last executing test programs: 1.323170288s ago: executing program 3 (id=1266): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 1.19871887s ago: executing program 3 (id=1274): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r1 = syz_open_procfs(0x0, &(0x7f0000001140)='smaps_rollup\x00') preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4109, 0x100d}], 0x1, 0x0, 0x0) 621.920533ms ago: executing program 1 (id=1302): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 586.172986ms ago: executing program 3 (id=1306): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x3, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x18, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 522.910072ms ago: executing program 3 (id=1310): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10) mincore(&(0x7f0000012000/0x4000)=nil, 0x4000, &(0x7f0000000040)=""/50) 476.597306ms ago: executing program 1 (id=1314): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x2) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 438.02879ms ago: executing program 3 (id=1317): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r1, &(0x7f0000002080)=[{{&(0x7f0000000180)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1400000000000000000000000700000044042800000000001c000000000000000000000008"], 0x38}}], 0x1, 0x0) 393.280964ms ago: executing program 3 (id=1320): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000ac0)={r2}, &(0x7f0000000b00)=0x8) 365.508876ms ago: executing program 4 (id=1323): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000003c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in=@private=0xa010101, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0xfffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}, [@migrate={0x50, 0x11, [{@in=@dev, @in6=@loopback, @in6=@rand_addr=' \x01\x00', @in6=@private0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x2}]}]}, 0xa0}}, 0x0) 332.40393ms ago: executing program 1 (id=1324): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB='\f\x00F'], 0x2c}}, 0x0) 296.983243ms ago: executing program 4 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000001240)={@val={0xc, 0xf7}, @val, @mpls={[], @ipv4=@generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2}}}}, 0x22) 257.499586ms ago: executing program 1 (id=1328): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaaaa810000000800450000b7000000000b84"], 0x36) 233.675058ms ago: executing program 2 (id=1329): sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000001040101000000000000000000000000050001"], 0x24}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000001"], 0x24}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001d00"], 0x114}], 0x1}, 0x0) 220.57598ms ago: executing program 0 (id=1330): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18) creat(&(0x7f0000000280)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000340)='./bus\x00', 0x0, 0x1000, 0x0) 207.345231ms ago: executing program 4 (id=1331): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) syz_io_uring_setup(0x2663, &(0x7f0000000080), &(0x7f0000ff0000), &(0x7f0000000000)) 188.133593ms ago: executing program 0 (id=1332): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3970b8090d64f40c}}) 179.233724ms ago: executing program 2 (id=1333): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 172.946724ms ago: executing program 4 (id=1334): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000380), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000480)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=r3], 0x20}}, 0x0) 166.281365ms ago: executing program 0 (id=1335): r0 = creat(&(0x7f0000000280)='./bus\x00', 0x2) pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0) r1 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0) dup3(r1, r0, 0x0) finit_module(r1, 0x0, 0x0) 158.528175ms ago: executing program 2 (id=1336): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000140)) fcntl$lock(r1, 0x6, &(0x7f0000000380)={0x2, 0x0, 0x101, 0x80000001}) 127.032689ms ago: executing program 1 (id=1337): set_mempolicy(0x4003, &(0x7f0000000180)=0x8000080100000003, 0x9) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0xc0041, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbff, {{}, {0x0, 0x4107}, {0x14, 0x18, {0x401, @bearer=@udp='udp:syz2\x00'}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4090}, 0x4040080) 94.653752ms ago: executing program 0 (id=1338): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) 94.269431ms ago: executing program 2 (id=1339): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) 62.922564ms ago: executing program 4 (id=1340): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @empty, 'veth1_to_batadv\x00'}}, 0x1e) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x0, @random="7c9ab5135269", 'pim6reg0\x00'}}, 0x1e) 52.666595ms ago: executing program 0 (id=1341): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$selinux_attr(0xffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$selinux_attr(r2, &(0x7f0000000080)='system_u:system_r:kernel_t:s0\x00', 0x1e) 42.638626ms ago: executing program 4 (id=1342): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, &(0x7f0000000200)}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x2000200000000}]}}]}, 0x40}}, 0x0) 35.932067ms ago: executing program 2 (id=1343): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x7, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000300)=[{}, {}, {}, {}, {0x4}], 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000340), 0xffff, r1}, 0x38) 19.415218ms ago: executing program 1 (id=1344): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f00000001c0), 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendfile(r2, r1, 0x0, 0x8fa) 13.118359ms ago: executing program 0 (id=1345): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='kmem_cache_free\x00', r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000d40)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOok7E1VdQFkhhCohugSpDY4bRbHjKHZKE4qU/gckKrGCJT+AdVfs2SDYsSkLJD4iUFOJhdG9vkncxG4CSeNM/DzS1T3nXMfvOUnuOclr2SeAgXUlIrYjYjQi7kfEVNaey4643T6Sx73YeVze3XlczkWrdfcfufR60hYdX5N4K3vOQkT84DsRP84djdvY3FpZqFYr61l9pllbm2lsbl1fri0sVZYqq6XS/Nz87M0bn5TObKwf1Eaz0hef/377Gz9NujWZtXSO4yy1hz6yHyey7/n33kSwPhiKiOHs94dPn3xEvBcRH6b3/1QMpT9NAOAya7WmojXVWQcALrt8mgPL5YtZLmAy8vlisZ3Dez8m8tV6o3ntQX1jdbGdK5uOkfyD5WplNssVTsdILqnPpeWDeulQ/UZEvBsRPx8bT+vFcr262M8/fABggL11aP3/91h7/QcALrlCvzsAAJw76z8ADB7rPwAMHus/AAwe6z8ADB7rPwAMnLF+dwAAOFffv3MnOVq72edfLz7c3FipP7y+WGmsFGsb5WK5vr5WXKrXl9LP7Kkd93zVen1t7uPYeDT9zbVGc6axuXWvVt9Ybd5LP9f7XmXkXEYFALzOux88+1MuIrZvjadHdOzlYK2Gyy3f7w4AfTPU7w4AfWO3Lxhcp/gfX3oALokuW/S+ohAR44cbW61W6811CXjDrn5O/h8GVUf+37uAYMDI/8Pgkv+HwdVq5U6653+c9IEAwMUmxw/0eP3/vez8m+zFgR8tHn7E08MN3lEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA4Njb/7eY7dwxGfl8sRjxdkRMx0juwXK1MhsR70TEH8dGxpL6XJ/7DACcVv6vuWz/r6tTH00evjqaezmWniPiJ7+8+4tHC83m+h+S9n/utzefZu2lfvQfADjO3jqdnjv+kX+x87i8d5xnf/727YgotOPv7ozG7n784RhOz4UYiYiJf+WyeluuI3dxGttPIuKz3cafi8k0B9Le+fRw/CT22+caP/9K/Hx6rX1OvhefOYO+wKB5lsw/t7vdf/m4kp673/+FdIY6vWz+S56qvJvOgQfx9+a/oR7z35WTxvj4d99tl8aPXnsS8fnhiL3Yux3zz178XI/4Hx19uq7+/IUvfdjrWutXEVejM/7PygcRDkozzdraTGNz6/pybWGpslRZLZXm5+Znb974pDST5qhneq8Gf7917Z1e15LxT0T38ReOGf9XTzb8+PV/7v/wy6+J//WvdIufj/dfEz9ZE792wvgLE78t9LqWxF/sMf7jfv7XThj/+V+2jmwbDgD0T2Nza2WhWq2sKyhc/ELyK3sButG18K3zijUa/9NXtVr/V6xeM8ZZZN2Ai2D/po+Il/3uDAAAAAAAAAAAAAAA0NV5vGOp32MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8vpvAAAA//+sXtJf") 0s ago: executing program 2 (id=1346): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x1c, r2, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) kernel console output (not intermixed with test programs): [ 18.082407][ T29] audit: type=1400 audit(1728416624.418:81): avc: denied { read } for pid=2949 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. [ 22.370658][ T29] audit: type=1400 audit(1728416628.708:82): avc: denied { mounton } for pid=3253 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.371615][ T3253] cgroup: Unknown subsys name 'net' [ 22.393379][ T29] audit: type=1400 audit(1728416628.708:83): avc: denied { mount } for pid=3253 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.420741][ T29] audit: type=1400 audit(1728416628.738:84): avc: denied { unmount } for pid=3253 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.558119][ T3253] cgroup: Unknown subsys name 'cpuset' [ 22.564093][ T3253] cgroup: Unknown subsys name 'rlimit' [ 22.731406][ T29] audit: type=1400 audit(1728416629.068:85): avc: denied { setattr } for pid=3253 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.754689][ T29] audit: type=1400 audit(1728416629.068:86): avc: denied { create } for pid=3253 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.775152][ T29] audit: type=1400 audit(1728416629.068:87): avc: denied { write } for pid=3253 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.782387][ T3257] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.795500][ T29] audit: type=1400 audit(1728416629.068:88): avc: denied { read } for pid=3253 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.824323][ T29] audit: type=1400 audit(1728416629.068:89): avc: denied { mounton } for pid=3253 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.849121][ T29] audit: type=1400 audit(1728416629.068:90): avc: denied { mount } for pid=3253 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.872347][ T29] audit: type=1400 audit(1728416629.148:91): avc: denied { relabelto } for pid=3257 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.901219][ T3253] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.525283][ T3265] chnl_net:caif_netlink_parms(): no params data found [ 24.549955][ T3268] chnl_net:caif_netlink_parms(): no params data found [ 24.563547][ T3264] chnl_net:caif_netlink_parms(): no params data found [ 24.588395][ T3273] chnl_net:caif_netlink_parms(): no params data found [ 24.655219][ T3265] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.662340][ T3265] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.669529][ T3265] bridge_slave_0: entered allmulticast mode [ 24.675802][ T3265] bridge_slave_0: entered promiscuous mode [ 24.696659][ T3265] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.703747][ T3265] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.710898][ T3265] bridge_slave_1: entered allmulticast mode [ 24.717193][ T3265] bridge_slave_1: entered promiscuous mode [ 24.728018][ T3268] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.735078][ T3268] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.742321][ T3268] bridge_slave_0: entered allmulticast mode [ 24.748686][ T3268] bridge_slave_0: entered promiscuous mode [ 24.774383][ T3268] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.781520][ T3268] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.788618][ T3268] bridge_slave_1: entered allmulticast mode [ 24.794906][ T3268] bridge_slave_1: entered promiscuous mode [ 24.810983][ T3264] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.818138][ T3264] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.825264][ T3264] bridge_slave_0: entered allmulticast mode [ 24.831689][ T3264] bridge_slave_0: entered promiscuous mode [ 24.838936][ T3265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.848121][ T3264] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.855165][ T3264] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.862307][ T3264] bridge_slave_1: entered allmulticast mode [ 24.868572][ T3264] bridge_slave_1: entered promiscuous mode [ 24.888853][ T3271] chnl_net:caif_netlink_parms(): no params data found [ 24.898168][ T3268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.907228][ T3273] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.914307][ T3273] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.921404][ T3273] bridge_slave_0: entered allmulticast mode [ 24.927769][ T3273] bridge_slave_0: entered promiscuous mode [ 24.934790][ T3265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.947190][ T3264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.957188][ T3268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.967347][ T3264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.976523][ T3273] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.983576][ T3273] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.990744][ T3273] bridge_slave_1: entered allmulticast mode [ 24.997025][ T3273] bridge_slave_1: entered promiscuous mode [ 25.030286][ T3265] team0: Port device team_slave_0 added [ 25.050330][ T3273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.059929][ T3264] team0: Port device team_slave_0 added [ 25.066006][ T3265] team0: Port device team_slave_1 added [ 25.080450][ T3268] team0: Port device team_slave_0 added [ 25.086545][ T3264] team0: Port device team_slave_1 added [ 25.092821][ T3268] team0: Port device team_slave_1 added [ 25.099171][ T3273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.141938][ T3265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.148910][ T3265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.174997][ T3265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.185757][ T3271] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.192899][ T3271] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.200204][ T3271] bridge_slave_0: entered allmulticast mode [ 25.206426][ T3271] bridge_slave_0: entered promiscuous mode [ 25.212894][ T3264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.219854][ T3264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.245838][ T3264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.260395][ T3268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.267360][ T3268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.293389][ T3268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.304848][ T3268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.311902][ T3268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.337917][ T3268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.348921][ T3265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.355899][ T3265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.381804][ T3265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.392529][ T3271] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.399646][ T3271] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.406756][ T3271] bridge_slave_1: entered allmulticast mode [ 25.413196][ T3271] bridge_slave_1: entered promiscuous mode [ 25.419461][ T3264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.426398][ T3264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.452414][ T3264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.464084][ T3273] team0: Port device team_slave_0 added [ 25.480921][ T3273] team0: Port device team_slave_1 added [ 25.497971][ T3271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.521993][ T3265] hsr_slave_0: entered promiscuous mode [ 25.528186][ T3265] hsr_slave_1: entered promiscuous mode [ 25.535124][ T3271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.553022][ T3273] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.560047][ T3273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.585942][ T3273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.616737][ T3268] hsr_slave_0: entered promiscuous mode [ 25.622736][ T3268] hsr_slave_1: entered promiscuous mode [ 25.628599][ T3268] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 25.636125][ T3268] Cannot create hsr debugfs directory [ 25.647327][ T3273] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.654322][ T3273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.680388][ T3273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.700118][ T3271] team0: Port device team_slave_0 added [ 25.716029][ T3264] hsr_slave_0: entered promiscuous mode [ 25.722044][ T3264] hsr_slave_1: entered promiscuous mode [ 25.727978][ T3264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 25.735530][ T3264] Cannot create hsr debugfs directory [ 25.746516][ T3271] team0: Port device team_slave_1 added [ 25.781280][ T3271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.788726][ T3271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.814711][ T3271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.838395][ T3271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.845339][ T3271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 25.871276][ T3271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.888214][ T3273] hsr_slave_0: entered promiscuous mode [ 25.894202][ T3273] hsr_slave_1: entered promiscuous mode [ 25.900251][ T3273] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 25.907816][ T3273] Cannot create hsr debugfs directory [ 25.980147][ T3271] hsr_slave_0: entered promiscuous mode [ 25.986113][ T3271] hsr_slave_1: entered promiscuous mode [ 25.991995][ T3271] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 25.999579][ T3271] Cannot create hsr debugfs directory [ 26.049816][ T3265] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 26.058304][ T3265] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 26.078341][ T3265] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 26.088727][ T3265] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 26.127730][ T3268] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 26.136181][ T3268] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 26.154481][ T3268] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 26.166243][ T3268] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 26.188488][ T3264] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 26.208194][ T3264] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 26.216967][ T3264] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 26.227622][ T3264] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 26.246441][ T3273] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 26.255329][ T3273] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 26.269087][ T3273] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 26.277538][ T3273] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 26.292369][ T3265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.312195][ T3265] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.335034][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.342122][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.350766][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.357824][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.368146][ T3271] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 26.376832][ T3271] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 26.393950][ T3271] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 26.403387][ T3271] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 26.439090][ T3264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.468343][ T3264] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.482888][ T3273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.502934][ T3268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.513288][ T3273] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.521681][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.528765][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.551568][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.558652][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.574391][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.581521][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.590507][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.597566][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.611554][ T3271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.619429][ T3268] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.645572][ T3264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 26.658359][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.665479][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.676416][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.683511][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.705876][ T3271] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.724685][ T3265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.737282][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.744470][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.774500][ T141] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.782148][ T141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.829312][ T3271] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 26.839745][ T3271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 26.885345][ T3264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.907250][ T3268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.921841][ T3265] veth0_vlan: entered promiscuous mode [ 26.931356][ T3265] veth1_vlan: entered promiscuous mode [ 26.944869][ T3271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.953507][ T3273] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.973491][ T3265] veth0_macvtap: entered promiscuous mode [ 27.006370][ T3265] veth1_macvtap: entered promiscuous mode [ 27.041239][ T3265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.052696][ T3264] veth0_vlan: entered promiscuous mode [ 27.072118][ T3265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.081868][ T3264] veth1_vlan: entered promiscuous mode [ 27.102963][ T3265] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.111817][ T3265] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.120549][ T3265] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.129324][ T3265] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.143404][ T3268] veth0_vlan: entered promiscuous mode [ 27.159999][ T3268] veth1_vlan: entered promiscuous mode [ 27.174719][ T3273] veth0_vlan: entered promiscuous mode [ 27.194659][ T3268] veth0_macvtap: entered promiscuous mode [ 27.203232][ T3273] veth1_vlan: entered promiscuous mode [ 27.212950][ T3264] veth0_macvtap: entered promiscuous mode [ 27.225592][ T3268] veth1_macvtap: entered promiscuous mode [ 27.233328][ T3264] veth1_macvtap: entered promiscuous mode [ 27.233635][ T3265] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 27.244132][ T3264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 27.264174][ T3264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.275115][ T3264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.293235][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 27.303908][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.313782][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 27.324211][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.334906][ T3268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.343328][ T3264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 27.353861][ T3264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.373710][ T3264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.382002][ T3273] veth0_macvtap: entered promiscuous mode [ 27.382090][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 27.382147][ T29] audit: type=1400 audit(1728416633.708:124): avc: denied { prog_run } for pid=3403 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.408919][ T3271] veth0_vlan: entered promiscuous mode [ 27.419056][ T29] audit: type=1400 audit(1728416633.758:125): avc: denied { create } for pid=3403 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 27.438604][ T29] audit: type=1400 audit(1728416633.758:126): avc: denied { write } for pid=3403 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 27.440954][ T3273] veth1_macvtap: entered promiscuous mode [ 27.457649][ T29] audit: type=1400 audit(1728416633.758:127): avc: denied { read } for pid=3403 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 27.482814][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 27.493412][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.503373][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 27.513993][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.515785][ T29] audit: type=1326 audit(1728416633.848:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3405 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 27.526211][ T3268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.550823][ T29] audit: type=1326 audit(1728416633.888:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3405 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 27.555626][ T3268] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.577303][ T29] audit: type=1400 audit(1728416633.888:130): avc: denied { map_create } for pid=3405 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.585960][ T3268] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.604706][ T29] audit: type=1400 audit(1728416633.888:131): avc: denied { map_read map_write } for pid=3405 comm="syz.1.