212][ T6638] loop4: detected capacity change from 0 to 512 [ 76.761951][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.762646][ T6633] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.790495][ T6638] EXT4-fs (loop4): orphan cleanup on readonly fs [ 76.805385][ T6633] ext4 filesystem being mounted at /230/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 76.830638][ T6638] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.1266: EA inode hash validation failed [ 76.851325][ T6633] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.1264: corrupted inode contents [ 76.870391][ T6638] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 76.883793][ T6638] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.1266: corrupted inode contents [ 76.902758][ T6645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1268'. [ 76.916128][ T6645] team2: entered promiscuous mode [ 76.921239][ T6645] team2: entered allmulticast mode [ 76.926501][ T6645] 8021q: adding VLAN 0 to HW filter on device team2 [ 76.973538][ T6633] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.1264: mark_inode_dirty error [ 76.985064][ T6633] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.1264: corrupted inode contents [ 77.004112][ T6638] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #15: comm syz.4.1266: mark_inode_dirty error [ 77.020354][ T6638] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.1266: corrupted inode contents [ 77.035790][ T6633] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1264: mark_inode_dirty error [ 77.063956][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1270'. [ 77.072925][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1270'. [ 77.082460][ T6638] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2996: inode #15: comm syz.4.1266: mark_inode_dirty error [ 77.114215][ T6638] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.1266: mark inode dirty (error -117) [ 77.131133][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.143581][ T6638] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 77.170433][ T6638] EXT4-fs (loop4): 1 orphan inode deleted [ 77.177971][ T6638] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 77.200371][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.672242][ T6704] netlink: 1347 bytes leftover after parsing attributes in process `syz.1.1294'. [ 77.672570][ T6706] netlink: 'syz.3.1295': attribute type 7 has an invalid length. [ 77.689134][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1295'. [ 77.922673][ T6724] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 77.932426][ T6724] SELinux: failed to load policy [ 78.018679][ T6731] wireguard0: entered promiscuous mode [ 78.024212][ T6731] wireguard0: entered allmulticast mode [ 78.124400][ T6747] Cannot find del_set index 0 as target [ 78.152945][ T6753] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1314'. [ 78.303595][ T6767] vhci_hcd: invalid port number 96 [ 78.308736][ T6767] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 78.319557][ T6769] veth0_to_team: entered promiscuous mode [ 78.325329][ T6769] veth0_to_team: left allmulticast mode [ 78.362924][ T6755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.372050][ T6755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.473566][ T6781] netlink: 'syz.0.1326': attribute type 10 has an invalid length. [ 78.493541][ T6781] dummy0: left allmulticast mode [ 78.499871][ T6781] dummy0: entered allmulticast mode [ 78.505558][ T6781] team0: Port device dummy0 added [ 78.512750][ T6781] netlink: 'syz.0.1326': attribute type 10 has an invalid length. [ 78.521392][ T6781] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 78.530896][ T6781] dummy0: left allmulticast mode [ 78.536087][ T6781] team0: Failed to send options change via netlink (err -105) [ 78.543983][ T6781] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 78.553196][ T6781] team0: Port device dummy0 removed [ 78.560335][ T6781] dummy0: entered allmulticast mode [ 78.565787][ T6781] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 78.603624][ T6787] bridge: RTM_NEWNEIGH with invalid ether address [ 78.829582][ T6804] syz.4.1335: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 78.844187][ T6804] CPU: 1 UID: 0 PID: 6804 Comm: syz.4.1335 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 78.844271][ T6804] Tainted: [W]=WARN [ 78.844277][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 78.844349][ T6804] Call Trace: [ 78.844356][ T6804] [ 78.844364][ T6804] __dump_stack+0x1d/0x30 [ 78.844386][ T6804] dump_stack_lvl+0xe8/0x140 [ 78.844403][ T6804] dump_stack+0x15/0x1b [ 78.844467][ T6804] warn_alloc+0x12b/0x1a0 [ 78.844550][ T6804] ? __rcu_read_unlock+0x4f/0x70 [ 78.844575][ T6804] ? __cgroup_account_cputime+0x81/0xa0 [ 78.844594][ T6804] __vmalloc_node_range_noprof+0x9d/0xed0 [ 78.844625][ T6804] ? update_curr+0xfd/0x1b0 [ 78.844677][ T6804] ? tracing_record_taskinfo_sched_switch+0x71/0x260 [ 78.844778][ T6804] ? probe_sched_wakeup+0x85/0xa0 [ 78.844832][ T6804] ? __rcu_read_unlock+0x4f/0x70 [ 78.844871][ T6804] ? avc_has_perm_noaudit+0x1b1/0x200 [ 78.844890][ T6804] ? should_fail_ex+0x30/0x280 [ 78.844906][ T6804] ? xskq_create+0x36/0xe0 [ 78.844924][ T6804] vmalloc_user_noprof+0x7d/0xb0 [ 78.844949][ T6804] ? xskq_create+0x80/0xe0 [ 78.845011][ T6804] xskq_create+0x80/0xe0 [ 78.845039][ T6804] xsk_init_queue+0x95/0xf0 [ 78.845108][ T6804] xsk_setsockopt+0x3f5/0x640 [ 78.845124][ T6804] ? __pfx_xsk_setsockopt+0x10/0x10 [ 78.845195][ T6804] __sys_setsockopt+0x184/0x200 [ 78.845221][ T6804] __x64_sys_setsockopt+0x64/0x80 [ 78.845245][ T6804] x64_sys_call+0x20ec/0x3000 [ 78.845342][ T6804] do_syscall_64+0xd2/0x200 [ 78.845361][ T6804] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 78.845387][ T6804] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 78.845414][ T6804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.845526][ T6804] RIP: 0033:0x7ffb4452efc9 [ 78.845541][ T6804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.845620][ T6804] RSP: 002b:00007ffb42f97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 78.845640][ T6804] RAX: ffffffffffffffda RBX: 00007ffb44785fa0 RCX: 00007ffb4452efc9 [ 78.845705][ T6804] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 78.845715][ T6804] RBP: 00007ffb445b1f91 R08: 0000000000000004 R09: 0000000000000000 [ 78.845725][ T6804] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.845740][ T6804] R13: 00007ffb44786038 R14: 00007ffb44785fa0 R15: 00007ffe03410eb8 [ 78.845756][ T6804] [ 78.845773][ T6804] Mem-Info: [ 79.090676][ T6804] active_anon:58943 inactive_anon:7 isolated_anon:0 [ 79.090676][ T6804] active_file:25371 inactive_file:2253 isolated_file:0 [ 79.090676][ T6804] unevictable:0 dirty:213 writeback:0 [ 79.090676][ T6804] slab_reclaimable:3475 slab_unreclaimable:35110 [ 79.090676][ T6804] mapped:28977 shmem:54981 pagetables:1326 [ 79.090676][ T6804] sec_pagetables:0 bounce:0 [ 79.090676][ T6804] kernel_misc_reclaimable:0 [ 79.090676][ T6804] free:1786437 free_pcp:1440 free_cma:0 [ 79.135799][ T6804] Node 0 active_anon:236932kB inactive_anon:28kB active_file:101484kB inactive_file:9012kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117068kB dirty:852kB writeback:0kB shmem:221084kB kernel_stack:4624kB pagetables:5304kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 79.163466][ T6804] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 79.193148][ T6804] lowmem_reserve[]: 0 2881 7859 7859 [ 79.198451][ T6804] Node 0 DMA32 free:2946744kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950272kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 79.229588][ T6804] lowmem_reserve[]: 0 0 4978 4978 [ 79.234718][ T6804] Node 0 Normal free:4139244kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:240296kB inactive_anon:28kB active_file:101484kB inactive_file:9012kB unevictable:0kB writepending:852kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:2436kB local_pcp:1460kB free_cma:0kB [ 79.267722][ T6804] lowmem_reserve[]: 0 0 0 0 [ 79.272262][ T6804] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 79.284962][ T6804] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 6*16kB (M) 2*32kB (M) 4*64kB (M) 2*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2946744kB [ 79.301039][ T6804] Node 0 Normal: 373*4kB (UE) 891*8kB (UE) 16*16kB (UE) 7*32kB (ME) 72*64kB (UME) 44*128kB (UME) 18*256kB (UME) 16*512kB (UME) 8*1024kB (ME) 17*2048kB (UME) 987*4096kB (UM) = 4117900kB [ 79.319489][ T6804] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 79.328847][ T6804] 84433 total pagecache pages [ 79.333563][ T6804] 7 pages in swap cache [ 79.337732][ T6804] Free swap = 124968kB [ 79.341899][ T6804] Total swap = 124996kB [ 79.346094][ T6804] 2097051 pages RAM [ 79.349925][ T6804] 0 pages HighMem/MovableOnly [ 79.354614][ T6804] 81083 pages reserved [ 79.464615][ T6821] loop0: detected capacity change from 0 to 512 [ 79.569704][ T6821] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1342: couldn't read orphan inode 26 (err -116) [ 79.595669][ T6821] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.607778][ T6831] loop2: detected capacity change from 0 to 512 [ 79.609296][ T6821] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.627002][ T6829] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 79.627002][ T6829] program syz.1.1345 not setting count and/or reply_len properly [ 79.651800][ T6831] EXT4-fs (loop2): orphan cleanup on readonly fs [ 79.670797][ T6831] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.1346: EA inode hash validation failed [ 79.696364][ T6831] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.1346: corrupted inode contents [ 79.720137][ T6836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1347'. [ 79.731860][ T3321] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.745706][ T6831] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #15: comm syz.2.1346: mark_inode_dirty error [ 79.762411][ T6831] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.1346: corrupted inode contents [ 79.817981][ T6842] loop0: detected capacity change from 0 to 164 [ 79.826775][ T6831] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2996: inode #15: comm syz.2.1346: mark_inode_dirty error [ 79.850708][ T6831] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.1346: mark inode dirty (error -117) [ 79.866868][ T6842] syz.0.1350: attempt to access beyond end of device [ 79.866868][ T6842] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 79.868554][ T6831] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117) [ 79.900381][ T6831] EXT4-fs (loop2): 1 orphan inode deleted [ 79.910751][ T6831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 79.920218][ T6842] syz.0.1350: attempt to access beyond end of device [ 79.920218][ T6842] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 80.010007][ T6831] SELinux: ebitmap: truncated map [ 80.026933][ T6831] SELinux: failed to load policy [ 80.066616][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.138679][ T6866] loop0: detected capacity change from 0 to 512 [ 80.184671][ T6866] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.249479][ T6866] EXT4-fs (loop0): shut down requested (0) [ 80.359686][ T3321] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.433310][ T6902] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 80.484032][ T29] kauditd_printk_skb: 597 callbacks suppressed [ 80.484046][ T29] audit: type=1400 audit(1761694279.537:2407): avc: denied { unmount } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 80.517558][ T6908] all: renamed from lo [ 80.543746][ T6912] tipc: Started in network mode [ 80.544411][ T6900] SELinux: failed to load policy [ 80.548642][ T6912] tipc: Node identity 16965e62473e, cluster identity 4711 [ 80.560867][ T6912] tipc: Enabled bearer , priority 0 [ 80.580228][ T29] audit: type=1400 audit(1761694279.617:2408): avc: denied { create } for pid=6909 comm="syz.3.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 80.599879][ T29] audit: type=1400 audit(1761694279.617:2409): avc: denied { connect } for pid=6909 comm="syz.3.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 80.624164][ T29] audit: type=1326 audit(1761694279.637:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.647620][ T29] audit: type=1326 audit(1761694279.637:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.671093][ T29] audit: type=1326 audit(1761694279.637:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.686168][ T6912] syzkaller0: entered promiscuous mode [ 80.694570][ T29] audit: type=1326 audit(1761694279.637:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.699957][ T6912] syzkaller0: entered allmulticast mode [ 80.723436][ T29] audit: type=1326 audit(1761694279.637:2414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.741651][ T6912] tipc: Resetting bearer [ 80.752689][ T29] audit: type=1326 audit(1761694279.637:2415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.781722][ T29] audit: type=1326 audit(1761694279.637:2416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6913 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 80.821809][ T5351] tipc: Resetting bearer [ 80.829400][ T6918] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 80.829400][ T6918] program syz.2.1382 not setting count and/or reply_len properly [ 80.846566][ T6911] tipc: Resetting bearer [ 80.868900][ T6925] loop2: detected capacity change from 0 to 512 [ 80.884333][ T6911] tipc: Disabling bearer [ 80.901748][ T6925] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1385: couldn't read orphan inode 26 (err -116) [ 80.929438][ T6925] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.974709][ T6925] ext4 filesystem being mounted at /275/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.026466][ T6941] vhci_hcd: invalid port number 96 [ 81.031643][ T6941] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 81.059944][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.069154][ T6944] tipc: Enabled bearer , priority 0 [ 81.091533][ T6951] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.121040][ T6944] tipc: Disabling bearer [ 81.211201][ T6951] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.272714][ T6951] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.310806][ T6969] loop9: detected capacity change from 0 to 7 [ 81.319072][ T6969] Buffer I/O error on dev loop9, logical block 0, async page read [ 81.327541][ T6969] Buffer I/O error on dev loop9, logical block 0, async page read [ 81.335402][ T6969] loop9: unable to read partition table [ 81.341898][ T6969] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯  [ 81.341898][ T6969] ) failed (rc=-5) [ 81.342192][ T6951] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.404267][ T6979] loop4: detected capacity change from 0 to 512 [ 81.423927][ T5306] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.435152][ T6979] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1405: couldn't read orphan inode 26 (err -116) [ 81.457625][ T5351] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.468934][ T5351] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.483028][ T5351] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.499402][ T6979] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.530657][ T6984] vhci_hcd: invalid port number 96 [ 81.535851][ T6984] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 81.538185][ T6979] ext4 filesystem being mounted at /303/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.613570][ T7001] random: crng reseeded on system resumption [ 81.634346][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.651370][ T7008] netlink: 'syz.2.1418': attribute type 7 has an invalid length. [ 81.659160][ T7008] __nla_validate_parse: 6 callbacks suppressed [ 81.659172][ T7008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1418'. [ 81.694456][ T7016] xt_connbytes: Forcing CT accounting to be enabled [ 81.815007][ T7029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1425'. [ 81.872170][ T7035] loop2: detected capacity change from 0 to 1024 [ 81.881043][ T7035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.031414][ T7040] erspan1: entered allmulticast mode [ 82.111461][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.532507][ T7046] loop3: detected capacity change from 0 to 512 [ 82.544186][ T7046] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1428: couldn't read orphan inode 26 (err -116) [ 82.565142][ T7046] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.577887][ T7046] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.609649][ T7053] loop0: detected capacity change from 0 to 512 [ 82.631477][ T7053] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.644265][ T7053] ext4 filesystem being mounted at /301/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.655214][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.656908][ T7053] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #2: comm syz.0.1430: corrupted inode contents [ 82.676473][ T7053] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #2: comm syz.0.1430: mark_inode_dirty error [ 82.688196][ T7053] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #2: comm syz.0.1430: corrupted inode contents [ 82.720903][ T3321] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.830598][ T7078] loop3: detected capacity change from 0 to 1764 [ 82.837703][ T7078] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 82.847083][ T7078] ISOFS: unable to read i-node block [ 82.852496][ T7078] isofs_fill_super: get root inode failed [ 83.014771][ T7092] hub 1-0:1.0: USB hub found [ 83.019507][ T7092] hub 1-0:1.0: 8 ports detected [ 83.029989][ T7094] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1448'. [ 83.852497][ T7128] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 83.868298][ T7128] infiniband : RDMA CMA: cma_listen_on_dev, error -98 [ 84.325927][ T7142] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1467'. [ 84.495694][ T7111] syz.0.1456 (7111) used greatest stack depth: 6064 bytes left [ 85.222681][ T7167] loop2: detected capacity change from 0 to 2048 [ 85.248111][ T7167] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.311910][ T7173] loop4: detected capacity change from 0 to 512 [ 85.337047][ T7173] EXT4-fs (loop4): orphan cleanup on readonly fs [ 85.344447][ T7173] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.1478: EA inode hash validation failed [ 85.365621][ T7173] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.1478: corrupted inode contents [ 85.386515][ T7173] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #15: comm syz.4.1478: mark_inode_dirty error [ 85.400139][ T7173] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.1478: corrupted inode contents [ 85.413534][ T7173] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2996: inode #15: comm syz.4.1478: mark_inode_dirty error [ 85.426075][ T7173] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.1478: mark inode dirty (error -117) [ 85.426790][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.439196][ T7173] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 85.457055][ T7173] EXT4-fs (loop4): 1 orphan inode deleted [ 85.463301][ T7173] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 85.493170][ T7178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1481'. [ 85.502609][ T29] kauditd_printk_skb: 408 callbacks suppressed [ 85.502622][ T29] audit: type=1400 audit(1761694284.537:2825): avc: denied { create } for pid=7177 comm="syz.1.1481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 85.529558][ T29] audit: type=1400 audit(1761694284.547:2826): avc: denied { read } for pid=7172 comm="syz.4.1478" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 85.552797][ T29] audit: type=1400 audit(1761694284.547:2827): avc: denied { open } for pid=7172 comm="syz.4.1478" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 85.576625][ T29] audit: type=1400 audit(1761694284.547:2828): avc: denied { write } for pid=7177 comm="syz.1.1481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 85.597313][ T7181] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1481'. [ 85.619479][ T7173] SELinux: ebitmap: truncated map [ 85.626533][ T29] audit: type=1400 audit(1761694284.667:2829): avc: denied { load_policy } for pid=7172 comm="syz.4.1478" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 85.646783][ T29] audit: type=1400 audit(1761694284.687:2830): avc: denied { mount } for pid=7179 comm="syz.2.1480" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 85.651137][ T7173] SELinux: failed to load policy [ 85.668683][ T29] audit: type=1400 audit(1761694284.687:2831): avc: denied { mounton } for pid=7179 comm="syz.2.1480" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 85.705218][ T29] audit: type=1326 audit(1761694284.757:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7182 comm="syz.0.