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 27.604727][ T29] audit: type=1326 audit(1728416633.888:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3405 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 27.613421][ T3268] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.632892][ T29] audit: type=1326 audit(1728416633.888:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3405 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 27.655941][ T3268] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.699163][ T3264] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.707951][ T3264] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.716689][ T3264] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.725517][ T3264] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.772716][ T3271] veth1_vlan: entered promiscuous mode [ 27.784785][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 27.795324][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.805197][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 27.815909][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.825756][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 27.836291][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.847300][ T3273] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.874058][ T3411] loop1: detected capacity change from 0 to 1024 [ 27.875212][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 27.890960][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.900907][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 27.908556][ T3411] ======================================================= [ 27.908556][ T3411] WARNING: The mand mount option has been deprecated and [ 27.908556][ T3411] and is ignored by this kernel. Remove the mand [ 27.908556][ T3411] option from the mount to silence this warning. [ 27.908556][ T3411] ======================================================= [ 27.911337][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.911346][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 27.911358][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 27.912448][ T3273] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.022852][ T3271] veth0_macvtap: entered promiscuous mode [ 28.034284][ T3273] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.043087][ T3273] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.051923][ T3273] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.060784][ T3273] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.080747][ T3271] veth1_macvtap: entered promiscuous mode [ 28.092379][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 28.102924][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.112751][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 28.123344][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.133148][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 28.143609][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.153643][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 28.164139][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.174881][ T3271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.184449][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 28.194996][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.204893][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 28.215335][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.225184][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 28.235603][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.245501][ T3271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 28.255959][ T3271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 28.266626][ T3271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.275613][ T3271] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.284346][ T3271] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.293185][ T3271] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.301958][ T3271] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.435184][ T3433] syz.4.6[3433] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.435308][ T3433] syz.4.6[3433] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.463294][ T3433] syz.4.6[3433] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.477459][ T3434] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 28.484748][ T3440] SELinux: failed to load policy [ 28.660382][ T3463] process 'syz.0.28' launched './file0' with NULL argv: empty string added [ 28.681468][ T3473] syz.2.32[3473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.681600][ T3473] syz.2.32[3473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.692876][ T3473] syz.2.32[3473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.783334][ T3484] syz.3.36 uses obsolete (PF_INET,SOCK_PACKET) [ 28.812589][ T3483] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 28.913242][ T3496] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.034739][ T3512] loop0: detected capacity change from 0 to 512 [ 29.059100][ T3512] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 29.093299][ T3512] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.104360][ T3520] loop2: detected capacity change from 0 to 1024 [ 29.123511][ T3523] loop1: detected capacity change from 0 to 256 [ 29.141461][ T3520] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 29.155890][ T3268] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.311060][ T3542] netlink: 36 bytes leftover after parsing attributes in process `syz.0.62'. [ 29.373611][ T3538] xt_CT: No such helper "syz1" [ 29.403163][ T3553] netlink: 16 bytes leftover after parsing attributes in process `syz.4.67'. [ 29.492993][ T3562] loop4: detected capacity change from 0 to 128 [ 29.511205][ T3562] syz.4.70: attempt to access beyond end of device [ 29.511205][ T3562] loop4: rw=2049, sector=145, nr_sectors = 88 limit=128 [ 29.531115][ T3520] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 29.546415][ T3520] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 29.546888][ T3562] syz.4.70: attempt to access beyond end of device [ 29.546888][ T3562] loop4: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 29.558636][ T3520] EXT4-fs (loop2): This should not happen!! Data will be lost [ 29.558636][ T3520] [ 29.573868][ T3562] syz.4.70: attempt to access beyond end of device [ 29.573868][ T3562] loop4: rw=34817, sector=145, nr_sectors = 88 limit=128 [ 29.581732][ T3520] EXT4-fs (loop2): Total free blocks count 0 [ 29.581745][ T3520] EXT4-fs (loop2): Free/Dirty block details [ 29.581754][ T3520] EXT4-fs (loop2): free_blocks=68451041280 [ 29.581765][ T3520] EXT4-fs (loop2): dirty_blocks=16400 [ 29.581848][ T3520] EXT4-fs (loop2): Block reservation details [ 29.624451][ T3520] EXT4-fs (loop2): i_reserved_data_blocks=1025 [ 29.654152][ T3570] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.691717][ T3572] loop3: detected capacity change from 0 to 512 [ 29.692207][ T3520] syz.2.52 (3520) used greatest stack depth: 9944 bytes left [ 29.713385][ T40] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 29.728939][ T3572] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 29.738852][ T3572] EXT4-fs (loop3): orphan cleanup on readonly fs [ 29.745670][ T3572] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.75: Failed to acquire dquot type 1 [ 29.758330][ T3572] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.75: bg 0: block 40: padding at end of block bitmap is not set [ 29.775861][ T3572] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 29.785310][ T3572] EXT4-fs (loop3): 1 truncate cleaned up [ 29.792605][ T3572] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 29.812422][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.862610][ T3585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.80'. [ 29.876693][ T3586] netlink: 172 bytes leftover after parsing attributes in process `syz.2.76'. [ 29.920993][ T3588] loop3: detected capacity change from 0 to 8192 [ 29.942009][ T3592] bond1: entered promiscuous mode [ 29.947116][ T3592] bond1: entered allmulticast mode [ 29.952526][ T3592] 8021q: adding VLAN 0 to HW filter on device bond1 [ 29.964264][ T3592] bond1 (unregistering): Released all slaves [ 30.150644][ T3605] loop1: detected capacity change from 0 to 1024 [ 30.179486][ T3605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.251527][ T3615] loop4: detected capacity change from 0 to 512 [ 30.269800][ T3615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.282987][ T3615] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.296828][ T3615] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 30.319145][ T3615] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 30.336640][ T3271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.457934][ T3605] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 30.473088][ T3605] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 30.485396][ T3605] EXT4-fs (loop1): This should not happen!! Data will be lost [ 30.485396][ T3605] [ 30.495078][ T3605] EXT4-fs (loop1): Total free blocks count 0 [ 30.501093][ T3605] EXT4-fs (loop1): Free/Dirty block details [ 30.507061][ T3605] EXT4-fs (loop1): free_blocks=68451041280 [ 30.513131][ T3605] EXT4-fs (loop1): dirty_blocks=16400 [ 30.518584][ T3605] EXT4-fs (loop1): Block reservation details [ 30.524595][ T3605] EXT4-fs (loop1): i_reserved_data_blocks=1025 [ 30.558967][ T141] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 30.778923][ T3662] loop4: detected capacity change from 0 to 512 [ 30.787962][ T3662] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 30.801227][ T3662] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 30.823532][ T3662] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec018, mo2=0002] [ 30.831773][ T3659] loop1: detected capacity change from 0 to 8192 [ 30.838172][ T3662] System zones: 1-12 [ 30.867469][ T3662] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 30.886296][ T3662] EXT4-fs (loop4): 1 truncate cleaned up [ 30.905373][ T3662] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.942622][ T3679] netlink: 108 bytes leftover after parsing attributes in process `syz.1.121'. [ 31.046490][ T3695] netlink: 'syz.2.130': attribute type 4 has an invalid length. [ 31.068495][ T3271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.088496][ T3695] netlink: 'syz.2.130': attribute type 17 has an invalid length. [ 31.132173][ T3705] loop3: detected capacity change from 0 to 256 [ 31.156730][ T3707] netlink: 324 bytes leftover after parsing attributes in process `syz.2.135'. [ 31.224456][ T3721] loop4: detected capacity change from 0 to 512 [ 31.231936][ T3721] EXT4-fs: Ignoring removed i_version option [ 31.241816][ T3721] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 31.249922][ T3721] System zones: 1-12 [ 31.258078][ T3721] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.142: bg 0: block 131: padding at end of block bitmap is not set [ 31.272165][ T3729] netlink: 'syz.0.145': attribute type 4 has an invalid length. [ 31.273777][ T3721] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 31.292055][ T3730] netlink: 60 bytes leftover after parsing attributes in process `syz.2.146'. [ 31.301218][ T3721] EXT4-fs (loop4): 1 truncate cleaned up [ 31.305480][ T3730] netlink: 60 bytes leftover after parsing attributes in process `syz.2.146'. [ 31.307151][ T3721] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.333193][ T3721] syz.4.142[3721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.333296][ T3721] syz.4.142[3721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.345850][ T3721] syz.4.142[3721] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.365159][ T3730] netlink: 60 bytes leftover after parsing attributes in process `syz.2.146'. [ 31.385834][ T3730] netlink: 60 bytes leftover after parsing attributes in process `syz.2.146'. [ 31.412954][ T3271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.448564][ T3747] loop4: detected capacity change from 0 to 256 [ 31.470995][ T3751] 9pnet_fd: Insufficient options for proto=fd [ 31.502118][ T3747] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.503782][ T3757] loop2: detected capacity change from 0 to 256 [ 31.630813][ T3757] FAT-fs (loop2): Directory bread(block 64) failed [ 31.637585][ T3757] FAT-fs (loop2): Directory bread(block 65) failed [ 31.647922][ T3757] FAT-fs (loop2): Directory bread(block 66) failed [ 31.656340][ T3757] FAT-fs (loop2): Directory bread(block 67) failed [ 31.674758][ T3757] FAT-fs (loop2): Directory bread(block 68) failed [ 31.683845][ T3757] FAT-fs (loop2): Directory bread(block 69) failed [ 31.690767][ T3757] FAT-fs (loop2): Directory bread(block 70) failed [ 31.698816][ T3757] FAT-fs (loop2): Directory bread(block 71) failed [ 31.713661][ T3757] FAT-fs (loop2): Directory bread(block 72) failed [ 31.720298][ T3757] FAT-fs (loop2): Directory bread(block 73) failed [ 31.821830][ T3789] __vm_enough_memory: pid: 3789, comm: syz.4.170, bytes: 549588807680 not enough memory for the allocation [ 31.862603][ T3757] syz.2.156: attempt to access beyond end of device [ 31.862603][ T3757] loop2: rw=2049, sector=1224, nr_sectors = 608 limit=256 [ 31.877951][ T3757] syz.2.156: attempt to access beyond end of device [ 31.877951][ T3757] loop2: rw=2049, sector=1864, nr_sectors = 1444 limit=256 [ 31.954899][ T3805] syz.3.180 (3805) used greatest stack depth: 8800 bytes left [ 31.987227][ T3815] capability: warning: `syz.1.182' uses deprecated v2 capabilities in a way that may be insecure [ 32.102347][ T3838] loop3: detected capacity change from 0 to 512 [ 32.110521][ T3838] EXT4-fs: Ignoring removed mblk_io_submit option [ 32.118102][ T3838] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 32.127087][ T3838] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 32.135298][ T3838] System zones: 1-12 [ 32.140560][ T3838] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.190: corrupted in-inode xattr: e_value size too large [ 32.156875][ T3838] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.190: couldn't read orphan inode 15 (err -117) [ 32.170650][ T3838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.194115][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.274295][ T3858] mmap: syz.3.202 (3858) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 32.621867][ T29] kauditd_printk_skb: 218 callbacks suppressed [ 32.621883][ T29] audit: type=1400 audit(1728416638.958:350): avc: denied { nlmsg_read } for pid=3885 comm="syz.0.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 32.713443][ T3892] loop0: detected capacity change from 0 to 1024 [ 32.730492][ T3892] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.755237][ T3892] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 32.771577][ T3892] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 32.772294][ T29] audit: type=1400 audit(1728416639.078:351): avc: denied { execute } for pid=3891 comm="syz.0.217" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.783779][ T3892] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.783779][ T3892] [ 32.806167][ T29] audit: type=1400 audit(1728416639.078:352): avc: denied { execute_no_trans } for pid=3891 comm="syz.0.217" path="/53/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.816001][ T3892] EXT4-fs (loop0): Total free blocks count 0 [ 32.845854][ T3892] EXT4-fs (loop0): Free/Dirty block details [ 32.851767][ T3892] EXT4-fs (loop0): free_blocks=68451041280 [ 32.857661][ T3892] EXT4-fs (loop0): dirty_blocks=16 [ 32.862795][ T3892] EXT4-fs (loop0): Block reservation details [ 32.868794][ T3892] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 32.902047][ T3268] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.031300][ T3919] syz.2.229[3919] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.094774][ T29] audit: type=1326 audit(1728416639.428:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.129361][ T29] audit: type=1326 audit(1728416639.428:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.211014][ T3933] loop2: detected capacity change from 0 to 512 [ 33.238089][ T3933] EXT4-fs (loop2): too many log groups per flexible block group [ 33.245862][ T3933] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 33.245936][ T29] audit: type=1326 audit(1728416639.488:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.260130][ T3933] EXT4-fs (loop2): mount failed [ 33.276051][ T29] audit: type=1326 audit(1728416639.488:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.304340][ T29] audit: type=1326 audit(1728416639.488:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.327590][ T29] audit: type=1326 audit(1728416639.488:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.351163][ T29] audit: type=1326 audit(1728416639.498:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb939b6dff9 code=0x7ffc0000 [ 33.374970][ T3946] netlink: 'syz.1.242': attribute type 21 has an invalid length. [ 33.397182][ T3948] loop3: detected capacity change from 0 to 2048 [ 33.440218][ T3948] EXT4-fs (loop3): corrupt root inode, run e2fsck [ 33.446786][ T3948] EXT4-fs (loop3): mount failed [ 33.523632][ T3974] loop1: detected capacity change from 0 to 512 [ 33.530745][ T3974] EXT4-fs: Ignoring removed oldalloc option [ 33.536899][ T3974] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 33.586549][ T3985] netlink: 'syz.4.256': attribute type 8 has an invalid length. [ 33.664254][ T3997] loop1: detected capacity change from 0 to 764 [ 33.776132][ T4010] bpf_get_probe_write_proto: 2 callbacks suppressed [ 33.776145][ T4010] syz.1.270[4010] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.783911][ T4010] syz.1.270[4010] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.809761][ T4010] syz.1.270[4010] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.835658][ T4018] loop4: detected capacity change from 0 to 4096 [ 33.857295][ T4018] EXT4-fs: Ignoring removed nomblk_io_submit option [ 33.876013][ T4018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.891176][ T4018] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #15: comm syz.4.274: corrupted inode contents [ 33.913229][ T4018] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #15: comm syz.4.274: mark_inode_dirty error [ 33.933641][ T4018] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #15: comm syz.4.274: corrupted inode contents [ 33.947119][ T4018] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #15: comm syz.4.274: mark_inode_dirty error [ 33.992742][ T4018] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #15: comm syz.4.274: corrupted inode contents [ 34.040821][ T4018] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #15: comm syz.4.274: mark_inode_dirty error [ 34.068977][ T4018] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #15: comm syz.4.274: corrupted inode contents [ 34.090012][ T4018] EXT4-fs error (device loop4): ext4_truncate:4208: inode #15: comm syz.4.274: mark_inode_dirty error [ 34.134486][ T4018] EXT4-fs error (device loop4) in ext4_setattr:5523: Corrupt filesystem [ 34.143431][ T4032] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #15: comm syz.4.274: corrupted inode contents [ 34.174819][ T3271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.204881][ T4065] loop1: detected capacity change from 0 to 512 [ 34.211930][ T4065] EXT4-fs: Ignoring removed nobh option [ 34.217615][ T4065] EXT4-fs: Ignoring removed nobh option [ 34.225132][ T4070] netlink: 'syz.4.297': attribute type 3 has an invalid length. [ 34.236130][ T4065] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 34.247932][ T4065] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.296: invalid indirect mapped block 2683928664 (level 1) [ 34.263932][ T4065] EXT4-fs (loop1): 1 truncate cleaned up [ 34.271354][ T4065] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.299949][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.453413][ T4107] smc: net device bond0 applied user defined pnetid SYZ0 [ 34.462582][ T4107] smc: net device bond0 erased user defined pnetid SYZ0 [ 34.625869][ T4125] loop4: detected capacity change from 0 to 1024 [ 34.645892][ T4125] EXT4-fs: Ignoring removed nomblk_io_submit option [ 34.655808][ T4125] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 34.701495][ T4125] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.753603][ T3271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.825164][ T4143] loop4: detected capacity change from 0 to 2048 [ 34.838564][ T4143] ext2: Unknown parameter 'obj_user' [ 35.029414][ T4164] SELinux: Context is not valid (left unmapped). [ 35.068918][ T4167] __nla_validate_parse: 13 callbacks suppressed [ 35.068932][ T4167] netlink: 4 bytes leftover after parsing attributes in process `syz.4.342'. [ 35.133772][ T3342] kernel write not supported for file /snd/seq (pid: 3342 comm: kworker/0:4) [ 35.169321][ T4179] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 35.259013][ T4201] loop2: detected capacity change from 0 to 128 [ 35.275075][ T4196] netlink: 16 bytes leftover after parsing attributes in process `syz.3.356'. [ 35.347711][ T4216] loop2: detected capacity change from 0 to 256 [ 35.365416][ T4216] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.384269][ T4216] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 35.392933][ T4216] FAT-fs (loop2): Filesystem has been set read-only [ 35.663058][ T4261] loop2: detected capacity change from 0 to 2048 [ 35.676168][ T4261] EXT4-fs: Ignoring removed bh option [ 35.700265][ T4261] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.766701][ T3273] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.823394][ T4297] loop1: detected capacity change from 0 to 1024 [ 35.830222][ T4293] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 35.838495][ T4293] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 35.851076][ T4299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.397'. [ 35.877601][ T4297] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.895712][ T4297] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.935444][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.009259][ T4323] loop4: detected capacity change from 0 to 512 [ 36.020532][ T4323] EXT4-fs: Ignoring removed i_version option [ 36.026597][ T4323] EXT4-fs: Ignoring removed nobh option [ 36.032884][ T4323] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 36.054271][ T4323] EXT4-fs (loop4): 1 truncate cleaned up [ 36.060580][ T4323] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.074522][ T4323] EXT4-fs (loop4): shut down requested (0) [ 36.087646][ T3271] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.220911][ T4346] loop0: detected capacity change from 0 to 512 [ 36.228886][ T4346] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 36.239672][ T4346] EXT4-fs (loop0): 1 truncate cleaned up [ 36.245697][ T4346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.260341][ T4346] syz.0.416[4346] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.260398][ T4346] syz.0.416[4346] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.271948][ T4346] syz.0.416[4346] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.285059][ T4346] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 