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 85.728738][ T29] audit: type=1326 audit(1761694284.757:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7182 comm="syz.0.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 85.728760][ T29] audit: type=1326 audit(1761694284.757:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7182 comm="syz.0.1482" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aa7cdefc9 code=0x7ffc0000 [ 85.798100][ T7187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1486'. [ 85.825450][ T7193] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1488'. [ 85.841444][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.980970][ T7207] syzkaller0: entered promiscuous mode [ 85.986500][ T7207] syzkaller0: entered allmulticast mode [ 86.126935][ T7223] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1500'. [ 86.142195][ T7225] loop3: detected capacity change from 0 to 512 [ 86.200425][ T7225] EXT4-fs (loop3): orphan cleanup on readonly fs [ 86.207341][ T7225] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.1502: EA inode hash validation failed [ 86.240448][ T7225] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #15: comm syz.3.1502: corrupted inode contents [ 86.279160][ T7225] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #15: comm syz.3.1502: mark_inode_dirty error [ 86.315756][ T7225] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #15: comm syz.3.1502: corrupted inode contents [ 86.370755][ T7225] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2996: inode #15: comm syz.3.1502: mark_inode_dirty error [ 86.410357][ T7225] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2999: inode #15: comm syz.3.1502: mark inode dirty (error -117) [ 86.460456][ T7225] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117) [ 86.486897][ T7225] EXT4-fs (loop3): 1 orphan inode deleted [ 86.504235][ T7225] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 86.587749][ T7225] SELinux: ebitmap: truncated map [ 86.601733][ T7225] SELinux: failed to load policy [ 86.625577][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.699484][ T7255] macvlan1: entered promiscuous mode [ 86.705564][ T7255] ipvlan0: entered promiscuous mode [ 86.711802][ T7255] ipvlan0: left promiscuous mode [ 86.723879][ T7255] macvlan1: left promiscuous mode [ 86.877590][ T7273] netlink: 'gtp': attribute type 12 has an invalid length. [ 87.078591][ T7297] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1523'. [ 87.116809][ T7301] netlink: 'syz.0.1524': attribute type 1 has an invalid length. [ 87.138426][ T7301] 8021q: adding VLAN 0 to HW filter on device bond1 [ 87.160848][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1524'. [ 87.178255][ T7301] bond1 (unregistering): Released all slaves [ 87.270248][ T7319] wireguard0: entered promiscuous mode [ 87.275749][ T7319] wireguard0: entered allmulticast mode [ 87.440367][ T7328] loop4: detected capacity change from 0 to 128 [ 87.455203][ T7328] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 87.477698][ T7328] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 87.504065][ T5306] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 88.404293][ T7384] loop2: detected capacity change from 0 to 512 [ 88.432082][ T7384] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1552: couldn't read orphan inode 26 (err -116) [ 88.444919][ T7384] EXT4-fs (loop2): Remounting filesystem read-only [ 88.451724][ T7384] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.472458][ T7384] ext4 filesystem being mounted at /314/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.495394][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.540033][ T7395] loop2: detected capacity change from 0 to 2048 [ 88.562505][ T7395] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.599729][ T7401] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 88.712536][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.588931][ T7423] SELinux: ebitmap: truncated map [ 89.594691][ T7423] SELinux: failed to load policy [ 89.706984][ T7446] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1579'. [ 90.339054][ T7482] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.1594'. [ 90.348493][ T7482] netlink: zone id is out of range [ 90.353675][ T7482] netlink: zone id is out of range [ 90.360341][ T7482] netlink: zone id is out of range [ 90.370263][ T7482] netlink: zone id is out of range [ 90.380989][ T7482] netlink: zone id is out of range [ 90.389209][ T7482] netlink: zone id is out of range [ 90.394679][ T7482] netlink: zone id is out of range [ 90.399833][ T7482] netlink: zone id is out of range [ 90.404216][ T7485] syzkaller0: entered promiscuous mode [ 90.404963][ T7482] netlink: zone id is out of range [ 90.410421][ T7485] syzkaller0: entered allmulticast mode [ 90.415491][ T7482] netlink: zone id is out of range [ 90.446051][ T7485] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 90.567157][ T29] kauditd_printk_skb: 138 callbacks suppressed [ 90.567171][ T29] audit: type=1400 audit(1761694289.607:2973): avc: denied { write } for pid=7488 comm="syz.1.1597" path="socket:[29222]" dev="sockfs" ino=29222 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 90.597115][ T29] audit: type=1400 audit(1761694289.617:2974): avc: denied { read write } for pid=7490 comm="syz.2.1598" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 90.620981][ T29] audit: type=1400 audit(1761694289.617:2975): avc: denied { open } for pid=7490 comm="syz.2.1598" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 90.686692][ T29] audit: type=1400 audit(1761694289.657:2976): avc: denied { create } for pid=7490 comm="syz.2.1598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 90.706111][ T29] audit: type=1400 audit(1761694289.657:2977): avc: denied { ioctl } for pid=7490 comm="syz.2.1598" path="/dev/virtual_nci" dev="devtmpfs" ino=132 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 90.734409][ T29] audit: type=1400 audit(1761694289.787:2978): avc: denied { setopt } for pid=7497 comm="syz.4.1599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 90.754314][ T29] audit: type=1400 audit(1761694289.787:2979): avc: denied { write } for pid=7486 comm="syz.0.1596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 90.774870][ T29] audit: type=1400 audit(1761694289.787:2980): avc: denied { nlmsg_write } for pid=7486 comm="syz.0.1596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 90.796298][ T29] audit: type=1400 audit(1761694289.787:2981): avc: denied { setopt } for pid=7486 comm="syz.0.1596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 90.870365][ T29] audit: type=1400 audit(1761694289.917:2982): avc: denied { getopt } for pid=7497 comm="syz.4.1599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 91.457520][ T7551] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7551 comm=syz.2.1620 [ 91.636719][ T7572] loop3: detected capacity change from 0 to 2048 [ 91.661050][ T7572] EXT4-fs (loop3): failed to initialize system zone (-117) [ 91.668284][ T7572] EXT4-fs (loop3): mount failed [ 91.817304][ T7588] tipc: Started in network mode [ 91.822228][ T7588] tipc: Node identity 9ed7258271bc, cluster identity 4711 [ 91.829461][ T7588] tipc: Enabled bearer , priority 0 [ 91.839346][ T7588] tipc: Disabling bearer [ 91.933637][ T7599] loop2: detected capacity change from 0 to 128 [ 91.958458][ T7599] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 91.979757][ T7599] ext4 filesystem being mounted at /327/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.106471][ T3317] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.590407][ T7628] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1651'. [ 92.694050][ T7633] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1653'. [ 93.390793][ T7650] loop2: detected capacity change from 0 to 1024 [ 93.412544][ T7650] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 93.429206][ T7650] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.1660: bad orphan inode 11 [ 93.446816][ T7650] ext4_test_bit(bit=10, block=4) = 1 [ 93.453408][ T7650] is_bad_inode(inode)=0 [ 93.458017][ T7650] NEXT_ORPHAN(inode)=3254779904 [ 93.463677][ T7650] max_ino=32 [ 93.467213][ T7650] i_nlink=0 [ 93.478250][ T7650] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.1660: lblock 1 mapped to illegal pblock 1 (length 1) [ 93.494294][ T7650] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.1660: Failed to acquire dquot type 0 [ 93.509971][ T7650] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.1660: Invalid inode bitmap blk 0 in block_group 0 [ 93.525130][ T7650] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 93.539229][ T7650] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.728122][ T5343] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:52: lblock 1 mapped to illegal pblock 1 (length 1) [ 93.752837][ T5343] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:52: Failed to release dquot type 0 [ 93.771669][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.801226][ T7661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1664'. [ 93.810120][ T7661] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1664'. [ 93.963396][ T7665] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1666'. [ 94.079607][ T7679] netlink: 'syz.3.1671': attribute type 13 has an invalid length. [ 94.094329][ T7676] wireguard0: entered promiscuous mode [ 94.099934][ T7676] wireguard0: entered allmulticast mode [ 94.186077][ T7679] bond1: left promiscuous mode [ 94.715700][ T7691] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1676'. [ 94.955060][ T36] hid_parser_main: 8 callbacks suppressed [ 94.955087][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 94.998874][ T36] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 95.006157][ T7720] loop4: detected capacity change from 0 to 1024 [ 95.030705][ T7720] EXT4-fs: Ignoring removed orlov option [ 95.058023][ T7720] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.403710][ T7724] chnl_net:caif_netlink_parms(): no params data found [ 95.467877][ T7724] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.474989][ T7724] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.503411][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.520950][ T7724] bridge_slave_0: entered allmulticast mode [ 95.543096][ T7724] bridge_slave_0: entered promiscuous mode [ 95.550474][ T7724] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.557775][ T7724] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.565228][ T7724] bridge_slave_1: entered allmulticast mode [ 95.571740][ T7724] bridge_slave_1: entered promiscuous mode [ 95.591244][ T29] kauditd_printk_skb: 86 callbacks suppressed [ 95.591322][ T29] audit: type=1400 audit(1761694294.647:3066): avc: denied { mount } for pid=7750 comm="syz.0.1697" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 95.623196][ T29] audit: type=1400 audit(1761694294.677:3067): avc: denied { mounton } for pid=7750 comm="syz.0.1697" path="/358/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 95.645411][ T29] audit: type=1400 audit(1761694294.677:3068): avc: denied { mount } for pid=7750 comm="syz.0.1697" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 95.645467][ T7724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.678472][ T7724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.696621][ T29] audit: type=1400 audit(1761694294.747:3069): avc: denied { unmount } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 95.721718][ T7724] team0: Port device team_slave_0 added [ 95.728427][ T7724] team0: Port device team_slave_1 added [ 95.759146][ T7724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.760426][ T29] audit: type=1400 audit(1761694294.817:3070): avc: denied { mounton } for pid=7752 comm="syz.0.1698" path="/proc/825/task" dev="proc" ino=29657 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 95.766186][ T7724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.814804][ T7724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.833662][ T7724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.840704][ T7724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.866686][ T7724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.877519][ T29] audit: type=1400 audit(1761694294.847:3071): avc: denied { mount } for pid=7752 comm="syz.0.1698" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 95.925782][ T7724] hsr_slave_0: entered promiscuous mode [ 95.931913][ T7724] hsr_slave_1: entered promiscuous mode [ 95.937791][ T7724] debugfs: 'hsr0' already exists in 'hsr' [ 95.943538][ T7724] Cannot create hsr debugfs directory [ 95.998794][ T29] audit: type=1400 audit(1761694295.047:3072): avc: denied { create } for pid=7765 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 96.033086][ T29] audit: type=1400 audit(1761694295.067:3073): avc: denied { connect } for pid=7765 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 96.052696][ T29] audit: type=1400 audit(1761694295.067:3074): avc: denied { bind } for pid=7765 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 96.071987][ T29] audit: type=1400 audit(1761694295.067:3075): avc: denied { write } for pid=7765 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 96.120725][ T7724] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 96.133108][ T7724] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 96.147997][ T7724] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 96.156989][ T7724] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 96.205947][ T7724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.250563][ T7724] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.252507][ T7783] siw: device registration error -23 [ 96.266482][ T5343] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.273564][ T5343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.296447][ T5351] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.303526][ T5351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.327816][ T7789] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 96.411467][ T7789] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 96.454566][ T7789] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 96.486404][ T7724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.501440][ T7789] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 96.547254][ T5343] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.565360][ T5351] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.600332][ T5351] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.619045][ T5351] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.723372][ T7724] veth0_vlan: entered promiscuous mode [ 96.742682][ T7724] veth1_vlan: entered promiscuous mode [ 96.773416][ T7724] veth0_macvtap: entered promiscuous mode [ 96.798457][ T7724] veth1_macvtap: entered promiscuous mode [ 96.829786][ T7724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.865988][ T7724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.887221][ T5310] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.903916][ T5310] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.948273][ T5310] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.979625][ T5310] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.281856][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1731'. [ 97.500917][ T7890] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1732'. [ 97.770799][ T7931] netlink: 'syz.1.1736': attribute type 10 has an invalid length. [ 97.789301][ T7931] dummy0: left allmulticast mode [ 97.803592][ T7931] dummy0: entered allmulticast mode [ 97.825220][ T7931] team0: Port device dummy0 added [ 98.097859][ T7926] net_ratelimit: 20 callbacks suppressed [ 98.097942][ T7926] Set syz1 is full, maxelem 65536 reached [ 99.315612][ T8008] Set syz1 is full, maxelem 65536 reached [ 99.613148][ T8014] loop5: detected capacity change from 0 to 1024 [ 99.646518][ T8014] EXT4-fs: Ignoring removed orlov option [ 99.669038][ T8014] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.901647][ T8039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1761'. [ 100.038650][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.723499][ T8075] netlink: 'syz.2.1778': attribute type 1 has an invalid length. [ 100.742424][ T8075] bond2: entered promiscuous mode [ 100.747677][ T8075] 8021q: adding VLAN 0 to HW filter on device bond2 [ 100.768907][ T8075] bond2: (slave bridge3): making interface the new active one [ 100.776473][ T8075] bridge3: entered promiscuous mode [ 100.783124][ T8075] bond2: (slave bridge3): Enslaving as an active interface with an up link [ 100.870497][ T29] kauditd_printk_skb: 133 callbacks suppressed [ 100.870511][ T29] audit: type=1400 audit(1761694299.927:3209): avc: denied { create } for pid=8082 comm="syz.2.1781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 100.924700][ T8087] netlink: 'syz.2.1783': attribute type 7 has an invalid length. [ 100.932578][ T8087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1783'. [ 100.940421][ T29] audit: type=1400 audit(1761694299.927:3210): avc: denied { bind } for pid=8082 comm="syz.2.1781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 101.147522][ T8104] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1784'. [ 101.280125][ T29] audit: type=1326 audit(1761694300.327:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.309193][ T29] audit: type=1326 audit(1761694300.357:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.332878][ T29] audit: type=1326 audit(1761694300.357:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.1.1794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.356475][ T29] audit: type=1326 audit(1761694300.357:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.379376][ T29] audit: type=1326 audit(1761694300.357:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.402167][ T29] audit: type=1326 audit(1761694300.357:3216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.425312][ T29] audit: type=1326 audit(1761694300.357:3217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.448306][ T29] audit: type=1326 audit(1761694300.357:3218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 101.689120][ T8147] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1803'. [ 101.731429][ T8156] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1808'. [ 101.745854][ T8156] 8021q: adding VLAN 0 to HW filter on device bond3 [ 101.787382][ T8164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1811'. [ 101.796472][ T8164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1811'. [ 101.817991][ T8166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1812'. [ 101.916393][ T8176] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.943773][ T8179] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1816'. [ 101.984662][ T8176] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.032989][ T8176] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.095055][ T8176] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.173177][ T5310] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.205184][ T5310] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.233627][ T5310] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.260369][ T5310] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.008456][ T8231] xt_CT: No such helper "pptp" [ 103.291676][ T8274] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1839'. [ 103.315535][ T8274] team1: entered promiscuous mode [ 103.320696][ T8274] team1: entered allmulticast mode [ 103.350327][ T8274] 8021q: adding VLAN 0 to HW filter on device team1 [ 104.077643][ T8372] netlink: 'syz.4.1852': attribute type 13 has an invalid length. [ 104.185600][ T8377] vlan2: entered allmulticast mode [ 104.200206][ T8377] dummy0: entered allmulticast mode [ 104.472204][ T8407] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.491636][ T8408] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 104.511778][ T8407] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.556871][ T5300] Bluetooth: hci0: Frame reassembly failed (-84) [ 104.570367][ T8407] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.591312][ T8419] cgroup: Invalid name [ 104.622353][ T8407] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.688052][ T5300] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.702680][ T5343] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.711084][ T5343] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.723079][ T5300] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.785844][ T8431] geneve2: entered promiscuous mode [ 104.791190][ T8431] geneve2: entered allmulticast mode [ 104.799861][ T8433] netlink: 'syz.1.1879': attribute type 5 has an invalid length. [ 105.011394][ T8445] netlink: 'syz.0.1884': attribute type 12 has an invalid length. [ 105.115137][ T8456] SELinux: ebitmap: truncated map [ 105.121100][ T8456] SELinux: failed to load policy [ 105.237053][ T8474] loop4: detected capacity change from 0 to 512 [ 105.253690][ T8474] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 105.277904][ T8474] EXT4-fs (loop4): 1 truncate cleaned up [ 105.284735][ T8474] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.338516][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.458631][ T8486] __nla_validate_parse: 1 callbacks suppressed [ 105.458644][ T8486] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1902'. [ 105.580185][ T8498] bridge2: entered allmulticast mode [ 105.629139][ T8505] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1911'. [ 105.679603][ T8511] loop5: detected capacity change from 0 to 512 [ 105.686564][ T8511] EXT4-fs (loop5): The Hurd can't support 64-bit file systems [ 105.706951][ T8511] loop5: detected capacity change from 0 to 2048 [ 105.715607][ T8511] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.804126][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.064945][ T8524] netlink: 'syz.0.1917': attribute type 13 has an invalid length. [ 106.134385][ T29] kauditd_printk_skb: 80 callbacks suppressed [ 106.134398][ T29] audit: type=1400 audit(1761694305.187:3299): avc: denied { setopt } for pid=8525 comm="syz.0.1918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 106.161863][ T29] audit: type=1400 audit(1761694305.197:3300): avc: denied { append } for pid=8527 comm="syz.0.1919" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 106.185707][ T29] audit: type=1400 audit(1761694305.197:3301): avc: denied { open } for pid=8527 comm="syz.0.1919" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 106.209843][ T29] audit: type=1400 audit(1761694305.197:3302): avc: denied { ioctl } for pid=8527 comm="syz.0.1919" path="/dev/sg0" dev="devtmpfs" ino=137 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 106.318130][ T8533] bridge2: entered allmulticast mode [ 106.399021][ T8543] loop5: detected capacity change from 0 to 2048 [ 106.450728][ T8543] loop5: p1 < > p4 [ 106.455096][ T8543] loop5: p4 size 722688 extends beyond EOD, truncated [ 106.457420][ T8547] netlink: 'syz.1.1928': attribute type 6 has an invalid length. [ 106.499341][ T29] audit: type=1400 audit(1761694305.547:3303): avc: denied { write } for pid=8550 comm="syz.1.1930" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 106.549136][ T8555] ªªªªªª: renamed from vlan0 [ 106.562010][ T8552] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 106.569323][ T8552] vhci_hcd: invalid port number 96 [ 106.574503][ T8552] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 106.587583][ T29] audit: type=1400 audit(1761694305.637:3304): avc: denied { read write } for pid=8551 comm="syz.5.1929" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 106.620305][ T3681] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 106.627321][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 106.652854][ T8561] serio: Serial port ptm0 [ 106.665958][ T29] audit: type=1326 audit(1761694305.707:3305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8564 comm="syz.1.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 106.689439][ T29] audit: type=1326 audit(1761694305.707:3306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8564 comm="syz.1.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 106.712915][ T29] audit: type=1326 audit(1761694305.707:3307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8564 comm="syz.1.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 106.736447][ T29] audit: type=1326 audit(1761694305.707:3308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8564 comm="syz.1.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 106.820313][ T8578] loop4: detected capacity change from 0 to 128 [ 106.826878][ T8579] cgroup: Invalid name [ 106.849052][ T8578] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 106.857011][ T8578] FAT-fs (loop4): Filesystem has been set read-only [ 106.865823][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.865823][ T8578] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 106.880400][ T8578] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 106.888236][ T8578] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 106.897140][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.897140][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.911667][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.911667][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.930261][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.930261][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.943736][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.943736][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.957275][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.957275][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.970789][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.970789][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.984437][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.984437][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 106.997781][ T8578] syz.4.1942: attempt to access beyond end of device [ 106.997781][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 107.011148][ T8578] syz.4.1942: attempt to access beyond end of device [ 107.011148][ T8578] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 107.096610][ T8600] netlink: 'syz.1.1951': attribute type 7 has an invalid length. [ 107.104384][ T8600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1951'. [ 107.443111][ T8616] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1958'. [ 107.619258][ T8620] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1959'. [ 108.057229][ T8655] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1974'. [ 108.066344][ T8655] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.073769][ T8655] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.083773][ T8655] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.091262][ T8655] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.432178][ T8665] loop5: detected capacity change from 0 to 2048 [ 108.635166][ T8665] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.681505][ T8663] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1977'. [ 108.690474][ T8663] netlink: 21 bytes leftover after parsing attributes in process `syz.1.1977'. [ 108.699437][ T8663] netlink: 'syz.1.1977': attribute type 2 has an invalid length. [ 108.707267][ T8663] netlink: 21 bytes leftover after parsing attributes in process `syz.1.1977'. [ 108.916624][ T8672] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8672 comm=syz.2.1980 [ 108.990849][ T8676] usb usb8: usbfs: process 8676 (syz.0.1982) did not claim interface 0 before use [ 109.035750][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.145834][ T8692] loop5: detected capacity change from 0 to 1024 [ 109.201261][ T8692] EXT4-fs: Ignoring removed orlov option [ 109.223778][ T8692] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.380194][ T8707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1995'. [ 109.516407][ T8713] xt_CT: You must specify a L4 protocol and not use inversions on it [ 109.710946][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.741156][ T8721] loop5: detected capacity change from 0 to 1024 [ 109.759779][ T8721] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 109.786184][ T8721] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.2000: Invalid block bitmap block 0 in block_group 0 [ 109.819038][ T8721] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.2000: Failed to acquire dquot type 0 [ 109.850649][ T8721] EXT4-fs error (device loop5): ext4_free_blocks:6706: comm syz.5.2000: Freeing blocks not in datazone - block = 0, count = 4096 [ 109.865522][ T8721] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.2000: Invalid inode bitmap blk 0 in block_group 0 [ 109.878226][ T5307] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:18: Failed to release dquot type 0 [ 109.890287][ T8721] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem [ 109.908955][ T8721] EXT4-fs (loop5): 1 orphan inode deleted [ 109.915180][ T8721] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.955468][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.096826][ T8739] bridge0: port 3(batadv1) entered blocking state [ 110.103466][ T8739] bridge0: port 3(batadv1) entered disabled state [ 110.110563][ T8739] batadv1: entered allmulticast mode [ 110.116461][ T8739] batadv1: entered promiscuous mode [ 110.301234][ T8759] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8759 comm=syz.5.2018 [ 110.578838][ T8792] ALSA: seq fatal error: cannot create timer (-16) [ 110.600382][ T5322] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 110.609611][ T5322] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 111.231790][ T8842] can0: slcan on ttyS3. [ 111.270440][ T8842] can0 (unregistered): slcan off ttyS3. [ 111.811938][ T8867] netlink: 'syz.2.2061': attribute type 21 has an invalid length. [ 111.820333][ T8867] netlink: 'syz.2.2061': attribute type 1 has an invalid length. [ 111.828053][ T8867] __nla_validate_parse: 3 callbacks suppressed [ 111.828064][ T8867] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2061'. [ 111.912834][ T29] kauditd_printk_skb: 3888 callbacks suppressed [ 111.912848][ T29] audit: type=1400 audit(1761694310.967:7194): avc: denied { read write } for pid=8878 comm="syz.4.2075" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 111.942633][ T29] audit: type=1400 audit(1761694310.967:7195): avc: denied { ioctl open } for pid=8878 comm="syz.4.2075" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 111.971661][ T8879] rtc_cmos 00:00: Alarms can be up to one day in the future [ 111.985954][ T8882] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.065224][ T8882] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.111878][ T8882] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.130316][ T8895] bridge: RTM_NEWNEIGH with invalid ether address [ 112.152706][ T29] audit: type=1400 audit(1761694311.177:7196): avc: denied { mounton } for pid=8896 comm="syz.0.2072" path="/450/bus" dev="tmpfs" ino=2335 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 112.179385][ T8882] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.211898][ T8902] delete_channel: no stack [ 112.220476][ T29] audit: type=1400 audit(1761694311.257:7197): avc: denied { create } for pid=8902 comm="syz.5.2076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 112.239987][ T29] audit: type=1400 audit(1761694311.267:7198): avc: denied { bind } for pid=8902 comm="syz.5.2076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 112.308726][ T8907] loop5: detected capacity change from 0 to 2048 [ 112.336578][ T5322] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.360568][ T5322] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.369119][ T5307] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.379957][ T5307] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.417055][ T8907] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.473652][ T8907] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.601189][ T8922] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2078: bg 0: block 345: padding at end of block bitmap is not set [ 112.633401][ T8922] EXT4-fs (loop5): Remounting filesystem read-only [ 112.650293][ T5301] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 112.710045][ T5301] Bluetooth: hci0: Frame reassembly failed (-84) [ 112.719921][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.760994][ T29] audit: type=1326 audit(1761694311.817:7199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8939 comm="syz.5.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 112.784468][ T29] audit: type=1326 audit(1761694311.817:7200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8939 comm="syz.5.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 112.807909][ T29] audit: type=1326 audit(1761694311.817:7201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8939 comm="syz.5.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 112.831575][ T29] audit: type=1326 audit(1761694311.817:7202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8939 comm="syz.5.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 112.857459][ T8938] SELinux: ebitmap: truncated map [ 112.870571][ T8938] SELinux: failed to load policy [ 112.877001][ T29] audit: type=1326 audit(1761694311.917:7203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8939 comm="syz.5.2092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 112.917256][ T8946] loop5: detected capacity change from 0 to 1024 [ 112.923838][ T8946] EXT4-fs: Ignoring removed orlov option [ 112.931420][ T8946] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.957315][ T8948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2094'. [ 112.966206][ T8948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2094'. [ 113.161106][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.170567][ T8961] netlink: 1984 bytes leftover after parsing attributes in process `syz.1.2100'. [ 113.179730][ T8961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2100'. [ 113.234690][ T8965] loop5: detected capacity change from 0 to 1024 [ 113.241292][ T8965] EXT4-fs: Ignoring removed orlov option [ 113.249010][ T8965] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.429818][ T7724] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.495791][ T8974] netlink: 'syz.4.2105': attribute type 1 has an invalid length. [ 113.508818][ T8974] 8021q: adding VLAN 0 to HW filter on device bond2 [ 113.520375][ T8974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2105'. [ 113.531955][ T8974] bond2 (unregistering): Released all slaves [ 114.041637][ T8997] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.104569][ T8997] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.142245][ T8997] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.200020][ T9011] bridge_slave_0: left promiscuous mode [ 114.206042][ T9011] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.213690][ T9011] bridge_slave_1: left promiscuous mode [ 114.219332][ T9011] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.227312][ T9011] bond0: (slave bond_slave_0): Releasing backup interface [ 114.235335][ T9011] bond0: (slave bond_slave_1): Releasing backup interface [ 114.244381][ T9011] team0: Port device team_slave_0 removed [ 114.250834][ T9011] team0: Port device team_slave_1 removed [ 114.256723][ T9011] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.264353][ T9011] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.271818][ T9011] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 114.289136][ T8997] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.312853][ T9013] netlink: 'syz.4.2122': attribute type 12 has an invalid length. [ 114.422975][ T5307] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.431631][ T5307] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.449050][ T5307] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.457707][ T5307] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.502035][ T9020] loop5: detected capacity change from 0 to 1024 [ 114.508913][ T9020] EXT4-fs: Ignoring removed nobh option [ 114.514497][ T9020] EXT4-fs: Ignoring removed bh option [ 114.520438][ T9020] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 114.553465][ T9020] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.572507][ T9020] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.2125: Allocating blocks 385-513 which overlap fs metadata [ 114.588970][ T9020] EXT4-fs (loop5): pa ffff888106f19540: logic 16, phys. 129, len 24 [ 114.597135][ T9020] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8 [ 114.608516][ T9020] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 114.620732][ T9020] EXT4-fs (loop5): This should not happen!! Data will be lost [ 114.620732][ T9020] [ 114.630445][ T9020] EXT4-fs (loop5): Total free blocks count 0 [ 114.636453][ T9020] EXT4-fs (loop5): Free/Dirty block details [ 114.642368][ T9020] EXT4-fs (loop5): free_blocks=128 [ 114.647816][ T9020] EXT4-fs (loop5): dirty_blocks=0 [ 114.652900][ T9020] EXT4-fs (loop5): Block reservation details [ 114.658881][ T9020] EXT4-fs (loop5): i_reserved_data_blocks=0 [ 114.761838][ T8983] Bluetooth: hci0: command 0x1003 tx timeout [ 114.769388][ T3681] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 114.841190][ T9038] hub 6-0:1.0: USB hub found [ 114.846087][ T9038] hub 6-0:1.0: 8 ports detected [ 115.196716][ T9072] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2148'. [ 115.205680][ T9072] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2148'. [ 115.218272][ T5322] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.226814][ T5322] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.235103][ T9072] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2148'. [ 115.243995][ T9072] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2148'. [ 115.250042][ T5322] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.261875][ T5322] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.497741][ T9106] syzkaller0: entered allmulticast mode [ 115.503979][ T9106] syzkaller0: entered promiscuous mode [ 115.511108][ T9106] syzkaller0 (unregistering): left allmulticast mode [ 115.517806][ T9106] syzkaller0 (unregistering): left promiscuous mode [ 115.880728][ T3681] Bluetooth: hci1: command 0x1003 tx timeout [ 115.886783][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 117.310202][ T10] IPVS: starting estimator thread 0... [ 117.410220][ T9154] IPVS: using max 2784 ests per chain, 139200 per kthread [ 117.491875][ T9170] sch_fq: defrate 0 ignored. [ 117.617606][ T29] kauditd_printk_skb: 80 callbacks suppressed [ 117.617639][ T29] audit: type=1326 audit(1761694316.667:7284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.657579][ T29] audit: type=1326 audit(1761694316.707:7285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.681109][ T29] audit: type=1326 audit(1761694316.707:7286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.704702][ T29] audit: type=1326 audit(1761694316.707:7287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.728284][ T29] audit: type=1326 audit(1761694316.707:7288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.751794][ T29] audit: type=1326 audit(1761694316.707:7289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.775300][ T29] audit: type=1326 audit(1761694316.707:7290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.798767][ T29] audit: type=1326 audit(1761694316.707:7291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.822349][ T29] audit: type=1326 audit(1761694316.707:7292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.845745][ T29] audit: type=1326 audit(1761694316.707:7293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9177 comm="syz.5.