36.321322][ T3268] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.368433][ T4349] IPVS: Error joining to the multicast group [ 36.417330][ T4355] loop0: detected capacity change from 0 to 512 [ 36.425145][ T4355] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 36.461164][ T4355] EXT4-fs (loop0): 1 truncate cleaned up [ 36.467322][ T4355] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.502294][ T3268] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.894206][ T4369] loop2: detected capacity change from 0 to 512 [ 36.901876][ T4369] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 36.919844][ T4369] EXT4-fs (loop2): 1 truncate cleaned up [ 36.926007][ T4369] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.953360][ T4369] syz.2.427[4369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.953484][ T4369] syz.2.427[4369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.966924][ T4369] syz.2.427[4369] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.046702][ T4380] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 37.066699][ T4380] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 37.075430][ T4380] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 37.084152][ T4380] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 37.096726][ T3273] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.098323][ T4380] vxlan0: entered promiscuous mode [ 37.110934][ T4380] vxlan0: entered allmulticast mode [ 37.129570][ T4380] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 37.138505][ T4380] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 37.147372][ T4380] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 37.156273][ T4380] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 37.361792][ T4396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'. [ 37.608571][ T4413] loop1: detected capacity change from 0 to 1024 [ 37.636696][ T4413] EXT4-fs: Ignoring removed nomblk_io_submit option [ 37.646097][ T4413] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 37.670407][ T4413] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.672901][ T4426] loop0: detected capacity change from 0 to 512 [ 37.709604][ T4426] EXT4-fs (loop0): too many log groups per flexible block group [ 37.717293][ T4426] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 37.738812][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.750712][ T4426] EXT4-fs (loop0): mount failed [ 37.772582][ T29] kauditd_printk_skb: 181 callbacks suppressed [ 37.772593][ T29] audit: type=1326 audit(1728416644.108:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.815728][ T29] audit: type=1326 audit(1728416644.138:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.839004][ T29] audit: type=1326 audit(1728416644.138:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.862284][ T29] audit: type=1326 audit(1728416644.138:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.885502][ T29] audit: type=1326 audit(1728416644.138:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.908822][ T29] audit: type=1326 audit(1728416644.138:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.932233][ T29] audit: type=1326 audit(1728416644.138:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.955487][ T29] audit: type=1326 audit(1728416644.138:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 37.978906][ T29] audit: type=1326 audit(1728416644.148:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 38.002138][ T29] audit: type=1326 audit(1728416644.148:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4435 comm="syz.3.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 38.025833][ T4442] netlink: 'syz.3.460': attribute type 21 has an invalid length. [ 38.138094][ T4452] syz.0.465[4452] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.162895][ T4455] loop2: detected capacity change from 0 to 512 [ 38.209172][ T4455] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.226402][ T4455] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 38.244888][ T4455] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 38.262988][ T4455] System zones: 1-12 [ 38.271843][ T4455] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.466: corrupted in-inode xattr: e_value size too large [ 38.295868][ T4455] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.466: couldn't read orphan inode 15 (err -117) [ 38.387982][ T4455] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.491381][ T3273] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.680576][ T4498] loop1: detected capacity change from 0 to 512 [ 38.723776][ T4498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.742835][ T4498] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.788690][ T4498] EXT4-fs error (device loop1): ext4_do_update_inode:5121: inode #2: comm syz.1.497: corrupted inode contents [ 38.810907][ T4498] EXT4-fs error (device loop1): ext4_dirty_inode:5984: inode #2: comm syz.1.497: mark_inode_dirty error [ 38.834256][ T4498] EXT4-fs error (device loop1): ext4_do_update_inode:5121: inode #2: comm syz.1.497: corrupted inode contents [ 38.861119][ T4498] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #2: comm syz.1.497: mark_inode_dirty error [ 38.911400][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.980698][ C1] hrtimer: interrupt took 29013 ns [ 38.989028][ T4514] loop1: detected capacity change from 0 to 2048 [ 39.057686][ T4514] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.095368][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.148456][ T4522] loop3: detected capacity change from 0 to 1024 [ 39.201225][ T4522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.247527][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.419278][ T4540] rose0: tun_chr_ioctl cmd 1074025677 [ 39.427108][ T4540] rose0: linktype set to 6 [ 39.434440][ T4544] IPVS: Error joining to the multicast group [ 39.440553][ T4540] rose0: tun_chr_ioctl cmd 1074025677 [ 39.449356][ T4540] rose0: linktype set to 1 [ 39.551889][ T4554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.521'. [ 39.560856][ T4554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.521'. [ 39.589724][ T4554] macvlan0: entered promiscuous mode [ 39.595895][ T4554] batadv_slave_0: entered promiscuous mode [ 39.895303][ T4592] bpf_get_probe_write_proto: 2 callbacks suppressed [ 39.895318][ T4592] syz.3.528[4592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.905567][ T4592] syz.3.528[4592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.916931][ T4592] syz.3.528[4592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.938693][ T4594] loop2: detected capacity change from 0 to 2048 [ 39.975710][ T4594] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.991155][ T4594] EXT4-fs (loop2): Online defrag not supported with bigalloc [ 40.014983][ T4602] loop1: detected capacity change from 0 to 256 [ 40.023554][ T4602] FAT-fs (loop1): bogus number of FAT sectors [ 40.029719][ T4602] FAT-fs (loop1): Can't find a valid FAT filesystem [ 40.039590][ T3273] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.090520][ T4608] macvlan2: entered promiscuous mode [ 40.095900][ T4608] macvlan2: entered allmulticast mode [ 40.104962][ T4602] loop1: detected capacity change from 0 to 2048 [ 40.197837][ T4602] loop1: p1 p3 < > p4 < p5 > [ 40.202580][ T4602] loop1: partition table partially beyond EOD, truncated [ 40.222846][ T4602] loop1: p1 size 33024 extends beyond EOD, truncated [ 40.243878][ T4602] loop1: p3 start 4284289 is beyond EOD, truncated [ 40.258122][ T4602] loop1: p5 size 33024 extends beyond EOD, truncated [ 40.283521][ T2967] loop1: p1 p3 < > p4 < p5 > [ 40.288363][ T2967] loop1: partition table partially beyond EOD, truncated [ 40.295704][ T4615] vhci_hcd: invalid port number 157 [ 40.299435][ T2967] loop1: p1 size 33024 extends beyond EOD, truncated [ 40.300932][ T4615] vhci_hcd: default hub control req: c1ef v21ba i009d l29779 [ 40.318854][ T2967] loop1: p3 start 4284289 is beyond EOD, truncated [ 40.343145][ T2967] loop1: p5 size 33024 extends beyond EOD, truncated [ 40.423063][ T3258] udevd[3258]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 40.428452][ T4202] udevd[4202]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 40.446452][ T3680] udevd[3680]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 40.469027][ T4627] loop3: detected capacity change from 0 to 512 [ 40.481102][ T4627] EXT4-fs error (device loop3): ext4_orphan_get:1388: inode #15: comm syz.3.542: casefold flag without casefold feature [ 40.481243][ T4627] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.542: couldn't read orphan inode 15 (err -117) [ 40.481759][ T4627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.507983][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.585436][ T4637] loop2: detected capacity change from 0 to 1024 [ 40.627967][ T4634] loop1: detected capacity change from 0 to 8192 [ 40.642450][ T4637] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.709268][ T3273] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.731026][ T4646] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=4646 comm=syz.0.546 [ 40.836657][ T4656] syz.1.550[4656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.836726][ T4656] syz.1.550[4656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.856140][ T4656] syz.1.550[4656] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.909239][ T4660] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125 [ 41.011821][ T4673] syzkaller1: entered promiscuous mode [ 41.017326][ T4673] syzkaller1: entered allmulticast mode [ 41.126304][ T4670] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4670 comm=syz.3.559 [ 41.225595][ T4683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.565'. [ 41.264590][ T4688] netlink: 16 bytes leftover after parsing attributes in process `syz.3.568'. [ 41.493230][ T4716] loop3: detected capacity change from 0 to 256 [ 41.543002][ T4720] syz.1.582[4720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.543054][ T4720] syz.1.582[4720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.577079][ T4720] syz.1.582[4720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.676384][ T4728] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535) [ 42.107461][ T4741] xt_CT: No such helper "syz1" [ 42.187727][ T4746] netlink: 16 bytes leftover after parsing attributes in process `syz.0.595'. [ 42.456360][ T4735] syz.3.589 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 42.470528][ T4735] CPU: 1 UID: 0 PID: 4735 Comm: syz.3.589 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 42.481178][ T4735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 42.487323][ T4760] loop0: detected capacity change from 0 to 8192 [ 42.491218][ T4735] Call Trace: [ 42.491227][ T4735] [ 42.491234][ T4735] dump_stack_lvl+0xf2/0x150 [ 42.491257][ T4735] dump_stack+0x15/0x20 [ 42.512467][ T4735] dump_header+0x83/0x2d0 [ 42.516879][ T4735] oom_kill_process+0x341/0x4c0 [ 42.521795][ T4735] out_of_memory+0x9af/0xbe0 [ 42.526496][ T4735] ? css_next_descendant_pre+0x11c/0x140 [ 42.532134][ T4735] mem_cgroup_out_of_memory+0x13e/0x190 [ 42.537765][ T4735] try_charge_memcg+0x51b/0x810 [ 42.542630][ T4735] obj_cgroup_charge_pages+0xbd/0x1a0 [ 42.548074][ T4735] __memcg_kmem_charge_page+0x9d/0x170 [ 42.553598][ T4735] __alloc_pages_noprof+0x1bc/0x360 [ 42.558801][ T4735] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 42.564265][ T4735] alloc_pages_noprof+0xe1/0x100 [ 42.569216][ T4735] __vmalloc_node_range_noprof+0x72e/0xec0 [ 42.575079][ T4735] __kvmalloc_node_noprof+0x121/0x170 [ 42.580469][ T4735] ? ip_set_alloc+0x1f/0x30 [ 42.585037][ T4735] ip_set_alloc+0x1f/0x30 [ 42.589443][ T4735] hash_netiface_create+0x273/0x730 [ 42.594727][ T4735] ? __nla_parse+0x40/0x60 [ 42.599146][ T4735] ? __pfx_hash_netiface_create+0x10/0x10 [ 42.604938][ T4735] ip_set_create+0x359/0x8a0 [ 42.609674][ T4735] ? memchr+0x21/0x50 [ 42.613786][ T4735] ? __nla_parse+0x40/0x60 [ 42.618201][ T4735] nfnetlink_rcv_msg+0x4a9/0x570 [ 42.623170][ T4735] netlink_rcv_skb+0x12c/0x230 [ 42.627996][ T4735] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 42.633458][ T4735] nfnetlink_rcv+0x16c/0x15c0 [ 42.638135][ T4735] ? kmem_cache_free+0xdc/0x2d0 [ 42.643030][ T4735] ? nlmon_xmit+0x51/0x60 [ 42.647369][ T4735] ? __kfree_skb+0x102/0x150 [ 42.651980][ T4735] ? consume_skb+0x49/0x160 [ 42.656544][ T4735] ? nlmon_xmit+0x51/0x60 [ 42.660875][ T4735] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 42.666220][ T4735] ? __dev_queue_xmit+0xb4c/0x2040 [ 42.671340][ T4735] ? ref_tracker_free+0x3a5/0x410 [ 42.676372][ T4735] ? __dev_queue_xmit+0x161/0x2040 [ 42.681561][ T4735] ? ref_tracker_alloc+0x1f5/0x2f0 [ 42.686733][ T4735] ? __netlink_deliver_tap+0x495/0x4c0 [ 42.692211][ T4735] netlink_unicast+0x599/0x670 [ 42.697073][ T4735] netlink_sendmsg+0x5cc/0x6e0 [ 42.701900][ T4735] ? __pfx_netlink_sendmsg+0x10/0x10 [ 42.707196][ T4735] __sock_sendmsg+0x140/0x180 [ 42.711869][ T4735] ____sys_sendmsg+0x312/0x410 [ 42.716693][ T4735] __sys_sendmsg+0x1d9/0x270 [ 42.721280][ T4735] ? futex_wait+0x18e/0x1c0 [ 42.725788][ T4735] __x64_sys_sendmsg+0x46/0x50 [ 42.730603][ T4735] x64_sys_call+0x2689/0x2d60 [ 42.735277][ T4735] do_syscall_64+0xc9/0x1c0 [ 42.739825][ T4735] ? clear_bhb_loop+0x55/0xb0 [ 42.744540][ T4735] ? clear_bhb_loop+0x55/0xb0 [ 42.749348][ T4735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 42.755242][ T4735] RIP: 0033:0x7f242abddff9 [ 42.759659][ T4735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.779418][ T4735] RSP: 002b:00007f2429857038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.787869][ T4735] RAX: ffffffffffffffda RBX: 00007f242ad95f80 RCX: 00007f242abddff9 [ 42.795893][ T4735] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 42.803854][ T4735] RBP: 00007f242ac50296 R08: 0000000000000000 R09: 0000000000000000 [ 42.811829][ T4735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.819835][ T4735] R13: 0000000000000000 R14: 00007f242ad95f80 R15: 00007ffca9e11798 [ 42.827806][ T4735] [ 42.831018][ T4735] memory: usage 307200kB, limit 307200kB, failcnt 128 [ 42.837800][ T4735] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 42.845703][ T4735] kmem: usage 307120kB, limit 9007199254740988kB, failcnt 0 [ 42.852982][ T4735] Memory cgroup stats for /syz3: [ 42.853528][ T4735] cache 77824 [ 42.861735][ T4735] rss 0 [ 42.864483][ T4735] shmem 0 [ 42.867442][ T4735] mapped_file 77824 [ 42.871233][ T4735] dirty 77824 [ 42.874505][ T4735] writeback 0 [ 42.877873][ T4735] workingset_refault_anon 19 [ 42.882454][ T4735] workingset_refault_file 0 [ 42.886943][ T4735] swap 192512 [ 42.890239][ T4735] swapcached 0 [ 42.893602][ T4735] pgpgin 7946 [ 42.896878][ T4735] pgpgout 7926 [ 42.900369][ T4735] pgfault 15199 [ 42.903828][ T4735] pgmajfault 10 [ 42.907274][ T4735] inactive_anon 0 [ 42.910915][ T4735] active_anon 0 [ 42.914382][ T4735] inactive_file 0 [ 42.918029][ T4735] active_file 81920 [ 42.921841][ T4735] unevictable 0 [ 42.925291][ T4735] hierarchical_memory_limit 314572800 [ 42.930689][ T4735] hierarchical_memsw_limit 9223372036854771712 [ 42.936870][ T4735] total_cache 77824 [ 42.940703][ T4735] total_rss 0 [ 42.943980][ T4735] total_shmem 0 [ 42.947535][ T4735] total_mapped_file 77824 [ 42.951904][ T4735] total_dirty 77824 [ 42.955697][ T4735] total_writeback 0 [ 42.959583][ T4735] total_workingset_refault_anon 19 [ 42.964758][ T4735] total_workingset_refault_file 0 [ 42.970031][ T4735] total_swap 192512 [ 42.973933][ T4735] total_swapcached 0 [ 42.977870][ T4735] total_pgpgin 7946 [ 42.981676][ T4735] total_pgpgout 7926 [ 42.985581][ T4735] total_pgfault 15199 [ 42.989729][ T4735] total_pgmajfault 10 [ 42.993707][ T4735] total_inactive_anon 0 [ 42.997900][ T4735] total_active_anon 0 [ 43.001868][ T4735] total_inactive_file 0 [ 43.006057][ T4735] total_active_file 81920 [ 43.010526][ T4735] total_unevictable 0 [ 43.014491][ T4735] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.589,pid=4733,uid=0 [ 43.029069][ T4735] Memory cgroup out of memory: Killed process 4733 (syz.3.589) total-vm:89032kB, anon-rss:612kB, file-rss:15904kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 43.360533][ T29] kauditd_printk_skb: 77 callbacks suppressed [ 43.360545][ T29] audit: type=1326 audit(1728416649.698:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4786 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.422296][ T29] audit: type=1326 audit(1728416649.728:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4786 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.445526][ T29] audit: type=1326 audit(1728416649.728:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4786 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.468881][ T29] audit: type=1326 audit(1728416649.728:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4786 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.491922][ T29] audit: type=1326 audit(1728416649.728:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4786 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.674131][ T29] audit: type=1326 audit(1728416650.008:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6b61cdff9 code=0x7ffc0000 [ 43.697482][ T29] audit: type=1326 audit(1728416650.008:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4803 comm="syz.0.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6b61cdff9 code=0x7ffc0000 [ 43.720785][ T29] audit: type=1107 audit(1728416650.008:635): pid=4801 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 43.753385][ T4810] loop2: detected capacity change from 0 to 512 [ 43.771986][ T4810] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 43.797442][ T29] audit: type=1326 audit(1728416650.018:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.1.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.820945][ T29] audit: type=1326 audit(1728416650.018:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4805 comm="syz.1.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 43.852530][ T4810] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.916320][ T3273] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.929696][ T4735] syz.3.589 (4735) used greatest stack depth: 7464 bytes left [ 43.944348][ T4821] netlink: 'syz.2.631': attribute type 4 has an invalid length. [ 44.004721][ T4831] netlink: 36 bytes leftover after parsing attributes in process `syz.3.636'. [ 44.005423][ T4835] 9pnet_fd: Insufficient options for proto=fd [ 44.067124][ T4837] tmpfs: Unknown parameter '' [ 44.073665][ T4843] loop0: detected capacity change from 0 to 256 [ 44.088103][ T4843] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.119536][ T4846] netlink: 60 bytes leftover after parsing attributes in process `syz.1.642'. [ 44.144527][ T4846] netlink: 60 bytes leftover after parsing attributes in process `syz.1.642'. [ 44.174387][ T4846] netlink: 60 bytes leftover after parsing attributes in process `syz.1.642'. [ 44.185412][ T4846] netlink: 60 bytes leftover after parsing attributes in process `syz.1.642'. [ 44.263630][ T4846] netlink: 60 bytes leftover after parsing attributes in process `syz.1.642'. [ 44.272868][ T4846] netlink: 60 bytes leftover after parsing attributes in process `syz.1.642'. [ 44.350488][ T4880] netlink: 'syz.3.657': attribute type 153 has an invalid length. [ 44.389179][ T4885] loop0: detected capacity change from 0 to 256 [ 44.390534][ T4883] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 44.679425][ T4922] syz.0.678[4922] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.123814][ T4959] __vm_enough_memory: pid: 4959, comm: syz.0.705, bytes: 549406429184 not enough memory for the allocation [ 45.847232][ T5022] bond1: entered promiscuous mode [ 45.852345][ T5022] bond1: entered allmulticast mode [ 45.859500][ T5022] 8021q: adding VLAN 0 to HW filter on device bond1 [ 45.871761][ T5022] bond1 (unregistering): Released all slaves [ 45.991458][ T5031] vhci_hcd: default hub control req: 800e v1303 i0000 l0 [ 46.133896][ T5045] loop3: detected capacity change from 0 to 2048 [ 46.171233][ T5045] EXT4-fs: Ignoring removed orlov option [ 46.189436][ T5051] xt_hashlimit: size too large, truncated to 1048576 [ 46.340274][ T5045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.373154][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.611817][ T5074] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 46.803569][ T5092] Cannot find del_set index 0 as target [ 47.009649][ T5052] chnl_net:caif_netlink_parms(): no params data found [ 47.157265][ T5052] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.164402][ T5052] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.214261][ T5052] bridge_slave_0: entered allmulticast mode [ 47.239928][ T5052] bridge_slave_0: entered promiscuous mode [ 47.262239][ T5052] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.269350][ T5052] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.306835][ T5052] bridge_slave_1: entered allmulticast mode [ 47.324818][ T5052] bridge_slave_1: entered promiscuous mode [ 47.370406][ T5052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.404845][ T5052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.417206][ T5148] __nla_validate_parse: 4 callbacks suppressed [ 47.417218][ T5148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.772'. [ 47.467304][ T5052] team0: Port device team_slave_0 added [ 47.494081][ T5052] team0: Port device team_slave_1 added [ 47.543322][ T5052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.550461][ T5052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.576388][ T5052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.636057][ T5155] loop3: detected capacity change from 0 to 8192 [ 47.663467][ T5052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.670531][ T5052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.696503][ T5052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.715291][ T5155] loop3: p3 p4 < > [ 47.719408][ T5155] loop3: p3 start 619312 is beyond EOD, truncated [ 47.815046][ T5052] hsr_slave_0: entered promiscuous mode [ 47.833071][ T5052] hsr_slave_1: entered promiscuous mode [ 47.853947][ T5052] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 47.875782][ T5052] Cannot create hsr debugfs directory [ 47.974853][ T5181] dvmrp8: entered allmulticast mode [ 48.008952][ T5181] dvmrp8: left allmulticast mode [ 48.036290][ T5052] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.084277][ T5189] bpf_get_probe_write_proto: 2 callbacks suppressed [ 48.084291][ T5189] syz.3.791[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.096516][ T5190] capability: warning: `syz.0.792' uses 32-bit capabilities (legacy support in use) [ 48.118622][ T5189] syz.3.791[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.118680][ T5189] syz.3.791[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.140243][ T5052] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.189087][ T5189] netlink: 372 bytes leftover after parsing attributes in process `syz.3.791'. [ 48.262881][ T5200] loop3: detected capacity change from 0 to 512 [ 48.296623][ T5052] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.309953][ T5200] EXT4-fs: Ignoring removed i_version option [ 48.344904][ T5200] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 48.363223][ T5200] System zones: 1-12 [ 48.372946][ T5200] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.796: bg 0: block 131: padding at end of block bitmap is not set [ 48.409556][ T5052] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.425056][ T5200] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 48.464055][ T5200] EXT4-fs (loop3): 1 truncate cleaned up [ 48.490849][ T5200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.543400][ T5052] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 48.568884][ T29] kauditd_printk_skb: 93 callbacks suppressed [ 48.568895][ T29] audit: type=1326 audit(1728416654.908:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.617092][ T5052] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 48.657613][ T5052] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 48.667093][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.698797][ T29] audit: type=1326 audit(1728416654.938:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.722136][ T29] audit: type=1326 audit(1728416654.938:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.745425][ T29] audit: type=1326 audit(1728416654.938:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.768658][ T29] audit: type=1326 audit(1728416654.938:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.791866][ T29] audit: type=1326 audit(1728416654.938:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.815071][ T29] audit: type=1326 audit(1728416654.938:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.838297][ T29] audit: type=1326 audit(1728416654.938:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.861679][ T29] audit: type=1326 audit(1728416654.938:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.884885][ T29] audit: type=1326 audit(1728416654.948:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5212 comm="syz.1.801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fdb2ff4dff9 code=0x7ffc0000 [ 48.948631][ T5052] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 49.012025][ T5052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.023961][ T5052] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.058199][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.065261][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.093309][ T5223] SELinux: failed to load policy [ 49.099502][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.106642][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.184265][ T5052] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.229942][ T5233] netlink: 132 bytes leftover after parsing attributes in process `syz.0.811'. [ 49.301508][ T5243] netlink: 664 bytes leftover after parsing attributes in process `syz.0.814'. [ 49.321125][ T5052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.462533][ T5258] bridge0: entered promiscuous mode [ 49.499672][ T5258] bridge0: left promiscuous mode [ 49.505955][ T5261] Driver unsupported XDP return value 0 on prog (id 483) dev N/A, expect packet loss! [ 49.615956][ T5269] loop6: detected capacity change from 0 to 7 [ 49.644151][ T5269] Buffer I/O error on dev loop6, logical block 0, async page read [ 49.685565][ T5052] veth0_vlan: entered promiscuous mode [ 49.692132][ T5269] Buffer I/O error on dev loop6, logical block 0, async page read [ 49.700098][ T5269] loop6: unable to read partition table [ 49.725190][ T5052] veth1_vlan: entered promiscuous mode [ 49.744354][ T5269] loop_reread_partitions: partition scan of loop6 (被xڬdƤݡ [ 49.744354][ T5269] ) failed (rc=-5) [ 49.785554][ T5052] veth0_macvtap: entered promiscuous mode [ 49.827118][ T5052] veth1_macvtap: entered promiscuous mode [ 49.849133][ T5287] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 49.865193][ T5289] netlink: 12 bytes leftover after parsing attributes in process `syz.1.831'. [ 49.883163][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.893722][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.903568][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.914017][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.923879][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.934429][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.944256][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.954683][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.964498][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.974904][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.070716][ T5303] loop1: detected capacity change from 0 to 512 [ 50.113268][ T5303] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.130138][ T5310] syz.0.841 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 50.145541][ T5303] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.838: bg 0: block 144: padding at end of block bitmap is not set [ 50.172905][ T5052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.226768][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.237254][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.247160][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.257647][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.267511][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.277976][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.287849][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.298297][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.308176][ T5052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.318659][ T5052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.366531][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.453887][ T5052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.477604][ T5052] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.486324][ T5052] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.495203][ T5052] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.503964][ T5052] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.728670][ T5348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.857'. [ 50.756205][ T5350] loop3: detected capacity change from 0 to 512 [ 50.848147][ T5350] EXT4-fs (loop3): too many log groups per flexible block group [ 50.855897][ T5350] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 50.907529][ T5350] EXT4-fs (loop3): mount failed [ 50.961165][ T5368] xt_CT: No such helper "syz1" [ 51.032171][ T5377] syzkaller1: entered promiscuous mode [ 51.037872][ T5377] syzkaller1: entered allmulticast mode [ 51.156843][ T5393] netlink: 16 bytes leftover after parsing attributes in process `syz.0.876'. [ 51.351809][ T5434] loop1: detected capacity change from 0 to 1024 [ 51.365086][ T5433] dvmrp8: entered allmulticast mode [ 51.378200][ T5436] loop2: detected capacity change from 0 to 256 [ 51.391527][ T5433] dvmrp8: left allmulticast mode [ 51.409670][ T5434] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.475060][ T5434] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 51.507608][ T5451] xt_hashlimit: size too large, truncated to 1048576 [ 51.527065][ T5453] loop3: detected capacity change from 0 to 1024 [ 51.577531][ T5434] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 51.589812][ T5434] EXT4-fs (loop1): This should not happen!! Data will be lost [ 51.589812][ T5434] [ 51.599471][ T5434] EXT4-fs (loop1): Total free blocks count 0 [ 51.605444][ T5434] EXT4-fs (loop1): Free/Dirty block details [ 51.611378][ T5434] EXT4-fs (loop1): free_blocks=68451041280 [ 51.617187][ T5434] EXT4-fs (loop1): dirty_blocks=16 [ 51.619209][ T5455] netlink: 104 bytes leftover after parsing attributes in process `syz.2.905'. [ 51.622344][ T5434] EXT4-fs (loop1): Block reservation details [ 51.637302][ T5434] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 51.643754][ T5453] EXT4-fs: Ignoring removed oldalloc option [ 51.658518][ T5453] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 51.712979][ T5458] netlink: 132 bytes leftover after parsing attributes in process `syz.2.907'. [ 51.732517][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.785125][ T5465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.909'. [ 51.806804][ T5453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.841605][ T5470] loop1: detected capacity change from 0 to 512 [ 51.849815][ T5470] EXT4-fs: Ignoring removed i_version option [ 51.881975][ T5470] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 51.902159][ T5470] System zones: 1-12 [ 51.940336][ T5470] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.908: bg 0: block 131: padding at end of block bitmap is not set [ 51.957517][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.001065][ T5470] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 52.028385][ T5470] EXT4-fs (loop1): 1 truncate cleaned up [ 52.035763][ T5484] syz.2.916[5484] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.035835][ T5484] syz.2.916[5484] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.050905][ T5470] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.075714][ T5484] syz.2.916[5484] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.105589][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.300208][ T5522] veth1_vlan: entered allmulticast mode [ 52.410766][ T5534] loop4: detected capacity change from 0 to 512 [ 52.450357][ T5534] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.483351][ T5534] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.542436][ T5534] EXT4-fs error (device loop4): __ext4_new_inode:1276: comm syz.4.940: failed to insert inode 16: doubly allocated? [ 52.584817][ T5534] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.940: corrupted xattr block 32: bad e_name length [ 52.624901][ T5534] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 52.664076][ T5534] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.940: corrupted xattr block 32: bad e_name length [ 52.704481][ T5534] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 52.762566][ T5052] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.887719][ T5555] loop3: detected capacity change from 0 to 256 [ 52.899082][ T5557] xt_hashlimit: size too large, truncated to 1048576 [ 52.906226][ T5555] FAT-fs (loop3): bogus number of FAT sectors [ 52.912343][ T5555] FAT-fs (loop3): Can't find a valid FAT filesystem [ 53.028228][ T5555] loop3: detected capacity change from 0 to 2048 [ 53.067858][ T5555] loop3: p1 p3 < > p4 < p5 > [ 53.072548][ T5555] loop3: partition table partially beyond EOD, truncated [ 53.088810][ T5555] loop3: p1 size 33024 extends beyond EOD, truncated [ 53.102904][ T5555] loop3: p3 start 4284289 is beyond EOD, truncated [ 53.116560][ T5555] loop3: p5 size 33024 extends beyond EOD, truncated [ 53.288420][ T5579] loop1: detected capacity change from 0 to 512 [ 53.296275][ T5579] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 53.331651][ T5579] EXT4-fs (loop1): 1 truncate cleaned up [ 53.353020][ T5579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.391904][ T5579] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 53.437001][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.483848][ T5599] netlink: 68 bytes leftover after parsing attributes in process `syz.3.965'. [ 53.492787][ T5599] netlink: 68 bytes leftover after parsing attributes in process `syz.3.965'. [ 53.540601][ T5605] rdma_op ffff888115858d80 conn xmit_rdma 0000000000000000 [ 53.576624][ T5611] loop1: detected capacity change from 0 to 256 [ 53.666357][ T29] kauditd_printk_skb: 186 callbacks suppressed [ 53.666372][ T29] audit: type=1326 audit(1728416659.998:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 53.700886][ T5623] loop3: detected capacity change from 0 to 164 [ 53.727444][ T29] audit: type=1326 audit(1728416659.998:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 53.750867][ T29] audit: type=1326 audit(1728416660.038:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f242abddff9 code=0x7ffc0000 [ 53.774184][ T29] audit: type=1326 audit(1728416660.038:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f242abde033 code=0x7ffc0000 [ 53.797327][ T29] audit: type=1326 audit(1728416660.038:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f242abdcadf code=0x7ffc0000 [ 53.820446][ T29] audit: type=1326 audit(1728416660.038:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f242abde087 code=0x7ffc0000 [ 53.843738][ T29] audit: type=1326 audit(1728416660.038:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f242abdc990 code=0x7ffc0000 [ 53.843898][ T5616] loop1: detected capacity change from 0 to 8192 [ 53.867046][ T29] audit: type=1326 audit(1728416660.038:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f242abddbfb code=0x7ffc0000 [ 53.896434][ T29] audit: type=1326 audit(1728416660.038:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f242abdcc8a code=0x7ffc0000 [ 53.919573][ T29] audit: type=1326 