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5426c2efc9 code=0x7ffc0000 [ 117.964498][ T9195] GUP no longer grows the stack in syz.5.2201 (9195): 200000004000-20000000a000 (200000002000) [ 117.974919][ T9195] CPU: 1 UID: 0 PID: 9195 Comm: syz.5.2201 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 117.975015][ T9195] Tainted: [W]=WARN [ 117.975019][ T9195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 117.975026][ T9195] Call Trace: [ 117.975029][ T9195] [ 117.975034][ T9195] __dump_stack+0x1d/0x30 [ 117.975047][ T9195] dump_stack_lvl+0xe8/0x140 [ 117.975058][ T9195] dump_stack+0x15/0x1b [ 117.975142][ T9195] __get_user_pages+0x1968/0x1ed0 [ 117.975161][ T9195] get_user_pages_remote+0x1d5/0x6c0 [ 117.975176][ T9195] __access_remote_vm+0x15c/0x590 [ 117.975191][ T9195] access_remote_vm+0x32/0x40 [ 117.975228][ T9195] proc_pid_cmdline_read+0x32b/0x6c0 [ 117.975298][ T9195] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 117.975349][ T9195] vfs_readv+0x3fb/0x690 [ 117.975370][ T9195] __x64_sys_preadv+0xfd/0x1c0 [ 117.975403][ T9195] x64_sys_call+0x282e/0x3000 [ 117.975415][ T9195] do_syscall_64+0xd2/0x200 [ 117.975425][ T9195] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 117.975466][ T9195] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 117.975482][ T9195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.975493][ T9195] RIP: 0033:0x7f5426c2efc9 [ 117.975548][ T9195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.975563][ T9195] RSP: 002b:00007f542568f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 117.975582][ T9195] RAX: ffffffffffffffda RBX: 00007f5426e85fa0 RCX: 00007f5426c2efc9 [ 117.975595][ T9195] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000005 [ 117.975608][ T9195] RBP: 00007f5426cb1f91 R08: 0000000000000000 R09: 0000000000000000 [ 117.975616][ T9195] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 117.975622][ T9195] R13: 00007f5426e86038 R14: 00007f5426e85fa0 R15: 00007ffd65165b78 [ 117.975632][ T9195] [ 118.222514][ T9203] netlink: 'syz.5.2205': attribute type 30 has an invalid length. [ 118.400642][ T9213] vhci_hcd: invalid port number 255 [ 118.405881][ T9213] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 118.962391][ T9270] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.042406][ T9270] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.121030][ T9270] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.182554][ T9270] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.234528][ T9281] syzkaller0: entered allmulticast mode [ 119.247856][ T5307] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.259701][ T9281] syzkaller0: entered promiscuous mode [ 119.266221][ T5307] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.285475][ T5307] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.295048][ T9281] syzkaller0 (unregistering): left allmulticast mode [ 119.301839][ T9281] syzkaller0 (unregistering): left promiscuous mode [ 119.363693][ T9289] block device autoloading is deprecated and will be removed. [ 119.372247][ T5307] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.614965][ T9309] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.727717][ T9309] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.935656][ T9309] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.971784][ T9324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.000051][ T9324] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.030078][ T9309] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.255996][ T5307] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.277544][ T5307] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.290053][ T5307] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.315380][ T9330] __nla_validate_parse: 4 callbacks suppressed [ 120.315395][ T9330] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2259'. [ 120.333728][ T5307] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.361697][ T9330] IPVS: Error connecting to the multicast addr [ 120.409924][ T9335] netlink: 'syz.0.2260': attribute type 1 has an invalid length. [ 120.423733][ T9335] 8021q: adding VLAN 0 to HW filter on device bond1 [ 120.440716][ T9335] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 120.449115][ T9335] bond1: (slave batadv1): making interface the new active one [ 120.458095][ T9335] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 120.692949][ T9350] netlink: 'syz.1.2267': attribute type 10 has an invalid length. [ 120.702540][ T9350] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2267'. [ 120.718286][ T9350] geneve1: left allmulticast mode [ 120.763261][ T9350] geneve1: entered allmulticast mode [ 120.772077][ T9350] team0: Port device geneve1 added [ 120.870570][ T9358] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2271'. [ 120.917942][ T1044] IPVS: starting estimator thread 0... [ 120.923771][ T9359] IPVS: nq: FWM 3 0x00000003 - no destination available [ 121.030249][ T9360] IPVS: using max 2736 ests per chain, 136800 per kthread [ 121.071393][ T9365] syzkaller0: entered promiscuous mode [ 121.076886][ T9365] syzkaller0: entered allmulticast mode [ 121.332284][ T9382] SELinux: failed to load policy [ 121.355744][ T9386] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2282'. [ 121.465985][ T9398] tipc: Enabled bearer , priority 0 [ 121.534953][ T9399] tipc: Disabling bearer [ 121.917519][ T9440] netlink: 'syz.5.2303': attribute type 1 has an invalid length. [ 121.930011][ T9440] 8021q: adding VLAN 0 to HW filter on device bond1 [ 121.944278][ T9440] macvlan2: entered promiscuous mode [ 121.950537][ T9440] bond1: entered promiscuous mode [ 121.955864][ T9440] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 121.964189][ T9440] bond1: left promiscuous mode [ 122.351748][ T9467] x_tables: duplicate underflow at hook 1 [ 122.402074][ T9477] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 122.412967][ T9477] gretap0: entered promiscuous mode [ 122.418178][ T9477] macsec1: entered promiscuous mode [ 122.423551][ T9477] macsec1: entered allmulticast mode [ 122.428817][ T9477] gretap0: entered allmulticast mode [ 122.435691][ T9477] gretap0: left allmulticast mode [ 122.440995][ T9477] gretap0: left promiscuous mode [ 122.826993][ T29] kauditd_printk_skb: 181 callbacks suppressed [ 122.827068][ T29] audit: type=1326 audit(1761694321.877:7475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 122.856675][ T29] audit: type=1326 audit(1761694321.877:7476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 122.921002][ T29] audit: type=1326 audit(1761694321.937:7477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 122.944451][ T29] audit: type=1326 audit(1761694321.937:7478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 122.967897][ T29] audit: type=1326 audit(1761694321.937:7479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 122.991313][ T29] audit: type=1326 audit(1761694321.937:7480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 123.014893][ T29] audit: type=1326 audit(1761694321.937:7481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 123.038447][ T29] audit: type=1326 audit(1761694321.937:7482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 123.062000][ T29] audit: type=1326 audit(1761694321.937:7483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 123.085572][ T29] audit: type=1326 audit(1761694321.937:7484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9500 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7fb3b8d9efc9 code=0x7ffc0000 [ 123.145248][ T9523] loop5: detected capacity change from 0 to 512 [ 123.152085][ T9523] EXT4-fs: dax option not supported [ 123.170628][ T9525] netlink: 'syz.4.2340': attribute type 1 has an invalid length. [ 123.185267][ T9525] 8021q: adding VLAN 0 to HW filter on device bond2 [ 123.198704][ T9525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2340'. [ 123.217830][ T9525] bond2 (unregistering): Released all slaves [ 123.507695][ T9558] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2354'. [ 123.529591][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2356'. [ 123.542611][ T9563] team2: entered promiscuous mode [ 123.547724][ T9563] team2: entered allmulticast mode [ 123.553106][ T9563] 8021q: adding VLAN 0 to HW filter on device team2 [ 123.613606][ T9575] x_tables: duplicate underflow at hook 1 [ 123.970019][ T9611] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2376'. [ 124.181363][ T9638] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2390'. [ 124.191322][ T9638] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 124.206280][ T9641] lo: left allmulticast mode [ 124.212163][ T9641] tunl0: left allmulticast mode [ 124.218577][ T9641] gre0: left allmulticast mode [ 124.224353][ T9641] gretap0: left allmulticast mode [ 124.229989][ T9641] erspan0: left allmulticast mode [ 124.235824][ T9641] ip_vti0: left allmulticast mode [ 124.241697][ T9641] ip6_vti0: left allmulticast mode [ 124.247711][ T9641] sit0: left allmulticast mode [ 124.253441][ T9641] ip6tnl0: left allmulticast mode [ 124.259208][ T9641] ip6gre0: left allmulticast mode [ 124.265093][ T9641] syz_tun: left allmulticast mode [ 124.270981][ T9641] ip6gretap0: left allmulticast mode [ 124.277222][ T9641] bridge0: left allmulticast mode [ 124.283891][ T9641] vcan0: left allmulticast mode [ 124.290029][ T9641] bond0: left allmulticast mode [ 124.297015][ T9641] team0: left allmulticast mode [ 124.302352][ T9641] dummy0: left allmulticast mode [ 124.307558][ T9641] geneve1: left allmulticast mode [ 124.318098][ T9641] nlmon0: left allmulticast mode [ 124.326174][ T9641] caif0: left allmulticast mode [ 124.326683][ T9645] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 124.331174][ T9641] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 124.331895][ T9647] netlink: 'syz.5.2395': attribute type 5 has an invalid length. [ 124.454155][ T9659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9659 comm=syz.5.2400 [ 124.585602][ T9679] bridge: RTM_NEWNEIGH with invalid ether address [ 124.739314][ T9693] smc: net device bond0 applied user defined pnetid SYZ0 [ 124.750917][ T9693] smc: net device bond0 erased user defined pnetid SYZ0 [ 125.200680][ T9766] netlink: 'syz.0.2439': attribute type 39 has an invalid length. [ 125.421659][ T9788] pim6reg1: entered promiscuous mode [ 125.426978][ T9788] pim6reg1: entered allmulticast mode [ 125.632907][ T5301] Bluetooth: hci0: Frame reassembly failed (-84) [ 125.802793][ T3394] IPVS: starting estimator thread 0... [ 125.900231][ T9834] IPVS: using max 4512 ests per chain, 225600 per kthread [ 126.166498][ T9857] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=9857 comm=syz.1.2475 [ 127.052666][ T9886] block device autoloading is deprecated and will be removed. [ 127.100711][ T9892] bridge: RTM_NEWNEIGH with invalid ether address [ 127.125243][ T9894] __nla_validate_parse: 3 callbacks suppressed [ 127.125314][ T9894] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2490'. [ 127.233398][ T9915] ref_ctr increment failed for inode: 0xaf2 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff88810975b980 [ 127.305850][ T9924] loop4: detected capacity change from 0 to 2048 [ 127.432553][ T9924] loop4: unable to read partition table [ 127.438211][ T9924] loop4: partition table beyond EOD, truncated [ 127.444431][ T9924] loop_reread_partitions: partition scan of loop4 () failed (rc=-5) [ 127.509213][ T9937] netlink: 'syz.0.2505': attribute type 10 has an invalid length. [ 127.509677][ T9937] bond0: (slave dummy0): Releasing backup interface [ 127.517369][ T9937] dummy0: left allmulticast mode [ 127.518111][ T9937] dummy0: entered allmulticast mode [ 127.518434][ T9937] team0: Port device dummy0 added [ 127.519066][ T9937] netlink: 'syz.0.2505': attribute type 10 has an invalid length. [ 127.520466][ T9937] dummy0: left allmulticast mode [ 127.529233][ T9937] team0: Port device dummy0 removed [ 127.530815][ T9937] dummy0: entered allmulticast mode [ 127.530910][ T9937] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 127.575333][ T9943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.575761][ T9943] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.640800][ T3681] Bluetooth: hci0: command 0x1003 tx timeout [ 127.647027][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 127.945657][ T9963] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2513'. [ 127.987365][ T9963] team1: entered promiscuous mode [ 127.992479][ T9963] team1: entered allmulticast mode [ 128.032820][ T9963] 8021q: adding VLAN 0 to HW filter on device team1 [ 128.098245][ T9998] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2514'. [ 128.107269][ T9998] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2514'. [ 128.158733][ T9999] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2514'. [ 128.167751][ T9999] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2514'. [ 129.840281][ T29] kauditd_printk_skb: 214 callbacks suppressed [ 129.840300][ T29] audit: type=1326 audit(1761694328.887:7699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10050 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4452efc9 code=0x7ffc0000 [ 129.870089][ T29] audit: type=1326 audit(1761694328.897:7700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10050 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4452efc9 code=0x7ffc0000 [ 129.960196][ T29] audit: type=1326 audit(1761694328.947:7701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10050 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ffb4452efc9 code=0x7ffc0000 [ 129.983644][ T29] audit: type=1326 audit(1761694328.947:7702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10050 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4452efc9 code=0x7ffc0000 [ 130.007179][ T29] audit: type=1326 audit(1761694328.947:7703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10050 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb4452efc9 code=0x7ffc0000 [ 130.190388][T10059] netlink: 'syz.5.2533': attribute type 7 has an invalid length. [ 130.234399][ T29] audit: type=1400 audit(1761694329.287:7704): avc: denied { ioctl } for pid=10064 comm="syz.5.2536" path="socket:[38580]" dev="sockfs" ino=38580 ioctlcmd=0x4947 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 130.285865][T10071] netlink: 'syz.4.2539': attribute type 13 has an invalid length. [ 130.307540][ T29] audit: type=1400 audit(1761694329.357:7705): avc: denied { create } for pid=10074 comm="syz.5.2540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 130.771047][T10093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2546'. [ 130.788790][T10093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2546'. [ 130.854408][T10097] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2547'. [ 130.877166][T10099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2548'. [ 130.898758][ T29] audit: type=1400 audit(1761694329.947:7706): avc: denied { create } for pid=10100 comm="syz.0.2549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 131.162857][ T29] audit: type=1326 audit(1761694330.217:7707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10139 comm="syz.2.2560" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb3b8d9efc9 code=0x0 [ 131.188492][T10142] wg2: left allmulticast mode [ 131.227770][T10142] wg2: entered promiscuous mode [ 131.232800][T10142] wg2: entered allmulticast mode [ 131.247236][ T29] audit: type=1400 audit(1761694330.297:7708): avc: denied { read } for pid=10143 comm="syz.5.2562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 131.659789][T10189] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10189 comm=syz.4.2579 [ 131.756742][T10205] netlink: 'syz.4.2584': attribute type 10 has an invalid length. [ 131.769505][T10205] team0: Port device dummy0 added [ 131.775305][T10205] netlink: 'syz.4.2584': attribute type 10 has an invalid length. [ 131.783620][T10205] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 131.801271][T10205] team0: Failed to send options change via netlink (err -105) [ 131.808974][T10205] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 131.818004][T10205] team0: Port device dummy0 removed [ 131.825234][T10205] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 131.889231][T10222] SELinux: failed to load policy [ 132.199829][T10264] __nla_validate_parse: 7 callbacks suppressed [ 132.199844][T10264] netlink: 200 bytes leftover after parsing attributes in process `syz.2.2601'. [ 133.707060][T10336] ÿÿÿÿÿÿ: renamed from vlan1 [ 133.732686][T10338] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2616'. [ 133.741750][T10338] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2616'. [ 133.751923][T10338] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2616'. [ 133.760932][T10338] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2616'. [ 133.841835][T10346] SELinux: ebitmap: truncated map [ 133.847559][T10346] SELinux: failed to load policy [ 133.870891][T10349] netlink: 'syz.2.2621': attribute type 1 has an invalid length. [ 133.911344][T10349] 8021q: adding VLAN 0 to HW filter on device bond4 [ 133.921900][T10388] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2624'. [ 133.948801][T10349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2621'. [ 133.968893][T10349] bond4 (unregistering): Released all slaves [ 134.019951][T10445] netlink: 'syz.5.2629': attribute type 1 has an invalid length. [ 134.046058][T10445] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.067265][T10445] erspan0: entered allmulticast mode [ 134.084416][T10445] bond2: (slave erspan0): making interface the new active one [ 134.093252][T10445] bond2: (slave erspan0): Enslaving as an active interface with an up link [ 134.425043][T10515] netlink: 'syz.5.2645': attribute type 10 has an invalid length. [ 134.436885][T10515] team0: Port device dummy0 added [ 134.445437][T10515] netlink: 'syz.5.2645': attribute type 10 has an invalid length. [ 134.453712][T10515] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 134.464419][T10515] team0: Failed to send options change via netlink (err -105) [ 134.472161][T10515] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 134.481166][T10515] team0: Port device dummy0 removed [ 134.488315][T10515] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 134.516202][T10520] bridge: RTM_NEWNEIGH with invalid ether address [ 134.948197][T10533] netlink: 'syz.1.2661': attribute type 2 has an invalid length. [ 134.955972][T10533] netlink: 'syz.1.2661': attribute type 8 has an invalid length. [ 134.963697][T10533] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2661'. [ 135.152353][ T29] kauditd_printk_skb: 331 callbacks suppressed [ 135.152375][ T29] audit: type=1326 audit(1761694334.207:8040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.182236][ T29] audit: type=1326 audit(1761694334.207:8041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.205777][ T29] audit: type=1326 audit(1761694334.207:8042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.229435][ T29] audit: type=1326 audit(1761694334.207:8043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.252926][ T29] audit: type=1326 audit(1761694334.207:8044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.276400][ T29] audit: type=1326 audit(1761694334.207:8045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.300057][ T29] audit: type=1326 audit(1761694334.207:8046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.323687][ T29] audit: type=1326 audit(1761694334.207:8047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.347166][ T29] audit: type=1326 audit(1761694334.207:8048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.370634][ T29] audit: type=1326 audit(1761694334.207:8049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10567 comm="syz.1.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1268deefc9 code=0x7ffc0000 [ 135.416591][T10572] tipc: Started in network mode [ 135.421514][T10572] tipc: Node identity 0a3dd8ae9996, cluster identity 4711 [ 135.428664][T10572] tipc: Enabled bearer , priority 0 [ 135.471393][T10572] tipc: Disabling bearer [ 135.623940][ T5315] ================================================================== [ 135.632022][ T5315] BUG: KCSAN: data-race in alloc_pid / copy_process [ 135.638594][ T5315] [ 135.640901][ T5315] read-write to 0xffffffff8685feb8 of 4 bytes by task 5143 on cpu 1: [ 135.648940][ T5315] alloc_pid+0x539/0x720 [ 135.653162][ T5315] copy_process+0xe25/0x2000 [ 135.657733][ T5315] kernel_clone+0x16c/0x5c0 [ 135.662223][ T5315] __x64_sys_clone+0xe6/0x120 [ 135.666885][ T5315] x64_sys_call+0x119c/0x3000 [ 135.671586][ T5315] do_syscall_64+0xd2/0x200 [ 135.676079][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.682036][ T5315] [ 135.684336][ T5315] read to 0xffffffff8685feb8 of 4 bytes by task 5315 on cpu 0: [ 135.691853][ T5315] copy_process+0x17fc/0x2000 [ 135.696851][ T5315] kernel_clone+0x16c/0x5c0 [ 135.701336][ T5315] user_mode_thread+0x7d/0xb0 [ 135.705999][ T5315] call_usermodehelper_exec_work+0x41/0x160 [ 135.711870][ T5315] process_scheduled_works+0x4ce/0x9d0 [ 135.717312][ T5315] worker_thread+0x582/0x770 [ 135.721877][ T5315] kthread+0x489/0x510 [ 135.725928][ T5315] ret_from_fork+0x122/0x1b0 [ 135.730761][ T5315] ret_from_fork_asm+0x1a/0x30 [ 135.735505][ T5315] [ 135.737805][ T5315] value changed: 0x8000013b -> 0x8000013c [ 135.743496][ T5315] [ 135.745795][ T5315] Reported by Kernel Concurrency Sanitizer on: [ 135.751922][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: kworker/u8:26 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 135.763443][ T5315] Tainted: [W]=WARN [ 135.767220][ T5315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 135.777252][ T5315] Workqueue: events_unbound call_usermodehelper_exec_work [ 135.784341][ T5315] ================================================================== [ 136.084283][T10608] netlink: 'syz.1.2665': attribute type 1 has an invalid length. [ 136.092048][T10608] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2665'. [ 136.360173][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 136.360196][ T3681] Bluetooth: hci0: command 0x1003 tx timeout