audit(1728416660.038:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5622 comm="syz.3.975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f242abdcc8a code=0x7ffc0000 [ 53.988170][ T5616] loop1: p3 p4 < > [ 53.992105][ T5616] loop1: p3 start 619312 is beyond EOD, truncated [ 54.080720][ T5642] smc: net device bond0 applied user defined pnetid SYZ0 [ 54.113762][ T5642] smc: net device bond0 erased user defined pnetid SYZ0 [ 54.209215][ T5664] netlink: 8 bytes leftover after parsing attributes in process `syz.4.996'. [ 54.220784][ T5664] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 54.549802][ T5678] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 54.561465][ T5676] netlink: 28 bytes leftover after parsing attributes in process `syz.4.999'. [ 54.990710][ T5684] loop4: detected capacity change from 0 to 1024 [ 55.012624][ T5681] bond1: entered promiscuous mode [ 55.017796][ T5681] bond1: entered allmulticast mode [ 55.046376][ T5681] 8021q: adding VLAN 0 to HW filter on device bond1 [ 55.065378][ T5681] bond1 (unregistering): Released all slaves [ 55.093061][ T5691] smc: net device bond0 applied user defined pnetid SYZ0 [ 55.114632][ T5684] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.117835][ T5691] smc: net device bond0 erased user defined pnetid SYZ0 [ 55.261236][ T5052] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.322172][ T5709] syz_tun: entered promiscuous mode [ 55.329461][ T5709] syz_tun: left promiscuous mode [ 55.369961][ T5717] loop4: detected capacity change from 0 to 164 [ 55.472330][ T5734] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1027'. [ 55.710964][ T5780] ebt_among: src integrity fail: 300 [ 55.769247][ T5790] SELinux: failed to load policy [ 55.910997][ T5810] syz_tun: entered promiscuous mode [ 55.934210][ T5810] batadv_slave_0: entered promiscuous mode [ 55.949049][ T5810] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 55.967364][ T5810] Cannot create hsr debugfs directory [ 56.109085][ T5828] vlan0: entered promiscuous mode [ 56.130582][ T5828] vlan0 (unregistering): left promiscuous mode [ 56.160707][ T5834] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=5834 comm=syz.4.1073 [ 56.570964][ T5895] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5895 comm=syz.4.1102 [ 56.734157][ T5917] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1112'. [ 57.069764][ T5954] loop1: detected capacity change from 0 to 2048 [ 57.149518][ T5954] loop1: unable to read partition table [ 57.160081][ T5954] loop1: partition table beyond EOD, truncated [ 57.166274][ T5954] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) [ 57.176198][ T5971] syz.0.1137[5971] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.176318][ T5971] syz.0.1137[5971] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.197470][ T5971] syz.0.1137[5971] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.287261][ T5990] loop4: detected capacity change from 0 to 256 [ 57.332131][ T5988] netlink: 'syz.1.1146': attribute type 3 has an invalid length. [ 57.360410][ T6000] syz.1.1152[6000] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.360550][ T6000] syz.1.1152[6000] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.394886][ T6002] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1153'. [ 57.395164][ T6000] syz.1.1152[6000] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 57.406442][ T6002] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1153'. [ 57.641397][ T6022] dccp_invalid_packet: P.type (CLOSEREQ) not Data || [Data]Ack, while P.X == 0 [ 57.815255][ T6047] loop1: detected capacity change from 0 to 2048 [ 57.846451][ T6047] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.853823][ T6054] loop4: detected capacity change from 0 to 1024 [ 57.865176][ T6054] EXT4-fs: Ignoring removed orlov option [ 57.870857][ T6054] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.935334][ T3265] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.956147][ T6054] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.043535][ T5052] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.169293][ T6086] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1186'. [ 58.563523][ T6099] netlink: 'syz.2.1195': attribute type 3 has an invalid length. [ 58.628396][ T6108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1199'. [ 58.692848][ T6113] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1201'. [ 58.780380][ T29] kauditd_printk_skb: 1267 callbacks suppressed [ 58.780403][ T29] audit: type=1400 audit(1728416664.570:2204): avc: denied { ioctl } for pid=6118 comm="syz.2.1203" path="socket:[12304]" dev="sockfs" ino=12304 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 58.811637][ T29] audit: type=1400 audit(1728416664.590:2205): avc: denied { name_bind } for pid=6120 comm="syz.2.1204" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 58.834680][ T29] audit: type=1400 audit(1728416664.600:2206): avc: denied { create } for pid=6122 comm="syz.0.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 58.854352][ T29] audit: type=1400 audit(1728416664.600:2207): avc: denied { setopt } for pid=6122 comm="syz.0.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 58.890174][ T29] audit: type=1400 audit(1728416664.680:2208): avc: denied { create } for pid=6127 comm="syz.2.1207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.928405][ T29] audit: type=1400 audit(1728416664.700:2209): avc: denied { read } for pid=6127 comm="syz.2.1207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.947804][ T29] audit: type=1400 audit(1728416664.700:2210): avc: denied { write } for pid=6127 comm="syz.2.1207" path="socket:[12275]" dev="sockfs" ino=12275 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.991250][ T29] audit: type=1400 audit(1728416664.780:2211): avc: denied { create } for pid=6134 comm="syz.4.1210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 59.015529][ T29] audit: type=1400 audit(1728416664.800:2212): avc: denied { getopt } for pid=6134 comm="syz.4.1210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 59.035848][ T29] audit: type=1400 audit(1728416664.810:2213): avc: denied { open } for pid=6138 comm="syz.2.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 59.136684][ T6147] syz.0.1215[6147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.136793][ T6147] syz.0.1215[6147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.158451][ T6147] syz.0.1215[6147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.181877][ T6149] syz.4.1217[6149] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.561548][ T6208] loop3: detected capacity change from 0 to 512 [ 59.608258][ T6208] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.630425][ T6208] EXT4-fs (loop3): orphan cleanup on readonly fs [ 59.644298][ T6215] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 59.659786][ T6208] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 59.684410][ T6208] EXT4-fs (loop3): 1 truncate cleaned up [ 59.696387][ T6208] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 59.746698][ T6208] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 59.804039][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.872093][ T6231] Zero length message leads to an empty skb [ 59.918775][ T6237] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1259'. [ 59.965412][ T6242] lo speed is unknown, defaulting to 1000 [ 59.975246][ T6242] lo speed is unknown, defaulting to 1000 [ 59.983358][ T6242] lo speed is unknown, defaulting to 1000 [ 59.998883][ T6242] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 60.008067][ T6242] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 60.036887][ T6242] lo speed is unknown, defaulting to 1000 [ 60.046998][ T6242] lo speed is unknown, defaulting to 1000 [ 60.065735][ T6242] lo speed is unknown, defaulting to 1000 [ 60.080866][ T6242] lo speed is unknown, defaulting to 1000 [ 60.086717][ T6251] loop3: detected capacity change from 0 to 512 [ 60.094890][ T6242] lo speed is unknown, defaulting to 1000 [ 60.101344][ T6242] lo speed is unknown, defaulting to 1000 [ 60.101873][ T6251] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1266: corrupted in-inode xattr: invalid ea_ino [ 60.144566][ T6251] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.1266: couldn't read orphan inode 15 (err -117) [ 60.165945][ T6251] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.188903][ T6251] EXT4-fs (loop3): shut down requested (2) [ 60.224629][ T3264] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.461365][ T6293] 9pnet: Could not find request transport: f [ 60.520698][ T6303] SELinux: security_context_str_to_sid (u) failed with errno=-22 [ 60.538971][ T6300] ebtables: ebtables: counters copy to user failed while replacing table [ 60.715966][ T6323] netlink: 'syz.4.1296': attribute type 3 has an invalid length. [ 60.873393][ T6337] siw: device registration error -23 [ 60.930505][ T6350] af_packet: tpacket_rcv: packet too big, clamped from 212960 to 3952. macoff=96 [ 60.963269][ T6354] serio: Serial port ptm0 [ 61.059061][ T6373] netlink: 140 bytes leftover after parsing attributes in process `+}[@'. [ 61.185300][ T6388] netlink: 'syz.2.1329': attribute type 1 has an invalid length. [ 61.252471][ T6399] Invalid ELF header magic: != ELF [ 61.266064][ T6402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1334'. [ 61.270776][ T6404] random: crng reseeded on system resumption [ 61.400804][ T6420] ================================================================== [ 61.408918][ T6420] BUG: KCSAN: data-race in pcpu_alloc_noprof / pcpu_block_update_hint_alloc [ 61.417712][ T6420] [ 61.420026][ T6420] read-write to 0xffffffff88bdd3ac of 4 bytes by task 6419 on cpu 1: [ 61.428086][ T6420] pcpu_block_update_hint_alloc+0x5db/0x6a0 [ 61.433984][ T6420] pcpu_alloc_area+0x488/0x4b0 [ 61.438744][ T6420] pcpu_alloc_noprof+0x4b3/0x10c0 [ 61.443763][ T6420] bpf_map_alloc_percpu+0xad/0x210 [ 61.448865][ T6420] prealloc_init+0x19f/0x470 [ 61.453535][ T6420] htab_map_alloc+0x630/0x8e0 [ 61.458201][ T6420] map_create+0x850/0xb70 [ 61.462516][ T6420] __sys_bpf+0x667/0x7a0 [ 61.466763][ T6420] __x64_sys_bpf+0x43/0x50 [ 61.471177][ T6420] x64_sys_call+0x2625/0x2d60 [ 61.475849][ T6420] do_syscall_64+0xc9/0x1c0 [ 61.480340][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.486227][ T6420] [ 61.488538][ T6420] read to 0xffffffff88bdd3ac of 4 bytes by task 6420 on cpu 0: [ 61.496151][ T6420] pcpu_alloc_noprof+0x9a7/0x10c0 [ 61.501173][ T6420] bpf_prog_alloc+0x59/0x150 [ 61.505764][ T6420] bpf_prog_load+0x4d1/0x1070 [ 61.510429][ T6420] __sys_bpf+0x463/0x7a0 [ 61.514743][ T6420] __x64_sys_bpf+0x43/0x50 [ 61.519156][ T6420] x64_sys_call+0x2625/0x2d60 [ 61.523826][ T6420] do_syscall_64+0xc9/0x1c0 [ 61.528341][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.534233][ T6420] [ 61.536548][ T6420] value changed: 0x0000000c -> 0x0000000b [ 61.542249][ T6420] [ 61.544555][ T6420] Reported by Kernel Concurrency Sanitizer on: [ 61.550687][ T6420] CPU: 0 UID: 0 PID: 6420 Comm: syz.1.1344 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 [ 61.561438][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 61.571483][ T6420] ================================================================== [ 67.972804][ T29] kauditd_printk_skb: 153 callbacks suppressed [ 67.972817][ T29] audit: type=1400 audit(1728416673.760:2367): avc: denied { read } for pid=2949 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 68.001111][ T29] audit: type=1400 audit(1728416673.760:2368): avc: denied { search } for pid=2949 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 68.022740][ T29] audit: type=1400 audit(1728416673.760:2369): avc: denied { append } for pid=2949 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 68.045053][ T29] audit: type=1400 audit(1728416673.760:2370): avc: denied { open } for pid=2949 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 68.067654][ T29] audit: type=1400 audit(1728416673.760:2371): avc: denied { getattr } for pid=2949 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1